enrich ADT , CDT with predicates T : cstate × astate; AINV : astate; CINV : cstate; variables cs' : cstate; as' : astate; gs' : globalstate; axioms init-cinv : CINIT(gs, cs) ⊦ CINV(cs); init-ainv : AINIT(gs, as) ⊦ AINV(as); cinv-ok : CINV(cs), COP(i)(cs, cs') ⊦ CINV(cs'); ainv-ok : AINV(as), AOP(i)(as, as') ⊦ AINV(as'); total-cinit : ⊦ ∃ cs. CINIT(gs, cs); initialization : CINV(cs), CINIT(gs, cs), T(cs, as) ⊦ AINIT(gs, as); finalization : CINV(cs), CFIN(cs, gs') ⊦ ∃ as. T(cs, as) ∧ AINV(as) ∧ AFIN(as, gs'); correctness : CINV(cs), COP(i)(cs, cs'), T(cs', as'), AINV(as'), ¬ (∃ as0. T(cs, as0) ∧ AINV(as0) ∧ ¬ dom(AOP(i))(as0)) ⊦ ∃ as. AINV(as) ∧ T(cs, as) ∧ AOP(i)(as, as') ; corr-appl : CINV(cs), ¬ dom(COP(i))(cs) ⊦ ∃ as0. T(cs, as0) ∧ AINV(as0) ∧ ¬ dom(AOP(i))(as0); final-appl : CINV(cs), ¬ dom(CFIN)(cs) ⊦ ∃ as0. AINV(as0) ∧ T(cs, as0) ∧ ¬ dom(AFIN)(as0); end enrich