diff --git a/creusot-contracts-proc/src/invariant.rs b/creusot-contracts-proc/src/invariant.rs index 909b7b250..6ffc87f4a 100644 --- a/creusot-contracts-proc/src/invariant.rs +++ b/creusot-contracts-proc/src/invariant.rs @@ -1,125 +1,164 @@ use crate::pretyping; use proc_macro2::{Span, TokenStream}; -use quote::{quote_spanned, ToTokens}; +use quote::{quote, quote_spanned, ToTokens}; use syn::{ - parse_quote_spanned, spanned::Spanned, AttrStyle, Attribute, Error, Expr, ExprForLoop, - ExprLoop, ExprWhile, Ident, Meta, Result, + parse_quote_spanned, spanned::Spanned, token::Brace, AttrStyle, Attribute, Block, Error, Expr, + ExprForLoop, ExprLoop, ExprWhile, Ident, ItemFn, Meta, Result, Stmt, Token, }; +#[derive(Debug, Clone, Copy)] +enum InvariantKind { + ForInvariant, + LoopInvariant(Option), +} +use InvariantKind::*; + +#[derive(Debug)] +enum Tag { + Invariant(InvariantKind), + Variant, +} + +// Represents both invariants and variants #[derive(Debug)] struct Invariant { + tag: Tag, span: Span, - invariant: pearlite_syn::Term, - expl: String, + term: pearlite_syn::Term, } impl ToTokens for Invariant { fn to_tokens(&self, tokens: &mut TokenStream) { let span = self.span; - let expl = &self.expl; - let inv_body = pretyping::encode_term(&self.invariant).unwrap_or_else(|e| e.into_tokens()); - + let term = pretyping::encode_term(&self.term).unwrap_or_else(|e| e.into_tokens()); + let spec_closure = match self.tag { + Tag::Invariant(kind) => { + let expl = match kind { + LoopInvariant(Some(n)) => format!("expl:loop invariant #{}", n), + LoopInvariant(None) => "expl:loop invariant".to_string(), + ForInvariant => "expl:for invariant".to_string(), + }; + quote_spanned! {span=> + #[creusot::spec::invariant = #expl] + ||{ #term } + } + } + Tag::Variant => quote_spanned! {span=> + #[creusot::spec::variant::loop_] + ||{ ::creusot_contracts::__stubs::variant_check(#term) } + }, + }; tokens.extend(quote_spanned! {span=> #[allow(unused_must_use)] - let _ = { + let _ = #[creusot::no_translate] #[creusot::spec] - #[creusot::spec::invariant = #expl] - ||{ #inv_body } - }; + #spec_closure; }) } } -enum LoopKind { - For(ExprForLoop), - While(ExprWhile), - Loop(ExprLoop), -} - -pub struct Loop { - span: Span, - invariants: Vec, - kind: LoopKind, +pub fn desugar_invariant(invariant0: TokenStream, expr: TokenStream) -> Result { + desugar(Tag::Invariant(LoopInvariant(Some(0))), invariant0, expr) } -fn filter_invariants(attrs: &mut Vec) -> Vec { - attrs - .extract_if(|attr| attr.path().get_ident().map(|i| i == "invariant").unwrap_or(false)) - .collect() +fn desugar(tag: Tag, invariant0: TokenStream, expr: TokenStream) -> Result { + let expr: Expr = syn::parse2(expr)?; + let invariants = |attrs| filter_invariants(tag, invariant0, attrs); + match expr { + Expr::ForLoop(mut expr) => Ok(desugar_for(invariants(&mut expr.attrs)?, expr)), + Expr::While(mut expr) => Ok(desugar_while(invariants(&mut expr.attrs)?, expr)), + Expr::Loop(mut expr) => Ok(desugar_loop(invariants(&mut expr.attrs)?, expr)), + _ => { + return Err(Error::new_spanned( + expr, + "invariants must be attached to either a `for`, `loop` or `while`", + )) + } + } } // Set the expl before pushing the invariant into the vector fn parse_push_invariant( invariants: &mut Vec, - invariant: TokenStream, - numbering: bool, + tag: Tag, + term: TokenStream, ) -> Result<()> { - let span = invariant.span(); - let invariant = syn::parse2(invariant)?; - let expl = if numbering { - format! {"expl:loop invariant #{}", invariants.len()} - } else { - "expl:loop invariant".to_string() - }; - invariants.push(Invariant { span, invariant, expl }); + let span = term.span(); + let term = syn::parse2(term)?; + invariants.push(Invariant { tag, span, term }); Ok(()) } -pub fn parse(invariant: TokenStream, loopb: TokenStream) -> Result { - let body: Expr = syn::parse2(loopb)?; - let span = body.span(); - let (attrs, lkind) = match body { - Expr::ForLoop(mut floop) => (filter_invariants(&mut floop.attrs), LoopKind::For(floop)), - Expr::While(mut wloop) => (filter_invariants(&mut wloop.attrs), LoopKind::While(wloop)), - Expr::Loop(mut lloop) => (filter_invariants(&mut lloop.attrs), LoopKind::Loop(lloop)), - _ => { - return Err(Error::new_spanned( - body, - "invariants must be attached to either a `for`, `loop` or `while`", - )) - } - }; - +fn filter_invariants( + tag: Tag, + invariant: TokenStream, + attrs: &mut Vec, +) -> Result> { + let mut n_invariants = if let Tag::Variant = &tag { 0 } else { 1 }; let mut invariants = Vec::new(); - parse_push_invariant(&mut invariants, invariant, attrs.len() > 0)?; + parse_push_invariant(&mut invariants, tag, invariant)?; + let attrs = attrs.extract_if(|attr| { + attr.path().get_ident().map_or(false, |i| i == "invariant" || i == "variant") + }); for attr in attrs { + let i = if attr.path().get_ident().map(|i| i == "invariant").unwrap_or(false) { + n_invariants += 1; + Tag::Invariant(LoopInvariant(Some(n_invariants - 1))) + } else { + Tag::Variant + }; if let Meta::List(l) = attr.meta { - parse_push_invariant(&mut invariants, l.tokens, true)?; + parse_push_invariant(&mut invariants, i, l.tokens)?; } else { return Err(Error::new_spanned(attr, "expected #[invariant(...)]")); } } - - Ok(Loop { invariants, span, kind: lkind }) + // If there is only one invariant, remove its loop number + if n_invariants == 1 { + invariants.iter_mut().for_each(|i| { + if let Tag::Invariant(LoopInvariant(ref mut kind)) = i.tag { + *kind = None; + } + }); + } + Ok(invariants) } -pub fn lower(loop_: Loop) -> TokenStream { - let invariants = loop_.invariants; - match loop_.kind { - LoopKind::For(floop) => desugar_for(invariants, floop), - LoopKind::While(l) => { - let mut tokens = TokenStream::new(); - for i in invariants { - i.to_tokens(&mut tokens); - } - let sp = loop_.span; - quote_spanned! {sp=>{ - #tokens - #l - }} - } - LoopKind::Loop(l) => { - let sp = loop_.span; - quote_spanned! {sp=> { - #(#invariants)* - #l - }} +fn while_to_loop(w: ExprWhile) -> ExprLoop { + let sp = w.span(); + let body = w.body; + let body = match *w.cond { + Expr::Let(expr_let) => { + quote_spanned! {sp=> #[allow(irrefutable_let_patterns)] if #expr_let #body else { break; } } } + cond => quote_spanned! {sp=> if #cond #body else { break; } }, + }; + let body = + Block { brace_token: Brace(sp), stmts: vec![Stmt::Expr(Expr::Verbatim(body), None)] }; + ExprLoop { + attrs: w.attrs, + label: w.label, + loop_token: Token![loop](w.while_token.span), + body: body, } } +fn desugar_while(invariants: Vec, w: ExprWhile) -> TokenStream { + desugar_loop(invariants, while_to_loop(w)) +} + +fn desugar_loop(invariants: Vec, mut l: ExprLoop) -> TokenStream { + let span = l.loop_token.span; + l.body.stmts.insert(0, Stmt::Expr(Expr::Verbatim(quote! { #(#invariants)* }), None)); + quote_spanned! {span=> { + #[allow(unused_must_use)] + let _ = { #[creusot::no_translate] #[creusot::before_loop] || {} }; + #l + }} +} + // Lowers for loops to `loop` and inserts the structural invariant that we get 'for free' fn desugar_for(mut invariants: Vec, f: ExprForLoop) -> TokenStream { let lbl = f.label; @@ -135,26 +174,26 @@ fn desugar_for(mut invariants: Vec, f: ExprForLoop) -> TokenStream { invariants.insert(0, Invariant { + tag: Tag::Invariant(ForInvariant), span: for_span, - invariant: parse_quote_spanned! {for_span=> ::creusot_contracts::std::iter::Iterator::produces(#iter_old.inner(), #produced.inner(), #it) }, - expl: "expl:for invariant".to_string(), + term: parse_quote_spanned! {for_span=> ::creusot_contracts::std::iter::Iterator::produces(#iter_old.inner(), #produced.inner(), #it) }, }, ); invariants.insert( 0, Invariant { + tag: Tag::Invariant(ForInvariant), span: for_span, - invariant: parse_quote_spanned! {for_span=> ::creusot_contracts::invariant::inv(#it) }, - expl: "expl:for invariant".to_string(), + term: parse_quote_spanned! {for_span=> ::creusot_contracts::invariant::inv(#it) }, }, ); invariants.insert(0, Invariant { + tag: Tag::Invariant(ForInvariant), span: for_span, - invariant: parse_quote_spanned! {for_span=> ::creusot_contracts::invariant::inv(*#produced) }, - expl: "expl:for invariant".to_string(), + term: parse_quote_spanned! {for_span=> ::creusot_contracts::invariant::inv(*#produced) }, }, ); @@ -172,13 +211,15 @@ fn desugar_for(mut invariants: Vec, f: ExprForLoop) -> TokenStream { let mut #it = ::std::iter::IntoIterator::into_iter(#iter); let #iter_old = snapshot! { #it }; let mut #produced = snapshot! { ::creusot_contracts::logic::Seq::EMPTY }; - #(#invariants)* + let _ = { #[creusot::before_loop] || {} }; #(#outer)* #lbl loop { #(#inner)* + #(#invariants)* match ::std::iter::Iterator::next(&mut #it) { Some(#elem) => { + #[allow(unused_assignments)] #produced = snapshot! { #produced.inner().concat(::creusot_contracts::logic::Seq::singleton(#elem)) }; let #pat = #elem; #body @@ -188,3 +229,42 @@ fn desugar_for(mut invariants: Vec, f: ExprForLoop) -> TokenStream { } } } } + +pub(crate) fn desugar_variant(attr: TokenStream, tokens: TokenStream) -> Result { + match syn::parse2(tokens.clone()) { + Ok(f) => desugar_variant_fn(attr, f), + _ => desugar(Tag::Variant, attr, tokens), + } +} + +fn variant_to_tokens(span: Span, p: &pearlite_syn::Term) -> (String, TokenStream) { + let var_name = crate::generate_unique_ident("variant"); + let var_body = pretyping::encode_term(p).unwrap_or_else(|e| { + return e.into_tokens(); + }); + let name_tag = format!("{}", var_name); + + let variant_tokens = quote_spanned! {span=> + #[allow(unused_must_use)] + let _ = + #[creusot::no_translate] + #[creusot::item=#name_tag] + #[creusot::spec::variant] + #[creusot::spec] + ||{ ::creusot_contracts::__stubs::variant_check(#var_body) } + ; + }; + (name_tag, variant_tokens) +} + +fn desugar_variant_fn(attr: TokenStream, mut f: ItemFn) -> Result { + let span = attr.span(); + let p = syn::parse2(attr)?; + let (name_tag, variant_tokens) = variant_to_tokens(span, &p); + + f.block.stmts.insert(0, Stmt::Item(syn::Item::Verbatim(variant_tokens))); + Ok(quote! { + #[creusot::clause::variant=#name_tag] + #f + }) +} diff --git a/creusot-contracts-proc/src/lib.rs b/creusot-contracts-proc/src/lib.rs index 5113c8580..6498bed1f 100644 --- a/creusot-contracts-proc/src/lib.rs +++ b/creusot-contracts-proc/src/lib.rs @@ -8,7 +8,7 @@ use proc_macro2::{Span, TokenStream}; use quote::{quote, quote_spanned, ToTokens, TokenStreamExt}; use std::iter; use syn::{ - parse::{discouraged::Speculative, Parse, Result}, + parse::{Parse, Result}, spanned::Spanned, *, }; @@ -43,7 +43,7 @@ impl<'a> FilterAttrs<'a> for &'a [Attribute] { } } -fn generate_unique_ident(prefix: &str) -> Ident { +pub(crate) fn generate_unique_ident(prefix: &str) -> Ident { let uuid = uuid::Uuid::new_v4(); let ident = format!("{}_{}", prefix, uuid).replace('-', "_"); @@ -322,70 +322,11 @@ pub fn ensures(attr: TS1, tokens: TS1) -> TS1 { } } -enum VariantAnnotation { - Fn(ItemFn), - WhileLoop(ExprWhile), -} - -impl syn::parse::Parse for VariantAnnotation { - fn parse(input: parse::ParseStream) -> Result { - let fork = input.fork(); - if let Ok(f) = fork.parse() { - input.advance_to(&fork); - Ok(VariantAnnotation::Fn(f)) - } else if let Ok(w) = input.parse() { - Ok(VariantAnnotation::WhileLoop(w)) - } else { - Err(Error::new(Span::call_site(), "TEST?")) - } - } -} - #[proc_macro_attribute] pub fn variant(attr: TS1, tokens: TS1) -> TS1 { - match variant_inner(attr, tokens) { - Ok(r) => r, - Err(err) => TS1::from(err.to_compile_error()), - } -} - -fn variant_inner(attr: TS1, tokens: TS1) -> Result { - let p: pearlite_syn::Term = parse(attr)?; - - let tgt: VariantAnnotation = parse(tokens)?; - - let var_name = generate_unique_ident("variant"); - - let var_body = pretyping::encode_term(&p).unwrap_or_else(|e| e.into_tokens()); - let name_tag = format!("{}", quote! { #var_name }); - - let variant_attr = match tgt { - VariantAnnotation::Fn(_) => quote! { #[creusot::spec::variant] }, - VariantAnnotation::WhileLoop(_) => quote! { #[creusot::spec::variant::loop_] }, - }; - let variant_tokens = quote! { - #[allow(unused_must_use)] - let _ = - #[creusot::no_translate] - #[creusot::item=#name_tag] - #variant_attr - #[creusot::spec] - ||{ ::creusot_contracts::__stubs::variant_check(#var_body) } - ; - }; - - match tgt { - VariantAnnotation::Fn(mut f) => { - f.block.stmts.insert(0, Stmt::Item(Item::Verbatim(variant_tokens))); - Ok(TS1::from(quote! { - #[creusot::clause::variant=#name_tag] - #f - })) - } - VariantAnnotation::WhileLoop(w) => Ok(TS1::from(quote! { - { #variant_tokens; #w } - })), - } + invariant::desugar_variant(attr.into(), tokens.into()) + .unwrap_or_else(|e| e.to_compile_error()) + .into() } struct Assertion(Vec); @@ -755,12 +696,10 @@ pub fn maintains(attr: TS1, body: TS1) -> TS1 { } #[proc_macro_attribute] -pub fn invariant(invariant: TS1, loopb: TS1) -> TS1 { - let loop_ = match invariant::parse(invariant.into(), loopb.into()) { - Ok(l) => l, - Err(e) => return e.to_compile_error().into(), - }; - invariant::lower(loop_).into() +pub fn invariant(invariant: TS1, tokens: TS1) -> TS1 { + invariant::desugar_invariant(invariant.into(), tokens.into()) + .unwrap_or_else(|e| e.to_compile_error()) + .into() } #[proc_macro_attribute] diff --git a/creusot/src/backend/program.rs b/creusot/src/backend/program.rs index 543caa9a5..05848092b 100644 --- a/creusot/src/backend/program.rs +++ b/creusot/src/backend/program.rs @@ -949,7 +949,7 @@ impl<'tcx> Statement<'tcx> { istmts.extend([IntermediateStmt::Assume(exp)]); } Statement::Assertion { cond, msg } => istmts.push(IntermediateStmt::Assert(Exp::Attr( - Attribute::Attr(format!("expl:{msg}")), + Attribute::Attr(msg), Box::new(lower_pure(lower.ctx, lower.names, &cond)), ))), Statement::AssertTyInv { pl } => { diff --git a/creusot/src/contracts_items/attributes.rs b/creusot/src/contracts_items/attributes.rs index 5e8fd6864..b4a9bd8f2 100644 --- a/creusot/src/contracts_items/attributes.rs +++ b/creusot/src/contracts_items/attributes.rs @@ -42,6 +42,7 @@ attribute_functions! { [creusot::spec::invariant] => is_invariant [creusot::spec::variant] => is_variant [creusot::spec::variant::loop_] => is_loop_variant + [creusot::before_loop] => is_before_loop [creusot::spec::assert] => is_assertion [creusot::spec::snapshot] => is_snapshot_closure [creusot::ghost] => is_ghost_closure diff --git a/creusot/src/ctx.rs b/creusot/src/ctx.rs index b0720aa81..1f0199bf4 100644 --- a/creusot/src/ctx.rs +++ b/creusot/src/ctx.rs @@ -327,6 +327,10 @@ impl<'tcx, 'sess> TranslationCtx<'tcx> { self.tcx.dcx().struct_span_err(span, msg.to_string()) } + pub(crate) fn warn(&self, span: Span, msg: impl Into) { + self.tcx.dcx().span_warn(span, msg.into()) + } + queryish!(laws, &[DefId], laws_inner); // TODO Make private diff --git a/creusot/src/gather_spec_closures.rs b/creusot/src/gather_spec_closures.rs index a946ed15f..f7f3f94fa 100644 --- a/creusot/src/gather_spec_closures.rs +++ b/creusot/src/gather_spec_closures.rs @@ -1,10 +1,11 @@ use crate::{ - contracts_items::{get_invariant_expl, is_assertion, is_loop_variant, is_snapshot_closure}, + contracts_items::{ + get_invariant_expl, is_assertion, is_before_loop, is_loop_variant, is_snapshot_closure, + }, ctx::TranslationCtx, pearlite::Term, }; use indexmap::{IndexMap, IndexSet}; -use rustc_data_structures::graph::Successors; use rustc_hir::def_id::DefId; use rustc_middle::{ mir::{visit::Visitor, AggregateKind, BasicBlock, Body, Location, Operand, Rvalue}, @@ -83,22 +84,81 @@ impl<'tcx> Visitor<'tcx> for Closures<'tcx> { } } -struct Invariants<'tcx> { - tcx: TyCtxt<'tcx>, - invariants: IndexMap, +pub(crate) struct Invariants<'tcx> { + pub(crate) loop_headers: IndexMap)>>, + /// Invariants for which we couldn't find a loop header are translated as assertions. + pub(crate) assertions: IndexMap, String)>, } -impl<'tcx> Visitor<'tcx> for Invariants<'tcx> { +struct InvariantsVisitor<'a, 'tcx> { + ctx: &'a mut TranslationCtx<'tcx>, + body: &'a Body<'tcx>, + before_loop: IndexSet, + invariants: Invariants<'tcx>, +} + +impl<'a, 'tcx> InvariantsVisitor<'a, 'tcx> { + // Search backwards for the loop header: it should have more than one predecessor. + fn find_loop_header(&self, loc: Location) -> Option { + let mut block = loc.block; + if self.before_loop.contains(&block) { + // Reached "before_loop" marker in the same block. + // This assumes that statements are visited in order, so that if a block + // contains both invariants and a "before_block" marker, the marker is not + // in the `before_loop` set when we visit invariants before it. + return None; + } + loop { + let preds = &self.body.basic_blocks.predecessors()[block]; + if preds.len() > 1 { + return Some(block); + } + let Some(pred) = preds.get(0) else { + // Reached the top of the function. Impossible. + panic!("The impossible happened: Missing 'before_loop' marker."); + }; + if self.before_loop.contains(pred) { + // Reached "before_loop" marker. + return None; + } + block = *pred; + } + } +} + +impl<'a, 'tcx> Visitor<'tcx> for InvariantsVisitor<'a, 'tcx> { fn visit_rvalue(&mut self, rvalue: &Rvalue<'tcx>, loc: Location) { if let Rvalue::Aggregate(box AggregateKind::Closure(id, _), _) = rvalue { - let kind = if let Some(expl) = get_invariant_expl(self.tcx, *id) { + let kind = if let Some(expl) = get_invariant_expl(self.ctx.tcx, *id) { LoopSpecKind::Invariant(expl) - } else if is_loop_variant(self.tcx, *id) { + } else if is_loop_variant(self.ctx.tcx, *id) { + self.ctx.warn(self.ctx.def_span(id), "Loop variants are currently unsupported."); LoopSpecKind::Variant } else { + if is_before_loop(self.ctx.tcx, *id) { + self.before_loop.insert(loc.block); + } return; }; - self.invariants.insert(loc, (*id, kind)); + let term = self.ctx.term(*id).unwrap().clone(); + match self.find_loop_header(loc) { + None if let LoopSpecKind::Invariant(expl) = kind => { + self.ctx.warn( + self.ctx.def_span(id), + "This loop does not loop. This invariant could just be an assertion.", + ); + let assertions = &mut self.invariants.assertions; + assertions.insert(*id, (term, expl)); + } + None => self.ctx.warn( + self.ctx.def_span(id), + "This loop does not loop. This variant will be ignored.", + ), + Some(target) => { + let loop_headers = &mut self.invariants.loop_headers; + loop_headers.entry(target).or_insert_with(Vec::new).push((kind, term)) + } + } } self.super_rvalue(rvalue, loc); } @@ -108,41 +168,13 @@ impl<'tcx> Visitor<'tcx> for Invariants<'tcx> { pub(crate) fn corrected_invariant_names_and_locations<'tcx>( ctx: &mut TranslationCtx<'tcx>, body: &Body<'tcx>, -) -> IndexMap)>> { - let mut results = IndexMap::new(); - - let mut invs_gather = Invariants { tcx: ctx.tcx, invariants: IndexMap::new() }; +) -> Invariants<'tcx> { + let mut invs_gather = InvariantsVisitor { + ctx, + body, + before_loop: IndexSet::new(), + invariants: Invariants { loop_headers: IndexMap::new(), assertions: IndexMap::new() }, + }; invs_gather.visit_body(body); - - for (loc, (clos, kind)) in invs_gather.invariants.into_iter() { - let mut target: BasicBlock = loc.block; - - loop { - let mut succs = body.basic_blocks.successors(target); - - target = succs.next().unwrap(); - - // Check if `taget_block` is a loop header by testing if it dominates - // one of its predecessors. - if let Some(preds) = body.basic_blocks.predecessors().get(target) { - let is_loop_header = preds - .iter() - .any(|pred| body.basic_blocks.dominators().dominates(target, *pred)); - - if is_loop_header { - break; - } - }; - - // If we've hit a switch then stop trying to push the invariants down. - if body[target].terminator().kind.as_switch().is_some() { - panic!("Could not find loop header") - } - } - - let term = ctx.term(clos).unwrap().clone(); - results.entry(target).or_insert_with(Vec::new).push((kind, term)); - } - - results + invs_gather.invariants } diff --git a/creusot/src/translation/function.rs b/creusot/src/translation/function.rs index 0e666056b..b3601fa6d 100644 --- a/creusot/src/translation/function.rs +++ b/creusot/src/translation/function.rs @@ -81,7 +81,8 @@ struct BodyTranslator<'a, 'tcx> { fresh_id: usize, invariants: IndexMap)>>, - + /// Invariants to translate as assertions. + invariant_assertions: IndexMap, String)>, /// Map of the `proof_assert!` blocks to their translated version. assertions: IndexMap>, /// Map of the `snapshot!` blocks to their translated version. @@ -167,7 +168,8 @@ impl<'body, 'tcx> BodyTranslator<'body, 'tcx> { past_blocks: Default::default(), ctx, fresh_id: body.basic_blocks.len(), - invariants, + invariants: invariants.loop_headers, + invariant_assertions: invariants.assertions, assertions, snapshots, is_ghost_closure: is_ghost_closure(tcx, body_id.def_id()), diff --git a/creusot/src/translation/function/statement.rs b/creusot/src/translation/function/statement.rs index 9ba586290..86724a066 100644 --- a/creusot/src/translation/function/statement.rs +++ b/creusot/src/translation/function/statement.rs @@ -1,7 +1,9 @@ use super::BodyTranslator; use crate::{ analysis::NotFinalPlaces, - contracts_items::{is_assertion, is_invariant, is_snapshot_closure, is_spec, is_variant}, + contracts_items::{ + is_assertion, is_before_loop, is_invariant, is_snapshot_closure, is_spec, is_variant, + }, extended_location::ExtendedLocation, fmir::Operand, translation::{ @@ -143,8 +145,26 @@ impl<'tcx> BodyTranslator<'_, 'tcx> { RValue::Constructor(variant, subst, fields) } Closure(def_id, subst) => { - if is_invariant(self.tcx(), *def_id) || is_variant(self.tcx(), *def_id) { + if is_variant(self.tcx(), *def_id) || is_before_loop(self.tcx(), *def_id) { return; + } else if is_invariant(self.tcx(), *def_id) { + match self.invariant_assertions.remove(def_id) { + None => return, + Some((mut assertion, expl)) => { + assertion.subst(&inv_subst( + self.tcx(), + &self.body, + &self.locals, + si, + )); + self.check_frozen_in_logic(&assertion, loc); + self.emit_statement(fmir::Statement::Assertion { + cond: assertion, + msg: expl, + }); + return; + } + } } else if is_assertion(self.tcx(), *def_id) { let mut assertion = self .assertions @@ -154,7 +174,7 @@ impl<'tcx> BodyTranslator<'_, 'tcx> { self.check_frozen_in_logic(&assertion, loc); self.emit_statement(fmir::Statement::Assertion { cond: assertion, - msg: "assertion".to_owned(), + msg: "expl:assertion".to_owned(), }); return; } else if is_spec(self.tcx(), *def_id) { diff --git a/creusot/src/translation/function/terminator.rs b/creusot/src/translation/function/terminator.rs index 2370d60af..c479a50a9 100644 --- a/creusot/src/translation/function/terminator.rs +++ b/creusot/src/translation/function/terminator.rs @@ -410,11 +410,11 @@ impl<'tcx> BodyTranslator<'_, 'tcx> { fn get_explanation(&mut self, msg: &mir::AssertKind>) -> String { match msg { - AssertKind::BoundsCheck { len: _, index: _ } => format!("index in bounds"), - AssertKind::Overflow(op, _a, _b) => format!("{op:?} overflow"), - AssertKind::OverflowNeg(_op) => format!("negation overflow"), - AssertKind::DivisionByZero(_) => format!("division by zero"), - AssertKind::RemainderByZero(_) => format!("remainder by zero"), + AssertKind::BoundsCheck { len: _, index: _ } => format!("expl:index in bounds"), + AssertKind::Overflow(op, _a, _b) => format!("expl:{op:?} overflow"), + AssertKind::OverflowNeg(_op) => format!("expl:negation overflow"), + AssertKind::DivisionByZero(_) => format!("expl:division by zero"), + AssertKind::RemainderByZero(_) => format!("expl:remainder by zero"), _ => unreachable!("Resume assertions"), } } diff --git a/creusot/tests/should_fail/bug/01_resolve_unsoundness.coma b/creusot/tests/should_fail/bug/01_resolve_unsoundness.coma index b6019f34e..eef9335ba 100644 --- a/creusot/tests/should_fail/bug/01_resolve_unsoundness.coma +++ b/creusot/tests/should_fail/bug/01_resolve_unsoundness.coma @@ -83,13 +83,13 @@ module M_01_resolve_unsoundness__make_vec_of_size [#"01_resolve_unsoundness.rs" [ bb2 = {[@expl:loop invariant] [%#s01_resolve_unsoundness2] (0 : usize) <= i /\ i <= n} (! s0) [ s0 = bb3 ] [ bb3 = s0 - [ s0 = UIntSize.le {i} {n} (fun (_ret':bool) -> [ &_9 <- _ret' ] s1) - | s1 = any [ br0 -> {_9 = false} (! bb6) | br1 -> {_9} (! bb4) ] ] + [ s0 = UIntSize.le {i} {n} (fun (_ret':bool) -> [ &_10 <- _ret' ] s1) + | s1 = any [ br0 -> {_10 = false} (! bb6) | br1 -> {_10} (! bb4) ] ] | bb4 = s0 [ s0 = Borrow.borrow_mut {out} - (fun (_ret':borrowed (t_Vec'0)) -> [ &_13 <- _ret' ] [ &out <- _ret'.final ] s1) - | s1 = push'0 {_13} {[%#s01_resolve_unsoundness3] false} (fun (_ret':()) -> [ &_12 <- _ret' ] s2) + (fun (_ret':borrowed (t_Vec'0)) -> [ &_14 <- _ret' ] [ &out <- _ret'.final ] s1) + | s1 = push'0 {_14} {[%#s01_resolve_unsoundness3] false} (fun (_ret':()) -> [ &_13 <- _ret' ] s2) | s2 = bb5 ] | bb5 = s0 @@ -105,9 +105,9 @@ module M_01_resolve_unsoundness__make_vec_of_size [#"01_resolve_unsoundness.rs" | & n : usize = n | & out : t_Vec'0 = any_l () | & i : usize = any_l () - | & _9 : bool = any_l () - | & _12 : () = any_l () - | & _13 : borrowed (t_Vec'0) = any_l () ] + | & _10 : bool = any_l () + | & _13 : () = any_l () + | & _14 : borrowed (t_Vec'0) = any_l () ] [ return' (result:t_Vec'0)-> {[@expl:make_vec_of_size ensures] [%#s01_resolve_unsoundness5] Seq.length (view'0 result) = UIntSize.to_int n} diff --git a/creusot/tests/should_fail/bug/subregion.coma b/creusot/tests/should_fail/bug/subregion.coma index 4e597472c..0bce05695 100644 --- a/creusot/tests/should_fail/bug/subregion.coma +++ b/creusot/tests/should_fail/bug/subregion.coma @@ -16,8 +16,8 @@ module M_subregion__list_reversal_h [#"subregion.rs" 3 0 3 37] [ bb1 = {[@expl:loop invariant] [%#ssubregion1] true} (! s0) [ s0 = bb2 ] [ bb2 = s0 - [ s0 = UIntSize.ne {l} {[%#ssubregion2] (0 : usize)} (fun (_ret':bool) -> [ &_7 <- _ret' ] s1) - | s1 = any [ br0 -> {_7 = false} (! bb4) | br1 -> {_7} (! bb3) ] ] + [ s0 = UIntSize.ne {l} {[%#ssubregion2] (0 : usize)} (fun (_ret':bool) -> [ &_8 <- _ret' ] s1) + | s1 = any [ br0 -> {_8 = false} (! bb4) | br1 -> {_8} (! bb3) ] ] | bb3 = s0 [ s0 = {[@expl:assertion] [%#ssubregion3] false} s1 @@ -33,7 +33,7 @@ module M_subregion__list_reversal_h [#"subregion.rs" 3 0 3 37] [ & _0 : usize = any_l () | & l : usize = l | & r : usize = any_l () - | & _7 : bool = any_l () + | & _8 : bool = any_l () | & x : usize = any_l () | & tmp : usize = any_l () ] [ return' (result:usize)-> (! return' {result}) ] diff --git a/creusot/tests/should_succeed/100doors.coma b/creusot/tests/should_succeed/100doors.coma index 7c7cc860c..391f2ccc0 100644 --- a/creusot/tests/should_succeed/100doors.coma +++ b/creusot/tests/should_succeed/100doors.coma @@ -293,74 +293,74 @@ module M_100doors__f [#"100doors.rs" 18 0 18 10] | bb2 = s0 [ s0 = [ &iter_old <- [%#s100doors4] Snapshot.new iter ] s1 | s1 = bb3 ] | bb3 = s0 [ s0 = [ &produced <- [%#s100doors5] Snapshot.new (Seq.empty : Seq.seq usize) ] s1 | s1 = bb4 ] | bb4 = bb5 - | bb5 = bb6 - | bb6 = bb6 - [ bb6 = {[@expl:for invariant] [%#s100doors7] inv'1 (Snapshot.inner produced)} + | bb5 = bb5 + [ bb5 = {[@expl:for invariant] [%#s100doors7] inv'1 (Snapshot.inner produced)} {[@expl:for invariant] [%#s100doors7] inv'0 iter} {[@expl:for invariant] [%#s100doors7] produces'0 (Snapshot.inner iter_old) (Snapshot.inner produced) iter} {[@expl:loop invariant] [%#s100doors6] Seq.length (view'0 door_open) = 100} - (! s0) [ s0 = bb7 ] - [ bb7 = s0 + (! s0) [ s0 = bb6 ] + [ bb6 = bb7 + | bb7 = s0 [ s0 = Borrow.borrow_mut {iter} - (fun (_ret':borrowed (t_Range'0)) -> [ &_15 <- _ret' ] [ &iter <- _ret'.final ] s1) - | s1 = Borrow.borrow_final {_15.current} {Borrow.get_id _15} + (fun (_ret':borrowed (t_Range'0)) -> [ &_16 <- _ret' ] [ &iter <- _ret'.final ] s1) + | s1 = Borrow.borrow_final {_16.current} {Borrow.get_id _16} (fun (_ret':borrowed (t_Range'0)) -> - [ &_14 <- _ret' ] - [ &_15 <- { _15 with current = _ret'.final } ] + [ &_15 <- _ret' ] + [ &_16 <- { _16 with current = _ret'.final } ] s2) - | s2 = next'0 {_14} (fun (_ret':t_Option'0) -> [ &_13 <- _ret' ] s3) + | s2 = next'0 {_15} (fun (_ret':t_Option'0) -> [ &_14 <- _ret' ] s3) | s3 = bb8 ] | bb8 = s0 - [ s0 = -{resolve'0 _15}- s1 - | s1 = any [ br0 -> {_13 = C_None'0 } (! bb11) | br1 (x0:usize)-> {_13 = C_Some'0 x0} (! bb10) ] ] + [ s0 = -{resolve'0 _16}- s1 + | s1 = any [ br0 -> {_14 = C_None'0 } (! bb11) | br1 (x0:usize)-> {_14 = C_Some'0 x0} (! bb10) ] ] | bb10 = bb12 | bb12 = s0 - [ s0 = v_Some'0 {_13} (fun (r0'0:usize) -> [ &__creusot_proc_iter_elem <- r0'0 ] s1) + [ s0 = v_Some'0 {_14} (fun (r0'0:usize) -> [ &__creusot_proc_iter_elem <- r0'0 ] s1) | s1 = - [ &_18 <- [%#s100doors8] Snapshot.new (Seq.(++) (Snapshot.inner produced) (Seq.singleton __creusot_proc_iter_elem)) ] + [ &_19 <- [%#s100doors8] Snapshot.new (Seq.(++) (Snapshot.inner produced) (Seq.singleton __creusot_proc_iter_elem)) ] s2 | s2 = bb13 ] | bb13 = s0 - [ s0 = [ &produced <- _18 ] s1 + [ s0 = [ &produced <- _19 ] s1 | s1 = [ &pass <- __creusot_proc_iter_elem ] s2 | s2 = [ &door <- pass ] s3 | s3 = bb14 ] - | bb14 = bb15 - | bb15 = bb15 - [ bb15 = {[@expl:loop invariant #0] [%#s100doors10] 1 <= UIntSize.to_int door + | bb14 = bb14 + [ bb14 = {[@expl:loop invariant #0] [%#s100doors10] 1 <= UIntSize.to_int door /\ UIntSize.to_int door <= 100 + UIntSize.to_int pass} {[@expl:loop invariant #1] [%#s100doors9] Seq.length (view'0 door_open) = 100} - (! s0) [ s0 = bb16 ] - [ bb16 = s0 - [ s0 = UIntSize.le {door} {[%#s100doors11] (100 : usize)} (fun (_ret':bool) -> [ &_24 <- _ret' ] s1) - | s1 = any [ br0 -> {_24 = false} (! bb20) | br1 -> {_24} (! bb17) ] ] + (! s0) [ s0 = bb15 ] + [ bb15 = bb16 + | bb16 = s0 + [ s0 = UIntSize.le {door} {[%#s100doors11] (100 : usize)} (fun (_ret':bool) -> [ &_26 <- _ret' ] s1) + | s1 = any [ br0 -> {_26 = false} (! bb20) | br1 -> {_26} (! bb17) ] ] | bb17 = s0 - [ s0 = UIntSize.sub {door} {[%#s100doors12] (1 : usize)} (fun (_ret':usize) -> [ &_29 <- _ret' ] s1) - | s1 = index'0 {door_open} {_29} (fun (_ret':bool) -> [ &_27 <- _ret' ] s2) + [ s0 = UIntSize.sub {door} {[%#s100doors12] (1 : usize)} (fun (_ret':usize) -> [ &_31 <- _ret' ] s1) + | s1 = index'0 {door_open} {_31} (fun (_ret':bool) -> [ &_29 <- _ret' ] s2) | s2 = bb18 ] | bb18 = s0 [ s0 = Borrow.borrow_mut {door_open} - (fun (_ret':borrowed (t_Vec'0)) -> [ &_32 <- _ret' ] [ &door_open <- _ret'.final ] s1) - | s1 = UIntSize.sub {door} {[%#s100doors13] (1 : usize)} (fun (_ret':usize) -> [ &_33 <- _ret' ] s2) - | s2 = index_mut'0 {_32} {_33} (fun (_ret':borrowed bool) -> [ &_31 <- _ret' ] s3) + (fun (_ret':borrowed (t_Vec'0)) -> [ &_34 <- _ret' ] [ &door_open <- _ret'.final ] s1) + | s1 = UIntSize.sub {door} {[%#s100doors13] (1 : usize)} (fun (_ret':usize) -> [ &_35 <- _ret' ] s2) + | s2 = index_mut'0 {_34} {_35} (fun (_ret':borrowed bool) -> [ &_33 <- _ret' ] s3) | s3 = bb19 ] | bb19 = s0 - [ s0 = [ &_31 <- { _31 with current = not _27 } ] s1 - | s1 = -{resolve'1 _31}- s2 + [ s0 = [ &_33 <- { _33 with current = not _29 } ] s1 + | s1 = -{resolve'1 _33}- s2 | s2 = UIntSize.add {door} {pass} (fun (_ret':usize) -> [ &door <- _ret' ] s3) - | s3 = bb15 ] + | s3 = bb14 ] ] ] - | bb20 = bb6 ] + | bb20 = bb5 ] ] | bb11 = bb21 @@ -372,18 +372,18 @@ module M_100doors__f [#"100doors.rs" 18 0 18 10] | & _3 : t_Range'0 = any_l () | & iter_old : Snapshot.snap_ty (t_Range'0) = any_l () | & produced : Snapshot.snap_ty (Seq.seq usize) = any_l () - | & _13 : t_Option'0 = any_l () - | & _14 : borrowed (t_Range'0) = any_l () + | & _14 : t_Option'0 = any_l () | & _15 : borrowed (t_Range'0) = any_l () + | & _16 : borrowed (t_Range'0) = any_l () | & __creusot_proc_iter_elem : usize = any_l () - | & _18 : Snapshot.snap_ty (Seq.seq usize) = any_l () + | & _19 : Snapshot.snap_ty (Seq.seq usize) = any_l () | & pass : usize = any_l () | & door : usize = any_l () - | & _24 : bool = any_l () - | & _27 : bool = any_l () - | & _29 : usize = any_l () - | & _31 : borrowed bool = any_l () - | & _32 : borrowed (t_Vec'0) = any_l () - | & _33 : usize = any_l () ] + | & _26 : bool = any_l () + | & _29 : bool = any_l () + | & _31 : usize = any_l () + | & _33 : borrowed bool = any_l () + | & _34 : borrowed (t_Vec'0) = any_l () + | & _35 : usize = any_l () ] [ return' (result:())-> (! return' {result}) ] end diff --git a/creusot/tests/should_succeed/all_zero.coma b/creusot/tests/should_succeed/all_zero.coma index 80c20eec3..1added9e3 100644 --- a/creusot/tests/should_succeed/all_zero.coma +++ b/creusot/tests/should_succeed/all_zero.coma @@ -106,11 +106,11 @@ module M_all_zero__all_zero [#"all_zero.rs" 34 0 34 29] | s3 = -{resolve'0 value}- s4 | s4 = Borrow.borrow_final {next.current} {Borrow.get_id next} (fun (_ret':borrowed (t_List'0)) -> - [ &_13 <- _ret' ] + [ &_14 <- _ret' ] [ &next <- { next with current = _ret'.final } ] s5) | s5 = -{resolve'1 loop_l}- s6 - | s6 = [ &loop_l <- _13 ] s7 + | s6 = [ &loop_l <- _14 ] s7 | s7 = -{resolve'2 next}- s8 | s8 = bb2 ] ] @@ -124,7 +124,7 @@ module M_all_zero__all_zero [#"all_zero.rs" 34 0 34 29] | & loop_l : borrowed (t_List'0) = any_l () | & value : borrowed uint32 = any_l () | & next : borrowed (t_List'0) = any_l () - | & _13 : borrowed (t_List'0) = any_l () ] + | & _14 : borrowed (t_List'0) = any_l () ] [ return' (result:())-> {[@expl:all_zero ensures #0] [%#sall_zero4] forall i : int . 0 <= i /\ i < len'0 l.current -> get'0 l.final i = C_Some'0 (0 : uint32)} diff --git a/creusot/tests/should_succeed/binary_search.coma b/creusot/tests/should_succeed/binary_search.coma index af66fa102..793a6e7a3 100644 --- a/creusot/tests/should_succeed/binary_search.coma +++ b/creusot/tests/should_succeed/binary_search.coma @@ -125,12 +125,12 @@ module M_binary_search__qyi13868011053250380720__index [#"binary_search.rs" 45 4 | bb4 = s0 [ s0 = v_Cons'0 {l} (fun (r0'0:t_T'0) (r1'0:t_List'0) -> [ &t <- r0'0 ] s1) | s1 = v_Cons'0 {l} (fun (r0'1:t_T'0) (r1'1:t_List'0) -> [ &ls <- r1'1 ] s2) - | s2 = UIntSize.gt {ix} {[%#sbinary_search3] (0 : usize)} (fun (_ret':bool) -> [ &_15 <- _ret' ] s3) - | s3 = any [ br0 -> {_15 = false} (! bb6) | br1 -> {_15} (! bb5) ] ] + | s2 = UIntSize.gt {ix} {[%#sbinary_search3] (0 : usize)} (fun (_ret':bool) -> [ &_16 <- _ret' ] s3) + | s3 = any [ br0 -> {_16 = false} (! bb6) | br1 -> {_16} (! bb5) ] ] | bb5 = s0 - [ s0 = [ &_18 <- ls ] s1 - | s1 = [ &l <- _18 ] s2 + [ s0 = [ &_19 <- ls ] s1 + | s1 = [ &l <- _19 ] s2 | s2 = UIntSize.sub {ix} {[%#sbinary_search4] (1 : usize)} (fun (_ret':usize) -> [ &ix <- _ret' ] s3) | s3 = bb1 ] ] @@ -146,8 +146,8 @@ module M_binary_search__qyi13868011053250380720__index [#"binary_search.rs" 45 4 | & l : t_List'0 = any_l () | & t : t_T'0 = any_l () | & ls : t_List'0 = any_l () - | & _15 : bool = any_l () - | & _18 : t_List'0 = any_l () ] + | & _16 : bool = any_l () + | & _19 : t_List'0 = any_l () ] [ return' (result:t_T'0)-> {[@expl:index result type invariant] [%#sbinary_search7] inv'1 result} {[@expl:index ensures] [%#sbinary_search8] C_Some'0 result = get'0 self (UIntSize.to_int ix)} @@ -387,48 +387,48 @@ module M_binary_search__binary_search [#"binary_search.rs" 111 0 111 72] /\ UIntSize.to_int i < len_logic'0 arr -> elem < get_default'0 arr (UIntSize.to_int i) (0 : uint32)} (! s0) [ s0 = bb6 ] [ bb6 = s0 - [ s0 = UIntSize.gt {size} {[%#sbinary_search6] (1 : usize)} (fun (_ret':bool) -> [ &_21 <- _ret' ] s1) - | s1 = any [ br0 -> {_21 = false} (! bb13) | br1 -> {_21} (! bb7) ] ] + [ s0 = UIntSize.gt {size} {[%#sbinary_search6] (1 : usize)} (fun (_ret':bool) -> [ &_22 <- _ret' ] s1) + | s1 = any [ br0 -> {_22 = false} (! bb13) | br1 -> {_22} (! bb7) ] ] | bb7 = s0 [ s0 = UIntSize.eq {[%#sbinary_search7] (2 : usize)} {[%#sbinary_search8] (0 : usize)} - (fun (_ret':bool) -> [ &_25 <- _ret' ] s1) - | s1 = {[@expl:division by zero] [%#sbinary_search8] not _25} s2 + (fun (_ret':bool) -> [ &_26 <- _ret' ] s1) + | s1 = {[@expl:division by zero] [%#sbinary_search8] not _26} s2 | s2 = bb8 ] | bb8 = s0 [ s0 = UIntSize.div {size} {[%#sbinary_search7] (2 : usize)} (fun (_ret':usize) -> [ &half <- _ret' ] s1) | s1 = UIntSize.add {base} {half} (fun (_ret':usize) -> [ &mid <- _ret' ] s2) - | s2 = index'0 {arr} {mid} (fun (_ret':uint32) -> [ &_32 <- _ret' ] s3) + | s2 = index'0 {arr} {mid} (fun (_ret':uint32) -> [ &_33 <- _ret' ] s3) | s3 = bb9 ] | bb9 = s0 - [ s0 = UInt32.gt {_32} {elem} (fun (_ret':bool) -> [ &_30 <- _ret' ] s1) - | s1 = any [ br0 -> {_30 = false} (! bb11) | br1 -> {_30} (! bb10) ] ] + [ s0 = UInt32.gt {_33} {elem} (fun (_ret':bool) -> [ &_31 <- _ret' ] s1) + | s1 = any [ br0 -> {_31 = false} (! bb11) | br1 -> {_31} (! bb10) ] ] - | bb10 = s0 [ s0 = [ &_29 <- base ] s1 | s1 = bb12 ] - | bb11 = s0 [ s0 = [ &_29 <- mid ] s1 | s1 = bb12 ] + | bb10 = s0 [ s0 = [ &_30 <- base ] s1 | s1 = bb12 ] + | bb11 = s0 [ s0 = [ &_30 <- mid ] s1 | s1 = bb12 ] | bb12 = s0 - [ s0 = [ &base <- _29 ] s1 + [ s0 = [ &base <- _30 ] s1 | s1 = UIntSize.sub {size} {half} (fun (_ret':usize) -> [ &size <- _ret' ] s2) | s2 = bb5 ] ] ] - | bb13 = s0 [ s0 = index'0 {arr} {base} (fun (_ret':uint32) -> [ &_41 <- _ret' ] s1) | s1 = bb14 ] + | bb13 = s0 [ s0 = index'0 {arr} {base} (fun (_ret':uint32) -> [ &_40 <- _ret' ] s1) | s1 = bb14 ] | bb14 = s0 - [ s0 = [ &cmp <- _41 ] s1 - | s1 = UInt32.eq {cmp} {elem} (fun (_ret':bool) -> [ &_44 <- _ret' ] s2) - | s2 = any [ br0 -> {_44 = false} (! bb16) | br1 -> {_44} (! bb15) ] ] + [ s0 = [ &cmp <- _40 ] s1 + | s1 = UInt32.eq {cmp} {elem} (fun (_ret':bool) -> [ &_43 <- _ret' ] s2) + | s2 = any [ br0 -> {_43 = false} (! bb16) | br1 -> {_43} (! bb15) ] ] | bb15 = s0 [ s0 = [ &_0 <- C_Ok'0 base ] s1 | s1 = bb20 ] | bb16 = s0 - [ s0 = UInt32.lt {cmp} {elem} (fun (_ret':bool) -> [ &_48 <- _ret' ] s1) - | s1 = any [ br0 -> {_48 = false} (! bb18) | br1 -> {_48} (! bb17) ] ] + [ s0 = UInt32.lt {cmp} {elem} (fun (_ret':bool) -> [ &_47 <- _ret' ] s1) + | s1 = any [ br0 -> {_47 = false} (! bb18) | br1 -> {_47} (! bb17) ] ] | bb17 = s0 - [ s0 = UIntSize.add {base} {[%#sbinary_search9] (1 : usize)} (fun (_ret':usize) -> [ &_51 <- _ret' ] s1) - | s1 = [ &_0 <- C_Err'0 _51 ] s2 + [ s0 = UIntSize.add {base} {[%#sbinary_search9] (1 : usize)} (fun (_ret':usize) -> [ &_50 <- _ret' ] s1) + | s1 = [ &_0 <- C_Err'0 _50 ] s2 | s2 = bb19 ] | bb18 = s0 [ s0 = [ &_0 <- C_Err'0 base ] s1 | s1 = bb19 ] @@ -443,18 +443,18 @@ module M_binary_search__binary_search [#"binary_search.rs" 111 0 111 72] | & _10 : usize = any_l () | & size : usize = any_l () | & base : usize = any_l () - | & _21 : bool = any_l () + | & _22 : bool = any_l () | & half : usize = any_l () - | & _25 : bool = any_l () + | & _26 : bool = any_l () | & mid : usize = any_l () - | & _29 : usize = any_l () - | & _30 : bool = any_l () - | & _32 : uint32 = any_l () + | & _30 : usize = any_l () + | & _31 : bool = any_l () + | & _33 : uint32 = any_l () | & cmp : uint32 = any_l () - | & _41 : uint32 = any_l () - | & _44 : bool = any_l () - | & _48 : bool = any_l () - | & _51 : usize = any_l () ] + | & _40 : uint32 = any_l () + | & _43 : bool = any_l () + | & _47 : bool = any_l () + | & _50 : usize = any_l () ] [ return' (result:t_Result'0)-> {[@expl:binary_search ensures #0] [%#sbinary_search12] forall x : usize . result = C_Ok'0 x -> get'0 arr (UIntSize.to_int x) = C_Some'0 elem} diff --git a/creusot/tests/should_succeed/bug/164.coma b/creusot/tests/should_succeed/bug/164.coma new file mode 100644 index 000000000..9cd49f120 --- /dev/null +++ b/creusot/tests/should_succeed/bug/164.coma @@ -0,0 +1,290 @@ +module M_164__main [#"164.rs" 5 0 5 13] + let%span s1640 = "164.rs" 6 16 6 17 + let%span s1641 = "164.rs" 8 16 8 27 + let%span s1642 = "164.rs" 9 15 9 16 + let%span s1643 = "164.rs" 10 12 10 13 + let%span s1644 = "164.rs" 14 16 14 27 + let%span s1645 = "164.rs" 15 26 15 27 + let%span s1646 = "164.rs" 16 12 16 13 + let%span s1647 = "164.rs" 22 16 22 20 + let%span s1648 = "164.rs" 30 16 30 27 + let%span s1649 = "164.rs" 32 19 32 20 + let%span s16410 = "164.rs" 33 16 33 17 + let%span s16411 = "164.rs" 39 16 39 27 + let%span s16412 = "164.rs" 40 14 40 15 + let%span s16413 = "164.rs" 41 20 41 31 + let%span s16414 = "164.rs" 45 12 45 13 + let%span s16415 = "164.rs" 46 21 46 22 + let%span s16416 = "164.rs" 46 8 46 23 + let%span s16417 = "164.rs" 50 17 50 28 + let%span s16418 = "164.rs" 52 19 52 20 + let%span s16419 = "164.rs" 53 16 53 17 + let%span s16420 = "164.rs" 55 8 55 12 + let%span s16421 = "164.rs" 61 13 61 14 + let%span s16422 = "164.rs" 61 16 61 18 + let%span s16423 = "164.rs" 61 4 61 7 + let%span s16424 = "164.rs" 61 4 61 7 + let%span s16425 = "164.rs" 61 4 61 7 + let%span s16426 = "164.rs" 60 16 60 27 + let%span s16427 = "164.rs" 61 4 61 7 + let%span siter28 = "../../../../creusot-contracts/src/std/iter.rs" 101 0 213 1 + let%span srange29 = "../../../../creusot-contracts/src/std/iter/range.rs" 23 12 27 70 + let%span siter30 = "../../../../creusot-contracts/src/std/iter.rs" 107 26 110 17 + let%span siter31 = "../../../../creusot-contracts/src/std/iter.rs" 86 20 86 24 + let%span siter32 = "../../../../creusot-contracts/src/std/iter.rs" 92 8 92 19 + let%span srange33 = "../../../../creusot-contracts/src/std/iter/range.rs" 33 15 33 24 + let%span srange34 = "../../../../creusot-contracts/src/std/iter/range.rs" 34 14 34 45 + let%span srange35 = "../../../../creusot-contracts/src/std/iter/range.rs" 39 15 39 21 + let%span srange36 = "../../../../creusot-contracts/src/std/iter/range.rs" 40 15 40 21 + let%span srange37 = "../../../../creusot-contracts/src/std/iter/range.rs" 41 15 41 21 + let%span srange38 = "../../../../creusot-contracts/src/std/iter/range.rs" 42 15 42 32 + let%span srange39 = "../../../../creusot-contracts/src/std/iter/range.rs" 43 15 43 32 + let%span srange40 = "../../../../creusot-contracts/src/std/iter/range.rs" 44 14 44 42 + let%span snum41 = "../../../../creusot-contracts/src/std/num.rs" 21 28 21 33 + let%span srange42 = "../../../../creusot-contracts/src/std/iter/range.rs" 15 12 15 78 + let%span sresolve43 = "../../../../creusot-contracts/src/resolve.rs" 54 20 54 34 + + use prelude.prelude.UIntSize + + use prelude.prelude.Int + + use prelude.prelude.Int32 + + type t_Range'0 = + { t_Range__start'0: int32; t_Range__end'0: int32 } + + predicate inv'1 (_1 : t_Range'0) + + axiom inv_axiom'1 [@rewrite] : forall x : t_Range'0 [inv'1 x] . inv'1 x = true + + predicate into_iter_pre'0 (self : t_Range'0) = + [%#siter31] true + + predicate into_iter_post'0 (self : t_Range'0) (res : t_Range'0) = + [%#siter32] self = res + + let rec into_iter'0 (self:t_Range'0) (return' (ret:t_Range'0))= {[@expl:into_iter 'self' type invariant] inv'1 self} + {[@expl:into_iter requires] [%#siter28] into_iter_pre'0 self} + any [ return' (result:t_Range'0)-> {inv'1 result} {[%#siter28] into_iter_post'0 self result} (! return' {result}) ] + + use prelude.prelude.Snapshot + + use seq.Seq + + use seq.Seq + + use prelude.prelude.Snapshot + + use prelude.prelude.Snapshot + + predicate inv'0 (_1 : Seq.seq int32) + + axiom inv_axiom'0 [@rewrite] : forall x : Seq.seq int32 [inv'0 x] . inv'0 x = true + + use prelude.prelude.Snapshot + + use prelude.prelude.Snapshot + + use seq.Seq + + use prelude.prelude.Int32 + + function deep_model'0 (self : int32) : int = + [%#snum41] Int32.to_int self + + use seq.Seq + + use seq.Seq + + predicate produces'0 (self : t_Range'0) (visited : Seq.seq int32) (o : t_Range'0) = + [%#srange29] self.t_Range__end'0 = o.t_Range__end'0 + /\ deep_model'0 self.t_Range__start'0 <= deep_model'0 o.t_Range__start'0 + /\ (Seq.length visited > 0 -> deep_model'0 o.t_Range__start'0 <= deep_model'0 o.t_Range__end'0) + /\ Seq.length visited = deep_model'0 o.t_Range__start'0 - deep_model'0 self.t_Range__start'0 + /\ (forall i : int . 0 <= i /\ i < Seq.length visited + -> deep_model'0 (Seq.get visited i) = deep_model'0 self.t_Range__start'0 + i) + + function produces_trans'0 (a : t_Range'0) (ab : Seq.seq int32) (b : t_Range'0) (bc : Seq.seq int32) (c : t_Range'0) : () + + + axiom produces_trans'0_spec : forall a : t_Range'0, ab : Seq.seq int32, b : t_Range'0, bc : Seq.seq int32, c : t_Range'0 . ([%#srange35] inv'1 a) + -> ([%#srange36] inv'1 b) + -> ([%#srange37] inv'1 c) + -> ([%#srange38] produces'0 a ab b) + -> ([%#srange39] produces'0 b bc c) -> ([%#srange40] produces'0 a (Seq.(++) ab bc) c) + + function produces_refl'0 (self : t_Range'0) : () + + axiom produces_refl'0_spec : forall self : t_Range'0 . ([%#srange33] inv'1 self) + -> ([%#srange34] produces'0 self (Seq.empty : Seq.seq int32) self) + + use prelude.prelude.Borrow + + predicate inv'2 (_1 : borrowed (t_Range'0)) + + axiom inv_axiom'2 [@rewrite] : forall x : borrowed (t_Range'0) [inv'2 x] . inv'2 x = true + + type t_Option'0 = + | C_None'0 + | C_Some'0 int32 + + predicate inv'3 (_1 : t_Option'0) + + axiom inv_axiom'3 [@rewrite] : forall x : t_Option'0 [inv'3 x] . inv'3 x = true + + predicate resolve'1 (self : borrowed (t_Range'0)) = + [%#sresolve43] self.final = self.current + + predicate completed'0 (self : borrowed (t_Range'0)) = + [%#srange42] resolve'1 self + /\ deep_model'0 (self.current).t_Range__start'0 >= deep_model'0 (self.current).t_Range__end'0 + + use seq.Seq + + let rec next'0 (self:borrowed (t_Range'0)) (return' (ret:t_Option'0))= {[@expl:next 'self' type invariant] inv'2 self} + any + [ return' (result:t_Option'0)-> {inv'3 result} + {[%#siter30] match result with + | C_None'0 -> completed'0 self + | C_Some'0 v -> produces'0 self.current (Seq.singleton v) self.final + end} + (! return' {result}) ] + + + predicate resolve'0 (_1 : borrowed (t_Range'0)) = + resolve'1 _1 + + let rec v_Some'0 (input:t_Option'0) (ret (field_0:int32))= any + [ good (field_0:int32)-> {C_Some'0 field_0 = input} (! ret {field_0}) + | bad -> {forall field_0 : int32 [C_Some'0 field_0 : t_Option'0] . C_Some'0 field_0 <> input} (! {false} any) ] + + + use prelude.prelude.Intrinsic + + use prelude.prelude.Snapshot + + use prelude.prelude.Snapshot + + meta "compute_max_steps" 1000000 + + let rec main'0 (_1:()) (return' (ret:()))= (! bb0 + [ bb0 = s0 [ s0 = [ &x <- [%#s1640] (0 : usize) ] s1 | s1 = bb1 ] + | bb1 = s0 + [ s0 = {[@expl:loop invariant] [%#s1641] x = (0 : usize)} s1 + | s1 = UIntSize.eq {x} {[%#s1642] (0 : usize)} (fun (_ret':bool) -> [ &_6 <- _ret' ] s2) + | s2 = any [ br0 -> {_6 = false} (! bb3) | br1 -> {_6} (! bb2) ] ] + + | bb2 = s0 [ s0 = [ &x <- [%#s1643] (1 : usize) ] s1 | s1 = bb4 ] + | bb3 = bb4 + | bb4 = bb5 + | bb5 = s0 + [ s0 = {[@expl:loop invariant] [%#s1644] x = (1 : usize)} s1 + | s1 = UIntSize.eq {x} {[%#s1645] (1 : usize)} (fun (_ret':bool) -> [ &_13 <- _ret' ] s2) + | s2 = any [ br0 -> {_13 = false} (! bb8) | br1 -> {_13} (! bb6) ] ] + + | bb6 = bb7 + | bb7 = s0 [ s0 = [ &x <- [%#s1646] (2 : usize) ] s1 | s1 = bb9 ] + | bb8 = bb9 + | bb9 = bb10 + | bb10 = s0 [ s0 = {[@expl:loop invariant] [%#s1647] true} s1 | s1 = bb11 ] + | bb11 = bb13 + | bb13 = bb14 + | bb14 = s0 [ s0 = {[@expl:loop invariant] [%#s1648] x = (2 : usize)} s1 | s1 = bb15 ] + | bb15 = bb15 + [ bb15 = (! bb16) + [ bb16 = s0 + [ s0 = UIntSize.ne {x} {[%#s1649] (3 : usize)} (fun (_ret':bool) -> [ &_27 <- _ret' ] s1) + | s1 = any [ br0 -> {_27 = false} (! bb18) | br1 -> {_27} (! bb17) ] ] + + | bb17 = s0 [ s0 = [ &x <- [%#s16410] (3 : usize) ] s1 | s1 = bb15 ] ] + ] + + | bb18 = bb19 + | bb19 = bb19 + [ bb19 = {[@expl:loop invariant] [%#s16411] x <= (4 : usize)} + (! s0) [ s0 = bb20 ] + [ bb20 = s0 + [ s0 = UIntSize.lt {x} {[%#s16412] (4 : usize)} (fun (_ret':bool) -> [ &_35 <- _ret' ] s1) + | s1 = any [ br0 -> {_35 = false} (! bb25) | br1 -> {_35} (! bb21) ] ] + + | bb21 = bb22 + | bb22 = s0 + [ s0 = {[@expl:loop invariant] [%#s16413] x <= (3 : usize)} s1 + | s1 = [ &x <- [%#s16414] (4 : usize) ] s2 + | s2 = UIntSize.eq {x} {[%#s16415] (4 : usize)} (fun (_ret':bool) -> [ &_40 <- _ret' ] s3) + | s3 = any [ br0 -> {_40 = false} (! bb24) | br1 -> {_40} (! bb23) ] ] + + | bb23 = bb19 ] + ] + + | bb24 = {[%#s16416] false} any + | bb25 = bb26 + | bb26 = s0 [ s0 = {[@expl:loop invariant] [%#s16417] x = (4 : usize)} s1 | s1 = bb27 ] + | bb27 = bb27 + [ bb27 = (! bb28) + [ bb28 = s0 + [ s0 = UIntSize.ne {x} {[%#s16418] (5 : usize)} (fun (_ret':bool) -> [ &_49 <- _ret' ] s1) + | s1 = any [ br0 -> {_49 = false} (! bb30) | br1 -> {_49} (! bb29) ] ] + + | bb29 = s0 [ s0 = [ &x <- [%#s16419] (5 : usize) ] s1 | s1 = bb27 ] ] + ] + + | bb30 = any [ br0 -> {false} (! bb32) | br1 -> {true} (! bb31) ] + | bb31 = bb33 + | bb32 = bb33 + | bb33 = s0 + [ s0 = [ &_57 <- { t_Range__start'0 = ([%#s16421] (0 : int32)); t_Range__end'0 = ([%#s16422] (10 : int32)) } ] s1 + | s1 = into_iter'0 {_57} (fun (_ret':t_Range'0) -> [ &iter <- _ret' ] s2) + | s2 = bb34 ] + + | bb34 = s0 [ s0 = [ &iter_old <- [%#s16423] Snapshot.new iter ] s1 | s1 = bb35 ] + | bb35 = s0 [ s0 = [ &produced <- [%#s16424] Snapshot.new (Seq.empty : Seq.seq int32) ] s1 | s1 = bb36 ] + | bb36 = bb37 + | bb37 = s0 + [ s0 = {[@expl:for invariant] [%#s16425] inv'0 (Snapshot.inner produced)} s1 + | s1 = {[@expl:for invariant] [%#s16425] inv'1 iter} s2 + | s2 = {[@expl:for invariant] [%#s16425] produces'0 (Snapshot.inner iter_old) (Snapshot.inner produced) iter} s3 + | s3 = {[@expl:loop invariant] [%#s16426] x = (5 : usize)} s4 + | s4 = Borrow.borrow_mut {iter} + (fun (_ret':borrowed (t_Range'0)) -> [ &_69 <- _ret' ] [ &iter <- _ret'.final ] s5) + | s5 = Borrow.borrow_final {_69.current} {Borrow.get_id _69} + (fun (_ret':borrowed (t_Range'0)) -> [ &_68 <- _ret' ] [ &_69 <- { _69 with current = _ret'.final } ] s6) + | s6 = next'0 {_68} (fun (_ret':t_Option'0) -> [ &_67 <- _ret' ] s7) + | s7 = bb38 ] + + | bb38 = s0 + [ s0 = -{resolve'0 _69}- s1 + | s1 = any [ br0 -> {_67 = C_None'0 } (! bb41) | br1 (x0:int32)-> {_67 = C_Some'0 x0} (! bb40) ] ] + + | bb40 = bb42 + | bb42 = s0 + [ s0 = v_Some'0 {_67} (fun (r0'0:int32) -> [ &__creusot_proc_iter_elem <- r0'0 ] s1) + | s1 = + [ &_72 <- [%#s16427] Snapshot.new (Seq.(++) (Snapshot.inner produced) (Seq.singleton __creusot_proc_iter_elem)) ] + + s2 + | s2 = bb43 ] + + | bb43 = s0 [ s0 = [ &produced <- _72 ] s1 | s1 = bb44 ] + | bb41 = bb44 + | bb44 = return' {_0} ] + ) + [ & _0 : () = any_l () + | & x : usize = any_l () + | & _6 : bool = any_l () + | & _13 : bool = any_l () + | & _27 : bool = any_l () + | & _35 : bool = any_l () + | & _40 : bool = any_l () + | & _49 : bool = any_l () + | & iter : t_Range'0 = any_l () + | & _57 : t_Range'0 = any_l () + | & iter_old : Snapshot.snap_ty (t_Range'0) = any_l () + | & produced : Snapshot.snap_ty (Seq.seq int32) = any_l () + | & _67 : t_Option'0 = any_l () + | & _68 : borrowed (t_Range'0) = any_l () + | & _69 : borrowed (t_Range'0) = any_l () + | & __creusot_proc_iter_elem : int32 = any_l () + | & _72 : Snapshot.snap_ty (Seq.seq int32) = any_l () ] + [ return' (result:())-> (! return' {result}) ] +end diff --git a/creusot/tests/should_succeed/bug/164.rs b/creusot/tests/should_succeed/bug/164.rs new file mode 100644 index 000000000..1ba4ef72c --- /dev/null +++ b/creusot/tests/should_succeed/bug/164.rs @@ -0,0 +1,64 @@ +extern crate creusot_contracts; +use creusot_contracts::*; + +/// Attaching invariants to loops that don't loop +pub fn main() { + let mut x = 0; + + #[invariant(x == 0usize)] + while x == 0 { + x = 1; + break; + } + + #[invariant(x == 1usize)] + while let true = x == 1 { + x = 2; + break; + } + + // Make sure to disable the `irrefutable_let_pattern` warning + // for when the desugared else branch is unreachable. + #[invariant(true)] + while let () = () { + break; + } + + // Don't attach the invariant to the inner loop + // (this is a regression test to remember that we used to + // scan for loop headers innerwards instead of outwards) + #[invariant(x == 2usize)] + loop { + while x != 3 { + x = 3; + } + break; + } + + // Don't attach the inner invariant to the outer loop + #[invariant(x <= 4usize)] + while x < 4 { + #[invariant(x <= 3usize)] + loop { + break; + } + x = 4; + assert!(x == 4) + } + + // an inner loop in the condition! + #[invariant (x == 4usize)] + while { + while x != 5 { + x = 5 + } + true + } { + break; + } + + #[invariant(x == 5usize)] + for _ in 0..10 { + break; + } +} diff --git a/creusot/tests/should_succeed/bug/164.stderr b/creusot/tests/should_succeed/bug/164.stderr new file mode 100644 index 000000000..62ec6655b --- /dev/null +++ b/creusot/tests/should_succeed/bug/164.stderr @@ -0,0 +1,50 @@ +warning: This loop does not loop. This invariant could just be an assertion. + --> 164.rs:8:17 + | +8 | #[invariant(x == 0usize)] + | ^^^^^^^^^^^ + +warning: This loop does not loop. This invariant could just be an assertion. + --> 164.rs:14:17 + | +14 | #[invariant(x == 1usize)] + | ^^^^^^^^^^^ + +warning: This loop does not loop. This invariant could just be an assertion. + --> 164.rs:22:17 + | +22 | #[invariant(true)] + | ^^^^ + +warning: This loop does not loop. This invariant could just be an assertion. + --> 164.rs:30:17 + | +30 | #[invariant(x == 2usize)] + | ^^^^^^^^^^^ + +warning: This loop does not loop. This invariant could just be an assertion. + --> 164.rs:41:21 + | +41 | #[invariant(x <= 3usize)] + | ^^^^^^^^^^^ + +warning: This loop does not loop. This invariant could just be an assertion. + --> 164.rs:50:18 + | +50 | #[invariant (x == 4usize)] + | ^^^^^^^^^^^ + +warning: This loop does not loop. This invariant could just be an assertion. + --> 164.rs:61:5 + | +61 | for _ in 0..10 { + | ^^^ + +warning: This loop does not loop. This invariant could just be an assertion. + --> 164.rs:60:17 + | +60 | #[invariant(x == 5usize)] + | ^^^^^^^^^^^ + +warning: 8 warnings emitted + diff --git a/creusot/tests/should_succeed/bug/164/why3session.xml b/creusot/tests/should_succeed/bug/164/why3session.xml new file mode 100644 index 000000000..5cb282174 --- /dev/null +++ b/creusot/tests/should_succeed/bug/164/why3session.xml @@ -0,0 +1,14 @@ + + + + + + + + + + + + + diff --git a/creusot/tests/should_succeed/bug/164/why3shapes.gz b/creusot/tests/should_succeed/bug/164/why3shapes.gz new file mode 100644 index 000000000..9927351be Binary files /dev/null and b/creusot/tests/should_succeed/bug/164/why3shapes.gz differ diff --git a/creusot/tests/should_succeed/filter_positive.coma b/creusot/tests/should_succeed/filter_positive.coma index 172ea4a6e..5fad2dbaa 100644 --- a/creusot/tests/should_succeed/filter_positive.coma +++ b/creusot/tests/should_succeed/filter_positive.coma @@ -330,23 +330,23 @@ module M_filter_positive__m [#"filter_positive.rs" 82 0 82 33] | s1 = [ &i <- [%#sfilter_positive1] (0 : usize) ] s2 | s2 = bb1 ] - | bb1 = bb2 - | bb2 = bb3 - | bb3 = bb3 - [ bb3 = {[@expl:loop invariant #0] [%#sfilter_positive4] UIntSize.to_int i <= Seq.length (view'0 t)} + | bb1 = bb1 + [ bb1 = {[@expl:loop invariant #0] [%#sfilter_positive4] UIntSize.to_int i <= Seq.length (view'0 t)} {[@expl:loop invariant #1] [%#sfilter_positive3] UIntSize.to_int count <= UIntSize.to_int i} {[@expl:loop invariant #2] [%#sfilter_positive2] UIntSize.to_int count = num_of_pos'0 0 (UIntSize.to_int i) (view'0 t)} - (! s0) [ s0 = bb4 ] - [ bb4 = s0 [ s0 = len'0 {t} (fun (_ret':usize) -> [ &_12 <- _ret' ] s1) | s1 = bb5 ] + (! s0) [ s0 = bb2 ] + [ bb2 = bb3 + | bb3 = bb4 + | bb4 = s0 [ s0 = len'0 {t} (fun (_ret':usize) -> [ &_13 <- _ret' ] s1) | s1 = bb5 ] | bb5 = s0 - [ s0 = UIntSize.lt {i} {_12} (fun (_ret':bool) -> [ &_10 <- _ret' ] s1) - | s1 = any [ br0 -> {_10 = false} (! bb11) | br1 -> {_10} (! bb6) ] ] + [ s0 = UIntSize.lt {i} {_13} (fun (_ret':bool) -> [ &_11 <- _ret' ] s1) + | s1 = any [ br0 -> {_11 = false} (! bb11) | br1 -> {_11} (! bb6) ] ] - | bb6 = s0 [ s0 = index'0 {t} {i} (fun (_ret':int32) -> [ &_17 <- _ret' ] s1) | s1 = bb7 ] + | bb6 = s0 [ s0 = index'0 {t} {i} (fun (_ret':int32) -> [ &_18 <- _ret' ] s1) | s1 = bb7 ] | bb7 = s0 - [ s0 = Int32.gt {_17} {[%#sfilter_positive5] (0 : int32)} (fun (_ret':bool) -> [ &_15 <- _ret' ] s1) - | s1 = any [ br0 -> {_15 = false} (! bb9) | br1 -> {_15} (! bb8) ] ] + [ s0 = Int32.gt {_18} {[%#sfilter_positive5] (0 : int32)} (fun (_ret':bool) -> [ &_16 <- _ret' ] s1) + | s1 = any [ br0 -> {_16 = false} (! bb9) | br1 -> {_16} (! bb8) ] ] | bb8 = s0 [ s0 = UIntSize.add {count} {[%#sfilter_positive6] (1 : usize)} (fun (_ret':usize) -> [ &count <- _ret' ] s1) @@ -355,7 +355,7 @@ module M_filter_positive__m [#"filter_positive.rs" 82 0 82 33] | bb9 = bb10 | bb10 = s0 [ s0 = UIntSize.add {i} {[%#sfilter_positive7] (1 : usize)} (fun (_ret':usize) -> [ &i <- _ret' ] s1) - | s1 = bb3 ] + | s1 = bb1 ] ] ] @@ -368,15 +368,15 @@ module M_filter_positive__m [#"filter_positive.rs" 82 0 82 33] | s1 = [ &i <- [%#sfilter_positive10] (0 : usize) ] s2 | s2 = bb13 ] - | bb13 = bb14 - | bb14 = bb15 - | bb15 = bb15 - [ bb15 = {[@expl:loop invariant #0] [%#sfilter_positive12] UIntSize.to_int count + | bb13 = bb13 + [ bb13 = {[@expl:loop invariant #0] [%#sfilter_positive12] UIntSize.to_int count = num_of_pos'0 0 (UIntSize.to_int i) (view'0 t)} {[@expl:loop invariant #1] [%#sfilter_positive11] Seq.length (view'0 u) = num_of_pos'0 0 (Seq.length (view'0 t)) (view'0 t)} - (! s0) [ s0 = bb16 ] - [ bb16 = s0 [ s0 = len'0 {t} (fun (_ret':usize) -> [ &_30 <- _ret' ] s1) | s1 = bb17 ] + (! s0) [ s0 = bb14 ] + [ bb14 = bb15 + | bb15 = bb16 + | bb16 = s0 [ s0 = len'0 {t} (fun (_ret':usize) -> [ &_30 <- _ret' ] s1) | s1 = bb17 ] | bb17 = s0 [ s0 = UIntSize.lt {i} {_30} (fun (_ret':bool) -> [ &_28 <- _ret' ] s1) | s1 = any [ br0 -> {_28 = false} (! bb27) | br1 -> {_28} (! bb18) ] ] @@ -415,7 +415,7 @@ module M_filter_positive__m [#"filter_positive.rs" 82 0 82 33] | bb25 = bb26 | bb26 = s0 [ s0 = UIntSize.add {i} {[%#sfilter_positive17] (1 : usize)} (fun (_ret':usize) -> [ &i <- _ret' ] s1) - | s1 = bb15 ] + | s1 = bb13 ] ] ] @@ -427,10 +427,10 @@ module M_filter_positive__m [#"filter_positive.rs" 82 0 82 33] | & t : t_Vec'0 = t | & count : usize = any_l () | & i : usize = any_l () - | & _10 : bool = any_l () - | & _12 : usize = any_l () - | & _15 : bool = any_l () - | & _17 : int32 = any_l () + | & _11 : bool = any_l () + | & _13 : usize = any_l () + | & _16 : bool = any_l () + | & _18 : int32 = any_l () | & u : t_Vec'0 = any_l () | & _28 : bool = any_l () | & _30 : usize = any_l () diff --git a/creusot/tests/should_succeed/hashmap.coma b/creusot/tests/should_succeed/hashmap.coma index 4a6cb4f70..06e1a23df 100644 --- a/creusot/tests/should_succeed/hashmap.coma +++ b/creusot/tests/should_succeed/hashmap.coma @@ -703,13 +703,13 @@ module M_hashmap__qyi7664122466964245986__add [#"hashmap.rs" 122 4 122 41] (* My [ &l <- { l with current = C_Cons'0 r0'2 _ret'.final } ] s3)) | s3 = [ &tl1 <- tl ] s4 - | s4 = eq'0 {k.current} {key} (fun (_ret':bool) -> [ &_37 <- _ret' ] s5) + | s4 = eq'0 {k.current} {key} (fun (_ret':bool) -> [ &_38 <- _ret' ] s5) | s5 = bb11 ] | bb11 = s0 [ s0 = {[@expl:type invariant] inv'6 k} s1 | s1 = -{resolve'1 k}- s2 - | s2 = any [ br0 -> {_37 = false} (! bb13) | br1 -> {_37} (! bb12) ] ] + | s2 = any [ br0 -> {_38 = false} (! bb13) | br1 -> {_38} (! bb12) ] ] | bb13 = s0 [ s0 = {[@expl:type invariant] inv'7 v} s1 @@ -717,30 +717,30 @@ module M_hashmap__qyi7664122466964245986__add [#"hashmap.rs" 122 4 122 41] (* My | s2 = {inv'1 tl1.current} Borrow.borrow_final {tl1.current} {Borrow.get_id tl1} (fun (_ret':borrowed (t_List'0)) -> - [ &_43 <- _ret' ] + [ &_44 <- _ret' ] -{inv'1 _ret'.final}- [ &tl1 <- { tl1 with current = _ret'.final } ] s3) - | s3 = {inv'1 _43.current} - Borrow.borrow_final {_43.current} {Borrow.get_id _43} + | s3 = {inv'1 _44.current} + Borrow.borrow_final {_44.current} {Borrow.get_id _44} (fun (_ret':borrowed (t_List'0)) -> - [ &_42 <- _ret' ] + [ &_43 <- _ret' ] -{inv'1 _ret'.final}- - [ &_43 <- { _43 with current = _ret'.final } ] + [ &_44 <- { _44 with current = _ret'.final } ] s4) | s4 = {[@expl:type invariant] inv'2 l} s5 | s5 = -{resolve'0 l}- s6 - | s6 = [ &l <- _42 ] s7 - | s7 = {[@expl:type invariant] inv'2 _43} s8 - | s8 = -{resolve'0 _43}- s9 + | s6 = [ &l <- _43 ] s7 + | s7 = {[@expl:type invariant] inv'2 _44} s8 + | s8 = -{resolve'0 _44}- s9 | s9 = {[@expl:type invariant] inv'8 tl1} s10 | s10 = -{resolve'3 tl1}- s11 | s11 = bb7 ] ] ] - | bb14 = s0 [ s0 = [ &_48 <- (key, val') ] s1 | s1 = [ &_52 <- C_Nil'0 ] s2 | s2 = bb15 ] - | bb15 = s0 [ s0 = [ &_47 <- C_Cons'0 _48 _52 ] s1 | s1 = bb16 ] + | bb14 = s0 [ s0 = [ &_47 <- (key, val') ] s1 | s1 = [ &_51 <- C_Nil'0 ] s2 | s2 = bb15 ] + | bb15 = s0 [ s0 = [ &_46 <- C_Cons'0 _47 _51 ] s1 | s1 = bb16 ] | bb16 = bb17 | bb17 = s0 [ s0 = {[@expl:type invariant] match l with @@ -748,7 +748,7 @@ module M_hashmap__qyi7664122466964245986__add [#"hashmap.rs" 122 4 122 41] (* My | _ -> true end} s1 - | s1 = [ &l <- { l with current = _47 } ] s2 + | s1 = [ &l <- { l with current = _46 } ] s2 | s2 = {[@expl:type invariant] inv'2 l} s3 | s3 = -{resolve'0 l}- s4 | s4 = {[@expl:type invariant] inv'2 _17} s5 @@ -794,12 +794,12 @@ module M_hashmap__qyi7664122466964245986__add [#"hashmap.rs" 122 4 122 41] (* My | & v : borrowed t_V'0 = any_l () | & tl : borrowed (t_List'0) = any_l () | & tl1 : borrowed (t_List'0) = any_l () - | & _37 : bool = any_l () - | & _42 : borrowed (t_List'0) = any_l () + | & _38 : bool = any_l () | & _43 : borrowed (t_List'0) = any_l () - | & _47 : t_List'0 = any_l () - | & _48 : (t_K'0, t_V'0) = any_l () - | & _52 : t_List'0 = any_l () ] + | & _44 : borrowed (t_List'0) = any_l () + | & _46 : t_List'0 = any_l () + | & _47 : (t_K'0, t_V'0) = any_l () + | & _51 : t_List'0 = any_l () ] [ return' (result:())-> {[@expl:add ensures] [%#shashmap13] forall i : t_DeepModelTy'0 . Map.get (view'0 self.final) i = (if i = deep_model'0 key then C_Some'0 val' else Map.get (view'1 self) i)} @@ -1122,11 +1122,11 @@ module M_hashmap__qyi7664122466964245986__get [#"hashmap.rs" 154 4 154 43] (* My [ s0 = v_Cons'0 {l} (fun (r0'0:(t_K'0, t_V'0)) (r1'0:t_List'0) -> [ &k <- let (r'0, _) = r0'0 in r'0 ] s1) | s1 = v_Cons'0 {l} (fun (r0'1:(t_K'0, t_V'0)) (r1'1:t_List'0) -> [ &v <- let (_, r'1) = r0'1 in r'1 ] s2) | s2 = v_Cons'0 {l} (fun (r0'2:(t_K'0, t_V'0)) (r1'2:t_List'0) -> [ &tl <- r1'2 ] s3) - | s3 = eq'0 {k} {key} (fun (_ret':bool) -> [ &_25 <- _ret' ] s4) + | s3 = eq'0 {k} {key} (fun (_ret':bool) -> [ &_26 <- _ret' ] s4) | s4 = bb9 ] - | bb9 = any [ br0 -> {_25 = false} (! bb11) | br1 -> {_25} (! bb10) ] - | bb11 = s0 [ s0 = [ &_31 <- tl ] s1 | s1 = [ &l <- _31 ] s2 | s2 = bb5 ] ] + | bb9 = any [ br0 -> {_26 = false} (! bb11) | br1 -> {_26} (! bb10) ] + | bb11 = s0 [ s0 = [ &_32 <- tl ] s1 | s1 = [ &l <- _32 ] s2 | s2 = bb5 ] ] ] | bb12 = s0 [ s0 = [ &_0 <- C_None'0 ] s1 | s1 = bb13 ] @@ -1146,8 +1146,8 @@ module M_hashmap__qyi7664122466964245986__get [#"hashmap.rs" 154 4 154 43] (* My | & k : t_K'0 = any_l () | & v : t_V'0 = any_l () | & tl : t_List'0 = any_l () - | & _25 : bool = any_l () - | & _31 : t_List'0 = any_l () ] + | & _26 : bool = any_l () + | & _32 : t_List'0 = any_l () ] [ return' (result:t_Option'0)-> {[@expl:get result type invariant] [%#shashmap5] inv'3 result} {[@expl:get ensures] [%#shashmap6] match result with @@ -1506,12 +1506,9 @@ module M_hashmap__qyi7664122466964245986__resize [#"hashmap.rs" 173 4 173 24] (* | s1 = new'0 {_7} (fun (_ret':t_MyHashMap'0) -> [ &new <- _ret' ] s2) | s2 = bb3 ] - | bb3 = s0 [ s0 = [ &i <- [%#shashmap2] (0 : usize) ] s1 | s1 = bb4 ] - | bb4 = bb5 - | bb5 = bb6 - | bb6 = s0 [ s0 = [ &old_7_0 <- Snapshot.new self ] s1 | s1 = bb7 ] - | bb7 = bb7 - [ bb7 = {[@expl:mut invariant] (Snapshot.inner old_7_0).final = self.final} + | bb3 = s0 [ s0 = [ &i <- [%#shashmap2] (0 : usize) ] s1 | s1 = [ &old_4_0 <- Snapshot.new self ] s2 | s2 = bb4 ] + | bb4 = bb4 + [ bb4 = {[@expl:mut invariant] (Snapshot.inner old_4_0).final = self.final} {[@expl:loop invariant #0] [%#shashmap9] inv'1 self} {[@expl:loop invariant #1] [%#shashmap8] inv'0 new} {[@expl:loop invariant #2] [%#shashmap7] forall k : t_DeepModelTy'0 . bucket_ix'0 (Snapshot.inner old_self).current k @@ -1529,60 +1526,56 @@ module M_hashmap__qyi7664122466964245986__resize [#"hashmap.rs" 173 4 173 24] (* = Seq.length (view'0 (self.current).t_MyHashMap__buckets'0)} {[@expl:loop invariant #6] [%#shashmap3] UIntSize.to_int i <= Seq.length (view'0 (self.current).t_MyHashMap__buckets'0)} - (! s0) [ s0 = bb8 ] - [ bb8 = s0 - [ s0 = len'0 {(self.current).t_MyHashMap__buckets'0} (fun (_ret':usize) -> [ &_22 <- _ret' ] s1) | s1 = bb9 ] + (! s0) [ s0 = bb5 ] + [ bb5 = bb6 + | bb6 = bb7 + | bb7 = bb8 + | bb8 = s0 + [ s0 = len'0 {(self.current).t_MyHashMap__buckets'0} (fun (_ret':usize) -> [ &_23 <- _ret' ] s1) | s1 = bb9 ] | bb9 = s0 - [ s0 = UIntSize.lt {i} {_22} (fun (_ret':bool) -> [ &_20 <- _ret' ] s1) - | s1 = any [ br0 -> {_20 = false} (! bb32) | br1 -> {_20} (! bb10) ] ] + [ s0 = UIntSize.lt {i} {_23} (fun (_ret':bool) -> [ &_21 <- _ret' ] s1) + | s1 = any [ br0 -> {_21 = false} (! bb32) | br1 -> {_21} (! bb10) ] ] | bb10 = s0 [ s0 = {inv'2 (self.current).t_MyHashMap__buckets'0} Borrow.borrow_mut {(self.current).t_MyHashMap__buckets'0} (fun (_ret':borrowed (t_Vec'0)) -> - [ &_28 <- _ret' ] + [ &_29 <- _ret' ] -{inv'2 _ret'.final}- [ &self <- { self with current = { t_MyHashMap__buckets'0 = _ret'.final } } ] s1) - | s1 = index_mut'0 {_28} {i} (fun (_ret':borrowed (t_List'0)) -> [ &_27 <- _ret' ] s2) + | s1 = index_mut'0 {_29} {i} (fun (_ret':borrowed (t_List'0)) -> [ &_28 <- _ret' ] s2) | s2 = bb11 ] | bb11 = s0 - [ s0 = {inv'3 _27.current} - Borrow.borrow_final {_27.current} {Borrow.get_id _27} + [ s0 = {inv'3 _28.current} + Borrow.borrow_final {_28.current} {Borrow.get_id _28} (fun (_ret':borrowed (t_List'0)) -> - [ &_26 <- _ret' ] + [ &_27 <- _ret' ] -{inv'3 _ret'.final}- - [ &_27 <- { _27 with current = _ret'.final } ] + [ &_28 <- { _28 with current = _ret'.final } ] s1) - | s1 = {inv'3 _26.current} - Borrow.borrow_final {_26.current} {Borrow.get_id _26} + | s1 = {inv'3 _27.current} + Borrow.borrow_final {_27.current} {Borrow.get_id _27} (fun (_ret':borrowed (t_List'0)) -> - [ &_25 <- _ret' ] + [ &_26 <- _ret' ] -{inv'3 _ret'.final}- - [ &_26 <- { _26 with current = _ret'.final } ] + [ &_27 <- { _27 with current = _ret'.final } ] s2) - | s2 = [ &_30 <- C_Nil'0 ] s3 - | s3 = replace'0 {_25} {_30} (fun (_ret':t_List'0) -> [ &l <- _ret' ] s4) + | s2 = [ &_31 <- C_Nil'0 ] s3 + | s3 = replace'0 {_26} {_31} (fun (_ret':t_List'0) -> [ &l <- _ret' ] s4) | s4 = bb12 ] | bb12 = s0 - [ s0 = {[@expl:type invariant] inv'4 _27} s1 - | s1 = -{resolve'0 _27}- s2 - | s2 = {[@expl:type invariant] inv'4 _26} s3 - | s3 = -{resolve'0 _26}- s4 + [ s0 = {[@expl:type invariant] inv'4 _28} s1 + | s1 = -{resolve'0 _28}- s2 + | s2 = {[@expl:type invariant] inv'4 _27} s3 + | s3 = -{resolve'0 _27}- s4 | s4 = bb13 ] - | bb13 = bb14 - | bb14 = bb15 - | bb15 = bb16 - | bb16 = bb17 - | bb17 = bb18 - | bb18 = bb19 - | bb19 = bb20 - | bb20 = bb20 - [ bb20 = {[@expl:loop invariant #0] [%#shashmap16] inv'0 new} + | bb13 = bb13 + [ bb13 = {[@expl:loop invariant #0] [%#shashmap16] inv'0 new} {[@expl:loop invariant #1] [%#shashmap15] inv'3 l} {[@expl:loop invariant #2] [%#shashmap14] forall k : t_DeepModelTy'0 . bucket_ix'0 (Snapshot.inner old_self).current k < UIntSize.to_int i -> Map.get (view'2 old_self) k = Map.get (view'1 new) k} @@ -1600,8 +1593,15 @@ module M_hashmap__qyi7664122466964245986__resize [#"hashmap.rs" 173 4 173 24] (* end} {[@expl:loop invariant #5] [%#shashmap11] no_double_binding'0 l} {[@expl:loop invariant #6] [%#shashmap10] good_bucket'0 (Snapshot.inner old_self).current l (UIntSize.to_int i)} - (! s0) [ s0 = bb21 ] - [ bb21 = any + (! s0) [ s0 = bb14 ] + [ bb14 = bb15 + | bb15 = bb16 + | bb16 = bb17 + | bb17 = bb18 + | bb18 = bb19 + | bb19 = bb20 + | bb20 = bb21 + | bb21 = any [ br0 -> {l = C_Nil'0 } (! bb28) | br1 (x0:(t_K'0, t_V'0)) (x1:t_List'0)-> {l = C_Cons'0 x0 x1} (! bb22) ] | bb22 = bb23 @@ -1614,17 +1614,17 @@ module M_hashmap__qyi7664122466964245986__resize [#"hashmap.rs" 173 4 173 24] (* | s3 = {inv'0 new} Borrow.borrow_mut {new} (fun (_ret':borrowed (t_MyHashMap'0)) -> - [ &_44 <- _ret' ] + [ &_46 <- _ret' ] -{inv'0 _ret'.final}- [ &new <- _ret'.final ] s4) - | s4 = add'0 {_44} {k} {v} (fun (_ret':()) -> [ &_43 <- _ret' ] s5) + | s4 = add'0 {_46} {k} {v} (fun (_ret':()) -> [ &_45 <- _ret' ] s5) | s5 = bb24 ] | bb24 = bb25 | bb25 = s0 [ s0 = [ &l <- tl ] s1 | s1 = bb27 ] | bb27 = bb29 - | bb29 = bb20 ] + | bb29 = bb13 ] ] | bb28 = s0 @@ -1637,7 +1637,7 @@ module M_hashmap__qyi7664122466964245986__resize [#"hashmap.rs" 173 4 173 24] (* | bb30 = s0 [ s0 = UIntSize.add {i} {[%#shashmap18] (1 : usize)} (fun (_ret':usize) -> [ &i <- _ret' ] s1) | s1 = bb31 ] - | bb31 = bb7 ] + | bb31 = bb4 ] ] | bb32 = bb33 @@ -1662,20 +1662,20 @@ module M_hashmap__qyi7664122466964245986__resize [#"hashmap.rs" 173 4 173 24] (* | & _7 : usize = any_l () | & _8 : usize = any_l () | & i : usize = any_l () - | & _20 : bool = any_l () - | & _22 : usize = any_l () + | & _21 : bool = any_l () + | & _23 : usize = any_l () | & l : t_List'0 = any_l () - | & _25 : borrowed (t_List'0) = any_l () | & _26 : borrowed (t_List'0) = any_l () | & _27 : borrowed (t_List'0) = any_l () - | & _28 : borrowed (t_Vec'0) = any_l () - | & _30 : t_List'0 = any_l () + | & _28 : borrowed (t_List'0) = any_l () + | & _29 : borrowed (t_Vec'0) = any_l () + | & _31 : t_List'0 = any_l () | & k : t_K'0 = any_l () | & v : t_V'0 = any_l () | & tl : t_List'0 = any_l () - | & _43 : () = any_l () - | & _44 : borrowed (t_MyHashMap'0) = any_l () - | & old_7_0 : Snapshot.snap_ty (borrowed (t_MyHashMap'0)) = any_l () ] + | & _45 : () = any_l () + | & _46 : borrowed (t_MyHashMap'0) = any_l () + | & old_4_0 : Snapshot.snap_ty (borrowed (t_MyHashMap'0)) = any_l () ] [ return' (result:())-> {[@expl:resize ensures] [%#shashmap21] forall k : t_DeepModelTy'0 . Map.get (view'1 self.final) k = Map.get (view'3 self) k} diff --git a/creusot/tests/should_succeed/heapsort_generic.coma b/creusot/tests/should_succeed/heapsort_generic.coma index 4a80b4715..f73fcbf2d 100644 --- a/creusot/tests/should_succeed/heapsort_generic.coma +++ b/creusot/tests/should_succeed/heapsort_generic.coma @@ -505,30 +505,30 @@ module M_heapsort_generic__sift_down [#"heapsort_generic.rs" 41 0 43 29] (! s0) [ s0 = bb3 ] [ bb3 = s0 [ s0 = UIntSize.eq {[%#sheapsort_generic8] (2 : usize)} {[%#sheapsort_generic9] (0 : usize)} - (fun (_ret':bool) -> [ &_29 <- _ret' ] s1) - | s1 = {[@expl:division by zero] [%#sheapsort_generic9] not _29} s2 + (fun (_ret':bool) -> [ &_30 <- _ret' ] s1) + | s1 = {[@expl:division by zero] [%#sheapsort_generic9] not _30} s2 | s2 = bb4 ] | bb4 = s0 - [ s0 = UIntSize.div {end'} {[%#sheapsort_generic8] (2 : usize)} (fun (_ret':usize) -> [ &_27 <- _ret' ] s1) - | s1 = UIntSize.ge {i} {_27} (fun (_ret':bool) -> [ &_25 <- _ret' ] s2) - | s2 = any [ br0 -> {_25 = false} (! bb6) | br1 -> {_25} (! bb5) ] ] + [ s0 = UIntSize.div {end'} {[%#sheapsort_generic8] (2 : usize)} (fun (_ret':usize) -> [ &_28 <- _ret' ] s1) + | s1 = UIntSize.ge {i} {_28} (fun (_ret':bool) -> [ &_26 <- _ret' ] s2) + | s2 = any [ br0 -> {_26 = false} (! bb6) | br1 -> {_26} (! bb5) ] ] | bb6 = s0 - [ s0 = UIntSize.mul {[%#sheapsort_generic10] (2 : usize)} {i} (fun (_ret':usize) -> [ &_32 <- _ret' ] s1) - | s1 = UIntSize.add {_32} {[%#sheapsort_generic11] (1 : usize)} (fun (_ret':usize) -> [ &child <- _ret' ] s2) - | s2 = UIntSize.add {child} {[%#sheapsort_generic12] (1 : usize)} (fun (_ret':usize) -> [ &_36 <- _ret' ] s3) - | s3 = UIntSize.lt {_36} {end'} (fun (_ret':bool) -> [ &_35 <- _ret' ] s4) - | s4 = any [ br0 -> {_35 = false} (! bb8) | br1 -> {_35} (! bb7) ] ] + [ s0 = UIntSize.mul {[%#sheapsort_generic10] (2 : usize)} {i} (fun (_ret':usize) -> [ &_33 <- _ret' ] s1) + | s1 = UIntSize.add {_33} {[%#sheapsort_generic11] (1 : usize)} (fun (_ret':usize) -> [ &child <- _ret' ] s2) + | s2 = UIntSize.add {child} {[%#sheapsort_generic12] (1 : usize)} (fun (_ret':usize) -> [ &_37 <- _ret' ] s3) + | s3 = UIntSize.lt {_37} {end'} (fun (_ret':bool) -> [ &_36 <- _ret' ] s4) + | s4 = any [ br0 -> {_36 = false} (! bb8) | br1 -> {_36} (! bb7) ] ] - | bb7 = s0 [ s0 = index'0 {v.current} {child} (fun (_ret':t_T'0) -> [ &_41 <- _ret' ] s1) | s1 = bb9 ] + | bb7 = s0 [ s0 = index'0 {v.current} {child} (fun (_ret':t_T'0) -> [ &_42 <- _ret' ] s1) | s1 = bb9 ] | bb9 = s0 - [ s0 = UIntSize.add {child} {[%#sheapsort_generic13] (1 : usize)} (fun (_ret':usize) -> [ &_47 <- _ret' ] s1) - | s1 = index'0 {v.current} {_47} (fun (_ret':t_T'0) -> [ &_45 <- _ret' ] s2) + [ s0 = UIntSize.add {child} {[%#sheapsort_generic13] (1 : usize)} (fun (_ret':usize) -> [ &_48 <- _ret' ] s1) + | s1 = index'0 {v.current} {_48} (fun (_ret':t_T'0) -> [ &_46 <- _ret' ] s2) | s2 = bb10 ] - | bb10 = s0 [ s0 = lt'0 {_41} {_45} (fun (_ret':bool) -> [ &_39 <- _ret' ] s1) | s1 = bb11 ] - | bb11 = any [ br0 -> {_39 = false} (! bb13) | br1 -> {_39} (! bb12) ] + | bb10 = s0 [ s0 = lt'0 {_42} {_46} (fun (_ret':bool) -> [ &_40 <- _ret' ] s1) | s1 = bb11 ] + | bb11 = any [ br0 -> {_40 = false} (! bb13) | br1 -> {_40} (! bb12) ] | bb12 = s0 [ s0 = UIntSize.add {child} {[%#sheapsort_generic14] (1 : usize)} (fun (_ret':usize) -> [ &child <- _ret' ] s1) @@ -537,35 +537,35 @@ module M_heapsort_generic__sift_down [#"heapsort_generic.rs" 41 0 43 29] | bb13 = bb14 | bb8 = bb14 | bb14 = bb15 - | bb15 = s0 [ s0 = index'0 {v.current} {child} (fun (_ret':t_T'0) -> [ &_52 <- _ret' ] s1) | s1 = bb16 ] - | bb16 = s0 [ s0 = index'0 {v.current} {i} (fun (_ret':t_T'0) -> [ &_56 <- _ret' ] s1) | s1 = bb17 ] - | bb17 = s0 [ s0 = le'0 {_52} {_56} (fun (_ret':bool) -> [ &_50 <- _ret' ] s1) | s1 = bb18 ] - | bb18 = any [ br0 -> {_50 = false} (! bb20) | br1 -> {_50} (! bb19) ] + | bb15 = s0 [ s0 = index'0 {v.current} {child} (fun (_ret':t_T'0) -> [ &_53 <- _ret' ] s1) | s1 = bb16 ] + | bb16 = s0 [ s0 = index'0 {v.current} {i} (fun (_ret':t_T'0) -> [ &_57 <- _ret' ] s1) | s1 = bb17 ] + | bb17 = s0 [ s0 = le'0 {_53} {_57} (fun (_ret':bool) -> [ &_51 <- _ret' ] s1) | s1 = bb18 ] + | bb18 = any [ br0 -> {_51 = false} (! bb20) | br1 -> {_51} (! bb19) ] | bb20 = s0 [ s0 = {inv'1 v.current} Borrow.borrow_mut {v.current} (fun (_ret':borrowed (t_Vec'0)) -> - [ &_63 <- _ret' ] + [ &_64 <- _ret' ] -{inv'1 _ret'.final}- [ &v <- { v with current = _ret'.final } ] s1) - | s1 = deref_mut'0 {_63} (fun (_ret':borrowed (slice t_T'0)) -> [ &_62 <- _ret' ] s2) + | s1 = deref_mut'0 {_64} (fun (_ret':borrowed (slice t_T'0)) -> [ &_63 <- _ret' ] s2) | s2 = bb21 ] | bb21 = s0 - [ s0 = {inv'2 _62.current} - Borrow.borrow_final {_62.current} {Borrow.get_id _62} + [ s0 = {inv'2 _63.current} + Borrow.borrow_final {_63.current} {Borrow.get_id _63} (fun (_ret':borrowed (slice t_T'0)) -> - [ &_61 <- _ret' ] + [ &_62 <- _ret' ] -{inv'2 _ret'.final}- - [ &_62 <- { _62 with current = _ret'.final } ] + [ &_63 <- { _63 with current = _ret'.final } ] s1) - | s1 = swap'0 {_61} {i} {child} (fun (_ret':()) -> [ &_60 <- _ret' ] s2) + | s1 = swap'0 {_62} {i} {child} (fun (_ret':()) -> [ &_61 <- _ret' ] s2) | s2 = bb22 ] | bb22 = s0 - [ s0 = {[@expl:type invariant] inv'3 _62} s1 - | s1 = -{resolve'0 _62}- s2 + [ s0 = {[@expl:type invariant] inv'3 _63} s1 + | s1 = -{resolve'0 _63}- s2 | s2 = [ &i <- child ] s3 | s3 = bb2 ] ] @@ -581,24 +581,24 @@ module M_heapsort_generic__sift_down [#"heapsort_generic.rs" 41 0 43 29] | & end' : usize = end' | & old_v : Snapshot.snap_ty (borrowed (t_Vec'0)) = any_l () | & i : usize = any_l () - | & _25 : bool = any_l () - | & _27 : usize = any_l () - | & _29 : bool = any_l () + | & _26 : bool = any_l () + | & _28 : usize = any_l () + | & _30 : bool = any_l () | & child : usize = any_l () - | & _32 : usize = any_l () - | & _35 : bool = any_l () - | & _36 : usize = any_l () - | & _39 : bool = any_l () - | & _41 : t_T'0 = any_l () - | & _45 : t_T'0 = any_l () - | & _47 : usize = any_l () - | & _50 : bool = any_l () - | & _52 : t_T'0 = any_l () - | & _56 : t_T'0 = any_l () - | & _60 : () = any_l () - | & _61 : borrowed (slice t_T'0) = any_l () + | & _33 : usize = any_l () + | & _36 : bool = any_l () + | & _37 : usize = any_l () + | & _40 : bool = any_l () + | & _42 : t_T'0 = any_l () + | & _46 : t_T'0 = any_l () + | & _48 : usize = any_l () + | & _51 : bool = any_l () + | & _53 : t_T'0 = any_l () + | & _57 : t_T'0 = any_l () + | & _61 : () = any_l () | & _62 : borrowed (slice t_T'0) = any_l () - | & _63 : borrowed (t_Vec'0) = any_l () + | & _63 : borrowed (slice t_T'0) = any_l () + | & _64 : borrowed (t_Vec'0) = any_l () | & old_2_0 : Snapshot.snap_ty (borrowed (t_Vec'0)) = any_l () ] [ return' (result:())-> {[@expl:sift_down ensures #0] [%#sheapsort_generic19] heap_frag'0 (deep_model'1 v.final) (UIntSize.to_int start) (UIntSize.to_int end')} @@ -1005,8 +1005,8 @@ module M_heapsort_generic__heap_sort [#"heapsort_generic.rs" 94 0 96 29] {[@expl:loop invariant #2] [%#sheapsort_generic3] UIntSize.to_int start <= div (Seq.length (view'0 v)) 2} (! s0) [ s0 = bb5 ] [ bb5 = s0 - [ s0 = UIntSize.gt {start} {[%#sheapsort_generic6] (0 : usize)} (fun (_ret':bool) -> [ &_16 <- _ret' ] s1) - | s1 = any [ br0 -> {_16 = false} (! bb9) | br1 -> {_16} (! bb6) ] ] + [ s0 = UIntSize.gt {start} {[%#sheapsort_generic6] (0 : usize)} (fun (_ret':bool) -> [ &_17 <- _ret' ] s1) + | s1 = any [ br0 -> {_17 = false} (! bb9) | br1 -> {_17} (! bb6) ] ] | bb6 = s0 [ s0 = UIntSize.sub {start} {[%#sheapsort_generic7] (1 : usize)} @@ -1014,14 +1014,14 @@ module M_heapsort_generic__heap_sort [#"heapsort_generic.rs" 94 0 96 29] | s1 = {inv'0 v.current} Borrow.borrow_mut {v.current} (fun (_ret':borrowed (t_Vec'0)) -> - [ &_19 <- _ret' ] + [ &_20 <- _ret' ] -{inv'0 _ret'.final}- [ &v <- { v with current = _ret'.final } ] s2) - | s2 = len'0 {_19.current} (fun (_ret':usize) -> [ &_21 <- _ret' ] s3) + | s2 = len'0 {_20.current} (fun (_ret':usize) -> [ &_22 <- _ret' ] s3) | s3 = bb7 ] - | bb7 = s0 [ s0 = sift_down'0 {_19} {start} {_21} (fun (_ret':()) -> [ &_18 <- _ret' ] s1) | s1 = bb8 ] + | bb7 = s0 [ s0 = sift_down'0 {_20} {start} {_22} (fun (_ret':()) -> [ &_19 <- _ret' ] s1) | s1 = bb8 ] | bb8 = bb4 ] ] @@ -1095,10 +1095,10 @@ module M_heapsort_generic__heap_sort [#"heapsort_generic.rs" 94 0 96 29] | & start : usize = any_l () | & _8 : usize = any_l () | & _10 : bool = any_l () - | & _16 : bool = any_l () - | & _18 : () = any_l () - | & _19 : borrowed (t_Vec'0) = any_l () - | & _21 : usize = any_l () + | & _17 : bool = any_l () + | & _19 : () = any_l () + | & _20 : borrowed (t_Vec'0) = any_l () + | & _22 : usize = any_l () | & end' : usize = any_l () | & _34 : bool = any_l () | & _36 : () = any_l () diff --git a/creusot/tests/should_succeed/hillel.coma b/creusot/tests/should_succeed/hillel.coma index 8fe971e76..00c6bd77f 100644 --- a/creusot/tests/should_succeed/hillel.coma +++ b/creusot/tests/should_succeed/hillel.coma @@ -164,20 +164,20 @@ module M_hillel__right_pad [#"hillel.rs" 17 0 17 59] {[@expl:loop invariant #4] [%#shillel1] forall i : int . Seq.length (view'0 old_str) <= i /\ i < Seq.length (view'1 str) -> index_logic'0 str.current i = pad} (! s0) [ s0 = bb3 ] - [ bb3 = s0 [ s0 = len'0 {str.current} (fun (_ret':usize) -> [ &_19 <- _ret' ] s1) | s1 = bb4 ] + [ bb3 = s0 [ s0 = len'0 {str.current} (fun (_ret':usize) -> [ &_20 <- _ret' ] s1) | s1 = bb4 ] | bb4 = s0 - [ s0 = UIntSize.lt {_19} {len} (fun (_ret':bool) -> [ &_18 <- _ret' ] s1) - | s1 = any [ br0 -> {_18 = false} (! bb7) | br1 -> {_18} (! bb5) ] ] + [ s0 = UIntSize.lt {_20} {len} (fun (_ret':bool) -> [ &_19 <- _ret' ] s1) + | s1 = any [ br0 -> {_19 = false} (! bb7) | br1 -> {_19} (! bb5) ] ] | bb5 = s0 [ s0 = {inv'0 str.current} Borrow.borrow_mut {str.current} (fun (_ret':borrowed (t_Vec'0)) -> - [ &_23 <- _ret' ] + [ &_24 <- _ret' ] -{inv'0 _ret'.final}- [ &str <- { str with current = _ret'.final } ] s1) - | s1 = push'0 {_23} {pad} (fun (_ret':()) -> [ &_22 <- _ret' ] s2) + | s1 = push'0 {_24} {pad} (fun (_ret':()) -> [ &_23 <- _ret' ] s2) | s2 = bb6 ] | bb6 = bb2 ] @@ -190,10 +190,10 @@ module M_hillel__right_pad [#"hillel.rs" 17 0 17 59] | & len : usize = len | & pad : t_T'0 = pad | & old_str : Snapshot.snap_ty (borrowed (t_Vec'0)) = any_l () - | & _18 : bool = any_l () - | & _19 : usize = any_l () - | & _22 : () = any_l () - | & _23 : borrowed (t_Vec'0) = any_l () + | & _19 : bool = any_l () + | & _20 : usize = any_l () + | & _23 : () = any_l () + | & _24 : borrowed (t_Vec'0) = any_l () | & old_2_0 : Snapshot.snap_ty (borrowed (t_Vec'0)) = any_l () ] [ return' (result:())-> {[@expl:right_pad ensures #0] [%#shillel8] Seq.length (view'2 str.final) @@ -398,24 +398,24 @@ module M_hillel__left_pad [#"hillel.rs" 34 0 34 58] {[@expl:loop invariant #5] [%#shillel2] forall i : int . 0 <= i /\ i < Snapshot.inner c -> index_logic'0 str.current i = pad} (! s0) [ s0 = bb4 ] - [ bb4 = s0 [ s0 = len'0 {str.current} (fun (_ret':usize) -> [ &_20 <- _ret' ] s1) | s1 = bb5 ] + [ bb4 = s0 [ s0 = len'0 {str.current} (fun (_ret':usize) -> [ &_21 <- _ret' ] s1) | s1 = bb5 ] | bb5 = s0 - [ s0 = UIntSize.lt {_20} {len} (fun (_ret':bool) -> [ &_19 <- _ret' ] s1) - | s1 = any [ br0 -> {_19 = false} (! bb9) | br1 -> {_19} (! bb6) ] ] + [ s0 = UIntSize.lt {_21} {len} (fun (_ret':bool) -> [ &_20 <- _ret' ] s1) + | s1 = any [ br0 -> {_20 = false} (! bb9) | br1 -> {_20} (! bb6) ] ] | bb6 = s0 [ s0 = {inv'0 str.current} Borrow.borrow_mut {str.current} (fun (_ret':borrowed (t_Vec'0)) -> - [ &_24 <- _ret' ] + [ &_25 <- _ret' ] -{inv'0 _ret'.final}- [ &str <- { str with current = _ret'.final } ] s1) - | s1 = insert'0 {_24} {[%#shillel8] (0 : usize)} {pad} (fun (_ret':()) -> [ &_23 <- _ret' ] s2) + | s1 = insert'0 {_25} {[%#shillel8] (0 : usize)} {pad} (fun (_ret':()) -> [ &_24 <- _ret' ] s2) | s2 = bb7 ] - | bb7 = s0 [ s0 = [ &_26 <- [%#shillel9] Snapshot.new (1 + Snapshot.inner c) ] s1 | s1 = bb8 ] - | bb8 = s0 [ s0 = [ &c <- _26 ] s1 | s1 = bb3 ] ] + | bb7 = s0 [ s0 = [ &_27 <- [%#shillel9] Snapshot.new (1 + Snapshot.inner c) ] s1 | s1 = bb8 ] + | bb8 = s0 [ s0 = [ &c <- _27 ] s1 | s1 = bb3 ] ] ] | bb9 = s0 [ s0 = {[@expl:type invariant] inv'1 str} s1 | s1 = -{resolve'0 str}- s2 | s2 = return' {_0} ] ] @@ -426,11 +426,11 @@ module M_hillel__left_pad [#"hillel.rs" 34 0 34 58] | & pad : t_T'0 = pad | & old_str : Snapshot.snap_ty (borrowed (t_Vec'0)) = any_l () | & c : Snapshot.snap_ty int = any_l () - | & _19 : bool = any_l () - | & _20 : usize = any_l () - | & _23 : () = any_l () - | & _24 : borrowed (t_Vec'0) = any_l () - | & _26 : Snapshot.snap_ty int = any_l () + | & _20 : bool = any_l () + | & _21 : usize = any_l () + | & _24 : () = any_l () + | & _25 : borrowed (t_Vec'0) = any_l () + | & _27 : Snapshot.snap_ty int = any_l () | & old_3_0 : Snapshot.snap_ty (borrowed (t_Vec'0)) = any_l () ] [ return' (result:())-> {[@expl:left_pad ensures #0] [%#shillel12] Seq.length (view'2 str.final) @@ -898,46 +898,46 @@ module M_hillel__insert_unique [#"hillel.rs" 80 0 80 62] | bb8 = s0 [ s0 = [ &iter_old <- [%#shillel3] Snapshot.new iter ] s1 | s1 = bb9 ] | bb9 = s0 [ s0 = [ &produced <- [%#shillel4] Snapshot.new (Seq.empty : Seq.seq t_T'0) ] s1 | s1 = bb10 ] | bb10 = bb11 - | bb11 = bb12 - | bb12 = bb12 - [ bb12 = {[@expl:for invariant] [%#shillel6] inv'1 (Snapshot.inner produced)} + | bb11 = bb11 + [ bb11 = {[@expl:for invariant] [%#shillel6] inv'1 (Snapshot.inner produced)} {[@expl:for invariant] [%#shillel6] inv'0 iter} {[@expl:for invariant] [%#shillel6] produces'0 (Snapshot.inner iter_old) (Snapshot.inner produced) iter} {[@expl:loop invariant] [%#shillel5] forall j : int . 0 <= j /\ j < Seq.length (Snapshot.inner produced) -> deep_model'2 (index_logic'0 produced j) <> deep_model'1 elem} - (! s0) [ s0 = bb13 ] - [ bb13 = s0 + (! s0) [ s0 = bb12 ] + [ bb12 = bb13 + | bb13 = s0 [ s0 = Borrow.borrow_mut {iter} - (fun (_ret':borrowed (t_Iter'0)) -> [ &_31 <- _ret' ] [ &iter <- _ret'.final ] s1) - | s1 = Borrow.borrow_final {_31.current} {Borrow.get_id _31} - (fun (_ret':borrowed (t_Iter'0)) -> [ &_30 <- _ret' ] [ &_31 <- { _31 with current = _ret'.final } ] s2) - | s2 = next'0 {_30} (fun (_ret':t_Option'0) -> [ &_29 <- _ret' ] s3) + (fun (_ret':borrowed (t_Iter'0)) -> [ &_32 <- _ret' ] [ &iter <- _ret'.final ] s1) + | s1 = Borrow.borrow_final {_32.current} {Borrow.get_id _32} + (fun (_ret':borrowed (t_Iter'0)) -> [ &_31 <- _ret' ] [ &_32 <- { _32 with current = _ret'.final } ] s2) + | s2 = next'0 {_31} (fun (_ret':t_Option'0) -> [ &_30 <- _ret' ] s3) | s3 = bb14 ] | bb14 = s0 - [ s0 = -{resolve'0 _31}- s1 - | s1 = any [ br0 -> {_29 = C_None'0 } (! bb17) | br1 (x0:t_T'0)-> {_29 = C_Some'0 x0} (! bb16) ] ] + [ s0 = -{resolve'0 _32}- s1 + | s1 = any [ br0 -> {_30 = C_None'0 } (! bb17) | br1 (x0:t_T'0)-> {_30 = C_Some'0 x0} (! bb16) ] ] | bb16 = bb18 | bb18 = s0 - [ s0 = v_Some'0 {_29} (fun (r0'0:t_T'0) -> [ &__creusot_proc_iter_elem <- r0'0 ] s1) + [ s0 = v_Some'0 {_30} (fun (r0'0:t_T'0) -> [ &__creusot_proc_iter_elem <- r0'0 ] s1) | s1 = - [ &_34 <- [%#shillel7] Snapshot.new (Seq.(++) (Snapshot.inner produced) (Seq.singleton __creusot_proc_iter_elem)) ] + [ &_35 <- [%#shillel7] Snapshot.new (Seq.(++) (Snapshot.inner produced) (Seq.singleton __creusot_proc_iter_elem)) ] s2 | s2 = bb19 ] | bb19 = s0 - [ s0 = [ &produced <- _34 ] s1 + [ s0 = [ &produced <- _35 ] s1 | s1 = [ &e <- __creusot_proc_iter_elem ] s2 | s2 = {[@expl:assertion] [%#shillel8] e = index_logic'1 (Snapshot.inner ghost_vec).current (Seq.length (Snapshot.inner produced) - 1)} s3 - | s3 = eq'0 {e} {elem} (fun (_ret':bool) -> [ &_39 <- _ret' ] s4) + | s3 = eq'0 {e} {elem} (fun (_ret':bool) -> [ &_40 <- _ret' ] s4) | s4 = bb20 ] - | bb20 = any [ br0 -> {_39 = false} (! bb23) | br1 -> {_39} (! bb21) ] - | bb23 = bb12 ] + | bb20 = any [ br0 -> {_40 = false} (! bb23) | br1 -> {_40} (! bb21) ] + | bb23 = bb11 ] ] | bb21 = s0 @@ -958,11 +958,11 @@ module M_hillel__insert_unique [#"hillel.rs" 80 0 80 62] [ s0 = {inv'4 vec.current} Borrow.borrow_final {vec.current} {Borrow.get_id vec} (fun (_ret':borrowed (t_Vec'0)) -> - [ &_52 <- _ret' ] + [ &_53 <- _ret' ] -{inv'4 _ret'.final}- [ &vec <- { vec with current = _ret'.final } ] s1) - | s1 = push'0 {_52} {elem} (fun (_ret':()) -> [ &_51 <- _ret' ] s2) + | s1 = push'0 {_53} {elem} (fun (_ret':()) -> [ &_52 <- _ret' ] s2) | s2 = bb25 ] | bb25 = s0 [ s0 = {[@expl:type invariant] inv'3 vec} s1 | s1 = -{resolve'2 vec}- s2 | s2 = bb26 ] @@ -978,15 +978,15 @@ module M_hillel__insert_unique [#"hillel.rs" 80 0 80 62] | & _18 : slice t_T'0 = any_l () | & iter_old : Snapshot.snap_ty (t_Iter'0) = any_l () | & produced : Snapshot.snap_ty (Seq.seq t_T'0) = any_l () - | & _29 : t_Option'0 = any_l () - | & _30 : borrowed (t_Iter'0) = any_l () + | & _30 : t_Option'0 = any_l () | & _31 : borrowed (t_Iter'0) = any_l () + | & _32 : borrowed (t_Iter'0) = any_l () | & __creusot_proc_iter_elem : t_T'0 = any_l () - | & _34 : Snapshot.snap_ty (Seq.seq t_T'0) = any_l () + | & _35 : Snapshot.snap_ty (Seq.seq t_T'0) = any_l () | & e : t_T'0 = any_l () - | & _39 : bool = any_l () - | & _51 : () = any_l () - | & _52 : borrowed (t_Vec'0) = any_l () ] + | & _40 : bool = any_l () + | & _52 : () = any_l () + | & _53 : borrowed (t_Vec'0) = any_l () ] [ return' (result:())-> {[@expl:insert_unique ensures #0] [%#shillel15] is_unique'0 (deep_model'3 vec.final)} {[@expl:insert_unique ensures #1] [%#shillel16] is_subset'0 (deep_model'0 vec) (deep_model'3 vec.final)} @@ -1375,78 +1375,78 @@ module M_hillel__unique [#"hillel.rs" 102 0 102 56] | bb4 = s0 [ s0 = [ &iter_old <- [%#shillel3] Snapshot.new iter ] s1 | s1 = bb5 ] | bb5 = s0 [ s0 = [ &produced <- [%#shillel4] Snapshot.new (Seq.empty : Seq.seq usize) ] s1 | s1 = bb6 ] | bb6 = bb7 - | bb7 = bb8 - | bb8 = bb9 - | bb9 = bb10 - | bb10 = bb11 - | bb11 = bb11 - [ bb11 = {[@expl:for invariant] [%#shillel9] inv'2 (Snapshot.inner produced)} + | bb7 = bb7 + [ bb7 = {[@expl:for invariant] [%#shillel9] inv'2 (Snapshot.inner produced)} {[@expl:for invariant] [%#shillel9] inv'1 iter} {[@expl:for invariant] [%#shillel9] produces'0 (Snapshot.inner iter_old) (Snapshot.inner produced) iter} {[@expl:loop invariant #0] [%#shillel8] inv'0 unique} {[@expl:loop invariant #1] [%#shillel7] is_unique'0 (deep_model'1 unique)} {[@expl:loop invariant #2] [%#shillel6] is_subset'0 (deep_model'1 unique) (deep_model'0 str)} {[@expl:loop invariant #3] [%#shillel5] is_subset'0 (Seq.([..]) (deep_model'0 str) 0 (Seq.length (Snapshot.inner produced))) (deep_model'1 unique)} - (! s0) [ s0 = bb12 ] - [ bb12 = s0 + (! s0) [ s0 = bb8 ] + [ bb8 = bb9 + | bb9 = bb10 + | bb10 = bb11 + | bb11 = bb12 + | bb12 = s0 [ s0 = Borrow.borrow_mut {iter} - (fun (_ret':borrowed (t_Range'0)) -> [ &_27 <- _ret' ] [ &iter <- _ret'.final ] s1) - | s1 = Borrow.borrow_final {_27.current} {Borrow.get_id _27} + (fun (_ret':borrowed (t_Range'0)) -> [ &_28 <- _ret' ] [ &iter <- _ret'.final ] s1) + | s1 = Borrow.borrow_final {_28.current} {Borrow.get_id _28} (fun (_ret':borrowed (t_Range'0)) -> - [ &_26 <- _ret' ] - [ &_27 <- { _27 with current = _ret'.final } ] + [ &_27 <- _ret' ] + [ &_28 <- { _28 with current = _ret'.final } ] s2) - | s2 = next'0 {_26} (fun (_ret':t_Option'0) -> [ &_25 <- _ret' ] s3) + | s2 = next'0 {_27} (fun (_ret':t_Option'0) -> [ &_26 <- _ret' ] s3) | s3 = bb13 ] | bb13 = s0 - [ s0 = -{resolve'0 _27}- s1 - | s1 = any [ br0 -> {_25 = C_None'0 } (! bb16) | br1 (x0:usize)-> {_25 = C_Some'0 x0} (! bb15) ] ] + [ s0 = -{resolve'0 _28}- s1 + | s1 = any [ br0 -> {_26 = C_None'0 } (! bb16) | br1 (x0:usize)-> {_26 = C_Some'0 x0} (! bb15) ] ] | bb15 = bb17 | bb17 = s0 - [ s0 = v_Some'0 {_25} (fun (r0'0:usize) -> [ &__creusot_proc_iter_elem <- r0'0 ] s1) + [ s0 = v_Some'0 {_26} (fun (r0'0:usize) -> [ &__creusot_proc_iter_elem <- r0'0 ] s1) | s1 = - [ &_30 <- [%#shillel10] Snapshot.new (Seq.(++) (Snapshot.inner produced) (Seq.singleton __creusot_proc_iter_elem)) ] + [ &_31 <- [%#shillel10] Snapshot.new (Seq.(++) (Snapshot.inner produced) (Seq.singleton __creusot_proc_iter_elem)) ] s2 | s2 = bb18 ] | bb18 = s0 - [ s0 = [ &produced <- _30 ] s1 + [ s0 = [ &produced <- _31 ] s1 | s1 = [ &i <- __creusot_proc_iter_elem ] s2 - | s2 = [ &_34 <- i ] s3 - | s3 = [ &_35 <- Slice.length str ] s4 - | s4 = UIntSize.lt {_34} {_35} (fun (_ret':bool) -> [ &_36 <- _ret' ] s5) - | s5 = {[@expl:index in bounds] [%#shillel11] _36} s6 + | s2 = [ &_35 <- i ] s3 + | s3 = [ &_36 <- Slice.length str ] s4 + | s4 = UIntSize.lt {_35} {_36} (fun (_ret':bool) -> [ &_37 <- _ret' ] s5) + | s5 = {[@expl:index in bounds] [%#shillel11] _37} s6 | s6 = bb19 ] | bb19 = s0 - [ s0 = Slice.get {str} {_34} (fun (r'0:t_T'0) -> [ &elem <- r'0 ] s1) + [ s0 = Slice.get {str} {_35} (fun (r'0:t_T'0) -> [ &elem <- r'0 ] s1) | s1 = {inv'0 unique} Borrow.borrow_mut {unique} (fun (_ret':borrowed (t_Vec'0)) -> - [ &_39 <- _ret' ] + [ &_40 <- _ret' ] -{inv'0 _ret'.final}- [ &unique <- _ret'.final ] s2) - | s2 = {inv'0 _39.current} - Borrow.borrow_final {_39.current} {Borrow.get_id _39} + | s2 = {inv'0 _40.current} + Borrow.borrow_final {_40.current} {Borrow.get_id _40} (fun (_ret':borrowed (t_Vec'0)) -> - [ &_38 <- _ret' ] + [ &_39 <- _ret' ] -{inv'0 _ret'.final}- - [ &_39 <- { _39 with current = _ret'.final } ] + [ &_40 <- { _40 with current = _ret'.final } ] s3) - | s3 = insert_unique'0 {_38} {elem} (fun (_ret':()) -> [ &_37 <- _ret' ] s4) + | s3 = insert_unique'0 {_39} {elem} (fun (_ret':()) -> [ &_38 <- _ret' ] s4) | s4 = bb20 ] | bb20 = s0 - [ s0 = {[@expl:type invariant] inv'3 _39} s1 - | s1 = -{resolve'1 _39}- s2 - | s2 = [ &_41 <- [%#shillel12] Snapshot.new (Seq.snoc (Snapshot.inner sub_str) elem) ] s3 + [ s0 = {[@expl:type invariant] inv'3 _40} s1 + | s1 = -{resolve'1 _40}- s2 + | s2 = [ &_42 <- [%#shillel12] Snapshot.new (Seq.snoc (Snapshot.inner sub_str) elem) ] s3 | s3 = bb21 ] - | bb21 = s0 [ s0 = [ &sub_str <- _41 ] s1 | s1 = bb11 ] ] + | bb21 = s0 [ s0 = [ &sub_str <- _42 ] s1 | s1 = bb7 ] ] ] | bb16 = s0 @@ -1471,20 +1471,20 @@ module M_hillel__unique [#"hillel.rs" 102 0 102 56] | & _11 : usize = any_l () | & iter_old : Snapshot.snap_ty (t_Range'0) = any_l () | & produced : Snapshot.snap_ty (Seq.seq usize) = any_l () - | & _25 : t_Option'0 = any_l () - | & _26 : borrowed (t_Range'0) = any_l () + | & _26 : t_Option'0 = any_l () | & _27 : borrowed (t_Range'0) = any_l () + | & _28 : borrowed (t_Range'0) = any_l () | & __creusot_proc_iter_elem : usize = any_l () - | & _30 : Snapshot.snap_ty (Seq.seq usize) = any_l () + | & _31 : Snapshot.snap_ty (Seq.seq usize) = any_l () | & i : usize = any_l () | & elem : t_T'0 = any_l () - | & _34 : usize = any_l () | & _35 : usize = any_l () - | & _36 : bool = any_l () - | & _37 : () = any_l () - | & _38 : borrowed (t_Vec'0) = any_l () + | & _36 : usize = any_l () + | & _37 : bool = any_l () + | & _38 : () = any_l () | & _39 : borrowed (t_Vec'0) = any_l () - | & _41 : Snapshot.snap_ty (Seq.seq t_T'0) = any_l () ] + | & _40 : borrowed (t_Vec'0) = any_l () + | & _42 : Snapshot.snap_ty (Seq.seq t_T'0) = any_l () ] [ return' (result:t_Vec'0)-> {[@expl:unique result type invariant] [%#shillel16] inv'0 result} {[@expl:unique ensures #0] [%#shillel17] is_unique'0 (deep_model'1 result)} @@ -2057,27 +2057,27 @@ module M_hillel__fulcrum [#"hillel.rs" 159 0 159 30] (! s0) [ s0 = bb5 ] [ bb5 = s0 [ s0 = Borrow.borrow_mut {iter} - (fun (_ret':borrowed (t_Iter'0)) -> [ &_22 <- _ret' ] [ &iter <- _ret'.final ] s1) - | s1 = Borrow.borrow_final {_22.current} {Borrow.get_id _22} - (fun (_ret':borrowed (t_Iter'0)) -> [ &_21 <- _ret' ] [ &_22 <- { _22 with current = _ret'.final } ] s2) - | s2 = next'0 {_21} (fun (_ret':t_Option'0) -> [ &_20 <- _ret' ] s3) + (fun (_ret':borrowed (t_Iter'0)) -> [ &_23 <- _ret' ] [ &iter <- _ret'.final ] s1) + | s1 = Borrow.borrow_final {_23.current} {Borrow.get_id _23} + (fun (_ret':borrowed (t_Iter'0)) -> [ &_22 <- _ret' ] [ &_23 <- { _23 with current = _ret'.final } ] s2) + | s2 = next'0 {_22} (fun (_ret':t_Option'0) -> [ &_21 <- _ret' ] s3) | s3 = bb6 ] | bb6 = s0 - [ s0 = -{resolve'0 _22}- s1 - | s1 = any [ br0 -> {_20 = C_None'0 } (! bb9) | br1 (x0:uint32)-> {_20 = C_Some'0 x0} (! bb8) ] ] + [ s0 = -{resolve'0 _23}- s1 + | s1 = any [ br0 -> {_21 = C_None'0 } (! bb9) | br1 (x0:uint32)-> {_21 = C_Some'0 x0} (! bb8) ] ] | bb8 = bb10 | bb10 = s0 - [ s0 = v_Some'0 {_20} (fun (r0'0:uint32) -> [ &__creusot_proc_iter_elem <- r0'0 ] s1) + [ s0 = v_Some'0 {_21} (fun (r0'0:uint32) -> [ &__creusot_proc_iter_elem <- r0'0 ] s1) | s1 = - [ &_25 <- [%#shillel6] Snapshot.new (Seq.(++) (Snapshot.inner produced) (Seq.singleton __creusot_proc_iter_elem)) ] + [ &_26 <- [%#shillel6] Snapshot.new (Seq.(++) (Snapshot.inner produced) (Seq.singleton __creusot_proc_iter_elem)) ] s2 | s2 = bb11 ] | bb11 = s0 - [ s0 = [ &produced <- _25 ] s1 + [ s0 = [ &produced <- _26 ] s1 | s1 = [ &x <- __creusot_proc_iter_elem ] s2 | s2 = UInt32.add {total} {x} (fun (_ret':uint32) -> [ &total <- _ret' ] s3) | s3 = bb4 ] @@ -2089,12 +2089,12 @@ module M_hillel__fulcrum [#"hillel.rs" 159 0 159 30] | s1 = [ &min_i <- [%#shillel8] (0 : usize) ] s2 | s2 = [ &min_dist <- total ] s3 | s3 = [ &sum <- [%#shillel9] (0 : uint32) ] s4 - | s4 = len'0 {s} (fun (_ret':usize) -> [ &_38 <- _ret' ] s5) + | s4 = len'0 {s} (fun (_ret':usize) -> [ &_39 <- _ret' ] s5) | s5 = bb12 ] | bb12 = s0 - [ s0 = [ &_37 <- { t_Range__start'0 = ([%#shillel10] (0 : usize)); t_Range__end'0 = _38 } ] s1 - | s1 = into_iter'1 {_37} (fun (_ret':t_Range'0) -> [ &iter1 <- _ret' ] s2) + [ s0 = [ &_38 <- { t_Range__start'0 = ([%#shillel10] (0 : usize)); t_Range__end'0 = _39 } ] s1 + | s1 = into_iter'1 {_38} (fun (_ret':t_Range'0) -> [ &iter1 <- _ret' ] s2) | s2 = bb13 ] | bb13 = s0 [ s0 = [ &iter_old1 <- [%#shillel11] Snapshot.new iter1 ] s1 | s1 = bb14 ] @@ -2115,50 +2115,50 @@ module M_hillel__fulcrum [#"hillel.rs" 159 0 159 30] (! s0) [ s0 = bb17 ] [ bb17 = s0 [ s0 = Borrow.borrow_mut {iter1} - (fun (_ret':borrowed (t_Range'0)) -> [ &_54 <- _ret' ] [ &iter1 <- _ret'.final ] s1) - | s1 = Borrow.borrow_final {_54.current} {Borrow.get_id _54} + (fun (_ret':borrowed (t_Range'0)) -> [ &_56 <- _ret' ] [ &iter1 <- _ret'.final ] s1) + | s1 = Borrow.borrow_final {_56.current} {Borrow.get_id _56} (fun (_ret':borrowed (t_Range'0)) -> - [ &_53 <- _ret' ] - [ &_54 <- { _54 with current = _ret'.final } ] + [ &_55 <- _ret' ] + [ &_56 <- { _56 with current = _ret'.final } ] s2) - | s2 = next'1 {_53} (fun (_ret':t_Option'1) -> [ &_52 <- _ret' ] s3) + | s2 = next'1 {_55} (fun (_ret':t_Option'1) -> [ &_54 <- _ret' ] s3) | s3 = bb18 ] | bb18 = s0 - [ s0 = -{resolve'1 _54}- s1 - | s1 = any [ br0 -> {_52 = C_None'1 } (! bb21) | br1 (x0:usize)-> {_52 = C_Some'1 x0} (! bb20) ] ] + [ s0 = -{resolve'1 _56}- s1 + | s1 = any [ br0 -> {_54 = C_None'1 } (! bb21) | br1 (x0:usize)-> {_54 = C_Some'1 x0} (! bb20) ] ] | bb20 = bb22 | bb22 = s0 - [ s0 = v_Some'1 {_52} (fun (r0'0:usize) -> [ &__creusot_proc_iter_elem1 <- r0'0 ] s1) + [ s0 = v_Some'1 {_54} (fun (r0'0:usize) -> [ &__creusot_proc_iter_elem1 <- r0'0 ] s1) | s1 = - [ &_57 <- [%#shillel19] Snapshot.new (Seq.(++) (Snapshot.inner produced1) (Seq.singleton __creusot_proc_iter_elem1)) ] + [ &_59 <- [%#shillel19] Snapshot.new (Seq.(++) (Snapshot.inner produced1) (Seq.singleton __creusot_proc_iter_elem1)) ] s2 | s2 = bb23 ] | bb23 = s0 - [ s0 = [ &produced1 <- _57 ] s1 + [ s0 = [ &produced1 <- _59 ] s1 | s1 = [ &i <- __creusot_proc_iter_elem1 ] s2 - | s2 = UInt32.sub {total} {sum} (fun (_ret':uint32) -> [ &_62 <- _ret' ] s3) - | s3 = abs_diff'0 {sum} {_62} (fun (_ret':uint32) -> [ &dist <- _ret' ] s4) + | s2 = UInt32.sub {total} {sum} (fun (_ret':uint32) -> [ &_64 <- _ret' ] s3) + | s3 = abs_diff'0 {sum} {_64} (fun (_ret':uint32) -> [ &dist <- _ret' ] s4) | s4 = bb24 ] | bb24 = s0 - [ s0 = UInt32.lt {dist} {min_dist} (fun (_ret':bool) -> [ &_66 <- _ret' ] s1) - | s1 = any [ br0 -> {_66 = false} (! bb26) | br1 -> {_66} (! bb25) ] ] + [ s0 = UInt32.lt {dist} {min_dist} (fun (_ret':bool) -> [ &_68 <- _ret' ] s1) + | s1 = any [ br0 -> {_68 = false} (! bb26) | br1 -> {_68} (! bb25) ] ] | bb25 = s0 [ s0 = [ &min_i <- i ] s1 | s1 = [ &min_dist <- dist ] s2 | s2 = bb27 ] | bb26 = bb27 | bb27 = s0 - [ s0 = [ &_72 <- i ] s1 - | s1 = [ &_73 <- Slice.length s ] s2 - | s2 = UIntSize.lt {_72} {_73} (fun (_ret':bool) -> [ &_74 <- _ret' ] s3) - | s3 = {[@expl:index in bounds] [%#shillel20] _74} s4 + [ s0 = [ &_74 <- i ] s1 + | s1 = [ &_75 <- Slice.length s ] s2 + | s2 = UIntSize.lt {_74} {_75} (fun (_ret':bool) -> [ &_76 <- _ret' ] s3) + | s3 = {[@expl:index in bounds] [%#shillel20] _76} s4 | s4 = bb28 ] | bb28 = s0 - [ s0 = Slice.get {s} {_72} + [ s0 = Slice.get {s} {_74} (fun (r'0:uint32) -> UInt32.add {sum} {r'0} (fun (_ret':uint32) -> [ &sum <- _ret' ] s1)) | s1 = bb16 ] ] @@ -2172,32 +2172,32 @@ module M_hillel__fulcrum [#"hillel.rs" 159 0 159 30] | & iter : t_Iter'0 = any_l () | & iter_old : Snapshot.snap_ty (t_Iter'0) = any_l () | & produced : Snapshot.snap_ty (Seq.seq uint32) = any_l () - | & _20 : t_Option'0 = any_l () - | & _21 : borrowed (t_Iter'0) = any_l () + | & _21 : t_Option'0 = any_l () | & _22 : borrowed (t_Iter'0) = any_l () + | & _23 : borrowed (t_Iter'0) = any_l () | & __creusot_proc_iter_elem : uint32 = any_l () - | & _25 : Snapshot.snap_ty (Seq.seq uint32) = any_l () + | & _26 : Snapshot.snap_ty (Seq.seq uint32) = any_l () | & x : uint32 = any_l () | & min_i : usize = any_l () | & min_dist : uint32 = any_l () | & sum : uint32 = any_l () | & iter1 : t_Range'0 = any_l () - | & _37 : t_Range'0 = any_l () - | & _38 : usize = any_l () + | & _38 : t_Range'0 = any_l () + | & _39 : usize = any_l () | & iter_old1 : Snapshot.snap_ty (t_Range'0) = any_l () | & produced1 : Snapshot.snap_ty (Seq.seq usize) = any_l () - | & _52 : t_Option'1 = any_l () - | & _53 : borrowed (t_Range'0) = any_l () - | & _54 : borrowed (t_Range'0) = any_l () + | & _54 : t_Option'1 = any_l () + | & _55 : borrowed (t_Range'0) = any_l () + | & _56 : borrowed (t_Range'0) = any_l () | & __creusot_proc_iter_elem1 : usize = any_l () - | & _57 : Snapshot.snap_ty (Seq.seq usize) = any_l () + | & _59 : Snapshot.snap_ty (Seq.seq usize) = any_l () | & i : usize = any_l () | & dist : uint32 = any_l () - | & _62 : uint32 = any_l () - | & _66 : bool = any_l () - | & _72 : usize = any_l () - | & _73 : usize = any_l () - | & _74 : bool = any_l () ] + | & _64 : uint32 = any_l () + | & _68 : bool = any_l () + | & _74 : usize = any_l () + | & _75 : usize = any_l () + | & _76 : bool = any_l () ] [ return' (result:usize)-> {[@expl:fulcrum ensures #0] [%#shillel23] 0 <= UIntSize.to_int result /\ UIntSize.to_int result < Seq.length (view'0 s)} diff --git a/creusot/tests/should_succeed/inferred_invariants.coma b/creusot/tests/should_succeed/inferred_invariants.coma index 09fca4a1e..24e7a5330 100644 --- a/creusot/tests/should_succeed/inferred_invariants.coma +++ b/creusot/tests/should_succeed/inferred_invariants.coma @@ -72,11 +72,11 @@ module M_inferred_invariants__simple [#"inferred_invariants.rs" 6 0 6 27] [ s0 = {inv'1 x.current} Borrow.borrow_mut {x.current} (fun (_ret':borrowed t_T'0) -> - [ &_5 <- _ret' ] + [ &_6 <- _ret' ] -{inv'1 _ret'.final}- [ &x <- { x with current = _ret'.final } ] s1) - | s1 = f'0 {_5} (fun (_ret':()) -> [ &_4 <- _ret' ] s2) + | s1 = f'0 {_6} (fun (_ret':()) -> [ &_4 <- _ret' ] s2) | s2 = bb3 ] | bb3 = bb1 ] @@ -85,7 +85,7 @@ module M_inferred_invariants__simple [#"inferred_invariants.rs" 6 0 6 27] ) [ & x : borrowed t_T'0 = x | & _4 : () = any_l () - | & _5 : borrowed t_T'0 = any_l () + | & _6 : borrowed t_T'0 = any_l () | & old_1_0 : Snapshot.snap_ty (borrowed t_T'0) = any_l () ] [ return' (result:())-> (! return' {result}) ] end @@ -133,21 +133,21 @@ module M_inferred_invariants__swapper [#"inferred_invariants.rs" 13 0 13 57] | s1 = {inv'1 y.current} Borrow.borrow_final {y.current} {Borrow.get_id y} (fun (_ret':borrowed t_T'0) -> - [ &_8 <- _ret' ] + [ &_9 <- _ret' ] -{inv'1 _ret'.final}- [ &y <- { y with current = _ret'.final } ] s2) - | s2 = [ &x <- _8 ] s3 + | s2 = [ &x <- _9 ] s3 | s3 = {inv'1 c.current} Borrow.borrow_final {c.current} {Borrow.get_id c} (fun (_ret':borrowed t_T'0) -> - [ &_9 <- _ret' ] + [ &_10 <- _ret' ] -{inv'1 _ret'.final}- [ &c <- { c with current = _ret'.final } ] s4) | s4 = {[@expl:type invariant] inv'0 y} s5 | s5 = -{resolve'0 y}- s6 - | s6 = [ &y <- _9 ] s7 + | s6 = [ &y <- _10 ] s7 | s7 = {[@expl:type invariant] inv'0 c} s8 | s8 = -{resolve'0 c}- s9 | s9 = bb1 ] @@ -158,8 +158,8 @@ module M_inferred_invariants__swapper [#"inferred_invariants.rs" 13 0 13 57] [ & x : borrowed t_T'0 = x | & y : borrowed t_T'0 = y | & c : borrowed t_T'0 = any_l () - | & _8 : borrowed t_T'0 = any_l () - | & _9 : borrowed t_T'0 = any_l () ] + | & _9 : borrowed t_T'0 = any_l () + | & _10 : borrowed t_T'0 = any_l () ] [ return' (result:())-> (! return' {result}) ] end module M_inferred_invariants__tuple [#"inferred_invariants.rs" 23 0 23 71] @@ -245,18 +245,18 @@ module M_inferred_invariants__temp_move [#"inferred_invariants.rs" 33 0 33 41] | s1 = {inv'1 c.current} Borrow.borrow_final {c.current} {Borrow.get_id c} (fun (_ret':borrowed t_T'0) -> - [ &_6 <- _ret' ] + [ &_7 <- _ret' ] -{inv'1 _ret'.final}- [ &c <- { c with current = _ret'.final } ] s2) - | s2 = [ &x <- _6 ] s3 + | s2 = [ &x <- _7 ] s3 | s3 = {[@expl:type invariant] inv'0 c} s4 | s4 = -{resolve'0 c}- s5 | s5 = bb1 ] ] ] ] - ) [ & x : borrowed t_T'0 = x | & c : borrowed t_T'0 = any_l () | & _6 : borrowed t_T'0 = any_l () ] + ) [ & x : borrowed t_T'0 = x | & c : borrowed t_T'0 = any_l () | & _7 : borrowed t_T'0 = any_l () ] [ return' (result:())-> (! return' {result}) ] end @@ -407,27 +407,27 @@ module M_inferred_invariants__y [#"inferred_invariants.rs" 41 0 41 26] {[@expl:loop invariant #0] [%#sinferred_invariants3] Seq.length (view'0 old_v) = Seq.length (view'1 v)} {[@expl:loop invariant #1] [%#sinferred_invariants2] UIntSize.to_int i <= 10} (! s0) [ s0 = bb3 ] - [ bb3 = s0 [ s0 = len'0 {v.current} (fun (_ret':usize) -> [ &_11 <- _ret' ] s1) | s1 = bb4 ] + [ bb3 = s0 [ s0 = len'0 {v.current} (fun (_ret':usize) -> [ &_12 <- _ret' ] s1) | s1 = bb4 ] | bb4 = s0 - [ s0 = UIntSize.lt {i} {_11} (fun (_ret':bool) -> [ &_9 <- _ret' ] s1) - | s1 = any [ br0 -> {_9 = false} (! bb7) | br1 -> {_9} (! bb5) ] ] + [ s0 = UIntSize.lt {i} {_12} (fun (_ret':bool) -> [ &_10 <- _ret' ] s1) + | s1 = any [ br0 -> {_10 = false} (! bb7) | br1 -> {_10} (! bb5) ] ] | bb5 = s0 [ s0 = Borrow.borrow_mut {v.current} - (fun (_ret':borrowed (t_Vec'0)) -> [ &_14 <- _ret' ] [ &v <- { v with current = _ret'.final } ] s1) - | s1 = index_mut'0 {_14} {i} (fun (_ret':borrowed int32) -> [ &_13 <- _ret' ] s2) + (fun (_ret':borrowed (t_Vec'0)) -> [ &_15 <- _ret' ] [ &v <- { v with current = _ret'.final } ] s1) + | s1 = index_mut'0 {_15} {i} (fun (_ret':borrowed int32) -> [ &_14 <- _ret' ] s2) | s2 = bb6 ] | bb6 = s0 - [ s0 = [ &_13 <- { _13 with current = ([%#sinferred_invariants4] (0 : int32)) } ] s1 - | s1 = -{resolve'0 _13}- s2 + [ s0 = [ &_14 <- { _14 with current = ([%#sinferred_invariants4] (0 : int32)) } ] s1 + | s1 = -{resolve'0 _14}- s2 | s2 = bb8 ] | bb7 = bb8 | bb8 = s0 [ s0 = UIntSize.add {i} {[%#sinferred_invariants5] (1 : usize)} (fun (_ret':usize) -> [ &i <- _ret' ] s1) - | s1 = UIntSize.gt {i} {[%#sinferred_invariants6] (10 : usize)} (fun (_ret':bool) -> [ &_16 <- _ret' ] s2) - | s2 = any [ br0 -> {_16 = false} (! bb10) | br1 -> {_16} (! bb9) ] ] + | s1 = UIntSize.gt {i} {[%#sinferred_invariants6] (10 : usize)} (fun (_ret':bool) -> [ &_17 <- _ret' ] s2) + | s2 = any [ br0 -> {_17 = false} (! bb10) | br1 -> {_17} (! bb9) ] ] | bb10 = bb2 ] ] @@ -438,11 +438,11 @@ module M_inferred_invariants__y [#"inferred_invariants.rs" 41 0 41 26] | & v : borrowed (t_Vec'0) = v | & old_v : Snapshot.snap_ty (borrowed (t_Vec'0)) = any_l () | & i : usize = any_l () - | & _9 : bool = any_l () - | & _11 : usize = any_l () - | & _13 : borrowed int32 = any_l () - | & _14 : borrowed (t_Vec'0) = any_l () - | & _16 : bool = any_l () + | & _10 : bool = any_l () + | & _12 : usize = any_l () + | & _14 : borrowed int32 = any_l () + | & _15 : borrowed (t_Vec'0) = any_l () + | & _17 : bool = any_l () | & old_2_0 : Snapshot.snap_ty (borrowed (t_Vec'0)) = any_l () ] [ return' (result:())-> (! return' {result}) ] end @@ -491,8 +491,8 @@ module M_inferred_invariants__nested_loops [#"inferred_invariants.rs" 60 0 60 32 {[@expl:loop invariant] [%#sinferred_invariants1] x.current = (0 : int32)} (! s0) [ s0 = bb2 ] [ bb2 = s0 - [ s0 = Int32.gt {i} {[%#sinferred_invariants2] (10 : int32)} (fun (_ret':bool) -> [ &_8 <- _ret' ] s1) - | s1 = any [ br0 -> {_8 = false} (! bb4) | br1 -> {_8} (! bb3) ] ] + [ s0 = Int32.gt {i} {[%#sinferred_invariants2] (10 : int32)} (fun (_ret':bool) -> [ &_9 <- _ret' ] s1) + | s1 = any [ br0 -> {_9 = false} (! bb4) | br1 -> {_9} (! bb3) ] ] | bb4 = s0 [ s0 = Int32.add {i} {[%#sinferred_invariants3] (1 : int32)} (fun (_ret':int32) -> [ &i <- _ret' ] s1) @@ -505,8 +505,8 @@ module M_inferred_invariants__nested_loops [#"inferred_invariants.rs" 60 0 60 32 {[@expl:loop invariant] [%#sinferred_invariants5] x.current = (0 : int32)} (! s0) [ s0 = bb6 ] [ bb6 = s0 - [ s0 = Int32.gt {j} {[%#sinferred_invariants6] (10 : int32)} (fun (_ret':bool) -> [ &_14 <- _ret' ] s1) - | s1 = any [ br0 -> {_14 = false} (! bb8) | br1 -> {_14} (! bb7) ] ] + [ s0 = Int32.gt {j} {[%#sinferred_invariants6] (10 : int32)} (fun (_ret':bool) -> [ &_16 <- _ret' ] s1) + | s1 = any [ br0 -> {_16 = false} (! bb8) | br1 -> {_16} (! bb7) ] ] | bb8 = s0 [ s0 = Int32.add {j} {[%#sinferred_invariants7] (1 : int32)} (fun (_ret':int32) -> [ &j <- _ret' ] s1) @@ -523,9 +523,9 @@ module M_inferred_invariants__nested_loops [#"inferred_invariants.rs" 60 0 60 32 [ & _0 : () = any_l () | & x : borrowed int32 = x | & i : int32 = any_l () - | & _8 : bool = any_l () + | & _9 : bool = any_l () | & j : int32 = any_l () - | & _14 : bool = any_l () + | & _16 : bool = any_l () | & old_5_0 : Snapshot.snap_ty (borrowed int32) = any_l () | & old_1_0 : Snapshot.snap_ty (borrowed int32) = any_l () ] @@ -611,8 +611,8 @@ module M_inferred_invariants__nested_borrows [#"inferred_invariants.rs" 86 0 86 {[@expl:loop invariant] [%#sinferred_invariants1] (x.current).current = (0 : int32)} (! s0) [ s0 = bb2 ] [ bb2 = s0 - [ s0 = Int32.gt {i} {[%#sinferred_invariants2] (10 : int32)} (fun (_ret':bool) -> [ &_11 <- _ret' ] s1) - | s1 = any [ br0 -> {_11 = false} (! bb4) | br1 -> {_11} (! bb3) ] ] + [ s0 = Int32.gt {i} {[%#sinferred_invariants2] (10 : int32)} (fun (_ret':bool) -> [ &_12 <- _ret' ] s1) + | s1 = any [ br0 -> {_12 = false} (! bb4) | br1 -> {_12} (! bb3) ] ] | bb4 = s0 [ s0 = Int32.add {i} {[%#sinferred_invariants3] (1 : int32)} (fun (_ret':int32) -> [ &i <- _ret' ] s1) @@ -623,10 +623,10 @@ module M_inferred_invariants__nested_borrows [#"inferred_invariants.rs" 86 0 86 | bb3 = s0 [ s0 = Borrow.borrow_final {x.current} {Borrow.get_id x} - (fun (_ret':borrowed (borrowed int32)) -> [ &_15 <- _ret' ] [ &x <- { x with current = _ret'.final } ] s1) + (fun (_ret':borrowed (borrowed int32)) -> [ &_16 <- _ret' ] [ &x <- { x with current = _ret'.final } ] s1) | s1 = Borrow.borrow_final {y.current} {Borrow.get_id y} - (fun (_ret':borrowed int32) -> [ &_16 <- _ret' ] [ &y <- { y with current = _ret'.final } ] s2) - | s2 = replace'0 {_15} {_16} (fun (_ret':borrowed int32) -> [ &b <- _ret' ] s3) + (fun (_ret':borrowed int32) -> [ &_17 <- _ret' ] [ &y <- { y with current = _ret'.final } ] s2) + | s2 = replace'0 {_16} {_17} (fun (_ret':borrowed int32) -> [ &b <- _ret' ] s3) | s3 = bb5 ] | bb5 = s0 @@ -642,10 +642,10 @@ module M_inferred_invariants__nested_borrows [#"inferred_invariants.rs" 86 0 86 | & x : borrowed (borrowed int32) = x | & y : borrowed int32 = y | & i : int32 = any_l () - | & _11 : bool = any_l () + | & _12 : bool = any_l () | & b : borrowed int32 = any_l () - | & _15 : borrowed (borrowed int32) = any_l () - | & _16 : borrowed int32 = any_l () + | & _16 : borrowed (borrowed int32) = any_l () + | & _17 : borrowed int32 = any_l () | & old_1_0 : Snapshot.snap_ty (borrowed (borrowed int32)) = any_l () | & old_1_1 : Snapshot.snap_ty (borrowed int32) = any_l () ] diff --git a/creusot/tests/should_succeed/inplace_list_reversal.coma b/creusot/tests/should_succeed/inplace_list_reversal.coma index b2ab8fb09..632a67120 100644 --- a/creusot/tests/should_succeed/inplace_list_reversal.coma +++ b/creusot/tests/should_succeed/inplace_list_reversal.coma @@ -123,16 +123,16 @@ module M_inplace_list_reversal__rev [#"inplace_list_reversal.rs" 24 0 24 30] | s4 = bb2 ] | bb2 = bb3 - | bb3 = bb4 - | bb4 = bb5 - | bb5 = bb6 - | bb6 = bb6 - [ bb6 = {[@expl:loop invariant #0] [%#sinplace_list_reversal3] inv'0 prev} + | bb3 = bb3 + [ bb3 = {[@expl:loop invariant #0] [%#sinplace_list_reversal3] inv'0 prev} {[@expl:loop invariant #1] [%#sinplace_list_reversal2] inv'0 head} {[@expl:loop invariant #2] [%#sinplace_list_reversal1] rev_append'0 head prev = rev_append'0 (Snapshot.inner old_l).current (C_Nil'0)} - (! s0) [ s0 = bb7 ] - [ bb7 = any [ br0 -> {head = C_Nil'0 } (! bb21) | br1 (x0:(t_T'0, t_List'0))-> {head = C_Cons'0 x0} (! bb8) ] + (! s0) [ s0 = bb4 ] + [ bb4 = bb5 + | bb5 = bb6 + | bb6 = bb7 + | bb7 = any [ br0 -> {head = C_Nil'0 } (! bb21) | br1 (x0:(t_T'0, t_List'0))-> {head = C_Cons'0 x0} (! bb8) ] | bb8 = bb9 | bb9 = s0 [ s0 = v_Cons'0 {head} (fun (r0'0:(t_T'0, t_List'0)) -> [ &curr <- r0'0 ] s1) @@ -140,14 +140,14 @@ module M_inplace_list_reversal__rev [#"inplace_list_reversal.rs" 24 0 24 30] | s2 = bb10 ] | bb10 = s0 [ s0 = [ &curr <- let (r'0, _) = curr in (r'0, prev) ] s1 | s1 = bb12 ] - | bb12 = s0 [ s0 = [ &_18 <- C_Cons'0 curr ] s1 | s1 = bb13 ] + | bb12 = s0 [ s0 = [ &_19 <- C_Cons'0 curr ] s1 | s1 = bb13 ] | bb13 = bb14 - | bb14 = s0 [ s0 = [ &prev <- _18 ] s1 | s1 = bb16 ] + | bb14 = s0 [ s0 = [ &prev <- _19 ] s1 | s1 = bb16 ] | bb16 = bb17 | bb17 = s0 [ s0 = [ &head <- next ] s1 | s1 = bb19 ] | bb19 = bb20 | bb20 = bb22 - | bb22 = bb6 ] + | bb22 = bb3 ] ] | bb21 = s0 @@ -187,7 +187,7 @@ module M_inplace_list_reversal__rev [#"inplace_list_reversal.rs" 24 0 24 30] | & _8 : t_List'0 = any_l () | & curr : (t_T'0, t_List'0) = any_l () | & next : t_List'0 = any_l () - | & _18 : t_List'0 = any_l () ] + | & _19 : t_List'0 = any_l () ] [ return' (result:())-> {[@expl:rev ensures] [%#sinplace_list_reversal5] l.final = rev_append'0 l.current (C_Nil'0)} (! return' {result}) ] diff --git a/creusot/tests/should_succeed/insertion_sort.coma b/creusot/tests/should_succeed/insertion_sort.coma index 838de3530..62ef609bb 100644 --- a/creusot/tests/should_succeed/insertion_sort.coma +++ b/creusot/tests/should_succeed/insertion_sort.coma @@ -281,30 +281,30 @@ module M_insertion_sort__insertion_sort [#"insertion_sort.rs" 21 0 21 40] (! s0) [ s0 = bb7 ] [ bb7 = s0 [ s0 = Borrow.borrow_mut {iter} - (fun (_ret':borrowed (t_Range'0)) -> [ &_25 <- _ret' ] [ &iter <- _ret'.final ] s1) - | s1 = Borrow.borrow_final {_25.current} {Borrow.get_id _25} + (fun (_ret':borrowed (t_Range'0)) -> [ &_26 <- _ret' ] [ &iter <- _ret'.final ] s1) + | s1 = Borrow.borrow_final {_26.current} {Borrow.get_id _26} (fun (_ret':borrowed (t_Range'0)) -> - [ &_24 <- _ret' ] - [ &_25 <- { _25 with current = _ret'.final } ] + [ &_25 <- _ret' ] + [ &_26 <- { _26 with current = _ret'.final } ] s2) - | s2 = next'0 {_24} (fun (_ret':t_Option'0) -> [ &_23 <- _ret' ] s3) + | s2 = next'0 {_25} (fun (_ret':t_Option'0) -> [ &_24 <- _ret' ] s3) | s3 = bb8 ] | bb8 = s0 - [ s0 = -{resolve'0 _25}- s1 - | s1 = any [ br0 -> {_23 = C_None'0 } (! bb11) | br1 (x0:usize)-> {_23 = C_Some'0 x0} (! bb10) ] ] + [ s0 = -{resolve'0 _26}- s1 + | s1 = any [ br0 -> {_24 = C_None'0 } (! bb11) | br1 (x0:usize)-> {_24 = C_Some'0 x0} (! bb10) ] ] | bb10 = bb12 | bb12 = s0 - [ s0 = v_Some'0 {_23} (fun (r0'0:usize) -> [ &__creusot_proc_iter_elem <- r0'0 ] s1) + [ s0 = v_Some'0 {_24} (fun (r0'0:usize) -> [ &__creusot_proc_iter_elem <- r0'0 ] s1) | s1 = - [ &_28 <- [%#sinsertion_sort8] Snapshot.new (Seq.(++) (Snapshot.inner produced) (Seq.singleton __creusot_proc_iter_elem)) ] + [ &_29 <- [%#sinsertion_sort8] Snapshot.new (Seq.(++) (Snapshot.inner produced) (Seq.singleton __creusot_proc_iter_elem)) ] s2 | s2 = bb13 ] | bb13 = s0 - [ s0 = [ &produced <- _28 ] s1 + [ s0 = [ &produced <- _29 ] s1 | s1 = [ &i <- __creusot_proc_iter_elem ] s2 | s2 = [ &j <- i ] s3 | s3 = [ &old_14_0 <- Snapshot.new array ] s4 @@ -323,38 +323,38 @@ module M_insertion_sort__insertion_sort [#"insertion_sort.rs" 21 0 21 40] /\ a <= UIntSize.to_int i -> index_logic'0 array.current j < index_logic'1 array.current a} (! s0) [ s0 = bb15 ] [ bb15 = s0 - [ s0 = UIntSize.gt {j} {[%#sinsertion_sort14] (0 : usize)} (fun (_ret':bool) -> [ &_37 <- _ret' ] s1) - | s1 = any [ br0 -> {_37 = false} (! bb22) | br1 -> {_37} (! bb16) ] ] + [ s0 = UIntSize.gt {j} {[%#sinsertion_sort14] (0 : usize)} (fun (_ret':bool) -> [ &_39 <- _ret' ] s1) + | s1 = any [ br0 -> {_39 = false} (! bb22) | br1 -> {_39} (! bb16) ] ] | bb16 = s0 - [ s0 = UIntSize.sub {j} {[%#sinsertion_sort15] (1 : usize)} (fun (_ret':usize) -> [ &_42 <- _ret' ] s1) - | s1 = [ &_44 <- Slice.length array.current ] s2 - | s2 = UIntSize.lt {_42} {_44} (fun (_ret':bool) -> [ &_45 <- _ret' ] s3) - | s3 = {[@expl:index in bounds] [%#sinsertion_sort16] _45} s4 + [ s0 = UIntSize.sub {j} {[%#sinsertion_sort15] (1 : usize)} (fun (_ret':usize) -> [ &_44 <- _ret' ] s1) + | s1 = [ &_46 <- Slice.length array.current ] s2 + | s2 = UIntSize.lt {_44} {_46} (fun (_ret':bool) -> [ &_47 <- _ret' ] s3) + | s3 = {[@expl:index in bounds] [%#sinsertion_sort16] _47} s4 | s4 = bb17 ] | bb17 = s0 - [ s0 = [ &_47 <- j ] s1 - | s1 = [ &_48 <- Slice.length array.current ] s2 - | s2 = UIntSize.lt {_47} {_48} (fun (_ret':bool) -> [ &_49 <- _ret' ] s3) - | s3 = {[@expl:index in bounds] [%#sinsertion_sort17] _49} s4 + [ s0 = [ &_49 <- j ] s1 + | s1 = [ &_50 <- Slice.length array.current ] s2 + | s2 = UIntSize.lt {_49} {_50} (fun (_ret':bool) -> [ &_51 <- _ret' ] s3) + | s3 = {[@expl:index in bounds] [%#sinsertion_sort17] _51} s4 | s4 = bb18 ] | bb18 = s0 - [ s0 = Slice.get {array.current} {_42} + [ s0 = Slice.get {array.current} {_44} (fun (r'0:int32) -> - Slice.get {array.current} {_47} - (fun (r'1:int32) -> Int32.gt {r'0} {r'1} (fun (_ret':bool) -> [ &_40 <- _ret' ] s1))) - | s1 = any [ br0 -> {_40 = false} (! bb21) | br1 -> {_40} (! bb19) ] ] + Slice.get {array.current} {_49} + (fun (r'1:int32) -> Int32.gt {r'0} {r'1} (fun (_ret':bool) -> [ &_42 <- _ret' ] s1))) + | s1 = any [ br0 -> {_42 = false} (! bb21) | br1 -> {_42} (! bb19) ] ] | bb19 = s0 [ s0 = Borrow.borrow_mut {array.current} (fun (_ret':borrowed (slice int32)) -> - [ &_51 <- _ret' ] + [ &_53 <- _ret' ] [ &array <- { array with current = _ret'.final } ] s1) - | s1 = UIntSize.sub {j} {[%#sinsertion_sort18] (1 : usize)} (fun (_ret':usize) -> [ &_52 <- _ret' ] s2) - | s2 = swap'0 {_51} {_52} {j} (fun (_ret':()) -> [ &_50 <- _ret' ] s3) + | s1 = UIntSize.sub {j} {[%#sinsertion_sort18] (1 : usize)} (fun (_ret':usize) -> [ &_54 <- _ret' ] s2) + | s2 = swap'0 {_53} {_54} {j} (fun (_ret':()) -> [ &_52 <- _ret' ] s3) | s3 = bb20 ] | bb20 = s0 @@ -382,24 +382,24 @@ module M_insertion_sort__insertion_sort [#"insertion_sort.rs" 21 0 21 40] | & _10 : t_Range'0 = any_l () | & iter_old : Snapshot.snap_ty (t_Range'0) = any_l () | & produced : Snapshot.snap_ty (Seq.seq usize) = any_l () - | & _23 : t_Option'0 = any_l () - | & _24 : borrowed (t_Range'0) = any_l () + | & _24 : t_Option'0 = any_l () | & _25 : borrowed (t_Range'0) = any_l () + | & _26 : borrowed (t_Range'0) = any_l () | & __creusot_proc_iter_elem : usize = any_l () - | & _28 : Snapshot.snap_ty (Seq.seq usize) = any_l () + | & _29 : Snapshot.snap_ty (Seq.seq usize) = any_l () | & i : usize = any_l () | & j : usize = any_l () - | & _37 : bool = any_l () - | & _40 : bool = any_l () - | & _42 : usize = any_l () + | & _39 : bool = any_l () + | & _42 : bool = any_l () | & _44 : usize = any_l () - | & _45 : bool = any_l () - | & _47 : usize = any_l () - | & _48 : usize = any_l () - | & _49 : bool = any_l () - | & _50 : () = any_l () - | & _51 : borrowed (slice int32) = any_l () - | & _52 : usize = any_l () + | & _46 : usize = any_l () + | & _47 : bool = any_l () + | & _49 : usize = any_l () + | & _50 : usize = any_l () + | & _51 : bool = any_l () + | & _52 : () = any_l () + | & _53 : borrowed (slice int32) = any_l () + | & _54 : usize = any_l () | & old_14_0 : Snapshot.snap_ty (borrowed (slice int32)) = any_l () | & old_6_0 : Snapshot.snap_ty (borrowed (slice int32)) = any_l () ] diff --git a/creusot/tests/should_succeed/invariant_moves.coma b/creusot/tests/should_succeed/invariant_moves.coma index e30f1cdd0..60b72b334 100644 --- a/creusot/tests/should_succeed/invariant_moves.coma +++ b/creusot/tests/should_succeed/invariant_moves.coma @@ -84,24 +84,24 @@ module M_invariant_moves__test_invariant_move [#"invariant_moves.rs" 5 0 5 43] let rec test_invariant_move'0 (x:t_Vec'0) (return' (ret:()))= (! bb0 [ bb0 = bb1 - | bb1 = bb2 - | bb2 = bb2 - [ bb2 = {[@expl:loop invariant] [%#sinvariant_moves0] x = x} - (! s0) [ s0 = bb3 ] - [ bb3 = s0 + | bb1 = bb1 + [ bb1 = {[@expl:loop invariant] [%#sinvariant_moves0] x = x} + (! s0) [ s0 = bb2 ] + [ bb2 = bb3 + | bb3 = s0 [ s0 = Borrow.borrow_mut {x} - (fun (_ret':borrowed (t_Vec'0)) -> [ &_6 <- _ret' ] [ &x <- _ret'.final ] s1) - | s1 = Borrow.borrow_final {_6.current} {Borrow.get_id _6} - (fun (_ret':borrowed (t_Vec'0)) -> [ &_5 <- _ret' ] [ &_6 <- { _6 with current = _ret'.final } ] s2) - | s2 = pop'0 {_5} (fun (_ret':t_Option'0) -> [ &_4 <- _ret' ] s3) + (fun (_ret':borrowed (t_Vec'0)) -> [ &_7 <- _ret' ] [ &x <- _ret'.final ] s1) + | s1 = Borrow.borrow_final {_7.current} {Borrow.get_id _7} + (fun (_ret':borrowed (t_Vec'0)) -> [ &_6 <- _ret' ] [ &_7 <- { _7 with current = _ret'.final } ] s2) + | s2 = pop'0 {_6} (fun (_ret':t_Option'0) -> [ &_5 <- _ret' ] s3) | s3 = bb4 ] | bb4 = s0 - [ s0 = -{resolve'0 _6}- s1 - | s1 = any [ br0 -> {_4 = C_None'0 } (! bb7) | br1 (x0:uint32)-> {_4 = C_Some'0 x0} (! bb5) ] ] + [ s0 = -{resolve'0 _7}- s1 + | s1 = any [ br0 -> {_5 = C_None'0 } (! bb7) | br1 (x0:uint32)-> {_5 = C_Some'0 x0} (! bb5) ] ] | bb5 = bb6 - | bb6 = bb2 ] + | bb6 = bb1 ] ] | bb7 = bb8 @@ -109,8 +109,8 @@ module M_invariant_moves__test_invariant_move [#"invariant_moves.rs" 5 0 5 43] ) [ & _0 : () = any_l () | & x : t_Vec'0 = x - | & _4 : t_Option'0 = any_l () - | & _5 : borrowed (t_Vec'0) = any_l () - | & _6 : borrowed (t_Vec'0) = any_l () ] + | & _5 : t_Option'0 = any_l () + | & _6 : borrowed (t_Vec'0) = any_l () + | & _7 : borrowed (t_Vec'0) = any_l () ] [ return' (result:())-> (! return' {result}) ] end diff --git a/creusot/tests/should_succeed/iterators/01_range.coma b/creusot/tests/should_succeed/iterators/01_range.coma index bf75fb463..b90f6214c 100644 --- a/creusot/tests/should_succeed/iterators/01_range.coma +++ b/creusot/tests/should_succeed/iterators/01_range.coma @@ -316,19 +316,19 @@ module M_01_range__sum_range [#"01_range.rs" 77 0 77 35] (! s0) [ s0 = bb5 ] [ bb5 = s0 [ s0 = Borrow.borrow_mut {it} - (fun (_ret':borrowed (t_Range'0)) -> [ &_18 <- _ret' ] [ &it <- _ret'.final ] s1) - | s1 = next'0 {_18} (fun (_ret':t_Option'0) -> [ &_17 <- _ret' ] s2) + (fun (_ret':borrowed (t_Range'0)) -> [ &_19 <- _ret' ] [ &it <- _ret'.final ] s1) + | s1 = next'0 {_19} (fun (_ret':t_Option'0) -> [ &_18 <- _ret' ] s2) | s2 = bb6 ] - | bb6 = any [ br0 -> {_17 = C_None'0 } (! bb9) | br1 (x0:isize)-> {_17 = C_Some'0 x0} (! bb8) ] + | bb6 = any [ br0 -> {_18 = C_None'0 } (! bb9) | br1 (x0:isize)-> {_18 = C_Some'0 x0} (! bb8) ] | bb8 = bb10 | bb10 = s0 - [ s0 = v_Some'0 {_17} (fun (r0'0:isize) -> [ &x <- r0'0 ] s1) - | s1 = [ &_21 <- [%#s01_range7] Snapshot.new (Seq.(++) (Snapshot.inner produced) (Seq.singleton x)) ] s2 + [ s0 = v_Some'0 {_18} (fun (r0'0:isize) -> [ &x <- r0'0 ] s1) + | s1 = [ &_22 <- [%#s01_range7] Snapshot.new (Seq.(++) (Snapshot.inner produced) (Seq.singleton x)) ] s2 | s2 = bb11 ] | bb11 = s0 - [ s0 = [ &produced <- _21 ] s1 + [ s0 = [ &produced <- _22 ] s1 | s1 = IntSize.add {i} {[%#s01_range8] (1 : isize)} (fun (_ret':isize) -> [ &i <- _ret' ] s2) | s2 = bb4 ] ] @@ -343,10 +343,10 @@ module M_01_range__sum_range [#"01_range.rs" 77 0 77 35] | & _6 : t_Range'0 = any_l () | & iter_old : Snapshot.snap_ty (t_Range'0) = any_l () | & produced : Snapshot.snap_ty (Seq.seq isize) = any_l () - | & _17 : t_Option'0 = any_l () - | & _18 : borrowed (t_Range'0) = any_l () + | & _18 : t_Option'0 = any_l () + | & _19 : borrowed (t_Range'0) = any_l () | & x : isize = any_l () - | & _21 : Snapshot.snap_ty (Seq.seq isize) = any_l () ] + | & _22 : Snapshot.snap_ty (Seq.seq isize) = any_l () ] [ return' (result:isize)-> {[@expl:sum_range ensures] [%#s01_range10] result = n} (! return' {result}) ] end module M_01_range__qyi16572111325853806140__produces_trans__refines [#"01_range.rs" 51 4 51 90] (* *) diff --git a/creusot/tests/should_succeed/iterators/02_iter_mut.coma b/creusot/tests/should_succeed/iterators/02_iter_mut.coma index 61538e73a..c7f54e0dd 100644 --- a/creusot/tests/should_succeed/iterators/02_iter_mut.coma +++ b/creusot/tests/should_succeed/iterators/02_iter_mut.coma @@ -1140,22 +1140,22 @@ module M_02_iter_mut__all_zero [#"02_iter_mut.rs" 88 0 88 35] [ s0 = {inv'0 it} Borrow.borrow_mut {it} (fun (_ret':borrowed (t_IterMut'0)) -> - [ &_16 <- _ret' ] + [ &_17 <- _ret' ] -{inv'0 _ret'.final}- [ &it <- _ret'.final ] s1) - | s1 = next'0 {_16} (fun (_ret':t_Option'0) -> [ &_15 <- _ret' ] s2) + | s1 = next'0 {_17} (fun (_ret':t_Option'0) -> [ &_16 <- _ret' ] s2) | s2 = bb7 ] - | bb7 = any [ br0 -> {_15 = C_None'0 } (! bb10) | br1 (x0:borrowed usize)-> {_15 = C_Some'0 x0} (! bb9) ] + | bb7 = any [ br0 -> {_16 = C_None'0 } (! bb10) | br1 (x0:borrowed usize)-> {_16 = C_Some'0 x0} (! bb9) ] | bb9 = bb11 | bb11 = s0 - [ s0 = v_Some'0 {_15} (fun (r0'0:borrowed usize) -> [ &x <- r0'0 ] s1) - | s1 = [ &_19 <- [%#s02_iter_mut5] Snapshot.new (Seq.(++) (Snapshot.inner produced) (Seq.singleton x)) ] s2 + [ s0 = v_Some'0 {_16} (fun (r0'0:borrowed usize) -> [ &x <- r0'0 ] s1) + | s1 = [ &_20 <- [%#s02_iter_mut5] Snapshot.new (Seq.(++) (Snapshot.inner produced) (Seq.singleton x)) ] s2 | s2 = bb12 ] | bb12 = s0 - [ s0 = [ &produced <- _19 ] s1 + [ s0 = [ &produced <- _20 ] s1 | s1 = [ &x <- { x with current = ([%#s02_iter_mut6] (0 : usize)) } ] s2 | s2 = -{resolve'0 x}- s3 | s3 = bb5 ] @@ -1171,10 +1171,10 @@ module M_02_iter_mut__all_zero [#"02_iter_mut.rs" 88 0 88 35] | & _6 : borrowed (t_Vec'0) = any_l () | & iter_old : Snapshot.snap_ty (t_IterMut'0) = any_l () | & produced : Snapshot.snap_ty (Seq.seq (borrowed usize)) = any_l () - | & _15 : t_Option'0 = any_l () - | & _16 : borrowed (t_IterMut'0) = any_l () + | & _16 : t_Option'0 = any_l () + | & _17 : borrowed (t_IterMut'0) = any_l () | & x : borrowed usize = any_l () - | & _19 : Snapshot.snap_ty (Seq.seq (borrowed usize)) = any_l () ] + | & _20 : Snapshot.snap_ty (Seq.seq (borrowed usize)) = any_l () ] [ return' (result:())-> {[@expl:all_zero ensures #0] [%#s02_iter_mut7] Seq.length (view'0 v.final) = Seq.length (view'1 v)} diff --git a/creusot/tests/should_succeed/iterators/03_std_iterators.coma b/creusot/tests/should_succeed/iterators/03_std_iterators.coma index 0bc07d0f3..370fc7297 100644 --- a/creusot/tests/should_succeed/iterators/03_std_iterators.coma +++ b/creusot/tests/should_succeed/iterators/03_std_iterators.coma @@ -265,27 +265,27 @@ module M_03_std_iterators__slice_iter [#"03_std_iterators.rs" 6 0 6 42] (! s0) [ s0 = bb6 ] [ bb6 = s0 [ s0 = Borrow.borrow_mut {iter} - (fun (_ret':borrowed (t_Iter'0)) -> [ &_20 <- _ret' ] [ &iter <- _ret'.final ] s1) - | s1 = Borrow.borrow_final {_20.current} {Borrow.get_id _20} - (fun (_ret':borrowed (t_Iter'0)) -> [ &_19 <- _ret' ] [ &_20 <- { _20 with current = _ret'.final } ] s2) - | s2 = next'0 {_19} (fun (_ret':t_Option'0) -> [ &_18 <- _ret' ] s3) + (fun (_ret':borrowed (t_Iter'0)) -> [ &_21 <- _ret' ] [ &iter <- _ret'.final ] s1) + | s1 = Borrow.borrow_final {_21.current} {Borrow.get_id _21} + (fun (_ret':borrowed (t_Iter'0)) -> [ &_20 <- _ret' ] [ &_21 <- { _21 with current = _ret'.final } ] s2) + | s2 = next'0 {_20} (fun (_ret':t_Option'0) -> [ &_19 <- _ret' ] s3) | s3 = bb7 ] | bb7 = s0 - [ s0 = -{resolve'0 _20}- s1 - | s1 = any [ br0 -> {_18 = C_None'0 } (! bb10) | br1 (x0:t_T'0)-> {_18 = C_Some'0 x0} (! bb9) ] ] + [ s0 = -{resolve'0 _21}- s1 + | s1 = any [ br0 -> {_19 = C_None'0 } (! bb10) | br1 (x0:t_T'0)-> {_19 = C_Some'0 x0} (! bb9) ] ] | bb9 = bb11 | bb11 = s0 - [ s0 = v_Some'0 {_18} (fun (r0'0:t_T'0) -> [ &__creusot_proc_iter_elem <- r0'0 ] s1) + [ s0 = v_Some'0 {_19} (fun (r0'0:t_T'0) -> [ &__creusot_proc_iter_elem <- r0'0 ] s1) | s1 = - [ &_23 <- [%#s03_std_iterators5] Snapshot.new (Seq.(++) (Snapshot.inner produced) (Seq.singleton __creusot_proc_iter_elem)) ] + [ &_24 <- [%#s03_std_iterators5] Snapshot.new (Seq.(++) (Snapshot.inner produced) (Seq.singleton __creusot_proc_iter_elem)) ] s2 | s2 = bb12 ] | bb12 = s0 - [ s0 = [ &produced <- _23 ] s1 + [ s0 = [ &produced <- _24 ] s1 | s1 = UIntSize.add {i} {[%#s03_std_iterators6] (1 : usize)} (fun (_ret':usize) -> [ &i <- _ret' ] s2) | s2 = bb5 ] ] @@ -300,11 +300,11 @@ module M_03_std_iterators__slice_iter [#"03_std_iterators.rs" 6 0 6 42] | & _7 : t_Iter'0 = any_l () | & iter_old : Snapshot.snap_ty (t_Iter'0) = any_l () | & produced : Snapshot.snap_ty (Seq.seq t_T'0) = any_l () - | & _18 : t_Option'0 = any_l () - | & _19 : borrowed (t_Iter'0) = any_l () + | & _19 : t_Option'0 = any_l () | & _20 : borrowed (t_Iter'0) = any_l () + | & _21 : borrowed (t_Iter'0) = any_l () | & __creusot_proc_iter_elem : t_T'0 = any_l () - | & _23 : Snapshot.snap_ty (Seq.seq t_T'0) = any_l () ] + | & _24 : Snapshot.snap_ty (Seq.seq t_T'0) = any_l () ] [ return' (result:usize)-> {[@expl:slice_iter ensures] [%#s03_std_iterators9] UIntSize.to_int result = Seq.length (view'0 slice)} @@ -593,27 +593,27 @@ module M_03_std_iterators__vec_iter [#"03_std_iterators.rs" 17 0 17 41] (! s0) [ s0 = bb5 ] [ bb5 = s0 [ s0 = Borrow.borrow_mut {iter} - (fun (_ret':borrowed (t_Iter'0)) -> [ &_19 <- _ret' ] [ &iter <- _ret'.final ] s1) - | s1 = Borrow.borrow_final {_19.current} {Borrow.get_id _19} - (fun (_ret':borrowed (t_Iter'0)) -> [ &_18 <- _ret' ] [ &_19 <- { _19 with current = _ret'.final } ] s2) - | s2 = next'0 {_18} (fun (_ret':t_Option'0) -> [ &_17 <- _ret' ] s3) + (fun (_ret':borrowed (t_Iter'0)) -> [ &_20 <- _ret' ] [ &iter <- _ret'.final ] s1) + | s1 = Borrow.borrow_final {_20.current} {Borrow.get_id _20} + (fun (_ret':borrowed (t_Iter'0)) -> [ &_19 <- _ret' ] [ &_20 <- { _20 with current = _ret'.final } ] s2) + | s2 = next'0 {_19} (fun (_ret':t_Option'0) -> [ &_18 <- _ret' ] s3) | s3 = bb6 ] | bb6 = s0 - [ s0 = -{resolve'0 _19}- s1 - | s1 = any [ br0 -> {_17 = C_None'0 } (! bb9) | br1 (x0:t_T'0)-> {_17 = C_Some'0 x0} (! bb8) ] ] + [ s0 = -{resolve'0 _20}- s1 + | s1 = any [ br0 -> {_18 = C_None'0 } (! bb9) | br1 (x0:t_T'0)-> {_18 = C_Some'0 x0} (! bb8) ] ] | bb8 = bb10 | bb10 = s0 - [ s0 = v_Some'0 {_17} (fun (r0'0:t_T'0) -> [ &__creusot_proc_iter_elem <- r0'0 ] s1) + [ s0 = v_Some'0 {_18} (fun (r0'0:t_T'0) -> [ &__creusot_proc_iter_elem <- r0'0 ] s1) | s1 = - [ &_22 <- [%#s03_std_iterators5] Snapshot.new (Seq.(++) (Snapshot.inner produced) (Seq.singleton __creusot_proc_iter_elem)) ] + [ &_23 <- [%#s03_std_iterators5] Snapshot.new (Seq.(++) (Snapshot.inner produced) (Seq.singleton __creusot_proc_iter_elem)) ] s2 | s2 = bb11 ] | bb11 = s0 - [ s0 = [ &produced <- _22 ] s1 + [ s0 = [ &produced <- _23 ] s1 | s1 = UIntSize.add {i} {[%#s03_std_iterators6] (1 : usize)} (fun (_ret':usize) -> [ &i <- _ret' ] s2) | s2 = bb4 ] ] @@ -627,11 +627,11 @@ module M_03_std_iterators__vec_iter [#"03_std_iterators.rs" 17 0 17 41] | & iter : t_Iter'0 = any_l () | & iter_old : Snapshot.snap_ty (t_Iter'0) = any_l () | & produced : Snapshot.snap_ty (Seq.seq t_T'0) = any_l () - | & _17 : t_Option'0 = any_l () - | & _18 : borrowed (t_Iter'0) = any_l () + | & _18 : t_Option'0 = any_l () | & _19 : borrowed (t_Iter'0) = any_l () + | & _20 : borrowed (t_Iter'0) = any_l () | & __creusot_proc_iter_elem : t_T'0 = any_l () - | & _22 : Snapshot.snap_ty (Seq.seq t_T'0) = any_l () ] + | & _23 : Snapshot.snap_ty (Seq.seq t_T'0) = any_l () ] [ return' (result:usize)-> {[@expl:vec_iter ensures] [%#s03_std_iterators9] UIntSize.to_int result = Seq.length (view'0 vec)} @@ -941,30 +941,30 @@ module M_03_std_iterators__all_zero [#"03_std_iterators.rs" 28 0 28 35] (! s0) [ s0 = bb7 ] [ bb7 = s0 [ s0 = Borrow.borrow_mut {iter} - (fun (_ret':borrowed (t_IterMut'0)) -> [ &_20 <- _ret' ] [ &iter <- _ret'.final ] s1) - | s1 = Borrow.borrow_final {_20.current} {Borrow.get_id _20} + (fun (_ret':borrowed (t_IterMut'0)) -> [ &_21 <- _ret' ] [ &iter <- _ret'.final ] s1) + | s1 = Borrow.borrow_final {_21.current} {Borrow.get_id _21} (fun (_ret':borrowed (t_IterMut'0)) -> - [ &_19 <- _ret' ] - [ &_20 <- { _20 with current = _ret'.final } ] + [ &_20 <- _ret' ] + [ &_21 <- { _21 with current = _ret'.final } ] s2) - | s2 = next'0 {_19} (fun (_ret':t_Option'0) -> [ &_18 <- _ret' ] s3) + | s2 = next'0 {_20} (fun (_ret':t_Option'0) -> [ &_19 <- _ret' ] s3) | s3 = bb8 ] | bb8 = s0 - [ s0 = -{resolve'1 _20}- s1 - | s1 = any [ br0 -> {_18 = C_None'0 } (! bb11) | br1 (x0:borrowed usize)-> {_18 = C_Some'0 x0} (! bb10) ] ] + [ s0 = -{resolve'1 _21}- s1 + | s1 = any [ br0 -> {_19 = C_None'0 } (! bb11) | br1 (x0:borrowed usize)-> {_19 = C_Some'0 x0} (! bb10) ] ] | bb10 = bb12 | bb12 = s0 - [ s0 = v_Some'0 {_18} (fun (r0'0:borrowed usize) -> [ &__creusot_proc_iter_elem <- r0'0 ] s1) + [ s0 = v_Some'0 {_19} (fun (r0'0:borrowed usize) -> [ &__creusot_proc_iter_elem <- r0'0 ] s1) | s1 = - [ &_23 <- [%#s03_std_iterators4] Snapshot.new (Seq.(++) (Snapshot.inner produced) (Seq.singleton __creusot_proc_iter_elem)) ] + [ &_24 <- [%#s03_std_iterators4] Snapshot.new (Seq.(++) (Snapshot.inner produced) (Seq.singleton __creusot_proc_iter_elem)) ] s2 | s2 = bb13 ] | bb13 = s0 - [ s0 = [ &produced <- _23 ] s1 + [ s0 = [ &produced <- _24 ] s1 | s1 = [ &x <- __creusot_proc_iter_elem ] s2 | s2 = [ &x <- { x with current = ([%#s03_std_iterators5] (0 : usize)) } ] s3 | s3 = -{resolve'2 x}- s4 @@ -983,11 +983,11 @@ module M_03_std_iterators__all_zero [#"03_std_iterators.rs" 28 0 28 35] | & _8 : borrowed (t_Vec'0) = any_l () | & iter_old : Snapshot.snap_ty (t_IterMut'0) = any_l () | & produced : Snapshot.snap_ty (Seq.seq (borrowed usize)) = any_l () - | & _18 : t_Option'0 = any_l () - | & _19 : borrowed (t_IterMut'0) = any_l () + | & _19 : t_Option'0 = any_l () | & _20 : borrowed (t_IterMut'0) = any_l () + | & _21 : borrowed (t_IterMut'0) = any_l () | & __creusot_proc_iter_elem : borrowed usize = any_l () - | & _23 : Snapshot.snap_ty (Seq.seq (borrowed usize)) = any_l () + | & _24 : Snapshot.snap_ty (Seq.seq (borrowed usize)) = any_l () | & x : borrowed usize = any_l () ] [ return' (result:())-> {[@expl:all_zero ensures #0] [%#s03_std_iterators6] Seq.length (view'0 v.final) @@ -1993,30 +1993,30 @@ module M_03_std_iterators__sum_range [#"03_std_iterators.rs" 63 0 63 35] (! s0) [ s0 = bb5 ] [ bb5 = s0 [ s0 = Borrow.borrow_mut {iter} - (fun (_ret':borrowed (t_Range'0)) -> [ &_20 <- _ret' ] [ &iter <- _ret'.final ] s1) - | s1 = Borrow.borrow_final {_20.current} {Borrow.get_id _20} + (fun (_ret':borrowed (t_Range'0)) -> [ &_21 <- _ret' ] [ &iter <- _ret'.final ] s1) + | s1 = Borrow.borrow_final {_21.current} {Borrow.get_id _21} (fun (_ret':borrowed (t_Range'0)) -> - [ &_19 <- _ret' ] - [ &_20 <- { _20 with current = _ret'.final } ] + [ &_20 <- _ret' ] + [ &_21 <- { _21 with current = _ret'.final } ] s2) - | s2 = next'0 {_19} (fun (_ret':t_Option'0) -> [ &_18 <- _ret' ] s3) + | s2 = next'0 {_20} (fun (_ret':t_Option'0) -> [ &_19 <- _ret' ] s3) | s3 = bb6 ] | bb6 = s0 - [ s0 = -{resolve'0 _20}- s1 - | s1 = any [ br0 -> {_18 = C_None'0 } (! bb9) | br1 (x0:isize)-> {_18 = C_Some'0 x0} (! bb8) ] ] + [ s0 = -{resolve'0 _21}- s1 + | s1 = any [ br0 -> {_19 = C_None'0 } (! bb9) | br1 (x0:isize)-> {_19 = C_Some'0 x0} (! bb8) ] ] | bb8 = bb10 | bb10 = s0 - [ s0 = v_Some'0 {_18} (fun (r0'0:isize) -> [ &__creusot_proc_iter_elem <- r0'0 ] s1) + [ s0 = v_Some'0 {_19} (fun (r0'0:isize) -> [ &__creusot_proc_iter_elem <- r0'0 ] s1) | s1 = - [ &_23 <- [%#s03_std_iterators6] Snapshot.new (Seq.(++) (Snapshot.inner produced) (Seq.singleton __creusot_proc_iter_elem)) ] + [ &_24 <- [%#s03_std_iterators6] Snapshot.new (Seq.(++) (Snapshot.inner produced) (Seq.singleton __creusot_proc_iter_elem)) ] s2 | s2 = bb11 ] | bb11 = s0 - [ s0 = [ &produced <- _23 ] s1 + [ s0 = [ &produced <- _24 ] s1 | s1 = IntSize.add {i} {[%#s03_std_iterators7] (1 : isize)} (fun (_ret':isize) -> [ &i <- _ret' ] s2) | s2 = bb4 ] ] @@ -2031,11 +2031,11 @@ module M_03_std_iterators__sum_range [#"03_std_iterators.rs" 63 0 63 35] | & _7 : t_Range'0 = any_l () | & iter_old : Snapshot.snap_ty (t_Range'0) = any_l () | & produced : Snapshot.snap_ty (Seq.seq isize) = any_l () - | & _18 : t_Option'0 = any_l () - | & _19 : borrowed (t_Range'0) = any_l () + | & _19 : t_Option'0 = any_l () | & _20 : borrowed (t_Range'0) = any_l () + | & _21 : borrowed (t_Range'0) = any_l () | & __creusot_proc_iter_elem : isize = any_l () - | & _23 : Snapshot.snap_ty (Seq.seq isize) = any_l () ] + | & _24 : Snapshot.snap_ty (Seq.seq isize) = any_l () ] [ return' (result:isize)-> {[@expl:sum_range ensures] [%#s03_std_iterators9] result = n} (! return' {result}) ] end module M_03_std_iterators__enumerate_range [#"03_std_iterators.rs" 72 0 72 24] @@ -2320,36 +2320,36 @@ module M_03_std_iterators__enumerate_range [#"03_std_iterators.rs" 72 0 72 24] [ s0 = {inv'0 iter} Borrow.borrow_mut {iter} (fun (_ret':borrowed (t_Enumerate'0)) -> - [ &_15 <- _ret' ] + [ &_16 <- _ret' ] -{inv'0 _ret'.final}- [ &iter <- _ret'.final ] s1) - | s1 = {inv'0 _15.current} - Borrow.borrow_final {_15.current} {Borrow.get_id _15} + | s1 = {inv'0 _16.current} + Borrow.borrow_final {_16.current} {Borrow.get_id _16} (fun (_ret':borrowed (t_Enumerate'0)) -> - [ &_14 <- _ret' ] + [ &_15 <- _ret' ] -{inv'0 _ret'.final}- - [ &_15 <- { _15 with current = _ret'.final } ] + [ &_16 <- { _16 with current = _ret'.final } ] s2) - | s2 = next'0 {_14} (fun (_ret':t_Option'0) -> [ &_13 <- _ret' ] s3) + | s2 = next'0 {_15} (fun (_ret':t_Option'0) -> [ &_14 <- _ret' ] s3) | s3 = bb7 ] | bb7 = s0 - [ s0 = {[@expl:type invariant] inv'2 _15} s1 - | s1 = -{resolve'0 _15}- s2 - | s2 = any [ br0 -> {_13 = C_None'0 } (! bb10) | br1 (x0:(usize, usize))-> {_13 = C_Some'0 x0} (! bb9) ] ] + [ s0 = {[@expl:type invariant] inv'2 _16} s1 + | s1 = -{resolve'0 _16}- s2 + | s2 = any [ br0 -> {_14 = C_None'0 } (! bb10) | br1 (x0:(usize, usize))-> {_14 = C_Some'0 x0} (! bb9) ] ] | bb9 = bb11 | bb11 = s0 - [ s0 = v_Some'0 {_13} (fun (r0'0:(usize, usize)) -> [ &__creusot_proc_iter_elem <- r0'0 ] s1) + [ s0 = v_Some'0 {_14} (fun (r0'0:(usize, usize)) -> [ &__creusot_proc_iter_elem <- r0'0 ] s1) | s1 = - [ &_18 <- [%#s03_std_iterators6] Snapshot.new (Seq.(++) (Snapshot.inner produced) (Seq.singleton __creusot_proc_iter_elem)) ] + [ &_19 <- [%#s03_std_iterators6] Snapshot.new (Seq.(++) (Snapshot.inner produced) (Seq.singleton __creusot_proc_iter_elem)) ] s2 | s2 = bb12 ] | bb12 = s0 - [ s0 = [ &produced <- _18 ] s1 + [ s0 = [ &produced <- _19 ] s1 | s1 = [ &ix <- let (r'0, _) = __creusot_proc_iter_elem in r'0 ] s2 | s2 = [ &x <- let (_, r'1) = __creusot_proc_iter_elem in r'1 ] s3 | s3 = bb5 ] @@ -2364,11 +2364,11 @@ module M_03_std_iterators__enumerate_range [#"03_std_iterators.rs" 72 0 72 24] | & _3 : t_Range'0 = any_l () | & iter_old : Snapshot.snap_ty (t_Enumerate'0) = any_l () | & produced : Snapshot.snap_ty (Seq.seq (usize, usize)) = any_l () - | & _13 : t_Option'0 = any_l () - | & _14 : borrowed (t_Enumerate'0) = any_l () + | & _14 : t_Option'0 = any_l () | & _15 : borrowed (t_Enumerate'0) = any_l () + | & _16 : borrowed (t_Enumerate'0) = any_l () | & __creusot_proc_iter_elem : (usize, usize) = any_l () - | & _18 : Snapshot.snap_ty (Seq.seq (usize, usize)) = any_l () + | & _19 : Snapshot.snap_ty (Seq.seq (usize, usize)) = any_l () | & ix : usize = any_l () | & x : usize = any_l () ] [ return' (result:())-> (! return' {result}) ] @@ -2823,39 +2823,39 @@ module M_03_std_iterators__my_reverse [#"03_std_iterators.rs" 94 0 94 37] (! s0) [ s0 = bb10 ] [ bb10 = s0 [ s0 = Borrow.borrow_mut {iter} - (fun (_ret':borrowed (t_Zip'0)) -> [ &_31 <- _ret' ] [ &iter <- _ret'.final ] s1) - | s1 = Borrow.borrow_final {_31.current} {Borrow.get_id _31} - (fun (_ret':borrowed (t_Zip'0)) -> [ &_30 <- _ret' ] [ &_31 <- { _31 with current = _ret'.final } ] s2) - | s2 = next'0 {_30} (fun (_ret':t_Option'0) -> [ &_29 <- _ret' ] s3) + (fun (_ret':borrowed (t_Zip'0)) -> [ &_32 <- _ret' ] [ &iter <- _ret'.final ] s1) + | s1 = Borrow.borrow_final {_32.current} {Borrow.get_id _32} + (fun (_ret':borrowed (t_Zip'0)) -> [ &_31 <- _ret' ] [ &_32 <- { _32 with current = _ret'.final } ] s2) + | s2 = next'0 {_31} (fun (_ret':t_Option'0) -> [ &_30 <- _ret' ] s3) | s3 = bb11 ] | bb11 = s0 - [ s0 = -{resolve'0 _31}- s1 - | s1 = any [ br0 -> {_29 = C_None'0 } (! bb14) | br1 (x0:(usize, usize))-> {_29 = C_Some'0 x0} (! bb13) ] ] + [ s0 = -{resolve'0 _32}- s1 + | s1 = any [ br0 -> {_30 = C_None'0 } (! bb14) | br1 (x0:(usize, usize))-> {_30 = C_Some'0 x0} (! bb13) ] ] | bb13 = bb15 | bb15 = s0 - [ s0 = v_Some'0 {_29} (fun (r0'0:(usize, usize)) -> [ &__creusot_proc_iter_elem <- r0'0 ] s1) + [ s0 = v_Some'0 {_30} (fun (r0'0:(usize, usize)) -> [ &__creusot_proc_iter_elem <- r0'0 ] s1) | s1 = - [ &_34 <- [%#s03_std_iterators14] Snapshot.new (Seq.(++) (Snapshot.inner produced) (Seq.singleton __creusot_proc_iter_elem)) ] + [ &_35 <- [%#s03_std_iterators14] Snapshot.new (Seq.(++) (Snapshot.inner produced) (Seq.singleton __creusot_proc_iter_elem)) ] s2 | s2 = bb16 ] | bb16 = s0 - [ s0 = [ &produced <- _34 ] s1 + [ s0 = [ &produced <- _35 ] s1 | s1 = [ &i <- let (r'0, _) = __creusot_proc_iter_elem in r'0 ] s2 | s2 = [ &j <- let (_, r'1) = __creusot_proc_iter_elem in r'1 ] s3 | s3 = {inv'2 slice.current} Borrow.borrow_mut {slice.current} (fun (_ret':borrowed (slice t_T'0)) -> - [ &_39 <- _ret' ] + [ &_40 <- _ret' ] -{inv'2 _ret'.final}- [ &slice <- { slice with current = _ret'.final } ] s4) - | s4 = UIntSize.sub {n} {j} (fun (_ret':usize) -> [ &_42 <- _ret' ] s5) - | s5 = UIntSize.sub {_42} {[%#s03_std_iterators15] (1 : usize)} (fun (_ret':usize) -> [ &_41 <- _ret' ] s6) - | s6 = swap'0 {_39} {i} {_41} (fun (_ret':()) -> [ &_38 <- _ret' ] s7) + | s4 = UIntSize.sub {n} {j} (fun (_ret':usize) -> [ &_43 <- _ret' ] s5) + | s5 = UIntSize.sub {_43} {[%#s03_std_iterators15] (1 : usize)} (fun (_ret':usize) -> [ &_42 <- _ret' ] s6) + | s6 = swap'0 {_40} {i} {_42} (fun (_ret':()) -> [ &_39 <- _ret' ] s7) | s7 = bb17 ] | bb17 = s0 @@ -2884,17 +2884,17 @@ module M_03_std_iterators__my_reverse [#"03_std_iterators.rs" 94 0 94 37] | & _16 : bool = any_l () | & iter_old : Snapshot.snap_ty (t_Zip'0) = any_l () | & produced : Snapshot.snap_ty (Seq.seq (usize, usize)) = any_l () - | & _29 : t_Option'0 = any_l () - | & _30 : borrowed (t_Zip'0) = any_l () + | & _30 : t_Option'0 = any_l () | & _31 : borrowed (t_Zip'0) = any_l () + | & _32 : borrowed (t_Zip'0) = any_l () | & __creusot_proc_iter_elem : (usize, usize) = any_l () - | & _34 : Snapshot.snap_ty (Seq.seq (usize, usize)) = any_l () + | & _35 : Snapshot.snap_ty (Seq.seq (usize, usize)) = any_l () | & i : usize = any_l () | & j : usize = any_l () - | & _38 : () = any_l () - | & _39 : borrowed (slice t_T'0) = any_l () - | & _41 : usize = any_l () + | & _39 : () = any_l () + | & _40 : borrowed (slice t_T'0) = any_l () | & _42 : usize = any_l () + | & _43 : usize = any_l () | & old_9_0 : Snapshot.snap_ty (borrowed (slice t_T'0)) = any_l () ] [ return' (result:())-> {[@expl:my_reverse ensures] [%#s03_std_iterators18] Seq.(==) (view'2 slice.final) (Reverse.reverse (view'0 slice))} diff --git a/creusot/tests/should_succeed/iterators/04_skip.coma b/creusot/tests/should_succeed/iterators/04_skip.coma index 635d71006..acadf0421 100644 --- a/creusot/tests/should_succeed/iterators/04_skip.coma +++ b/creusot/tests/should_succeed/iterators/04_skip.coma @@ -474,16 +474,16 @@ module M_04_skip__qyi17349041008065389927__next [#"04_skip.rs" 67 4 67 41] (* {(self.current).t_Skip__iter'0} (fun (_ret':borrowed t_I'0) -> - [ &_19 <- _ret' ] + [ &_20 <- _ret' ] -{inv'2 _ret'.final}- [ &self <- { self with current = { self.current with t_Skip__iter'0 = _ret'.final } } ] s1) - | s1 = next'1 {_19} (fun (_ret':t_Option'0) -> [ &r <- _ret' ] s2) + | s1 = next'1 {_20} (fun (_ret':t_Option'0) -> [ &r <- _ret' ] s2) | s2 = bb6 ] | bb6 = s0 - [ s0 = UIntSize.eq {n} {[%#s04_skip8] (0 : usize)} (fun (_ret':bool) -> [ &_21 <- _ret' ] s1) - | s1 = any [ br0 -> {_21 = false} (! bb8) | br1 -> {_21} (! bb7) ] ] + [ s0 = UIntSize.eq {n} {[%#s04_skip8] (0 : usize)} (fun (_ret':bool) -> [ &_22 <- _ret' ] s1) + | s1 = any [ br0 -> {_22 = false} (! bb8) | br1 -> {_22} (! bb7) ] ] | bb8 = any [ br0 -> {r = C_None'0 } (! bb9) | br1 (x0:t_Item'0)-> {r = C_Some'0 x0} (! bb10) ] | bb10 = bb11 @@ -491,11 +491,11 @@ module M_04_skip__qyi17349041008065389927__next [#"04_skip.rs" 67 4 67 41] (* [ &x <- r0'0 ] s1) | s1 = {[@expl:type invariant] inv'3 x} s2 | s2 = -{resolve'1 x}- s3 - | s3 = [ &_26 <- [%#s04_skip9] Snapshot.new (Seq.(++) (Snapshot.inner skipped) (Seq.singleton x)) ] s4 + | s3 = [ &_27 <- [%#s04_skip9] Snapshot.new (Seq.(++) (Snapshot.inner skipped) (Seq.singleton x)) ] s4 | s4 = bb12 ] | bb12 = s0 - [ s0 = [ &skipped <- _26 ] s1 + [ s0 = [ &skipped <- _27 ] s1 | s1 = UIntSize.sub {n} {[%#s04_skip10] (1 : usize)} (fun (_ret':usize) -> [ &n <- _ret' ] s2) | s2 = bb13 ] @@ -520,10 +520,10 @@ module M_04_skip__qyi17349041008065389927__next [#"04_skip.rs" 67 4 67 41] (* {[@expl:next result type invariant] [%#s04_skip12] inv'4 result} diff --git a/creusot/tests/should_succeed/iterators/08_collect_extend.coma b/creusot/tests/should_succeed/iterators/08_collect_extend.coma index 78fac0583..25641f79c 100644 --- a/creusot/tests/should_succeed/iterators/08_collect_extend.coma +++ b/creusot/tests/should_succeed/iterators/08_collect_extend.coma @@ -237,62 +237,62 @@ module M_08_collect_extend__extend [#"08_collect_extend.rs" 27 0 27 66] | bb4 = s0 [ s0 = [ &produced <- [%#s08_collect_extend2] Snapshot.new (Seq.empty : Seq.seq t_T'0) ] s1 | s1 = bb5 ] - | bb5 = bb6 - | bb6 = bb7 - | bb7 = s0 [ s0 = [ &old_8_0 <- Snapshot.new vec ] s1 | s1 = bb8 ] - | bb8 = bb8 - [ bb8 = {[@expl:mut invariant] (Snapshot.inner old_8_0).final = vec.final} + | bb5 = s0 [ s0 = [ &old_6_0 <- Snapshot.new vec ] s1 | s1 = bb6 ] + | bb6 = bb6 + [ bb6 = {[@expl:mut invariant] (Snapshot.inner old_6_0).final = vec.final} {[@expl:for invariant] [%#s08_collect_extend5] inv'2 (Snapshot.inner produced)} {[@expl:for invariant] [%#s08_collect_extend5] inv'1 iter1} {[@expl:for invariant] [%#s08_collect_extend5] produces'0 (Snapshot.inner iter_old) (Snapshot.inner produced) iter1} {[@expl:loop invariant #0] [%#s08_collect_extend4] inv'0 vec} {[@expl:loop invariant #1] [%#s08_collect_extend3] Seq.(==) (view'0 vec) (Seq.(++) (view'1 old_vec) (Snapshot.inner produced))} - (! s0) [ s0 = bb9 ] - [ bb9 = s0 + (! s0) [ s0 = bb7 ] + [ bb7 = bb8 + | bb8 = bb9 + | bb9 = s0 [ s0 = {inv'1 iter1} Borrow.borrow_mut {iter1} - (fun (_ret':borrowed t_I'0) -> [ &_20 <- _ret' ] -{inv'1 _ret'.final}- [ &iter1 <- _ret'.final ] s1) - | s1 = {inv'1 _20.current} - Borrow.borrow_final {_20.current} {Borrow.get_id _20} + (fun (_ret':borrowed t_I'0) -> [ &_21 <- _ret' ] -{inv'1 _ret'.final}- [ &iter1 <- _ret'.final ] s1) + | s1 = {inv'1 _21.current} + Borrow.borrow_final {_21.current} {Borrow.get_id _21} (fun (_ret':borrowed t_I'0) -> - [ &_19 <- _ret' ] + [ &_20 <- _ret' ] -{inv'1 _ret'.final}- - [ &_20 <- { _20 with current = _ret'.final } ] + [ &_21 <- { _21 with current = _ret'.final } ] s2) - | s2 = next'0 {_19} (fun (_ret':t_Option'0) -> [ &_18 <- _ret' ] s3) + | s2 = next'0 {_20} (fun (_ret':t_Option'0) -> [ &_19 <- _ret' ] s3) | s3 = bb10 ] | bb10 = s0 - [ s0 = {[@expl:type invariant] inv'3 _20} s1 - | s1 = -{resolve'0 _20}- s2 - | s2 = any [ br0 -> {_18 = C_None'0 } (! bb13) | br1 (x0:t_T'0)-> {_18 = C_Some'0 x0} (! bb12) ] ] + [ s0 = {[@expl:type invariant] inv'3 _21} s1 + | s1 = -{resolve'0 _21}- s2 + | s2 = any [ br0 -> {_19 = C_None'0 } (! bb13) | br1 (x0:t_T'0)-> {_19 = C_Some'0 x0} (! bb12) ] ] | bb12 = bb14 | bb14 = s0 - [ s0 = v_Some'0 {_18} (fun (r0'0:t_T'0) -> [ &__creusot_proc_iter_elem <- r0'0 ] s1) + [ s0 = v_Some'0 {_19} (fun (r0'0:t_T'0) -> [ &__creusot_proc_iter_elem <- r0'0 ] s1) | s1 = - [ &_23 <- [%#s08_collect_extend6] Snapshot.new (Seq.(++) (Snapshot.inner produced) (Seq.singleton __creusot_proc_iter_elem)) ] + [ &_24 <- [%#s08_collect_extend6] Snapshot.new (Seq.(++) (Snapshot.inner produced) (Seq.singleton __creusot_proc_iter_elem)) ] s2 | s2 = bb15 ] | bb15 = s0 - [ s0 = [ &produced <- _23 ] s1 + [ s0 = [ &produced <- _24 ] s1 | s1 = [ &x <- __creusot_proc_iter_elem ] s2 | s2 = {inv'4 vec.current} Borrow.borrow_mut {vec.current} (fun (_ret':borrowed (t_Vec'0)) -> - [ &_27 <- _ret' ] + [ &_28 <- _ret' ] -{inv'4 _ret'.final}- [ &vec <- { vec with current = _ret'.final } ] s3) - | s3 = push'0 {_27} {x} (fun (_ret':()) -> [ &_26 <- _ret' ] s4) + | s3 = push'0 {_28} {x} (fun (_ret':()) -> [ &_27 <- _ret' ] s4) | s4 = bb16 ] | bb16 = bb17 | bb17 = bb18 | bb18 = bb19 - | bb19 = bb8 ] + | bb19 = bb6 ] ] | bb13 = s0 @@ -313,15 +313,15 @@ module M_08_collect_extend__extend [#"08_collect_extend.rs" 27 0 27 66] | & iter1 : t_I'0 = any_l () | & iter_old : Snapshot.snap_ty t_I'0 = any_l () | & produced : Snapshot.snap_ty (Seq.seq t_T'0) = any_l () - | & _18 : t_Option'0 = any_l () - | & _19 : borrowed t_I'0 = any_l () + | & _19 : t_Option'0 = any_l () | & _20 : borrowed t_I'0 = any_l () + | & _21 : borrowed t_I'0 = any_l () | & __creusot_proc_iter_elem : t_T'0 = any_l () - | & _23 : Snapshot.snap_ty (Seq.seq t_T'0) = any_l () + | & _24 : Snapshot.snap_ty (Seq.seq t_T'0) = any_l () | & x : t_T'0 = any_l () - | & _26 : () = any_l () - | & _27 : borrowed (t_Vec'0) = any_l () - | & old_8_0 : Snapshot.snap_ty (borrowed (t_Vec'0)) = any_l () ] + | & _27 : () = any_l () + | & _28 : borrowed (t_Vec'0) = any_l () + | & old_6_0 : Snapshot.snap_ty (borrowed (t_Vec'0)) = any_l () ] [ return' (result:())-> {[@expl:extend ensures] [%#s08_collect_extend9] exists done' : borrowed t_I'0, prod : Seq.seq t_T'0 . inv'3 done' /\ inv'2 prod @@ -553,58 +553,58 @@ module M_08_collect_extend__collect [#"08_collect_extend.rs" 46 0 46 52] [ s0 = [ &produced <- [%#s08_collect_extend2] Snapshot.new (Seq.empty : Seq.seq t_Item'0) ] s1 | s1 = bb5 ] | bb5 = bb6 - | bb6 = bb7 - | bb7 = bb8 - | bb8 = bb9 - | bb9 = bb10 - | bb10 = bb10 - [ bb10 = {[@expl:for invariant] [%#s08_collect_extend5] inv'2 (Snapshot.inner produced)} + | bb6 = bb6 + [ bb6 = {[@expl:for invariant] [%#s08_collect_extend5] inv'2 (Snapshot.inner produced)} {[@expl:for invariant] [%#s08_collect_extend5] inv'1 iter1} {[@expl:for invariant] [%#s08_collect_extend5] produces'0 (Snapshot.inner iter_old) (Snapshot.inner produced) iter1} {[@expl:loop invariant #0] [%#s08_collect_extend4] inv'0 res} {[@expl:loop invariant #1] [%#s08_collect_extend3] Seq.(==) (view'0 res) (Snapshot.inner produced)} - (! s0) [ s0 = bb11 ] - [ bb11 = s0 + (! s0) [ s0 = bb7 ] + [ bb7 = bb8 + | bb8 = bb9 + | bb9 = bb10 + | bb10 = bb11 + | bb11 = s0 [ s0 = {inv'1 iter1} Borrow.borrow_mut {iter1} - (fun (_ret':borrowed t_I'0) -> [ &_19 <- _ret' ] -{inv'1 _ret'.final}- [ &iter1 <- _ret'.final ] s1) - | s1 = {inv'1 _19.current} - Borrow.borrow_final {_19.current} {Borrow.get_id _19} + (fun (_ret':borrowed t_I'0) -> [ &_20 <- _ret' ] -{inv'1 _ret'.final}- [ &iter1 <- _ret'.final ] s1) + | s1 = {inv'1 _20.current} + Borrow.borrow_final {_20.current} {Borrow.get_id _20} (fun (_ret':borrowed t_I'0) -> - [ &_18 <- _ret' ] + [ &_19 <- _ret' ] -{inv'1 _ret'.final}- - [ &_19 <- { _19 with current = _ret'.final } ] + [ &_20 <- { _20 with current = _ret'.final } ] s2) - | s2 = next'0 {_18} (fun (_ret':t_Option'0) -> [ &_17 <- _ret' ] s3) + | s2 = next'0 {_19} (fun (_ret':t_Option'0) -> [ &_18 <- _ret' ] s3) | s3 = bb12 ] | bb12 = s0 - [ s0 = {[@expl:type invariant] inv'3 _19} s1 - | s1 = -{resolve'0 _19}- s2 - | s2 = any [ br0 -> {_17 = C_None'0 } (! bb15) | br1 (x0:t_Item'0)-> {_17 = C_Some'0 x0} (! bb14) ] ] + [ s0 = {[@expl:type invariant] inv'3 _20} s1 + | s1 = -{resolve'0 _20}- s2 + | s2 = any [ br0 -> {_18 = C_None'0 } (! bb15) | br1 (x0:t_Item'0)-> {_18 = C_Some'0 x0} (! bb14) ] ] | bb14 = bb16 | bb16 = s0 - [ s0 = v_Some'0 {_17} (fun (r0'0:t_Item'0) -> [ &__creusot_proc_iter_elem <- r0'0 ] s1) + [ s0 = v_Some'0 {_18} (fun (r0'0:t_Item'0) -> [ &__creusot_proc_iter_elem <- r0'0 ] s1) | s1 = - [ &_22 <- [%#s08_collect_extend6] Snapshot.new (Seq.(++) (Snapshot.inner produced) (Seq.singleton __creusot_proc_iter_elem)) ] + [ &_23 <- [%#s08_collect_extend6] Snapshot.new (Seq.(++) (Snapshot.inner produced) (Seq.singleton __creusot_proc_iter_elem)) ] s2 | s2 = bb17 ] | bb17 = s0 - [ s0 = [ &produced <- _22 ] s1 + [ s0 = [ &produced <- _23 ] s1 | s1 = [ &x <- __creusot_proc_iter_elem ] s2 | s2 = {inv'0 res} Borrow.borrow_mut {res} - (fun (_ret':borrowed (t_Vec'0)) -> [ &_26 <- _ret' ] -{inv'0 _ret'.final}- [ &res <- _ret'.final ] s3) - | s3 = push'0 {_26} {x} (fun (_ret':()) -> [ &_25 <- _ret' ] s4) + (fun (_ret':borrowed (t_Vec'0)) -> [ &_27 <- _ret' ] -{inv'0 _ret'.final}- [ &res <- _ret'.final ] s3) + | s3 = push'0 {_27} {x} (fun (_ret':()) -> [ &_26 <- _ret' ] s4) | s4 = bb18 ] | bb18 = bb19 | bb19 = bb20 | bb20 = bb21 - | bb21 = bb10 ] + | bb21 = bb6 ] ] | bb15 = s0 [ s0 = {[@expl:type invariant] inv'1 iter1} s1 | s1 = -{resolve'1 iter1}- s2 | s2 = bb22 ] @@ -619,14 +619,14 @@ module M_08_collect_extend__collect [#"08_collect_extend.rs" 46 0 46 52] | & iter1 : t_I'0 = any_l () | & iter_old : Snapshot.snap_ty t_I'0 = any_l () | & produced : Snapshot.snap_ty (Seq.seq t_Item'0) = any_l () - | & _17 : t_Option'0 = any_l () - | & _18 : borrowed t_I'0 = any_l () + | & _18 : t_Option'0 = any_l () | & _19 : borrowed t_I'0 = any_l () + | & _20 : borrowed t_I'0 = any_l () | & __creusot_proc_iter_elem : t_Item'0 = any_l () - | & _22 : Snapshot.snap_ty (Seq.seq t_Item'0) = any_l () + | & _23 : Snapshot.snap_ty (Seq.seq t_Item'0) = any_l () | & x : t_Item'0 = any_l () - | & _25 : () = any_l () - | & _26 : borrowed (t_Vec'0) = any_l () ] + | & _26 : () = any_l () + | & _27 : borrowed (t_Vec'0) = any_l () ] [ return' (result:t_Vec'0)-> {[@expl:collect result type invariant] [%#s08_collect_extend8] inv'0 result} {[@expl:collect ensures] [%#s08_collect_extend9] exists done' : borrowed t_I'0, prod : Seq.seq t_Item'0 . inv'3 done' diff --git a/creusot/tests/should_succeed/iterators/17_filter.coma b/creusot/tests/should_succeed/iterators/17_filter.coma index a0353da41..a45ad5291 100644 --- a/creusot/tests/should_succeed/iterators/17_filter.coma +++ b/creusot/tests/should_succeed/iterators/17_filter.coma @@ -549,49 +549,49 @@ module M_17_filter__qyi17392541228996028033__next [#"17_filter.rs" 88 4 88 41] ( [ s0 = {inv'1 (self.current).t_Filter__iter'0} Borrow.borrow_mut {(self.current).t_Filter__iter'0} (fun (_ret':borrowed t_I'0) -> - [ &_16 <- _ret' ] + [ &_17 <- _ret' ] -{inv'1 _ret'.final}- [ &self <- { self with current = { self.current with t_Filter__iter'0 = _ret'.final } } ] s1) - | s1 = next'1 {_16} (fun (_ret':t_Option'0) -> [ &_15 <- _ret' ] s2) + | s1 = next'1 {_17} (fun (_ret':t_Option'0) -> [ &_16 <- _ret' ] s2) | s2 = bb5 ] - | bb5 = any [ br0 -> {_15 = C_None'0 } (! bb13) | br1 (x0:t_Item'0)-> {_15 = C_Some'0 x0} (! bb6) ] + | bb5 = any [ br0 -> {_16 = C_None'0 } (! bb13) | br1 (x0:t_Item'0)-> {_16 = C_Some'0 x0} (! bb6) ] | bb6 = bb7 | bb7 = s0 - [ s0 = v_Some'0 {_15} (fun (r0'0:t_Item'0) -> [ &n <- r0'0 ] s1) - | s1 = [ &_19 <- [%#s17_filter6] Snapshot.new (Seq.snoc (Snapshot.inner produced) n) ] s2 + [ s0 = v_Some'0 {_16} (fun (r0'0:t_Item'0) -> [ &n <- r0'0 ] s1) + | s1 = [ &_20 <- [%#s17_filter6] Snapshot.new (Seq.snoc (Snapshot.inner produced) n) ] s2 | s2 = bb8 ] | bb8 = s0 - [ s0 = [ &produced <- _19 ] s1 + [ s0 = [ &produced <- _20 ] s1 | s1 = {[@expl:assertion] [%#s17_filter7] produces'0 ((Snapshot.inner old_self).current).t_Filter__iter'0 (Snapshot.inner produced) (self.current).t_Filter__iter'0} s2 | s2 = {inv'2 (self.current).t_Filter__func'0} Borrow.borrow_mut {(self.current).t_Filter__func'0} (fun (_ret':borrowed t_F'0) -> - [ &_24 <- _ret' ] + [ &_25 <- _ret' ] -{inv'2 _ret'.final}- [ &self <- { self with current = { self.current with t_Filter__func'0 = _ret'.final } } ] s3) - | s3 = [ &_27 <- n ] s4 - | s4 = [ &_25 <- (_27) ] s5 - | s5 = call_mut'0 {_24} {_25} (fun (_ret':bool) -> [ &_23 <- _ret' ] s6) + | s3 = [ &_28 <- n ] s4 + | s4 = [ &_26 <- (_28) ] s5 + | s5 = call_mut'0 {_25} {_26} (fun (_ret':bool) -> [ &_24 <- _ret' ] s6) | s6 = bb9 ] - | bb9 = any [ br0 -> {_23 = false} (! bb12) | br1 -> {_23} (! bb10) ] + | bb9 = any [ br0 -> {_24 = false} (! bb12) | br1 -> {_24} (! bb10) ] | bb12 = s0 [ s0 = {[@expl:type invariant] inv'3 n} s1 | s1 = -{resolve'0 n}- s2 | s2 = bb14 ] | bb14 = bb15 | bb15 = bb3 ] ] | bb13 = s0 - [ s0 = {[@expl:type invariant] match _15 with + [ s0 = {[@expl:type invariant] match _16 with | C_Some'0 x'0 -> inv'3 x'0 | _ -> true end} s1 - | s1 = -{match _15 with + | s1 = -{match _16 with | C_Some'0 x'1 -> resolve'0 x'1 | _ -> true end}- @@ -616,14 +616,14 @@ module M_17_filter__qyi17392541228996028033__next [#"17_filter.rs" 88 4 88 41] ( | & self : borrowed (t_Filter'0) = self | & old_self : Snapshot.snap_ty (borrowed (t_Filter'0)) = any_l () | & produced : Snapshot.snap_ty (Seq.seq t_Item'0) = any_l () - | & _15 : t_Option'0 = any_l () - | & _16 : borrowed t_I'0 = any_l () + | & _16 : t_Option'0 = any_l () + | & _17 : borrowed t_I'0 = any_l () | & n : t_Item'0 = any_l () - | & _19 : Snapshot.snap_ty (Seq.seq t_Item'0) = any_l () - | & _23 : bool = any_l () - | & _24 : borrowed t_F'0 = any_l () - | & _25 : t_Item'0 = any_l () - | & _27 : t_Item'0 = any_l () + | & _20 : Snapshot.snap_ty (Seq.seq t_Item'0) = any_l () + | & _24 : bool = any_l () + | & _25 : borrowed t_F'0 = any_l () + | & _26 : t_Item'0 = any_l () + | & _28 : t_Item'0 = any_l () | & old_3_0 : Snapshot.snap_ty (borrowed (t_Filter'0)) = any_l () ] [ return' (result:t_Option'0)-> {[@expl:next result type invariant] [%#s17_filter10] inv'4 result} diff --git a/creusot/tests/should_succeed/knapsack.coma b/creusot/tests/should_succeed/knapsack.coma index f0d2a4bce..c131d5348 100644 --- a/creusot/tests/should_succeed/knapsack.coma +++ b/creusot/tests/should_succeed/knapsack.coma @@ -563,12 +563,8 @@ module M_knapsack__knapsack01_dyn [#"knapsack.rs" 49 0 49 91] | s2 = bb3 ] | bb3 = s0 [ s0 = [ &i <- [%#sknapsack3] (0 : usize) ] s1 | s1 = bb4 ] - | bb4 = bb5 - | bb5 = bb6 - | bb6 = bb7 - | bb7 = bb8 - | bb8 = bb8 - [ bb8 = {[@expl:loop invariant #0] [%#sknapsack7] Seq.length (view'0 items) + 1 = Seq.length (view'2 best_value)} + | bb4 = bb4 + [ bb4 = {[@expl:loop invariant #0] [%#sknapsack7] Seq.length (view'0 items) + 1 = Seq.length (view'2 best_value)} {[@expl:loop invariant #1] [%#sknapsack6] forall i : int . 0 <= i /\ i < Seq.length (view'2 best_value) -> UIntSize.to_int max_weight + 1 = Seq.length (view'1 (index_logic'0 best_value i))} {[@expl:loop invariant #2] [%#sknapsack5] forall ii : int, ww : int . 0 <= ii @@ -577,21 +573,20 @@ module M_knapsack__knapsack01_dyn [#"knapsack.rs" 49 0 49 91] {[@expl:loop invariant #3] [%#sknapsack4] forall ii : int, ww : int . 0 <= ii /\ ii <= Seq.length (view'0 items) /\ 0 <= ww /\ ww <= UIntSize.to_int max_weight -> UIntSize.to_int (Seq.get (view'1 (index_logic'0 best_value ii)) ww) <= 10000000 * ii} - (! s0) [ s0 = bb9 ] - [ bb9 = s0 [ s0 = len'0 {items} (fun (_ret':usize) -> [ &_22 <- _ret' ] s1) | s1 = bb10 ] + (! s0) [ s0 = bb5 ] + [ bb5 = bb6 + | bb6 = bb7 + | bb7 = bb8 + | bb8 = bb9 + | bb9 = s0 [ s0 = len'0 {items} (fun (_ret':usize) -> [ &_23 <- _ret' ] s1) | s1 = bb10 ] | bb10 = s0 - [ s0 = UIntSize.lt {i} {_22} (fun (_ret':bool) -> [ &_20 <- _ret' ] s1) - | s1 = any [ br0 -> {_20 = false} (! bb34) | br1 -> {_20} (! bb11) ] ] + [ s0 = UIntSize.lt {i} {_23} (fun (_ret':bool) -> [ &_21 <- _ret' ] s1) + | s1 = any [ br0 -> {_21 = false} (! bb34) | br1 -> {_21} (! bb11) ] ] - | bb11 = s0 [ s0 = index'0 {items} {i} (fun (_ret':t_Item'0) -> [ &_25 <- _ret' ] s1) | s1 = bb12 ] - | bb12 = s0 [ s0 = [ &it <- _25 ] s1 | s1 = [ &w <- [%#sknapsack8] (0 : usize) ] s2 | s2 = bb13 ] - | bb13 = bb14 - | bb14 = bb15 - | bb15 = bb16 - | bb16 = bb17 - | bb17 = bb18 - | bb18 = bb18 - [ bb18 = {[@expl:loop invariant #0] [%#sknapsack13] Seq.length (view'0 items) + 1 + | bb11 = s0 [ s0 = index'0 {items} {i} (fun (_ret':t_Item'0) -> [ &_26 <- _ret' ] s1) | s1 = bb12 ] + | bb12 = s0 [ s0 = [ &it <- _26 ] s1 | s1 = [ &w <- [%#sknapsack8] (0 : usize) ] s2 | s2 = bb13 ] + | bb13 = bb13 + [ bb13 = {[@expl:loop invariant #0] [%#sknapsack13] Seq.length (view'0 items) + 1 = Seq.length (view'2 best_value)} {[@expl:loop invariant #1] [%#sknapsack12] forall i : int . 0 <= i /\ i < Seq.length (view'2 best_value) -> UIntSize.to_int max_weight + 1 = Seq.length (view'1 (index_logic'0 best_value i))} @@ -604,107 +599,112 @@ module M_knapsack__knapsack01_dyn [#"knapsack.rs" 49 0 49 91] {[@expl:loop invariant #4] [%#sknapsack9] forall ii : int, ww : int . 0 <= ii /\ ii <= Seq.length (view'0 items) /\ 0 <= ww /\ ww <= UIntSize.to_int max_weight -> UIntSize.to_int (Seq.get (view'1 (index_logic'0 best_value ii)) ww) <= 10000000 * ii} - (! s0) [ s0 = bb19 ] - [ bb19 = s0 - [ s0 = UIntSize.le {w} {max_weight} (fun (_ret':bool) -> [ &_35 <- _ret' ] s1) - | s1 = any [ br0 -> {_35 = false} (! bb33) | br1 -> {_35} (! bb20) ] ] + (! s0) [ s0 = bb14 ] + [ bb14 = bb15 + | bb15 = bb16 + | bb16 = bb17 + | bb17 = bb18 + | bb18 = bb19 + | bb19 = s0 + [ s0 = UIntSize.le {w} {max_weight} (fun (_ret':bool) -> [ &_37 <- _ret' ] s1) + | s1 = any [ br0 -> {_37 = false} (! bb33) | br1 -> {_37} (! bb20) ] ] | bb20 = s0 - [ s0 = UIntSize.gt {it.t_Item__weight'0} {w} (fun (_ret':bool) -> [ &_39 <- _ret' ] s1) - | s1 = any [ br0 -> {_39 = false} (! bb24) | br1 -> {_39} (! bb21) ] ] + [ s0 = UIntSize.gt {it.t_Item__weight'0} {w} (fun (_ret':bool) -> [ &_41 <- _ret' ] s1) + | s1 = any [ br0 -> {_41 = false} (! bb24) | br1 -> {_41} (! bb21) ] ] - | bb21 = s0 [ s0 = index'1 {best_value} {i} (fun (_ret':t_Vec'0) -> [ &_44 <- _ret' ] s1) | s1 = bb22 ] - | bb22 = s0 [ s0 = index'2 {_44} {w} (fun (_ret':usize) -> [ &_42 <- _ret' ] s1) | s1 = bb23 ] - | bb23 = s0 [ s0 = [ &_38 <- _42 ] s1 | s1 = bb30 ] - | bb24 = s0 [ s0 = index'1 {best_value} {i} (fun (_ret':t_Vec'0) -> [ &_51 <- _ret' ] s1) | s1 = bb25 ] - | bb25 = s0 [ s0 = index'2 {_51} {w} (fun (_ret':usize) -> [ &_49 <- _ret' ] s1) | s1 = bb26 ] - | bb26 = s0 [ s0 = index'1 {best_value} {i} (fun (_ret':t_Vec'0) -> [ &_59 <- _ret' ] s1) | s1 = bb27 ] + | bb21 = s0 [ s0 = index'1 {best_value} {i} (fun (_ret':t_Vec'0) -> [ &_46 <- _ret' ] s1) | s1 = bb22 ] + | bb22 = s0 [ s0 = index'2 {_46} {w} (fun (_ret':usize) -> [ &_44 <- _ret' ] s1) | s1 = bb23 ] + | bb23 = s0 [ s0 = [ &_40 <- _44 ] s1 | s1 = bb30 ] + | bb24 = s0 [ s0 = index'1 {best_value} {i} (fun (_ret':t_Vec'0) -> [ &_53 <- _ret' ] s1) | s1 = bb25 ] + | bb25 = s0 [ s0 = index'2 {_53} {w} (fun (_ret':usize) -> [ &_51 <- _ret' ] s1) | s1 = bb26 ] + | bb26 = s0 [ s0 = index'1 {best_value} {i} (fun (_ret':t_Vec'0) -> [ &_61 <- _ret' ] s1) | s1 = bb27 ] | bb27 = s0 - [ s0 = UIntSize.sub {w} {it.t_Item__weight'0} (fun (_ret':usize) -> [ &_62 <- _ret' ] s1) - | s1 = index'2 {_59} {_62} (fun (_ret':usize) -> [ &_57 <- _ret' ] s2) + [ s0 = UIntSize.sub {w} {it.t_Item__weight'0} (fun (_ret':usize) -> [ &_64 <- _ret' ] s1) + | s1 = index'2 {_61} {_64} (fun (_ret':usize) -> [ &_59 <- _ret' ] s2) | s2 = bb28 ] | bb28 = s0 - [ s0 = UIntSize.add {_57} {it.t_Item__value'0} (fun (_ret':usize) -> [ &_55 <- _ret' ] s1) - | s1 = max'0 {_49} {_55} (fun (_ret':usize) -> [ &_38 <- _ret' ] s2) + [ s0 = UIntSize.add {_59} {it.t_Item__value'0} (fun (_ret':usize) -> [ &_57 <- _ret' ] s1) + | s1 = max'0 {_51} {_57} (fun (_ret':usize) -> [ &_40 <- _ret' ] s2) | s2 = bb29 ] | bb29 = bb30 | bb30 = s0 [ s0 = Borrow.borrow_mut {best_value} - (fun (_ret':borrowed (t_Vec'1)) -> [ &_69 <- _ret' ] [ &best_value <- _ret'.final ] s1) - | s1 = UIntSize.add {i} {[%#sknapsack14] (1 : usize)} (fun (_ret':usize) -> [ &_70 <- _ret' ] s2) - | s2 = index_mut'0 {_69} {_70} (fun (_ret':borrowed (t_Vec'0)) -> [ &_68 <- _ret' ] s3) + (fun (_ret':borrowed (t_Vec'1)) -> [ &_71 <- _ret' ] [ &best_value <- _ret'.final ] s1) + | s1 = UIntSize.add {i} {[%#sknapsack14] (1 : usize)} (fun (_ret':usize) -> [ &_72 <- _ret' ] s2) + | s2 = index_mut'0 {_71} {_72} (fun (_ret':borrowed (t_Vec'0)) -> [ &_70 <- _ret' ] s3) | s3 = bb31 ] | bb31 = s0 - [ s0 = Borrow.borrow_final {_68.current} {Borrow.get_id _68} + [ s0 = Borrow.borrow_final {_70.current} {Borrow.get_id _70} (fun (_ret':borrowed (t_Vec'0)) -> - [ &_67 <- _ret' ] - [ &_68 <- { _68 with current = _ret'.final } ] + [ &_69 <- _ret' ] + [ &_70 <- { _70 with current = _ret'.final } ] s1) - | s1 = index_mut'1 {_67} {w} (fun (_ret':borrowed usize) -> [ &_66 <- _ret' ] s2) + | s1 = index_mut'1 {_69} {w} (fun (_ret':borrowed usize) -> [ &_68 <- _ret' ] s2) | s2 = bb32 ] | bb32 = s0 - [ s0 = [ &_66 <- { _66 with current = _38 } ] s1 - | s1 = -{resolve'0 _66}- s2 - | s2 = -{resolve'1 _68}- s3 + [ s0 = [ &_68 <- { _68 with current = _40 } ] s1 + | s1 = -{resolve'0 _68}- s2 + | s2 = -{resolve'1 _70}- s3 | s3 = UIntSize.add {w} {[%#sknapsack15] (1 : usize)} (fun (_ret':usize) -> [ &w <- _ret' ] s4) - | s4 = bb18 ] + | s4 = bb13 ] ] ] | bb33 = s0 - [ s0 = UIntSize.add {i} {[%#sknapsack16] (1 : usize)} (fun (_ret':usize) -> [ &i <- _ret' ] s1) | s1 = bb8 ] + [ s0 = UIntSize.add {i} {[%#sknapsack16] (1 : usize)} (fun (_ret':usize) -> [ &i <- _ret' ] s1) | s1 = bb4 ] ] ] - | bb34 = s0 [ s0 = len'0 {items} (fun (_ret':usize) -> [ &_80 <- _ret' ] s1) | s1 = bb35 ] - | bb35 = s0 [ s0 = with_capacity'0 {_80} (fun (_ret':t_Vec'2) -> [ &result <- _ret' ] s1) | s1 = bb36 ] + | bb34 = s0 [ s0 = len'0 {items} (fun (_ret':usize) -> [ &_78 <- _ret' ] s1) | s1 = bb35 ] + | bb35 = s0 [ s0 = with_capacity'0 {_78} (fun (_ret':t_Vec'2) -> [ &result <- _ret' ] s1) | s1 = bb36 ] | bb36 = s0 [ s0 = [ &left_weight <- max_weight ] s1 | s1 = len'0 {items} (fun (_ret':usize) -> [ &j <- _ret' ] s2) | s2 = bb37 ] | bb37 = bb38 - | bb38 = bb39 - | bb39 = bb39 - [ bb39 = {[@expl:loop invariant #0] [%#sknapsack19] inv'0 result} + | bb38 = bb38 + [ bb38 = {[@expl:loop invariant #0] [%#sknapsack19] inv'0 result} {[@expl:loop invariant #1] [%#sknapsack18] UIntSize.to_int j <= Seq.length (view'0 items)} {[@expl:loop invariant #2] [%#sknapsack17] UIntSize.to_int left_weight <= UIntSize.to_int max_weight} - (! s0) [ s0 = bb40 ] - [ bb40 = s0 - [ s0 = UIntSize.lt {[%#sknapsack20] (0 : usize)} {j} (fun (_ret':bool) -> [ &_89 <- _ret' ] s1) - | s1 = any [ br0 -> {_89 = false} (! bb51) | br1 -> {_89} (! bb41) ] ] + (! s0) [ s0 = bb39 ] + [ bb39 = bb40 + | bb40 = s0 + [ s0 = UIntSize.lt {[%#sknapsack20] (0 : usize)} {j} (fun (_ret':bool) -> [ &_88 <- _ret' ] s1) + | s1 = any [ br0 -> {_88 = false} (! bb51) | br1 -> {_88} (! bb41) ] ] | bb41 = s0 [ s0 = UIntSize.sub {j} {[%#sknapsack21] (1 : usize)} (fun (_ret':usize) -> [ &j <- _ret' ] s1) - | s1 = index'0 {items} {j} (fun (_ret':t_Item'0) -> [ &_92 <- _ret' ] s2) + | s1 = index'0 {items} {j} (fun (_ret':t_Item'0) -> [ &_91 <- _ret' ] s2) | s2 = bb42 ] | bb42 = s0 - [ s0 = [ &it1 <- _92 ] s1 - | s1 = UIntSize.add {j} {[%#sknapsack22] (1 : usize)} (fun (_ret':usize) -> [ &_101 <- _ret' ] s2) - | s2 = index'1 {best_value} {_101} (fun (_ret':t_Vec'0) -> [ &_99 <- _ret' ] s3) + [ s0 = [ &it1 <- _91 ] s1 + | s1 = UIntSize.add {j} {[%#sknapsack22] (1 : usize)} (fun (_ret':usize) -> [ &_100 <- _ret' ] s2) + | s2 = index'1 {best_value} {_100} (fun (_ret':t_Vec'0) -> [ &_98 <- _ret' ] s3) | s3 = bb43 ] - | bb43 = s0 [ s0 = index'2 {_99} {left_weight} (fun (_ret':usize) -> [ &_97 <- _ret' ] s1) | s1 = bb44 ] - | bb44 = s0 [ s0 = index'1 {best_value} {j} (fun (_ret':t_Vec'0) -> [ &_107 <- _ret' ] s1) | s1 = bb45 ] - | bb45 = s0 [ s0 = index'2 {_107} {left_weight} (fun (_ret':usize) -> [ &_105 <- _ret' ] s1) | s1 = bb46 ] + | bb43 = s0 [ s0 = index'2 {_98} {left_weight} (fun (_ret':usize) -> [ &_96 <- _ret' ] s1) | s1 = bb44 ] + | bb44 = s0 [ s0 = index'1 {best_value} {j} (fun (_ret':t_Vec'0) -> [ &_106 <- _ret' ] s1) | s1 = bb45 ] + | bb45 = s0 [ s0 = index'2 {_106} {left_weight} (fun (_ret':usize) -> [ &_104 <- _ret' ] s1) | s1 = bb46 ] | bb46 = s0 - [ s0 = UIntSize.ne {_97} {_105} (fun (_ret':bool) -> [ &_95 <- _ret' ] s1) - | s1 = any [ br0 -> {_95 = false} (! bb49) | br1 -> {_95} (! bb47) ] ] + [ s0 = UIntSize.ne {_96} {_104} (fun (_ret':bool) -> [ &_94 <- _ret' ] s1) + | s1 = any [ br0 -> {_94 = false} (! bb49) | br1 -> {_94} (! bb47) ] ] | bb47 = s0 [ s0 = {inv'0 result} Borrow.borrow_mut {result} (fun (_ret':borrowed (t_Vec'2)) -> - [ &_112 <- _ret' ] + [ &_111 <- _ret' ] -{inv'0 _ret'.final}- [ &result <- _ret'.final ] s1) - | s1 = push'0 {_112} {it1} (fun (_ret':()) -> [ &_111 <- _ret' ] s2) + | s1 = push'0 {_111} {it1} (fun (_ret':()) -> [ &_110 <- _ret' ] s2) | s2 = bb48 ] | bb48 = s0 @@ -712,7 +712,7 @@ module M_knapsack__knapsack01_dyn [#"knapsack.rs" 49 0 49 91] | s1 = bb50 ] | bb49 = bb50 - | bb50 = bb39 ] + | bb50 = bb38 ] ] | bb51 = s0 [ s0 = [ &_0 <- result ] s1 | s1 = bb52 ] @@ -728,42 +728,42 @@ module M_knapsack__knapsack01_dyn [#"knapsack.rs" 49 0 49 91] | & _10 : usize = any_l () | & _11 : usize = any_l () | & i : usize = any_l () - | & _20 : bool = any_l () - | & _22 : usize = any_l () + | & _21 : bool = any_l () + | & _23 : usize = any_l () | & it : t_Item'0 = any_l () - | & _25 : t_Item'0 = any_l () + | & _26 : t_Item'0 = any_l () | & w : usize = any_l () - | & _35 : bool = any_l () - | & _38 : usize = any_l () - | & _39 : bool = any_l () - | & _42 : usize = any_l () - | & _44 : t_Vec'0 = any_l () - | & _49 : usize = any_l () - | & _51 : t_Vec'0 = any_l () - | & _55 : usize = any_l () + | & _37 : bool = any_l () + | & _40 : usize = any_l () + | & _41 : bool = any_l () + | & _44 : usize = any_l () + | & _46 : t_Vec'0 = any_l () + | & _51 : usize = any_l () + | & _53 : t_Vec'0 = any_l () | & _57 : usize = any_l () - | & _59 : t_Vec'0 = any_l () - | & _62 : usize = any_l () - | & _66 : borrowed usize = any_l () - | & _67 : borrowed (t_Vec'0) = any_l () - | & _68 : borrowed (t_Vec'0) = any_l () - | & _69 : borrowed (t_Vec'1) = any_l () - | & _70 : usize = any_l () + | & _59 : usize = any_l () + | & _61 : t_Vec'0 = any_l () + | & _64 : usize = any_l () + | & _68 : borrowed usize = any_l () + | & _69 : borrowed (t_Vec'0) = any_l () + | & _70 : borrowed (t_Vec'0) = any_l () + | & _71 : borrowed (t_Vec'1) = any_l () + | & _72 : usize = any_l () | & result : t_Vec'2 = any_l () - | & _80 : usize = any_l () + | & _78 : usize = any_l () | & left_weight : usize = any_l () | & j : usize = any_l () - | & _89 : bool = any_l () + | & _88 : bool = any_l () | & it1 : t_Item'0 = any_l () - | & _92 : t_Item'0 = any_l () - | & _95 : bool = any_l () - | & _97 : usize = any_l () - | & _99 : t_Vec'0 = any_l () - | & _101 : usize = any_l () - | & _105 : usize = any_l () - | & _107 : t_Vec'0 = any_l () - | & _111 : () = any_l () - | & _112 : borrowed (t_Vec'2) = any_l () ] + | & _91 : t_Item'0 = any_l () + | & _94 : bool = any_l () + | & _96 : usize = any_l () + | & _98 : t_Vec'0 = any_l () + | & _100 : usize = any_l () + | & _104 : usize = any_l () + | & _106 : t_Vec'0 = any_l () + | & _110 : () = any_l () + | & _111 : borrowed (t_Vec'2) = any_l () ] [ return' (result:t_Vec'2)-> {[@expl:knapsack01_dyn result type invariant] [%#sknapsack27] inv'0 result} (! return' {result}) ] diff --git a/creusot/tests/should_succeed/knapsack_full.coma b/creusot/tests/should_succeed/knapsack_full.coma index c842bcda0..57260b36d 100644 --- a/creusot/tests/should_succeed/knapsack_full.coma +++ b/creusot/tests/should_succeed/knapsack_full.coma @@ -1083,12 +1083,8 @@ module M_knapsack_full__knapsack01_dyn [#"knapsack_full.rs" 86 0 86 91] | bb5 = s0 [ s0 = [ &iter_old <- [%#sknapsack_full4] Snapshot.new iter ] s1 | s1 = bb6 ] | bb6 = s0 [ s0 = [ &produced <- [%#sknapsack_full5] Snapshot.new (Seq.empty : Seq.seq usize) ] s1 | s1 = bb7 ] | bb7 = bb8 - | bb8 = bb9 - | bb9 = bb10 - | bb10 = bb11 - | bb11 = bb12 - | bb12 = bb12 - [ bb12 = {[@expl:for invariant] [%#sknapsack_full10] inv'1 (Snapshot.inner produced)} + | bb8 = bb8 + [ bb8 = {[@expl:for invariant] [%#sknapsack_full10] inv'1 (Snapshot.inner produced)} {[@expl:for invariant] [%#sknapsack_full10] inv'0 iter} {[@expl:for invariant] [%#sknapsack_full10] produces'0 (Snapshot.inner iter_old) (Snapshot.inner produced) iter} {[@expl:loop invariant #0] [%#sknapsack_full9] Seq.length (view'0 items) + 1 = Seq.length (view'2 best_value)} @@ -1100,56 +1096,55 @@ module M_knapsack_full__knapsack01_dyn [#"knapsack_full.rs" 86 0 86 91] {[@expl:loop invariant #3] [%#sknapsack_full6] forall ii : int, ww : int . 0 <= ii /\ ii <= Seq.length (view'0 items) /\ 0 <= ww /\ ww <= UIntSize.to_int max_weight -> UIntSize.to_int (Seq.get (view'1 (index_logic'0 best_value ii)) ww) <= 10000000 * ii} - (! s0) [ s0 = bb13 ] - [ bb13 = s0 + (! s0) [ s0 = bb9 ] + [ bb9 = bb10 + | bb10 = bb11 + | bb11 = bb12 + | bb12 = bb13 + | bb13 = s0 [ s0 = Borrow.borrow_mut {iter} - (fun (_ret':borrowed (t_Range'0)) -> [ &_35 <- _ret' ] [ &iter <- _ret'.final ] s1) - | s1 = Borrow.borrow_final {_35.current} {Borrow.get_id _35} + (fun (_ret':borrowed (t_Range'0)) -> [ &_36 <- _ret' ] [ &iter <- _ret'.final ] s1) + | s1 = Borrow.borrow_final {_36.current} {Borrow.get_id _36} (fun (_ret':borrowed (t_Range'0)) -> - [ &_34 <- _ret' ] - [ &_35 <- { _35 with current = _ret'.final } ] + [ &_35 <- _ret' ] + [ &_36 <- { _36 with current = _ret'.final } ] s2) - | s2 = next'0 {_34} (fun (_ret':t_Option'0) -> [ &_33 <- _ret' ] s3) + | s2 = next'0 {_35} (fun (_ret':t_Option'0) -> [ &_34 <- _ret' ] s3) | s3 = bb14 ] | bb14 = s0 - [ s0 = -{resolve'0 _35}- s1 - | s1 = any [ br0 -> {_33 = C_None'0 } (! bb17) | br1 (x0:usize)-> {_33 = C_Some'0 x0} (! bb16) ] ] + [ s0 = -{resolve'0 _36}- s1 + | s1 = any [ br0 -> {_34 = C_None'0 } (! bb17) | br1 (x0:usize)-> {_34 = C_Some'0 x0} (! bb16) ] ] | bb16 = bb18 | bb18 = s0 - [ s0 = v_Some'0 {_33} (fun (r0'0:usize) -> [ &__creusot_proc_iter_elem <- r0'0 ] s1) + [ s0 = v_Some'0 {_34} (fun (r0'0:usize) -> [ &__creusot_proc_iter_elem <- r0'0 ] s1) | s1 = - [ &_38 <- [%#sknapsack_full11] Snapshot.new (Seq.(++) (Snapshot.inner produced) (Seq.singleton __creusot_proc_iter_elem)) ] + [ &_39 <- [%#sknapsack_full11] Snapshot.new (Seq.(++) (Snapshot.inner produced) (Seq.singleton __creusot_proc_iter_elem)) ] s2 | s2 = bb19 ] | bb19 = s0 - [ s0 = [ &produced <- _38 ] s1 + [ s0 = [ &produced <- _39 ] s1 | s1 = [ &i <- __creusot_proc_iter_elem ] s2 - | s2 = index'0 {items} {i} (fun (_ret':t_Item'0) -> [ &_42 <- _ret' ] s3) + | s2 = index'0 {items} {i} (fun (_ret':t_Item'0) -> [ &_43 <- _ret' ] s3) | s3 = bb20 ] | bb20 = s0 - [ s0 = [ &it <- _42 ] s1 + [ s0 = [ &it <- _43 ] s1 | s1 = new'0 {[%#sknapsack_full12] (0 : usize)} {max_weight} - (fun (_ret':t_RangeInclusive'0) -> [ &_46 <- _ret' ] s2) + (fun (_ret':t_RangeInclusive'0) -> [ &_47 <- _ret' ] s2) | s2 = bb21 ] - | bb21 = s0 [ s0 = into_iter'1 {_46} (fun (_ret':t_RangeInclusive'0) -> [ &iter1 <- _ret' ] s1) | s1 = bb22 ] + | bb21 = s0 [ s0 = into_iter'1 {_47} (fun (_ret':t_RangeInclusive'0) -> [ &iter1 <- _ret' ] s1) | s1 = bb22 ] | bb22 = s0 [ s0 = [ &iter_old1 <- [%#sknapsack_full13] Snapshot.new iter1 ] s1 | s1 = bb23 ] | bb23 = s0 [ s0 = [ &produced1 <- [%#sknapsack_full14] Snapshot.new (Seq.empty : Seq.seq usize) ] s1 | s1 = bb24 ] | bb24 = bb25 - | bb25 = bb26 - | bb26 = bb27 - | bb27 = bb28 - | bb28 = bb29 - | bb29 = bb30 - | bb30 = bb30 - [ bb30 = {[@expl:for invariant] [%#sknapsack_full20] inv'1 (Snapshot.inner produced1)} + | bb25 = bb25 + [ bb25 = {[@expl:for invariant] [%#sknapsack_full20] inv'1 (Snapshot.inner produced1)} {[@expl:for invariant] [%#sknapsack_full20] inv'2 iter1} {[@expl:for invariant] [%#sknapsack_full20] produces'1 (Snapshot.inner iter_old1) (Snapshot.inner produced1) iter1} {[@expl:loop invariant #0] [%#sknapsack_full19] Seq.length (view'0 items) + 1 @@ -1167,95 +1162,96 @@ module M_knapsack_full__knapsack01_dyn [#"knapsack_full.rs" 86 0 86 91] {[@expl:loop invariant #4] [%#sknapsack_full15] forall ii : int, ww : int . 0 <= ii /\ ii <= Seq.length (view'0 items) /\ 0 <= ww /\ ww <= UIntSize.to_int max_weight -> UIntSize.to_int (Seq.get (view'1 (index_logic'0 best_value ii)) ww) <= 10000000 * ii} - (! s0) [ s0 = bb31 ] - [ bb31 = s0 + (! s0) [ s0 = bb26 ] + [ bb26 = bb27 + | bb27 = bb28 + | bb28 = bb29 + | bb29 = bb30 + | bb30 = bb31 + | bb31 = s0 [ s0 = Borrow.borrow_mut {iter1} - (fun (_ret':borrowed (t_RangeInclusive'0)) -> [ &_62 <- _ret' ] [ &iter1 <- _ret'.final ] s1) - | s1 = Borrow.borrow_final {_62.current} {Borrow.get_id _62} + (fun (_ret':borrowed (t_RangeInclusive'0)) -> [ &_64 <- _ret' ] [ &iter1 <- _ret'.final ] s1) + | s1 = Borrow.borrow_final {_64.current} {Borrow.get_id _64} (fun (_ret':borrowed (t_RangeInclusive'0)) -> - [ &_61 <- _ret' ] - [ &_62 <- { _62 with current = _ret'.final } ] + [ &_63 <- _ret' ] + [ &_64 <- { _64 with current = _ret'.final } ] s2) - | s2 = next'1 {_61} (fun (_ret':t_Option'0) -> [ &_60 <- _ret' ] s3) + | s2 = next'1 {_63} (fun (_ret':t_Option'0) -> [ &_62 <- _ret' ] s3) | s3 = bb32 ] | bb32 = s0 - [ s0 = -{resolve'1 _62}- s1 - | s1 = any [ br0 -> {_60 = C_None'0 } (! bb35) | br1 (x0:usize)-> {_60 = C_Some'0 x0} (! bb34) ] ] + [ s0 = -{resolve'1 _64}- s1 + | s1 = any [ br0 -> {_62 = C_None'0 } (! bb35) | br1 (x0:usize)-> {_62 = C_Some'0 x0} (! bb34) ] ] | bb34 = bb36 | bb36 = s0 - [ s0 = v_Some'0 {_60} (fun (r0'0:usize) -> [ &__creusot_proc_iter_elem1 <- r0'0 ] s1) + [ s0 = v_Some'0 {_62} (fun (r0'0:usize) -> [ &__creusot_proc_iter_elem1 <- r0'0 ] s1) | s1 = - [ &_65 <- [%#sknapsack_full21] Snapshot.new (Seq.(++) (Snapshot.inner produced1) (Seq.singleton __creusot_proc_iter_elem1)) ] + [ &_67 <- [%#sknapsack_full21] Snapshot.new (Seq.(++) (Snapshot.inner produced1) (Seq.singleton __creusot_proc_iter_elem1)) ] s2 | s2 = bb37 ] | bb37 = s0 - [ s0 = [ &produced1 <- _65 ] s1 + [ s0 = [ &produced1 <- _67 ] s1 | s1 = [ &w <- __creusot_proc_iter_elem1 ] s2 - | s2 = UIntSize.gt {it.t_Item__weight'0} {w} (fun (_ret':bool) -> [ &_69 <- _ret' ] s3) - | s3 = any [ br0 -> {_69 = false} (! bb41) | br1 -> {_69} (! bb38) ] ] + | s2 = UIntSize.gt {it.t_Item__weight'0} {w} (fun (_ret':bool) -> [ &_71 <- _ret' ] s3) + | s3 = any [ br0 -> {_71 = false} (! bb41) | br1 -> {_71} (! bb38) ] ] - | bb38 = s0 [ s0 = index'1 {best_value} {i} (fun (_ret':t_Vec'0) -> [ &_74 <- _ret' ] s1) | s1 = bb39 ] - | bb39 = s0 [ s0 = index'2 {_74} {w} (fun (_ret':usize) -> [ &_72 <- _ret' ] s1) | s1 = bb40 ] - | bb40 = s0 [ s0 = [ &_68 <- _72 ] s1 | s1 = bb47 ] - | bb41 = s0 [ s0 = index'1 {best_value} {i} (fun (_ret':t_Vec'0) -> [ &_81 <- _ret' ] s1) | s1 = bb42 ] - | bb42 = s0 [ s0 = index'2 {_81} {w} (fun (_ret':usize) -> [ &_79 <- _ret' ] s1) | s1 = bb43 ] - | bb43 = s0 [ s0 = index'1 {best_value} {i} (fun (_ret':t_Vec'0) -> [ &_89 <- _ret' ] s1) | s1 = bb44 ] + | bb38 = s0 [ s0 = index'1 {best_value} {i} (fun (_ret':t_Vec'0) -> [ &_76 <- _ret' ] s1) | s1 = bb39 ] + | bb39 = s0 [ s0 = index'2 {_76} {w} (fun (_ret':usize) -> [ &_74 <- _ret' ] s1) | s1 = bb40 ] + | bb40 = s0 [ s0 = [ &_70 <- _74 ] s1 | s1 = bb47 ] + | bb41 = s0 [ s0 = index'1 {best_value} {i} (fun (_ret':t_Vec'0) -> [ &_83 <- _ret' ] s1) | s1 = bb42 ] + | bb42 = s0 [ s0 = index'2 {_83} {w} (fun (_ret':usize) -> [ &_81 <- _ret' ] s1) | s1 = bb43 ] + | bb43 = s0 [ s0 = index'1 {best_value} {i} (fun (_ret':t_Vec'0) -> [ &_91 <- _ret' ] s1) | s1 = bb44 ] | bb44 = s0 - [ s0 = UIntSize.sub {w} {it.t_Item__weight'0} (fun (_ret':usize) -> [ &_92 <- _ret' ] s1) - | s1 = index'2 {_89} {_92} (fun (_ret':usize) -> [ &_87 <- _ret' ] s2) + [ s0 = UIntSize.sub {w} {it.t_Item__weight'0} (fun (_ret':usize) -> [ &_94 <- _ret' ] s1) + | s1 = index'2 {_91} {_94} (fun (_ret':usize) -> [ &_89 <- _ret' ] s2) | s2 = bb45 ] | bb45 = s0 - [ s0 = UIntSize.add {_87} {it.t_Item__value'0} (fun (_ret':usize) -> [ &_85 <- _ret' ] s1) - | s1 = max'0 {_79} {_85} (fun (_ret':usize) -> [ &_68 <- _ret' ] s2) + [ s0 = UIntSize.add {_89} {it.t_Item__value'0} (fun (_ret':usize) -> [ &_87 <- _ret' ] s1) + | s1 = max'0 {_81} {_87} (fun (_ret':usize) -> [ &_70 <- _ret' ] s2) | s2 = bb46 ] | bb46 = bb47 | bb47 = s0 [ s0 = Borrow.borrow_mut {best_value} - (fun (_ret':borrowed (t_Vec'1)) -> [ &_99 <- _ret' ] [ &best_value <- _ret'.final ] s1) - | s1 = UIntSize.add {i} {[%#sknapsack_full22] (1 : usize)} (fun (_ret':usize) -> [ &_100 <- _ret' ] s2) - | s2 = index_mut'0 {_99} {_100} (fun (_ret':borrowed (t_Vec'0)) -> [ &_98 <- _ret' ] s3) + (fun (_ret':borrowed (t_Vec'1)) -> [ &_101 <- _ret' ] [ &best_value <- _ret'.final ] s1) + | s1 = UIntSize.add {i} {[%#sknapsack_full22] (1 : usize)} (fun (_ret':usize) -> [ &_102 <- _ret' ] s2) + | s2 = index_mut'0 {_101} {_102} (fun (_ret':borrowed (t_Vec'0)) -> [ &_100 <- _ret' ] s3) | s3 = bb48 ] | bb48 = s0 - [ s0 = Borrow.borrow_final {_98.current} {Borrow.get_id _98} + [ s0 = Borrow.borrow_final {_100.current} {Borrow.get_id _100} (fun (_ret':borrowed (t_Vec'0)) -> - [ &_97 <- _ret' ] - [ &_98 <- { _98 with current = _ret'.final } ] + [ &_99 <- _ret' ] + [ &_100 <- { _100 with current = _ret'.final } ] s1) - | s1 = index_mut'1 {_97} {w} (fun (_ret':borrowed usize) -> [ &_96 <- _ret' ] s2) + | s1 = index_mut'1 {_99} {w} (fun (_ret':borrowed usize) -> [ &_98 <- _ret' ] s2) | s2 = bb49 ] | bb49 = s0 - [ s0 = [ &_96 <- { _96 with current = _68 } ] s1 - | s1 = -{resolve'2 _96}- s2 - | s2 = -{resolve'3 _98}- s3 - | s3 = bb30 ] + [ s0 = [ &_98 <- { _98 with current = _70 } ] s1 + | s1 = -{resolve'2 _98}- s2 + | s2 = -{resolve'3 _100}- s3 + | s3 = bb25 ] ] ] - | bb35 = bb12 ] + | bb35 = bb8 ] ] - | bb17 = s0 [ s0 = len'0 {items} (fun (_ret':usize) -> [ &_106 <- _ret' ] s1) | s1 = bb50 ] - | bb50 = s0 [ s0 = with_capacity'0 {_106} (fun (_ret':t_Vec'2) -> [ &result <- _ret' ] s1) | s1 = bb51 ] + | bb17 = s0 [ s0 = len'0 {items} (fun (_ret':usize) -> [ &_108 <- _ret' ] s1) | s1 = bb50 ] + | bb50 = s0 [ s0 = with_capacity'0 {_108} (fun (_ret':t_Vec'2) -> [ &result <- _ret' ] s1) | s1 = bb51 ] | bb51 = s0 [ s0 = [ &left_weight <- max_weight ] s1 | s1 = len'0 {items} (fun (_ret':usize) -> [ &j <- _ret' ] s2) | s2 = bb52 ] | bb52 = bb53 - | bb53 = bb54 - | bb54 = bb55 - | bb55 = bb56 - | bb56 = bb57 - | bb57 = bb57 - [ bb57 = {[@expl:loop invariant #0] [%#sknapsack_full28] inv'3 result} + | bb53 = bb53 + [ bb53 = {[@expl:loop invariant #0] [%#sknapsack_full28] inv'3 result} {[@expl:loop invariant #1] [%#sknapsack_full27] UIntSize.to_int j <= Seq.length (view'0 items)} {[@expl:loop invariant #2] [%#sknapsack_full26] UIntSize.to_int left_weight <= UIntSize.to_int max_weight} {[@expl:loop invariant #3] [%#sknapsack_full25] forall r : Seq.seq (t_Item'0) . Seq.length (view'3 result) @@ -1274,38 +1270,42 @@ module M_knapsack_full__knapsack01_dyn [#"knapsack_full.rs" 86 0 86 91] /\ (forall i : int . 0 <= i /\ i < Seq.length (view'3 result) -> index_logic'1 result i = Seq.get r i) /\ subseq_rev'0 r (Seq.length (view'3 result)) (view'0 items) (UIntSize.to_int j) -> subseq_rev'0 r 0 (view'0 items) (Seq.length (view'0 items))} - (! s0) [ s0 = bb58 ] - [ bb58 = s0 - [ s0 = UIntSize.lt {[%#sknapsack_full29] (0 : usize)} {j} (fun (_ret':bool) -> [ &_118 <- _ret' ] s1) - | s1 = any [ br0 -> {_118 = false} (! bb69) | br1 -> {_118} (! bb59) ] ] + (! s0) [ s0 = bb54 ] + [ bb54 = bb55 + | bb55 = bb56 + | bb56 = bb57 + | bb57 = bb58 + | bb58 = s0 + [ s0 = UIntSize.lt {[%#sknapsack_full29] (0 : usize)} {j} (fun (_ret':bool) -> [ &_121 <- _ret' ] s1) + | s1 = any [ br0 -> {_121 = false} (! bb69) | br1 -> {_121} (! bb59) ] ] | bb59 = s0 [ s0 = UIntSize.sub {j} {[%#sknapsack_full30] (1 : usize)} (fun (_ret':usize) -> [ &j <- _ret' ] s1) - | s1 = index'0 {items} {j} (fun (_ret':t_Item'0) -> [ &_121 <- _ret' ] s2) + | s1 = index'0 {items} {j} (fun (_ret':t_Item'0) -> [ &_124 <- _ret' ] s2) | s2 = bb60 ] | bb60 = s0 - [ s0 = [ &it1 <- _121 ] s1 - | s1 = UIntSize.add {j} {[%#sknapsack_full31] (1 : usize)} (fun (_ret':usize) -> [ &_130 <- _ret' ] s2) - | s2 = index'1 {best_value} {_130} (fun (_ret':t_Vec'0) -> [ &_128 <- _ret' ] s3) + [ s0 = [ &it1 <- _124 ] s1 + | s1 = UIntSize.add {j} {[%#sknapsack_full31] (1 : usize)} (fun (_ret':usize) -> [ &_133 <- _ret' ] s2) + | s2 = index'1 {best_value} {_133} (fun (_ret':t_Vec'0) -> [ &_131 <- _ret' ] s3) | s3 = bb61 ] - | bb61 = s0 [ s0 = index'2 {_128} {left_weight} (fun (_ret':usize) -> [ &_126 <- _ret' ] s1) | s1 = bb62 ] - | bb62 = s0 [ s0 = index'1 {best_value} {j} (fun (_ret':t_Vec'0) -> [ &_136 <- _ret' ] s1) | s1 = bb63 ] - | bb63 = s0 [ s0 = index'2 {_136} {left_weight} (fun (_ret':usize) -> [ &_134 <- _ret' ] s1) | s1 = bb64 ] + | bb61 = s0 [ s0 = index'2 {_131} {left_weight} (fun (_ret':usize) -> [ &_129 <- _ret' ] s1) | s1 = bb62 ] + | bb62 = s0 [ s0 = index'1 {best_value} {j} (fun (_ret':t_Vec'0) -> [ &_139 <- _ret' ] s1) | s1 = bb63 ] + | bb63 = s0 [ s0 = index'2 {_139} {left_weight} (fun (_ret':usize) -> [ &_137 <- _ret' ] s1) | s1 = bb64 ] | bb64 = s0 - [ s0 = UIntSize.ne {_126} {_134} (fun (_ret':bool) -> [ &_124 <- _ret' ] s1) - | s1 = any [ br0 -> {_124 = false} (! bb67) | br1 -> {_124} (! bb65) ] ] + [ s0 = UIntSize.ne {_129} {_137} (fun (_ret':bool) -> [ &_127 <- _ret' ] s1) + | s1 = any [ br0 -> {_127 = false} (! bb67) | br1 -> {_127} (! bb65) ] ] | bb65 = s0 [ s0 = {inv'3 result} Borrow.borrow_mut {result} (fun (_ret':borrowed (t_Vec'2)) -> - [ &_141 <- _ret' ] + [ &_144 <- _ret' ] -{inv'3 _ret'.final}- [ &result <- _ret'.final ] s1) - | s1 = push'0 {_141} {it1} (fun (_ret':()) -> [ &_140 <- _ret' ] s2) + | s1 = push'0 {_144} {it1} (fun (_ret':()) -> [ &_143 <- _ret' ] s2) | s2 = bb66 ] | bb66 = s0 @@ -1313,7 +1313,7 @@ module M_knapsack_full__knapsack01_dyn [#"knapsack_full.rs" 86 0 86 91] | s1 = bb68 ] | bb67 = bb68 - | bb68 = bb57 ] + | bb68 = bb53 ] ] | bb69 = s0 [ s0 = [ &_0 <- result ] s1 | s1 = bb70 ] @@ -1333,54 +1333,54 @@ module M_knapsack_full__knapsack01_dyn [#"knapsack_full.rs" 86 0 86 91] | & _19 : usize = any_l () | & iter_old : Snapshot.snap_ty (t_Range'0) = any_l () | & produced : Snapshot.snap_ty (Seq.seq usize) = any_l () - | & _33 : t_Option'0 = any_l () - | & _34 : borrowed (t_Range'0) = any_l () + | & _34 : t_Option'0 = any_l () | & _35 : borrowed (t_Range'0) = any_l () + | & _36 : borrowed (t_Range'0) = any_l () | & __creusot_proc_iter_elem : usize = any_l () - | & _38 : Snapshot.snap_ty (Seq.seq usize) = any_l () + | & _39 : Snapshot.snap_ty (Seq.seq usize) = any_l () | & i : usize = any_l () | & it : t_Item'0 = any_l () - | & _42 : t_Item'0 = any_l () + | & _43 : t_Item'0 = any_l () | & iter1 : t_RangeInclusive'0 = any_l () - | & _46 : t_RangeInclusive'0 = any_l () + | & _47 : t_RangeInclusive'0 = any_l () | & iter_old1 : Snapshot.snap_ty (t_RangeInclusive'0) = any_l () | & produced1 : Snapshot.snap_ty (Seq.seq usize) = any_l () - | & _60 : t_Option'0 = any_l () - | & _61 : borrowed (t_RangeInclusive'0) = any_l () - | & _62 : borrowed (t_RangeInclusive'0) = any_l () + | & _62 : t_Option'0 = any_l () + | & _63 : borrowed (t_RangeInclusive'0) = any_l () + | & _64 : borrowed (t_RangeInclusive'0) = any_l () | & __creusot_proc_iter_elem1 : usize = any_l () - | & _65 : Snapshot.snap_ty (Seq.seq usize) = any_l () + | & _67 : Snapshot.snap_ty (Seq.seq usize) = any_l () | & w : usize = any_l () - | & _68 : usize = any_l () - | & _69 : bool = any_l () - | & _72 : usize = any_l () - | & _74 : t_Vec'0 = any_l () - | & _79 : usize = any_l () - | & _81 : t_Vec'0 = any_l () - | & _85 : usize = any_l () + | & _70 : usize = any_l () + | & _71 : bool = any_l () + | & _74 : usize = any_l () + | & _76 : t_Vec'0 = any_l () + | & _81 : usize = any_l () + | & _83 : t_Vec'0 = any_l () | & _87 : usize = any_l () - | & _89 : t_Vec'0 = any_l () - | & _92 : usize = any_l () - | & _96 : borrowed usize = any_l () - | & _97 : borrowed (t_Vec'0) = any_l () - | & _98 : borrowed (t_Vec'0) = any_l () - | & _99 : borrowed (t_Vec'1) = any_l () - | & _100 : usize = any_l () + | & _89 : usize = any_l () + | & _91 : t_Vec'0 = any_l () + | & _94 : usize = any_l () + | & _98 : borrowed usize = any_l () + | & _99 : borrowed (t_Vec'0) = any_l () + | & _100 : borrowed (t_Vec'0) = any_l () + | & _101 : borrowed (t_Vec'1) = any_l () + | & _102 : usize = any_l () | & result : t_Vec'2 = any_l () - | & _106 : usize = any_l () + | & _108 : usize = any_l () | & left_weight : usize = any_l () | & j : usize = any_l () - | & _118 : bool = any_l () + | & _121 : bool = any_l () | & it1 : t_Item'0 = any_l () - | & _121 : t_Item'0 = any_l () - | & _124 : bool = any_l () - | & _126 : usize = any_l () - | & _128 : t_Vec'0 = any_l () - | & _130 : usize = any_l () - | & _134 : usize = any_l () - | & _136 : t_Vec'0 = any_l () - | & _140 : () = any_l () - | & _141 : borrowed (t_Vec'2) = any_l () ] + | & _124 : t_Item'0 = any_l () + | & _127 : bool = any_l () + | & _129 : usize = any_l () + | & _131 : t_Vec'0 = any_l () + | & _133 : usize = any_l () + | & _137 : usize = any_l () + | & _139 : t_Vec'0 = any_l () + | & _143 : () = any_l () + | & _144 : borrowed (t_Vec'2) = any_l () ] [ return' (result:t_Vec'2)-> {[@expl:knapsack01_dyn result type invariant] [%#sknapsack_full36] inv'3 result} {[@expl:knapsack01_dyn ensures #0] [%#sknapsack_full37] sum_weights'0 (view'3 result) (Seq.length (view'3 result)) diff --git a/creusot/tests/should_succeed/lang/while_let.coma b/creusot/tests/should_succeed/lang/while_let.coma index 35c8614ed..907f37f1c 100644 --- a/creusot/tests/should_succeed/lang/while_let.coma +++ b/creusot/tests/should_succeed/lang/while_let.coma @@ -41,7 +41,7 @@ module M_while_let__f [#"while_let.rs" 4 0 4 10] (! s0) [ s0 = bb2 ] [ bb2 = any [ br0 -> {b.current = C_None'0 } (! bb5) | br1 (x0:int32)-> {b.current = C_Some'0 x0} (! bb3) ] | bb3 = bb4 - | bb4 = s0 [ s0 = [ &_6 <- C_None'0 ] s1 | s1 = [ &b <- { b with current = _6 } ] s2 | s2 = bb1 ] ] + | bb4 = s0 [ s0 = [ &_7 <- C_None'0 ] s1 | s1 = [ &b <- { b with current = _7 } ] s2 | s2 = bb1 ] ] ] | bb5 = s0 [ s0 = -{resolve'0 b}- s1 | s1 = return' {_0} ] ] @@ -49,7 +49,7 @@ module M_while_let__f [#"while_let.rs" 4 0 4 10] [ & _0 : () = any_l () | & a : t_Option'0 = any_l () | & b : borrowed (t_Option'0) = any_l () - | & _6 : t_Option'0 = any_l () + | & _7 : t_Option'0 = any_l () | & old_1_0 : Snapshot.snap_ty (borrowed (t_Option'0)) = any_l () ] [ return' (result:())-> (! return' {result}) ] end diff --git a/creusot/tests/should_succeed/list_index_mut.coma b/creusot/tests/should_succeed/list_index_mut.coma index 831d849e4..176d5e066 100644 --- a/creusot/tests/should_succeed/list_index_mut.coma +++ b/creusot/tests/should_succeed/list_index_mut.coma @@ -153,25 +153,25 @@ module M_list_index_mut__index_mut [#"list_index_mut.rs" 37 0 37 61] -> get'0 (Snapshot.inner old_l).final i = get'0 (Snapshot.inner old_l).current i)} (! s0) [ s0 = bb4 ] [ bb4 = s0 - [ s0 = UIntSize.gt {ix} {[%#slist_index_mut7] (0 : usize)} (fun (_ret':bool) -> [ &_20 <- _ret' ] s1) - | s1 = any [ br0 -> {_20 = false} (! bb8) | br1 -> {_20} (! bb5) ] ] + [ s0 = UIntSize.gt {ix} {[%#slist_index_mut7] (0 : usize)} (fun (_ret':bool) -> [ &_21 <- _ret' ] s1) + | s1 = any [ br0 -> {_21 = false} (! bb8) | br1 -> {_21} (! bb5) ] ] | bb5 = s0 [ s0 = Borrow.borrow_final {(l.current).t_List__1'0} {Borrow.inherit_id (Borrow.get_id l) 2} (fun (_ret':borrowed (t_Option'0)) -> - [ &_25 <- _ret' ] + [ &_26 <- _ret' ] [ &l <- { l with current = { l.current with t_List__1'0 = _ret'.final } } ] s1) - | s1 = as_mut'0 {_25} (fun (_ret':t_Option'1) -> [ &_24 <- _ret' ] s2) + | s1 = as_mut'0 {_26} (fun (_ret':t_Option'1) -> [ &_25 <- _ret' ] s2) | s2 = bb6 ] - | bb6 = s0 [ s0 = unwrap'0 {_24} (fun (_ret':borrowed (t_List'0)) -> [ &_23 <- _ret' ] s1) | s1 = bb7 ] + | bb6 = s0 [ s0 = unwrap'0 {_25} (fun (_ret':borrowed (t_List'0)) -> [ &_24 <- _ret' ] s1) | s1 = bb7 ] | bb7 = s0 - [ s0 = Borrow.borrow_final {_23.current} {Borrow.get_id _23} - (fun (_ret':borrowed (t_List'0)) -> [ &_22 <- _ret' ] [ &_23 <- { _23 with current = _ret'.final } ] s1) + [ s0 = Borrow.borrow_final {_24.current} {Borrow.get_id _24} + (fun (_ret':borrowed (t_List'0)) -> [ &_23 <- _ret' ] [ &_24 <- { _24 with current = _ret'.final } ] s1) | s1 = -{resolve'0 l}- s2 - | s2 = [ &l <- _22 ] s3 - | s3 = -{resolve'1 _23}- s4 + | s2 = [ &l <- _23 ] s3 + | s3 = -{resolve'1 _24}- s4 | s4 = UIntSize.sub {ix} {[%#slist_index_mut8] (1 : usize)} (fun (_ret':usize) -> [ &ix <- _ret' ] s5) | s5 = bb3 ] ] @@ -180,14 +180,14 @@ module M_list_index_mut__index_mut [#"list_index_mut.rs" 37 0 37 61] | bb8 = s0 [ s0 = Borrow.borrow_final {(l.current).t_List__0'0} {Borrow.inherit_id (Borrow.get_id l) 1} (fun (_ret':borrowed uint32) -> - [ &_29 <- _ret' ] + [ &_28 <- _ret' ] [ &l <- { l with current = { l.current with t_List__0'0 = _ret'.final } } ] s1) - | s1 = Borrow.borrow_final {_29.current} {Borrow.get_id _29} - (fun (_ret':borrowed uint32) -> [ &_3 <- _ret' ] [ &_29 <- { _29 with current = _ret'.final } ] s2) + | s1 = Borrow.borrow_final {_28.current} {Borrow.get_id _28} + (fun (_ret':borrowed uint32) -> [ &_3 <- _ret' ] [ &_28 <- { _28 with current = _ret'.final } ] s2) | s2 = Borrow.borrow_final {_3.current} {Borrow.get_id _3} (fun (_ret':borrowed uint32) -> [ &_0 <- _ret' ] [ &_3 <- { _3 with current = _ret'.final } ] s3) - | s3 = -{resolve'2 _29}- s4 + | s3 = -{resolve'2 _28}- s4 | s4 = -{resolve'2 _3}- s5 | s5 = -{resolve'0 l}- s6 | s6 = return' {_0} ] @@ -199,12 +199,12 @@ module M_list_index_mut__index_mut [#"list_index_mut.rs" 37 0 37 61] | & _3 : borrowed uint32 = any_l () | & old_l : Snapshot.snap_ty (borrowed (t_List'0)) = any_l () | & old_ix : Snapshot.snap_ty usize = any_l () - | & _20 : bool = any_l () - | & _22 : borrowed (t_List'0) = any_l () + | & _21 : bool = any_l () | & _23 : borrowed (t_List'0) = any_l () - | & _24 : t_Option'1 = any_l () - | & _25 : borrowed (t_Option'0) = any_l () - | & _29 : borrowed uint32 = any_l () ] + | & _24 : borrowed (t_List'0) = any_l () + | & _25 : t_Option'1 = any_l () + | & _26 : borrowed (t_Option'0) = any_l () + | & _28 : borrowed uint32 = any_l () ] [ return' (result:borrowed uint32)-> {[@expl:index_mut ensures #0] [%#slist_index_mut10] C_Some'0 (result.current) = get'0 l.current (UIntSize.to_int ix)} diff --git a/creusot/tests/should_succeed/list_reversal_lasso.coma b/creusot/tests/should_succeed/list_reversal_lasso.coma index d03ea191a..e888f0fd2 100644 --- a/creusot/tests/should_succeed/list_reversal_lasso.coma +++ b/creusot/tests/should_succeed/list_reversal_lasso.coma @@ -406,27 +406,27 @@ module M_list_reversal_lasso__qyi2644757663130641572__list_reversal_safe [#"list (! s0) [ s0 = bb2 ] [ bb2 = s0 [ s0 = UIntSize.ne {l} {[%#slist_reversal_lasso4] (18446744073709551615 : usize)} - (fun (_ret':bool) -> [ &_12 <- _ret' ] s1) - | s1 = any [ br0 -> {_12 = false} (! bb6) | br1 -> {_12} (! bb3) ] ] + (fun (_ret':bool) -> [ &_13 <- _ret' ] s1) + | s1 = any [ br0 -> {_13 = false} (! bb6) | br1 -> {_13} (! bb3) ] ] | bb3 = s0 [ s0 = [ &tmp <- l ] s1 - | s1 = index'0 {self.current} {l} (fun (_ret':usize) -> [ &_16 <- _ret' ] s2) + | s1 = index'0 {self.current} {l} (fun (_ret':usize) -> [ &_17 <- _ret' ] s2) | s2 = bb4 ] | bb4 = s0 - [ s0 = [ &l <- _16 ] s1 + [ s0 = [ &l <- _17 ] s1 | s1 = Borrow.borrow_mut {self.current} (fun (_ret':borrowed (t_Memory'0)) -> - [ &_21 <- _ret' ] + [ &_22 <- _ret' ] [ &self <- { self with current = _ret'.final } ] s2) - | s2 = index_mut'0 {_21} {tmp} (fun (_ret':borrowed usize) -> [ &_20 <- _ret' ] s3) + | s2 = index_mut'0 {_22} {tmp} (fun (_ret':borrowed usize) -> [ &_21 <- _ret' ] s3) | s3 = bb5 ] | bb5 = s0 - [ s0 = [ &_20 <- { _20 with current = r } ] s1 - | s1 = -{resolve'0 _20}- s2 + [ s0 = [ &_21 <- { _21 with current = r } ] s1 + | s1 = -{resolve'0 _21}- s2 | s2 = [ &r <- tmp ] s3 | s3 = bb1 ] ] @@ -438,11 +438,11 @@ module M_list_reversal_lasso__qyi2644757663130641572__list_reversal_safe [#"list | & self : borrowed (t_Memory'0) = self | & l : usize = l | & r : usize = any_l () - | & _12 : bool = any_l () + | & _13 : bool = any_l () | & tmp : usize = any_l () - | & _16 : usize = any_l () - | & _20 : borrowed usize = any_l () - | & _21 : borrowed (t_Memory'0) = any_l () + | & _17 : usize = any_l () + | & _21 : borrowed usize = any_l () + | & _22 : borrowed (t_Memory'0) = any_l () | & old_1_0 : Snapshot.snap_ty (borrowed (t_Memory'0)) = any_l () ] [ return' (result:usize)-> (! return' {result}) ] end @@ -616,43 +616,43 @@ module M_list_reversal_lasso__qyi2644757663130641572__list_reversal_list [#"list (! s0) [ s0 = bb3 ] [ bb3 = s0 [ s0 = UIntSize.ne {l} {[%#slist_reversal_lasso5] (18446744073709551615 : usize)} - (fun (_ret':bool) -> [ &_15 <- _ret' ] s1) - | s1 = any [ br0 -> {_15 = false} (! bb9) | br1 -> {_15} (! bb4) ] ] + (fun (_ret':bool) -> [ &_16 <- _ret' ] s1) + | s1 = any [ br0 -> {_16 = false} (! bb9) | br1 -> {_16} (! bb4) ] ] | bb4 = s0 [ s0 = Borrow.borrow_mut {self.current} (fun (_ret':borrowed (t_Memory'0)) -> - [ &_21 <- _ret' ] + [ &_22 <- _ret' ] [ &self <- { self with current = _ret'.final } ] s1) - | s1 = index_mut'0 {_21} {l} (fun (_ret':borrowed usize) -> [ &_20 <- _ret' ] s2) + | s1 = index_mut'0 {_22} {l} (fun (_ret':borrowed usize) -> [ &_21 <- _ret' ] s2) | s2 = bb5 ] | bb5 = s0 - [ s0 = Borrow.borrow_final {_20.current} {Borrow.get_id _20} - (fun (_ret':borrowed usize) -> [ &_19 <- _ret' ] [ &_20 <- { _20 with current = _ret'.final } ] s1) - | s1 = Borrow.borrow_final {_19.current} {Borrow.get_id _19} - (fun (_ret':borrowed usize) -> [ &_18 <- _ret' ] [ &_19 <- { _19 with current = _ret'.final } ] s2) + [ s0 = Borrow.borrow_final {_21.current} {Borrow.get_id _21} + (fun (_ret':borrowed usize) -> [ &_20 <- _ret' ] [ &_21 <- { _21 with current = _ret'.final } ] s1) + | s1 = Borrow.borrow_final {_20.current} {Borrow.get_id _20} + (fun (_ret':borrowed usize) -> [ &_19 <- _ret' ] [ &_20 <- { _20 with current = _ret'.final } ] s2) | s2 = Borrow.borrow_mut {r} - (fun (_ret':borrowed usize) -> [ &_25 <- _ret' ] [ &r <- _ret'.final ] s3) - | s3 = Borrow.borrow_final {_25.current} {Borrow.get_id _25} - (fun (_ret':borrowed usize) -> [ &_24 <- _ret' ] [ &_25 <- { _25 with current = _ret'.final } ] s4) - | s4 = replace'0 {_24} {l} (fun (_ret':usize) -> [ &_23 <- _ret' ] s5) + (fun (_ret':borrowed usize) -> [ &_26 <- _ret' ] [ &r <- _ret'.final ] s3) + | s3 = Borrow.borrow_final {_26.current} {Borrow.get_id _26} + (fun (_ret':borrowed usize) -> [ &_25 <- _ret' ] [ &_26 <- { _26 with current = _ret'.final } ] s4) + | s4 = replace'0 {_25} {l} (fun (_ret':usize) -> [ &_24 <- _ret' ] s5) | s5 = bb6 ] | bb6 = s0 - [ s0 = -{resolve'0 _25}- s1 - | s1 = replace'0 {_18} {_23} (fun (_ret':usize) -> [ &_17 <- _ret' ] s2) + [ s0 = -{resolve'0 _26}- s1 + | s1 = replace'0 {_19} {_24} (fun (_ret':usize) -> [ &_18 <- _ret' ] s2) | s2 = bb7 ] | bb7 = s0 - [ s0 = -{resolve'0 _20}- s1 - | s1 = -{resolve'0 _19}- s2 - | s2 = [ &l <- _17 ] s3 - | s3 = [ &_27 <- [%#slist_reversal_lasso6] Snapshot.new (Snapshot.inner n + 1) ] s4 + [ s0 = -{resolve'0 _21}- s1 + | s1 = -{resolve'0 _20}- s2 + | s2 = [ &l <- _18 ] s3 + | s3 = [ &_28 <- [%#slist_reversal_lasso6] Snapshot.new (Snapshot.inner n + 1) ] s4 | s4 = bb8 ] - | bb8 = s0 [ s0 = [ &n <- _27 ] s1 | s1 = bb2 ] ] + | bb8 = s0 [ s0 = [ &n <- _28 ] s1 | s1 = bb2 ] ] ] | bb9 = s0 [ s0 = -{resolve'1 self}- s1 | s1 = [ &_0 <- r ] s2 | s2 = return' {_0} ] ] @@ -663,16 +663,16 @@ module M_list_reversal_lasso__qyi2644757663130641572__list_reversal_list [#"list | & s : Snapshot.snap_ty (Seq.seq usize) = s | & r : usize = any_l () | & n : Snapshot.snap_ty int = any_l () - | & _15 : bool = any_l () - | & _17 : usize = any_l () - | & _18 : borrowed usize = any_l () + | & _16 : bool = any_l () + | & _18 : usize = any_l () | & _19 : borrowed usize = any_l () | & _20 : borrowed usize = any_l () - | & _21 : borrowed (t_Memory'0) = any_l () - | & _23 : usize = any_l () - | & _24 : borrowed usize = any_l () + | & _21 : borrowed usize = any_l () + | & _22 : borrowed (t_Memory'0) = any_l () + | & _24 : usize = any_l () | & _25 : borrowed usize = any_l () - | & _27 : Snapshot.snap_ty int = any_l () + | & _26 : borrowed usize = any_l () + | & _28 : Snapshot.snap_ty int = any_l () | & old_2_0 : Snapshot.snap_ty (borrowed (t_Memory'0)) = any_l () ] [ return' (result:usize)-> {[@expl:list_reversal_list ensures] [%#slist_reversal_lasso8] list'0 self.final result (Reverse.reverse (Snapshot.inner s))} @@ -877,8 +877,8 @@ module M_list_reversal_lasso__qyi2644757663130641572__list_reversal_loop [#"list (! s0) [ s0 = bb3 ] [ bb3 = s0 [ s0 = UIntSize.ne {l} {[%#slist_reversal_lasso6] (18446744073709551615 : usize)} - (fun (_ret':bool) -> [ &_17 <- _ret' ] s1) - | s1 = any [ br0 -> {_17 = false} (! bb9) | br1 -> {_17} (! bb4) ] ] + (fun (_ret':bool) -> [ &_18 <- _ret' ] s1) + | s1 = any [ br0 -> {_18 = false} (! bb9) | br1 -> {_18} (! bb4) ] ] | bb4 = s0 [ s0 = {[@expl:assertion] [%#slist_reversal_lasso7] Snapshot.inner n = Seq.length (Snapshot.inner s) @@ -886,37 +886,37 @@ module M_list_reversal_lasso__qyi2644757663130641572__list_reversal_loop [#"list s1 | s1 = Borrow.borrow_mut {self.current} (fun (_ret':borrowed (t_Memory'0)) -> - [ &_25 <- _ret' ] + [ &_26 <- _ret' ] [ &self <- { self with current = _ret'.final } ] s2) - | s2 = index_mut'0 {_25} {l} (fun (_ret':borrowed usize) -> [ &_24 <- _ret' ] s3) + | s2 = index_mut'0 {_26} {l} (fun (_ret':borrowed usize) -> [ &_25 <- _ret' ] s3) | s3 = bb5 ] | bb5 = s0 - [ s0 = Borrow.borrow_final {_24.current} {Borrow.get_id _24} - (fun (_ret':borrowed usize) -> [ &_23 <- _ret' ] [ &_24 <- { _24 with current = _ret'.final } ] s1) - | s1 = Borrow.borrow_final {_23.current} {Borrow.get_id _23} - (fun (_ret':borrowed usize) -> [ &_22 <- _ret' ] [ &_23 <- { _23 with current = _ret'.final } ] s2) + [ s0 = Borrow.borrow_final {_25.current} {Borrow.get_id _25} + (fun (_ret':borrowed usize) -> [ &_24 <- _ret' ] [ &_25 <- { _25 with current = _ret'.final } ] s1) + | s1 = Borrow.borrow_final {_24.current} {Borrow.get_id _24} + (fun (_ret':borrowed usize) -> [ &_23 <- _ret' ] [ &_24 <- { _24 with current = _ret'.final } ] s2) | s2 = Borrow.borrow_mut {r} - (fun (_ret':borrowed usize) -> [ &_29 <- _ret' ] [ &r <- _ret'.final ] s3) - | s3 = Borrow.borrow_final {_29.current} {Borrow.get_id _29} - (fun (_ret':borrowed usize) -> [ &_28 <- _ret' ] [ &_29 <- { _29 with current = _ret'.final } ] s4) - | s4 = replace'0 {_28} {l} (fun (_ret':usize) -> [ &_27 <- _ret' ] s5) + (fun (_ret':borrowed usize) -> [ &_30 <- _ret' ] [ &r <- _ret'.final ] s3) + | s3 = Borrow.borrow_final {_30.current} {Borrow.get_id _30} + (fun (_ret':borrowed usize) -> [ &_29 <- _ret' ] [ &_30 <- { _30 with current = _ret'.final } ] s4) + | s4 = replace'0 {_29} {l} (fun (_ret':usize) -> [ &_28 <- _ret' ] s5) | s5 = bb6 ] | bb6 = s0 - [ s0 = -{resolve'0 _29}- s1 - | s1 = replace'0 {_22} {_27} (fun (_ret':usize) -> [ &_21 <- _ret' ] s2) + [ s0 = -{resolve'0 _30}- s1 + | s1 = replace'0 {_23} {_28} (fun (_ret':usize) -> [ &_22 <- _ret' ] s2) | s2 = bb7 ] | bb7 = s0 - [ s0 = -{resolve'0 _24}- s1 - | s1 = -{resolve'0 _23}- s2 - | s2 = [ &l <- _21 ] s3 - | s3 = [ &_31 <- [%#slist_reversal_lasso8] Snapshot.new (Snapshot.inner n + 1) ] s4 + [ s0 = -{resolve'0 _25}- s1 + | s1 = -{resolve'0 _24}- s2 + | s2 = [ &l <- _22 ] s3 + | s3 = [ &_32 <- [%#slist_reversal_lasso8] Snapshot.new (Snapshot.inner n + 1) ] s4 | s4 = bb8 ] - | bb8 = s0 [ s0 = [ &n <- _31 ] s1 | s1 = bb2 ] ] + | bb8 = s0 [ s0 = [ &n <- _32 ] s1 | s1 = bb2 ] ] ] | bb9 = s0 @@ -935,16 +935,16 @@ module M_list_reversal_lasso__qyi2644757663130641572__list_reversal_loop [#"list | & s : Snapshot.snap_ty (Seq.seq usize) = s | & r : usize = any_l () | & n : Snapshot.snap_ty int = any_l () - | & _17 : bool = any_l () - | & _21 : usize = any_l () - | & _22 : borrowed usize = any_l () + | & _18 : bool = any_l () + | & _22 : usize = any_l () | & _23 : borrowed usize = any_l () | & _24 : borrowed usize = any_l () - | & _25 : borrowed (t_Memory'0) = any_l () - | & _27 : usize = any_l () - | & _28 : borrowed usize = any_l () + | & _25 : borrowed usize = any_l () + | & _26 : borrowed (t_Memory'0) = any_l () + | & _28 : usize = any_l () | & _29 : borrowed usize = any_l () - | & _31 : Snapshot.snap_ty int = any_l () + | & _30 : borrowed usize = any_l () + | & _32 : Snapshot.snap_ty int = any_l () | & old_2_0 : Snapshot.snap_ty (borrowed (t_Memory'0)) = any_l () ] [ return' (result:usize)-> {[@expl:list_reversal_loop ensures] [%#slist_reversal_lasso12] loopqy95z'0 self.final result (push_front'0 (Reverse.reverse (Seq.([..]) (Snapshot.inner s) 1 (Seq.length (Snapshot.inner s)))) (index_logic'0 s 0))} @@ -1164,43 +1164,43 @@ module M_list_reversal_lasso__qyi2644757663130641572__list_reversal_lasso [#"lis (! s0) [ s0 = bb3 ] [ bb3 = s0 [ s0 = UIntSize.ne {l} {[%#slist_reversal_lasso5] (18446744073709551615 : usize)} - (fun (_ret':bool) -> [ &_17 <- _ret' ] s1) - | s1 = any [ br0 -> {_17 = false} (! bb9) | br1 -> {_17} (! bb4) ] ] + (fun (_ret':bool) -> [ &_18 <- _ret' ] s1) + | s1 = any [ br0 -> {_18 = false} (! bb9) | br1 -> {_18} (! bb4) ] ] | bb4 = s0 [ s0 = Borrow.borrow_mut {self.current} (fun (_ret':borrowed (t_Memory'0)) -> - [ &_23 <- _ret' ] + [ &_24 <- _ret' ] [ &self <- { self with current = _ret'.final } ] s1) - | s1 = index_mut'0 {_23} {l} (fun (_ret':borrowed usize) -> [ &_22 <- _ret' ] s2) + | s1 = index_mut'0 {_24} {l} (fun (_ret':borrowed usize) -> [ &_23 <- _ret' ] s2) | s2 = bb5 ] | bb5 = s0 - [ s0 = Borrow.borrow_final {_22.current} {Borrow.get_id _22} - (fun (_ret':borrowed usize) -> [ &_21 <- _ret' ] [ &_22 <- { _22 with current = _ret'.final } ] s1) - | s1 = Borrow.borrow_final {_21.current} {Borrow.get_id _21} - (fun (_ret':borrowed usize) -> [ &_20 <- _ret' ] [ &_21 <- { _21 with current = _ret'.final } ] s2) + [ s0 = Borrow.borrow_final {_23.current} {Borrow.get_id _23} + (fun (_ret':borrowed usize) -> [ &_22 <- _ret' ] [ &_23 <- { _23 with current = _ret'.final } ] s1) + | s1 = Borrow.borrow_final {_22.current} {Borrow.get_id _22} + (fun (_ret':borrowed usize) -> [ &_21 <- _ret' ] [ &_22 <- { _22 with current = _ret'.final } ] s2) | s2 = Borrow.borrow_mut {r} - (fun (_ret':borrowed usize) -> [ &_27 <- _ret' ] [ &r <- _ret'.final ] s3) - | s3 = Borrow.borrow_final {_27.current} {Borrow.get_id _27} - (fun (_ret':borrowed usize) -> [ &_26 <- _ret' ] [ &_27 <- { _27 with current = _ret'.final } ] s4) - | s4 = replace'0 {_26} {l} (fun (_ret':usize) -> [ &_25 <- _ret' ] s5) + (fun (_ret':borrowed usize) -> [ &_28 <- _ret' ] [ &r <- _ret'.final ] s3) + | s3 = Borrow.borrow_final {_28.current} {Borrow.get_id _28} + (fun (_ret':borrowed usize) -> [ &_27 <- _ret' ] [ &_28 <- { _28 with current = _ret'.final } ] s4) + | s4 = replace'0 {_27} {l} (fun (_ret':usize) -> [ &_26 <- _ret' ] s5) | s5 = bb6 ] | bb6 = s0 - [ s0 = -{resolve'0 _27}- s1 - | s1 = replace'0 {_20} {_25} (fun (_ret':usize) -> [ &_19 <- _ret' ] s2) + [ s0 = -{resolve'0 _28}- s1 + | s1 = replace'0 {_21} {_26} (fun (_ret':usize) -> [ &_20 <- _ret' ] s2) | s2 = bb7 ] | bb7 = s0 - [ s0 = -{resolve'0 _22}- s1 - | s1 = -{resolve'0 _21}- s2 - | s2 = [ &l <- _19 ] s3 - | s3 = [ &_29 <- [%#slist_reversal_lasso6] Snapshot.new (Snapshot.inner n + 1) ] s4 + [ s0 = -{resolve'0 _23}- s1 + | s1 = -{resolve'0 _22}- s2 + | s2 = [ &l <- _20 ] s3 + | s3 = [ &_30 <- [%#slist_reversal_lasso6] Snapshot.new (Snapshot.inner n + 1) ] s4 | s4 = bb8 ] - | bb8 = s0 [ s0 = [ &n <- _29 ] s1 | s1 = bb2 ] ] + | bb8 = s0 [ s0 = [ &n <- _30 ] s1 | s1 = bb2 ] ] ] | bb9 = s0 [ s0 = -{resolve'1 self}- s1 | s1 = [ &_0 <- r ] s2 | s2 = return' {_0} ] ] @@ -1212,16 +1212,16 @@ module M_list_reversal_lasso__qyi2644757663130641572__list_reversal_lasso [#"lis | & s2 : Snapshot.snap_ty (Seq.seq usize) = s2 | & r : usize = any_l () | & n : Snapshot.snap_ty int = any_l () - | & _17 : bool = any_l () - | & _19 : usize = any_l () - | & _20 : borrowed usize = any_l () + | & _18 : bool = any_l () + | & _20 : usize = any_l () | & _21 : borrowed usize = any_l () | & _22 : borrowed usize = any_l () - | & _23 : borrowed (t_Memory'0) = any_l () - | & _25 : usize = any_l () - | & _26 : borrowed usize = any_l () + | & _23 : borrowed usize = any_l () + | & _24 : borrowed (t_Memory'0) = any_l () + | & _26 : usize = any_l () | & _27 : borrowed usize = any_l () - | & _29 : Snapshot.snap_ty int = any_l () + | & _28 : borrowed usize = any_l () + | & _30 : Snapshot.snap_ty int = any_l () | & old_2_0 : Snapshot.snap_ty (borrowed (t_Memory'0)) = any_l () ] [ return' (result:usize)-> {[@expl:list_reversal_lasso ensures] [%#slist_reversal_lasso8] lasso'0 self.final result (Snapshot.inner s1) (Reverse.reverse (Snapshot.inner s2))} diff --git a/creusot/tests/should_succeed/red_black_tree.coma b/creusot/tests/should_succeed/red_black_tree.coma index fb270036c..a5fc9a52a 100644 --- a/creusot/tests/should_succeed/red_black_tree.coma +++ b/creusot/tests/should_succeed/red_black_tree.coma @@ -11005,30 +11005,30 @@ module M_red_black_tree__qyi1501420612169366910__get [#"red_black_tree.rs" 889 4 = has_mapping'0 tree (deep_model'0 key) v} (! s0) [ s0 = bb3 ] [ bb3 = s0 - [ s0 = [ &_13 <- tree.t_Tree__node'0 ] s1 - | s1 = any [ br0 -> {_13 = C_None'0 } (! bb14) | br1 (x0:t_Node'0)-> {_13 = C_Some'0 x0} (! bb4) ] ] + [ s0 = [ &_14 <- tree.t_Tree__node'0 ] s1 + | s1 = any [ br0 -> {_14 = C_None'0 } (! bb14) | br1 (x0:t_Node'0)-> {_14 = C_Some'0 x0} (! bb4) ] ] | bb4 = bb5 | bb5 = s0 - [ s0 = v_Some'0 {_13} (fun (r0'0:t_Node'0) -> [ &node <- r0'0 ] s1) - | s1 = [ &_19 <- node.t_Node__key'0 ] s2 - | s2 = cmp'0 {key} {_19} (fun (_ret':t_Ordering'0) -> [ &_16 <- _ret' ] s3) + [ s0 = v_Some'0 {_14} (fun (r0'0:t_Node'0) -> [ &node <- r0'0 ] s1) + | s1 = [ &_20 <- node.t_Node__key'0 ] s2 + | s2 = cmp'0 {key} {_20} (fun (_ret':t_Ordering'0) -> [ &_17 <- _ret' ] s3) | s3 = bb6 ] | bb6 = any - [ br0 -> {_16 = C_Less'0 } (! bb8) - | br1 -> {_16 = C_Equal'0 } (! bb9) - | br2 -> {_16 = C_Greater'0 } (! bb10) ] + [ br0 -> {_17 = C_Less'0 } (! bb8) + | br1 -> {_17 = C_Equal'0 } (! bb9) + | br2 -> {_17 = C_Greater'0 } (! bb10) ] - | bb10 = s0 [ s0 = [ &_27 <- node.t_Node__right'0 ] s1 | s1 = [ &tree <- _27 ] s2 | s2 = bb13 ] + | bb10 = s0 [ s0 = [ &_28 <- node.t_Node__right'0 ] s1 | s1 = [ &tree <- _28 ] s2 | s2 = bb13 ] | bb8 = bb11 - | bb11 = s0 [ s0 = [ &_22 <- node.t_Node__left'0 ] s1 | s1 = [ &tree <- _22 ] s2 | s2 = bb13 ] + | bb11 = s0 [ s0 = [ &_23 <- node.t_Node__left'0 ] s1 | s1 = [ &tree <- _23 ] s2 | s2 = bb13 ] | bb13 = bb2 ] ] | bb14 = s0 [ s0 = [ &_0 <- C_None'1 ] s1 | s1 = bb15 ] | bb9 = bb12 - | bb12 = s0 [ s0 = [ &_25 <- node.t_Node__val'0 ] s1 | s1 = [ &_0 <- C_Some'1 _25 ] s2 | s2 = bb15 ] + | bb12 = s0 [ s0 = [ &_26 <- node.t_Node__val'0 ] s1 | s1 = [ &_0 <- C_Some'1 _26 ] s2 | s2 = bb15 ] | bb15 = return' {_0} ] ) [ & _0 : t_Option'0 = any_l () @@ -11036,13 +11036,13 @@ module M_red_black_tree__qyi1501420612169366910__get [#"red_black_tree.rs" 889 4 | & key : t_K'0 = key | & _5 : Snapshot.snap_ty () = any_l () | & tree : t_Tree'0 = any_l () - | & _13 : t_Option'1 = any_l () + | & _14 : t_Option'1 = any_l () | & node : t_Node'0 = any_l () - | & _16 : t_Ordering'0 = any_l () - | & _19 : t_K'0 = any_l () - | & _22 : t_Tree'0 = any_l () - | & _25 : t_V'0 = any_l () - | & _27 : t_Tree'0 = any_l () ] + | & _17 : t_Ordering'0 = any_l () + | & _20 : t_K'0 = any_l () + | & _23 : t_Tree'0 = any_l () + | & _26 : t_V'0 = any_l () + | & _28 : t_Tree'0 = any_l () ] [ return' (result:t_Option'0)-> {[@expl:get result type invariant] [%#sred_black_tree6] inv'3 result} {[@expl:get ensures] [%#sred_black_tree7] match result with @@ -11534,54 +11534,54 @@ module M_red_black_tree__qyi1501420612169366910__get_mut [#"red_black_tree.rs" 9 [ s0 = {inv'2 (tree.current).t_Tree__node'0} Borrow.borrow_final {(tree.current).t_Tree__node'0} {Borrow.inherit_id (Borrow.get_id tree) 1} (fun (_ret':borrowed (t_Option'0)) -> - [ &_22 <- _ret' ] + [ &_23 <- _ret' ] -{inv'2 _ret'.final}- [ &tree <- { tree with current = { t_Tree__node'0 = _ret'.final } } ] s1) | s1 = any - [ br0 -> {_22.current = C_None'0 } (! bb15) | br1 (x0:t_Node'0)-> {_22.current = C_Some'0 x0} (! bb5) ] + [ br0 -> {_23.current = C_None'0 } (! bb15) | br1 (x0:t_Node'0)-> {_23.current = C_Some'0 x0} (! bb5) ] ] | bb5 = bb6 | bb6 = s0 - [ s0 = v_Some'0 {_22.current} + [ s0 = v_Some'0 {_23.current} (fun (r0'0:t_Node'0) -> {inv'3 r0'0} - Borrow.borrow_final {r0'0} {Borrow.inherit_id (Borrow.get_id _22) 1} + Borrow.borrow_final {r0'0} {Borrow.inherit_id (Borrow.get_id _23) 1} (fun (_ret':borrowed (t_Node'0)) -> [ &node <- _ret' ] -{inv'3 _ret'.final}- - [ &_22 <- { _22 with current = C_Some'0 _ret'.final } ] + [ &_23 <- { _23 with current = C_Some'0 _ret'.final } ] s1)) - | s1 = [ &_28 <- (node.current).t_Node__key'0 ] s2 - | s2 = cmp'0 {key} {_28} (fun (_ret':t_Ordering'0) -> [ &_25 <- _ret' ] s3) + | s1 = [ &_29 <- (node.current).t_Node__key'0 ] s2 + | s2 = cmp'0 {key} {_29} (fun (_ret':t_Ordering'0) -> [ &_26 <- _ret' ] s3) | s3 = bb7 ] | bb7 = any - [ br0 -> {_25 = C_Less'0 } (! bb9) - | br1 -> {_25 = C_Equal'0 } (! bb10) - | br2 -> {_25 = C_Greater'0 } (! bb11) ] + [ br0 -> {_26 = C_Less'0 } (! bb9) + | br1 -> {_26 = C_Equal'0 } (! bb10) + | br2 -> {_26 = C_Greater'0 } (! bb11) ] | bb11 = s0 [ s0 = {inv'0 (node.current).t_Node__right'0} Borrow.borrow_final {(node.current).t_Node__right'0} {Borrow.inherit_id (Borrow.get_id node) 5} (fun (_ret':borrowed (t_Tree'0)) -> - [ &_36 <- _ret' ] + [ &_37 <- _ret' ] -{inv'0 _ret'.final}- [ &node <- { node with current = { node.current with t_Node__right'0 = _ret'.final } } ] s1) - | s1 = {inv'0 _36.current} - Borrow.borrow_final {_36.current} {Borrow.get_id _36} + | s1 = {inv'0 _37.current} + Borrow.borrow_final {_37.current} {Borrow.get_id _37} (fun (_ret':borrowed (t_Tree'0)) -> - [ &_35 <- _ret' ] + [ &_36 <- _ret' ] -{inv'0 _ret'.final}- - [ &_36 <- { _36 with current = _ret'.final } ] + [ &_37 <- { _37 with current = _ret'.final } ] s2) | s2 = {[@expl:type invariant] inv'1 tree} s3 | s3 = -{resolve'0 tree}- s4 - | s4 = [ &tree <- _35 ] s5 - | s5 = {[@expl:type invariant] inv'1 _36} s6 - | s6 = -{resolve'0 _36}- s7 + | s4 = [ &tree <- _36 ] s5 + | s5 = {[@expl:type invariant] inv'1 _37} s6 + | s6 = -{resolve'0 _37}- s7 | s7 = bb14 ] | bb9 = bb12 @@ -11589,36 +11589,36 @@ module M_red_black_tree__qyi1501420612169366910__get_mut [#"red_black_tree.rs" 9 [ s0 = {inv'0 (node.current).t_Node__left'0} Borrow.borrow_final {(node.current).t_Node__left'0} {Borrow.inherit_id (Borrow.get_id node) 1} (fun (_ret':borrowed (t_Tree'0)) -> - [ &_31 <- _ret' ] + [ &_32 <- _ret' ] -{inv'0 _ret'.final}- [ &node <- { node with current = { node.current with t_Node__left'0 = _ret'.final } } ] s1) - | s1 = {inv'0 _31.current} - Borrow.borrow_final {_31.current} {Borrow.get_id _31} + | s1 = {inv'0 _32.current} + Borrow.borrow_final {_32.current} {Borrow.get_id _32} (fun (_ret':borrowed (t_Tree'0)) -> - [ &_30 <- _ret' ] + [ &_31 <- _ret' ] -{inv'0 _ret'.final}- - [ &_31 <- { _31 with current = _ret'.final } ] + [ &_32 <- { _32 with current = _ret'.final } ] s2) | s2 = {[@expl:type invariant] inv'1 tree} s3 | s3 = -{resolve'0 tree}- s4 - | s4 = [ &tree <- _30 ] s5 - | s5 = {[@expl:type invariant] inv'1 _31} s6 - | s6 = -{resolve'0 _31}- s7 + | s4 = [ &tree <- _31 ] s5 + | s5 = {[@expl:type invariant] inv'1 _32} s6 + | s6 = -{resolve'0 _32}- s7 | s7 = bb14 ] | bb14 = s0 [ s0 = {[@expl:type invariant] inv'4 node} s1 | s1 = -{resolve'1 node}- s2 - | s2 = {[@expl:type invariant] inv'5 _22} s3 - | s3 = -{resolve'2 _22}- s4 + | s2 = {[@expl:type invariant] inv'5 _23} s3 + | s3 = -{resolve'2 _23}- s4 | s4 = bb3 ] ] ] | bb15 = s0 - [ s0 = {[@expl:type invariant] inv'5 _22} s1 - | s1 = -{resolve'2 _22}- s2 + [ s0 = {[@expl:type invariant] inv'5 _23} s1 + | s1 = -{resolve'2 _23}- s2 | s2 = [ &_0 <- C_None'1 ] s3 | s3 = bb16 ] @@ -11627,24 +11627,24 @@ module M_red_black_tree__qyi1501420612169366910__get_mut [#"red_black_tree.rs" 9 [ s0 = {inv'6 (node.current).t_Node__val'0} Borrow.borrow_final {(node.current).t_Node__val'0} {Borrow.inherit_id (Borrow.get_id node) 4} (fun (_ret':borrowed t_V'0) -> - [ &_34 <- _ret' ] + [ &_35 <- _ret' ] -{inv'6 _ret'.final}- [ &node <- { node with current = { node.current with t_Node__val'0 = _ret'.final } } ] s1) - | s1 = {inv'6 _34.current} - Borrow.borrow_final {_34.current} {Borrow.get_id _34} + | s1 = {inv'6 _35.current} + Borrow.borrow_final {_35.current} {Borrow.get_id _35} (fun (_ret':borrowed t_V'0) -> - [ &_33 <- _ret' ] + [ &_34 <- _ret' ] -{inv'6 _ret'.final}- - [ &_34 <- { _34 with current = _ret'.final } ] + [ &_35 <- { _35 with current = _ret'.final } ] s2) - | s2 = [ &_0 <- C_Some'1 _33 ] s3 - | s3 = {[@expl:type invariant] inv'7 _34} s4 - | s4 = -{resolve'3 _34}- s5 + | s2 = [ &_0 <- C_Some'1 _34 ] s3 + | s3 = {[@expl:type invariant] inv'7 _35} s4 + | s4 = -{resolve'3 _35}- s5 | s5 = {[@expl:type invariant] inv'4 node} s6 | s6 = -{resolve'1 node}- s7 - | s7 = {[@expl:type invariant] inv'5 _22} s8 - | s8 = -{resolve'2 _22}- s9 + | s7 = {[@expl:type invariant] inv'5 _23} s8 + | s8 = -{resolve'2 _23}- s9 | s9 = bb16 ] | bb16 = s0 @@ -11661,16 +11661,16 @@ module M_red_black_tree__qyi1501420612169366910__get_mut [#"red_black_tree.rs" 9 | & _5 : Snapshot.snap_ty () = any_l () | & tree : borrowed (t_Tree'0) = any_l () | & old_tree : Snapshot.snap_ty (borrowed (t_Tree'0)) = any_l () - | & _22 : borrowed (t_Option'0) = any_l () + | & _23 : borrowed (t_Option'0) = any_l () | & node : borrowed (t_Node'0) = any_l () - | & _25 : t_Ordering'0 = any_l () - | & _28 : t_K'0 = any_l () - | & _30 : borrowed (t_Tree'0) = any_l () + | & _26 : t_Ordering'0 = any_l () + | & _29 : t_K'0 = any_l () | & _31 : borrowed (t_Tree'0) = any_l () - | & _33 : borrowed t_V'0 = any_l () + | & _32 : borrowed (t_Tree'0) = any_l () | & _34 : borrowed t_V'0 = any_l () - | & _35 : borrowed (t_Tree'0) = any_l () - | & _36 : borrowed (t_Tree'0) = any_l () ] + | & _35 : borrowed t_V'0 = any_l () + | & _36 : borrowed (t_Tree'0) = any_l () + | & _37 : borrowed (t_Tree'0) = any_l () ] [ return' (result:t_Option'1)-> {[@expl:get_mut result type invariant] [%#sred_black_tree14] inv'10 result} {[@expl:get_mut ensures] [%#sred_black_tree15] match result with diff --git a/creusot/tests/should_succeed/rusthorn/inc_max_repeat.coma b/creusot/tests/should_succeed/rusthorn/inc_max_repeat.coma index 0c054afd0..c090329a0 100644 --- a/creusot/tests/should_succeed/rusthorn/inc_max_repeat.coma +++ b/creusot/tests/should_succeed/rusthorn/inc_max_repeat.coma @@ -256,44 +256,44 @@ module M_inc_max_repeat__inc_max_repeat [#"inc_max_repeat.rs" 15 0 15 53] (! s0) [ s0 = bb5 ] [ bb5 = s0 [ s0 = Borrow.borrow_mut {iter} - (fun (_ret':borrowed (t_Range'0)) -> [ &_21 <- _ret' ] [ &iter <- _ret'.final ] s1) - | s1 = Borrow.borrow_final {_21.current} {Borrow.get_id _21} + (fun (_ret':borrowed (t_Range'0)) -> [ &_22 <- _ret' ] [ &iter <- _ret'.final ] s1) + | s1 = Borrow.borrow_final {_22.current} {Borrow.get_id _22} (fun (_ret':borrowed (t_Range'0)) -> - [ &_20 <- _ret' ] - [ &_21 <- { _21 with current = _ret'.final } ] + [ &_21 <- _ret' ] + [ &_22 <- { _22 with current = _ret'.final } ] s2) - | s2 = next'0 {_20} (fun (_ret':t_Option'0) -> [ &_19 <- _ret' ] s3) + | s2 = next'0 {_21} (fun (_ret':t_Option'0) -> [ &_20 <- _ret' ] s3) | s3 = bb6 ] | bb6 = s0 - [ s0 = -{resolve'0 _21}- s1 - | s1 = any [ br0 -> {_19 = C_None'0 } (! bb9) | br1 (x0:uint32)-> {_19 = C_Some'0 x0} (! bb8) ] ] + [ s0 = -{resolve'0 _22}- s1 + | s1 = any [ br0 -> {_20 = C_None'0 } (! bb9) | br1 (x0:uint32)-> {_20 = C_Some'0 x0} (! bb8) ] ] | bb8 = bb10 | bb10 = s0 - [ s0 = v_Some'0 {_19} (fun (r0'0:uint32) -> [ &__creusot_proc_iter_elem <- r0'0 ] s1) + [ s0 = v_Some'0 {_20} (fun (r0'0:uint32) -> [ &__creusot_proc_iter_elem <- r0'0 ] s1) | s1 = - [ &_24 <- [%#sinc_max_repeat6] Snapshot.new (Seq.(++) (Snapshot.inner produced) (Seq.singleton __creusot_proc_iter_elem)) ] + [ &_25 <- [%#sinc_max_repeat6] Snapshot.new (Seq.(++) (Snapshot.inner produced) (Seq.singleton __creusot_proc_iter_elem)) ] s2 | s2 = bb11 ] | bb11 = s0 - [ s0 = [ &produced <- _24 ] s1 + [ s0 = [ &produced <- _25 ] s1 | s1 = Borrow.borrow_mut {a} - (fun (_ret':borrowed uint32) -> [ &_28 <- _ret' ] [ &a <- _ret'.final ] s2) - | s2 = Borrow.borrow_final {_28.current} {Borrow.get_id _28} - (fun (_ret':borrowed uint32) -> [ &_27 <- _ret' ] [ &_28 <- { _28 with current = _ret'.final } ] s3) + (fun (_ret':borrowed uint32) -> [ &_29 <- _ret' ] [ &a <- _ret'.final ] s2) + | s2 = Borrow.borrow_final {_29.current} {Borrow.get_id _29} + (fun (_ret':borrowed uint32) -> [ &_28 <- _ret' ] [ &_29 <- { _29 with current = _ret'.final } ] s3) | s3 = Borrow.borrow_mut {b} - (fun (_ret':borrowed uint32) -> [ &_30 <- _ret' ] [ &b <- _ret'.final ] s4) - | s4 = Borrow.borrow_final {_30.current} {Borrow.get_id _30} - (fun (_ret':borrowed uint32) -> [ &_29 <- _ret' ] [ &_30 <- { _30 with current = _ret'.final } ] s5) - | s5 = take_max'0 {_27} {_29} (fun (_ret':borrowed uint32) -> [ &mc <- _ret' ] s6) + (fun (_ret':borrowed uint32) -> [ &_31 <- _ret' ] [ &b <- _ret'.final ] s4) + | s4 = Borrow.borrow_final {_31.current} {Borrow.get_id _31} + (fun (_ret':borrowed uint32) -> [ &_30 <- _ret' ] [ &_31 <- { _31 with current = _ret'.final } ] s5) + | s5 = take_max'0 {_28} {_30} (fun (_ret':borrowed uint32) -> [ &mc <- _ret' ] s6) | s6 = bb12 ] | bb12 = s0 - [ s0 = -{resolve'1 _30}- s1 - | s1 = -{resolve'1 _28}- s2 + [ s0 = -{resolve'1 _31}- s1 + | s1 = -{resolve'1 _29}- s2 | s2 = UInt32.add {mc.current} {[%#sinc_max_repeat7] (1 : uint32)} (fun (_ret':uint32) -> [ &mc <- { mc with current = _ret' } ] s3) | s3 = -{resolve'1 mc}- s4 @@ -302,15 +302,15 @@ module M_inc_max_repeat__inc_max_repeat [#"inc_max_repeat.rs" 15 0 15 53] ] | bb9 = s0 - [ s0 = UInt32.add {b} {n} (fun (_ret':uint32) -> [ &_35 <- _ret' ] s1) - | s1 = UInt32.ge {a} {_35} (fun (_ret':bool) -> [ &_33 <- _ret' ] s2) - | s2 = any [ br0 -> {_33 = false} (! bb14) | br1 -> {_33} (! bb13) ] ] + [ s0 = UInt32.add {b} {n} (fun (_ret':uint32) -> [ &_36 <- _ret' ] s1) + | s1 = UInt32.ge {a} {_36} (fun (_ret':bool) -> [ &_34 <- _ret' ] s2) + | s2 = any [ br0 -> {_34 = false} (! bb14) | br1 -> {_34} (! bb13) ] ] | bb13 = bb17 | bb14 = s0 - [ s0 = UInt32.add {a} {n} (fun (_ret':uint32) -> [ &_40 <- _ret' ] s1) - | s1 = UInt32.ge {b} {_40} (fun (_ret':bool) -> [ &_38 <- _ret' ] s2) - | s2 = any [ br0 -> {_38 = false} (! bb16) | br1 -> {_38} (! bb15) ] ] + [ s0 = UInt32.add {a} {n} (fun (_ret':uint32) -> [ &_41 <- _ret' ] s1) + | s1 = UInt32.ge {b} {_41} (fun (_ret':bool) -> [ &_39 <- _ret' ] s2) + | s2 = any [ br0 -> {_39 = false} (! bb16) | br1 -> {_39} (! bb15) ] ] | bb15 = bb17 | bb17 = return' {_0} @@ -324,19 +324,19 @@ module M_inc_max_repeat__inc_max_repeat [#"inc_max_repeat.rs" 15 0 15 53] | & _7 : t_Range'0 = any_l () | & iter_old : Snapshot.snap_ty (t_Range'0) = any_l () | & produced : Snapshot.snap_ty (Seq.seq uint32) = any_l () - | & _19 : t_Option'0 = any_l () - | & _20 : borrowed (t_Range'0) = any_l () + | & _20 : t_Option'0 = any_l () | & _21 : borrowed (t_Range'0) = any_l () + | & _22 : borrowed (t_Range'0) = any_l () | & __creusot_proc_iter_elem : uint32 = any_l () - | & _24 : Snapshot.snap_ty (Seq.seq uint32) = any_l () + | & _25 : Snapshot.snap_ty (Seq.seq uint32) = any_l () | & mc : borrowed uint32 = any_l () - | & _27 : borrowed uint32 = any_l () | & _28 : borrowed uint32 = any_l () | & _29 : borrowed uint32 = any_l () | & _30 : borrowed uint32 = any_l () - | & _33 : bool = any_l () - | & _35 : uint32 = any_l () - | & _38 : bool = any_l () - | & _40 : uint32 = any_l () ] + | & _31 : borrowed uint32 = any_l () + | & _34 : bool = any_l () + | & _36 : uint32 = any_l () + | & _39 : bool = any_l () + | & _41 : uint32 = any_l () ] [ return' (result:())-> (! return' {result}) ] end diff --git a/creusot/tests/should_succeed/selection_sort_generic.coma b/creusot/tests/should_succeed/selection_sort_generic.coma index 8c1bf641d..9fd9a7408 100644 --- a/creusot/tests/should_succeed/selection_sort_generic.coma +++ b/creusot/tests/should_succeed/selection_sort_generic.coma @@ -511,40 +511,40 @@ module M_selection_sort_generic__selection_sort [#"selection_sort_generic.rs" 30 (! s0) [ s0 = bb7 ] [ bb7 = s0 [ s0 = Borrow.borrow_mut {iter} - (fun (_ret':borrowed (t_Range'0)) -> [ &_23 <- _ret' ] [ &iter <- _ret'.final ] s1) - | s1 = Borrow.borrow_final {_23.current} {Borrow.get_id _23} + (fun (_ret':borrowed (t_Range'0)) -> [ &_24 <- _ret' ] [ &iter <- _ret'.final ] s1) + | s1 = Borrow.borrow_final {_24.current} {Borrow.get_id _24} (fun (_ret':borrowed (t_Range'0)) -> - [ &_22 <- _ret' ] - [ &_23 <- { _23 with current = _ret'.final } ] + [ &_23 <- _ret' ] + [ &_24 <- { _24 with current = _ret'.final } ] s2) - | s2 = next'0 {_22} (fun (_ret':t_Option'0) -> [ &_21 <- _ret' ] s3) + | s2 = next'0 {_23} (fun (_ret':t_Option'0) -> [ &_22 <- _ret' ] s3) | s3 = bb8 ] | bb8 = s0 - [ s0 = -{resolve'0 _23}- s1 - | s1 = any [ br0 -> {_21 = C_None'0 } (! bb11) | br1 (x0:usize)-> {_21 = C_Some'0 x0} (! bb10) ] ] + [ s0 = -{resolve'0 _24}- s1 + | s1 = any [ br0 -> {_22 = C_None'0 } (! bb11) | br1 (x0:usize)-> {_22 = C_Some'0 x0} (! bb10) ] ] | bb10 = bb12 | bb12 = s0 - [ s0 = v_Some'0 {_21} (fun (r0'0:usize) -> [ &__creusot_proc_iter_elem <- r0'0 ] s1) + [ s0 = v_Some'0 {_22} (fun (r0'0:usize) -> [ &__creusot_proc_iter_elem <- r0'0 ] s1) | s1 = - [ &_26 <- [%#sselection_sort_generic8] Snapshot.new (Seq.(++) (Snapshot.inner produced) (Seq.singleton __creusot_proc_iter_elem)) ] + [ &_27 <- [%#sselection_sort_generic8] Snapshot.new (Seq.(++) (Snapshot.inner produced) (Seq.singleton __creusot_proc_iter_elem)) ] s2 | s2 = bb13 ] | bb13 = s0 - [ s0 = [ &produced <- _26 ] s1 + [ s0 = [ &produced <- _27 ] s1 | s1 = [ &i <- __creusot_proc_iter_elem ] s2 | s2 = [ &min <- i ] s3 | s3 = UIntSize.add {i} {[%#sselection_sort_generic9] (1 : usize)} - (fun (_ret':usize) -> [ &_33 <- _ret' ] s4) - | s4 = len'0 {v.current} (fun (_ret':usize) -> [ &_35 <- _ret' ] s5) + (fun (_ret':usize) -> [ &_34 <- _ret' ] s4) + | s4 = len'0 {v.current} (fun (_ret':usize) -> [ &_36 <- _ret' ] s5) | s5 = bb14 ] | bb14 = s0 - [ s0 = [ &_32 <- { t_Range__start'0 = _33; t_Range__end'0 = _35 } ] s1 - | s1 = into_iter'0 {_32} (fun (_ret':t_Range'0) -> [ &iter1 <- _ret' ] s2) + [ s0 = [ &_33 <- { t_Range__start'0 = _34; t_Range__end'0 = _36 } ] s1 + | s1 = into_iter'0 {_33} (fun (_ret':t_Range'0) -> [ &iter1 <- _ret' ] s2) | s2 = bb15 ] | bb15 = s0 [ s0 = [ &iter_old1 <- [%#sselection_sort_generic10] Snapshot.new iter1 ] s1 | s1 = bb16 ] @@ -565,37 +565,37 @@ module M_selection_sort_generic__selection_sort [#"selection_sort_generic.rs" 30 (! s0) [ s0 = bb19 ] [ bb19 = s0 [ s0 = Borrow.borrow_mut {iter1} - (fun (_ret':borrowed (t_Range'0)) -> [ &_48 <- _ret' ] [ &iter1 <- _ret'.final ] s1) - | s1 = Borrow.borrow_final {_48.current} {Borrow.get_id _48} + (fun (_ret':borrowed (t_Range'0)) -> [ &_50 <- _ret' ] [ &iter1 <- _ret'.final ] s1) + | s1 = Borrow.borrow_final {_50.current} {Borrow.get_id _50} (fun (_ret':borrowed (t_Range'0)) -> - [ &_47 <- _ret' ] - [ &_48 <- { _48 with current = _ret'.final } ] + [ &_49 <- _ret' ] + [ &_50 <- { _50 with current = _ret'.final } ] s2) - | s2 = next'0 {_47} (fun (_ret':t_Option'0) -> [ &_46 <- _ret' ] s3) + | s2 = next'0 {_49} (fun (_ret':t_Option'0) -> [ &_48 <- _ret' ] s3) | s3 = bb20 ] | bb20 = s0 - [ s0 = -{resolve'0 _48}- s1 - | s1 = any [ br0 -> {_46 = C_None'0 } (! bb23) | br1 (x0:usize)-> {_46 = C_Some'0 x0} (! bb22) ] ] + [ s0 = -{resolve'0 _50}- s1 + | s1 = any [ br0 -> {_48 = C_None'0 } (! bb23) | br1 (x0:usize)-> {_48 = C_Some'0 x0} (! bb22) ] ] | bb22 = bb24 | bb24 = s0 - [ s0 = v_Some'0 {_46} (fun (r0'0:usize) -> [ &__creusot_proc_iter_elem1 <- r0'0 ] s1) + [ s0 = v_Some'0 {_48} (fun (r0'0:usize) -> [ &__creusot_proc_iter_elem1 <- r0'0 ] s1) | s1 = - [ &_51 <- [%#sselection_sort_generic15] Snapshot.new (Seq.(++) (Snapshot.inner produced1) (Seq.singleton __creusot_proc_iter_elem1)) ] + [ &_53 <- [%#sselection_sort_generic15] Snapshot.new (Seq.(++) (Snapshot.inner produced1) (Seq.singleton __creusot_proc_iter_elem1)) ] s2 | s2 = bb25 ] | bb25 = s0 - [ s0 = [ &produced1 <- _51 ] s1 + [ s0 = [ &produced1 <- _53 ] s1 | s1 = [ &j <- __creusot_proc_iter_elem1 ] s2 - | s2 = index'0 {v.current} {j} (fun (_ret':t_T'0) -> [ &_56 <- _ret' ] s3) + | s2 = index'0 {v.current} {j} (fun (_ret':t_T'0) -> [ &_58 <- _ret' ] s3) | s3 = bb26 ] - | bb26 = s0 [ s0 = index'0 {v.current} {min} (fun (_ret':t_T'0) -> [ &_60 <- _ret' ] s1) | s1 = bb27 ] - | bb27 = s0 [ s0 = lt'0 {_56} {_60} (fun (_ret':bool) -> [ &_54 <- _ret' ] s1) | s1 = bb28 ] - | bb28 = any [ br0 -> {_54 = false} (! bb30) | br1 -> {_54} (! bb29) ] + | bb26 = s0 [ s0 = index'0 {v.current} {min} (fun (_ret':t_T'0) -> [ &_62 <- _ret' ] s1) | s1 = bb27 ] + | bb27 = s0 [ s0 = lt'0 {_58} {_62} (fun (_ret':bool) -> [ &_56 <- _ret' ] s1) | s1 = bb28 ] + | bb28 = any [ br0 -> {_56 = false} (! bb30) | br1 -> {_56} (! bb29) ] | bb29 = s0 [ s0 = [ &min <- j ] s1 | s1 = bb31 ] | bb30 = bb31 | bb31 = bb18 ] @@ -605,27 +605,27 @@ module M_selection_sort_generic__selection_sort [#"selection_sort_generic.rs" 30 [ s0 = {inv'2 v.current} Borrow.borrow_mut {v.current} (fun (_ret':borrowed (t_Vec'0)) -> - [ &_68 <- _ret' ] + [ &_70 <- _ret' ] -{inv'2 _ret'.final}- [ &v <- { v with current = _ret'.final } ] s1) - | s1 = deref_mut'0 {_68} (fun (_ret':borrowed (slice t_T'0)) -> [ &_67 <- _ret' ] s2) + | s1 = deref_mut'0 {_70} (fun (_ret':borrowed (slice t_T'0)) -> [ &_69 <- _ret' ] s2) | s2 = bb32 ] | bb32 = s0 - [ s0 = {inv'3 _67.current} - Borrow.borrow_final {_67.current} {Borrow.get_id _67} + [ s0 = {inv'3 _69.current} + Borrow.borrow_final {_69.current} {Borrow.get_id _69} (fun (_ret':borrowed (slice t_T'0)) -> - [ &_66 <- _ret' ] + [ &_68 <- _ret' ] -{inv'3 _ret'.final}- - [ &_67 <- { _67 with current = _ret'.final } ] + [ &_69 <- { _69 with current = _ret'.final } ] s1) - | s1 = swap'0 {_66} {i} {min} (fun (_ret':()) -> [ &_65 <- _ret' ] s2) + | s1 = swap'0 {_68} {i} {min} (fun (_ret':()) -> [ &_67 <- _ret' ] s2) | s2 = bb33 ] | bb33 = s0 - [ s0 = {[@expl:type invariant] inv'4 _67} s1 - | s1 = -{resolve'1 _67}- s2 + [ s0 = {[@expl:type invariant] inv'4 _69} s1 + | s1 = -{resolve'1 _69}- s2 | s2 = {[@expl:assertion] [%#sselection_sort_generic16] let i = Seq.length (Snapshot.inner produced) in forall k1 : int, k2 : int . 0 <= k1 /\ k1 < i /\ i <= k2 /\ k2 < Seq.length (deep_model'0 v) @@ -645,32 +645,32 @@ module M_selection_sort_generic__selection_sort [#"selection_sort_generic.rs" 30 | & _8 : usize = any_l () | & iter_old : Snapshot.snap_ty (t_Range'0) = any_l () | & produced : Snapshot.snap_ty (Seq.seq usize) = any_l () - | & _21 : t_Option'0 = any_l () - | & _22 : borrowed (t_Range'0) = any_l () + | & _22 : t_Option'0 = any_l () | & _23 : borrowed (t_Range'0) = any_l () + | & _24 : borrowed (t_Range'0) = any_l () | & __creusot_proc_iter_elem : usize = any_l () - | & _26 : Snapshot.snap_ty (Seq.seq usize) = any_l () + | & _27 : Snapshot.snap_ty (Seq.seq usize) = any_l () | & i : usize = any_l () | & min : usize = any_l () | & iter1 : t_Range'0 = any_l () - | & _32 : t_Range'0 = any_l () - | & _33 : usize = any_l () - | & _35 : usize = any_l () + | & _33 : t_Range'0 = any_l () + | & _34 : usize = any_l () + | & _36 : usize = any_l () | & iter_old1 : Snapshot.snap_ty (t_Range'0) = any_l () | & produced1 : Snapshot.snap_ty (Seq.seq usize) = any_l () - | & _46 : t_Option'0 = any_l () - | & _47 : borrowed (t_Range'0) = any_l () - | & _48 : borrowed (t_Range'0) = any_l () + | & _48 : t_Option'0 = any_l () + | & _49 : borrowed (t_Range'0) = any_l () + | & _50 : borrowed (t_Range'0) = any_l () | & __creusot_proc_iter_elem1 : usize = any_l () - | & _51 : Snapshot.snap_ty (Seq.seq usize) = any_l () + | & _53 : Snapshot.snap_ty (Seq.seq usize) = any_l () | & j : usize = any_l () - | & _54 : bool = any_l () - | & _56 : t_T'0 = any_l () - | & _60 : t_T'0 = any_l () - | & _65 : () = any_l () - | & _66 : borrowed (slice t_T'0) = any_l () - | & _67 : borrowed (slice t_T'0) = any_l () - | & _68 : borrowed (t_Vec'0) = any_l () + | & _56 : bool = any_l () + | & _58 : t_T'0 = any_l () + | & _62 : t_T'0 = any_l () + | & _67 : () = any_l () + | & _68 : borrowed (slice t_T'0) = any_l () + | & _69 : borrowed (slice t_T'0) = any_l () + | & _70 : borrowed (t_Vec'0) = any_l () | & old_6_0 : Snapshot.snap_ty (borrowed (t_Vec'0)) = any_l () ] [ return' (result:())-> {[@expl:selection_sort ensures #0] [%#sselection_sort_generic18] sorted'0 (deep_model'1 v.final)} diff --git a/creusot/tests/should_succeed/specification/loops.stderr b/creusot/tests/should_succeed/specification/loops.stderr new file mode 100644 index 000000000..6a92b9fef --- /dev/null +++ b/creusot/tests/should_succeed/specification/loops.stderr @@ -0,0 +1,8 @@ +warning: Loop variants are currently unsupported. + --> loops.rs:5:15 + | +5 | #[variant(0)] + | ^ + +warning: 1 warning emitted + diff --git a/creusot/tests/should_succeed/sum.coma b/creusot/tests/should_succeed/sum.coma index c47418fc5..07ba02ee7 100644 --- a/creusot/tests/should_succeed/sum.coma +++ b/creusot/tests/should_succeed/sum.coma @@ -201,30 +201,30 @@ module M_sum__sum_first_n [#"sum.rs" 6 0 6 33] (! s0) [ s0 = bb6 ] [ bb6 = s0 [ s0 = Borrow.borrow_mut {iter} - (fun (_ret':borrowed (t_RangeInclusive'0)) -> [ &_20 <- _ret' ] [ &iter <- _ret'.final ] s1) - | s1 = Borrow.borrow_final {_20.current} {Borrow.get_id _20} + (fun (_ret':borrowed (t_RangeInclusive'0)) -> [ &_21 <- _ret' ] [ &iter <- _ret'.final ] s1) + | s1 = Borrow.borrow_final {_21.current} {Borrow.get_id _21} (fun (_ret':borrowed (t_RangeInclusive'0)) -> - [ &_19 <- _ret' ] - [ &_20 <- { _20 with current = _ret'.final } ] + [ &_20 <- _ret' ] + [ &_21 <- { _21 with current = _ret'.final } ] s2) - | s2 = next'0 {_19} (fun (_ret':t_Option'0) -> [ &_18 <- _ret' ] s3) + | s2 = next'0 {_20} (fun (_ret':t_Option'0) -> [ &_19 <- _ret' ] s3) | s3 = bb7 ] | bb7 = s0 - [ s0 = -{resolve'0 _20}- s1 - | s1 = any [ br0 -> {_18 = C_None'0 } (! bb10) | br1 (x0:uint32)-> {_18 = C_Some'0 x0} (! bb9) ] ] + [ s0 = -{resolve'0 _21}- s1 + | s1 = any [ br0 -> {_19 = C_None'0 } (! bb10) | br1 (x0:uint32)-> {_19 = C_Some'0 x0} (! bb9) ] ] | bb9 = bb11 | bb11 = s0 - [ s0 = v_Some'0 {_18} (fun (r0'0:uint32) -> [ &__creusot_proc_iter_elem <- r0'0 ] s1) + [ s0 = v_Some'0 {_19} (fun (r0'0:uint32) -> [ &__creusot_proc_iter_elem <- r0'0 ] s1) | s1 = - [ &_23 <- [%#ssum6] Snapshot.new (Seq.(++) (Snapshot.inner produced) (Seq.singleton __creusot_proc_iter_elem)) ] + [ &_24 <- [%#ssum6] Snapshot.new (Seq.(++) (Snapshot.inner produced) (Seq.singleton __creusot_proc_iter_elem)) ] s2 | s2 = bb12 ] | bb12 = s0 - [ s0 = [ &produced <- _23 ] s1 + [ s0 = [ &produced <- _24 ] s1 | s1 = [ &i <- __creusot_proc_iter_elem ] s2 | s2 = UInt32.add {sum} {i} (fun (_ret':uint32) -> [ &sum <- _ret' ] s3) | s3 = bb5 ] @@ -240,11 +240,11 @@ module M_sum__sum_first_n [#"sum.rs" 6 0 6 33] | & _7 : t_RangeInclusive'0 = any_l () | & iter_old : Snapshot.snap_ty (t_RangeInclusive'0) = any_l () | & produced : Snapshot.snap_ty (Seq.seq uint32) = any_l () - | & _18 : t_Option'0 = any_l () - | & _19 : borrowed (t_RangeInclusive'0) = any_l () + | & _19 : t_Option'0 = any_l () | & _20 : borrowed (t_RangeInclusive'0) = any_l () + | & _21 : borrowed (t_RangeInclusive'0) = any_l () | & __creusot_proc_iter_elem : uint32 = any_l () - | & _23 : Snapshot.snap_ty (Seq.seq uint32) = any_l () + | & _24 : Snapshot.snap_ty (Seq.seq uint32) = any_l () | & i : uint32 = any_l () ] [ return' (result:uint32)-> {[@expl:sum_first_n ensures] [%#ssum8] UInt32.to_int result diff --git a/creusot/tests/should_succeed/sum_of_odds.coma b/creusot/tests/should_succeed/sum_of_odds.coma index ef5dd848e..9f3d60e9f 100644 --- a/creusot/tests/should_succeed/sum_of_odds.coma +++ b/creusot/tests/should_succeed/sum_of_odds.coma @@ -240,35 +240,35 @@ module M_sum_of_odds__compute_sum_of_odd [#"sum_of_odds.rs" 36 0 36 36] (! s0) [ s0 = bb5 ] [ bb5 = s0 [ s0 = Borrow.borrow_mut {iter} - (fun (_ret':borrowed (t_Range'0)) -> [ &_21 <- _ret' ] [ &iter <- _ret'.final ] s1) - | s1 = Borrow.borrow_final {_21.current} {Borrow.get_id _21} + (fun (_ret':borrowed (t_Range'0)) -> [ &_22 <- _ret' ] [ &iter <- _ret'.final ] s1) + | s1 = Borrow.borrow_final {_22.current} {Borrow.get_id _22} (fun (_ret':borrowed (t_Range'0)) -> - [ &_20 <- _ret' ] - [ &_21 <- { _21 with current = _ret'.final } ] + [ &_21 <- _ret' ] + [ &_22 <- { _22 with current = _ret'.final } ] s2) - | s2 = next'0 {_20} (fun (_ret':t_Option'0) -> [ &_19 <- _ret' ] s3) + | s2 = next'0 {_21} (fun (_ret':t_Option'0) -> [ &_20 <- _ret' ] s3) | s3 = bb6 ] | bb6 = s0 - [ s0 = -{resolve'0 _21}- s1 - | s1 = any [ br0 -> {_19 = C_None'0 } (! bb9) | br1 (x0:uint32)-> {_19 = C_Some'0 x0} (! bb8) ] ] + [ s0 = -{resolve'0 _22}- s1 + | s1 = any [ br0 -> {_20 = C_None'0 } (! bb9) | br1 (x0:uint32)-> {_20 = C_Some'0 x0} (! bb8) ] ] | bb8 = bb10 | bb10 = s0 - [ s0 = v_Some'0 {_19} (fun (r0'0:uint32) -> [ &__creusot_proc_iter_elem <- r0'0 ] s1) + [ s0 = v_Some'0 {_20} (fun (r0'0:uint32) -> [ &__creusot_proc_iter_elem <- r0'0 ] s1) | s1 = - [ &_24 <- [%#ssum_of_odds6] Snapshot.new (Seq.(++) (Snapshot.inner produced) (Seq.singleton __creusot_proc_iter_elem)) ] + [ &_25 <- [%#ssum_of_odds6] Snapshot.new (Seq.(++) (Snapshot.inner produced) (Seq.singleton __creusot_proc_iter_elem)) ] s2 | s2 = bb11 ] | bb11 = s0 - [ s0 = [ &produced <- _24 ] s1 + [ s0 = [ &produced <- _25 ] s1 | s1 = [ &i <- __creusot_proc_iter_elem ] s2 | s2 = {[@expl:assertion] [%#ssum_of_odds7] let _ = sum_of_odd_is_sqr'0 (UInt32.to_int i) in true} s3 - | s3 = UInt32.mul {[%#ssum_of_odds8] (2 : uint32)} {i} (fun (_ret':uint32) -> [ &_30 <- _ret' ] s4) - | s4 = UInt32.add {_30} {[%#ssum_of_odds9] (1 : uint32)} (fun (_ret':uint32) -> [ &_29 <- _ret' ] s5) - | s5 = UInt32.add {s} {_29} (fun (_ret':uint32) -> [ &s <- _ret' ] s6) + | s3 = UInt32.mul {[%#ssum_of_odds8] (2 : uint32)} {i} (fun (_ret':uint32) -> [ &_31 <- _ret' ] s4) + | s4 = UInt32.add {_31} {[%#ssum_of_odds9] (1 : uint32)} (fun (_ret':uint32) -> [ &_30 <- _ret' ] s5) + | s5 = UInt32.add {s} {_30} (fun (_ret':uint32) -> [ &s <- _ret' ] s6) | s6 = bb4 ] ] ] @@ -282,14 +282,14 @@ module M_sum_of_odds__compute_sum_of_odd [#"sum_of_odds.rs" 36 0 36 36] | & _8 : t_Range'0 = any_l () | & iter_old : Snapshot.snap_ty (t_Range'0) = any_l () | & produced : Snapshot.snap_ty (Seq.seq uint32) = any_l () - | & _19 : t_Option'0 = any_l () - | & _20 : borrowed (t_Range'0) = any_l () + | & _20 : t_Option'0 = any_l () | & _21 : borrowed (t_Range'0) = any_l () + | & _22 : borrowed (t_Range'0) = any_l () | & __creusot_proc_iter_elem : uint32 = any_l () - | & _24 : Snapshot.snap_ty (Seq.seq uint32) = any_l () + | & _25 : Snapshot.snap_ty (Seq.seq uint32) = any_l () | & i : uint32 = any_l () - | & _29 : uint32 = any_l () - | & _30 : uint32 = any_l () ] + | & _30 : uint32 = any_l () + | & _31 : uint32 = any_l () ] [ return' (result:uint32)-> {[@expl:compute_sum_of_odd ensures] [%#ssum_of_odds11] UInt32.to_int result = sum_of_odd'0 (UInt32.to_int x)} diff --git a/creusot/tests/should_succeed/vector/01.coma b/creusot/tests/should_succeed/vector/01.coma index 43e71a2ff..4eed4bcb8 100644 --- a/creusot/tests/should_succeed/vector/01.coma +++ b/creusot/tests/should_succeed/vector/01.coma @@ -291,38 +291,38 @@ module M_01__all_zero [#"01.rs" 7 0 7 33] (! s0) [ s0 = bb7 ] [ bb7 = s0 [ s0 = Borrow.borrow_mut {iter} - (fun (_ret':borrowed (t_Range'0)) -> [ &_22 <- _ret' ] [ &iter <- _ret'.final ] s1) - | s1 = Borrow.borrow_final {_22.current} {Borrow.get_id _22} + (fun (_ret':borrowed (t_Range'0)) -> [ &_23 <- _ret' ] [ &iter <- _ret'.final ] s1) + | s1 = Borrow.borrow_final {_23.current} {Borrow.get_id _23} (fun (_ret':borrowed (t_Range'0)) -> - [ &_21 <- _ret' ] - [ &_22 <- { _22 with current = _ret'.final } ] + [ &_22 <- _ret' ] + [ &_23 <- { _23 with current = _ret'.final } ] s2) - | s2 = next'0 {_21} (fun (_ret':t_Option'0) -> [ &_20 <- _ret' ] s3) + | s2 = next'0 {_22} (fun (_ret':t_Option'0) -> [ &_21 <- _ret' ] s3) | s3 = bb8 ] | bb8 = s0 - [ s0 = -{resolve'0 _22}- s1 - | s1 = any [ br0 -> {_20 = C_None'0 } (! bb11) | br1 (x0:usize)-> {_20 = C_Some'0 x0} (! bb10) ] ] + [ s0 = -{resolve'0 _23}- s1 + | s1 = any [ br0 -> {_21 = C_None'0 } (! bb11) | br1 (x0:usize)-> {_21 = C_Some'0 x0} (! bb10) ] ] | bb10 = bb12 | bb12 = s0 - [ s0 = v_Some'0 {_20} (fun (r0'0:usize) -> [ &__creusot_proc_iter_elem <- r0'0 ] s1) + [ s0 = v_Some'0 {_21} (fun (r0'0:usize) -> [ &__creusot_proc_iter_elem <- r0'0 ] s1) | s1 = - [ &_25 <- [%#s017] Snapshot.new (Seq.(++) (Snapshot.inner produced) (Seq.singleton __creusot_proc_iter_elem)) ] + [ &_26 <- [%#s017] Snapshot.new (Seq.(++) (Snapshot.inner produced) (Seq.singleton __creusot_proc_iter_elem)) ] s2 | s2 = bb13 ] | bb13 = s0 - [ s0 = [ &produced <- _25 ] s1 + [ s0 = [ &produced <- _26 ] s1 | s1 = [ &i <- __creusot_proc_iter_elem ] s2 | s2 = Borrow.borrow_mut {v.current} - (fun (_ret':borrowed (t_Vec'0)) -> [ &_29 <- _ret' ] [ &v <- { v with current = _ret'.final } ] s3) - | s3 = index_mut'0 {_29} {i} (fun (_ret':borrowed uint32) -> [ &_28 <- _ret' ] s4) + (fun (_ret':borrowed (t_Vec'0)) -> [ &_30 <- _ret' ] [ &v <- { v with current = _ret'.final } ] s3) + | s3 = index_mut'0 {_30} {i} (fun (_ret':borrowed uint32) -> [ &_29 <- _ret' ] s4) | s4 = bb14 ] | bb14 = s0 - [ s0 = [ &_28 <- { _28 with current = ([%#s018] (0 : uint32)) } ] s1 | s1 = -{resolve'1 _28}- s2 | s2 = bb6 ] + [ s0 = [ &_29 <- { _29 with current = ([%#s018] (0 : uint32)) } ] s1 | s1 = -{resolve'1 _29}- s2 | s2 = bb6 ] ] ] @@ -336,14 +336,14 @@ module M_01__all_zero [#"01.rs" 7 0 7 33] | & _8 : usize = any_l () | & iter_old : Snapshot.snap_ty (t_Range'0) = any_l () | & produced : Snapshot.snap_ty (Seq.seq usize) = any_l () - | & _20 : t_Option'0 = any_l () - | & _21 : borrowed (t_Range'0) = any_l () + | & _21 : t_Option'0 = any_l () | & _22 : borrowed (t_Range'0) = any_l () + | & _23 : borrowed (t_Range'0) = any_l () | & __creusot_proc_iter_elem : usize = any_l () - | & _25 : Snapshot.snap_ty (Seq.seq usize) = any_l () + | & _26 : Snapshot.snap_ty (Seq.seq usize) = any_l () | & i : usize = any_l () - | & _28 : borrowed uint32 = any_l () - | & _29 : borrowed (t_Vec'0) = any_l () + | & _29 : borrowed uint32 = any_l () + | & _30 : borrowed (t_Vec'0) = any_l () | & old_6_0 : Snapshot.snap_ty (borrowed (t_Vec'0)) = any_l () ] [ return' (result:())-> {[@expl:all_zero ensures #0] [%#s019] forall i : int . 0 <= i diff --git a/creusot/tests/should_succeed/vector/02_gnome.coma b/creusot/tests/should_succeed/vector/02_gnome.coma index 569debf18..d350ae70c 100644 --- a/creusot/tests/should_succeed/vector/02_gnome.coma +++ b/creusot/tests/should_succeed/vector/02_gnome.coma @@ -355,26 +355,26 @@ module M_02_gnome__gnome_sort [#"02_gnome.rs" 22 0 24 29] {[@expl:loop invariant #0] [%#s02_gnome3] sorted_range'0 (deep_model'0 v) 0 (UIntSize.to_int i)} {[@expl:loop invariant #1] [%#s02_gnome2] permutation_of'0 (view'0 v) (view'1 old_v)} (! s0) [ s0 = bb3 ] - [ bb3 = s0 [ s0 = len'0 {v.current} (fun (_ret':usize) -> [ &_12 <- _ret' ] s1) | s1 = bb4 ] + [ bb3 = s0 [ s0 = len'0 {v.current} (fun (_ret':usize) -> [ &_13 <- _ret' ] s1) | s1 = bb4 ] | bb4 = s0 - [ s0 = UIntSize.lt {i} {_12} (fun (_ret':bool) -> [ &_10 <- _ret' ] s1) - | s1 = any [ br0 -> {_10 = false} (! bb17) | br1 -> {_10} (! bb5) ] ] + [ s0 = UIntSize.lt {i} {_13} (fun (_ret':bool) -> [ &_11 <- _ret' ] s1) + | s1 = any [ br0 -> {_11 = false} (! bb17) | br1 -> {_11} (! bb5) ] ] | bb5 = s0 - [ s0 = UIntSize.eq {i} {[%#s02_gnome4] (0 : usize)} (fun (_ret':bool) -> [ &_14 <- _ret' ] s1) - | s1 = any [ br0 -> {_14 = false} (! bb7) | br1 -> {_14} (! bb6) ] ] + [ s0 = UIntSize.eq {i} {[%#s02_gnome4] (0 : usize)} (fun (_ret':bool) -> [ &_15 <- _ret' ] s1) + | s1 = any [ br0 -> {_15 = false} (! bb7) | br1 -> {_15} (! bb6) ] ] | bb6 = bb12 | bb7 = s0 - [ s0 = UIntSize.sub {i} {[%#s02_gnome5] (1 : usize)} (fun (_ret':usize) -> [ &_20 <- _ret' ] s1) - | s1 = index'0 {v.current} {_20} (fun (_ret':t_T'0) -> [ &_18 <- _ret' ] s2) + [ s0 = UIntSize.sub {i} {[%#s02_gnome5] (1 : usize)} (fun (_ret':usize) -> [ &_21 <- _ret' ] s1) + | s1 = index'0 {v.current} {_21} (fun (_ret':t_T'0) -> [ &_19 <- _ret' ] s2) | s2 = bb8 ] - | bb8 = s0 [ s0 = index'0 {v.current} {i} (fun (_ret':t_T'0) -> [ &_24 <- _ret' ] s1) | s1 = bb9 ] + | bb8 = s0 [ s0 = index'0 {v.current} {i} (fun (_ret':t_T'0) -> [ &_25 <- _ret' ] s1) | s1 = bb9 ] | bb9 = s0 - [ s0 = [ &_23 <- _24 ] s1 | s1 = le'0 {_18} {_23} (fun (_ret':bool) -> [ &_16 <- _ret' ] s2) | s2 = bb10 ] + [ s0 = [ &_24 <- _25 ] s1 | s1 = le'0 {_19} {_24} (fun (_ret':bool) -> [ &_17 <- _ret' ] s2) | s2 = bb10 ] - | bb10 = any [ br0 -> {_16 = false} (! bb13) | br1 -> {_16} (! bb11) ] + | bb10 = any [ br0 -> {_17 = false} (! bb13) | br1 -> {_17} (! bb11) ] | bb11 = bb12 | bb12 = s0 [ s0 = UIntSize.add {i} {[%#s02_gnome6] (1 : usize)} (fun (_ret':usize) -> [ &i <- _ret' ] s1) | s1 = bb16 ] @@ -383,28 +383,28 @@ module M_02_gnome__gnome_sort [#"02_gnome.rs" 22 0 24 29] [ s0 = {inv'0 v.current} Borrow.borrow_mut {v.current} (fun (_ret':borrowed (t_Vec'0)) -> - [ &_30 <- _ret' ] + [ &_31 <- _ret' ] -{inv'0 _ret'.final}- [ &v <- { v with current = _ret'.final } ] s1) - | s1 = deref_mut'0 {_30} (fun (_ret':borrowed (slice t_T'0)) -> [ &_29 <- _ret' ] s2) + | s1 = deref_mut'0 {_31} (fun (_ret':borrowed (slice t_T'0)) -> [ &_30 <- _ret' ] s2) | s2 = bb14 ] | bb14 = s0 - [ s0 = {inv'1 _29.current} - Borrow.borrow_final {_29.current} {Borrow.get_id _29} + [ s0 = {inv'1 _30.current} + Borrow.borrow_final {_30.current} {Borrow.get_id _30} (fun (_ret':borrowed (slice t_T'0)) -> - [ &_28 <- _ret' ] + [ &_29 <- _ret' ] -{inv'1 _ret'.final}- - [ &_29 <- { _29 with current = _ret'.final } ] + [ &_30 <- { _30 with current = _ret'.final } ] s1) - | s1 = UIntSize.sub {i} {[%#s02_gnome7] (1 : usize)} (fun (_ret':usize) -> [ &_31 <- _ret' ] s2) - | s2 = swap'0 {_28} {_31} {i} (fun (_ret':()) -> [ &_27 <- _ret' ] s3) + | s1 = UIntSize.sub {i} {[%#s02_gnome7] (1 : usize)} (fun (_ret':usize) -> [ &_32 <- _ret' ] s2) + | s2 = swap'0 {_29} {_32} {i} (fun (_ret':()) -> [ &_28 <- _ret' ] s3) | s3 = bb15 ] | bb15 = s0 - [ s0 = {[@expl:type invariant] inv'2 _29} s1 - | s1 = -{resolve'0 _29}- s2 + [ s0 = {[@expl:type invariant] inv'2 _30} s1 + | s1 = -{resolve'0 _30}- s2 | s2 = UIntSize.sub {i} {[%#s02_gnome8] (1 : usize)} (fun (_ret':usize) -> [ &i <- _ret' ] s3) | s3 = bb16 ] @@ -417,19 +417,19 @@ module M_02_gnome__gnome_sort [#"02_gnome.rs" 22 0 24 29] | & v : borrowed (t_Vec'0) = v | & old_v : Snapshot.snap_ty (borrowed (t_Vec'0)) = any_l () | & i : usize = any_l () - | & _10 : bool = any_l () - | & _12 : usize = any_l () - | & _14 : bool = any_l () - | & _16 : bool = any_l () - | & _18 : t_T'0 = any_l () - | & _20 : usize = any_l () - | & _23 : t_T'0 = any_l () + | & _11 : bool = any_l () + | & _13 : usize = any_l () + | & _15 : bool = any_l () + | & _17 : bool = any_l () + | & _19 : t_T'0 = any_l () + | & _21 : usize = any_l () | & _24 : t_T'0 = any_l () - | & _27 : () = any_l () - | & _28 : borrowed (slice t_T'0) = any_l () + | & _25 : t_T'0 = any_l () + | & _28 : () = any_l () | & _29 : borrowed (slice t_T'0) = any_l () - | & _30 : borrowed (t_Vec'0) = any_l () - | & _31 : usize = any_l () + | & _30 : borrowed (slice t_T'0) = any_l () + | & _31 : borrowed (t_Vec'0) = any_l () + | & _32 : usize = any_l () | & old_2_0 : Snapshot.snap_ty (borrowed (t_Vec'0)) = any_l () ] [ return' (result:())-> {[@expl:gnome_sort ensures #0] [%#s02_gnome10] sorted'0 (deep_model'1 v.final)} diff --git a/creusot/tests/should_succeed/vector/03_knuth_shuffle.coma b/creusot/tests/should_succeed/vector/03_knuth_shuffle.coma index f5245e848..31139ce2d 100644 --- a/creusot/tests/should_succeed/vector/03_knuth_shuffle.coma +++ b/creusot/tests/should_succeed/vector/03_knuth_shuffle.coma @@ -353,36 +353,36 @@ module M_03_knuth_shuffle__knuth_shuffle [#"03_knuth_shuffle.rs" 13 0 13 39] (! s0) [ s0 = bb7 ] [ bb7 = s0 [ s0 = Borrow.borrow_mut {iter} - (fun (_ret':borrowed (t_Range'0)) -> [ &_20 <- _ret' ] [ &iter <- _ret'.final ] s1) - | s1 = Borrow.borrow_final {_20.current} {Borrow.get_id _20} + (fun (_ret':borrowed (t_Range'0)) -> [ &_21 <- _ret' ] [ &iter <- _ret'.final ] s1) + | s1 = Borrow.borrow_final {_21.current} {Borrow.get_id _21} (fun (_ret':borrowed (t_Range'0)) -> - [ &_19 <- _ret' ] - [ &_20 <- { _20 with current = _ret'.final } ] + [ &_20 <- _ret' ] + [ &_21 <- { _21 with current = _ret'.final } ] s2) - | s2 = next'0 {_19} (fun (_ret':t_Option'0) -> [ &_18 <- _ret' ] s3) + | s2 = next'0 {_20} (fun (_ret':t_Option'0) -> [ &_19 <- _ret' ] s3) | s3 = bb8 ] | bb8 = s0 - [ s0 = -{resolve'0 _20}- s1 - | s1 = any [ br0 -> {_18 = C_None'0 } (! bb11) | br1 (x0:usize)-> {_18 = C_Some'0 x0} (! bb10) ] ] + [ s0 = -{resolve'0 _21}- s1 + | s1 = any [ br0 -> {_19 = C_None'0 } (! bb11) | br1 (x0:usize)-> {_19 = C_Some'0 x0} (! bb10) ] ] | bb10 = bb12 | bb12 = s0 - [ s0 = v_Some'0 {_18} (fun (r0'0:usize) -> [ &__creusot_proc_iter_elem <- r0'0 ] s1) + [ s0 = v_Some'0 {_19} (fun (r0'0:usize) -> [ &__creusot_proc_iter_elem <- r0'0 ] s1) | s1 = - [ &_23 <- [%#s03_knuth_shuffle6] Snapshot.new (Seq.(++) (Snapshot.inner produced) (Seq.singleton __creusot_proc_iter_elem)) ] + [ &_24 <- [%#s03_knuth_shuffle6] Snapshot.new (Seq.(++) (Snapshot.inner produced) (Seq.singleton __creusot_proc_iter_elem)) ] s2 | s2 = bb13 ] | bb13 = s0 - [ s0 = [ &produced <- _23 ] s1 + [ s0 = [ &produced <- _24 ] s1 | s1 = [ &n <- __creusot_proc_iter_elem ] s2 - | s2 = len'0 {v.current} (fun (_ret':usize) -> [ &_27 <- _ret' ] s3) + | s2 = len'0 {v.current} (fun (_ret':usize) -> [ &_28 <- _ret' ] s3) | s3 = bb14 ] | bb14 = s0 - [ s0 = UIntSize.sub {_27} {n} (fun (_ret':usize) -> [ &upper <- _ret' ] s1) + [ s0 = UIntSize.sub {_28} {n} (fun (_ret':usize) -> [ &upper <- _ret' ] s1) | s1 = rand_in_range'0 {[%#s03_knuth_shuffle7] (0 : usize)} {upper} (fun (_ret':usize) -> [ &i <- _ret' ] s2) | s2 = bb15 ] @@ -390,26 +390,26 @@ module M_03_knuth_shuffle__knuth_shuffle [#"03_knuth_shuffle.rs" 13 0 13 39] [ s0 = {inv'2 v.current} Borrow.borrow_mut {v.current} (fun (_ret':borrowed (t_Vec'0)) -> - [ &_35 <- _ret' ] + [ &_36 <- _ret' ] -{inv'2 _ret'.final}- [ &v <- { v with current = _ret'.final } ] s1) - | s1 = deref_mut'0 {_35} (fun (_ret':borrowed (slice t_T'0)) -> [ &_34 <- _ret' ] s2) + | s1 = deref_mut'0 {_36} (fun (_ret':borrowed (slice t_T'0)) -> [ &_35 <- _ret' ] s2) | s2 = bb16 ] | bb16 = s0 - [ s0 = {inv'3 _34.current} - Borrow.borrow_final {_34.current} {Borrow.get_id _34} + [ s0 = {inv'3 _35.current} + Borrow.borrow_final {_35.current} {Borrow.get_id _35} (fun (_ret':borrowed (slice t_T'0)) -> - [ &_33 <- _ret' ] + [ &_34 <- _ret' ] -{inv'3 _ret'.final}- - [ &_34 <- { _34 with current = _ret'.final } ] + [ &_35 <- { _35 with current = _ret'.final } ] s1) - | s1 = UIntSize.sub {upper} {[%#s03_knuth_shuffle8] (1 : usize)} (fun (_ret':usize) -> [ &_37 <- _ret' ] s2) - | s2 = swap'0 {_33} {i} {_37} (fun (_ret':()) -> [ &_32 <- _ret' ] s3) + | s1 = UIntSize.sub {upper} {[%#s03_knuth_shuffle8] (1 : usize)} (fun (_ret':usize) -> [ &_38 <- _ret' ] s2) + | s2 = swap'0 {_34} {i} {_38} (fun (_ret':()) -> [ &_33 <- _ret' ] s3) | s3 = bb17 ] - | bb17 = s0 [ s0 = {[@expl:type invariant] inv'4 _34} s1 | s1 = -{resolve'1 _34}- s2 | s2 = bb6 ] ] + | bb17 = s0 [ s0 = {[@expl:type invariant] inv'4 _35} s1 | s1 = -{resolve'1 _35}- s2 | s2 = bb6 ] ] ] | bb11 = s0 [ s0 = {[@expl:type invariant] inv'5 v} s1 | s1 = -{resolve'2 v}- s2 | s2 = return' {_0} ] ] @@ -422,20 +422,20 @@ module M_03_knuth_shuffle__knuth_shuffle [#"03_knuth_shuffle.rs" 13 0 13 39] | & _7 : usize = any_l () | & iter_old : Snapshot.snap_ty (t_Range'0) = any_l () | & produced : Snapshot.snap_ty (Seq.seq usize) = any_l () - | & _18 : t_Option'0 = any_l () - | & _19 : borrowed (t_Range'0) = any_l () + | & _19 : t_Option'0 = any_l () | & _20 : borrowed (t_Range'0) = any_l () + | & _21 : borrowed (t_Range'0) = any_l () | & __creusot_proc_iter_elem : usize = any_l () - | & _23 : Snapshot.snap_ty (Seq.seq usize) = any_l () + | & _24 : Snapshot.snap_ty (Seq.seq usize) = any_l () | & n : usize = any_l () | & upper : usize = any_l () - | & _27 : usize = any_l () + | & _28 : usize = any_l () | & i : usize = any_l () - | & _32 : () = any_l () - | & _33 : borrowed (slice t_T'0) = any_l () + | & _33 : () = any_l () | & _34 : borrowed (slice t_T'0) = any_l () - | & _35 : borrowed (t_Vec'0) = any_l () - | & _37 : usize = any_l () + | & _35 : borrowed (slice t_T'0) = any_l () + | & _36 : borrowed (t_Vec'0) = any_l () + | & _38 : usize = any_l () | & old_6_0 : Snapshot.snap_ty (borrowed (t_Vec'0)) = any_l () ] [ return' (result:())-> {[@expl:knuth_shuffle ensures] [%#s03_knuth_shuffle10] permutation_of'0 (view'2 v.final) (view'0 v)} diff --git a/creusot/tests/should_succeed/vector/04_binary_search.coma b/creusot/tests/should_succeed/vector/04_binary_search.coma index 00c2f2ffc..cae5d681d 100644 --- a/creusot/tests/should_succeed/vector/04_binary_search.coma +++ b/creusot/tests/should_succeed/vector/04_binary_search.coma @@ -138,48 +138,48 @@ module M_04_binary_search__binary_search [#"04_binary_search.rs" 26 0 26 71] /\ UIntSize.to_int i < Seq.length (view'0 arr) -> elem < index_logic'0 arr (UIntSize.to_int i)} (! s0) [ s0 = bb6 ] [ bb6 = s0 - [ s0 = UIntSize.gt {size} {[%#s04_binary_search6] (1 : usize)} (fun (_ret':bool) -> [ &_21 <- _ret' ] s1) - | s1 = any [ br0 -> {_21 = false} (! bb13) | br1 -> {_21} (! bb7) ] ] + [ s0 = UIntSize.gt {size} {[%#s04_binary_search6] (1 : usize)} (fun (_ret':bool) -> [ &_22 <- _ret' ] s1) + | s1 = any [ br0 -> {_22 = false} (! bb13) | br1 -> {_22} (! bb7) ] ] | bb7 = s0 [ s0 = UIntSize.eq {[%#s04_binary_search7] (2 : usize)} {[%#s04_binary_search8] (0 : usize)} - (fun (_ret':bool) -> [ &_25 <- _ret' ] s1) - | s1 = {[@expl:division by zero] [%#s04_binary_search8] not _25} s2 + (fun (_ret':bool) -> [ &_26 <- _ret' ] s1) + | s1 = {[@expl:division by zero] [%#s04_binary_search8] not _26} s2 | s2 = bb8 ] | bb8 = s0 [ s0 = UIntSize.div {size} {[%#s04_binary_search7] (2 : usize)} (fun (_ret':usize) -> [ &half <- _ret' ] s1) | s1 = UIntSize.add {base} {half} (fun (_ret':usize) -> [ &mid <- _ret' ] s2) - | s2 = index'0 {arr} {mid} (fun (_ret':uint32) -> [ &_32 <- _ret' ] s3) + | s2 = index'0 {arr} {mid} (fun (_ret':uint32) -> [ &_33 <- _ret' ] s3) | s3 = bb9 ] | bb9 = s0 - [ s0 = UInt32.gt {_32} {elem} (fun (_ret':bool) -> [ &_30 <- _ret' ] s1) - | s1 = any [ br0 -> {_30 = false} (! bb11) | br1 -> {_30} (! bb10) ] ] + [ s0 = UInt32.gt {_33} {elem} (fun (_ret':bool) -> [ &_31 <- _ret' ] s1) + | s1 = any [ br0 -> {_31 = false} (! bb11) | br1 -> {_31} (! bb10) ] ] - | bb10 = s0 [ s0 = [ &_29 <- base ] s1 | s1 = bb12 ] - | bb11 = s0 [ s0 = [ &_29 <- mid ] s1 | s1 = bb12 ] + | bb10 = s0 [ s0 = [ &_30 <- base ] s1 | s1 = bb12 ] + | bb11 = s0 [ s0 = [ &_30 <- mid ] s1 | s1 = bb12 ] | bb12 = s0 - [ s0 = [ &base <- _29 ] s1 + [ s0 = [ &base <- _30 ] s1 | s1 = UIntSize.sub {size} {half} (fun (_ret':usize) -> [ &size <- _ret' ] s2) | s2 = bb5 ] ] ] - | bb13 = s0 [ s0 = index'0 {arr} {base} (fun (_ret':uint32) -> [ &_41 <- _ret' ] s1) | s1 = bb14 ] + | bb13 = s0 [ s0 = index'0 {arr} {base} (fun (_ret':uint32) -> [ &_40 <- _ret' ] s1) | s1 = bb14 ] | bb14 = s0 - [ s0 = [ &cmp <- _41 ] s1 - | s1 = UInt32.eq {cmp} {elem} (fun (_ret':bool) -> [ &_44 <- _ret' ] s2) - | s2 = any [ br0 -> {_44 = false} (! bb16) | br1 -> {_44} (! bb15) ] ] + [ s0 = [ &cmp <- _40 ] s1 + | s1 = UInt32.eq {cmp} {elem} (fun (_ret':bool) -> [ &_43 <- _ret' ] s2) + | s2 = any [ br0 -> {_43 = false} (! bb16) | br1 -> {_43} (! bb15) ] ] | bb15 = s0 [ s0 = [ &_0 <- C_Ok'0 base ] s1 | s1 = bb20 ] | bb16 = s0 - [ s0 = UInt32.lt {cmp} {elem} (fun (_ret':bool) -> [ &_48 <- _ret' ] s1) - | s1 = any [ br0 -> {_48 = false} (! bb18) | br1 -> {_48} (! bb17) ] ] + [ s0 = UInt32.lt {cmp} {elem} (fun (_ret':bool) -> [ &_47 <- _ret' ] s1) + | s1 = any [ br0 -> {_47 = false} (! bb18) | br1 -> {_47} (! bb17) ] ] | bb17 = s0 - [ s0 = UIntSize.add {base} {[%#s04_binary_search9] (1 : usize)} (fun (_ret':usize) -> [ &_51 <- _ret' ] s1) - | s1 = [ &_0 <- C_Err'0 _51 ] s2 + [ s0 = UIntSize.add {base} {[%#s04_binary_search9] (1 : usize)} (fun (_ret':usize) -> [ &_50 <- _ret' ] s1) + | s1 = [ &_0 <- C_Err'0 _50 ] s2 | s2 = bb19 ] | bb18 = s0 [ s0 = [ &_0 <- C_Err'0 base ] s1 | s1 = bb19 ] @@ -194,18 +194,18 @@ module M_04_binary_search__binary_search [#"04_binary_search.rs" 26 0 26 71] | & _10 : usize = any_l () | & size : usize = any_l () | & base : usize = any_l () - | & _21 : bool = any_l () + | & _22 : bool = any_l () | & half : usize = any_l () - | & _25 : bool = any_l () + | & _26 : bool = any_l () | & mid : usize = any_l () - | & _29 : usize = any_l () - | & _30 : bool = any_l () - | & _32 : uint32 = any_l () + | & _30 : usize = any_l () + | & _31 : bool = any_l () + | & _33 : uint32 = any_l () | & cmp : uint32 = any_l () - | & _41 : uint32 = any_l () - | & _44 : bool = any_l () - | & _48 : bool = any_l () - | & _51 : usize = any_l () ] + | & _40 : uint32 = any_l () + | & _43 : bool = any_l () + | & _47 : bool = any_l () + | & _50 : usize = any_l () ] [ return' (result:t_Result'0)-> {[@expl:binary_search ensures #0] [%#s04_binary_search12] forall x : usize . result = C_Ok'0 x -> index_logic'0 arr (UIntSize.to_int x) = elem} diff --git a/creusot/tests/should_succeed/vector/05_binary_search_generic.coma b/creusot/tests/should_succeed/vector/05_binary_search_generic.coma index 0f2c57d52..daea3367f 100644 --- a/creusot/tests/should_succeed/vector/05_binary_search_generic.coma +++ b/creusot/tests/should_succeed/vector/05_binary_search_generic.coma @@ -290,10 +290,8 @@ module M_05_binary_search_generic__binary_search [#"05_binary_search_generic.rs" | bb6 = s0 [ s0 = len'0 {arr} (fun (_ret':usize) -> [ &size <- _ret' ] s1) | s1 = bb7 ] | bb7 = s0 [ s0 = [ &base <- [%#s05_binary_search_generic2] (0 : usize) ] s1 | s1 = bb8 ] - | bb8 = bb9 - | bb9 = bb10 - | bb10 = bb10 - [ bb10 = {[@expl:loop invariant #0] [%#s05_binary_search_generic5] 0 < UIntSize.to_int size + | bb8 = bb8 + [ bb8 = {[@expl:loop invariant #0] [%#s05_binary_search_generic5] 0 < UIntSize.to_int size /\ UIntSize.to_int size + UIntSize.to_int base <= Seq.length (view'0 arr)} {[@expl:loop invariant #1] [%#s05_binary_search_generic4] forall i : usize . i < base -> le_log'0 (Seq.get (deep_model'1 arr) (UIntSize.to_int i)) (deep_model'0 elem)} @@ -302,50 +300,52 @@ module M_05_binary_search_generic__binary_search [#"05_binary_search_generic.rs" <= UIntSize.to_int i /\ UIntSize.to_int i < Seq.length (view'0 arr) -> lt_log'0 (deep_model'0 elem) (Seq.get (deep_model'1 arr) (UIntSize.to_int i))} - (! s0) [ s0 = bb11 ] - [ bb11 = s0 + (! s0) [ s0 = bb9 ] + [ bb9 = bb10 + | bb10 = bb11 + | bb11 = s0 [ s0 = UIntSize.gt {size} {[%#s05_binary_search_generic6] (1 : usize)} - (fun (_ret':bool) -> [ &_21 <- _ret' ] s1) - | s1 = any [ br0 -> {_21 = false} (! bb19) | br1 -> {_21} (! bb12) ] ] + (fun (_ret':bool) -> [ &_22 <- _ret' ] s1) + | s1 = any [ br0 -> {_22 = false} (! bb19) | br1 -> {_22} (! bb12) ] ] | bb12 = s0 [ s0 = UIntSize.eq {[%#s05_binary_search_generic7] (2 : usize)} {[%#s05_binary_search_generic8] (0 : usize)} - (fun (_ret':bool) -> [ &_25 <- _ret' ] s1) - | s1 = {[@expl:division by zero] [%#s05_binary_search_generic8] not _25} s2 + (fun (_ret':bool) -> [ &_26 <- _ret' ] s1) + | s1 = {[@expl:division by zero] [%#s05_binary_search_generic8] not _26} s2 | s2 = bb13 ] | bb13 = s0 [ s0 = UIntSize.div {size} {[%#s05_binary_search_generic7] (2 : usize)} (fun (_ret':usize) -> [ &half <- _ret' ] s1) | s1 = UIntSize.add {base} {half} (fun (_ret':usize) -> [ &mid <- _ret' ] s2) - | s2 = index'0 {arr} {mid} (fun (_ret':t_T'0) -> [ &_32 <- _ret' ] s3) + | s2 = index'0 {arr} {mid} (fun (_ret':t_T'0) -> [ &_33 <- _ret' ] s3) | s3 = bb14 ] - | bb14 = s0 [ s0 = gt'0 {_32} {elem} (fun (_ret':bool) -> [ &_30 <- _ret' ] s1) | s1 = bb15 ] - | bb15 = any [ br0 -> {_30 = false} (! bb17) | br1 -> {_30} (! bb16) ] - | bb16 = s0 [ s0 = [ &_29 <- base ] s1 | s1 = bb18 ] - | bb17 = s0 [ s0 = [ &_29 <- mid ] s1 | s1 = bb18 ] + | bb14 = s0 [ s0 = gt'0 {_33} {elem} (fun (_ret':bool) -> [ &_31 <- _ret' ] s1) | s1 = bb15 ] + | bb15 = any [ br0 -> {_31 = false} (! bb17) | br1 -> {_31} (! bb16) ] + | bb16 = s0 [ s0 = [ &_30 <- base ] s1 | s1 = bb18 ] + | bb17 = s0 [ s0 = [ &_30 <- mid ] s1 | s1 = bb18 ] | bb18 = s0 - [ s0 = [ &base <- _29 ] s1 + [ s0 = [ &base <- _30 ] s1 | s1 = UIntSize.sub {size} {half} (fun (_ret':usize) -> [ &size <- _ret' ] s2) - | s2 = bb10 ] + | s2 = bb8 ] ] ] - | bb19 = s0 [ s0 = index'0 {arr} {base} (fun (_ret':t_T'0) -> [ &_41 <- _ret' ] s1) | s1 = bb20 ] + | bb19 = s0 [ s0 = index'0 {arr} {base} (fun (_ret':t_T'0) -> [ &_40 <- _ret' ] s1) | s1 = bb20 ] | bb20 = s0 - [ s0 = [ &cmp <- _41 ] s1 - | s1 = [ &_47 <- elem ] s2 - | s2 = cmp'0 {cmp} {_47} (fun (_ret':t_Ordering'0) -> [ &_44 <- _ret' ] s3) + [ s0 = [ &cmp <- _40 ] s1 + | s1 = [ &_46 <- elem ] s2 + | s2 = cmp'0 {cmp} {_46} (fun (_ret':t_Ordering'0) -> [ &_43 <- _ret' ] s3) | s3 = bb21 ] | bb21 = s0 [ s0 = {[@expl:type invariant] inv'0 elem} s1 | s1 = -{resolve'0 elem}- s2 | s2 = any - [ br0 -> {_44 = C_Less'0 } (! bb24) - | br1 -> {_44 = C_Equal'0 } (! bb23) - | br2 -> {_44 = C_Greater'0 } (! bb25) ] + [ br0 -> {_43 = C_Less'0 } (! bb24) + | br1 -> {_43 = C_Equal'0 } (! bb23) + | br2 -> {_43 = C_Greater'0 } (! bb25) ] ] | bb25 = s0 [ s0 = [ &_0 <- C_Err'0 base ] s1 | s1 = bb28 ] @@ -354,8 +354,8 @@ module M_05_binary_search_generic__binary_search [#"05_binary_search_generic.rs" | bb24 = bb27 | bb27 = s0 [ s0 = UIntSize.add {base} {[%#s05_binary_search_generic9] (1 : usize)} - (fun (_ret':usize) -> [ &_50 <- _ret' ] s1) - | s1 = [ &_0 <- C_Err'0 _50 ] s2 + (fun (_ret':usize) -> [ &_49 <- _ret' ] s1) + | s1 = [ &_0 <- C_Err'0 _49 ] s2 | s2 = bb28 ] | bb28 = bb29 @@ -368,18 +368,18 @@ module M_05_binary_search_generic__binary_search [#"05_binary_search_generic.rs" | & _10 : usize = any_l () | & size : usize = any_l () | & base : usize = any_l () - | & _21 : bool = any_l () + | & _22 : bool = any_l () | & half : usize = any_l () - | & _25 : bool = any_l () + | & _26 : bool = any_l () | & mid : usize = any_l () - | & _29 : usize = any_l () - | & _30 : bool = any_l () - | & _32 : t_T'0 = any_l () + | & _30 : usize = any_l () + | & _31 : bool = any_l () + | & _33 : t_T'0 = any_l () | & cmp : t_T'0 = any_l () - | & _41 : t_T'0 = any_l () - | & _44 : t_Ordering'0 = any_l () - | & _47 : t_T'0 = any_l () - | & _50 : usize = any_l () ] + | & _40 : t_T'0 = any_l () + | & _43 : t_Ordering'0 = any_l () + | & _46 : t_T'0 = any_l () + | & _49 : usize = any_l () ] [ return' (result:t_Result'0)-> {[@expl:binary_search ensures #0] [%#s05_binary_search_generic14] forall x : usize . result = C_Ok'0 x -> Seq.get (deep_model'1 arr) (UIntSize.to_int x) = deep_model'0 elem} diff --git a/creusot/tests/should_succeed/vector/06_knights_tour.coma b/creusot/tests/should_succeed/vector/06_knights_tour.coma index ff2ae605a..c7fc8e7c5 100644 --- a/creusot/tests/should_succeed/vector/06_knights_tour.coma +++ b/creusot/tests/should_succeed/vector/06_knights_tour.coma @@ -1078,53 +1078,53 @@ module M_06_knights_tour__qyi4580598960913230815__count_degree [#"06_knights_tou [ s0 = [ &produced <- [%#s06_knights_tour3] Snapshot.new (Seq.empty : Seq.seq (isize, isize)) ] s1 | s1 = bb4 ] | bb4 = bb5 - | bb5 = bb6 - | bb6 = bb7 - | bb7 = bb7 - [ bb7 = {[@expl:for invariant] [%#s06_knights_tour5] inv'1 (Snapshot.inner produced)} + | bb5 = bb5 + [ bb5 = {[@expl:for invariant] [%#s06_knights_tour5] inv'1 (Snapshot.inner produced)} {[@expl:for invariant] [%#s06_knights_tour5] inv'0 iter} {[@expl:for invariant] [%#s06_knights_tour5] produces'0 (Snapshot.inner iter_old) (Snapshot.inner produced) iter} {[@expl:loop invariant] [%#s06_knights_tour4] UIntSize.to_int count <= Seq.length (Snapshot.inner produced)} - (! s0) [ s0 = bb8 ] - [ bb8 = s0 + (! s0) [ s0 = bb6 ] + [ bb6 = bb7 + | bb7 = bb8 + | bb8 = s0 [ s0 = Borrow.borrow_mut {iter} - (fun (_ret':borrowed (t_IntoIter'0)) -> [ &_20 <- _ret' ] [ &iter <- _ret'.final ] s1) - | s1 = Borrow.borrow_final {_20.current} {Borrow.get_id _20} + (fun (_ret':borrowed (t_IntoIter'0)) -> [ &_21 <- _ret' ] [ &iter <- _ret'.final ] s1) + | s1 = Borrow.borrow_final {_21.current} {Borrow.get_id _21} (fun (_ret':borrowed (t_IntoIter'0)) -> - [ &_19 <- _ret' ] - [ &_20 <- { _20 with current = _ret'.final } ] + [ &_20 <- _ret' ] + [ &_21 <- { _21 with current = _ret'.final } ] s2) - | s2 = next'0 {_19} (fun (_ret':t_Option'0) -> [ &_18 <- _ret' ] s3) + | s2 = next'0 {_20} (fun (_ret':t_Option'0) -> [ &_19 <- _ret' ] s3) | s3 = bb9 ] | bb9 = s0 - [ s0 = -{resolve'0 _20}- s1 - | s1 = any [ br0 -> {_18 = C_None'0 } (! bb12) | br1 (x0:(isize, isize))-> {_18 = C_Some'0 x0} (! bb11) ] ] + [ s0 = -{resolve'0 _21}- s1 + | s1 = any [ br0 -> {_19 = C_None'0 } (! bb12) | br1 (x0:(isize, isize))-> {_19 = C_Some'0 x0} (! bb11) ] ] | bb11 = bb13 | bb13 = s0 - [ s0 = v_Some'0 {_18} (fun (r0'0:(isize, isize)) -> [ &__creusot_proc_iter_elem <- r0'0 ] s1) + [ s0 = v_Some'0 {_19} (fun (r0'0:(isize, isize)) -> [ &__creusot_proc_iter_elem <- r0'0 ] s1) | s1 = - [ &_23 <- [%#s06_knights_tour6] Snapshot.new (Seq.(++) (Snapshot.inner produced) (Seq.singleton __creusot_proc_iter_elem)) ] + [ &_24 <- [%#s06_knights_tour6] Snapshot.new (Seq.(++) (Snapshot.inner produced) (Seq.singleton __creusot_proc_iter_elem)) ] s2 | s2 = bb14 ] | bb14 = s0 - [ s0 = [ &produced <- _23 ] s1 + [ s0 = [ &produced <- _24 ] s1 | s1 = [ &m <- __creusot_proc_iter_elem ] s2 - | s2 = [ &_29 <- m ] s3 - | s3 = mov'0 {p} {_29} (fun (_ret':t_Point'0) -> [ &next <- _ret' ] s4) + | s2 = [ &_30 <- m ] s3 + | s3 = mov'0 {p} {_30} (fun (_ret':t_Point'0) -> [ &next <- _ret' ] s4) | s4 = bb15 ] - | bb15 = s0 [ s0 = available'0 {self} {next} (fun (_ret':bool) -> [ &_30 <- _ret' ] s1) | s1 = bb16 ] - | bb16 = any [ br0 -> {_30 = false} (! bb18) | br1 -> {_30} (! bb17) ] + | bb15 = s0 [ s0 = available'0 {self} {next} (fun (_ret':bool) -> [ &_31 <- _ret' ] s1) | s1 = bb16 ] + | bb16 = any [ br0 -> {_31 = false} (! bb18) | br1 -> {_31} (! bb17) ] | bb17 = s0 [ s0 = UIntSize.add {count} {[%#s06_knights_tour7] (1 : usize)} (fun (_ret':usize) -> [ &count <- _ret' ] s1) | s1 = bb19 ] | bb18 = bb19 - | bb19 = bb7 ] + | bb19 = bb5 ] ] | bb12 = bb20 @@ -1138,15 +1138,15 @@ module M_06_knights_tour__qyi4580598960913230815__count_degree [#"06_knights_tou | & _8 : t_Vec'0 = any_l () | & iter_old : Snapshot.snap_ty (t_IntoIter'0) = any_l () | & produced : Snapshot.snap_ty (Seq.seq (isize, isize)) = any_l () - | & _18 : t_Option'0 = any_l () - | & _19 : borrowed (t_IntoIter'0) = any_l () + | & _19 : t_Option'0 = any_l () | & _20 : borrowed (t_IntoIter'0) = any_l () + | & _21 : borrowed (t_IntoIter'0) = any_l () | & __creusot_proc_iter_elem : (isize, isize) = any_l () - | & _23 : Snapshot.snap_ty (Seq.seq (isize, isize)) = any_l () + | & _24 : Snapshot.snap_ty (Seq.seq (isize, isize)) = any_l () | & m : (isize, isize) = any_l () | & next : t_Point'0 = any_l () - | & _29 : (isize, isize) = any_l () - | & _30 : bool = any_l () ] + | & _30 : (isize, isize) = any_l () + | & _31 : bool = any_l () ] [ return' (result:usize)-> (! return' {result}) ] end module M_06_knights_tour__qyi4580598960913230815__set [#"06_knights_tour.rs" 87 4 87 41] (* Board *) @@ -1617,27 +1617,27 @@ module M_06_knights_tour__min [#"06_knights_tour.rs" 110 0 110 58] (! s0) [ s0 = bb5 ] [ bb5 = s0 [ s0 = Borrow.borrow_mut {iter} - (fun (_ret':borrowed (t_Iter'0)) -> [ &_18 <- _ret' ] [ &iter <- _ret'.final ] s1) - | s1 = Borrow.borrow_final {_18.current} {Borrow.get_id _18} - (fun (_ret':borrowed (t_Iter'0)) -> [ &_17 <- _ret' ] [ &_18 <- { _18 with current = _ret'.final } ] s2) - | s2 = next'0 {_17} (fun (_ret':t_Option'0) -> [ &_16 <- _ret' ] s3) + (fun (_ret':borrowed (t_Iter'0)) -> [ &_19 <- _ret' ] [ &iter <- _ret'.final ] s1) + | s1 = Borrow.borrow_final {_19.current} {Borrow.get_id _19} + (fun (_ret':borrowed (t_Iter'0)) -> [ &_18 <- _ret' ] [ &_19 <- { _19 with current = _ret'.final } ] s2) + | s2 = next'0 {_18} (fun (_ret':t_Option'0) -> [ &_17 <- _ret' ] s3) | s3 = bb6 ] | bb6 = s0 - [ s0 = -{resolve'0 _18}- s1 - | s1 = any [ br0 -> {_16 = C_None'0 } (! bb9) | br1 (x0:(usize, t_Point'0))-> {_16 = C_Some'0 x0} (! bb8) ] ] + [ s0 = -{resolve'0 _19}- s1 + | s1 = any [ br0 -> {_17 = C_None'0 } (! bb9) | br1 (x0:(usize, t_Point'0))-> {_17 = C_Some'0 x0} (! bb8) ] ] | bb8 = bb10 | bb10 = s0 - [ s0 = v_Some'0 {_16} (fun (r0'0:(usize, t_Point'0)) -> [ &__creusot_proc_iter_elem <- r0'0 ] s1) + [ s0 = v_Some'0 {_17} (fun (r0'0:(usize, t_Point'0)) -> [ &__creusot_proc_iter_elem <- r0'0 ] s1) | s1 = - [ &_21 <- [%#s06_knights_tour4] Snapshot.new (Seq.(++) (Snapshot.inner produced) (Seq.singleton __creusot_proc_iter_elem)) ] + [ &_22 <- [%#s06_knights_tour4] Snapshot.new (Seq.(++) (Snapshot.inner produced) (Seq.singleton __creusot_proc_iter_elem)) ] s2 | s2 = bb11 ] | bb11 = s0 - [ s0 = [ &produced <- _21 ] s1 + [ s0 = [ &produced <- _22 ] s1 | s1 = [ &x <- __creusot_proc_iter_elem ] s2 | s2 = any [ br0 -> {min = C_None'0 } (! bb13) | br1 (x0:(usize, t_Point'0))-> {min = C_Some'0 x0} (! bb14) ] @@ -1646,14 +1646,14 @@ module M_06_knights_tour__min [#"06_knights_tour.rs" 110 0 110 58] | bb14 = s0 [ s0 = v_Some'0 {min} (fun (r0'0:(usize, t_Point'0)) -> [ &m <- r0'0 ] s1) | s1 = UIntSize.lt {let (r'0, _) = x in r'0} {let (r'1, _) = m in r'1} - (fun (_ret':bool) -> [ &_29 <- _ret' ] s2) - | s2 = any [ br0 -> {_29 = false} (! bb17) | br1 -> {_29} (! bb16) ] ] + (fun (_ret':bool) -> [ &_30 <- _ret' ] s2) + | s2 = any [ br0 -> {_30 = false} (! bb17) | br1 -> {_30} (! bb16) ] ] - | bb16 = s0 [ s0 = [ &_32 <- C_Some'0 x ] s1 | s1 = [ &min <- _32 ] s2 | s2 = bb18 ] + | bb16 = s0 [ s0 = [ &_33 <- C_Some'0 x ] s1 | s1 = [ &min <- _33 ] s2 | s2 = bb18 ] | bb17 = bb18 | bb18 = bb19 | bb13 = bb15 - | bb15 = s0 [ s0 = [ &_26 <- C_Some'0 x ] s1 | s1 = [ &min <- _26 ] s2 | s2 = bb19 ] + | bb15 = s0 [ s0 = [ &_27 <- C_Some'0 x ] s1 | s1 = [ &min <- _27 ] s2 | s2 = bb19 ] | bb19 = bb4 ] ] @@ -1665,16 +1665,16 @@ module M_06_knights_tour__min [#"06_knights_tour.rs" 110 0 110 58] | & iter : t_Iter'0 = any_l () | & iter_old : Snapshot.snap_ty (t_Iter'0) = any_l () | & produced : Snapshot.snap_ty (Seq.seq (usize, t_Point'0)) = any_l () - | & _16 : t_Option'0 = any_l () - | & _17 : borrowed (t_Iter'0) = any_l () + | & _17 : t_Option'0 = any_l () | & _18 : borrowed (t_Iter'0) = any_l () + | & _19 : borrowed (t_Iter'0) = any_l () | & __creusot_proc_iter_elem : (usize, t_Point'0) = any_l () - | & _21 : Snapshot.snap_ty (Seq.seq (usize, t_Point'0)) = any_l () + | & _22 : Snapshot.snap_ty (Seq.seq (usize, t_Point'0)) = any_l () | & x : (usize, t_Point'0) = any_l () - | & _26 : t_Option'0 = any_l () + | & _27 : t_Option'0 = any_l () | & m : (usize, t_Point'0) = any_l () - | & _29 : bool = any_l () - | & _32 : t_Option'0 = any_l () ] + | & _30 : bool = any_l () + | & _33 : t_Option'0 = any_l () ] [ return' (result:t_Option'0)-> {[@expl:min ensures] [%#s06_knights_tour5] forall r : (usize, t_Point'0) . result = C_Some'0 r -> (exists i : int . 0 <= i /\ i < Seq.length (view'0 v) /\ index_logic'0 v i = r)} @@ -2268,137 +2268,137 @@ module M_06_knights_tour__knights_tour [#"06_knights_tour.rs" 135 0 135 69] | bb4 = s0 [ s0 = [ &iter_old <- [%#s06_knights_tour3] Snapshot.new iter ] s1 | s1 = bb5 ] | bb5 = s0 [ s0 = [ &produced <- [%#s06_knights_tour4] Snapshot.new (Seq.empty : Seq.seq usize) ] s1 | s1 = bb6 ] | bb6 = bb7 - | bb7 = bb8 - | bb8 = bb9 - | bb9 = bb9 - [ bb9 = {[@expl:for invariant] [%#s06_knights_tour8] inv'1 (Snapshot.inner produced)} + | bb7 = bb7 + [ bb7 = {[@expl:for invariant] [%#s06_knights_tour8] inv'1 (Snapshot.inner produced)} {[@expl:for invariant] [%#s06_knights_tour8] inv'0 iter} {[@expl:for invariant] [%#s06_knights_tour8] produces'0 (Snapshot.inner iter_old) (Snapshot.inner produced) iter} {[@expl:loop invariant #0] [%#s06_knights_tour7] board.t_Board__size'0 = size} {[@expl:loop invariant #1] [%#s06_knights_tour6] wf'0 board} {[@expl:loop invariant #2] [%#s06_knights_tour5] in_bounds'0 board p} - (! s0) [ s0 = bb10 ] - [ bb10 = s0 + (! s0) [ s0 = bb8 ] + [ bb8 = bb9 + | bb9 = bb10 + | bb10 = s0 [ s0 = Borrow.borrow_mut {iter} - (fun (_ret':borrowed (t_Range'0)) -> [ &_38 <- _ret' ] [ &iter <- _ret'.final ] s1) - | s1 = Borrow.borrow_final {_38.current} {Borrow.get_id _38} + (fun (_ret':borrowed (t_Range'0)) -> [ &_39 <- _ret' ] [ &iter <- _ret'.final ] s1) + | s1 = Borrow.borrow_final {_39.current} {Borrow.get_id _39} (fun (_ret':borrowed (t_Range'0)) -> - [ &_37 <- _ret' ] - [ &_38 <- { _38 with current = _ret'.final } ] + [ &_38 <- _ret' ] + [ &_39 <- { _39 with current = _ret'.final } ] s2) - | s2 = next'0 {_37} (fun (_ret':t_Option'0) -> [ &_36 <- _ret' ] s3) + | s2 = next'0 {_38} (fun (_ret':t_Option'0) -> [ &_37 <- _ret' ] s3) | s3 = bb11 ] | bb11 = s0 - [ s0 = -{resolve'0 _38}- s1 - | s1 = any [ br0 -> {_36 = C_None'0 } (! bb14) | br1 (x0:usize)-> {_36 = C_Some'0 x0} (! bb13) ] ] + [ s0 = -{resolve'0 _39}- s1 + | s1 = any [ br0 -> {_37 = C_None'0 } (! bb14) | br1 (x0:usize)-> {_37 = C_Some'0 x0} (! bb13) ] ] | bb13 = bb15 | bb15 = s0 - [ s0 = v_Some'0 {_36} (fun (r0'0:usize) -> [ &__creusot_proc_iter_elem <- r0'0 ] s1) + [ s0 = v_Some'0 {_37} (fun (r0'0:usize) -> [ &__creusot_proc_iter_elem <- r0'0 ] s1) | s1 = - [ &_41 <- [%#s06_knights_tour9] Snapshot.new (Seq.(++) (Snapshot.inner produced) (Seq.singleton __creusot_proc_iter_elem)) ] + [ &_42 <- [%#s06_knights_tour9] Snapshot.new (Seq.(++) (Snapshot.inner produced) (Seq.singleton __creusot_proc_iter_elem)) ] s2 | s2 = bb16 ] | bb16 = s0 - [ s0 = [ &produced <- _41 ] s1 + [ s0 = [ &produced <- _42 ] s1 | s1 = [ &step <- __creusot_proc_iter_elem ] s2 | s2 = new'1 {[%#s06_knights_tour10] ()} (fun (_ret':t_Vec'0) -> [ &candidates <- _ret' ] s3) | s3 = bb17 ] | bb17 = s0 - [ s0 = moves'0 {[%#s06_knights_tour11] ()} (fun (_ret':t_Vec'1) -> [ &_47 <- _ret' ] s1) | s1 = bb18 ] + [ s0 = moves'0 {[%#s06_knights_tour11] ()} (fun (_ret':t_Vec'1) -> [ &_48 <- _ret' ] s1) | s1 = bb18 ] - | bb18 = s0 [ s0 = into_iter'1 {_47} (fun (_ret':t_IntoIter'0) -> [ &iter1 <- _ret' ] s1) | s1 = bb19 ] + | bb18 = s0 [ s0 = into_iter'1 {_48} (fun (_ret':t_IntoIter'0) -> [ &iter1 <- _ret' ] s1) | s1 = bb19 ] | bb19 = s0 [ s0 = [ &iter_old1 <- [%#s06_knights_tour12] Snapshot.new iter1 ] s1 | s1 = bb20 ] | bb20 = s0 [ s0 = [ &produced1 <- [%#s06_knights_tour13] Snapshot.new (Seq.empty : Seq.seq (isize, isize)) ] s1 | s1 = bb21 ] | bb21 = bb22 - | bb22 = bb23 - | bb23 = bb24 - | bb24 = bb25 - | bb25 = bb25 - [ bb25 = {[@expl:for invariant] [%#s06_knights_tour15] inv'3 (Snapshot.inner produced1)} + | bb22 = bb22 + [ bb22 = {[@expl:for invariant] [%#s06_knights_tour15] inv'3 (Snapshot.inner produced1)} {[@expl:for invariant] [%#s06_knights_tour15] inv'2 iter1} {[@expl:for invariant] [%#s06_knights_tour15] produces'1 (Snapshot.inner iter_old1) (Snapshot.inner produced1) iter1} {[@expl:loop invariant] [%#s06_knights_tour14] forall i : int . 0 <= i /\ i < Seq.length (view'0 candidates) -> in_bounds'0 board (let (_, a) = index_logic'0 candidates i in a)} - (! s0) [ s0 = bb26 ] - [ bb26 = s0 + (! s0) [ s0 = bb23 ] + [ bb23 = bb24 + | bb24 = bb25 + | bb25 = bb26 + | bb26 = s0 [ s0 = Borrow.borrow_mut {iter1} - (fun (_ret':borrowed (t_IntoIter'0)) -> [ &_58 <- _ret' ] [ &iter1 <- _ret'.final ] s1) - | s1 = Borrow.borrow_final {_58.current} {Borrow.get_id _58} + (fun (_ret':borrowed (t_IntoIter'0)) -> [ &_60 <- _ret' ] [ &iter1 <- _ret'.final ] s1) + | s1 = Borrow.borrow_final {_60.current} {Borrow.get_id _60} (fun (_ret':borrowed (t_IntoIter'0)) -> - [ &_57 <- _ret' ] - [ &_58 <- { _58 with current = _ret'.final } ] + [ &_59 <- _ret' ] + [ &_60 <- { _60 with current = _ret'.final } ] s2) - | s2 = next'1 {_57} (fun (_ret':t_Option'1) -> [ &_56 <- _ret' ] s3) + | s2 = next'1 {_59} (fun (_ret':t_Option'1) -> [ &_58 <- _ret' ] s3) | s3 = bb27 ] | bb27 = s0 - [ s0 = -{resolve'1 _58}- s1 + [ s0 = -{resolve'1 _60}- s1 | s1 = any - [ br0 -> {_56 = C_None'1 } (! bb30) | br1 (x0:(isize, isize))-> {_56 = C_Some'1 x0} (! bb29) ] + [ br0 -> {_58 = C_None'1 } (! bb30) | br1 (x0:(isize, isize))-> {_58 = C_Some'1 x0} (! bb29) ] ] | bb29 = bb31 | bb31 = s0 - [ s0 = v_Some'1 {_56} (fun (r0'0:(isize, isize)) -> [ &__creusot_proc_iter_elem1 <- r0'0 ] s1) + [ s0 = v_Some'1 {_58} (fun (r0'0:(isize, isize)) -> [ &__creusot_proc_iter_elem1 <- r0'0 ] s1) | s1 = - [ &_61 <- [%#s06_knights_tour16] Snapshot.new (Seq.(++) (Snapshot.inner produced1) (Seq.singleton __creusot_proc_iter_elem1)) ] + [ &_63 <- [%#s06_knights_tour16] Snapshot.new (Seq.(++) (Snapshot.inner produced1) (Seq.singleton __creusot_proc_iter_elem1)) ] s2 | s2 = bb32 ] | bb32 = s0 - [ s0 = [ &produced1 <- _61 ] s1 + [ s0 = [ &produced1 <- _63 ] s1 | s1 = [ &m <- __creusot_proc_iter_elem1 ] s2 | s2 = {[@expl:assertion] [%#s06_knights_tour17] forall r : Seq.seq (isize, isize), a : Seq.seq (isize, isize), b : Seq.seq (isize, isize) . r = Seq.(++) a (Seq.(++) (Seq.singleton m) b) -> m = Seq.get r (Seq.length a)} s3 - | s3 = [ &_69 <- m ] s4 - | s4 = mov'0 {p} {_69} (fun (_ret':t_Point'0) -> [ &adj <- _ret' ] s5) + | s3 = [ &_71 <- m ] s4 + | s4 = mov'0 {p} {_71} (fun (_ret':t_Point'0) -> [ &adj <- _ret' ] s5) | s5 = bb33 ] - | bb33 = s0 [ s0 = available'0 {board} {adj} (fun (_ret':bool) -> [ &_70 <- _ret' ] s1) | s1 = bb34 ] - | bb34 = any [ br0 -> {_70 = false} (! bb38) | br1 -> {_70} (! bb35) ] + | bb33 = s0 [ s0 = available'0 {board} {adj} (fun (_ret':bool) -> [ &_72 <- _ret' ] s1) | s1 = bb34 ] + | bb34 = any [ br0 -> {_72 = false} (! bb38) | br1 -> {_72} (! bb35) ] | bb35 = s0 [ s0 = count_degree'0 {board} {adj} (fun (_ret':usize) -> [ °ree <- _ret' ] s1) | s1 = bb36 ] | bb36 = s0 [ s0 = Borrow.borrow_mut {candidates} - (fun (_ret':borrowed (t_Vec'0)) -> [ &_77 <- _ret' ] [ &candidates <- _ret'.final ] s1) - | s1 = [ &_78 <- (degree, adj) ] s2 - | s2 = push'0 {_77} {_78} (fun (_ret':()) -> [ &_76 <- _ret' ] s3) + (fun (_ret':borrowed (t_Vec'0)) -> [ &_79 <- _ret' ] [ &candidates <- _ret'.final ] s1) + | s1 = [ &_80 <- (degree, adj) ] s2 + | s2 = push'0 {_79} {_80} (fun (_ret':()) -> [ &_78 <- _ret' ] s3) | s3 = bb37 ] | bb37 = bb39 | bb38 = bb39 - | bb39 = bb25 ] + | bb39 = bb22 ] ] | bb30 = bb40 | bb40 = s0 - [ s0 = [ &_85 <- candidates ] s1 - | s1 = min'0 {_85} (fun (_ret':t_Option'2) -> [ &_83 <- _ret' ] s2) + [ s0 = [ &_87 <- candidates ] s1 + | s1 = min'0 {_87} (fun (_ret':t_Option'2) -> [ &_85 <- _ret' ] s2) | s2 = bb41 ] - | bb41 = any [ br0 -> {_83 = C_None'2 } (! bb44) | br1 (x0:(usize, t_Point'0))-> {_83 = C_Some'2 x0} (! bb43) ] + | bb41 = any [ br0 -> {_85 = C_None'2 } (! bb44) | br1 (x0:(usize, t_Point'0))-> {_85 = C_Some'2 x0} (! bb43) ] | bb43 = bb45 | bb45 = s0 - [ s0 = v_Some'2 {_83} (fun (r0'0:(usize, t_Point'0)) -> [ &adj1 <- let (_, r'0) = r0'0 in r'0 ] s1) + [ s0 = v_Some'2 {_85} (fun (r0'0:(usize, t_Point'0)) -> [ &adj1 <- let (_, r'0) = r0'0 in r'0 ] s1) | s1 = [ &p <- adj1 ] s2 | s2 = Borrow.borrow_mut {board} - (fun (_ret':borrowed (t_Board'0)) -> [ &_91 <- _ret' ] [ &board <- _ret'.final ] s3) - | s3 = set'0 {_91} {p} {step} (fun (_ret':()) -> [ &_90 <- _ret' ] s4) + (fun (_ret':borrowed (t_Board'0)) -> [ &_93 <- _ret' ] [ &board <- _ret'.final ] s3) + | s3 = set'0 {_93} {p} {step} (fun (_ret':()) -> [ &_92 <- _ret' ] s4) | s4 = bb46 ] | bb46 = bb47 - | bb47 = bb9 ] + | bb47 = bb7 ] ] | bb44 = s0 [ s0 = [ &_0 <- C_None'3 ] s1 | s1 = bb50 ] @@ -2425,35 +2425,35 @@ module M_06_knights_tour__knights_tour [#"06_knights_tour.rs" 135 0 135 69] | & _22 : usize = any_l () | & iter_old : Snapshot.snap_ty (t_Range'0) = any_l () | & produced : Snapshot.snap_ty (Seq.seq usize) = any_l () - | & _36 : t_Option'0 = any_l () - | & _37 : borrowed (t_Range'0) = any_l () + | & _37 : t_Option'0 = any_l () | & _38 : borrowed (t_Range'0) = any_l () + | & _39 : borrowed (t_Range'0) = any_l () | & __creusot_proc_iter_elem : usize = any_l () - | & _41 : Snapshot.snap_ty (Seq.seq usize) = any_l () + | & _42 : Snapshot.snap_ty (Seq.seq usize) = any_l () | & step : usize = any_l () | & candidates : t_Vec'0 = any_l () | & iter1 : t_IntoIter'0 = any_l () - | & _47 : t_Vec'1 = any_l () + | & _48 : t_Vec'1 = any_l () | & iter_old1 : Snapshot.snap_ty (t_IntoIter'0) = any_l () | & produced1 : Snapshot.snap_ty (Seq.seq (isize, isize)) = any_l () - | & _56 : t_Option'1 = any_l () - | & _57 : borrowed (t_IntoIter'0) = any_l () - | & _58 : borrowed (t_IntoIter'0) = any_l () + | & _58 : t_Option'1 = any_l () + | & _59 : borrowed (t_IntoIter'0) = any_l () + | & _60 : borrowed (t_IntoIter'0) = any_l () | & __creusot_proc_iter_elem1 : (isize, isize) = any_l () - | & _61 : Snapshot.snap_ty (Seq.seq (isize, isize)) = any_l () + | & _63 : Snapshot.snap_ty (Seq.seq (isize, isize)) = any_l () | & m : (isize, isize) = any_l () | & adj : t_Point'0 = any_l () - | & _69 : (isize, isize) = any_l () - | & _70 : bool = any_l () + | & _71 : (isize, isize) = any_l () + | & _72 : bool = any_l () | & degree : usize = any_l () - | & _76 : () = any_l () - | & _77 : borrowed (t_Vec'0) = any_l () - | & _78 : (usize, t_Point'0) = any_l () - | & _83 : t_Option'2 = any_l () - | & _85 : t_Vec'0 = any_l () + | & _78 : () = any_l () + | & _79 : borrowed (t_Vec'0) = any_l () + | & _80 : (usize, t_Point'0) = any_l () + | & _85 : t_Option'2 = any_l () + | & _87 : t_Vec'0 = any_l () | & adj1 : t_Point'0 = any_l () - | & _90 : () = any_l () - | & _91 : borrowed (t_Board'0) = any_l () ] + | & _92 : () = any_l () + | & _93 : borrowed (t_Board'0) = any_l () ] [ return' (result:t_Option'3)-> (! return' {result}) ] end module M_06_knights_tour__qyi50474406909270761__clone__refines [#"06_knights_tour.rs" 4 15 4 20] (* *) diff --git a/creusot/tests/should_succeed/vector/08_haystack.coma b/creusot/tests/should_succeed/vector/08_haystack.coma index 3415ad449..7dd5e9c25 100644 --- a/creusot/tests/should_succeed/vector/08_haystack.coma +++ b/creusot/tests/should_succeed/vector/08_haystack.coma @@ -367,37 +367,37 @@ module M_08_haystack__search [#"08_haystack.rs" 21 0 21 60] (! s0) [ s0 = bb8 ] [ bb8 = s0 [ s0 = Borrow.borrow_mut {iter} - (fun (_ret':borrowed (t_RangeInclusive'0)) -> [ &_27 <- _ret' ] [ &iter <- _ret'.final ] s1) - | s1 = Borrow.borrow_final {_27.current} {Borrow.get_id _27} + (fun (_ret':borrowed (t_RangeInclusive'0)) -> [ &_28 <- _ret' ] [ &iter <- _ret'.final ] s1) + | s1 = Borrow.borrow_final {_28.current} {Borrow.get_id _28} (fun (_ret':borrowed (t_RangeInclusive'0)) -> - [ &_26 <- _ret' ] - [ &_27 <- { _27 with current = _ret'.final } ] + [ &_27 <- _ret' ] + [ &_28 <- { _28 with current = _ret'.final } ] s2) - | s2 = next'0 {_26} (fun (_ret':t_Option'0) -> [ &_25 <- _ret' ] s3) + | s2 = next'0 {_27} (fun (_ret':t_Option'0) -> [ &_26 <- _ret' ] s3) | s3 = bb9 ] | bb9 = s0 - [ s0 = -{resolve'0 _27}- s1 - | s1 = any [ br0 -> {_25 = C_None'0 } (! bb12) | br1 (x0:usize)-> {_25 = C_Some'0 x0} (! bb11) ] ] + [ s0 = -{resolve'0 _28}- s1 + | s1 = any [ br0 -> {_26 = C_None'0 } (! bb12) | br1 (x0:usize)-> {_26 = C_Some'0 x0} (! bb11) ] ] | bb11 = bb13 | bb13 = s0 - [ s0 = v_Some'0 {_25} (fun (r0'0:usize) -> [ &__creusot_proc_iter_elem <- r0'0 ] s1) + [ s0 = v_Some'0 {_26} (fun (r0'0:usize) -> [ &__creusot_proc_iter_elem <- r0'0 ] s1) | s1 = - [ &_30 <- [%#s08_haystack5] Snapshot.new (Seq.(++) (Snapshot.inner produced) (Seq.singleton __creusot_proc_iter_elem)) ] + [ &_31 <- [%#s08_haystack5] Snapshot.new (Seq.(++) (Snapshot.inner produced) (Seq.singleton __creusot_proc_iter_elem)) ] s2 | s2 = bb14 ] | bb14 = s0 - [ s0 = [ &produced <- _30 ] s1 + [ s0 = [ &produced <- _31 ] s1 | s1 = [ &i <- __creusot_proc_iter_elem ] s2 - | s2 = len'0 {needle} (fun (_ret':usize) -> [ &_37 <- _ret' ] s3) + | s2 = len'0 {needle} (fun (_ret':usize) -> [ &_38 <- _ret' ] s3) | s3 = bb15 ] | bb15 = s0 - [ s0 = [ &_36 <- { t_Range__start'0 = ([%#s08_haystack6] (0 : usize)); t_Range__end'0 = _37 } ] s1 - | s1 = into_iter'1 {_36} (fun (_ret':t_Range'0) -> [ &iter1 <- _ret' ] s2) + [ s0 = [ &_37 <- { t_Range__start'0 = ([%#s08_haystack6] (0 : usize)); t_Range__end'0 = _38 } ] s1 + | s1 = into_iter'1 {_37} (fun (_ret':t_Range'0) -> [ &iter1 <- _ret' ] s2) | s2 = bb16 ] | bb16 = s0 [ s0 = [ &iter_old1 <- [%#s08_haystack7] Snapshot.new iter1 ] s1 | s1 = bb17 ] @@ -413,42 +413,42 @@ module M_08_haystack__search [#"08_haystack.rs" 21 0 21 60] (! s0) [ s0 = bb20 ] [ bb20 = s0 [ s0 = Borrow.borrow_mut {iter1} - (fun (_ret':borrowed (t_Range'0)) -> [ &_49 <- _ret' ] [ &iter1 <- _ret'.final ] s1) - | s1 = Borrow.borrow_final {_49.current} {Borrow.get_id _49} + (fun (_ret':borrowed (t_Range'0)) -> [ &_51 <- _ret' ] [ &iter1 <- _ret'.final ] s1) + | s1 = Borrow.borrow_final {_51.current} {Borrow.get_id _51} (fun (_ret':borrowed (t_Range'0)) -> - [ &_48 <- _ret' ] - [ &_49 <- { _49 with current = _ret'.final } ] + [ &_50 <- _ret' ] + [ &_51 <- { _51 with current = _ret'.final } ] s2) - | s2 = next'1 {_48} (fun (_ret':t_Option'0) -> [ &_47 <- _ret' ] s3) + | s2 = next'1 {_50} (fun (_ret':t_Option'0) -> [ &_49 <- _ret' ] s3) | s3 = bb21 ] | bb21 = s0 - [ s0 = -{resolve'1 _49}- s1 - | s1 = any [ br0 -> {_47 = C_None'0 } (! bb24) | br1 (x0:usize)-> {_47 = C_Some'0 x0} (! bb23) ] ] + [ s0 = -{resolve'1 _51}- s1 + | s1 = any [ br0 -> {_49 = C_None'0 } (! bb24) | br1 (x0:usize)-> {_49 = C_Some'0 x0} (! bb23) ] ] | bb23 = bb25 | bb25 = s0 - [ s0 = v_Some'0 {_47} (fun (r0'0:usize) -> [ &__creusot_proc_iter_elem1 <- r0'0 ] s1) + [ s0 = v_Some'0 {_49} (fun (r0'0:usize) -> [ &__creusot_proc_iter_elem1 <- r0'0 ] s1) | s1 = - [ &_52 <- [%#s08_haystack11] Snapshot.new (Seq.(++) (Snapshot.inner produced1) (Seq.singleton __creusot_proc_iter_elem1)) ] + [ &_54 <- [%#s08_haystack11] Snapshot.new (Seq.(++) (Snapshot.inner produced1) (Seq.singleton __creusot_proc_iter_elem1)) ] s2 | s2 = bb26 ] | bb26 = s0 - [ s0 = [ &produced1 <- _52 ] s1 + [ s0 = [ &produced1 <- _54 ] s1 | s1 = [ &j <- __creusot_proc_iter_elem1 ] s2 - | s2 = index'0 {needle} {j} (fun (_ret':uint8) -> [ &_57 <- _ret' ] s3) + | s2 = index'0 {needle} {j} (fun (_ret':uint8) -> [ &_59 <- _ret' ] s3) | s3 = bb27 ] | bb27 = s0 - [ s0 = UIntSize.add {i} {j} (fun (_ret':usize) -> [ &_63 <- _ret' ] s1) - | s1 = index'0 {haystack} {_63} (fun (_ret':uint8) -> [ &_61 <- _ret' ] s2) + [ s0 = UIntSize.add {i} {j} (fun (_ret':usize) -> [ &_65 <- _ret' ] s1) + | s1 = index'0 {haystack} {_65} (fun (_ret':uint8) -> [ &_63 <- _ret' ] s2) | s2 = bb28 ] | bb28 = s0 - [ s0 = UInt8.ne {_57} {_61} (fun (_ret':bool) -> [ &_55 <- _ret' ] s1) - | s1 = any [ br0 -> {_55 = false} (! bb30) | br1 -> {_55} (! bb29) ] ] + [ s0 = UInt8.ne {_59} {_63} (fun (_ret':bool) -> [ &_57 <- _ret' ] s1) + | s1 = any [ br0 -> {_57 = false} (! bb30) | br1 -> {_57} (! bb29) ] ] | bb30 = bb19 ] ] @@ -471,27 +471,27 @@ module M_08_haystack__search [#"08_haystack.rs" 21 0 21 60] | & _14 : usize = any_l () | & iter_old : Snapshot.snap_ty (t_RangeInclusive'0) = any_l () | & produced : Snapshot.snap_ty (Seq.seq usize) = any_l () - | & _25 : t_Option'0 = any_l () - | & _26 : borrowed (t_RangeInclusive'0) = any_l () + | & _26 : t_Option'0 = any_l () | & _27 : borrowed (t_RangeInclusive'0) = any_l () + | & _28 : borrowed (t_RangeInclusive'0) = any_l () | & __creusot_proc_iter_elem : usize = any_l () - | & _30 : Snapshot.snap_ty (Seq.seq usize) = any_l () + | & _31 : Snapshot.snap_ty (Seq.seq usize) = any_l () | & i : usize = any_l () | & iter1 : t_Range'0 = any_l () - | & _36 : t_Range'0 = any_l () - | & _37 : usize = any_l () + | & _37 : t_Range'0 = any_l () + | & _38 : usize = any_l () | & iter_old1 : Snapshot.snap_ty (t_Range'0) = any_l () | & produced1 : Snapshot.snap_ty (Seq.seq usize) = any_l () - | & _47 : t_Option'0 = any_l () - | & _48 : borrowed (t_Range'0) = any_l () - | & _49 : borrowed (t_Range'0) = any_l () + | & _49 : t_Option'0 = any_l () + | & _50 : borrowed (t_Range'0) = any_l () + | & _51 : borrowed (t_Range'0) = any_l () | & __creusot_proc_iter_elem1 : usize = any_l () - | & _52 : Snapshot.snap_ty (Seq.seq usize) = any_l () + | & _54 : Snapshot.snap_ty (Seq.seq usize) = any_l () | & j : usize = any_l () - | & _55 : bool = any_l () - | & _57 : uint8 = any_l () - | & _61 : uint8 = any_l () - | & _63 : usize = any_l () ] + | & _57 : bool = any_l () + | & _59 : uint8 = any_l () + | & _63 : uint8 = any_l () + | & _65 : usize = any_l () ] [ return' (result:usize)-> {[@expl:search ensures #0] [%#s08_haystack13] UIntSize.to_int result = Seq.length (view'0 haystack)