N*BZt      !"#$%&'()*+,-./0123456789:;<=>?@ABCDEFGHIJKLMNOPQRSTUVWXYZ[\]^_`abcdefghijklmnopqrs tuvwxy0 ?A logical, arithmetic, comparative, or conditional expression.  !"#$%&'(A mutable array. )*A mutable variable. +,-./Length of array. 01Variables in a program. zVariables in an expression. 2Theorems in a program. /  !"#$%&'()*+,-./012/! *+().-,&'#$%"  01/2/  !  !"#$%$%&''())*++,-./0128{|}~3Generate C and Simulink code. 333+4#Verify a program with k-induction. Path of a theorem. Prove a single theorem.  k-induction. Check induction step. Check induction basis. 5Creates a new boolean variable. Use for assertions. 444>5KTheorem to be proven or used as lemmas to assist proofs of other theorems. 678;The Stmt monad holds variable declarations and statements. 9 True term. : False term. ;Arbitrary constants. <Logical negation. = Logical AND. > Logical OR. ?"The conjunction of a E Bool list. @"The disjunction of a E Bool list. A1True iff the predicate is true for all elements. B0True iff the predicate is true for any element. CLogical implication. DEqual. E Not equal. F Less than. GGreater than. HLess than or equal. IGreater than or equal. J$Returns the minimum of two numbers. K*Returns the minimum of a list of numbers. L$Returns the maximum of two numbers. M*Returns the maximum of a list of numbers. NLimits between min and max. OMultiplication. PFloating point division. QInteger division. RModulo. S6Linear interpolation and extrapolation of two points. T3References a variable to be used in an expression (). UConditional expression.  mux test onTrue onFalse VArray index to a variable. %(!) :: AllE a => A a -> E Int -> V a (!) a i = VArray a i Array index to an expression. &(!.) :: AllE a => A a -> E Int -> E a (!.) a i = ref $ a ! i 1Labels a statement and creates a variable scope. G Labels are used in counter examples to trace the program execution. ] And assertion names, and hence counter example trace file names, are produce from labels. WCInput variable declaration. Input variables are initialized to 0. XGlobal variable declaration. YBoolean variable declaration. Z7Boolean variable declaration and immediate assignment. [Int variable declaration. \3Int variable declaration and immediate assignment. ]Float variable declaration. ^5Float variable declaration and immediate assignment. _Increments an E Int. `Decrements an E Int. a)Declare an assumption condition is true. Q Assumptions expressions must contain variables directly or indirectly related H to the assertion under verification, otherwise they will be ignored. bDefines a new theorem. # theorem name k lemmas proposition cConditional if-else. d!Conditional if without the else. eCondition case statement. fgVerify a program. ! verify pathToYices maxK program hGenerate C code. 9"#*.56789:;<=>?@ABCDEFGHIJKLMNOPQRSTUVWXYZ[\]^_`abcdefgh9*#".59:;T<=>?@BACDEFHGIJKLMNOPQRUS8VYZ[\]^WX67cdef_`abgh4567789:;<=>?@ABCDEFGHIJKLMNOPQRSTUVWXYZ[\]^_`abcdefgh 6Computes the greatest common divison of two integers. < Returns true if the computation is done, and the result. A top level wrapper for gcd'. i,Build the gcdMain code (i.e. gcd.c, gcd.h). j(A rolling counter verification example. k Verify the j example. lArbiter specification. mAn arbiter implementation. n#An another arbiter implementation. o$Yet another arbiter implementation. p?Binding an arbiter implemenation to the arbiter specification. q.Verify the different arbiter implementations. r-Build the different arbiter implementations. sRun all examples. ijklmnopqrs ijklpmnoqrs ijklmnopqrs       !"#$% &'()*+,--../0123456789:;<=>?@ABCDEFGHIJKLMNOPQRSTUVWXYZ[\]^_`abcdefg76hijklmnopqrstuvwxyz{|}}~~9 improve-0.3.0Language.ImProve.TreeLanguage.ImProve.CoreLanguage.ImProve.CodeLanguage.ImProve.VerifyLanguage.ImProveLanguage.ImProve.ExamplesTreeLeafBranchtreeVarInfoConstFloatIntBool StatementNullLabelAssumeTheoremSequenceAssignEMuxGeLeGtLtEqOrAndNotModDivMulSubAddRefNumEAllEzeroconst'PathNamepathNameAVUIDPathName arrayLengthvarInfostmtVarstheoremscodeverify<==Stmttruefalseconstantnot_&&.||.and_or_all_any_-->==./=.<.>.<=.>=.min_minimum_max_maximum_limit*./.div_mod_linearrefmux-|inputglobalboolbool'intint'floatfloat'incrdecrassumetheoremifelseif_case_==>buildGCDcounter verifyCounter arbiterSpecarbiter1arbiter2arbiter3arbiterverifyArbiters buildArbitersrunAlllabelisBranch singleTree mergeTrees insertTreefind'exprVarsMdl:=:-NetlistnextIdpathvarsenvblocksnetsBlockMux'Ge'Le'Gt'Lt'Eq'Or'And'Not'Mod'Div'Mul'Sub'Add'Const' AssertionCast UnitDelayOutportInportNetcodeStmtindentindent' codeVariables showConst showConstTypecodeMdlnewNameblockblock'net updateEnvgetNet getPathName elaborateevalExprmdlmdlLines mdlBlocksmdlBlock constTypeblkTraceLabel'Branch'Assert'Assign'Input'State'Step'EnvvarcmdsassertstraceVarYResultProblemFailPass theoremPath proveTheoremcheck checkStep checkBasisresultevalStmt evalConst evalConst'initEnvaddVar'addVar newBoolVaraddCmdaddTracegetVargetVar' writeTrace maxLabelWidthmaximum'CaseTheorem'getputgetPath statementgcd'gcdMain