From 38c676c7dd05489be099ed7d047aa56015fcb5b9 Mon Sep 17 00:00:00 2001 From: Jacques-Henri Jourdan Date: Thu, 5 Dec 2024 14:46:02 +0100 Subject: [PATCH 1/2] ITerator tests: remove inv(...) everywhere. This makes the specs simpler, the proofs simpler, and I don't think that in practice this is less expressive, because all that can be proven in produces. --- .../should_succeed/iterators/01_range.coma | 15 +- .../iterators/01_range/why3session.xml | 2 +- .../iterators/01_range/why3shapes.gz | Bin 751 -> 730 bytes .../should_succeed/iterators/02_iter_mut.coma | 494 +--- .../should_succeed/iterators/02_iter_mut.rs | 4 - .../iterators/02_iter_mut/why3session.xml | 34 +- .../iterators/02_iter_mut/why3shapes.gz | Bin 2898 -> 2792 bytes .../should_succeed/iterators/04_skip.coma | 602 ++-- .../tests/should_succeed/iterators/04_skip.rs | 13 +- .../iterators/04_skip/why3session.xml | 90 +- .../iterators/04_skip/why3shapes.gz | Bin 2351 -> 2053 bytes .../should_succeed/iterators/05_map.coma | 1708 +++-------- .../tests/should_succeed/iterators/05_map.rs | 28 +- .../iterators/05_map/why3session.xml | 95 +- .../iterators/05_map/why3shapes.gz | Bin 4307 -> 2407 bytes .../iterators/06_map_precond.coma | 2553 +++++------------ .../iterators/06_map_precond.rs | 41 +- .../iterators/06_map_precond/why3session.xml | 253 +- .../iterators/06_map_precond/why3shapes.gz | Bin 7864 -> 5369 bytes .../should_succeed/iterators/07_fuse.coma | 643 ++--- .../tests/should_succeed/iterators/07_fuse.rs | 16 +- .../iterators/07_fuse/why3session.xml | 12 +- .../iterators/07_fuse/why3shapes.gz | Bin 1303 -> 965 bytes .../iterators/08_collect_extend.coma | 113 +- .../iterators/08_collect_extend.rs | 8 +- .../08_collect_extend/why3session.xml | 6 +- .../iterators/08_collect_extend/why3shapes.gz | Bin 1176 -> 1108 bytes .../should_succeed/iterators/09_empty.coma | 62 +- .../should_succeed/iterators/09_empty.rs | 5 +- .../iterators/09_empty/why3session.xml | 2 +- .../iterators/09_empty/why3shapes.gz | Bin 461 -> 438 bytes .../should_succeed/iterators/10_once.coma | 181 +- .../tests/should_succeed/iterators/10_once.rs | 8 +- .../iterators/10_once/why3session.xml | 12 +- .../iterators/10_once/why3shapes.gz | Bin 965 -> 810 bytes .../should_succeed/iterators/11_repeat.coma | 117 +- .../should_succeed/iterators/11_repeat.rs | 6 +- .../iterators/11_repeat/why3session.xml | 4 +- .../iterators/11_repeat/why3shapes.gz | Bin 584 -> 544 bytes .../should_succeed/iterators/12_zip.coma | 689 ++--- .../tests/should_succeed/iterators/12_zip.rs | 12 +- .../iterators/12_zip/why3session.xml | 41 +- .../iterators/12_zip/why3shapes.gz | Bin 2567 -> 2065 bytes .../should_succeed/iterators/13_cloned.coma | 525 +--- .../should_succeed/iterators/13_cloned.rs | 10 +- .../iterators/13_cloned/why3session.xml | 6 +- .../iterators/13_cloned/why3shapes.gz | Bin 947 -> 720 bytes .../should_succeed/iterators/14_copied.coma | 525 +--- .../should_succeed/iterators/14_copied.rs | 10 +- .../iterators/14_copied/why3session.xml | 6 +- .../iterators/14_copied/why3shapes.gz | Bin 947 -> 722 bytes .../iterators/15_enumerate.coma | 727 ++--- .../should_succeed/iterators/15_enumerate.rs | 23 +- .../iterators/15_enumerate/why3session.xml | 26 +- .../iterators/15_enumerate/why3shapes.gz | Bin 1601 -> 1383 bytes .../should_succeed/iterators/16_take.coma | 299 +- .../tests/should_succeed/iterators/16_take.rs | 6 +- .../iterators/16_take/why3session.xml | 8 +- .../iterators/16_take/why3shapes.gz | Bin 882 -> 764 bytes .../should_succeed/iterators/17_filter.coma | 740 ++--- .../should_succeed/iterators/17_filter.rs | 6 +- .../iterators/17_filter/why3session.xml | 221 +- .../iterators/17_filter/why3shapes.gz | Bin 6554 -> 5907 bytes .../tests/should_succeed/iterators/common.rs | 6 +- 64 files changed, 3269 insertions(+), 7744 deletions(-) diff --git a/creusot/tests/should_succeed/iterators/01_range.coma b/creusot/tests/should_succeed/iterators/01_range.coma index b90f6214c..eaa2d6d1a 100644 --- a/creusot/tests/should_succeed/iterators/01_range.coma +++ b/creusot/tests/should_succeed/iterators/01_range.coma @@ -376,14 +376,10 @@ module M_01_range__qyi16572111325853806140__produces_trans__refines [#"01_range. /\ (forall i : int . 0 <= i /\ i < Seq.length visited -> IntSize.to_int (Seq.get visited i) = IntSize.to_int self.t_Range__start'0 + i) - predicate inv'0 (_1 : t_Range'0) - - axiom inv_axiom'0 [@rewrite] : forall x : t_Range'0 [inv'0 x] . inv'0 x = true - use seq.Seq goal refines : [%#s01_range0] forall a : t_Range'0 . forall ab : Seq.seq isize . forall b : t_Range'0 . forall bc : Seq.seq isize . forall c : t_Range'0 . produces'0 b bc c - /\ produces'0 a ab b /\ inv'0 c /\ inv'0 b /\ inv'0 a + /\ produces'0 a ab b -> produces'0 b bc c /\ produces'0 a ab b /\ (forall result : () . produces'0 a (Seq.(++) ab bc) c -> produces'0 a (Seq.(++) ab bc) c) end @@ -458,10 +454,6 @@ module M_01_range__qyi16572111325853806140__produces_refl__refines [#"01_range.r type t_Range'0 = { t_Range__start'0: isize; t_Range__end'0: isize } - predicate inv'0 (_1 : t_Range'0) - - axiom inv_axiom'0 [@rewrite] : forall x : t_Range'0 [inv'0 x] . inv'0 x = true - use seq.Seq use seq.Seq @@ -482,7 +474,6 @@ module M_01_range__qyi16572111325853806140__produces_refl__refines [#"01_range.r /\ (forall i : int . 0 <= i /\ i < Seq.length visited -> IntSize.to_int (Seq.get visited i) = IntSize.to_int self.t_Range__start'0 + i) - goal refines : [%#s01_range0] forall self : t_Range'0 . inv'0 self - -> (forall result : () . produces'0 self (Seq.empty : Seq.seq isize) self - -> produces'0 self (Seq.empty : Seq.seq isize) self) + goal refines : [%#s01_range0] forall self : t_Range'0 . forall result : () . produces'0 self (Seq.empty : Seq.seq isize) self + -> produces'0 self (Seq.empty : Seq.seq isize) self end diff --git a/creusot/tests/should_succeed/iterators/01_range/why3session.xml b/creusot/tests/should_succeed/iterators/01_range/why3session.xml index 388cf5e18..522da7ea9 100644 --- a/creusot/tests/should_succeed/iterators/01_range/why3session.xml +++ b/creusot/tests/should_succeed/iterators/01_range/why3session.xml @@ -22,7 +22,7 @@ - + diff --git a/creusot/tests/should_succeed/iterators/01_range/why3shapes.gz b/creusot/tests/should_succeed/iterators/01_range/why3shapes.gz index 71731c2abcdbd612d4704949b9d9eb81c3767fcc..4f6048430682b64df7beb1d0a7a943a9f452ecfc 100644 GIT binary patch literal 730 zcmV<00ww()iwFP!00000|D9AzkJB&^zUNouR-hM;U$GI3R3SylWe}j7)YNPlI>w4|L2`B4ixZKQe2aeAW{@iw1r#zlnT!`y6qDLPv z)bocUI)hGH+3*c_&EwHYc@ZucI4Cbdb{53u1BUi+zo&uXF%bN)y=@y>u_01R%1tfyMLt9<;DSi?jC5f zdIdR7E|EW+4bF+q=i&y6##czQW)+k6eD zbL^}GaIm5-b#Rkemat`-r|dJszp2 zuwj3ZBJcRLL*f;yb_}1+?{L>w#3=hSyBYW38)uDS+;UqL^|+oru9N$Fyt}ReC<~%ke(&(Vi>{E(QMSV+ zdZhZH|B8pYrWR}ZF}P;@u&`JN3wpIP*YxGQJ+s*>m@HgO4p6ObGtbbPKhJn^UadsX zg9zhv#R8SZ4)3h7+2v$%+uDZ9J+`?8uyE6uHeWu+Sb&8YK@>%`5Z>I<-K=D{z^b>1 zYk}E(wtQYJ#_ZXRZl1jy^0-%TpXl@t@N2?(m@n{!vux&Bkt9ACfPgw@MoJ?XxyUk> z2lRQSI5R0Pp=1d+BIp={lYv3bBk3puMJ-s6-bI!s;5E;rR3wFyexPI^v>};EEe%l0 zOOeDNIrq*5&VoR$IHM>GM+F%MpAFq)$r9ms(3Cj^D&&rw6KGfnA&<%_PD7eX&}b*f zM5$ed3Yd|ov-U000Y9e8m6& diff --git a/creusot/tests/should_succeed/iterators/02_iter_mut.coma b/creusot/tests/should_succeed/iterators/02_iter_mut.coma index 7439a5497..dbbd5d850 100644 --- a/creusot/tests/should_succeed/iterators/02_iter_mut.coma +++ b/creusot/tests/should_succeed/iterators/02_iter_mut.coma @@ -1,31 +1,31 @@ -module M_02_iter_mut__qyi4305820612590367313__produces_refl [#"02_iter_mut.rs" 51 4 51 26] (* as common::Iterator> *) - let%span s02_iter_mut0 = "02_iter_mut.rs" 49 15 49 24 - let%span s02_iter_mut1 = "02_iter_mut.rs" 50 14 50 45 - let%span s02_iter_mut2 = "02_iter_mut.rs" 47 4 47 10 - let%span s02_iter_mut3 = "02_iter_mut.rs" 39 12 43 13 - let%span smodel4 = "../../../../creusot-contracts/src/model.rs" 106 8 106 22 - let%span sslice5 = "../../../../creusot-contracts/src/std/slice.rs" 87 14 87 41 - let%span sslice6 = "../../../../creusot-contracts/src/std/slice.rs" 88 14 88 84 - let%span s02_iter_mut7 = "02_iter_mut.rs" 22 20 22 64 - let%span sslice8 = "../../../../creusot-contracts/src/std/slice.rs" 28 14 28 41 - let%span sslice9 = "../../../../creusot-contracts/src/std/slice.rs" 29 14 29 42 - let%span sindex10 = "../../../../creusot-contracts/src/logic/ops/index.rs" 45 8 45 31 - let%span sinvariant11 = "../../../../creusot-contracts/src/invariant.rs" 34 20 34 44 - let%span sslice12 = "../../../../creusot-contracts/src/std/slice.rs" 18 20 18 30 - let%span sseq13 = "../../../../creusot-contracts/src/logic/seq.rs" 611 20 611 95 - let%span sboxed14 = "../../../../creusot-contracts/src/std/boxed.rs" 28 8 28 18 +module M_02_iter_mut__qyi4305820612590367313__produces_refl [#"02_iter_mut.rs" 50 4 50 26] (* as common::Iterator> *) + let%span s02_iter_mut0 = "02_iter_mut.rs" 49 14 49 45 + let%span s02_iter_mut1 = "02_iter_mut.rs" 47 4 47 10 + let%span s02_iter_mut2 = "02_iter_mut.rs" 39 12 43 13 + let%span smodel3 = "../../../../creusot-contracts/src/model.rs" 106 8 106 22 + let%span sslice4 = "../../../../creusot-contracts/src/std/slice.rs" 87 14 87 41 + let%span sslice5 = "../../../../creusot-contracts/src/std/slice.rs" 88 14 88 84 + let%span sslice6 = "../../../../creusot-contracts/src/std/slice.rs" 28 14 28 41 + let%span sslice7 = "../../../../creusot-contracts/src/std/slice.rs" 29 14 29 42 + let%span sindex8 = "../../../../creusot-contracts/src/logic/ops/index.rs" 45 8 45 31 - use prelude.prelude.Borrow + use seq.Seq - use prelude.prelude.Slice + use prelude.prelude.Borrow type t_T'0 + use seq.Seq + + use prelude.prelude.Slice + type t_IterMut'0 = { t_IterMut__inner'0: borrowed (slice t_T'0) } use seq.Seq + use seq.Seq + use prelude.prelude.UIntSize constant v_MAX'0 : usize = (18446744073709551615 : usize) @@ -36,64 +36,14 @@ module M_02_iter_mut__qyi4305820612590367313__produces_refl [#"02_iter_mut.rs" 5 use prelude.prelude.Slice - use seq.Seq - function view'1 (self : slice t_T'0) : Seq.seq t_T'0 - axiom view'1_spec : forall self : slice t_T'0 . ([%#sslice8] Seq.length (view'1 self) + axiom view'1_spec : forall self : slice t_T'0 . ([%#sslice6] Seq.length (view'1 self) <= UIntSize.to_int (v_MAX'0 : usize)) - && ([%#sslice9] view'1 self = Slice.id self) - - predicate invariant'0 [#"02_iter_mut.rs" 20 4 20 30] (self : t_IterMut'0) = - [%#s02_iter_mut7] Seq.length (view'1 (self.t_IterMut__inner'0).final) - = Seq.length (view'1 (self.t_IterMut__inner'0).current) - - use seq.Seq - - predicate inv'5 (_1 : t_T'0) - - predicate invariant'4 (self : t_T'0) = - [%#sboxed14] inv'5 self - - predicate inv'4 (_1 : t_T'0) - - axiom inv_axiom'4 [@rewrite] : forall x : t_T'0 [inv'4 x] . inv'4 x = invariant'4 x - - predicate invariant'3 (self : Seq.seq t_T'0) = - [%#sseq13] forall i : int . 0 <= i /\ i < Seq.length self -> inv'4 (Seq.get self i) - - predicate inv'3 (_1 : Seq.seq t_T'0) - - axiom inv_axiom'3 [@rewrite] : forall x : Seq.seq t_T'0 [inv'3 x] . inv'3 x = invariant'3 x - - predicate invariant'2 (self : slice t_T'0) = - [%#sslice12] inv'3 (view'1 self) - - predicate inv'2 (_1 : slice t_T'0) - - axiom inv_axiom'2 [@rewrite] : forall x : slice t_T'0 [inv'2 x] . inv'2 x = invariant'2 x - - predicate invariant'1 (self : borrowed (slice t_T'0)) = - [%#sinvariant11] inv'2 self.current /\ inv'2 self.final - - predicate inv'1 (_1 : borrowed (slice t_T'0)) - - axiom inv_axiom'1 [@rewrite] : forall x : borrowed (slice t_T'0) [inv'1 x] . inv'1 x = invariant'1 x - - predicate inv'0 (_1 : t_IterMut'0) - - axiom inv_axiom'0 [@rewrite] : forall x : t_IterMut'0 [inv'0 x] . inv'0 x - = (invariant'0 x - /\ match x with - | {t_IterMut__inner'0 = inner} -> inv'1 inner - end) - - use seq.Seq - - use seq.Seq + && ([%#sslice7] view'1 self = Slice.id self) function view'0 (self : borrowed (slice t_T'0)) : Seq.seq t_T'0 = - [%#smodel4] view'1 self.current + [%#smodel3] view'1 self.current use seq.Seq @@ -102,13 +52,13 @@ module M_02_iter_mut__qyi4305820612590367313__produces_refl [#"02_iter_mut.rs" 5 use seq.Seq function index_logic'0 [@inline:trivial] (self : slice t_T'0) (ix : int) : t_T'0 = - [%#sindex10] Seq.get (view'1 self) ix + [%#sindex8] Seq.get (view'1 self) ix function to_mut_seq'0 (self : borrowed (slice t_T'0)) : Seq.seq (borrowed t_T'0) - axiom to_mut_seq'0_spec : forall self : borrowed (slice t_T'0) . ([%#sslice5] Seq.length (to_mut_seq'0 self) + axiom to_mut_seq'0_spec : forall self : borrowed (slice t_T'0) . ([%#sslice4] Seq.length (to_mut_seq'0 self) = Seq.length (view'0 self)) - && ([%#sslice6] forall i : int . 0 <= i /\ i < Seq.length (to_mut_seq'0 self) + && ([%#sslice5] forall i : int . 0 <= i /\ i < Seq.length (to_mut_seq'0 self) -> Seq.get (to_mut_seq'0 self) i = Borrow.borrow_logic (index_logic'0 self.current i) (index_logic'0 self.final i) (Borrow.inherit_id (Borrow.get_id self) i)) @@ -117,7 +67,7 @@ module M_02_iter_mut__qyi4305820612590367313__produces_refl [#"02_iter_mut.rs" 5 predicate produces'0 [#"02_iter_mut.rs" 37 4 37 65] (self : t_IterMut'0) (visited : Seq.seq (borrowed t_T'0)) (tl : t_IterMut'0) = - [%#s02_iter_mut3] Seq.length (view'0 self.t_IterMut__inner'0) + [%#s02_iter_mut2] Seq.length (view'0 self.t_IterMut__inner'0) = Seq.length visited + Seq.length (view'0 tl.t_IterMut__inner'0) /\ (forall i : int . 0 <= i /\ i < Seq.length (view'0 self.t_IterMut__inner'0) -> (Seq.get (to_mut_seq'0 self.t_IterMut__inner'0) i).current @@ -127,31 +77,22 @@ module M_02_iter_mut__qyi4305820612590367313__produces_refl [#"02_iter_mut.rs" 5 constant self : t_IterMut'0 - function produces_refl'0 [#"02_iter_mut.rs" 51 4 51 26] (self : t_IterMut'0) : () + function produces_refl'0 [#"02_iter_mut.rs" 50 4 50 26] (self : t_IterMut'0) : () - goal vc_produces_refl'0 : ([%#s02_iter_mut0] inv'0 self) - -> ([%#s02_iter_mut1] produces'0 self (Seq.empty : Seq.seq (borrowed t_T'0)) self) + goal vc_produces_refl'0 : [%#s02_iter_mut0] produces'0 self (Seq.empty : Seq.seq (borrowed t_T'0)) self end -module M_02_iter_mut__qyi4305820612590367313__produces_trans [#"02_iter_mut.rs" 61 4 61 90] (* as common::Iterator> *) - let%span s02_iter_mut0 = "02_iter_mut.rs" 55 15 55 21 - let%span s02_iter_mut1 = "02_iter_mut.rs" 56 15 56 21 - let%span s02_iter_mut2 = "02_iter_mut.rs" 57 15 57 21 - let%span s02_iter_mut3 = "02_iter_mut.rs" 58 15 58 32 - let%span s02_iter_mut4 = "02_iter_mut.rs" 59 15 59 32 - let%span s02_iter_mut5 = "02_iter_mut.rs" 60 14 60 42 - let%span s02_iter_mut6 = "02_iter_mut.rs" 53 4 53 10 - let%span s02_iter_mut7 = "02_iter_mut.rs" 39 12 43 13 - let%span smodel8 = "../../../../creusot-contracts/src/model.rs" 106 8 106 22 - let%span sslice9 = "../../../../creusot-contracts/src/std/slice.rs" 87 14 87 41 - let%span sslice10 = "../../../../creusot-contracts/src/std/slice.rs" 88 14 88 84 - let%span s02_iter_mut11 = "02_iter_mut.rs" 22 20 22 64 - let%span sslice12 = "../../../../creusot-contracts/src/std/slice.rs" 28 14 28 41 - let%span sslice13 = "../../../../creusot-contracts/src/std/slice.rs" 29 14 29 42 - let%span sindex14 = "../../../../creusot-contracts/src/logic/ops/index.rs" 45 8 45 31 - let%span sinvariant15 = "../../../../creusot-contracts/src/invariant.rs" 34 20 34 44 - let%span sslice16 = "../../../../creusot-contracts/src/std/slice.rs" 18 20 18 30 - let%span sseq17 = "../../../../creusot-contracts/src/logic/seq.rs" 611 20 611 95 - let%span sboxed18 = "../../../../creusot-contracts/src/std/boxed.rs" 28 8 28 18 +module M_02_iter_mut__qyi4305820612590367313__produces_trans [#"02_iter_mut.rs" 57 4 57 90] (* as common::Iterator> *) + let%span s02_iter_mut0 = "02_iter_mut.rs" 54 15 54 32 + let%span s02_iter_mut1 = "02_iter_mut.rs" 55 15 55 32 + let%span s02_iter_mut2 = "02_iter_mut.rs" 56 14 56 42 + let%span s02_iter_mut3 = "02_iter_mut.rs" 52 4 52 10 + let%span s02_iter_mut4 = "02_iter_mut.rs" 39 12 43 13 + let%span smodel5 = "../../../../creusot-contracts/src/model.rs" 106 8 106 22 + let%span sslice6 = "../../../../creusot-contracts/src/std/slice.rs" 87 14 87 41 + let%span sslice7 = "../../../../creusot-contracts/src/std/slice.rs" 88 14 88 84 + let%span sslice8 = "../../../../creusot-contracts/src/std/slice.rs" 28 14 28 41 + let%span sslice9 = "../../../../creusot-contracts/src/std/slice.rs" 29 14 29 42 + let%span sindex10 = "../../../../creusot-contracts/src/logic/ops/index.rs" 45 8 45 31 use prelude.prelude.Borrow @@ -164,6 +105,10 @@ module M_02_iter_mut__qyi4305820612590367313__produces_trans [#"02_iter_mut.rs" use seq.Seq + use seq.Seq + + use seq.Seq + use prelude.prelude.UIntSize constant v_MAX'0 : usize = (18446744073709551615 : usize) @@ -174,62 +119,14 @@ module M_02_iter_mut__qyi4305820612590367313__produces_trans [#"02_iter_mut.rs" use prelude.prelude.Slice - use seq.Seq - function view'1 (self : slice t_T'0) : Seq.seq t_T'0 - axiom view'1_spec : forall self : slice t_T'0 . ([%#sslice12] Seq.length (view'1 self) + axiom view'1_spec : forall self : slice t_T'0 . ([%#sslice8] Seq.length (view'1 self) <= UIntSize.to_int (v_MAX'0 : usize)) - && ([%#sslice13] view'1 self = Slice.id self) - - predicate invariant'0 [#"02_iter_mut.rs" 20 4 20 30] (self : t_IterMut'0) = - [%#s02_iter_mut11] Seq.length (view'1 (self.t_IterMut__inner'0).final) - = Seq.length (view'1 (self.t_IterMut__inner'0).current) - - use seq.Seq - - predicate inv'5 (_1 : t_T'0) - - predicate invariant'4 (self : t_T'0) = - [%#sboxed18] inv'5 self - - predicate inv'4 (_1 : t_T'0) - - axiom inv_axiom'4 [@rewrite] : forall x : t_T'0 [inv'4 x] . inv'4 x = invariant'4 x - - predicate invariant'3 (self : Seq.seq t_T'0) = - [%#sseq17] forall i : int . 0 <= i /\ i < Seq.length self -> inv'4 (Seq.get self i) - - predicate inv'3 (_1 : Seq.seq t_T'0) - - axiom inv_axiom'3 [@rewrite] : forall x : Seq.seq t_T'0 [inv'3 x] . inv'3 x = invariant'3 x - - predicate invariant'2 (self : slice t_T'0) = - [%#sslice16] inv'3 (view'1 self) - - predicate inv'2 (_1 : slice t_T'0) - - axiom inv_axiom'2 [@rewrite] : forall x : slice t_T'0 [inv'2 x] . inv'2 x = invariant'2 x - - predicate invariant'1 (self : borrowed (slice t_T'0)) = - [%#sinvariant15] inv'2 self.current /\ inv'2 self.final - - predicate inv'1 (_1 : borrowed (slice t_T'0)) - - axiom inv_axiom'1 [@rewrite] : forall x : borrowed (slice t_T'0) [inv'1 x] . inv'1 x = invariant'1 x - - predicate inv'0 (_1 : t_IterMut'0) - - axiom inv_axiom'0 [@rewrite] : forall x : t_IterMut'0 [inv'0 x] . inv'0 x - = (invariant'0 x - /\ match x with - | {t_IterMut__inner'0 = inner} -> inv'1 inner - end) - - use seq.Seq + && ([%#sslice9] view'1 self = Slice.id self) function view'0 (self : borrowed (slice t_T'0)) : Seq.seq t_T'0 = - [%#smodel8] view'1 self.current + [%#smodel5] view'1 self.current use seq.Seq @@ -238,13 +135,13 @@ module M_02_iter_mut__qyi4305820612590367313__produces_trans [#"02_iter_mut.rs" use seq.Seq function index_logic'0 [@inline:trivial] (self : slice t_T'0) (ix : int) : t_T'0 = - [%#sindex14] Seq.get (view'1 self) ix + [%#sindex10] Seq.get (view'1 self) ix function to_mut_seq'0 (self : borrowed (slice t_T'0)) : Seq.seq (borrowed t_T'0) - axiom to_mut_seq'0_spec : forall self : borrowed (slice t_T'0) . ([%#sslice9] Seq.length (to_mut_seq'0 self) + axiom to_mut_seq'0_spec : forall self : borrowed (slice t_T'0) . ([%#sslice6] Seq.length (to_mut_seq'0 self) = Seq.length (view'0 self)) - && ([%#sslice10] forall i : int . 0 <= i /\ i < Seq.length (to_mut_seq'0 self) + && ([%#sslice7] forall i : int . 0 <= i /\ i < Seq.length (to_mut_seq'0 self) -> Seq.get (to_mut_seq'0 self) i = Borrow.borrow_logic (index_logic'0 self.current i) (index_logic'0 self.final i) (Borrow.inherit_id (Borrow.get_id self) i)) @@ -253,7 +150,7 @@ module M_02_iter_mut__qyi4305820612590367313__produces_trans [#"02_iter_mut.rs" predicate produces'0 [#"02_iter_mut.rs" 37 4 37 65] (self : t_IterMut'0) (visited : Seq.seq (borrowed t_T'0)) (tl : t_IterMut'0) = - [%#s02_iter_mut7] Seq.length (view'0 self.t_IterMut__inner'0) + [%#s02_iter_mut4] Seq.length (view'0 self.t_IterMut__inner'0) = Seq.length visited + Seq.length (view'0 tl.t_IterMut__inner'0) /\ (forall i : int . 0 <= i /\ i < Seq.length (view'0 self.t_IterMut__inner'0) -> (Seq.get (to_mut_seq'0 self.t_IterMut__inner'0) i).current @@ -271,19 +168,16 @@ module M_02_iter_mut__qyi4305820612590367313__produces_trans [#"02_iter_mut.rs" constant c : t_IterMut'0 - function produces_trans'0 [#"02_iter_mut.rs" 61 4 61 90] (a : t_IterMut'0) (ab : Seq.seq (borrowed t_T'0)) (b : t_IterMut'0) (bc : Seq.seq (borrowed t_T'0)) (c : t_IterMut'0) : () + function produces_trans'0 [#"02_iter_mut.rs" 57 4 57 90] (a : t_IterMut'0) (ab : Seq.seq (borrowed t_T'0)) (b : t_IterMut'0) (bc : Seq.seq (borrowed t_T'0)) (c : t_IterMut'0) : () - goal vc_produces_trans'0 : ([%#s02_iter_mut4] produces'0 b bc c) - -> ([%#s02_iter_mut3] produces'0 a ab b) - -> ([%#s02_iter_mut2] inv'0 c) - -> ([%#s02_iter_mut1] inv'0 b) - -> ([%#s02_iter_mut0] inv'0 a) -> ([%#s02_iter_mut5] produces'0 a (Seq.(++) ab bc) c) + goal vc_produces_trans'0 : ([%#s02_iter_mut1] produces'0 b bc c) + -> ([%#s02_iter_mut0] produces'0 a ab b) -> ([%#s02_iter_mut2] produces'0 a (Seq.(++) ab bc) c) end -module M_02_iter_mut__qyi4305820612590367313__next [#"02_iter_mut.rs" 67 4 67 44] (* as common::Iterator> *) - let%span s02_iter_mut0 = "02_iter_mut.rs" 67 17 67 21 - let%span s02_iter_mut1 = "02_iter_mut.rs" 67 26 67 44 - let%span s02_iter_mut2 = "02_iter_mut.rs" 63 14 66 5 +module M_02_iter_mut__qyi4305820612590367313__next [#"02_iter_mut.rs" 63 4 63 44] (* as common::Iterator> *) + let%span s02_iter_mut0 = "02_iter_mut.rs" 63 17 63 21 + let%span s02_iter_mut1 = "02_iter_mut.rs" 63 26 63 44 + let%span s02_iter_mut2 = "02_iter_mut.rs" 59 14 62 5 let%span sslice3 = "../../../../creusot-contracts/src/std/slice.rs" 291 18 298 9 let%span s02_iter_mut4 = "02_iter_mut.rs" 32 8 32 76 let%span s02_iter_mut5 = "02_iter_mut.rs" 39 12 43 13 @@ -518,10 +412,10 @@ module M_02_iter_mut__qyi4305820612590367313__next [#"02_iter_mut.rs" 67 4 67 44 (! return' {result}) ] end -module M_02_iter_mut__qyi7060081090368749043__into_iter [#"02_iter_mut.rs" 74 4 74 30] (* IterMut<'a, T> *) - let%span s02_iter_mut0 = "02_iter_mut.rs" 74 17 74 21 - let%span s02_iter_mut1 = "02_iter_mut.rs" 74 26 74 30 - let%span s02_iter_mut2 = "02_iter_mut.rs" 73 14 73 28 +module M_02_iter_mut__qyi7060081090368749043__into_iter [#"02_iter_mut.rs" 70 4 70 30] (* IterMut<'a, T> *) + let%span s02_iter_mut0 = "02_iter_mut.rs" 70 17 70 21 + let%span s02_iter_mut1 = "02_iter_mut.rs" 70 26 70 30 + let%span s02_iter_mut2 = "02_iter_mut.rs" 69 14 69 28 let%span s02_iter_mut3 = "02_iter_mut.rs" 22 20 22 64 let%span sslice4 = "../../../../creusot-contracts/src/std/slice.rs" 28 14 28 41 let%span sslice5 = "../../../../creusot-contracts/src/std/slice.rs" 29 14 29 42 @@ -616,12 +510,12 @@ module M_02_iter_mut__qyi7060081090368749043__into_iter [#"02_iter_mut.rs" 74 4 (! return' {result}) ] end -module M_02_iter_mut__iter_mut [#"02_iter_mut.rs" 82 0 82 55] - let%span s02_iter_mut0 = "02_iter_mut.rs" 82 19 82 20 - let%span s02_iter_mut1 = "02_iter_mut.rs" 82 41 82 55 - let%span s02_iter_mut2 = "02_iter_mut.rs" 79 10 79 29 - let%span s02_iter_mut3 = "02_iter_mut.rs" 80 10 80 35 - let%span s02_iter_mut4 = "02_iter_mut.rs" 81 10 81 33 +module M_02_iter_mut__iter_mut [#"02_iter_mut.rs" 78 0 78 55] + let%span s02_iter_mut0 = "02_iter_mut.rs" 78 19 78 20 + let%span s02_iter_mut1 = "02_iter_mut.rs" 78 41 78 55 + let%span s02_iter_mut2 = "02_iter_mut.rs" 75 10 75 29 + let%span s02_iter_mut3 = "02_iter_mut.rs" 76 10 76 35 + let%span s02_iter_mut4 = "02_iter_mut.rs" 77 10 77 33 let%span svec5 = "../../../../creusot-contracts/src/std/vec.rs" 152 27 152 46 let%span svec6 = "../../../../creusot-contracts/src/std/vec.rs" 153 26 153 54 let%span svec7 = "../../../../creusot-contracts/src/std/vec.rs" 154 26 154 57 @@ -851,51 +745,47 @@ module M_02_iter_mut__iter_mut [#"02_iter_mut.rs" 82 0 82 55] (! return' {result}) ] end -module M_02_iter_mut__all_zero [#"02_iter_mut.rs" 88 0 88 35] - let%span s02_iter_mut0 = "02_iter_mut.rs" 90 19 90 35 - let%span s02_iter_mut1 = "02_iter_mut.rs" 91 23 91 47 - let%span s02_iter_mut2 = "02_iter_mut.rs" 94 16 94 85 - let%span s02_iter_mut3 = "02_iter_mut.rs" 93 16 93 55 - let%span s02_iter_mut4 = "02_iter_mut.rs" 92 16 92 23 - let%span s02_iter_mut5 = "02_iter_mut.rs" 98 27 98 75 - let%span s02_iter_mut6 = "02_iter_mut.rs" 99 21 99 22 - let%span s02_iter_mut7 = "02_iter_mut.rs" 86 10 86 33 - let%span s02_iter_mut8 = "02_iter_mut.rs" 87 10 87 64 - let%span s02_iter_mut9 = "02_iter_mut.rs" 82 19 82 20 - let%span s02_iter_mut10 = "02_iter_mut.rs" 82 41 82 55 - let%span s02_iter_mut11 = "02_iter_mut.rs" 79 10 79 29 - let%span s02_iter_mut12 = "02_iter_mut.rs" 80 10 80 35 - let%span s02_iter_mut13 = "02_iter_mut.rs" 81 10 81 33 - let%span s02_iter_mut14 = "02_iter_mut.rs" 74 17 74 21 - let%span s02_iter_mut15 = "02_iter_mut.rs" 74 26 74 30 - let%span s02_iter_mut16 = "02_iter_mut.rs" 73 14 73 28 +module M_02_iter_mut__all_zero [#"02_iter_mut.rs" 84 0 84 35] + let%span s02_iter_mut0 = "02_iter_mut.rs" 86 19 86 35 + let%span s02_iter_mut1 = "02_iter_mut.rs" 87 23 87 47 + let%span s02_iter_mut2 = "02_iter_mut.rs" 90 16 90 85 + let%span s02_iter_mut3 = "02_iter_mut.rs" 89 16 89 55 + let%span s02_iter_mut4 = "02_iter_mut.rs" 88 16 88 23 + let%span s02_iter_mut5 = "02_iter_mut.rs" 94 27 94 75 + let%span s02_iter_mut6 = "02_iter_mut.rs" 95 21 95 22 + let%span s02_iter_mut7 = "02_iter_mut.rs" 82 10 82 33 + let%span s02_iter_mut8 = "02_iter_mut.rs" 83 10 83 64 + let%span s02_iter_mut9 = "02_iter_mut.rs" 78 19 78 20 + let%span s02_iter_mut10 = "02_iter_mut.rs" 78 41 78 55 + let%span s02_iter_mut11 = "02_iter_mut.rs" 75 10 75 29 + let%span s02_iter_mut12 = "02_iter_mut.rs" 76 10 76 35 + let%span s02_iter_mut13 = "02_iter_mut.rs" 77 10 77 33 + let%span s02_iter_mut14 = "02_iter_mut.rs" 70 17 70 21 + let%span s02_iter_mut15 = "02_iter_mut.rs" 70 26 70 30 + let%span s02_iter_mut16 = "02_iter_mut.rs" 69 14 69 28 let%span sindex17 = "../../../../creusot-contracts/src/logic/ops/index.rs" 89 8 89 33 let%span s02_iter_mut18 = "02_iter_mut.rs" 39 12 43 13 - let%span s02_iter_mut19 = "02_iter_mut.rs" 67 17 67 21 - let%span s02_iter_mut20 = "02_iter_mut.rs" 67 26 67 44 - let%span s02_iter_mut21 = "02_iter_mut.rs" 63 14 66 5 + let%span s02_iter_mut19 = "02_iter_mut.rs" 63 17 63 21 + let%span s02_iter_mut20 = "02_iter_mut.rs" 63 26 63 44 + let%span s02_iter_mut21 = "02_iter_mut.rs" 59 14 62 5 let%span svec22 = "../../../../creusot-contracts/src/std/vec.rs" 18 14 18 41 let%span smodel23 = "../../../../creusot-contracts/src/model.rs" 106 8 106 22 let%span sindex24 = "../../../../creusot-contracts/src/logic/ops/index.rs" 23 8 23 31 let%span sslice25 = "../../../../creusot-contracts/src/std/slice.rs" 28 14 28 41 let%span sslice26 = "../../../../creusot-contracts/src/std/slice.rs" 29 14 29 42 - let%span s02_iter_mut27 = "02_iter_mut.rs" 49 15 49 24 - let%span s02_iter_mut28 = "02_iter_mut.rs" 50 14 50 45 - let%span s02_iter_mut29 = "02_iter_mut.rs" 47 4 47 10 - let%span s02_iter_mut30 = "02_iter_mut.rs" 55 15 55 21 - let%span s02_iter_mut31 = "02_iter_mut.rs" 56 15 56 21 - let%span s02_iter_mut32 = "02_iter_mut.rs" 57 15 57 21 - let%span s02_iter_mut33 = "02_iter_mut.rs" 58 15 58 32 - let%span s02_iter_mut34 = "02_iter_mut.rs" 59 15 59 32 - let%span s02_iter_mut35 = "02_iter_mut.rs" 60 14 60 42 - let%span s02_iter_mut36 = "02_iter_mut.rs" 53 4 53 10 - let%span sslice37 = "../../../../creusot-contracts/src/std/slice.rs" 87 14 87 41 - let%span sslice38 = "../../../../creusot-contracts/src/std/slice.rs" 88 14 88 84 - let%span s02_iter_mut39 = "02_iter_mut.rs" 32 8 32 76 - let%span sresolve40 = "../../../../creusot-contracts/src/resolve.rs" 54 20 54 34 - let%span sindex41 = "../../../../creusot-contracts/src/logic/ops/index.rs" 45 8 45 31 - let%span s02_iter_mut42 = "02_iter_mut.rs" 22 20 22 64 - let%span sinvariant43 = "../../../../creusot-contracts/src/invariant.rs" 34 20 34 44 + let%span s02_iter_mut27 = "02_iter_mut.rs" 49 14 49 45 + let%span s02_iter_mut28 = "02_iter_mut.rs" 47 4 47 10 + let%span s02_iter_mut29 = "02_iter_mut.rs" 54 15 54 32 + let%span s02_iter_mut30 = "02_iter_mut.rs" 55 15 55 32 + let%span s02_iter_mut31 = "02_iter_mut.rs" 56 14 56 42 + let%span s02_iter_mut32 = "02_iter_mut.rs" 52 4 52 10 + let%span sslice33 = "../../../../creusot-contracts/src/std/slice.rs" 87 14 87 41 + let%span sslice34 = "../../../../creusot-contracts/src/std/slice.rs" 88 14 88 84 + let%span s02_iter_mut35 = "02_iter_mut.rs" 32 8 32 76 + let%span sresolve36 = "../../../../creusot-contracts/src/resolve.rs" 54 20 54 34 + let%span sindex37 = "../../../../creusot-contracts/src/logic/ops/index.rs" 45 8 45 31 + let%span s02_iter_mut38 = "02_iter_mut.rs" 22 20 22 64 + let%span sinvariant39 = "../../../../creusot-contracts/src/invariant.rs" 34 20 34 44 use prelude.prelude.Borrow @@ -946,7 +836,7 @@ module M_02_iter_mut__all_zero [#"02_iter_mut.rs" 88 0 88 35] && ([%#sslice26] view'3 self = Slice.id self) predicate invariant'0 [#"02_iter_mut.rs" 20 4 20 30] (self : t_IterMut'0) = - [%#s02_iter_mut42] Seq.length (view'3 (self.t_IterMut__inner'0).final) + [%#s02_iter_mut38] Seq.length (view'3 (self.t_IterMut__inner'0).final) = Seq.length (view'3 (self.t_IterMut__inner'0).current) predicate inv'0 (_1 : t_IterMut'0) @@ -1013,13 +903,13 @@ module M_02_iter_mut__all_zero [#"02_iter_mut.rs" 88 0 88 35] use seq.Seq function index_logic'2 [@inline:trivial] (self : slice usize) (ix : int) : usize = - [%#sindex41] Seq.get (view'3 self) ix + [%#sindex37] Seq.get (view'3 self) ix function to_mut_seq'0 (self : borrowed (slice usize)) : Seq.seq (borrowed usize) - axiom to_mut_seq'0_spec : forall self : borrowed (slice usize) . ([%#sslice37] Seq.length (to_mut_seq'0 self) + axiom to_mut_seq'0_spec : forall self : borrowed (slice usize) . ([%#sslice33] Seq.length (to_mut_seq'0 self) = Seq.length (view'2 self)) - && ([%#sslice38] forall i : int . 0 <= i /\ i < Seq.length (to_mut_seq'0 self) + && ([%#sslice34] forall i : int . 0 <= i /\ i < Seq.length (to_mut_seq'0 self) -> Seq.get (to_mut_seq'0 self) i = Borrow.borrow_logic (index_logic'2 self.current i) (index_logic'2 self.final i) (Borrow.inherit_id (Borrow.get_id self) i)) @@ -1034,25 +924,21 @@ module M_02_iter_mut__all_zero [#"02_iter_mut.rs" 88 0 88 35] /\ (Seq.get (to_mut_seq'0 self.t_IterMut__inner'0) i).final = (Seq.get (Seq.(++) visited (to_mut_seq'0 tl.t_IterMut__inner'0)) i).final) - function produces_trans'0 [#"02_iter_mut.rs" 61 4 61 90] (a : t_IterMut'0) (ab : Seq.seq (borrowed usize)) (b : t_IterMut'0) (bc : Seq.seq (borrowed usize)) (c : t_IterMut'0) : () + function produces_trans'0 [#"02_iter_mut.rs" 57 4 57 90] (a : t_IterMut'0) (ab : Seq.seq (borrowed usize)) (b : t_IterMut'0) (bc : Seq.seq (borrowed usize)) (c : t_IterMut'0) : () = - [%#s02_iter_mut36] () + [%#s02_iter_mut32] () - axiom produces_trans'0_spec : forall a : t_IterMut'0, ab : Seq.seq (borrowed usize), b : t_IterMut'0, bc : Seq.seq (borrowed usize), c : t_IterMut'0 . ([%#s02_iter_mut30] inv'0 a) - -> ([%#s02_iter_mut31] inv'0 b) - -> ([%#s02_iter_mut32] inv'0 c) - -> ([%#s02_iter_mut33] produces'0 a ab b) - -> ([%#s02_iter_mut34] produces'0 b bc c) -> ([%#s02_iter_mut35] produces'0 a (Seq.(++) ab bc) c) + axiom produces_trans'0_spec : forall a : t_IterMut'0, ab : Seq.seq (borrowed usize), b : t_IterMut'0, bc : Seq.seq (borrowed usize), c : t_IterMut'0 . ([%#s02_iter_mut29] produces'0 a ab b) + -> ([%#s02_iter_mut30] produces'0 b bc c) -> ([%#s02_iter_mut31] produces'0 a (Seq.(++) ab bc) c) - function produces_refl'0 [#"02_iter_mut.rs" 51 4 51 26] (self : t_IterMut'0) : () = - [%#s02_iter_mut29] () + function produces_refl'0 [#"02_iter_mut.rs" 50 4 50 26] (self : t_IterMut'0) : () = + [%#s02_iter_mut28] () - axiom produces_refl'0_spec : forall self : t_IterMut'0 . ([%#s02_iter_mut27] inv'0 self) - -> ([%#s02_iter_mut28] produces'0 self (Seq.empty : Seq.seq (borrowed usize)) self) + axiom produces_refl'0_spec : forall self : t_IterMut'0 . [%#s02_iter_mut27] produces'0 self (Seq.empty : Seq.seq (borrowed usize)) self predicate invariant'1 (self : borrowed (t_IterMut'0)) = - [%#sinvariant43] inv'0 self.current /\ inv'0 self.final + [%#sinvariant39] inv'0 self.current /\ inv'0 self.final predicate inv'2 (_1 : borrowed (t_IterMut'0)) @@ -1067,14 +953,14 @@ module M_02_iter_mut__all_zero [#"02_iter_mut.rs" 88 0 88 35] axiom inv_axiom'3 [@rewrite] : forall x : t_Option'0 [inv'3 x] . inv'3 x = true predicate resolve'4 (self : borrowed (slice usize)) = - [%#sresolve40] self.final = self.current + [%#sresolve36] self.final = self.current use seq.Seq use seq.Seq predicate completed'0 [#"02_iter_mut.rs" 31 4 31 35] (self : borrowed (t_IterMut'0)) = - [%#s02_iter_mut39] resolve'4 (self.current).t_IterMut__inner'0 + [%#s02_iter_mut35] resolve'4 (self.current).t_IterMut__inner'0 /\ Seq.(==) (view'2 (self.current).t_IterMut__inner'0) (Seq.empty : Seq.seq usize) use seq.Seq @@ -1097,13 +983,13 @@ module M_02_iter_mut__all_zero [#"02_iter_mut.rs" 88 0 88 35] predicate resolve'2 (self : borrowed usize) = - [%#sresolve40] self.final = self.current + [%#sresolve36] self.final = self.current predicate resolve'0 (_1 : borrowed usize) = resolve'2 _1 predicate resolve'3 (self : borrowed (t_Vec'0)) = - [%#sresolve40] self.final = self.current + [%#sresolve36] self.final = self.current predicate resolve'1 (_1 : borrowed (t_Vec'0)) = resolve'3 _1 @@ -1183,8 +1069,8 @@ module M_02_iter_mut__all_zero [#"02_iter_mut.rs" 88 0 88 35] (! return' {result}) ] end -module M_02_iter_mut__qyi4305820612590367313__produces_trans__refines [#"02_iter_mut.rs" 61 4 61 90] (* as common::Iterator> *) - let%span s02_iter_mut0 = "02_iter_mut.rs" 61 4 61 90 +module M_02_iter_mut__qyi4305820612590367313__produces_trans__refines [#"02_iter_mut.rs" 57 4 57 90] (* as common::Iterator> *) + let%span s02_iter_mut0 = "02_iter_mut.rs" 57 4 57 90 let%span s02_iter_mut1 = "02_iter_mut.rs" 39 12 43 13 let%span smodel2 = "../../../../creusot-contracts/src/model.rs" 106 8 106 22 let%span sslice3 = "../../../../creusot-contracts/src/std/slice.rs" 87 14 87 41 @@ -1192,11 +1078,6 @@ module M_02_iter_mut__qyi4305820612590367313__produces_trans__refines [#"02_iter let%span sslice5 = "../../../../creusot-contracts/src/std/slice.rs" 28 14 28 41 let%span sslice6 = "../../../../creusot-contracts/src/std/slice.rs" 29 14 29 42 let%span sindex7 = "../../../../creusot-contracts/src/logic/ops/index.rs" 45 8 45 31 - let%span s02_iter_mut8 = "02_iter_mut.rs" 22 20 22 64 - let%span sinvariant9 = "../../../../creusot-contracts/src/invariant.rs" 34 20 34 44 - let%span sslice10 = "../../../../creusot-contracts/src/std/slice.rs" 18 20 18 30 - let%span sseq11 = "../../../../creusot-contracts/src/logic/seq.rs" 611 20 611 95 - let%span sboxed12 = "../../../../creusot-contracts/src/std/boxed.rs" 28 8 28 18 use prelude.prelude.Borrow @@ -1262,59 +1143,13 @@ module M_02_iter_mut__qyi4305820612590367313__produces_trans__refines [#"02_iter /\ (Seq.get (to_mut_seq'0 self.t_IterMut__inner'0) i).final = (Seq.get (Seq.(++) visited (to_mut_seq'0 tl.t_IterMut__inner'0)) i).final) - predicate invariant'0 [#"02_iter_mut.rs" 20 4 20 30] (self : t_IterMut'0) = - [%#s02_iter_mut8] Seq.length (view'1 (self.t_IterMut__inner'0).final) - = Seq.length (view'1 (self.t_IterMut__inner'0).current) - - use seq.Seq - - predicate inv'5 (_1 : t_T'0) - - predicate invariant'4 (self : t_T'0) = - [%#sboxed12] inv'5 self - - predicate inv'4 (_1 : t_T'0) - - axiom inv_axiom'4 [@rewrite] : forall x : t_T'0 [inv'4 x] . inv'4 x = invariant'4 x - - predicate invariant'3 (self : Seq.seq t_T'0) = - [%#sseq11] forall i : int . 0 <= i /\ i < Seq.length self -> inv'4 (Seq.get self i) - - predicate inv'3 (_1 : Seq.seq t_T'0) - - axiom inv_axiom'3 [@rewrite] : forall x : Seq.seq t_T'0 [inv'3 x] . inv'3 x = invariant'3 x - - predicate invariant'2 (self : slice t_T'0) = - [%#sslice10] inv'3 (view'1 self) - - predicate inv'2 (_1 : slice t_T'0) - - axiom inv_axiom'2 [@rewrite] : forall x : slice t_T'0 [inv'2 x] . inv'2 x = invariant'2 x - - predicate invariant'1 (self : borrowed (slice t_T'0)) = - [%#sinvariant9] inv'2 self.current /\ inv'2 self.final - - predicate inv'1 (_1 : borrowed (slice t_T'0)) - - axiom inv_axiom'1 [@rewrite] : forall x : borrowed (slice t_T'0) [inv'1 x] . inv'1 x = invariant'1 x - - predicate inv'0 (_1 : t_IterMut'0) - - axiom inv_axiom'0 [@rewrite] : forall x : t_IterMut'0 [inv'0 x] . inv'0 x - = (invariant'0 x - /\ match x with - | {t_IterMut__inner'0 = inner} -> inv'1 inner - end) - goal refines : [%#s02_iter_mut0] forall a : t_IterMut'0 . forall ab : Seq.seq (borrowed t_T'0) . forall b : t_IterMut'0 . forall bc : Seq.seq (borrowed t_T'0) . forall c : t_IterMut'0 . produces'0 b bc c - /\ produces'0 a ab b /\ inv'0 c /\ inv'0 b /\ inv'0 a - -> produces'0 b bc c /\ produces'0 a ab b - /\ inv'0 c - /\ inv'0 b /\ inv'0 a /\ (forall result : () . produces'0 a (Seq.(++) ab bc) c -> produces'0 a (Seq.(++) ab bc) c) + -> produces'0 b bc c + /\ produces'0 a ab b /\ (forall result : () . produces'0 a (Seq.(++) ab bc) c -> produces'0 a (Seq.(++) ab bc) c) end -module M_02_iter_mut__qyi4305820612590367313__next__refines [#"02_iter_mut.rs" 67 4 67 44] (* as common::Iterator> *) - let%span s02_iter_mut0 = "02_iter_mut.rs" 67 4 67 44 +module M_02_iter_mut__qyi4305820612590367313__next__refines [#"02_iter_mut.rs" 63 4 63 44] (* as common::Iterator> *) + let%span s02_iter_mut0 = "02_iter_mut.rs" 63 4 63 44 let%span s02_iter_mut1 = "02_iter_mut.rs" 32 8 32 76 let%span s02_iter_mut2 = "02_iter_mut.rs" 39 12 43 13 let%span sresolve3 = "../../../../creusot-contracts/src/resolve.rs" 54 20 54 34 @@ -1490,20 +1325,15 @@ module M_02_iter_mut__qyi4305820612590367313__next__refines [#"02_iter_mut.rs" 6 end /\ inv'1 result) end -module M_02_iter_mut__qyi4305820612590367313__produces_refl__refines [#"02_iter_mut.rs" 51 4 51 26] (* as common::Iterator> *) - let%span s02_iter_mut0 = "02_iter_mut.rs" 51 4 51 26 +module M_02_iter_mut__qyi4305820612590367313__produces_refl__refines [#"02_iter_mut.rs" 50 4 50 26] (* as common::Iterator> *) + let%span s02_iter_mut0 = "02_iter_mut.rs" 50 4 50 26 let%span s02_iter_mut1 = "02_iter_mut.rs" 39 12 43 13 let%span smodel2 = "../../../../creusot-contracts/src/model.rs" 106 8 106 22 let%span sslice3 = "../../../../creusot-contracts/src/std/slice.rs" 87 14 87 41 let%span sslice4 = "../../../../creusot-contracts/src/std/slice.rs" 88 14 88 84 - let%span s02_iter_mut5 = "02_iter_mut.rs" 22 20 22 64 - let%span sslice6 = "../../../../creusot-contracts/src/std/slice.rs" 28 14 28 41 - let%span sslice7 = "../../../../creusot-contracts/src/std/slice.rs" 29 14 29 42 - let%span sindex8 = "../../../../creusot-contracts/src/logic/ops/index.rs" 45 8 45 31 - let%span sinvariant9 = "../../../../creusot-contracts/src/invariant.rs" 34 20 34 44 - let%span sslice10 = "../../../../creusot-contracts/src/std/slice.rs" 18 20 18 30 - let%span sseq11 = "../../../../creusot-contracts/src/logic/seq.rs" 611 20 611 95 - let%span sboxed12 = "../../../../creusot-contracts/src/std/boxed.rs" 28 8 28 18 + let%span sslice5 = "../../../../creusot-contracts/src/std/slice.rs" 28 14 28 41 + let%span sslice6 = "../../../../creusot-contracts/src/std/slice.rs" 29 14 29 42 + let%span sindex7 = "../../../../creusot-contracts/src/logic/ops/index.rs" 45 8 45 31 use prelude.prelude.Borrow @@ -1516,6 +1346,12 @@ module M_02_iter_mut__qyi4305820612590367313__produces_refl__refines [#"02_iter_ use seq.Seq + use seq.Seq + + use seq.Seq + + use seq.Seq + use prelude.prelude.UIntSize constant v_MAX'0 : usize = (18446744073709551615 : usize) @@ -1526,61 +1362,11 @@ module M_02_iter_mut__qyi4305820612590367313__produces_refl__refines [#"02_iter_ use prelude.prelude.Slice - use seq.Seq - function view'1 (self : slice t_T'0) : Seq.seq t_T'0 - axiom view'1_spec : forall self : slice t_T'0 . ([%#sslice6] Seq.length (view'1 self) + axiom view'1_spec : forall self : slice t_T'0 . ([%#sslice5] Seq.length (view'1 self) <= UIntSize.to_int (v_MAX'0 : usize)) - && ([%#sslice7] view'1 self = Slice.id self) - - predicate invariant'0 [#"02_iter_mut.rs" 20 4 20 30] (self : t_IterMut'0) = - [%#s02_iter_mut5] Seq.length (view'1 (self.t_IterMut__inner'0).final) - = Seq.length (view'1 (self.t_IterMut__inner'0).current) - - use seq.Seq - - predicate inv'5 (_1 : t_T'0) - - predicate invariant'4 (self : t_T'0) = - [%#sboxed12] inv'5 self - - predicate inv'4 (_1 : t_T'0) - - axiom inv_axiom'4 [@rewrite] : forall x : t_T'0 [inv'4 x] . inv'4 x = invariant'4 x - - predicate invariant'3 (self : Seq.seq t_T'0) = - [%#sseq11] forall i : int . 0 <= i /\ i < Seq.length self -> inv'4 (Seq.get self i) - - predicate inv'3 (_1 : Seq.seq t_T'0) - - axiom inv_axiom'3 [@rewrite] : forall x : Seq.seq t_T'0 [inv'3 x] . inv'3 x = invariant'3 x - - predicate invariant'2 (self : slice t_T'0) = - [%#sslice10] inv'3 (view'1 self) - - predicate inv'2 (_1 : slice t_T'0) - - axiom inv_axiom'2 [@rewrite] : forall x : slice t_T'0 [inv'2 x] . inv'2 x = invariant'2 x - - predicate invariant'1 (self : borrowed (slice t_T'0)) = - [%#sinvariant9] inv'2 self.current /\ inv'2 self.final - - predicate inv'1 (_1 : borrowed (slice t_T'0)) - - axiom inv_axiom'1 [@rewrite] : forall x : borrowed (slice t_T'0) [inv'1 x] . inv'1 x = invariant'1 x - - predicate inv'0 (_1 : t_IterMut'0) - - axiom inv_axiom'0 [@rewrite] : forall x : t_IterMut'0 [inv'0 x] . inv'0 x - = (invariant'0 x - /\ match x with - | {t_IterMut__inner'0 = inner} -> inv'1 inner - end) - - use seq.Seq - - use seq.Seq + && ([%#sslice6] view'1 self = Slice.id self) function view'0 (self : borrowed (slice t_T'0)) : Seq.seq t_T'0 = [%#smodel2] view'1 self.current @@ -1592,7 +1378,7 @@ module M_02_iter_mut__qyi4305820612590367313__produces_refl__refines [#"02_iter_ use seq.Seq function index_logic'0 [@inline:trivial] (self : slice t_T'0) (ix : int) : t_T'0 = - [%#sindex8] Seq.get (view'1 self) ix + [%#sindex7] Seq.get (view'1 self) ix function to_mut_seq'0 (self : borrowed (slice t_T'0)) : Seq.seq (borrowed t_T'0) @@ -1615,8 +1401,6 @@ module M_02_iter_mut__qyi4305820612590367313__produces_refl__refines [#"02_iter_ /\ (Seq.get (to_mut_seq'0 self.t_IterMut__inner'0) i).final = (Seq.get (Seq.(++) visited (to_mut_seq'0 tl.t_IterMut__inner'0)) i).final) - goal refines : [%#s02_iter_mut0] forall self : t_IterMut'0 . inv'0 self - -> inv'0 self - /\ (forall result : () . produces'0 self (Seq.empty : Seq.seq (borrowed t_T'0)) self - -> produces'0 self (Seq.empty : Seq.seq (borrowed t_T'0)) self) + goal refines : [%#s02_iter_mut0] forall self : t_IterMut'0 . forall result : () . produces'0 self (Seq.empty : Seq.seq (borrowed t_T'0)) self + -> produces'0 self (Seq.empty : Seq.seq (borrowed t_T'0)) self end diff --git a/creusot/tests/should_succeed/iterators/02_iter_mut.rs b/creusot/tests/should_succeed/iterators/02_iter_mut.rs index b72c5eb24..42e717ee5 100644 --- a/creusot/tests/should_succeed/iterators/02_iter_mut.rs +++ b/creusot/tests/should_succeed/iterators/02_iter_mut.rs @@ -46,15 +46,11 @@ impl<'a, T> Iterator for IterMut<'a, T> { #[law] #[open] - #[requires(inv(self))] #[ensures(self.produces(Seq::EMPTY, self))] fn produces_refl(self) {} #[law] #[open] - #[requires(inv(a))] - #[requires(inv(b))] - #[requires(inv(c))] #[requires(a.produces(ab, b))] #[requires(b.produces(bc, c))] #[ensures(a.produces(ab.concat(bc), c))] diff --git a/creusot/tests/should_succeed/iterators/02_iter_mut/why3session.xml b/creusot/tests/should_succeed/iterators/02_iter_mut/why3session.xml index 4e6502ebb..bdfcf00fd 100644 --- a/creusot/tests/should_succeed/iterators/02_iter_mut/why3session.xml +++ b/creusot/tests/should_succeed/iterators/02_iter_mut/why3session.xml @@ -9,12 +9,12 @@ - + - + @@ -24,7 +24,7 @@ - + @@ -67,46 +67,46 @@ - + - + - + - + - + - + - + - + - + - + - + - + - + - + diff --git a/creusot/tests/should_succeed/iterators/02_iter_mut/why3shapes.gz b/creusot/tests/should_succeed/iterators/02_iter_mut/why3shapes.gz index ac58188b8b4cb5ae93b0c65c5b235dcb775f6dcb..adb20fede420fee54d3c5d1fac21296b15f2e54e 100644 GIT binary patch literal 2792 zcmVnDoC4rEep;zq~ z+vA>fyL)%@>jPDl%2nlZw|g>k7^qbgDN!HEkMduCSU-LCU-Q%YB_E&mkB7gn<@$%e zt^7y-vd_QYp##594(|PrAN@l<{Brty{&0HS?GGpavis@&KXM>oC$AD@rMd^ojY(=W~b;2-+=&-u7N?e?jt-|bVG z-TEIL)g4VOmc2%Bw7K^mmn9}A0f(EF|9X5(&oMvUfnz>@`Fi@(vF+mQX0vKXyVh~z zmHsI|G@V#GoN4{=!Eq;@+AdFT?kDq(J29CNmur`0Hs#-BU*3QC;C=8R`na8bD6^BP zPHN@%hZld``@`u@I{dBtd8Zw2>R>D&9CZT9(WVZ@0^G4qKsvUmgRuZ}yc6J#Z|Y$6 zsUJyy+HFty_|x<04(`7E>dL9li^+*@F>_*52V?EvR3`vVZR%hVt=gGe&|1Wn(Av$< z(W;#(Xf=yi)ID0wRkZ3ETJ>gpHgpKx;m9FuhSBQN$$#4Y{CLQBP$$WM+WqVCOTGi= zu)kAu*k5WHt?G#1fAaD1%h!i|%Bh41J8K((We8v9pZ14e9`fn&;84`yWn+VU`(2dF zW#yau{$i1BhtX!pV{k2x!BQSOyH{20n~Hri#lEcA*A@Hv3id_CzL;VkD)ymb9~@u3 z2j9%e8a=W`kGuc?cY5S8RY9XFW>g<<;1DhX&Wr<2I8(#f)NnR4P+o!8QiY&$m$%f2 zR&cRO^j|LO1hsJZv3y-D1k^_#vg^fyW_1r~(}zi)<`_r z9yzDGFTcLEx;^K``PxqrS112#-ZlH<)2ZxxeOIRM)~7$e=JjwVol)|~{Pg^AT74P< zqjO>V|HVc?dg}D0ruyYgUH_Pd=51SuaJleCi)HD@iXpxPt=lvV2%YP= zc^~JuyVP^iK*-x9pXY(+ONww7RffRe$`}ZazFcAM?{{R@(UMrHzlRs52Bt zrA^+~`YpFN`Davsd2voDxNqLj!lLawNfep)<%rhw97vaH-o|sQ=)LK|A^*1I&@UWP zgMMdf7}gJe&o$h*hpTC!`0)K%q1^3zbHdV^(M3)ZLW|Lg)}E5xTId||qHv*#^N0hd z6P4(_uIbD*H&Zf(l__CmN;subRJj&au0>Na#wv4Sl{v8~_u-ZL@XCB@D}!&fGEk`= zRH_F()hoomIzj()u0?HDb7IS0C$>XVr>ZB^m8MQsPsph!pn3wTC*Vp`$EqioEk>e=bgl|r%Qt|oagMB zU4D4_{c}E+gZ=yY>qCZjXgTj->p%Oa-HU&Co-1ObdtukbZnHP{5p^Bb{;&&=&xiE% zElN8Vi+2AB5pBG)>WNDn`Voxmkwpm{7n#C-Ai|G@q zDzBc}A+$Fz`d}93RCz(0u1D%$V{0>hes~zlGY<6`S-skl#x}!fsc)$y>ZSEgpAuhI z`%^x4&GpN2XMOI4YOe1m@D+&9tqfr6S=mHG|90?ki3GouRxXZnD8M@9|D#Rk!=KGQKcpR;PrgVU;`t$_6E7$2$G1kshYxeW z4L32U?O?JP7dI@wA!=^fMDga&KaZSL9wmDJY{ru_DN>HaX8ia4?Hh6gBV>|xWV#q5 zbKMv7MfFENGx-_qys&G*-_qiU*WVF{U*VD!5RP<95=n0-uF%C5TmR9K7|nL2@;a0Y zk!8@Go58$=s0Ek7xZ=(q1m=sb(sX%V)6!fqK6JnFF7&ro^Nk~P#2qdEcH;;~eq}{+ z^rS_ivM#E$nif@WhizSSyflzGN4R|zY>vP&>Rn3{NI8P)S=wx02ToB#1DPbe*bd<2E^|r&5(_AlSu-nJ!HhnqpmbCz8Du#$Q7ENi z7AAuLv1S&fMPZR!WEROHS_EsXw#vfF>yW{K(9n=Uj+~@uKxK{r5mMO^M@!0*v?MHX zOUx2kLQ7!LSkxBPO63O82%|uT#87Z4!8eQ;NR%X+;wocF-=GPRd1E4G6^xcT2L!Gg zof$R8H)+ktGPDeCRoKW}{DxUD9V8(mt+n7m@+Rmk!kS6Tgk{_^_71f?h2Xtljij6i zb7KxQvb9 zJVq2OO2|A=;{|zLZe3X}Ef@9W0Sdx7>p897*zsXNoI;ylxVfRLm?TE$q;fb1viGposJZgo4jU9pLb=@^X$83fDVS>TWp_+*4Z5!PB+Ev**csNXjxHYzthDbije zmrOTanG}`hfv6-0Evx~njn(?w4Mp++c%zhQKqrHkP2eIVl^O6T_}VaQ$Qt}U=1@l= zQ~<7{(6Zq|VlpxZ#*ELw$F-5x2y1w`?eAz;0#~4eL=YjwY#OdKQuI8;sB%HBXbl-_ zv^DDgHK!UOIM*R@i4l`dCZO^>QMIbR_n>^WfF!VotqtKZ;MA;0tICElAw{Bz*pPC z%92;o%74_GjmZz`odpa$j)A6)D?Ek)$%b)(X zaG%`sHvRs96}WAz;L&~jN9=Z`S8@{Q2qp01w}O ztt#<2P=-ph%20__8RS!cN#}g7Z%^mVDgE{Um8!J!hvV_^`(}6evJGy#kLizg`~WUI z9gk^$Zp6l4>h0d`y7{l^xIJ&SF`M6PW1d~RkCiSi9j}<39iY;yNB3!7VssTysnx=L zKOW*!NT&y=j7#6XpZ~1PdUkg8*d5rc%V4!=zHJ&T3~jkn+SRRMGwd{)@vOVBqI=wx z#pc}A&QINi6=iqPtTV847u|FhPTYkPsImf8R-nqpP~`=xyg-$Yp(+YgMS-dqLsb^2 z$^uo{LsefvRgIyl3RG2rs+!#QhYuA(g;XJ1-~4j9_cB22N9=K=*C^p=4zVoo9#&TQ z-w0{WefZ#h5zAU*&mt3UBxk!{;q)IMQ<6P83L>7q1 z8xY|IBD~K<{Iy)v!-p04urYjYAYdl?bY<>|zAQEueeL`-`gBedA1gB(Te^!rb2Iw% zB>MDf92y8Eco0_oXz}^%K5u?G?9&63Nphbz|2lk24^UNzC87{l{b*4}{PD93hi~6^ z>6~JN%!{=FSo(Ct+-bZ2vP5-T8$a8v}0DxC|;4xJ|qY7qJ z7jIA@Tm_sN2Arr&31?Hn*-Sur1733#FQ>D+YF;BaTlKmxS9Pz=w;%J@*}_I$^fk%- zM)9KwZ$nyjVbWFcHnH{|+ibS`eL7w?J`$_9`*v84oZ`c`UtiO1&Utmd=2O7M+5MU} z_4ar==Y209^7O;<{O9+y?C+#ql-x0$o_6QO=RPo67dHQ&-FEi?{9SaRqT`_wSon%<+||2?&E=N@jRh3vz(XN7#X zZ_NpFI)jTGCxiy01+5(=ySLC)$g{zjD$WD;oK6&?_p+r6*X)WlG!Ycm=E^vr|-K2Z?JON!Pn~1BD zny`YBM4(Sitjb_*pAx6{dX<_!pRW=MjUVi&WJW5Pk**RnRQx*W&9s-IlDC^n>d%_R z#$VdoZs(^ZNmMeom2$RY6kSs(Z}ya8lD@_G{aNK#N8LXDt!EwtM{}xuUn)Sc&^QPo*?vj;dZ;tf79_$TF(Yz15jK9`)e6q2wv6= zFk=kI$7s*!{%DeZ|7X2TySRbN$!7^hxIAXG;`yZA_}-}a@L>wL{w8{}Elg(P;tusY zqUN4WWN-fR%fLywvG4q|8ct56NL3_O!@nQz-%v#`Kql#mOdDflZu?@YRDKA|zeUVl zO54W1W~Cxt-r|YhV4MXI73qdbl3tHop|dO2?o&l#FxwW?+fdGQmqB}O2Gd5Plw}6P zx;$;Fr%E@;yu9c%WLOLj-EF)L{q@a!QxR6gE1LcNqaqymm1W7nvk-~G&8U!Xnl-)d zw{_L_Qcw9R!u5+_s|YGaooi_XsfwU@mR9SRfs@Tp&rt}kwuEMN2kKh}!&tW;cB2fI zZLz!X+|eT4|B%!_7>wtpG!*4Mjf==~g>;K`&r%i(FQcg;GV)9-rzzGx=@7t2l|u4q zsjafo3d=3CWYNMR)XoqCl2{w!WOyW#C`9c!F(zTDt(mB}AcA8FQ7~=-(?Y8drI5ze zq>_+JZBbej7P&=cku0J`u&_wRNW}!!QPkW(kcf=Dls*xXl9)B88%*d@^hyU6qd}H@ z9fVRUBw-Q=5KC=IS(287C2omXB1>oqEE>T284#1407ZoMGY!(^oS7i83kFU zEmM|B%YO zH(KiC5xA~(VpJPf$0cW$ljV4?!CI#1Az~6tdr8PhYc05!y!JW?zvRktX}PeRzriez z-a98)Eh$C9RGY|>^g8(vnIv3t(-_o0Vmx6$4UtLh&_~WWDrG>|wU#0HqV(n`gW2z}6UDwRVI`G=n5@4yN)xv6SHG8vh%{>#sgy4Zoh!SL^8lBU~ z6XTTcR4c2E)y?1yu2mdsU5ltuCKZ)Isl8U@l_Qm~UK+9nt$`o3?;()k!3gcZXysE( z#I;Zolo7~N&I<;t5!P^P*pDw{QmmC1nt>qWM2gZOPl_CpVUpELqpeZa$oE-}v=H7H zCnyjTOfn~vM1h(Tir~T$A(tGm#^n2c$CVX1S7RMbkPxKiF}dI|MM<2*-OlYU14z)CqM}dYVK;g9}Fv w;|W1o1erbj{u^+~Gc-y&&XK9a0kJk2RSbpqUNm`BzsE}d1L%j4pLr_)0Fi9H;Q#;t diff --git a/creusot/tests/should_succeed/iterators/04_skip.coma b/creusot/tests/should_succeed/iterators/04_skip.coma index 4b9130608..8f2849501 100644 --- a/creusot/tests/should_succeed/iterators/04_skip.coma +++ b/creusot/tests/should_succeed/iterators/04_skip.coma @@ -1,37 +1,16 @@ -module M_04_skip__qyi17349041008065389927__produces_refl [#"04_skip.rs" 51 4 51 26] (* as common::Iterator> *) - let%span s04_skip0 = "04_skip.rs" 49 15 49 24 - let%span s04_skip1 = "04_skip.rs" 50 14 50 45 - let%span s04_skip2 = "04_skip.rs" 47 4 47 10 - let%span s04_skip3 = "04_skip.rs" 38 12 43 74 - let%span scommon4 = "common.rs" 14 15 14 24 - let%span scommon5 = "common.rs" 15 14 15 45 - let%span scommon6 = "common.rs" 19 15 19 21 - let%span scommon7 = "common.rs" 20 15 20 21 - let%span scommon8 = "common.rs" 21 15 21 21 - let%span scommon9 = "common.rs" 22 15 22 32 - let%span scommon10 = "common.rs" 23 15 23 32 - let%span scommon11 = "common.rs" 24 14 24 42 - let%span sseq12 = "../../../../creusot-contracts/src/logic/seq.rs" 611 20 611 95 - let%span sboxed13 = "../../../../creusot-contracts/src/std/boxed.rs" 28 8 28 18 - - type t_I'0 - - use prelude.prelude.UIntSize - - type t_Skip'0 = - { t_Skip__iter'0: t_I'0; t_Skip__n'0: usize } - - predicate inv'2 (_1 : t_I'0) - - predicate inv'0 (_1 : t_Skip'0) - - axiom inv_axiom'0 [@rewrite] : forall x : t_Skip'0 [inv'0 x] . inv'0 x - = match x with - | {t_Skip__iter'0 = iter ; t_Skip__n'0 = n} -> inv'2 iter - end +module M_04_skip__qyi17349041008065389927__produces_refl [#"04_skip.rs" 50 4 50 26] (* as common::Iterator> *) + let%span s04_skip0 = "04_skip.rs" 49 14 49 45 + let%span s04_skip1 = "04_skip.rs" 47 4 47 10 + let%span s04_skip2 = "04_skip.rs" 38 12 43 74 + let%span scommon3 = "common.rs" 14 14 14 45 + let%span scommon4 = "common.rs" 18 15 18 32 + let%span scommon5 = "common.rs" 19 15 19 32 + let%span scommon6 = "common.rs" 20 14 20 42 use seq.Seq + type t_I'0 + use seq.Seq type t_Item'0 @@ -40,43 +19,26 @@ module M_04_skip__qyi17349041008065389927__produces_refl [#"04_skip.rs" 51 4 51 predicate produces'1 [#"common.rs" 8 4 8 65] (self : t_I'0) (visited : Seq.seq t_Item'0) (o : t_I'0) - function produces_trans'0 [#"common.rs" 25 4 25 91] (a : t_I'0) (ab : Seq.seq t_Item'0) (b : t_I'0) (bc : Seq.seq t_Item'0) (c : t_I'0) : () + function produces_trans'0 [#"common.rs" 21 4 21 91] (a : t_I'0) (ab : Seq.seq t_Item'0) (b : t_I'0) (bc : Seq.seq t_Item'0) (c : t_I'0) : () - axiom produces_trans'0_spec : forall a : t_I'0, ab : Seq.seq t_Item'0, b : t_I'0, bc : Seq.seq t_Item'0, c : t_I'0 . ([%#scommon6] inv'2 a) - -> ([%#scommon7] inv'2 b) - -> ([%#scommon8] inv'2 c) - -> ([%#scommon9] produces'1 a ab b) - -> ([%#scommon10] produces'1 b bc c) -> ([%#scommon11] produces'1 a (Seq.(++) ab bc) c) + axiom produces_trans'0_spec : forall a : t_I'0, ab : Seq.seq t_Item'0, b : t_I'0, bc : Seq.seq t_Item'0, c : t_I'0 . ([%#scommon4] produces'1 a ab b) + -> ([%#scommon5] produces'1 b bc c) -> ([%#scommon6] produces'1 a (Seq.(++) ab bc) c) - function produces_refl'1 [#"common.rs" 16 4 16 27] (self : t_I'0) : () + function produces_refl'1 [#"common.rs" 15 4 15 27] (self : t_I'0) : () - axiom produces_refl'1_spec : forall self : t_I'0 . ([%#scommon4] inv'2 self) - -> ([%#scommon5] produces'1 self (Seq.empty : Seq.seq t_Item'0) self) + axiom produces_refl'1_spec : forall self : t_I'0 . [%#scommon3] produces'1 self (Seq.empty : Seq.seq t_Item'0) self use prelude.prelude.UIntSize - use seq.Seq + type t_Skip'0 = + { t_Skip__iter'0: t_I'0; t_Skip__n'0: usize } - use prelude.prelude.Int + use prelude.prelude.UIntSize use seq.Seq - predicate inv'4 (_1 : t_Item'0) - - predicate invariant'1 (self : t_Item'0) = - [%#sboxed13] inv'4 self - - predicate inv'3 (_1 : t_Item'0) - - axiom inv_axiom'2 [@rewrite] : forall x : t_Item'0 [inv'3 x] . inv'3 x = invariant'1 x - - predicate invariant'0 (self : Seq.seq t_Item'0) = - [%#sseq12] forall i : int . 0 <= i /\ i < Seq.length self -> inv'3 (Seq.get self i) - - predicate inv'1 (_1 : Seq.seq t_Item'0) - - axiom inv_axiom'1 [@rewrite] : forall x : Seq.seq t_Item'0 [inv'1 x] . inv'1 x = invariant'0 x + use prelude.prelude.Int use seq.Seq @@ -85,40 +47,29 @@ module M_04_skip__qyi17349041008065389927__produces_refl [#"04_skip.rs" 51 4 51 predicate resolve'0 (_1 : t_Item'0) predicate produces'0 [#"04_skip.rs" 36 4 36 64] (self : t_Skip'0) (visited : Seq.seq t_Item'0) (o : t_Skip'0) = - [%#s04_skip3] visited = (Seq.empty : Seq.seq t_Item'0) /\ self = o + [%#s04_skip2] visited = (Seq.empty : Seq.seq t_Item'0) /\ self = o \/ UIntSize.to_int o.t_Skip__n'0 = 0 /\ Seq.length visited > 0 - /\ (exists s : Seq.seq t_Item'0 . inv'1 s - /\ Seq.length s = UIntSize.to_int self.t_Skip__n'0 + /\ (exists s : Seq.seq t_Item'0 . Seq.length s = UIntSize.to_int self.t_Skip__n'0 /\ produces'1 self.t_Skip__iter'0 (Seq.(++) s visited) o.t_Skip__iter'0 /\ (forall i : int . 0 <= i /\ i < Seq.length s -> resolve'0 (Seq.get s i))) constant self : t_Skip'0 - function produces_refl'0 [#"04_skip.rs" 51 4 51 26] (self : t_Skip'0) : () + function produces_refl'0 [#"04_skip.rs" 50 4 50 26] (self : t_Skip'0) : () - goal vc_produces_refl'0 : ([%#s04_skip0] inv'0 self) - -> ([%#s04_skip1] produces'0 self (Seq.empty : Seq.seq t_Item'0) self) + goal vc_produces_refl'0 : [%#s04_skip0] produces'0 self (Seq.empty : Seq.seq t_Item'0) self end -module M_04_skip__qyi17349041008065389927__produces_trans [#"04_skip.rs" 61 4 61 90] (* as common::Iterator> *) - let%span s04_skip0 = "04_skip.rs" 55 15 55 21 - let%span s04_skip1 = "04_skip.rs" 56 15 56 21 - let%span s04_skip2 = "04_skip.rs" 57 15 57 21 - let%span s04_skip3 = "04_skip.rs" 58 15 58 32 - let%span s04_skip4 = "04_skip.rs" 59 15 59 32 - let%span s04_skip5 = "04_skip.rs" 60 14 60 42 - let%span s04_skip6 = "04_skip.rs" 53 4 53 10 - let%span s04_skip7 = "04_skip.rs" 38 12 43 74 - let%span scommon8 = "common.rs" 14 15 14 24 - let%span scommon9 = "common.rs" 15 14 15 45 - let%span scommon10 = "common.rs" 19 15 19 21 - let%span scommon11 = "common.rs" 20 15 20 21 - let%span scommon12 = "common.rs" 21 15 21 21 - let%span scommon13 = "common.rs" 22 15 22 32 - let%span scommon14 = "common.rs" 23 15 23 32 - let%span scommon15 = "common.rs" 24 14 24 42 - let%span sseq16 = "../../../../creusot-contracts/src/logic/seq.rs" 611 20 611 95 - let%span sboxed17 = "../../../../creusot-contracts/src/std/boxed.rs" 28 8 28 18 +module M_04_skip__qyi17349041008065389927__produces_trans [#"04_skip.rs" 57 4 57 90] (* as common::Iterator> *) + let%span s04_skip0 = "04_skip.rs" 54 15 54 32 + let%span s04_skip1 = "04_skip.rs" 55 15 55 32 + let%span s04_skip2 = "04_skip.rs" 56 14 56 42 + let%span s04_skip3 = "04_skip.rs" 52 4 52 10 + let%span s04_skip4 = "04_skip.rs" 38 12 43 74 + let%span scommon5 = "common.rs" 14 14 14 45 + let%span scommon6 = "common.rs" 18 15 18 32 + let%span scommon7 = "common.rs" 19 15 19 32 + let%span scommon8 = "common.rs" 20 14 20 42 type t_I'0 @@ -127,15 +78,6 @@ module M_04_skip__qyi17349041008065389927__produces_trans [#"04_skip.rs" 61 4 61 type t_Skip'0 = { t_Skip__iter'0: t_I'0; t_Skip__n'0: usize } - predicate inv'2 (_1 : t_I'0) - - predicate inv'0 (_1 : t_Skip'0) - - axiom inv_axiom'0 [@rewrite] : forall x : t_Skip'0 [inv'0 x] . inv'0 x - = match x with - | {t_Skip__iter'0 = iter ; t_Skip__n'0 = n} -> inv'2 iter - end - use seq.Seq use seq.Seq @@ -146,19 +88,15 @@ module M_04_skip__qyi17349041008065389927__produces_trans [#"04_skip.rs" 61 4 61 predicate produces'1 [#"common.rs" 8 4 8 65] (self : t_I'0) (visited : Seq.seq t_Item'0) (o : t_I'0) - function produces_trans'1 [#"common.rs" 25 4 25 91] (a : t_I'0) (ab : Seq.seq t_Item'0) (b : t_I'0) (bc : Seq.seq t_Item'0) (c : t_I'0) : () + function produces_trans'1 [#"common.rs" 21 4 21 91] (a : t_I'0) (ab : Seq.seq t_Item'0) (b : t_I'0) (bc : Seq.seq t_Item'0) (c : t_I'0) : () - axiom produces_trans'1_spec : forall a : t_I'0, ab : Seq.seq t_Item'0, b : t_I'0, bc : Seq.seq t_Item'0, c : t_I'0 . ([%#scommon10] inv'2 a) - -> ([%#scommon11] inv'2 b) - -> ([%#scommon12] inv'2 c) - -> ([%#scommon13] produces'1 a ab b) - -> ([%#scommon14] produces'1 b bc c) -> ([%#scommon15] produces'1 a (Seq.(++) ab bc) c) + axiom produces_trans'1_spec : forall a : t_I'0, ab : Seq.seq t_Item'0, b : t_I'0, bc : Seq.seq t_Item'0, c : t_I'0 . ([%#scommon6] produces'1 a ab b) + -> ([%#scommon7] produces'1 b bc c) -> ([%#scommon8] produces'1 a (Seq.(++) ab bc) c) - function produces_refl'0 [#"common.rs" 16 4 16 27] (self : t_I'0) : () + function produces_refl'0 [#"common.rs" 15 4 15 27] (self : t_I'0) : () - axiom produces_refl'0_spec : forall self : t_I'0 . ([%#scommon8] inv'2 self) - -> ([%#scommon9] produces'1 self (Seq.empty : Seq.seq t_Item'0) self) + axiom produces_refl'0_spec : forall self : t_I'0 . [%#scommon5] produces'1 self (Seq.empty : Seq.seq t_Item'0) self use prelude.prelude.UIntSize @@ -168,34 +106,15 @@ module M_04_skip__qyi17349041008065389927__produces_trans [#"04_skip.rs" 61 4 61 use seq.Seq - predicate inv'4 (_1 : t_Item'0) - - predicate invariant'1 (self : t_Item'0) = - [%#sboxed17] inv'4 self - - predicate inv'3 (_1 : t_Item'0) - - axiom inv_axiom'2 [@rewrite] : forall x : t_Item'0 [inv'3 x] . inv'3 x = invariant'1 x - - predicate invariant'0 (self : Seq.seq t_Item'0) = - [%#sseq16] forall i : int . 0 <= i /\ i < Seq.length self -> inv'3 (Seq.get self i) - - predicate inv'1 (_1 : Seq.seq t_Item'0) - - axiom inv_axiom'1 [@rewrite] : forall x : Seq.seq t_Item'0 [inv'1 x] . inv'1 x = invariant'0 x - - use seq.Seq - use prelude.prelude.Borrow predicate resolve'0 (_1 : t_Item'0) predicate produces'0 [#"04_skip.rs" 36 4 36 64] (self : t_Skip'0) (visited : Seq.seq t_Item'0) (o : t_Skip'0) = - [%#s04_skip7] visited = (Seq.empty : Seq.seq t_Item'0) /\ self = o + [%#s04_skip4] visited = (Seq.empty : Seq.seq t_Item'0) /\ self = o \/ UIntSize.to_int o.t_Skip__n'0 = 0 /\ Seq.length visited > 0 - /\ (exists s : Seq.seq t_Item'0 . inv'1 s - /\ Seq.length s = UIntSize.to_int self.t_Skip__n'0 + /\ (exists s : Seq.seq t_Item'0 . Seq.length s = UIntSize.to_int self.t_Skip__n'0 /\ produces'1 self.t_Skip__iter'0 (Seq.(++) s visited) o.t_Skip__iter'0 /\ (forall i : int . 0 <= i /\ i < Seq.length s -> resolve'0 (Seq.get s i))) @@ -209,50 +128,41 @@ module M_04_skip__qyi17349041008065389927__produces_trans [#"04_skip.rs" 61 4 61 constant c : t_Skip'0 - function produces_trans'0 [#"04_skip.rs" 61 4 61 90] (a : t_Skip'0) (ab : Seq.seq t_Item'0) (b : t_Skip'0) (bc : Seq.seq t_Item'0) (c : t_Skip'0) : () + function produces_trans'0 [#"04_skip.rs" 57 4 57 90] (a : t_Skip'0) (ab : Seq.seq t_Item'0) (b : t_Skip'0) (bc : Seq.seq t_Item'0) (c : t_Skip'0) : () - goal vc_produces_trans'0 : ([%#s04_skip4] produces'0 b bc c) - -> ([%#s04_skip3] produces'0 a ab b) - -> ([%#s04_skip2] inv'0 c) - -> ([%#s04_skip1] inv'0 b) -> ([%#s04_skip0] inv'0 a) -> ([%#s04_skip5] produces'0 a (Seq.(++) ab bc) c) + goal vc_produces_trans'0 : ([%#s04_skip1] produces'0 b bc c) + -> ([%#s04_skip0] produces'0 a ab b) -> ([%#s04_skip2] produces'0 a (Seq.(++) ab bc) c) end -module M_04_skip__qyi17349041008065389927__next [#"04_skip.rs" 67 4 67 41] (* as common::Iterator> *) - let%span s04_skip0 = "04_skip.rs" 68 23 68 41 - let%span s04_skip1 = "04_skip.rs" 70 26 70 50 - let%span s04_skip2 = "04_skip.rs" 77 20 77 35 - let%span s04_skip3 = "04_skip.rs" 76 20 76 87 - let%span s04_skip4 = "04_skip.rs" 72 8 72 31 - let%span s04_skip5 = "04_skip.rs" 74 20 74 53 - let%span s04_skip6 = "04_skip.rs" 73 20 73 33 - let%span s04_skip7 = "04_skip.rs" 72 20 72 29 - let%span s04_skip8 = "04_skip.rs" 80 20 80 21 - let%span s04_skip9 = "04_skip.rs" 84 26 84 73 - let%span s04_skip10 = "04_skip.rs" 85 21 85 22 - let%span s04_skip11 = "04_skip.rs" 67 17 67 21 - let%span s04_skip12 = "04_skip.rs" 67 26 67 41 - let%span s04_skip13 = "04_skip.rs" 63 14 66 5 - let%span smem14 = "../../../../creusot-contracts/src/std/mem.rs" 17 22 17 37 - let%span smem15 = "../../../../creusot-contracts/src/std/mem.rs" 18 22 18 42 - let%span sindex16 = "../../../../creusot-contracts/src/logic/ops/index.rs" 89 8 89 33 - let%span scommon17 = "common.rs" 31 17 31 21 - let%span scommon18 = "common.rs" 31 26 31 44 - let%span scommon19 = "common.rs" 27 14 30 5 - let%span s04_skip20 = "04_skip.rs" 24 12 30 37 - let%span s04_skip21 = "04_skip.rs" 38 12 43 74 - let%span snum22 = "../../../../creusot-contracts/src/std/num.rs" 29 28 29 32 - let%span sresolve23 = "../../../../creusot-contracts/src/resolve.rs" 54 20 54 34 - let%span scommon24 = "common.rs" 14 15 14 24 - let%span scommon25 = "common.rs" 15 14 15 45 - let%span scommon26 = "common.rs" 19 15 19 21 - let%span scommon27 = "common.rs" 20 15 20 21 - let%span scommon28 = "common.rs" 21 15 21 21 - let%span scommon29 = "common.rs" 22 15 22 32 - let%span scommon30 = "common.rs" 23 15 23 32 - let%span scommon31 = "common.rs" 24 14 24 42 - let%span sseq32 = "../../../../creusot-contracts/src/logic/seq.rs" 611 20 611 95 - let%span sinvariant33 = "../../../../creusot-contracts/src/invariant.rs" 34 20 34 44 - let%span sboxed34 = "../../../../creusot-contracts/src/std/boxed.rs" 28 8 28 18 +module M_04_skip__qyi17349041008065389927__next [#"04_skip.rs" 63 4 63 41] (* as common::Iterator> *) + let%span s04_skip0 = "04_skip.rs" 64 23 64 41 + let%span s04_skip1 = "04_skip.rs" 66 26 66 50 + let%span s04_skip2 = "04_skip.rs" 72 20 72 35 + let%span s04_skip3 = "04_skip.rs" 71 20 71 87 + let%span s04_skip4 = "04_skip.rs" 68 8 68 31 + let%span s04_skip5 = "04_skip.rs" 69 20 69 53 + let%span s04_skip6 = "04_skip.rs" 68 20 68 29 + let%span s04_skip7 = "04_skip.rs" 75 20 75 21 + let%span s04_skip8 = "04_skip.rs" 79 26 79 73 + let%span s04_skip9 = "04_skip.rs" 80 21 80 22 + let%span s04_skip10 = "04_skip.rs" 63 17 63 21 + let%span s04_skip11 = "04_skip.rs" 63 26 63 41 + let%span s04_skip12 = "04_skip.rs" 59 14 62 5 + let%span smem13 = "../../../../creusot-contracts/src/std/mem.rs" 17 22 17 37 + let%span smem14 = "../../../../creusot-contracts/src/std/mem.rs" 18 22 18 42 + let%span sindex15 = "../../../../creusot-contracts/src/logic/ops/index.rs" 89 8 89 33 + let%span scommon16 = "common.rs" 27 17 27 21 + let%span scommon17 = "common.rs" 27 26 27 44 + let%span scommon18 = "common.rs" 23 14 26 5 + let%span s04_skip19 = "04_skip.rs" 24 12 30 37 + let%span s04_skip20 = "04_skip.rs" 38 12 43 74 + let%span snum21 = "../../../../creusot-contracts/src/std/num.rs" 29 28 29 32 + let%span sresolve22 = "../../../../creusot-contracts/src/resolve.rs" 54 20 54 34 + let%span scommon23 = "common.rs" 14 14 14 45 + let%span scommon24 = "common.rs" 18 15 18 32 + let%span scommon25 = "common.rs" 19 15 19 32 + let%span scommon26 = "common.rs" 20 14 20 42 + let%span sinvariant27 = "../../../../creusot-contracts/src/invariant.rs" 34 20 34 44 use prelude.prelude.Snapshot @@ -265,35 +175,33 @@ module M_04_skip__qyi17349041008065389927__next [#"04_skip.rs" 67 4 67 41] (* {inv'6 result} - {[%#smem14] result = dest.current} - {[%#smem15] is_default'0 dest.final} + [ return' (result:usize)-> {inv'5 result} + {[%#smem13] result = dest.current} + {[%#smem14] is_default'0 dest.final} (! return' {result}) ] predicate resolve'3 (self : borrowed usize) = - [%#sresolve23] self.final = self.current + [%#sresolve22] self.final = self.current predicate resolve'0 (_1 : borrowed usize) = resolve'3 _1 use seq.Seq - predicate inv'2 (_1 : t_I'0) - use seq.Seq type t_Item'0 @@ -302,19 +210,15 @@ module M_04_skip__qyi17349041008065389927__next [#"04_skip.rs" 67 4 67 41] (* ([%#scommon27] inv'2 b) - -> ([%#scommon28] inv'2 c) - -> ([%#scommon29] produces'0 a ab b) - -> ([%#scommon30] produces'0 b bc c) -> ([%#scommon31] produces'0 a (Seq.(++) ab bc) c) + axiom produces_trans'0_spec : forall a : t_I'0, ab : Seq.seq t_Item'0, b : t_I'0, bc : Seq.seq t_Item'0, c : t_I'0 . ([%#scommon24] produces'0 a ab b) + -> ([%#scommon25] produces'0 b bc c) -> ([%#scommon26] produces'0 a (Seq.(++) ab bc) c) - function produces_refl'0 [#"common.rs" 16 4 16 27] (self : t_I'0) : () + function produces_refl'0 [#"common.rs" 15 4 15 27] (self : t_I'0) : () - axiom produces_refl'0_spec : forall self : t_I'0 . ([%#scommon24] inv'2 self) - -> ([%#scommon25] produces'0 self (Seq.empty : Seq.seq t_Item'0) self) + axiom produces_refl'0_spec : forall self : t_I'0 . [%#scommon23] produces'0 self (Seq.empty : Seq.seq t_Item'0) self use prelude.prelude.Snapshot @@ -331,7 +235,7 @@ module M_04_skip__qyi17349041008065389927__next [#"04_skip.rs" 67 4 67 41] (* inv'8 (Seq.get self i) - - predicate inv'0 (_1 : Seq.seq t_Item'0) - - axiom inv_axiom'0 [@rewrite] : forall x : Seq.seq t_Item'0 [inv'0 x] . inv'0 x = invariant'0 x + predicate inv'1 (_1 : t_I'0) - predicate inv'9 (_1 : t_Skip'0) + predicate inv'7 (_1 : t_Skip'0) - axiom inv_axiom'7 [@rewrite] : forall x : t_Skip'0 [inv'9 x] . inv'9 x + axiom inv_axiom'5 [@rewrite] : forall x : t_Skip'0 [inv'7 x] . inv'7 x = match x with - | {t_Skip__iter'0 = iter ; t_Skip__n'0 = n} -> inv'2 iter + | {t_Skip__iter'0 = iter ; t_Skip__n'0 = n} -> inv'1 iter end - predicate invariant'1 (self : borrowed (t_Skip'0)) = - [%#sinvariant33] inv'9 self.current /\ inv'9 self.final + predicate invariant'0 (self : borrowed (t_Skip'0)) = + [%#sinvariant27] inv'7 self.current /\ inv'7 self.final - predicate inv'1 (_1 : borrowed (t_Skip'0)) + predicate inv'0 (_1 : borrowed (t_Skip'0)) - axiom inv_axiom'1 [@rewrite] : forall x : borrowed (t_Skip'0) [inv'1 x] . inv'1 x = invariant'1 x + axiom inv_axiom'0 [@rewrite] : forall x : borrowed (t_Skip'0) [inv'0 x] . inv'0 x = invariant'0 x - predicate invariant'2 (self : borrowed t_I'0) = - [%#sinvariant33] inv'2 self.current /\ inv'2 self.final + predicate invariant'1 (self : borrowed t_I'0) = + [%#sinvariant27] inv'1 self.current /\ inv'1 self.final - predicate inv'7 (_1 : borrowed t_I'0) + predicate inv'6 (_1 : borrowed t_I'0) - axiom inv_axiom'5 [@rewrite] : forall x : borrowed t_I'0 [inv'7 x] . inv'7 x = invariant'2 x + axiom inv_axiom'4 [@rewrite] : forall x : borrowed t_I'0 [inv'6 x] . inv'6 x = invariant'1 x type t_Option'0 = | C_None'0 | C_Some'0 t_Item'0 - predicate inv'4 (_1 : t_Option'0) + predicate inv'2 (_1 : t_Item'0) + + predicate inv'3 (_1 : t_Option'0) - axiom inv_axiom'2 [@rewrite] : forall x : t_Option'0 [inv'4 x] . inv'4 x + axiom inv_axiom'1 [@rewrite] : forall x : t_Option'0 [inv'3 x] . inv'3 x = match x with | C_None'0 -> true - | C_Some'0 a_0 -> inv'3 a_0 + | C_Some'0 a_0 -> inv'2 a_0 end predicate completed'1 [#"common.rs" 11 4 11 36] (self : borrowed t_I'0) use seq.Seq - let rec next'1 (self:borrowed t_I'0) (return' (ret:t_Option'0))= {[@expl:next 'self' type invariant] [%#scommon17] inv'7 self} + let rec next'1 (self:borrowed t_I'0) (return' (ret:t_Option'0))= {[@expl:next 'self' type invariant] [%#scommon16] inv'6 self} any - [ return' (result:t_Option'0)-> {[%#scommon18] inv'4 result} - {[%#scommon19] match result with + [ return' (result:t_Option'0)-> {[%#scommon17] inv'3 result} + {[%#scommon18] match result with | C_None'0 -> completed'1 self | C_Some'0 v -> produces'0 self.current (Seq.singleton v) self.final end} @@ -410,7 +300,7 @@ module M_04_skip__qyi17349041008065389927__next [#"04_skip.rs" 67 4 67 41] (* resolve'1 (Seq.get s i)) /\ completed'1 i /\ i.final = (self.final).t_Skip__iter'0) predicate produces'1 [#"04_skip.rs" 36 4 36 64] (self : t_Skip'0) (visited : Seq.seq t_Item'0) (o : t_Skip'0) = - [%#s04_skip21] visited = (Seq.empty : Seq.seq t_Item'0) /\ self = o + [%#s04_skip20] visited = (Seq.empty : Seq.seq t_Item'0) /\ self = o \/ UIntSize.to_int o.t_Skip__n'0 = 0 /\ Seq.length visited > 0 - /\ (exists s : Seq.seq t_Item'0 . inv'0 s - /\ Seq.length s = UIntSize.to_int self.t_Skip__n'0 + /\ (exists s : Seq.seq t_Item'0 . Seq.length s = UIntSize.to_int self.t_Skip__n'0 /\ produces'0 self.t_Skip__iter'0 (Seq.(++) s visited) o.t_Skip__iter'0 /\ (forall i : int . 0 <= i /\ i < Seq.length s -> resolve'1 (Seq.get s i))) meta "compute_max_steps" 1000000 - let rec next'0 (self:borrowed (t_Skip'0)) (return' (ret:t_Option'0))= {[@expl:next 'self' type invariant] [%#s04_skip11] inv'1 self} + let rec next'0 (self:borrowed (t_Skip'0)) (return' (ret:t_Option'0))= {[@expl:next 'self' type invariant] [%#s04_skip10] inv'0 self} (! bb0 [ bb0 = s0 [ s0 = [ &old_self <- [%#s04_skip0] Snapshot.new self ] s1 | s1 = bb1 ] | bb1 = s0 @@ -461,42 +348,41 @@ module M_04_skip__qyi17349041008065389927__next [#"04_skip.rs" 67 4 67 41] (* resolve'1 (index_logic'0 skipped i)} - {[@expl:loop invariant #5] [%#s04_skip2] UIntSize.to_int (self.current).t_Skip__n'0 = 0} + {[@expl:loop invariant #4] [%#s04_skip2] UIntSize.to_int (self.current).t_Skip__n'0 = 0} (! s0) [ s0 = bb5 ] [ bb5 = s0 - [ s0 = {inv'2 (self.current).t_Skip__iter'0} + [ s0 = {inv'1 (self.current).t_Skip__iter'0} Borrow.borrow_mut {(self.current).t_Skip__iter'0} (fun (_ret':borrowed t_I'0) -> - [ &_20 <- _ret' ] - -{inv'2 _ret'.final}- + [ &_19 <- _ret' ] + -{inv'1 _ret'.final}- [ &self <- { self with current = { self.current with t_Skip__iter'0 = _ret'.final } } ] s1) - | s1 = next'1 {_20} (fun (_ret':t_Option'0) -> [ &r <- _ret' ] s2) + | s1 = next'1 {_19} (fun (_ret':t_Option'0) -> [ &r <- _ret' ] s2) | s2 = bb6 ] | bb6 = s0 - [ s0 = UIntSize.eq {n} {[%#s04_skip8] (0 : usize)} (fun (_ret':bool) -> [ &_22 <- _ret' ] s1) - | s1 = any [ br0 -> {_22 = false} (! bb8) | br1 -> {_22} (! bb7) ] ] + [ s0 = UIntSize.eq {n} {[%#s04_skip7] (0 : usize)} (fun (_ret':bool) -> [ &_21 <- _ret' ] s1) + | s1 = any [ br0 -> {_21 = false} (! bb8) | br1 -> {_21} (! bb7) ] ] | bb8 = any [ br0 -> {r = C_None'0 } (! bb9) | br1 (x0:t_Item'0)-> {r = C_Some'0 x0} (! bb10) ] | bb10 = bb11 | bb11 = s0 [ s0 = v_Some'0 {r} (fun (r0'0:t_Item'0) -> [ &x <- r0'0 ] s1) - | s1 = {[@expl:type invariant] inv'3 x} s2 + | s1 = {[@expl:type invariant] inv'2 x} s2 | s2 = -{resolve'1 x}- s3 - | s3 = [ &_27 <- [%#s04_skip9] Snapshot.new (Seq.(++) (Snapshot.inner skipped) (Seq.singleton x)) ] s4 + | s3 = [ &_26 <- [%#s04_skip8] Snapshot.new (Seq.(++) (Snapshot.inner skipped) (Seq.singleton x)) ] s4 | s4 = bb12 ] | bb12 = s0 - [ s0 = [ &skipped <- _27 ] s1 - | s1 = UIntSize.sub {n} {[%#s04_skip10] (1 : usize)} (fun (_ret':usize) -> [ &n <- _ret' ] s2) + [ s0 = [ &skipped <- _26 ] s1 + | s1 = UIntSize.sub {n} {[%#s04_skip9] (1 : usize)} (fun (_ret':usize) -> [ &n <- _ret' ] s2) | s2 = bb13 ] | bb13 = bb14 @@ -504,10 +390,10 @@ module M_04_skip__qyi17349041008065389927__next [#"04_skip.rs" 67 4 67 41] (* {[@expl:next result type invariant] [%#s04_skip12] inv'4 result} - {[@expl:next ensures] [%#s04_skip13] match result with + [ return' (result:t_Option'0)-> {[@expl:next result type invariant] [%#s04_skip11] inv'3 result} + {[@expl:next ensures] [%#s04_skip12] match result with | C_None'0 -> completed'0 self | C_Some'0 v -> produces'1 self.current (Seq.singleton v) self.final end} (! return' {result}) ] end -module M_04_skip__qyi17349041008065389927__next__refines [#"04_skip.rs" 67 4 67 41] (* as common::Iterator> *) - let%span s04_skip0 = "04_skip.rs" 67 4 67 41 +module M_04_skip__qyi17349041008065389927__next__refines [#"04_skip.rs" 63 4 63 41] (* as common::Iterator> *) + let%span s04_skip0 = "04_skip.rs" 63 4 63 41 let%span s04_skip1 = "04_skip.rs" 24 12 30 37 let%span s04_skip2 = "04_skip.rs" 38 12 43 74 let%span sinvariant3 = "../../../../creusot-contracts/src/invariant.rs" 34 20 34 44 - let%span scommon4 = "common.rs" 14 15 14 24 - let%span scommon5 = "common.rs" 15 14 15 45 - let%span scommon6 = "common.rs" 19 15 19 21 - let%span scommon7 = "common.rs" 20 15 20 21 - let%span scommon8 = "common.rs" 21 15 21 21 - let%span scommon9 = "common.rs" 22 15 22 32 - let%span scommon10 = "common.rs" 23 15 23 32 - let%span scommon11 = "common.rs" 24 14 24 42 - let%span sseq12 = "../../../../creusot-contracts/src/logic/seq.rs" 611 20 611 95 - let%span sboxed13 = "../../../../creusot-contracts/src/std/boxed.rs" 28 8 28 18 + let%span scommon4 = "common.rs" 14 14 14 45 + let%span scommon5 = "common.rs" 18 15 18 32 + let%span scommon6 = "common.rs" 19 15 19 32 + let%span scommon7 = "common.rs" 20 14 20 42 use prelude.prelude.Borrow @@ -559,17 +439,17 @@ module M_04_skip__qyi17349041008065389927__next__refines [#"04_skip.rs" 67 4 67 type t_Skip'0 = { t_Skip__iter'0: t_I'0; t_Skip__n'0: usize } - predicate inv'6 (_1 : t_I'0) + predicate inv'4 (_1 : t_I'0) - predicate inv'5 (_1 : t_Skip'0) + predicate inv'3 (_1 : t_Skip'0) - axiom inv_axiom'4 [@rewrite] : forall x : t_Skip'0 [inv'5 x] . inv'5 x + axiom inv_axiom'2 [@rewrite] : forall x : t_Skip'0 [inv'3 x] . inv'3 x = match x with - | {t_Skip__iter'0 = iter ; t_Skip__n'0 = n} -> inv'6 iter + | {t_Skip__iter'0 = iter ; t_Skip__n'0 = n} -> inv'4 iter end predicate invariant'0 (self : borrowed (t_Skip'0)) = - [%#sinvariant3] inv'5 self.current /\ inv'5 self.final + [%#sinvariant3] inv'3 self.current /\ inv'3 self.final predicate inv'0 (_1 : borrowed (t_Skip'0)) @@ -585,19 +465,15 @@ module M_04_skip__qyi17349041008065389927__next__refines [#"04_skip.rs" 67 4 67 predicate produces'1 [#"common.rs" 8 4 8 65] (self : t_I'0) (visited : Seq.seq t_Item'0) (o : t_I'0) - function produces_trans'0 [#"common.rs" 25 4 25 91] (a : t_I'0) (ab : Seq.seq t_Item'0) (b : t_I'0) (bc : Seq.seq t_Item'0) (c : t_I'0) : () + function produces_trans'0 [#"common.rs" 21 4 21 91] (a : t_I'0) (ab : Seq.seq t_Item'0) (b : t_I'0) (bc : Seq.seq t_Item'0) (c : t_I'0) : () - axiom produces_trans'0_spec : forall a : t_I'0, ab : Seq.seq t_Item'0, b : t_I'0, bc : Seq.seq t_Item'0, c : t_I'0 . ([%#scommon6] inv'6 a) - -> ([%#scommon7] inv'6 b) - -> ([%#scommon8] inv'6 c) - -> ([%#scommon9] produces'1 a ab b) - -> ([%#scommon10] produces'1 b bc c) -> ([%#scommon11] produces'1 a (Seq.(++) ab bc) c) + axiom produces_trans'0_spec : forall a : t_I'0, ab : Seq.seq t_Item'0, b : t_I'0, bc : Seq.seq t_Item'0, c : t_I'0 . ([%#scommon5] produces'1 a ab b) + -> ([%#scommon6] produces'1 b bc c) -> ([%#scommon7] produces'1 a (Seq.(++) ab bc) c) - function produces_refl'0 [#"common.rs" 16 4 16 27] (self : t_I'0) : () + function produces_refl'0 [#"common.rs" 15 4 15 27] (self : t_I'0) : () - axiom produces_refl'0_spec : forall self : t_I'0 . ([%#scommon4] inv'6 self) - -> ([%#scommon5] produces'1 self (Seq.empty : Seq.seq t_Item'0) self) + axiom produces_refl'0_spec : forall self : t_I'0 . [%#scommon4] produces'1 self (Seq.empty : Seq.seq t_Item'0) self type t_Option'0 = | C_None'0 @@ -605,34 +481,9 @@ module M_04_skip__qyi17349041008065389927__next__refines [#"04_skip.rs" 67 4 67 use prelude.prelude.UIntSize - use prelude.prelude.Int - use seq.Seq - use seq.Seq - - predicate inv'4 (_1 : t_Item'0) - - predicate invariant'3 (self : t_Item'0) = - [%#sboxed13] inv'4 self - - predicate inv'7 (_1 : t_Item'0) - - axiom inv_axiom'5 [@rewrite] : forall x : t_Item'0 [inv'7 x] . inv'7 x = invariant'3 x - - predicate invariant'1 (self : Seq.seq t_Item'0) = - [%#sseq12] forall i : int . 0 <= i /\ i < Seq.length self -> inv'7 (Seq.get self i) - - predicate inv'2 (_1 : Seq.seq t_Item'0) - - axiom inv_axiom'2 [@rewrite] : forall x : Seq.seq t_Item'0 [inv'2 x] . inv'2 x = invariant'1 x - - predicate invariant'2 (self : borrowed t_I'0) = - [%#sinvariant3] inv'6 self.current /\ inv'6 self.final - - predicate inv'3 (_1 : borrowed t_I'0) - - axiom inv_axiom'3 [@rewrite] : forall x : borrowed t_I'0 [inv'3 x] . inv'3 x = invariant'2 x + use prelude.prelude.Int use seq.Seq @@ -642,9 +493,7 @@ module M_04_skip__qyi17349041008065389927__next__refines [#"04_skip.rs" 67 4 67 predicate completed'0 [#"04_skip.rs" 22 4 22 35] (self : borrowed (t_Skip'0)) = [%#s04_skip1] UIntSize.to_int (self.final).t_Skip__n'0 = 0 - /\ (exists s : Seq.seq t_Item'0, i : borrowed t_I'0 . inv'2 s - /\ inv'3 i - /\ Seq.length s <= UIntSize.to_int (self.current).t_Skip__n'0 + /\ (exists s : Seq.seq t_Item'0, i : borrowed t_I'0 . Seq.length s <= UIntSize.to_int (self.current).t_Skip__n'0 /\ produces'1 (self.current).t_Skip__iter'0 s i.current /\ (forall i : int . 0 <= i /\ i < Seq.length s -> resolve'0 (Seq.get s i)) /\ completed'1 i /\ i.final = (self.final).t_Skip__iter'0) @@ -655,17 +504,18 @@ module M_04_skip__qyi17349041008065389927__next__refines [#"04_skip.rs" 67 4 67 [%#s04_skip2] visited = (Seq.empty : Seq.seq t_Item'0) /\ self = o \/ UIntSize.to_int o.t_Skip__n'0 = 0 /\ Seq.length visited > 0 - /\ (exists s : Seq.seq t_Item'0 . inv'2 s - /\ Seq.length s = UIntSize.to_int self.t_Skip__n'0 + /\ (exists s : Seq.seq t_Item'0 . Seq.length s = UIntSize.to_int self.t_Skip__n'0 /\ produces'1 self.t_Skip__iter'0 (Seq.(++) s visited) o.t_Skip__iter'0 /\ (forall i : int . 0 <= i /\ i < Seq.length s -> resolve'0 (Seq.get s i))) + predicate inv'2 (_1 : t_Item'0) + predicate inv'1 (_1 : t_Option'0) axiom inv_axiom'1 [@rewrite] : forall x : t_Option'0 [inv'1 x] . inv'1 x = match x with | C_None'0 -> true - | C_Some'0 a_0 -> inv'4 a_0 + | C_Some'0 a_0 -> inv'2 a_0 end goal refines : [%#s04_skip0] forall self : borrowed (t_Skip'0) . inv'0 self @@ -681,19 +531,13 @@ module M_04_skip__qyi17349041008065389927__next__refines [#"04_skip.rs" 67 4 67 end /\ inv'1 result) end -module M_04_skip__qyi17349041008065389927__produces_refl__refines [#"04_skip.rs" 51 4 51 26] (* as common::Iterator> *) - let%span s04_skip0 = "04_skip.rs" 51 4 51 26 +module M_04_skip__qyi17349041008065389927__produces_refl__refines [#"04_skip.rs" 50 4 50 26] (* as common::Iterator> *) + let%span s04_skip0 = "04_skip.rs" 50 4 50 26 let%span s04_skip1 = "04_skip.rs" 38 12 43 74 - let%span scommon2 = "common.rs" 14 15 14 24 - let%span scommon3 = "common.rs" 15 14 15 45 - let%span scommon4 = "common.rs" 19 15 19 21 - let%span scommon5 = "common.rs" 20 15 20 21 - let%span scommon6 = "common.rs" 21 15 21 21 - let%span scommon7 = "common.rs" 22 15 22 32 - let%span scommon8 = "common.rs" 23 15 23 32 - let%span scommon9 = "common.rs" 24 14 24 42 - let%span sseq10 = "../../../../creusot-contracts/src/logic/seq.rs" 611 20 611 95 - let%span sboxed11 = "../../../../creusot-contracts/src/std/boxed.rs" 28 8 28 18 + let%span scommon2 = "common.rs" 14 14 14 45 + let%span scommon3 = "common.rs" 18 15 18 32 + let%span scommon4 = "common.rs" 19 15 19 32 + let%span scommon5 = "common.rs" 20 14 20 42 type t_I'0 @@ -702,15 +546,6 @@ module M_04_skip__qyi17349041008065389927__produces_refl__refines [#"04_skip.rs" type t_Skip'0 = { t_Skip__iter'0: t_I'0; t_Skip__n'0: usize } - predicate inv'2 (_1 : t_I'0) - - predicate inv'0 (_1 : t_Skip'0) - - axiom inv_axiom'0 [@rewrite] : forall x : t_Skip'0 [inv'0 x] . inv'0 x - = match x with - | {t_Skip__iter'0 = iter ; t_Skip__n'0 = n} -> inv'2 iter - end - use seq.Seq use seq.Seq @@ -721,19 +556,15 @@ module M_04_skip__qyi17349041008065389927__produces_refl__refines [#"04_skip.rs" predicate produces'1 [#"common.rs" 8 4 8 65] (self : t_I'0) (visited : Seq.seq t_Item'0) (o : t_I'0) - function produces_trans'0 [#"common.rs" 25 4 25 91] (a : t_I'0) (ab : Seq.seq t_Item'0) (b : t_I'0) (bc : Seq.seq t_Item'0) (c : t_I'0) : () + function produces_trans'0 [#"common.rs" 21 4 21 91] (a : t_I'0) (ab : Seq.seq t_Item'0) (b : t_I'0) (bc : Seq.seq t_Item'0) (c : t_I'0) : () - axiom produces_trans'0_spec : forall a : t_I'0, ab : Seq.seq t_Item'0, b : t_I'0, bc : Seq.seq t_Item'0, c : t_I'0 . ([%#scommon4] inv'2 a) - -> ([%#scommon5] inv'2 b) - -> ([%#scommon6] inv'2 c) - -> ([%#scommon7] produces'1 a ab b) - -> ([%#scommon8] produces'1 b bc c) -> ([%#scommon9] produces'1 a (Seq.(++) ab bc) c) + axiom produces_trans'0_spec : forall a : t_I'0, ab : Seq.seq t_Item'0, b : t_I'0, bc : Seq.seq t_Item'0, c : t_I'0 . ([%#scommon3] produces'1 a ab b) + -> ([%#scommon4] produces'1 b bc c) -> ([%#scommon5] produces'1 a (Seq.(++) ab bc) c) - function produces_refl'1 [#"common.rs" 16 4 16 27] (self : t_I'0) : () + function produces_refl'1 [#"common.rs" 15 4 15 27] (self : t_I'0) : () - axiom produces_refl'1_spec : forall self : t_I'0 . ([%#scommon2] inv'2 self) - -> ([%#scommon3] produces'1 self (Seq.empty : Seq.seq t_Item'0) self) + axiom produces_refl'1_spec : forall self : t_I'0 . [%#scommon2] produces'1 self (Seq.empty : Seq.seq t_Item'0) self use prelude.prelude.UIntSize @@ -743,24 +574,6 @@ module M_04_skip__qyi17349041008065389927__produces_refl__refines [#"04_skip.rs" use seq.Seq - predicate inv'4 (_1 : t_Item'0) - - predicate invariant'1 (self : t_Item'0) = - [%#sboxed11] inv'4 self - - predicate inv'3 (_1 : t_Item'0) - - axiom inv_axiom'2 [@rewrite] : forall x : t_Item'0 [inv'3 x] . inv'3 x = invariant'1 x - - predicate invariant'0 (self : Seq.seq t_Item'0) = - [%#sseq10] forall i : int . 0 <= i /\ i < Seq.length self -> inv'3 (Seq.get self i) - - predicate inv'1 (_1 : Seq.seq t_Item'0) - - axiom inv_axiom'1 [@rewrite] : forall x : Seq.seq t_Item'0 [inv'1 x] . inv'1 x = invariant'0 x - - use seq.Seq - use prelude.prelude.Borrow predicate resolve'0 (_1 : t_Item'0) @@ -769,29 +582,20 @@ module M_04_skip__qyi17349041008065389927__produces_refl__refines [#"04_skip.rs" [%#s04_skip1] visited = (Seq.empty : Seq.seq t_Item'0) /\ self = o \/ UIntSize.to_int o.t_Skip__n'0 = 0 /\ Seq.length visited > 0 - /\ (exists s : Seq.seq t_Item'0 . inv'1 s - /\ Seq.length s = UIntSize.to_int self.t_Skip__n'0 + /\ (exists s : Seq.seq t_Item'0 . Seq.length s = UIntSize.to_int self.t_Skip__n'0 /\ produces'1 self.t_Skip__iter'0 (Seq.(++) s visited) o.t_Skip__iter'0 /\ (forall i : int . 0 <= i /\ i < Seq.length s -> resolve'0 (Seq.get s i))) - goal refines : [%#s04_skip0] forall self : t_Skip'0 . inv'0 self - -> inv'0 self - /\ (forall result : () . produces'0 self (Seq.empty : Seq.seq t_Item'0) self - -> produces'0 self (Seq.empty : Seq.seq t_Item'0) self) + goal refines : [%#s04_skip0] forall self : t_Skip'0 . forall result : () . produces'0 self (Seq.empty : Seq.seq t_Item'0) self + -> produces'0 self (Seq.empty : Seq.seq t_Item'0) self end -module M_04_skip__qyi17349041008065389927__produces_trans__refines [#"04_skip.rs" 61 4 61 90] (* as common::Iterator> *) - let%span s04_skip0 = "04_skip.rs" 61 4 61 90 +module M_04_skip__qyi17349041008065389927__produces_trans__refines [#"04_skip.rs" 57 4 57 90] (* as common::Iterator> *) + let%span s04_skip0 = "04_skip.rs" 57 4 57 90 let%span s04_skip1 = "04_skip.rs" 38 12 43 74 - let%span scommon2 = "common.rs" 14 15 14 24 - let%span scommon3 = "common.rs" 15 14 15 45 - let%span scommon4 = "common.rs" 19 15 19 21 - let%span scommon5 = "common.rs" 20 15 20 21 - let%span scommon6 = "common.rs" 21 15 21 21 - let%span scommon7 = "common.rs" 22 15 22 32 - let%span scommon8 = "common.rs" 23 15 23 32 - let%span scommon9 = "common.rs" 24 14 24 42 - let%span sseq10 = "../../../../creusot-contracts/src/logic/seq.rs" 611 20 611 95 - let%span sboxed11 = "../../../../creusot-contracts/src/std/boxed.rs" 28 8 28 18 + let%span scommon2 = "common.rs" 14 14 14 45 + let%span scommon3 = "common.rs" 18 15 18 32 + let%span scommon4 = "common.rs" 19 15 19 32 + let%span scommon5 = "common.rs" 20 14 20 42 type t_I'0 @@ -800,8 +604,6 @@ module M_04_skip__qyi17349041008065389927__produces_trans__refines [#"04_skip.rs type t_Skip'0 = { t_Skip__iter'0: t_I'0; t_Skip__n'0: usize } - predicate inv'2 (_1 : t_I'0) - use seq.Seq use seq.Seq @@ -812,19 +614,15 @@ module M_04_skip__qyi17349041008065389927__produces_trans__refines [#"04_skip.rs predicate produces'1 [#"common.rs" 8 4 8 65] (self : t_I'0) (visited : Seq.seq t_Item'0) (o : t_I'0) - function produces_trans'1 [#"common.rs" 25 4 25 91] (a : t_I'0) (ab : Seq.seq t_Item'0) (b : t_I'0) (bc : Seq.seq t_Item'0) (c : t_I'0) : () + function produces_trans'1 [#"common.rs" 21 4 21 91] (a : t_I'0) (ab : Seq.seq t_Item'0) (b : t_I'0) (bc : Seq.seq t_Item'0) (c : t_I'0) : () - axiom produces_trans'1_spec : forall a : t_I'0, ab : Seq.seq t_Item'0, b : t_I'0, bc : Seq.seq t_Item'0, c : t_I'0 . ([%#scommon4] inv'2 a) - -> ([%#scommon5] inv'2 b) - -> ([%#scommon6] inv'2 c) - -> ([%#scommon7] produces'1 a ab b) - -> ([%#scommon8] produces'1 b bc c) -> ([%#scommon9] produces'1 a (Seq.(++) ab bc) c) + axiom produces_trans'1_spec : forall a : t_I'0, ab : Seq.seq t_Item'0, b : t_I'0, bc : Seq.seq t_Item'0, c : t_I'0 . ([%#scommon3] produces'1 a ab b) + -> ([%#scommon4] produces'1 b bc c) -> ([%#scommon5] produces'1 a (Seq.(++) ab bc) c) - function produces_refl'0 [#"common.rs" 16 4 16 27] (self : t_I'0) : () + function produces_refl'0 [#"common.rs" 15 4 15 27] (self : t_I'0) : () - axiom produces_refl'0_spec : forall self : t_I'0 . ([%#scommon2] inv'2 self) - -> ([%#scommon3] produces'1 self (Seq.empty : Seq.seq t_Item'0) self) + axiom produces_refl'0_spec : forall self : t_I'0 . [%#scommon2] produces'1 self (Seq.empty : Seq.seq t_Item'0) self use prelude.prelude.UIntSize @@ -834,24 +632,6 @@ module M_04_skip__qyi17349041008065389927__produces_trans__refines [#"04_skip.rs use seq.Seq - predicate inv'4 (_1 : t_Item'0) - - predicate invariant'1 (self : t_Item'0) = - [%#sboxed11] inv'4 self - - predicate inv'3 (_1 : t_Item'0) - - axiom inv_axiom'2 [@rewrite] : forall x : t_Item'0 [inv'3 x] . inv'3 x = invariant'1 x - - predicate invariant'0 (self : Seq.seq t_Item'0) = - [%#sseq10] forall i : int . 0 <= i /\ i < Seq.length self -> inv'3 (Seq.get self i) - - predicate inv'1 (_1 : Seq.seq t_Item'0) - - axiom inv_axiom'1 [@rewrite] : forall x : Seq.seq t_Item'0 [inv'1 x] . inv'1 x = invariant'0 x - - use seq.Seq - use prelude.prelude.Borrow predicate resolve'0 (_1 : t_Item'0) @@ -860,22 +640,12 @@ module M_04_skip__qyi17349041008065389927__produces_trans__refines [#"04_skip.rs [%#s04_skip1] visited = (Seq.empty : Seq.seq t_Item'0) /\ self = o \/ UIntSize.to_int o.t_Skip__n'0 = 0 /\ Seq.length visited > 0 - /\ (exists s : Seq.seq t_Item'0 . inv'1 s - /\ Seq.length s = UIntSize.to_int self.t_Skip__n'0 + /\ (exists s : Seq.seq t_Item'0 . Seq.length s = UIntSize.to_int self.t_Skip__n'0 /\ produces'1 self.t_Skip__iter'0 (Seq.(++) s visited) o.t_Skip__iter'0 /\ (forall i : int . 0 <= i /\ i < Seq.length s -> resolve'0 (Seq.get s i))) - predicate inv'0 (_1 : t_Skip'0) - - axiom inv_axiom'0 [@rewrite] : forall x : t_Skip'0 [inv'0 x] . inv'0 x - = match x with - | {t_Skip__iter'0 = iter ; t_Skip__n'0 = n} -> inv'2 iter - end - goal refines : [%#s04_skip0] forall a : t_Skip'0 . forall ab : Seq.seq t_Item'0 . forall b : t_Skip'0 . forall bc : Seq.seq t_Item'0 . forall c : t_Skip'0 . produces'0 b bc c - /\ produces'0 a ab b /\ inv'0 c /\ inv'0 b /\ inv'0 a - -> produces'0 b bc c /\ produces'0 a ab b - /\ inv'0 c - /\ inv'0 b /\ inv'0 a /\ (forall result : () . produces'0 a (Seq.(++) ab bc) c -> produces'0 a (Seq.(++) ab bc) c) + -> produces'0 b bc c + /\ produces'0 a ab b /\ (forall result : () . produces'0 a (Seq.(++) ab bc) c -> produces'0 a (Seq.(++) ab bc) c) end diff --git a/creusot/tests/should_succeed/iterators/04_skip.rs b/creusot/tests/should_succeed/iterators/04_skip.rs index 30da3c8eb..7c1f13c47 100644 --- a/creusot/tests/should_succeed/iterators/04_skip.rs +++ b/creusot/tests/should_succeed/iterators/04_skip.rs @@ -22,8 +22,8 @@ where fn completed(&mut self) -> bool { pearlite! { (^self).n@ == 0 && - exists, i: &mut I> inv(s) && inv(i) - && s.len() <= self.n@ + exists, i: &mut I> + s.len() <= self.n@ && self.iter.produces(s, *i) && (forall 0 <= i && i < s.len() ==> resolve(&s[i])) && i.completed() @@ -37,8 +37,8 @@ where pearlite! { visited == Seq::EMPTY && self == o || o.n@ == 0 && visited.len() > 0 - && exists> inv(s) - && s.len() == self.n@ + && exists> + s.len() == self.n@ && self.iter.produces(s.concat(visited), o.iter) && forall 0 <= i && i < s.len() ==> resolve(&s[i]) } @@ -46,15 +46,11 @@ where #[law] #[open] - #[requires(inv(self))] #[ensures(self.produces(Seq::EMPTY, self))] fn produces_refl(self) {} #[law] #[open] - #[requires(inv(a))] - #[requires(inv(b))] - #[requires(inv(c))] #[requires(a.produces(ab, b))] #[requires(b.produces(bc, c))] #[ensures(a.produces(ab.concat(bc), c))] @@ -70,7 +66,6 @@ where let mut skipped = snapshot! { Seq::EMPTY }; #[invariant(inv(self))] - #[invariant(inv(*skipped))] #[invariant(skipped.len() + n@ == old_self.n@)] #[invariant(old_self.iter.produces(skipped.inner(), self.iter))] #[invariant(forall 0 <= i && i < skipped.len() ==> resolve(&skipped[i]))] diff --git a/creusot/tests/should_succeed/iterators/04_skip/why3session.xml b/creusot/tests/should_succeed/iterators/04_skip/why3session.xml index 45e29cd58..3e6e64ec1 100644 --- a/creusot/tests/should_succeed/iterators/04_skip/why3session.xml +++ b/creusot/tests/should_succeed/iterators/04_skip/why3session.xml @@ -15,7 +15,7 @@ - + @@ -29,7 +29,7 @@ - + @@ -45,82 +45,76 @@ - + - + - + - + - + - + - - + + - - + + - - + + - - - - - - - - + + - - + + - - + + - - + + - - + + - - + + - - + + - - + + - - + + - - + + - - + + - - + + - - + + - - + + diff --git a/creusot/tests/should_succeed/iterators/04_skip/why3shapes.gz b/creusot/tests/should_succeed/iterators/04_skip/why3shapes.gz index c0758ec455be9d0f78de4372e9a0612f5db1c3c6..b0d3f00169502f619efa9f16be5e2b1f85099b22 100644 GIT binary patch literal 2053 zcmV+g2>SOQiwFP!00000|GigBZyQMtzUx;sum|mqF+h<;)?<+zi~vIUGM8EO)u;z6 zX+)76Nlr5Ve$lOmTe9TXi4&blEEYeKAIYlz_aDvrL%fr9^F>zcZn^kxW12tyGl_Sr zWx3C?oLW{GbvmE8q-R7T`$70o*o!H!*mCk09VRbwBHa;2G zGOt^;VR>Tp>Z-M^Z$aH$kk77A*r557m_V16~-Be9KeQeuSeI7P+t7iMfq+i5U7Z;nUYV}q@wR*N+ z9Pvhd%D9jGh+*?cLM^xEm~+3Q(a$FDHu2r`?+kEixw!>ZV~6(LkB>8^D4&q zyz$xfE}4Kght+Jd`MjfP7bLZ6FXI+w`^8Z$V^4tYlY3N*^hh$a;c<7_9RYT>E0CU( z;{tJ8c-y+!esNqN0Q(97m>pJQ9cTf!I;M~EusTON9i?esoSJi3c0M3-k`eS!@CuQ&P;sq7) zqx>HrFGmKK8QGn_z{hU)EE|`apr>d%)xYD?R;P9g+^)^p0eSB1a42>KCJXttX{NpK z{5;fs;P>;*WPF*z%Yn|`y-%JT-Nt5X=5WRAeTr}6BCF5w?M?vkf2(_$oczCeNcp~; zvKlMR;(R?ib#V22<8pB7B8%gy-**B`PIJ63D|}Uyfz@p^r>q`5ineX=m>M|l>k$=p z+~1D~8E|E>zF*1uD4|=u_-)Ah;cx9^UT)Qa&fzh!myTQRAnF#kX?edW>-gs*PGQn5 zHu7Fp&GL(^>U{Zi)NES_JbUc?g>`jxG9M0EIQV^H``3@EXZp1r31_dR@1K79@_7b& z_p=sSu){31KjQv=)Y{qPufImc)|=ZBH50H}LS$z@yhN>g(Mb z81>Ef+r33NS3oVey>S=2(t^8wdN@7X&P{yVA`P)$A14fLi+VQxfBod;)q>0F`dQq! zsK$wNtyVqbT3u%R^vI59ef-7$-EQj1`M&WM;ri*RaC%~wmlplA#y|`FS_EGI^y94s z-rcd=;_b~IYS}$ppM7xq`PqU$4A9}L_;fCh6&~sy2IjUOjX0QoC@iu2LOHi#*U<}u+$v0>MazMIhA=gSev2|LC*pje18@=@@Dyq!B z(Gau>=mWZd_9;^kEvpsS?YB@v(`k(^`O z5Cl>|`=H&6jiUhitgVY^gZ z&>0UPI@cmTT5pX}sXFJfR2Lg#g5h6mXwJudasOd1x&uN7%T*C55tqs=n^Zxg^ z)IXdsnVOuALTHM&-V|jBtMguSe@n0m_ILSHMeAw`#G(>eCnYB>m2AvZDVzQgX8kK; zvSJ-owpp=3kH!k?oGK)%aAJv-^O^NT1q~m}7Qt$rok9k*r$=ls>v;I%5>tFs=z4y!Y zml-zT_Yc2+Tt3dk?9<1lX~gI5Kr~`85S4%2ZqifCyBRdn-`zFT=*HYn+3JEL8*0>j zZ^aD6$dQW^we0h!$Nk?859hq7TFP&ie!ZVTV-J4G#x4e8dO|Ku=NFp+TOqK-Qa;3IdqCx z+auNv=k^4#a%^KWwz28jc#3L(&%^YB#Yj!>U;{WnA8;{J)%(4F|M1&pooAwBQUm1Q zKm5M=lxL!8K#oI1jzdIN1EuHhecXI{T;+XE9mbB@CbfxA+ihO&+vDAG{b7~&n{@-m zm*v{84nm{BK2hJRoUbcCcG|I5)S}v7K}XNiO`lTTz)5#w3kZ2A_JmCroPMYs%Azl4 z*-4`{rU%5hA4EWAzVp``%TB15ZOqpZ!~VrZXtQwVS9$$m|Ht`lzu!D8*ZbR5e&+nB>Z*fyvZ!u^e5&Kp zyW5GnuqP}3>$@oYvhu(B<&AicP-;<=@?Q_D&4*>2iHXtWg=%_*SOezX|Jn}b>z3!8 zcMY@?>D`dlw%Acz*i%0bxG?Qr3CnR@9P zMe0wlmgrVzv~@e|g%?~p+$qa79%yrQyk3*-g#0o=wa$O->siaZK250&{AsnXrc3|Y z{CUC9)pvwvCC}d)@VKA`pZq(&j^eX_*E7KXcl(s9v*-I`$_F^L89rWG_|S;c894DA8cd5#BI;SaUaRrL_fc~wtd-VSYWSsFNP_DL!1wCOJj(%H@H-P1Pj zP7->!=l|;RK0cOZUZn>yma}^m8MxDy8(GWsL)bj6)6W0U8_uFgI@!S@Bh4tn4YG}ZA z^Vfch`@?v)i|V)ECID^K9SXIW^3DfLb@qqIJl9d}@v)z9{I_K$@878A{aZJx`96n>c+6!Yf?+N<^4`*#iMF829p!q7IT7SreXvkR|55ykvfwQmq7iIbv{ z*j8NP?TVj^^mUfFn14+-wZ(Z^d4qEP{8TuX==0J@c-0taz|3!ss>@J+OsVJJ{l3_M znf&iJt=jP$LkFcv8iwiIAdKU=`!;Ys^`{q(9Rg$EvXPzY5r}Pl)S?6KN)Y_q#nD8+fWhuo_m=co;K0`EE5~~umI=?T33c@pUl#xsH#1=3oOA464ht?(Q zfE^eI+JSOFQ*olepukF*vI0^fQNSz}VCGm#YtA}khsL3Hs2q|*=@1=4Wj$v$p$)6p zoP$g@Mn*)hr8N;+;{u$tPO_86N$sR^lAM%IqLbjHsED%?ihz_Rh!L}bN#s_>vYCMUPrG1v*he$kYufiqy=%(YNYX=@als9A}ebMTfUg_L8em2!%{QF$QEF=$kQeP&hIB#lZ~&Rzg2 zTPy1nJ7t{G-)<#l^f5;a+9;U{>7p1x1dLIVF}c?0G&n83-GuU#BI@8{P^eN-T!>3S zwnZBQKazv#C2~AR@C`wRPWh%(V z>#h*&*f`d2;y`9hXasAUQnCt!63P2mqP05 as common::Iterator> *) - let%span s05_map0 = "05_map.rs" 31 15 31 24 - let%span s05_map1 = "05_map.rs" 32 14 32 45 - let%span s05_map2 = "05_map.rs" 29 4 29 10 - let%span s05_map3 = "05_map.rs" 49 8 62 9 - let%span s05_map4 = "05_map.rs" 155 12 157 57 - let%span sops5 = "../../../../creusot-contracts/src/std/ops.rs" 109 15 109 59 - let%span sops6 = "../../../../creusot-contracts/src/std/ops.rs" 110 14 110 36 - let%span sops7 = "../../../../creusot-contracts/src/std/ops.rs" 115 14 115 31 - let%span sops8 = "../../../../creusot-contracts/src/std/ops.rs" 120 15 120 29 - let%span sops9 = "../../../../creusot-contracts/src/std/ops.rs" 121 15 121 26 - let%span sops10 = "../../../../creusot-contracts/src/std/ops.rs" 122 14 122 28 - let%span sops11 = "../../../../creusot-contracts/src/std/ops.rs" 127 14 128 105 - let%span scommon12 = "common.rs" 14 15 14 24 - let%span scommon13 = "common.rs" 15 14 15 45 - let%span scommon14 = "common.rs" 19 15 19 21 - let%span scommon15 = "common.rs" 20 15 20 21 - let%span scommon16 = "common.rs" 21 15 21 21 - let%span scommon17 = "common.rs" 22 15 22 32 - let%span scommon18 = "common.rs" 23 15 23 32 - let%span scommon19 = "common.rs" 24 14 24 42 - let%span s05_map20 = "05_map.rs" 109 12 112 87 - let%span s05_map21 = "05_map.rs" 96 12 102 41 - let%span s05_map22 = "05_map.rs" 85 12 89 39 - let%span sseq23 = "../../../../creusot-contracts/src/logic/seq.rs" 611 20 611 95 - let%span sinvariant24 = "../../../../creusot-contracts/src/invariant.rs" 34 20 34 44 - let%span sboxed25 = "../../../../creusot-contracts/src/std/boxed.rs" 28 8 28 18 +module M_05_map__qyi14910388998417814812__produces_refl [#"05_map.rs" 29 4 29 26] (* as common::Iterator> *) + let%span s05_map0 = "05_map.rs" 28 14 28 45 + let%span s05_map1 = "05_map.rs" 26 4 26 10 + let%span s05_map2 = "05_map.rs" 42 8 55 9 + let%span sops3 = "../../../../creusot-contracts/src/std/ops.rs" 109 15 109 59 + let%span sops4 = "../../../../creusot-contracts/src/std/ops.rs" 110 14 110 36 + let%span sops5 = "../../../../creusot-contracts/src/std/ops.rs" 115 14 115 31 + let%span sops6 = "../../../../creusot-contracts/src/std/ops.rs" 120 15 120 29 + let%span sops7 = "../../../../creusot-contracts/src/std/ops.rs" 121 15 121 26 + let%span sops8 = "../../../../creusot-contracts/src/std/ops.rs" 122 14 122 28 + let%span sops9 = "../../../../creusot-contracts/src/std/ops.rs" 127 14 128 105 + let%span scommon10 = "common.rs" 14 14 14 45 + let%span scommon11 = "common.rs" 18 15 18 32 + let%span scommon12 = "common.rs" 19 15 19 32 + let%span scommon13 = "common.rs" 20 14 20 42 + + use seq.Seq + + type t_B'0 + + use seq.Seq type t_I'0 @@ -33,19 +27,6 @@ module M_05_map__qyi14910388998417814812__produces_refl [#"05_map.rs" 33 4 33 26 type t_Map'0 = { t_Map__iter'0: t_I'0; t_Map__func'0: t_F'0 } - use prelude.prelude.Borrow - - predicate inv'3 (_1 : t_I'0) - - predicate invariant'3 (self : borrowed t_I'0) = - [%#sinvariant24] inv'3 self.current /\ inv'3 self.final - - predicate inv'5 (_1 : borrowed t_I'0) - - axiom inv_axiom'3 [@rewrite] : forall x : borrowed t_I'0 [inv'5 x] . inv'5 x = invariant'3 x - - predicate inv'4 (_1 : t_F'0) - use seq.Seq use seq.Seq @@ -56,113 +37,44 @@ module M_05_map__qyi14910388998417814812__produces_refl [#"05_map.rs" 33 4 33 26 predicate produces'1 [#"common.rs" 8 4 8 65] (self : t_I'0) (visited : Seq.seq t_Item'0) (o : t_I'0) - function produces_trans'0 [#"common.rs" 25 4 25 91] (a : t_I'0) (ab : Seq.seq t_Item'0) (b : t_I'0) (bc : Seq.seq t_Item'0) (c : t_I'0) : () + function produces_trans'0 [#"common.rs" 21 4 21 91] (a : t_I'0) (ab : Seq.seq t_Item'0) (b : t_I'0) (bc : Seq.seq t_Item'0) (c : t_I'0) : () - axiom produces_trans'0_spec : forall a : t_I'0, ab : Seq.seq t_Item'0, b : t_I'0, bc : Seq.seq t_Item'0, c : t_I'0 . ([%#scommon14] inv'3 a) - -> ([%#scommon15] inv'3 b) - -> ([%#scommon16] inv'3 c) - -> ([%#scommon17] produces'1 a ab b) - -> ([%#scommon18] produces'1 b bc c) -> ([%#scommon19] produces'1 a (Seq.(++) ab bc) c) - - function produces_refl'1 [#"common.rs" 16 4 16 27] (self : t_I'0) : () - - axiom produces_refl'1_spec : forall self : t_I'0 . ([%#scommon12] inv'3 self) - -> ([%#scommon13] produces'1 self (Seq.empty : Seq.seq t_Item'0) self) - - predicate completed'0 [#"common.rs" 11 4 11 36] (self : borrowed t_I'0) - - predicate inv'6 (_1 : t_Item'0) - - use seq.Seq - - predicate precondition'0 (self : t_F'0) (args : t_Item'0) - - predicate next_precondition'0 [#"05_map.rs" 83 4 83 50] (iter : t_I'0) (func : t_F'0) = - [%#s05_map22] forall e : t_Item'0, i : t_I'0 [produces'1 iter (Seq.singleton e) i] . inv'6 e /\ inv'3 i - -> produces'1 iter (Seq.singleton e) i -> precondition'0 func (e) - - type t_B'0 - - use prelude.prelude.Int - - use seq.Seq - - use seq.Seq - - predicate invariant'6 (self : t_Item'0) = - [%#sboxed25] inv'6 self - - predicate inv'9 (_1 : t_Item'0) - - axiom inv_axiom'6 [@rewrite] : forall x : t_Item'0 [inv'9 x] . inv'9 x = invariant'6 x - - predicate invariant'2 (self : Seq.seq t_Item'0) = - [%#sseq23] forall i : int . 0 <= i /\ i < Seq.length self -> inv'9 (Seq.get self i) - - predicate inv'2 (_1 : Seq.seq t_Item'0) - - axiom inv_axiom'2 [@rewrite] : forall x : Seq.seq t_Item'0 [inv'2 x] . inv'2 x = invariant'2 x - - predicate invariant'4 (self : borrowed t_F'0) = - [%#sinvariant24] inv'4 self.current /\ inv'4 self.final + axiom produces_trans'0_spec : forall a : t_I'0, ab : Seq.seq t_Item'0, b : t_I'0, bc : Seq.seq t_Item'0, c : t_I'0 . ([%#scommon11] produces'1 a ab b) + -> ([%#scommon12] produces'1 b bc c) -> ([%#scommon13] produces'1 a (Seq.(++) ab bc) c) - predicate inv'7 (_1 : borrowed t_F'0) + function produces_refl'1 [#"common.rs" 15 4 15 27] (self : t_I'0) : () - axiom inv_axiom'4 [@rewrite] : forall x : borrowed t_F'0 [inv'7 x] . inv'7 x = invariant'4 x + axiom produces_refl'1_spec : forall self : t_I'0 . [%#scommon10] produces'1 self (Seq.empty : Seq.seq t_Item'0) self predicate postcondition_once'0 (self : t_F'0) (args : t_Item'0) (result : t_B'0) + use prelude.prelude.Borrow + predicate resolve'0 (_1 : t_F'0) predicate postcondition_mut'0 (self : t_F'0) (args : t_Item'0) (result_state : t_F'0) (result : t_B'0) function fn_mut_once'0 (self : t_F'0) (args : t_Item'0) (res : t_B'0) : () - axiom fn_mut_once'0_spec : forall self : t_F'0, args : t_Item'0, res : t_B'0 . [%#sops11] postcondition_once'0 self args res + axiom fn_mut_once'0_spec : forall self : t_F'0, args : t_Item'0, res : t_B'0 . [%#sops9] postcondition_once'0 self args res = (exists res_state : t_F'0 . postcondition_mut'0 self args res_state res /\ resolve'0 res_state) predicate unnest'0 (self : t_F'0) (_2 : t_F'0) function unnest_trans'0 (self : t_F'0) (b : t_F'0) (c : t_F'0) : () - axiom unnest_trans'0_spec : forall self : t_F'0, b : t_F'0, c : t_F'0 . ([%#sops8] unnest'0 self b) - -> ([%#sops9] unnest'0 b c) -> ([%#sops10] unnest'0 self c) + axiom unnest_trans'0_spec : forall self : t_F'0, b : t_F'0, c : t_F'0 . ([%#sops6] unnest'0 self b) + -> ([%#sops7] unnest'0 b c) -> ([%#sops8] unnest'0 self c) function unnest_refl'0 (self : t_F'0) : () - axiom unnest_refl'0_spec : forall self : t_F'0 . [%#sops7] unnest'0 self self + axiom unnest_refl'0_spec : forall self : t_F'0 . [%#sops5] unnest'0 self self function postcondition_mut_unnest'0 (self : t_F'0) (args : t_Item'0) (res_state : t_F'0) (res : t_B'0) : () - axiom postcondition_mut_unnest'0_spec : forall self : t_F'0, args : t_Item'0, res_state : t_F'0, res : t_B'0 . ([%#sops5] postcondition_mut'0 self args res_state res) - -> ([%#sops6] unnest'0 self res_state) - - use seq.Seq - - predicate preservation'0 [#"05_map.rs" 94 4 94 45] (iter : t_I'0) (func : t_F'0) = - [%#s05_map21] forall s : Seq.seq t_Item'0, e1 : t_Item'0, e2 : t_Item'0, f : borrowed t_F'0, b : t_B'0, i : t_I'0 [produces'1 iter (Seq.snoc (Seq.snoc s e1) e2) i, postcondition_mut'0 f.current (e1) f.final b] . inv'2 s - /\ inv'6 e1 /\ inv'6 e2 /\ inv'7 f /\ inv'3 i /\ unnest'0 func f.current - -> produces'1 iter (Seq.snoc (Seq.snoc s e1) e2) i - -> precondition'0 f.current (e1) -> postcondition_mut'0 f.current (e1) f.final b -> precondition'0 f.final (e2) - - predicate reinitialize'0 [#"05_map.rs" 107 4 107 29] (_1 : ()) = - [%#s05_map20] forall iter : borrowed t_I'0, func : t_F'0 . inv'5 iter /\ inv'4 func - -> completed'0 iter -> next_precondition'0 iter.final func /\ preservation'0 iter.final func - - predicate invariant'0 [#"05_map.rs" 153 4 153 30] (self : t_Map'0) = - [%#s05_map4] reinitialize'0 () - /\ preservation'0 self.t_Map__iter'0 self.t_Map__func'0 /\ next_precondition'0 self.t_Map__iter'0 self.t_Map__func'0 - - predicate inv'0 (_1 : t_Map'0) - - axiom inv_axiom'0 [@rewrite] : forall x : t_Map'0 [inv'0 x] . inv'0 x - = (invariant'0 x - /\ match x with - | {t_Map__iter'0 = iter ; t_Map__func'0 = func} -> inv'3 iter /\ inv'4 func - end) - - use seq.Seq + axiom postcondition_mut_unnest'0_spec : forall self : t_F'0, args : t_Item'0, res_state : t_F'0, res : t_B'0 . ([%#sops3] postcondition_mut'0 self args res_state res) + -> ([%#sops4] unnest'0 self res_state) use seq.Seq @@ -172,36 +84,23 @@ module M_05_map__qyi14910388998417814812__produces_refl [#"05_map.rs" 33 4 33 26 use seq.Seq - predicate invariant'5 (self : borrowed t_F'0) = - [%#sboxed25] inv'7 self - - predicate inv'8 (_1 : borrowed t_F'0) - - axiom inv_axiom'5 [@rewrite] : forall x : borrowed t_F'0 [inv'8 x] . inv'8 x = invariant'5 x - - predicate invariant'1 (self : Seq.seq (borrowed t_F'0)) = - [%#sseq23] forall i : int . 0 <= i /\ i < Seq.length self -> inv'8 (Seq.get self i) - - predicate inv'1 (_1 : Seq.seq (borrowed t_F'0)) - - axiom inv_axiom'1 [@rewrite] : forall x : Seq.seq (borrowed t_F'0) [inv'1 x] . inv'1 x = invariant'1 x + use prelude.prelude.Int use seq.Seq use seq.Seq - use seq.Seq + predicate precondition'0 (self : t_F'0) (args : t_Item'0) use seq.Seq - predicate produces'0 [@inline:trivial] [#"05_map.rs" 48 4 48 67] (self : t_Map'0) (visited : Seq.seq t_B'0) (succ : t_Map'0) + predicate produces'0 [@inline:trivial] [#"05_map.rs" 41 4 41 67] (self : t_Map'0) (visited : Seq.seq t_B'0) (succ : t_Map'0) = - [%#s05_map3] unnest'0 self.t_Map__func'0 succ.t_Map__func'0 - /\ (exists fs : Seq.seq (borrowed t_F'0) . inv'1 fs - /\ Seq.length fs = Seq.length visited - /\ (exists s : Seq.seq t_Item'0 [produces'1 self.t_Map__iter'0 s succ.t_Map__iter'0] . inv'2 s - /\ Seq.length s = Seq.length visited + [%#s05_map2] unnest'0 self.t_Map__func'0 succ.t_Map__func'0 + /\ (exists fs : Seq.seq (borrowed t_F'0) . Seq.length fs = Seq.length visited + /\ (exists s : Seq.seq t_Item'0 [produces'1 self.t_Map__iter'0 s succ.t_Map__iter'0] . Seq.length s + = Seq.length visited /\ produces'1 self.t_Map__iter'0 s succ.t_Map__iter'0 /\ (forall i : int . 1 <= i /\ i < Seq.length fs -> (Seq.get fs (i - 1)).final = (Seq.get fs i).current) /\ (if Seq.length visited = 0 then @@ -216,42 +115,27 @@ module M_05_map__qyi14910388998417814812__produces_refl [#"05_map.rs" 33 4 33 26 constant self : t_Map'0 - function produces_refl'0 [#"05_map.rs" 33 4 33 26] (self : t_Map'0) : () + function produces_refl'0 [#"05_map.rs" 29 4 29 26] (self : t_Map'0) : () - goal vc_produces_refl'0 : ([%#s05_map0] inv'0 self) - -> ([%#s05_map1] produces'0 self (Seq.empty : Seq.seq t_B'0) self) + goal vc_produces_refl'0 : [%#s05_map0] produces'0 self (Seq.empty : Seq.seq t_B'0) self end -module M_05_map__qyi14910388998417814812__produces_trans [#"05_map.rs" 43 4 43 90] (* as common::Iterator> *) - let%span s05_map0 = "05_map.rs" 37 15 37 21 - let%span s05_map1 = "05_map.rs" 38 15 38 21 - let%span s05_map2 = "05_map.rs" 39 15 39 21 - let%span s05_map3 = "05_map.rs" 40 15 40 32 - let%span s05_map4 = "05_map.rs" 41 15 41 32 - let%span s05_map5 = "05_map.rs" 42 14 42 42 - let%span s05_map6 = "05_map.rs" 35 4 35 10 - let%span s05_map7 = "05_map.rs" 49 8 62 9 - let%span s05_map8 = "05_map.rs" 155 12 157 57 - let%span sops9 = "../../../../creusot-contracts/src/std/ops.rs" 109 15 109 59 - let%span sops10 = "../../../../creusot-contracts/src/std/ops.rs" 110 14 110 36 - let%span sops11 = "../../../../creusot-contracts/src/std/ops.rs" 115 14 115 31 - let%span sops12 = "../../../../creusot-contracts/src/std/ops.rs" 120 15 120 29 - let%span sops13 = "../../../../creusot-contracts/src/std/ops.rs" 121 15 121 26 - let%span sops14 = "../../../../creusot-contracts/src/std/ops.rs" 122 14 122 28 - let%span sops15 = "../../../../creusot-contracts/src/std/ops.rs" 127 14 128 105 - let%span scommon16 = "common.rs" 14 15 14 24 - let%span scommon17 = "common.rs" 15 14 15 45 - let%span scommon18 = "common.rs" 19 15 19 21 - let%span scommon19 = "common.rs" 20 15 20 21 - let%span scommon20 = "common.rs" 21 15 21 21 - let%span scommon21 = "common.rs" 22 15 22 32 - let%span scommon22 = "common.rs" 23 15 23 32 - let%span scommon23 = "common.rs" 24 14 24 42 - let%span s05_map24 = "05_map.rs" 109 12 112 87 - let%span s05_map25 = "05_map.rs" 96 12 102 41 - let%span s05_map26 = "05_map.rs" 85 12 89 39 - let%span sseq27 = "../../../../creusot-contracts/src/logic/seq.rs" 611 20 611 95 - let%span sinvariant28 = "../../../../creusot-contracts/src/invariant.rs" 34 20 34 44 - let%span sboxed29 = "../../../../creusot-contracts/src/std/boxed.rs" 28 8 28 18 +module M_05_map__qyi14910388998417814812__produces_trans [#"05_map.rs" 36 4 36 90] (* as common::Iterator> *) + let%span s05_map0 = "05_map.rs" 33 15 33 32 + let%span s05_map1 = "05_map.rs" 34 15 34 32 + let%span s05_map2 = "05_map.rs" 35 14 35 42 + let%span s05_map3 = "05_map.rs" 31 4 31 10 + let%span s05_map4 = "05_map.rs" 42 8 55 9 + let%span sops5 = "../../../../creusot-contracts/src/std/ops.rs" 109 15 109 59 + let%span sops6 = "../../../../creusot-contracts/src/std/ops.rs" 110 14 110 36 + let%span sops7 = "../../../../creusot-contracts/src/std/ops.rs" 115 14 115 31 + let%span sops8 = "../../../../creusot-contracts/src/std/ops.rs" 120 15 120 29 + let%span sops9 = "../../../../creusot-contracts/src/std/ops.rs" 121 15 121 26 + let%span sops10 = "../../../../creusot-contracts/src/std/ops.rs" 122 14 122 28 + let%span sops11 = "../../../../creusot-contracts/src/std/ops.rs" 127 14 128 105 + let%span scommon12 = "common.rs" 14 14 14 45 + let%span scommon13 = "common.rs" 18 15 18 32 + let%span scommon14 = "common.rs" 19 15 19 32 + let%span scommon15 = "common.rs" 20 14 20 42 type t_I'0 @@ -260,18 +144,9 @@ module M_05_map__qyi14910388998417814812__produces_trans [#"05_map.rs" 43 4 43 9 type t_Map'0 = { t_Map__iter'0: t_I'0; t_Map__func'0: t_F'0 } - use prelude.prelude.Borrow - - predicate inv'3 (_1 : t_I'0) - - predicate invariant'3 (self : borrowed t_I'0) = - [%#sinvariant28] inv'3 self.current /\ inv'3 self.final - - predicate inv'5 (_1 : borrowed t_I'0) - - axiom inv_axiom'3 [@rewrite] : forall x : borrowed t_I'0 [inv'5 x] . inv'5 x = invariant'3 x + type t_B'0 - predicate inv'4 (_1 : t_F'0) + use seq.Seq use seq.Seq @@ -283,111 +158,44 @@ module M_05_map__qyi14910388998417814812__produces_trans [#"05_map.rs" 43 4 43 9 predicate produces'1 [#"common.rs" 8 4 8 65] (self : t_I'0) (visited : Seq.seq t_Item'0) (o : t_I'0) - function produces_trans'1 [#"common.rs" 25 4 25 91] (a : t_I'0) (ab : Seq.seq t_Item'0) (b : t_I'0) (bc : Seq.seq t_Item'0) (c : t_I'0) : () + function produces_trans'1 [#"common.rs" 21 4 21 91] (a : t_I'0) (ab : Seq.seq t_Item'0) (b : t_I'0) (bc : Seq.seq t_Item'0) (c : t_I'0) : () - axiom produces_trans'1_spec : forall a : t_I'0, ab : Seq.seq t_Item'0, b : t_I'0, bc : Seq.seq t_Item'0, c : t_I'0 . ([%#scommon18] inv'3 a) - -> ([%#scommon19] inv'3 b) - -> ([%#scommon20] inv'3 c) - -> ([%#scommon21] produces'1 a ab b) - -> ([%#scommon22] produces'1 b bc c) -> ([%#scommon23] produces'1 a (Seq.(++) ab bc) c) - - function produces_refl'0 [#"common.rs" 16 4 16 27] (self : t_I'0) : () - - axiom produces_refl'0_spec : forall self : t_I'0 . ([%#scommon16] inv'3 self) - -> ([%#scommon17] produces'1 self (Seq.empty : Seq.seq t_Item'0) self) - - predicate completed'0 [#"common.rs" 11 4 11 36] (self : borrowed t_I'0) - - predicate inv'6 (_1 : t_Item'0) - - use seq.Seq - - predicate precondition'0 (self : t_F'0) (args : t_Item'0) - - predicate next_precondition'0 [#"05_map.rs" 83 4 83 50] (iter : t_I'0) (func : t_F'0) = - [%#s05_map26] forall e : t_Item'0, i : t_I'0 [produces'1 iter (Seq.singleton e) i] . inv'6 e /\ inv'3 i - -> produces'1 iter (Seq.singleton e) i -> precondition'0 func (e) - - type t_B'0 - - use prelude.prelude.Int - - use seq.Seq - - use seq.Seq - - predicate invariant'6 (self : t_Item'0) = - [%#sboxed29] inv'6 self - - predicate inv'9 (_1 : t_Item'0) - - axiom inv_axiom'6 [@rewrite] : forall x : t_Item'0 [inv'9 x] . inv'9 x = invariant'6 x + axiom produces_trans'1_spec : forall a : t_I'0, ab : Seq.seq t_Item'0, b : t_I'0, bc : Seq.seq t_Item'0, c : t_I'0 . ([%#scommon13] produces'1 a ab b) + -> ([%#scommon14] produces'1 b bc c) -> ([%#scommon15] produces'1 a (Seq.(++) ab bc) c) - predicate invariant'2 (self : Seq.seq t_Item'0) = - [%#sseq27] forall i : int . 0 <= i /\ i < Seq.length self -> inv'9 (Seq.get self i) + function produces_refl'0 [#"common.rs" 15 4 15 27] (self : t_I'0) : () - predicate inv'2 (_1 : Seq.seq t_Item'0) - - axiom inv_axiom'2 [@rewrite] : forall x : Seq.seq t_Item'0 [inv'2 x] . inv'2 x = invariant'2 x - - predicate invariant'4 (self : borrowed t_F'0) = - [%#sinvariant28] inv'4 self.current /\ inv'4 self.final - - predicate inv'7 (_1 : borrowed t_F'0) - - axiom inv_axiom'4 [@rewrite] : forall x : borrowed t_F'0 [inv'7 x] . inv'7 x = invariant'4 x + axiom produces_refl'0_spec : forall self : t_I'0 . [%#scommon12] produces'1 self (Seq.empty : Seq.seq t_Item'0) self predicate postcondition_once'0 (self : t_F'0) (args : t_Item'0) (result : t_B'0) + use prelude.prelude.Borrow + predicate resolve'0 (_1 : t_F'0) predicate postcondition_mut'0 (self : t_F'0) (args : t_Item'0) (result_state : t_F'0) (result : t_B'0) function fn_mut_once'0 (self : t_F'0) (args : t_Item'0) (res : t_B'0) : () - axiom fn_mut_once'0_spec : forall self : t_F'0, args : t_Item'0, res : t_B'0 . [%#sops15] postcondition_once'0 self args res + axiom fn_mut_once'0_spec : forall self : t_F'0, args : t_Item'0, res : t_B'0 . [%#sops11] postcondition_once'0 self args res = (exists res_state : t_F'0 . postcondition_mut'0 self args res_state res /\ resolve'0 res_state) predicate unnest'0 (self : t_F'0) (_2 : t_F'0) function unnest_trans'0 (self : t_F'0) (b : t_F'0) (c : t_F'0) : () - axiom unnest_trans'0_spec : forall self : t_F'0, b : t_F'0, c : t_F'0 . ([%#sops12] unnest'0 self b) - -> ([%#sops13] unnest'0 b c) -> ([%#sops14] unnest'0 self c) + axiom unnest_trans'0_spec : forall self : t_F'0, b : t_F'0, c : t_F'0 . ([%#sops8] unnest'0 self b) + -> ([%#sops9] unnest'0 b c) -> ([%#sops10] unnest'0 self c) function unnest_refl'0 (self : t_F'0) : () - axiom unnest_refl'0_spec : forall self : t_F'0 . [%#sops11] unnest'0 self self + axiom unnest_refl'0_spec : forall self : t_F'0 . [%#sops7] unnest'0 self self function postcondition_mut_unnest'0 (self : t_F'0) (args : t_Item'0) (res_state : t_F'0) (res : t_B'0) : () - axiom postcondition_mut_unnest'0_spec : forall self : t_F'0, args : t_Item'0, res_state : t_F'0, res : t_B'0 . ([%#sops9] postcondition_mut'0 self args res_state res) - -> ([%#sops10] unnest'0 self res_state) - - use seq.Seq - - predicate preservation'0 [#"05_map.rs" 94 4 94 45] (iter : t_I'0) (func : t_F'0) = - [%#s05_map25] forall s : Seq.seq t_Item'0, e1 : t_Item'0, e2 : t_Item'0, f : borrowed t_F'0, b : t_B'0, i : t_I'0 [produces'1 iter (Seq.snoc (Seq.snoc s e1) e2) i, postcondition_mut'0 f.current (e1) f.final b] . inv'2 s - /\ inv'6 e1 /\ inv'6 e2 /\ inv'7 f /\ inv'3 i /\ unnest'0 func f.current - -> produces'1 iter (Seq.snoc (Seq.snoc s e1) e2) i - -> precondition'0 f.current (e1) -> postcondition_mut'0 f.current (e1) f.final b -> precondition'0 f.final (e2) - - predicate reinitialize'0 [#"05_map.rs" 107 4 107 29] (_1 : ()) = - [%#s05_map24] forall iter : borrowed t_I'0, func : t_F'0 . inv'5 iter /\ inv'4 func - -> completed'0 iter -> next_precondition'0 iter.final func /\ preservation'0 iter.final func - - predicate invariant'0 [#"05_map.rs" 153 4 153 30] (self : t_Map'0) = - [%#s05_map8] reinitialize'0 () - /\ preservation'0 self.t_Map__iter'0 self.t_Map__func'0 /\ next_precondition'0 self.t_Map__iter'0 self.t_Map__func'0 - - predicate inv'0 (_1 : t_Map'0) - - axiom inv_axiom'0 [@rewrite] : forall x : t_Map'0 [inv'0 x] . inv'0 x - = (invariant'0 x - /\ match x with - | {t_Map__iter'0 = iter ; t_Map__func'0 = func} -> inv'3 iter /\ inv'4 func - end) + axiom postcondition_mut_unnest'0_spec : forall self : t_F'0, args : t_Item'0, res_state : t_F'0, res : t_B'0 . ([%#sops5] postcondition_mut'0 self args res_state res) + -> ([%#sops6] unnest'0 self res_state) use seq.Seq @@ -397,36 +205,23 @@ module M_05_map__qyi14910388998417814812__produces_trans [#"05_map.rs" 43 4 43 9 use seq.Seq - predicate invariant'5 (self : borrowed t_F'0) = - [%#sboxed29] inv'7 self - - predicate inv'8 (_1 : borrowed t_F'0) - - axiom inv_axiom'5 [@rewrite] : forall x : borrowed t_F'0 [inv'8 x] . inv'8 x = invariant'5 x - - predicate invariant'1 (self : Seq.seq (borrowed t_F'0)) = - [%#sseq27] forall i : int . 0 <= i /\ i < Seq.length self -> inv'8 (Seq.get self i) - - predicate inv'1 (_1 : Seq.seq (borrowed t_F'0)) - - axiom inv_axiom'1 [@rewrite] : forall x : Seq.seq (borrowed t_F'0) [inv'1 x] . inv'1 x = invariant'1 x + use prelude.prelude.Int use seq.Seq use seq.Seq - use seq.Seq + predicate precondition'0 (self : t_F'0) (args : t_Item'0) use seq.Seq - predicate produces'0 [@inline:trivial] [#"05_map.rs" 48 4 48 67] (self : t_Map'0) (visited : Seq.seq t_B'0) (succ : t_Map'0) + predicate produces'0 [@inline:trivial] [#"05_map.rs" 41 4 41 67] (self : t_Map'0) (visited : Seq.seq t_B'0) (succ : t_Map'0) = - [%#s05_map7] unnest'0 self.t_Map__func'0 succ.t_Map__func'0 - /\ (exists fs : Seq.seq (borrowed t_F'0) . inv'1 fs - /\ Seq.length fs = Seq.length visited - /\ (exists s : Seq.seq t_Item'0 [produces'1 self.t_Map__iter'0 s succ.t_Map__iter'0] . inv'2 s - /\ Seq.length s = Seq.length visited + [%#s05_map4] unnest'0 self.t_Map__func'0 succ.t_Map__func'0 + /\ (exists fs : Seq.seq (borrowed t_F'0) . Seq.length fs = Seq.length visited + /\ (exists s : Seq.seq t_Item'0 [produces'1 self.t_Map__iter'0 s succ.t_Map__iter'0] . Seq.length s + = Seq.length visited /\ produces'1 self.t_Map__iter'0 s succ.t_Map__iter'0 /\ (forall i : int . 1 <= i /\ i < Seq.length fs -> (Seq.get fs (i - 1)).final = (Seq.get fs i).current) /\ (if Seq.length visited = 0 then @@ -451,63 +246,51 @@ module M_05_map__qyi14910388998417814812__produces_trans [#"05_map.rs" 43 4 43 9 constant c : t_Map'0 - function produces_trans'0 [#"05_map.rs" 43 4 43 90] (a : t_Map'0) (ab : Seq.seq t_B'0) (b : t_Map'0) (bc : Seq.seq t_B'0) (c : t_Map'0) : () + function produces_trans'0 [#"05_map.rs" 36 4 36 90] (a : t_Map'0) (ab : Seq.seq t_B'0) (b : t_Map'0) (bc : Seq.seq t_B'0) (c : t_Map'0) : () - goal vc_produces_trans'0 : ([%#s05_map4] produces'0 b bc c) - -> ([%#s05_map3] produces'0 a ab b) - -> ([%#s05_map2] inv'0 c) - -> ([%#s05_map1] inv'0 b) -> ([%#s05_map0] inv'0 a) -> ([%#s05_map5] produces'0 a (Seq.(++) ab bc) c) + goal vc_produces_trans'0 : ([%#s05_map1] produces'0 b bc c) + -> ([%#s05_map0] produces'0 a ab b) -> ([%#s05_map2] produces'0 a (Seq.(++) ab bc) c) end -module M_05_map__qyi14910388998417814812__next [#"05_map.rs" 69 4 69 44] (* as common::Iterator> *) - let%span s05_map0 = "05_map.rs" 72 16 72 62 - let%span s05_map1 = "05_map.rs" 73 16 73 58 - let%span s05_map2 = "05_map.rs" 69 17 69 21 - let%span s05_map3 = "05_map.rs" 69 26 69 44 - let%span s05_map4 = "05_map.rs" 65 14 68 5 - let%span scommon5 = "common.rs" 31 17 31 21 - let%span scommon6 = "common.rs" 31 26 31 44 - let%span scommon7 = "common.rs" 27 14 30 5 - let%span s05_map8 = "05_map.rs" 117 15 117 24 - let%span s05_map9 = "05_map.rs" 118 15 118 21 - let%span s05_map10 = "05_map.rs" 119 15 119 21 - let%span s05_map11 = "05_map.rs" 120 15 120 21 - let%span s05_map12 = "05_map.rs" 121 15 121 24 - let%span s05_map13 = "05_map.rs" 122 4 122 60 - let%span s05_map14 = "05_map.rs" 123 15 123 30 - let%span s05_map15 = "05_map.rs" 124 15 124 50 - let%span s05_map16 = "05_map.rs" 125 14 125 42 - let%span s05_map17 = "05_map.rs" 126 14 126 47 - let%span s05_map18 = "05_map.rs" 128 8 133 9 - let%span sops19 = "../../../../creusot-contracts/src/std/ops.rs" 162 27 162 52 - let%span sops20 = "../../../../creusot-contracts/src/std/ops.rs" 163 26 163 71 - let%span s05_map21 = "05_map.rs" 26 8 26 75 - let%span s05_map22 = "05_map.rs" 137 14 137 68 - let%span s05_map23 = "05_map.rs" 140 12 145 60 - let%span scommon24 = "common.rs" 14 15 14 24 - let%span scommon25 = "common.rs" 15 14 15 45 - let%span scommon26 = "common.rs" 19 15 19 21 - let%span scommon27 = "common.rs" 20 15 20 21 - let%span scommon28 = "common.rs" 21 15 21 21 - let%span scommon29 = "common.rs" 22 15 22 32 - let%span scommon30 = "common.rs" 23 15 23 32 - let%span scommon31 = "common.rs" 24 14 24 42 - let%span s05_map32 = "05_map.rs" 96 12 102 41 - let%span s05_map33 = "05_map.rs" 85 12 89 39 - let%span sresolve34 = "../../../../creusot-contracts/src/resolve.rs" 54 20 54 34 - let%span s05_map35 = "05_map.rs" 49 8 62 9 - let%span sops36 = "../../../../creusot-contracts/src/std/ops.rs" 109 15 109 59 - let%span sops37 = "../../../../creusot-contracts/src/std/ops.rs" 110 14 110 36 - let%span sops38 = "../../../../creusot-contracts/src/std/ops.rs" 115 14 115 31 - let%span sops39 = "../../../../creusot-contracts/src/std/ops.rs" 120 15 120 29 - let%span sops40 = "../../../../creusot-contracts/src/std/ops.rs" 121 15 121 26 - let%span sops41 = "../../../../creusot-contracts/src/std/ops.rs" 122 14 122 28 - let%span sops42 = "../../../../creusot-contracts/src/std/ops.rs" 127 14 128 105 - let%span sinvariant43 = "../../../../creusot-contracts/src/invariant.rs" 34 20 34 44 - let%span s05_map44 = "05_map.rs" 155 12 157 57 - let%span s05_map45 = "05_map.rs" 109 12 112 87 - let%span sseq46 = "../../../../creusot-contracts/src/logic/seq.rs" 611 20 611 95 - let%span sboxed47 = "../../../../creusot-contracts/src/std/boxed.rs" 28 8 28 18 +module M_05_map__qyi14910388998417814812__next [#"05_map.rs" 62 4 62 44] (* as common::Iterator> *) + let%span s05_map0 = "05_map.rs" 65 16 65 62 + let%span s05_map1 = "05_map.rs" 66 16 66 58 + let%span s05_map2 = "05_map.rs" 62 17 62 21 + let%span s05_map3 = "05_map.rs" 62 26 62 44 + let%span s05_map4 = "05_map.rs" 58 14 61 5 + let%span scommon5 = "common.rs" 27 17 27 21 + let%span scommon6 = "common.rs" 27 26 27 44 + let%span scommon7 = "common.rs" 23 14 26 5 + let%span s05_map8 = "05_map.rs" 108 15 108 31 + let%span s05_map9 = "05_map.rs" 109 4 109 60 + let%span s05_map10 = "05_map.rs" 110 15 110 30 + let%span s05_map11 = "05_map.rs" 111 15 111 50 + let%span s05_map12 = "05_map.rs" 112 14 112 42 + let%span s05_map13 = "05_map.rs" 113 14 113 47 + let%span s05_map14 = "05_map.rs" 115 8 119 9 + let%span sops15 = "../../../../creusot-contracts/src/std/ops.rs" 162 27 162 52 + let%span sops16 = "../../../../creusot-contracts/src/std/ops.rs" 163 26 163 71 + let%span s05_map17 = "05_map.rs" 23 8 23 75 + let%span s05_map18 = "05_map.rs" 123 14 123 68 + let%span s05_map19 = "05_map.rs" 126 12 131 60 + let%span scommon20 = "common.rs" 14 14 14 45 + let%span scommon21 = "common.rs" 18 15 18 32 + let%span scommon22 = "common.rs" 19 15 19 32 + let%span scommon23 = "common.rs" 20 14 20 42 + let%span s05_map24 = "05_map.rs" 141 12 143 57 + let%span s05_map25 = "05_map.rs" 88 12 94 41 + let%span s05_map26 = "05_map.rs" 78 12 81 39 + let%span sresolve27 = "../../../../creusot-contracts/src/resolve.rs" 54 20 54 34 + let%span s05_map28 = "05_map.rs" 42 8 55 9 + let%span s05_map29 = "05_map.rs" 101 12 103 87 + let%span sops30 = "../../../../creusot-contracts/src/std/ops.rs" 109 15 109 59 + let%span sops31 = "../../../../creusot-contracts/src/std/ops.rs" 110 14 110 36 + let%span sops32 = "../../../../creusot-contracts/src/std/ops.rs" 115 14 115 31 + let%span sops33 = "../../../../creusot-contracts/src/std/ops.rs" 120 15 120 29 + let%span sops34 = "../../../../creusot-contracts/src/std/ops.rs" 121 15 121 26 + let%span sops35 = "../../../../creusot-contracts/src/std/ops.rs" 122 14 122 28 + let%span sops36 = "../../../../creusot-contracts/src/std/ops.rs" 127 14 128 105 + let%span sinvariant37 = "../../../../creusot-contracts/src/invariant.rs" 34 20 34 44 use prelude.prelude.Borrow @@ -530,39 +313,35 @@ module M_05_map__qyi14910388998417814812__next [#"05_map.rs" 69 4 69 44] (* ([%#scommon27] inv'0 b) - -> ([%#scommon28] inv'0 c) - -> ([%#scommon29] produces'0 a ab b) - -> ([%#scommon30] produces'0 b bc c) -> ([%#scommon31] produces'0 a (Seq.(++) ab bc) c) + axiom produces_trans'0_spec : forall a : t_I'0, ab : Seq.seq t_Item'0, b : t_I'0, bc : Seq.seq t_Item'0, c : t_I'0 . ([%#scommon21] produces'0 a ab b) + -> ([%#scommon22] produces'0 b bc c) -> ([%#scommon23] produces'0 a (Seq.(++) ab bc) c) - function produces_refl'0 [#"common.rs" 16 4 16 27] (self : t_I'0) : () + function produces_refl'0 [#"common.rs" 15 4 15 27] (self : t_I'0) : () - axiom produces_refl'0_spec : forall self : t_I'0 . ([%#scommon24] inv'0 self) - -> ([%#scommon25] produces'0 self (Seq.empty : Seq.seq t_Item'0) self) + axiom produces_refl'0_spec : forall self : t_I'0 . [%#scommon20] produces'0 self (Seq.empty : Seq.seq t_Item'0) self - predicate invariant'1 (self : borrowed t_I'0) = - [%#sinvariant43] inv'0 self.current /\ inv'0 self.final + predicate invariant'2 (self : borrowed t_I'0) = + [%#sinvariant37] inv'0 self.current /\ inv'0 self.final predicate inv'4 (_1 : borrowed t_I'0) - axiom inv_axiom'2 [@rewrite] : forall x : borrowed t_I'0 [inv'4 x] . inv'4 x = invariant'1 x + axiom inv_axiom'2 [@rewrite] : forall x : borrowed t_I'0 [inv'4 x] . inv'4 x = invariant'2 x type t_Option'0 = | C_None'0 | C_Some'0 t_Item'0 - predicate inv'7 (_1 : t_Item'0) + predicate inv'9 (_1 : t_Item'0) predicate inv'5 (_1 : t_Option'0) axiom inv_axiom'3 [@rewrite] : forall x : t_Option'0 [inv'5 x] . inv'5 x = match x with | C_None'0 -> true - | C_Some'0 a_0 -> inv'7 a_0 + | C_Some'0 a_0 -> inv'9 a_0 end predicate completed'1 [#"common.rs" 11 4 11 36] (self : borrowed t_I'0) @@ -586,41 +365,12 @@ module M_05_map__qyi14910388998417814812__next [#"05_map.rs" 69 4 69 44] (* produces'0 iter (Seq.singleton e) i -> precondition'0 func (e) + predicate next_precondition'0 [#"05_map.rs" 76 4 76 50] (iter : t_I'0) (func : t_F'0) = + [%#s05_map26] forall e : t_Item'0, i : t_I'0 [produces'0 iter (Seq.singleton e) i] . produces'0 iter (Seq.singleton e) i + -> precondition'0 func (e) type t_B'0 - use prelude.prelude.Int - - use seq.Seq - - use seq.Seq - - predicate invariant'6 (self : t_Item'0) = - [%#sboxed47] inv'7 self - - predicate inv'13 (_1 : t_Item'0) - - axiom inv_axiom'9 [@rewrite] : forall x : t_Item'0 [inv'13 x] . inv'13 x = invariant'6 x - - predicate invariant'4 (self : Seq.seq t_Item'0) = - [%#sseq46] forall i : int . 0 <= i /\ i < Seq.length self -> inv'13 (Seq.get self i) - - predicate inv'11 (_1 : Seq.seq t_Item'0) - - axiom inv_axiom'7 [@rewrite] : forall x : Seq.seq t_Item'0 [inv'11 x] . inv'11 x = invariant'4 x - - predicate invariant'3 (self : borrowed t_F'0) = - [%#sinvariant43] inv'1 self.current /\ inv'1 self.final - - predicate inv'9 (_1 : borrowed t_F'0) - - axiom inv_axiom'5 [@rewrite] : forall x : borrowed t_F'0 [inv'9 x] . inv'9 x = invariant'3 x - predicate postcondition_once'0 (self : t_F'0) (args : t_Item'0) (result : t_B'0) predicate resolve'2 (_1 : t_F'0) @@ -629,90 +379,94 @@ module M_05_map__qyi14910388998417814812__next [#"05_map.rs" 69 4 69 44] (* ([%#sops40] unnest'0 b c) -> ([%#sops41] unnest'0 self c) + axiom unnest_trans'0_spec : forall self : t_F'0, b : t_F'0, c : t_F'0 . ([%#sops33] unnest'0 self b) + -> ([%#sops34] unnest'0 b c) -> ([%#sops35] unnest'0 self c) function unnest_refl'0 (self : t_F'0) : () - axiom unnest_refl'0_spec : forall self : t_F'0 . [%#sops38] unnest'0 self self + axiom unnest_refl'0_spec : forall self : t_F'0 . [%#sops32] unnest'0 self self function postcondition_mut_unnest'0 (self : t_F'0) (args : t_Item'0) (res_state : t_F'0) (res : t_B'0) : () - axiom postcondition_mut_unnest'0_spec : forall self : t_F'0, args : t_Item'0, res_state : t_F'0, res : t_B'0 . ([%#sops36] postcondition_mut'0 self args res_state res) - -> ([%#sops37] unnest'0 self res_state) + axiom postcondition_mut_unnest'0_spec : forall self : t_F'0, args : t_Item'0, res_state : t_F'0, res : t_B'0 . ([%#sops30] postcondition_mut'0 self args res_state res) + -> ([%#sops31] unnest'0 self res_state) use seq.Seq - predicate preservation'0 [#"05_map.rs" 94 4 94 45] (iter : t_I'0) (func : t_F'0) = - [%#s05_map32] forall s : Seq.seq t_Item'0, e1 : t_Item'0, e2 : t_Item'0, f : borrowed t_F'0, b : t_B'0, i : t_I'0 [produces'0 iter (Seq.snoc (Seq.snoc s e1) e2) i, postcondition_mut'0 f.current (e1) f.final b] . inv'11 s - /\ inv'7 e1 /\ inv'7 e2 /\ inv'9 f /\ inv'0 i /\ unnest'0 func f.current + predicate preservation'0 [#"05_map.rs" 86 4 86 45] (iter : t_I'0) (func : t_F'0) = + [%#s05_map25] forall s : Seq.seq t_Item'0, e1 : t_Item'0, e2 : t_Item'0, f : borrowed t_F'0, b : t_B'0, i : t_I'0 [produces'0 iter (Seq.snoc (Seq.snoc s e1) e2) i, postcondition_mut'0 f.current (e1) f.final b] . unnest'0 func f.current -> produces'0 iter (Seq.snoc (Seq.snoc s e1) e2) i -> precondition'0 f.current (e1) -> postcondition_mut'0 f.current (e1) f.final b -> precondition'0 f.final (e2) - predicate reinitialize'0 [#"05_map.rs" 107 4 107 29] (_1 : ()) = - [%#s05_map45] forall iter : borrowed t_I'0, func : t_F'0 . inv'4 iter /\ inv'1 func - -> completed'1 iter -> next_precondition'0 iter.final func /\ preservation'0 iter.final func + predicate reinitialize'0 [#"05_map.rs" 99 4 99 29] (_1 : ()) = + [%#s05_map29] forall iter : borrowed t_I'0, func : t_F'0 . completed'1 iter + -> next_precondition'0 iter.final func /\ preservation'0 iter.final func - predicate invariant'2 [#"05_map.rs" 153 4 153 30] (self : t_Map'0) = - [%#s05_map44] reinitialize'0 () + predicate invariant'0 [#"05_map.rs" 139 4 139 30] (self : t_Map'0) = + [%#s05_map24] reinitialize'0 () /\ preservation'0 self.t_Map__iter'0 self.t_Map__func'0 /\ next_precondition'0 self.t_Map__iter'0 self.t_Map__func'0 - predicate inv'6 (_1 : t_Map'0) - - axiom inv_axiom'4 [@rewrite] : forall x : t_Map'0 [inv'6 x] . inv'6 x - = (invariant'2 x - /\ match x with - | {t_Map__iter'0 = iter ; t_Map__func'0 = func} -> inv'0 iter /\ inv'1 func - end) - - predicate inv'8 (_1 : t_B'0) - - function produces_one_invariant'0 [#"05_map.rs" 127 4 127 73] (self : t_Map'0) (e : t_Item'0) (r : t_B'0) (f : borrowed t_F'0) (iter : t_I'0) : () + function produces_one_invariant'0 [#"05_map.rs" 114 4 114 73] (self : t_Map'0) (e : t_Item'0) (r : t_B'0) (f : borrowed t_F'0) (iter : t_I'0) : () = - [%#s05_map18] let _ = () in () - - axiom produces_one_invariant'0_spec : forall self : t_Map'0, e : t_Item'0, r : t_B'0, f : borrowed t_F'0, iter : t_I'0 . ([%#s05_map8] inv'6 self) - -> ([%#s05_map9] inv'7 e) - -> ([%#s05_map10] inv'8 r) - -> ([%#s05_map11] inv'9 f) - -> ([%#s05_map12] inv'0 iter) - -> ([%#s05_map13] produces'0 self.t_Map__iter'0 (Seq.singleton e) iter) - -> ([%#s05_map14] f.current = self.t_Map__func'0) - -> ([%#s05_map15] postcondition_mut'0 f.current (e) f.final r) - -> ([%#s05_map16] preservation'0 iter f.final) && ([%#s05_map17] next_precondition'0 iter f.final) + [%#s05_map14] let _ = () in () + + axiom produces_one_invariant'0_spec : forall self : t_Map'0, e : t_Item'0, r : t_B'0, f : borrowed t_F'0, iter : t_I'0 . ([%#s05_map8] invariant'0 self) + -> ([%#s05_map9] produces'0 self.t_Map__iter'0 (Seq.singleton e) iter) + -> ([%#s05_map10] f.current = self.t_Map__func'0) + -> ([%#s05_map11] postcondition_mut'0 f.current (e) f.final r) + -> ([%#s05_map12] preservation'0 iter f.final) && ([%#s05_map13] next_precondition'0 iter f.final) use prelude.prelude.Snapshot - predicate inv'10 (_1 : t_Item'0) + predicate inv'1 (_1 : t_F'0) + + predicate invariant'3 (self : borrowed t_F'0) = + [%#sinvariant37] inv'1 self.current /\ inv'1 self.final + + predicate inv'6 (_1 : borrowed t_F'0) + + axiom inv_axiom'4 [@rewrite] : forall x : borrowed t_F'0 [inv'6 x] . inv'6 x = invariant'3 x + + predicate inv'7 (_1 : t_Item'0) + + axiom inv_axiom'5 [@rewrite] : forall x : t_Item'0 [inv'7 x] . inv'7 x = (let (x0) = x in inv'9 x0) - axiom inv_axiom'6 [@rewrite] : forall x : t_Item'0 [inv'10 x] . inv'10 x = (let (x0) = x in inv'7 x0) + predicate inv'8 (_1 : t_B'0) - let rec call_mut'0 (self:borrowed t_F'0) (args:t_Item'0) (return' (ret:t_B'0))= {[@expl:call_mut 'self' type invariant] inv'9 self} - {[@expl:call_mut 'args' type invariant] inv'10 args} - {[@expl:call_mut requires] [%#sops19] precondition'0 self.current args} + let rec call_mut'0 (self:borrowed t_F'0) (args:t_Item'0) (return' (ret:t_B'0))= {[@expl:call_mut 'self' type invariant] inv'6 self} + {[@expl:call_mut 'args' type invariant] inv'7 args} + {[@expl:call_mut requires] [%#sops15] precondition'0 self.current args} any [ return' (result:t_B'0)-> {inv'8 result} - {[%#sops20] postcondition_mut'0 self.current args self.final result} + {[%#sops16] postcondition_mut'0 self.current args self.final result} (! return' {result}) ] - predicate invariant'0 (self : borrowed (t_Map'0)) = - [%#sinvariant43] inv'6 self.current /\ inv'6 self.final + predicate inv'10 (_1 : t_Map'0) + + axiom inv_axiom'6 [@rewrite] : forall x : t_Map'0 [inv'10 x] . inv'10 x + = (invariant'0 x + /\ match x with + | {t_Map__iter'0 = iter ; t_Map__func'0 = func} -> inv'0 iter /\ inv'1 func + end) + + predicate invariant'1 (self : borrowed (t_Map'0)) = + [%#sinvariant37] inv'10 self.current /\ inv'10 self.final predicate inv'2 (_1 : borrowed (t_Map'0)) - axiom inv_axiom'0 [@rewrite] : forall x : borrowed (t_Map'0) [inv'2 x] . inv'2 x = invariant'0 x + axiom inv_axiom'0 [@rewrite] : forall x : borrowed (t_Map'0) [inv'2 x] . inv'2 x = invariant'1 x predicate resolve'1 (self : borrowed (t_Map'0)) = - [%#sresolve34] self.final = self.current + [%#sresolve27] self.final = self.current predicate resolve'0 (_1 : borrowed (t_Map'0)) = resolve'1 _1 @@ -733,8 +487,8 @@ module M_05_map__qyi14910388998417814812__next [#"05_map.rs" 69 4 69 44] (* inv'8 a_0 end - predicate completed'0 [#"05_map.rs" 25 4 25 35] (self : borrowed (t_Map'0)) = - [%#s05_map21] completed'1 (Borrow.borrow_logic (self.current).t_Map__iter'0 (self.final).t_Map__iter'0 (Borrow.inherit_id (Borrow.get_id self) 1)) + predicate completed'0 [#"05_map.rs" 22 4 22 35] (self : borrowed (t_Map'0)) = + [%#s05_map17] completed'1 (Borrow.borrow_logic (self.current).t_Map__iter'0 (self.final).t_Map__iter'0 (Borrow.inherit_id (Borrow.get_id self) 1)) /\ (self.current).t_Map__func'0 = (self.final).t_Map__func'0 use seq.Seq @@ -747,36 +501,23 @@ module M_05_map__qyi14910388998417814812__next [#"05_map.rs" 69 4 69 44] (* inv'14 (Seq.get self i) - - predicate inv'12 (_1 : Seq.seq (borrowed t_F'0)) - - axiom inv_axiom'8 [@rewrite] : forall x : Seq.seq (borrowed t_F'0) [inv'12 x] . inv'12 x = invariant'5 x - use seq.Seq + use prelude.prelude.Int + use seq.Seq use seq.Seq use seq.Seq - predicate produces'1 [@inline:trivial] [#"05_map.rs" 48 4 48 67] (self : t_Map'0) (visited : Seq.seq t_B'0) (succ : t_Map'0) + predicate produces'1 [@inline:trivial] [#"05_map.rs" 41 4 41 67] (self : t_Map'0) (visited : Seq.seq t_B'0) (succ : t_Map'0) = - [%#s05_map35] unnest'0 self.t_Map__func'0 succ.t_Map__func'0 - /\ (exists fs : Seq.seq (borrowed t_F'0) . inv'12 fs - /\ Seq.length fs = Seq.length visited - /\ (exists s : Seq.seq t_Item'0 [produces'0 self.t_Map__iter'0 s succ.t_Map__iter'0] . inv'11 s - /\ Seq.length s = Seq.length visited + [%#s05_map28] unnest'0 self.t_Map__func'0 succ.t_Map__func'0 + /\ (exists fs : Seq.seq (borrowed t_F'0) . Seq.length fs = Seq.length visited + /\ (exists s : Seq.seq t_Item'0 [produces'0 self.t_Map__iter'0 s succ.t_Map__iter'0] . Seq.length s + = Seq.length visited /\ produces'0 self.t_Map__iter'0 s succ.t_Map__iter'0 /\ (forall i : int . 1 <= i /\ i < Seq.length fs -> (Seq.get fs (i - 1)).final = (Seq.get fs i).current) /\ (if Seq.length visited = 0 then @@ -789,15 +530,14 @@ module M_05_map__qyi14910388998417814812__next [#"05_map.rs" 69 4 69 44] (* *) - let%span s05_map0 = "05_map.rs" 117 15 117 24 - let%span s05_map1 = "05_map.rs" 118 15 118 21 - let%span s05_map2 = "05_map.rs" 119 15 119 21 - let%span s05_map3 = "05_map.rs" 120 15 120 21 - let%span s05_map4 = "05_map.rs" 121 15 121 24 - let%span s05_map5 = "05_map.rs" 122 4 122 60 - let%span s05_map6 = "05_map.rs" 123 15 123 30 - let%span s05_map7 = "05_map.rs" 124 15 124 50 - let%span s05_map8 = "05_map.rs" 125 14 125 42 - let%span s05_map9 = "05_map.rs" 126 14 126 47 - let%span s05_map10 = "05_map.rs" 129 12 132 94 - let%span s05_map11 = "05_map.rs" 128 8 133 9 - let%span s05_map12 = "05_map.rs" 96 12 102 41 - let%span s05_map13 = "05_map.rs" 85 12 89 39 - let%span scommon14 = "common.rs" 14 15 14 24 - let%span scommon15 = "common.rs" 15 14 15 45 - let%span scommon16 = "common.rs" 19 15 19 21 - let%span scommon17 = "common.rs" 20 15 20 21 - let%span scommon18 = "common.rs" 21 15 21 21 - let%span scommon19 = "common.rs" 22 15 22 32 - let%span scommon20 = "common.rs" 23 15 23 32 - let%span scommon21 = "common.rs" 24 14 24 42 - let%span sops22 = "../../../../creusot-contracts/src/std/ops.rs" 109 15 109 59 - let%span sops23 = "../../../../creusot-contracts/src/std/ops.rs" 110 14 110 36 - let%span sops24 = "../../../../creusot-contracts/src/std/ops.rs" 115 14 115 31 - let%span sops25 = "../../../../creusot-contracts/src/std/ops.rs" 120 15 120 29 - let%span sops26 = "../../../../creusot-contracts/src/std/ops.rs" 121 15 121 26 - let%span sops27 = "../../../../creusot-contracts/src/std/ops.rs" 122 14 122 28 - let%span sops28 = "../../../../creusot-contracts/src/std/ops.rs" 127 14 128 105 - let%span s05_map29 = "05_map.rs" 155 12 157 57 - let%span sinvariant30 = "../../../../creusot-contracts/src/invariant.rs" 34 20 34 44 - let%span sseq31 = "../../../../creusot-contracts/src/logic/seq.rs" 611 20 611 95 - let%span s05_map32 = "05_map.rs" 109 12 112 87 - let%span sboxed33 = "../../../../creusot-contracts/src/std/boxed.rs" 28 8 28 18 +module M_05_map__qyi9543869049664362474__produces_one_invariant [#"05_map.rs" 114 4 114 73] (* Map *) + let%span s05_map0 = "05_map.rs" 108 15 108 31 + let%span s05_map1 = "05_map.rs" 109 4 109 60 + let%span s05_map2 = "05_map.rs" 110 15 110 30 + let%span s05_map3 = "05_map.rs" 111 15 111 50 + let%span s05_map4 = "05_map.rs" 112 14 112 42 + let%span s05_map5 = "05_map.rs" 113 14 113 47 + let%span s05_map6 = "05_map.rs" 116 12 118 94 + let%span s05_map7 = "05_map.rs" 115 8 119 9 + let%span s05_map8 = "05_map.rs" 141 12 143 57 + let%span s05_map9 = "05_map.rs" 88 12 94 41 + let%span s05_map10 = "05_map.rs" 78 12 81 39 + let%span s05_map11 = "05_map.rs" 101 12 103 87 + let%span scommon12 = "common.rs" 14 14 14 45 + let%span scommon13 = "common.rs" 18 15 18 32 + let%span scommon14 = "common.rs" 19 15 19 32 + let%span scommon15 = "common.rs" 20 14 20 42 + let%span sops16 = "../../../../creusot-contracts/src/std/ops.rs" 109 15 109 59 + let%span sops17 = "../../../../creusot-contracts/src/std/ops.rs" 110 14 110 36 + let%span sops18 = "../../../../creusot-contracts/src/std/ops.rs" 115 14 115 31 + let%span sops19 = "../../../../creusot-contracts/src/std/ops.rs" 120 15 120 29 + let%span sops20 = "../../../../creusot-contracts/src/std/ops.rs" 121 15 121 26 + let%span sops21 = "../../../../creusot-contracts/src/std/ops.rs" 122 14 122 28 + let%span sops22 = "../../../../creusot-contracts/src/std/ops.rs" 127 14 128 105 type t_I'0 @@ -911,17 +640,6 @@ module M_05_map__qyi9543869049664362474__produces_one_invariant [#"05_map.rs" 12 use prelude.prelude.Borrow - predicate inv'4 (_1 : t_I'0) - - predicate invariant'4 (self : borrowed t_I'0) = - [%#sinvariant30] inv'4 self.current /\ inv'4 self.final - - predicate inv'8 (_1 : borrowed t_I'0) - - axiom inv_axiom'4 [@rewrite] : forall x : borrowed t_I'0 [inv'8 x] . inv'8 x = invariant'4 x - - predicate inv'6 (_1 : t_F'0) - use seq.Seq use seq.Seq @@ -932,61 +650,28 @@ module M_05_map__qyi9543869049664362474__produces_one_invariant [#"05_map.rs" 12 predicate produces'0 [#"common.rs" 8 4 8 65] (self : t_I'0) (visited : Seq.seq t_Item'0) (o : t_I'0) - function produces_trans'0 [#"common.rs" 25 4 25 91] (a : t_I'0) (ab : Seq.seq t_Item'0) (b : t_I'0) (bc : Seq.seq t_Item'0) (c : t_I'0) : () + function produces_trans'0 [#"common.rs" 21 4 21 91] (a : t_I'0) (ab : Seq.seq t_Item'0) (b : t_I'0) (bc : Seq.seq t_Item'0) (c : t_I'0) : () - axiom produces_trans'0_spec : forall a : t_I'0, ab : Seq.seq t_Item'0, b : t_I'0, bc : Seq.seq t_Item'0, c : t_I'0 . ([%#scommon16] inv'4 a) - -> ([%#scommon17] inv'4 b) - -> ([%#scommon18] inv'4 c) - -> ([%#scommon19] produces'0 a ab b) - -> ([%#scommon20] produces'0 b bc c) -> ([%#scommon21] produces'0 a (Seq.(++) ab bc) c) + axiom produces_trans'0_spec : forall a : t_I'0, ab : Seq.seq t_Item'0, b : t_I'0, bc : Seq.seq t_Item'0, c : t_I'0 . ([%#scommon13] produces'0 a ab b) + -> ([%#scommon14] produces'0 b bc c) -> ([%#scommon15] produces'0 a (Seq.(++) ab bc) c) - function produces_refl'0 [#"common.rs" 16 4 16 27] (self : t_I'0) : () + function produces_refl'0 [#"common.rs" 15 4 15 27] (self : t_I'0) : () - axiom produces_refl'0_spec : forall self : t_I'0 . ([%#scommon14] inv'4 self) - -> ([%#scommon15] produces'0 self (Seq.empty : Seq.seq t_Item'0) self) + axiom produces_refl'0_spec : forall self : t_I'0 . [%#scommon12] produces'0 self (Seq.empty : Seq.seq t_Item'0) self predicate completed'0 [#"common.rs" 11 4 11 36] (self : borrowed t_I'0) - predicate inv'1 (_1 : t_Item'0) - use seq.Seq predicate precondition'0 (self : t_F'0) (args : t_Item'0) - predicate next_precondition'0 [#"05_map.rs" 83 4 83 50] (iter : t_I'0) (func : t_F'0) = - [%#s05_map13] forall e : t_Item'0, i : t_I'0 [produces'0 iter (Seq.singleton e) i] . inv'1 e /\ inv'4 i - -> produces'0 iter (Seq.singleton e) i -> precondition'0 func (e) + predicate next_precondition'0 [#"05_map.rs" 76 4 76 50] (iter : t_I'0) (func : t_F'0) = + [%#s05_map10] forall e : t_Item'0, i : t_I'0 [produces'0 iter (Seq.singleton e) i] . produces'0 iter (Seq.singleton e) i + -> precondition'0 func (e) type t_B'0 - use prelude.prelude.Int - - use seq.Seq - - use seq.Seq - - predicate invariant'3 (self : t_Item'0) = - [%#sboxed33] inv'1 self - - predicate inv'7 (_1 : t_Item'0) - - axiom inv_axiom'3 [@rewrite] : forall x : t_Item'0 [inv'7 x] . inv'7 x = invariant'3 x - - predicate invariant'2 (self : Seq.seq t_Item'0) = - [%#sseq31] forall i : int . 0 <= i /\ i < Seq.length self -> inv'7 (Seq.get self i) - - predicate inv'5 (_1 : Seq.seq t_Item'0) - - axiom inv_axiom'2 [@rewrite] : forall x : Seq.seq t_Item'0 [inv'5 x] . inv'5 x = invariant'2 x - - predicate invariant'1 (self : borrowed t_F'0) = - [%#sinvariant30] inv'6 self.current /\ inv'6 self.final - - predicate inv'3 (_1 : borrowed t_F'0) - - axiom inv_axiom'1 [@rewrite] : forall x : borrowed t_F'0 [inv'3 x] . inv'3 x = invariant'1 x - predicate postcondition_once'0 (self : t_F'0) (args : t_Item'0) (result : t_B'0) predicate resolve'0 (_1 : t_F'0) @@ -995,51 +680,40 @@ module M_05_map__qyi9543869049664362474__produces_one_invariant [#"05_map.rs" 12 function fn_mut_once'0 (self : t_F'0) (args : t_Item'0) (res : t_B'0) : () - axiom fn_mut_once'0_spec : forall self : t_F'0, args : t_Item'0, res : t_B'0 . [%#sops28] postcondition_once'0 self args res + axiom fn_mut_once'0_spec : forall self : t_F'0, args : t_Item'0, res : t_B'0 . [%#sops22] postcondition_once'0 self args res = (exists res_state : t_F'0 . postcondition_mut'0 self args res_state res /\ resolve'0 res_state) predicate unnest'0 (self : t_F'0) (_2 : t_F'0) function unnest_trans'0 (self : t_F'0) (b : t_F'0) (c : t_F'0) : () - axiom unnest_trans'0_spec : forall self : t_F'0, b : t_F'0, c : t_F'0 . ([%#sops25] unnest'0 self b) - -> ([%#sops26] unnest'0 b c) -> ([%#sops27] unnest'0 self c) + axiom unnest_trans'0_spec : forall self : t_F'0, b : t_F'0, c : t_F'0 . ([%#sops19] unnest'0 self b) + -> ([%#sops20] unnest'0 b c) -> ([%#sops21] unnest'0 self c) function unnest_refl'0 (self : t_F'0) : () - axiom unnest_refl'0_spec : forall self : t_F'0 . [%#sops24] unnest'0 self self + axiom unnest_refl'0_spec : forall self : t_F'0 . [%#sops18] unnest'0 self self function postcondition_mut_unnest'0 (self : t_F'0) (args : t_Item'0) (res_state : t_F'0) (res : t_B'0) : () - axiom postcondition_mut_unnest'0_spec : forall self : t_F'0, args : t_Item'0, res_state : t_F'0, res : t_B'0 . ([%#sops22] postcondition_mut'0 self args res_state res) - -> ([%#sops23] unnest'0 self res_state) + axiom postcondition_mut_unnest'0_spec : forall self : t_F'0, args : t_Item'0, res_state : t_F'0, res : t_B'0 . ([%#sops16] postcondition_mut'0 self args res_state res) + -> ([%#sops17] unnest'0 self res_state) use seq.Seq - predicate preservation'0 [#"05_map.rs" 94 4 94 45] (iter : t_I'0) (func : t_F'0) = - [%#s05_map12] forall s : Seq.seq t_Item'0, e1 : t_Item'0, e2 : t_Item'0, f : borrowed t_F'0, b : t_B'0, i : t_I'0 [produces'0 iter (Seq.snoc (Seq.snoc s e1) e2) i, postcondition_mut'0 f.current (e1) f.final b] . inv'5 s - /\ inv'1 e1 /\ inv'1 e2 /\ inv'3 f /\ inv'4 i /\ unnest'0 func f.current + predicate preservation'0 [#"05_map.rs" 86 4 86 45] (iter : t_I'0) (func : t_F'0) = + [%#s05_map9] forall s : Seq.seq t_Item'0, e1 : t_Item'0, e2 : t_Item'0, f : borrowed t_F'0, b : t_B'0, i : t_I'0 [produces'0 iter (Seq.snoc (Seq.snoc s e1) e2) i, postcondition_mut'0 f.current (e1) f.final b] . unnest'0 func f.current -> produces'0 iter (Seq.snoc (Seq.snoc s e1) e2) i -> precondition'0 f.current (e1) -> postcondition_mut'0 f.current (e1) f.final b -> precondition'0 f.final (e2) - predicate reinitialize'0 [#"05_map.rs" 107 4 107 29] (_1 : ()) = - [%#s05_map32] forall iter : borrowed t_I'0, func : t_F'0 . inv'8 iter /\ inv'6 func - -> completed'0 iter -> next_precondition'0 iter.final func /\ preservation'0 iter.final func + predicate reinitialize'0 [#"05_map.rs" 99 4 99 29] (_1 : ()) = + [%#s05_map11] forall iter : borrowed t_I'0, func : t_F'0 . completed'0 iter + -> next_precondition'0 iter.final func /\ preservation'0 iter.final func - predicate invariant'0 [#"05_map.rs" 153 4 153 30] (self : t_Map'0) = - [%#s05_map29] reinitialize'0 () + predicate invariant'0 [#"05_map.rs" 139 4 139 30] (self : t_Map'0) = + [%#s05_map8] reinitialize'0 () /\ preservation'0 self.t_Map__iter'0 self.t_Map__func'0 /\ next_precondition'0 self.t_Map__iter'0 self.t_Map__func'0 - predicate inv'0 (_1 : t_Map'0) - - axiom inv_axiom'0 [@rewrite] : forall x : t_Map'0 [inv'0 x] . inv'0 x - = (invariant'0 x - /\ match x with - | {t_Map__iter'0 = iter ; t_Map__func'0 = func} -> inv'4 iter /\ inv'6 func - end) - - predicate inv'2 (_1 : t_B'0) - constant self : t_Map'0 constant e : t_Item'0 @@ -1050,59 +724,40 @@ module M_05_map__qyi9543869049664362474__produces_one_invariant [#"05_map.rs" 12 constant iter : t_I'0 - function produces_one_invariant'0 [#"05_map.rs" 127 4 127 73] (self : t_Map'0) (e : t_Item'0) (r : t_B'0) (f : borrowed t_F'0) (iter : t_I'0) : () + function produces_one_invariant'0 [#"05_map.rs" 114 4 114 73] (self : t_Map'0) (e : t_Item'0) (r : t_B'0) (f : borrowed t_F'0) (iter : t_I'0) : () - goal vc_produces_one_invariant'0 : ([%#s05_map7] postcondition_mut'0 f.current (e) f.final r) - -> ([%#s05_map6] f.current = self.t_Map__func'0) - -> ([%#s05_map5] produces'0 self.t_Map__iter'0 (Seq.singleton e) iter) - -> ([%#s05_map4] inv'4 iter) - -> ([%#s05_map3] inv'3 f) - -> ([%#s05_map2] inv'2 r) - -> ([%#s05_map1] inv'1 e) - -> ([%#s05_map0] inv'0 self) - -> ([%#s05_map10] forall s : Seq.seq t_Item'0, e1 : t_Item'0, e2 : t_Item'0, i : t_I'0 . inv'5 s - /\ inv'1 e1 /\ inv'1 e2 /\ inv'4 i - -> produces'0 iter (Seq.snoc (Seq.snoc s e1) e2) i + goal vc_produces_one_invariant'0 : ([%#s05_map3] postcondition_mut'0 f.current (e) f.final r) + -> ([%#s05_map2] f.current = self.t_Map__func'0) + -> ([%#s05_map1] produces'0 self.t_Map__iter'0 (Seq.singleton e) iter) + -> ([%#s05_map0] invariant'0 self) + -> ([%#s05_map6] forall s : Seq.seq t_Item'0, e1 : t_Item'0, e2 : t_Item'0, i : t_I'0 . produces'0 iter (Seq.snoc (Seq.snoc s e1) e2) i -> produces'0 self.t_Map__iter'0 (Seq.snoc (Seq.snoc (Seq.(++) (Seq.singleton e) s) e1) e2) i) - && (let _ = () in ([%#s05_map8] preservation'0 iter f.final) && ([%#s05_map9] next_precondition'0 iter f.final)) + && (let _ = () in ([%#s05_map4] preservation'0 iter f.final) && ([%#s05_map5] next_precondition'0 iter f.final)) end -module M_05_map__qyi9543869049664362474__produces_one [#"05_map.rs" 138 4 138 57] (* Map *) - let%span s05_map0 = "05_map.rs" 137 14 137 68 - let%span s05_map1 = "05_map.rs" 140 12 145 60 - let%span s05_map2 = "05_map.rs" 49 8 62 9 - let%span s05_map3 = "05_map.rs" 31 15 31 24 - let%span s05_map4 = "05_map.rs" 32 14 32 45 - let%span s05_map5 = "05_map.rs" 29 4 29 10 - let%span s05_map6 = "05_map.rs" 37 15 37 21 - let%span s05_map7 = "05_map.rs" 38 15 38 21 - let%span s05_map8 = "05_map.rs" 39 15 39 21 - let%span s05_map9 = "05_map.rs" 40 15 40 32 - let%span s05_map10 = "05_map.rs" 41 15 41 32 - let%span s05_map11 = "05_map.rs" 42 14 42 42 - let%span s05_map12 = "05_map.rs" 35 4 35 10 - let%span scommon13 = "common.rs" 14 15 14 24 - let%span scommon14 = "common.rs" 15 14 15 45 - let%span scommon15 = "common.rs" 19 15 19 21 - let%span scommon16 = "common.rs" 20 15 20 21 - let%span scommon17 = "common.rs" 21 15 21 21 - let%span scommon18 = "common.rs" 22 15 22 32 - let%span scommon19 = "common.rs" 23 15 23 32 - let%span scommon20 = "common.rs" 24 14 24 42 - let%span sops21 = "../../../../creusot-contracts/src/std/ops.rs" 109 15 109 59 - let%span sops22 = "../../../../creusot-contracts/src/std/ops.rs" 110 14 110 36 - let%span sops23 = "../../../../creusot-contracts/src/std/ops.rs" 115 14 115 31 - let%span sops24 = "../../../../creusot-contracts/src/std/ops.rs" 120 15 120 29 - let%span sops25 = "../../../../creusot-contracts/src/std/ops.rs" 121 15 121 26 - let%span sops26 = "../../../../creusot-contracts/src/std/ops.rs" 122 14 122 28 - let%span sops27 = "../../../../creusot-contracts/src/std/ops.rs" 127 14 128 105 - let%span sinvariant28 = "../../../../creusot-contracts/src/invariant.rs" 34 20 34 44 - let%span sseq29 = "../../../../creusot-contracts/src/logic/seq.rs" 611 20 611 95 - let%span s05_map30 = "05_map.rs" 155 12 157 57 - let%span s05_map31 = "05_map.rs" 109 12 112 87 - let%span s05_map32 = "05_map.rs" 96 12 102 41 - let%span s05_map33 = "05_map.rs" 85 12 89 39 - let%span sboxed34 = "../../../../creusot-contracts/src/std/boxed.rs" 28 8 28 18 +module M_05_map__qyi9543869049664362474__produces_one [#"05_map.rs" 124 4 124 57] (* Map *) + let%span s05_map0 = "05_map.rs" 123 14 123 68 + let%span s05_map1 = "05_map.rs" 126 12 131 60 + let%span s05_map2 = "05_map.rs" 42 8 55 9 + let%span s05_map3 = "05_map.rs" 28 14 28 45 + let%span s05_map4 = "05_map.rs" 26 4 26 10 + let%span s05_map5 = "05_map.rs" 33 15 33 32 + let%span s05_map6 = "05_map.rs" 34 15 34 32 + let%span s05_map7 = "05_map.rs" 35 14 35 42 + let%span s05_map8 = "05_map.rs" 31 4 31 10 + let%span scommon9 = "common.rs" 14 14 14 45 + let%span scommon10 = "common.rs" 18 15 18 32 + let%span scommon11 = "common.rs" 19 15 19 32 + let%span scommon12 = "common.rs" 20 14 20 42 + let%span sops13 = "../../../../creusot-contracts/src/std/ops.rs" 109 15 109 59 + let%span sops14 = "../../../../creusot-contracts/src/std/ops.rs" 110 14 110 36 + let%span sops15 = "../../../../creusot-contracts/src/std/ops.rs" 115 14 115 31 + let%span sops16 = "../../../../creusot-contracts/src/std/ops.rs" 120 15 120 29 + let%span sops17 = "../../../../creusot-contracts/src/std/ops.rs" 121 15 121 26 + let%span sops18 = "../../../../creusot-contracts/src/std/ops.rs" 122 14 122 28 + let%span sops19 = "../../../../creusot-contracts/src/std/ops.rs" 127 14 128 105 + + use seq.Seq use seq.Seq @@ -1113,18 +768,11 @@ module M_05_map__qyi9543869049664362474__produces_one [#"05_map.rs" 138 4 138 57 type t_Map'0 = { t_Map__iter'0: t_I'0; t_Map__func'0: t_F'0 } - use prelude.prelude.Borrow - - predicate inv'5 (_1 : t_I'0) - - predicate invariant'6 (self : borrowed t_I'0) = - [%#sinvariant28] inv'5 self.current /\ inv'5 self.final - - predicate inv'9 (_1 : borrowed t_I'0) + type t_B'0 - axiom inv_axiom'6 [@rewrite] : forall x : borrowed t_I'0 [inv'9 x] . inv'9 x = invariant'6 x + use seq.Seq - predicate inv'6 (_1 : t_F'0) + use seq.Seq use seq.Seq @@ -1136,154 +784,70 @@ module M_05_map__qyi9543869049664362474__produces_one [#"05_map.rs" 138 4 138 57 predicate produces'1 [#"common.rs" 8 4 8 65] (self : t_I'0) (visited : Seq.seq t_Item'0) (o : t_I'0) - function produces_trans'1 [#"common.rs" 25 4 25 91] (a : t_I'0) (ab : Seq.seq t_Item'0) (b : t_I'0) (bc : Seq.seq t_Item'0) (c : t_I'0) : () + function produces_trans'1 [#"common.rs" 21 4 21 91] (a : t_I'0) (ab : Seq.seq t_Item'0) (b : t_I'0) (bc : Seq.seq t_Item'0) (c : t_I'0) : () - axiom produces_trans'1_spec : forall a : t_I'0, ab : Seq.seq t_Item'0, b : t_I'0, bc : Seq.seq t_Item'0, c : t_I'0 . ([%#scommon15] inv'5 a) - -> ([%#scommon16] inv'5 b) - -> ([%#scommon17] inv'5 c) - -> ([%#scommon18] produces'1 a ab b) - -> ([%#scommon19] produces'1 b bc c) -> ([%#scommon20] produces'1 a (Seq.(++) ab bc) c) + axiom produces_trans'1_spec : forall a : t_I'0, ab : Seq.seq t_Item'0, b : t_I'0, bc : Seq.seq t_Item'0, c : t_I'0 . ([%#scommon10] produces'1 a ab b) + -> ([%#scommon11] produces'1 b bc c) -> ([%#scommon12] produces'1 a (Seq.(++) ab bc) c) - function produces_refl'1 [#"common.rs" 16 4 16 27] (self : t_I'0) : () + function produces_refl'1 [#"common.rs" 15 4 15 27] (self : t_I'0) : () - axiom produces_refl'1_spec : forall self : t_I'0 . ([%#scommon13] inv'5 self) - -> ([%#scommon14] produces'1 self (Seq.empty : Seq.seq t_Item'0) self) - - predicate completed'0 [#"common.rs" 11 4 11 36] (self : borrowed t_I'0) - - predicate inv'1 (_1 : t_Item'0) - - use seq.Seq - - predicate precondition'0 (self : t_F'0) (args : t_Item'0) - - predicate next_precondition'0 [#"05_map.rs" 83 4 83 50] (iter : t_I'0) (func : t_F'0) = - [%#s05_map33] forall e : t_Item'0, i : t_I'0 [produces'1 iter (Seq.singleton e) i] . inv'1 e /\ inv'5 i - -> produces'1 iter (Seq.singleton e) i -> precondition'0 func (e) - - type t_B'0 - - use prelude.prelude.Int - - use seq.Seq - - use seq.Seq - - predicate invariant'5 (self : t_Item'0) = - [%#sboxed34] inv'1 self - - predicate inv'8 (_1 : t_Item'0) - - axiom inv_axiom'5 [@rewrite] : forall x : t_Item'0 [inv'8 x] . inv'8 x = invariant'5 x - - predicate invariant'2 (self : Seq.seq t_Item'0) = - [%#sseq29] forall i : int . 0 <= i /\ i < Seq.length self -> inv'8 (Seq.get self i) - - predicate inv'3 (_1 : Seq.seq t_Item'0) - - axiom inv_axiom'2 [@rewrite] : forall x : Seq.seq t_Item'0 [inv'3 x] . inv'3 x = invariant'2 x - - predicate invariant'0 (self : borrowed t_F'0) = - [%#sinvariant28] inv'6 self.current /\ inv'6 self.final - - predicate inv'0 (_1 : borrowed t_F'0) - - axiom inv_axiom'0 [@rewrite] : forall x : borrowed t_F'0 [inv'0 x] . inv'0 x = invariant'0 x + axiom produces_refl'1_spec : forall self : t_I'0 . [%#scommon9] produces'1 self (Seq.empty : Seq.seq t_Item'0) self predicate postcondition_once'0 (self : t_F'0) (args : t_Item'0) (result : t_B'0) + use prelude.prelude.Borrow + predicate resolve'0 (_1 : t_F'0) predicate postcondition_mut'0 (self : t_F'0) (args : t_Item'0) (result_state : t_F'0) (result : t_B'0) function fn_mut_once'0 (self : t_F'0) (args : t_Item'0) (res : t_B'0) : () - axiom fn_mut_once'0_spec : forall self : t_F'0, args : t_Item'0, res : t_B'0 . [%#sops27] postcondition_once'0 self args res + axiom fn_mut_once'0_spec : forall self : t_F'0, args : t_Item'0, res : t_B'0 . [%#sops19] postcondition_once'0 self args res = (exists res_state : t_F'0 . postcondition_mut'0 self args res_state res /\ resolve'0 res_state) predicate unnest'0 (self : t_F'0) (_2 : t_F'0) function unnest_trans'0 (self : t_F'0) (b : t_F'0) (c : t_F'0) : () - axiom unnest_trans'0_spec : forall self : t_F'0, b : t_F'0, c : t_F'0 . ([%#sops24] unnest'0 self b) - -> ([%#sops25] unnest'0 b c) -> ([%#sops26] unnest'0 self c) + axiom unnest_trans'0_spec : forall self : t_F'0, b : t_F'0, c : t_F'0 . ([%#sops16] unnest'0 self b) + -> ([%#sops17] unnest'0 b c) -> ([%#sops18] unnest'0 self c) function unnest_refl'0 (self : t_F'0) : () - axiom unnest_refl'0_spec : forall self : t_F'0 . [%#sops23] unnest'0 self self + axiom unnest_refl'0_spec : forall self : t_F'0 . [%#sops15] unnest'0 self self function postcondition_mut_unnest'0 (self : t_F'0) (args : t_Item'0) (res_state : t_F'0) (res : t_B'0) : () - axiom postcondition_mut_unnest'0_spec : forall self : t_F'0, args : t_Item'0, res_state : t_F'0, res : t_B'0 . ([%#sops21] postcondition_mut'0 self args res_state res) - -> ([%#sops22] unnest'0 self res_state) + axiom postcondition_mut_unnest'0_spec : forall self : t_F'0, args : t_Item'0, res_state : t_F'0, res : t_B'0 . ([%#sops13] postcondition_mut'0 self args res_state res) + -> ([%#sops14] unnest'0 self res_state) use seq.Seq - predicate preservation'0 [#"05_map.rs" 94 4 94 45] (iter : t_I'0) (func : t_F'0) = - [%#s05_map32] forall s : Seq.seq t_Item'0, e1 : t_Item'0, e2 : t_Item'0, f : borrowed t_F'0, b : t_B'0, i : t_I'0 [produces'1 iter (Seq.snoc (Seq.snoc s e1) e2) i, postcondition_mut'0 f.current (e1) f.final b] . inv'3 s - /\ inv'1 e1 /\ inv'1 e2 /\ inv'0 f /\ inv'5 i /\ unnest'0 func f.current - -> produces'1 iter (Seq.snoc (Seq.snoc s e1) e2) i - -> precondition'0 f.current (e1) -> postcondition_mut'0 f.current (e1) f.final b -> precondition'0 f.final (e2) - - predicate reinitialize'0 [#"05_map.rs" 107 4 107 29] (_1 : ()) = - [%#s05_map31] forall iter : borrowed t_I'0, func : t_F'0 . inv'9 iter /\ inv'6 func - -> completed'0 iter -> next_precondition'0 iter.final func /\ preservation'0 iter.final func - - predicate invariant'3 [#"05_map.rs" 153 4 153 30] (self : t_Map'0) = - [%#s05_map30] reinitialize'0 () - /\ preservation'0 self.t_Map__iter'0 self.t_Map__func'0 /\ next_precondition'0 self.t_Map__iter'0 self.t_Map__func'0 - - predicate inv'4 (_1 : t_Map'0) - - axiom inv_axiom'3 [@rewrite] : forall x : t_Map'0 [inv'4 x] . inv'4 x - = (invariant'3 x - /\ match x with - | {t_Map__iter'0 = iter ; t_Map__func'0 = func} -> inv'5 iter /\ inv'6 func - end) - use seq.Seq use seq.Seq use seq.Seq - use seq.Seq - - use seq.Seq - - use seq.Seq - - predicate invariant'4 (self : borrowed t_F'0) = - [%#sboxed34] inv'0 self - - predicate inv'7 (_1 : borrowed t_F'0) - - axiom inv_axiom'4 [@rewrite] : forall x : borrowed t_F'0 [inv'7 x] . inv'7 x = invariant'4 x - - predicate invariant'1 (self : Seq.seq (borrowed t_F'0)) = - [%#sseq29] forall i : int . 0 <= i /\ i < Seq.length self -> inv'7 (Seq.get self i) - - predicate inv'2 (_1 : Seq.seq (borrowed t_F'0)) - - axiom inv_axiom'1 [@rewrite] : forall x : Seq.seq (borrowed t_F'0) [inv'2 x] . inv'2 x = invariant'1 x + use prelude.prelude.Int use seq.Seq use seq.Seq - use seq.Seq + predicate precondition'0 (self : t_F'0) (args : t_Item'0) use seq.Seq - predicate produces'0 [@inline:trivial] [#"05_map.rs" 48 4 48 67] (self : t_Map'0) (visited : Seq.seq t_B'0) (succ : t_Map'0) + predicate produces'0 [@inline:trivial] [#"05_map.rs" 41 4 41 67] (self : t_Map'0) (visited : Seq.seq t_B'0) (succ : t_Map'0) = [%#s05_map2] unnest'0 self.t_Map__func'0 succ.t_Map__func'0 - /\ (exists fs : Seq.seq (borrowed t_F'0) . inv'2 fs - /\ Seq.length fs = Seq.length visited - /\ (exists s : Seq.seq t_Item'0 [produces'1 self.t_Map__iter'0 s succ.t_Map__iter'0] . inv'3 s - /\ Seq.length s = Seq.length visited + /\ (exists fs : Seq.seq (borrowed t_F'0) . Seq.length fs = Seq.length visited + /\ (exists s : Seq.seq t_Item'0 [produces'1 self.t_Map__iter'0 s succ.t_Map__iter'0] . Seq.length s + = Seq.length visited /\ produces'1 self.t_Map__iter'0 s succ.t_Map__iter'0 /\ (forall i : int . 1 <= i /\ i < Seq.length fs -> (Seq.get fs (i - 1)).final = (Seq.get fs i).current) /\ (if Seq.length visited = 0 then @@ -1296,22 +860,20 @@ module M_05_map__qyi9543869049664362474__produces_one [#"05_map.rs" 138 4 138 57 /\ precondition'0 (Seq.get fs i).current (Seq.get s i) /\ postcondition_mut'0 (Seq.get fs i).current (Seq.get s i) (Seq.get fs i).final (Seq.get visited i)))) - function produces_trans'0 [#"05_map.rs" 43 4 43 90] (a : t_Map'0) (ab : Seq.seq t_B'0) (b : t_Map'0) (bc : Seq.seq t_B'0) (c : t_Map'0) : () + function produces_trans'0 [#"05_map.rs" 36 4 36 90] (a : t_Map'0) (ab : Seq.seq t_B'0) (b : t_Map'0) (bc : Seq.seq t_B'0) (c : t_Map'0) : () = - [%#s05_map12] () + [%#s05_map8] () + + axiom produces_trans'0_spec : forall a : t_Map'0, ab : Seq.seq t_B'0, b : t_Map'0, bc : Seq.seq t_B'0, c : t_Map'0 . ([%#s05_map5] produces'0 a ab b) + -> ([%#s05_map6] produces'0 b bc c) -> ([%#s05_map7] produces'0 a (Seq.(++) ab bc) c) - axiom produces_trans'0_spec : forall a : t_Map'0, ab : Seq.seq t_B'0, b : t_Map'0, bc : Seq.seq t_B'0, c : t_Map'0 . ([%#s05_map6] inv'4 a) - -> ([%#s05_map7] inv'4 b) - -> ([%#s05_map8] inv'4 c) - -> ([%#s05_map9] produces'0 a ab b) - -> ([%#s05_map10] produces'0 b bc c) -> ([%#s05_map11] produces'0 a (Seq.(++) ab bc) c) + function produces_refl'0 [#"05_map.rs" 29 4 29 26] (self : t_Map'0) : () = + [%#s05_map4] () - function produces_refl'0 [#"05_map.rs" 33 4 33 26] (self : t_Map'0) : () = - [%#s05_map5] () + axiom produces_refl'0_spec : forall self : t_Map'0 . [%#s05_map3] produces'0 self (Seq.empty : Seq.seq t_B'0) self - axiom produces_refl'0_spec : forall self : t_Map'0 . ([%#s05_map3] inv'4 self) - -> ([%#s05_map4] produces'0 self (Seq.empty : Seq.seq t_B'0) self) + use seq.Seq constant self : t_Map'0 @@ -1319,46 +881,38 @@ module M_05_map__qyi9543869049664362474__produces_one [#"05_map.rs" 138 4 138 57 constant succ : t_Map'0 - predicate produces_one'0 [#"05_map.rs" 138 4 138 57] (self : t_Map'0) (visited : t_B'0) (succ : t_Map'0) + predicate produces_one'0 [#"05_map.rs" 124 4 124 57] (self : t_Map'0) (visited : t_B'0) (succ : t_Map'0) - goal vc_produces_one'0 : [%#s05_map0] ([%#s05_map1] exists f : borrowed t_F'0, e : t_Item'0 [postcondition_mut'0 f.current (e) f.final visited] . inv'0 f - /\ inv'1 e - /\ f.current = self.t_Map__func'0 + goal vc_produces_one'0 : [%#s05_map0] ([%#s05_map1] exists f : borrowed t_F'0, e : t_Item'0 [postcondition_mut'0 f.current (e) f.final visited] . f.current + = self.t_Map__func'0 /\ f.final = succ.t_Map__func'0 /\ produces'1 self.t_Map__iter'0 (Seq.singleton e) succ.t_Map__iter'0 /\ precondition'0 f.current (e) /\ postcondition_mut'0 f.current (e) f.final visited) = produces'0 self (Seq.singleton visited) succ end -module M_05_map__map [#"05_map.rs" 168 0 168 84] - let%span s05_map0 = "05_map.rs" 168 51 168 55 - let%span s05_map1 = "05_map.rs" 168 60 168 64 - let%span s05_map2 = "05_map.rs" 162 11 164 39 - let%span s05_map3 = "05_map.rs" 165 11 165 41 - let%span s05_map4 = "05_map.rs" 166 11 166 51 - let%span s05_map5 = "05_map.rs" 168 72 168 84 - let%span s05_map6 = "05_map.rs" 167 10 167 38 - let%span s05_map7 = "05_map.rs" 109 12 112 87 - let%span s05_map8 = "05_map.rs" 96 12 102 41 - let%span scommon9 = "common.rs" 14 15 14 24 - let%span scommon10 = "common.rs" 15 14 15 45 - let%span scommon11 = "common.rs" 19 15 19 21 - let%span scommon12 = "common.rs" 20 15 20 21 - let%span scommon13 = "common.rs" 21 15 21 21 - let%span scommon14 = "common.rs" 22 15 22 32 - let%span scommon15 = "common.rs" 23 15 23 32 - let%span scommon16 = "common.rs" 24 14 24 42 - let%span s05_map17 = "05_map.rs" 85 12 89 39 - let%span sops18 = "../../../../creusot-contracts/src/std/ops.rs" 109 15 109 59 - let%span sops19 = "../../../../creusot-contracts/src/std/ops.rs" 110 14 110 36 - let%span sops20 = "../../../../creusot-contracts/src/std/ops.rs" 115 14 115 31 - let%span sops21 = "../../../../creusot-contracts/src/std/ops.rs" 120 15 120 29 - let%span sops22 = "../../../../creusot-contracts/src/std/ops.rs" 121 15 121 26 - let%span sops23 = "../../../../creusot-contracts/src/std/ops.rs" 122 14 122 28 - let%span sops24 = "../../../../creusot-contracts/src/std/ops.rs" 127 14 128 105 - let%span s05_map25 = "05_map.rs" 155 12 157 57 - let%span sinvariant26 = "../../../../creusot-contracts/src/invariant.rs" 34 20 34 44 - let%span sseq27 = "../../../../creusot-contracts/src/logic/seq.rs" 611 20 611 95 - let%span sboxed28 = "../../../../creusot-contracts/src/std/boxed.rs" 28 8 28 18 +module M_05_map__map [#"05_map.rs" 154 0 154 84] + let%span s05_map0 = "05_map.rs" 154 51 154 55 + let%span s05_map1 = "05_map.rs" 154 60 154 64 + let%span s05_map2 = "05_map.rs" 148 11 150 39 + let%span s05_map3 = "05_map.rs" 151 11 151 41 + let%span s05_map4 = "05_map.rs" 152 11 152 51 + let%span s05_map5 = "05_map.rs" 154 72 154 84 + let%span s05_map6 = "05_map.rs" 153 10 153 38 + let%span s05_map7 = "05_map.rs" 101 12 103 87 + let%span s05_map8 = "05_map.rs" 88 12 94 41 + let%span scommon9 = "common.rs" 14 14 14 45 + let%span scommon10 = "common.rs" 18 15 18 32 + let%span scommon11 = "common.rs" 19 15 19 32 + let%span scommon12 = "common.rs" 20 14 20 42 + let%span s05_map13 = "05_map.rs" 78 12 81 39 + let%span sops14 = "../../../../creusot-contracts/src/std/ops.rs" 109 15 109 59 + let%span sops15 = "../../../../creusot-contracts/src/std/ops.rs" 110 14 110 36 + let%span sops16 = "../../../../creusot-contracts/src/std/ops.rs" 115 14 115 31 + let%span sops17 = "../../../../creusot-contracts/src/std/ops.rs" 120 15 120 29 + let%span sops18 = "../../../../creusot-contracts/src/std/ops.rs" 121 15 121 26 + let%span sops19 = "../../../../creusot-contracts/src/std/ops.rs" 122 14 122 28 + let%span sops20 = "../../../../creusot-contracts/src/std/ops.rs" 127 14 128 105 + let%span s05_map21 = "05_map.rs" 141 12 143 57 type t_I'0 @@ -1383,21 +937,15 @@ module M_05_map__map [#"05_map.rs" 168 0 168 84] predicate produces'0 [#"common.rs" 8 4 8 65] (self : t_I'0) (visited : Seq.seq t_Item'0) (o : t_I'0) - function produces_trans'0 [#"common.rs" 25 4 25 91] (a : t_I'0) (ab : Seq.seq t_Item'0) (b : t_I'0) (bc : Seq.seq t_Item'0) (c : t_I'0) : () + function produces_trans'0 [#"common.rs" 21 4 21 91] (a : t_I'0) (ab : Seq.seq t_Item'0) (b : t_I'0) (bc : Seq.seq t_Item'0) (c : t_I'0) : () - axiom produces_trans'0_spec : forall a : t_I'0, ab : Seq.seq t_Item'0, b : t_I'0, bc : Seq.seq t_Item'0, c : t_I'0 . ([%#scommon11] inv'0 a) - -> ([%#scommon12] inv'0 b) - -> ([%#scommon13] inv'0 c) - -> ([%#scommon14] produces'0 a ab b) - -> ([%#scommon15] produces'0 b bc c) -> ([%#scommon16] produces'0 a (Seq.(++) ab bc) c) - - function produces_refl'0 [#"common.rs" 16 4 16 27] (self : t_I'0) : () + axiom produces_trans'0_spec : forall a : t_I'0, ab : Seq.seq t_Item'0, b : t_I'0, bc : Seq.seq t_Item'0, c : t_I'0 . ([%#scommon10] produces'0 a ab b) + -> ([%#scommon11] produces'0 b bc c) -> ([%#scommon12] produces'0 a (Seq.(++) ab bc) c) - axiom produces_refl'0_spec : forall self : t_I'0 . ([%#scommon9] inv'0 self) - -> ([%#scommon10] produces'0 self (Seq.empty : Seq.seq t_Item'0) self) + function produces_refl'0 [#"common.rs" 15 4 15 27] (self : t_I'0) : () - predicate inv'2 (_1 : t_Item'0) + axiom produces_refl'0_spec : forall self : t_I'0 . [%#scommon9] produces'0 self (Seq.empty : Seq.seq t_Item'0) self use seq.Seq @@ -1405,48 +953,14 @@ module M_05_map__map [#"05_map.rs" 168 0 168 84] use prelude.prelude.Borrow - predicate invariant'1 (self : borrowed t_I'0) = - [%#sinvariant26] inv'0 self.current /\ inv'0 self.final - - predicate inv'4 (_1 : borrowed t_I'0) - - axiom inv_axiom'1 [@rewrite] : forall x : borrowed t_I'0 [inv'4 x] . inv'4 x = invariant'1 x - predicate completed'0 [#"common.rs" 11 4 11 36] (self : borrowed t_I'0) - predicate next_precondition'0 [#"05_map.rs" 83 4 83 50] (iter : t_I'0) (func : t_F'0) = - [%#s05_map17] forall e : t_Item'0, i : t_I'0 [produces'0 iter (Seq.singleton e) i] . inv'2 e /\ inv'0 i - -> produces'0 iter (Seq.singleton e) i -> precondition'0 func (e) + predicate next_precondition'0 [#"05_map.rs" 76 4 76 50] (iter : t_I'0) (func : t_F'0) = + [%#s05_map13] forall e : t_Item'0, i : t_I'0 [produces'0 iter (Seq.singleton e) i] . produces'0 iter (Seq.singleton e) i + -> precondition'0 func (e) type t_B'0 - use prelude.prelude.Int - - use seq.Seq - - use seq.Seq - - predicate invariant'4 (self : t_Item'0) = - [%#sboxed28] inv'2 self - - predicate inv'7 (_1 : t_Item'0) - - axiom inv_axiom'4 [@rewrite] : forall x : t_Item'0 [inv'7 x] . inv'7 x = invariant'4 x - - predicate invariant'2 (self : Seq.seq t_Item'0) = - [%#sseq27] forall i : int . 0 <= i /\ i < Seq.length self -> inv'7 (Seq.get self i) - - predicate inv'5 (_1 : Seq.seq t_Item'0) - - axiom inv_axiom'2 [@rewrite] : forall x : Seq.seq t_Item'0 [inv'5 x] . inv'5 x = invariant'2 x - - predicate invariant'3 (self : borrowed t_F'0) = - [%#sinvariant26] inv'1 self.current /\ inv'1 self.final - - predicate inv'6 (_1 : borrowed t_F'0) - - axiom inv_axiom'3 [@rewrite] : forall x : borrowed t_F'0 [inv'6 x] . inv'6 x = invariant'3 x - predicate postcondition_once'0 (self : t_F'0) (args : t_Item'0) (result : t_B'0) predicate resolve'0 (_1 : t_F'0) @@ -1455,44 +969,43 @@ module M_05_map__map [#"05_map.rs" 168 0 168 84] function fn_mut_once'0 (self : t_F'0) (args : t_Item'0) (res : t_B'0) : () - axiom fn_mut_once'0_spec : forall self : t_F'0, args : t_Item'0, res : t_B'0 . [%#sops24] postcondition_once'0 self args res + axiom fn_mut_once'0_spec : forall self : t_F'0, args : t_Item'0, res : t_B'0 . [%#sops20] postcondition_once'0 self args res = (exists res_state : t_F'0 . postcondition_mut'0 self args res_state res /\ resolve'0 res_state) predicate unnest'0 (self : t_F'0) (_2 : t_F'0) function unnest_trans'0 (self : t_F'0) (b : t_F'0) (c : t_F'0) : () - axiom unnest_trans'0_spec : forall self : t_F'0, b : t_F'0, c : t_F'0 . ([%#sops21] unnest'0 self b) - -> ([%#sops22] unnest'0 b c) -> ([%#sops23] unnest'0 self c) + axiom unnest_trans'0_spec : forall self : t_F'0, b : t_F'0, c : t_F'0 . ([%#sops17] unnest'0 self b) + -> ([%#sops18] unnest'0 b c) -> ([%#sops19] unnest'0 self c) function unnest_refl'0 (self : t_F'0) : () - axiom unnest_refl'0_spec : forall self : t_F'0 . [%#sops20] unnest'0 self self + axiom unnest_refl'0_spec : forall self : t_F'0 . [%#sops16] unnest'0 self self function postcondition_mut_unnest'0 (self : t_F'0) (args : t_Item'0) (res_state : t_F'0) (res : t_B'0) : () - axiom postcondition_mut_unnest'0_spec : forall self : t_F'0, args : t_Item'0, res_state : t_F'0, res : t_B'0 . ([%#sops18] postcondition_mut'0 self args res_state res) - -> ([%#sops19] unnest'0 self res_state) + axiom postcondition_mut_unnest'0_spec : forall self : t_F'0, args : t_Item'0, res_state : t_F'0, res : t_B'0 . ([%#sops14] postcondition_mut'0 self args res_state res) + -> ([%#sops15] unnest'0 self res_state) use seq.Seq - predicate preservation'0 [#"05_map.rs" 94 4 94 45] (iter : t_I'0) (func : t_F'0) = - [%#s05_map8] forall s : Seq.seq t_Item'0, e1 : t_Item'0, e2 : t_Item'0, f : borrowed t_F'0, b : t_B'0, i : t_I'0 [produces'0 iter (Seq.snoc (Seq.snoc s e1) e2) i, postcondition_mut'0 f.current (e1) f.final b] . inv'5 s - /\ inv'2 e1 /\ inv'2 e2 /\ inv'6 f /\ inv'0 i /\ unnest'0 func f.current + predicate preservation'0 [#"05_map.rs" 86 4 86 45] (iter : t_I'0) (func : t_F'0) = + [%#s05_map8] forall s : Seq.seq t_Item'0, e1 : t_Item'0, e2 : t_Item'0, f : borrowed t_F'0, b : t_B'0, i : t_I'0 [produces'0 iter (Seq.snoc (Seq.snoc s e1) e2) i, postcondition_mut'0 f.current (e1) f.final b] . unnest'0 func f.current -> produces'0 iter (Seq.snoc (Seq.snoc s e1) e2) i -> precondition'0 f.current (e1) -> postcondition_mut'0 f.current (e1) f.final b -> precondition'0 f.final (e2) - predicate reinitialize'0 [#"05_map.rs" 107 4 107 29] (_1 : ()) = - [%#s05_map7] forall iter : borrowed t_I'0, func : t_F'0 . inv'4 iter /\ inv'1 func - -> completed'0 iter -> next_precondition'0 iter.final func /\ preservation'0 iter.final func + predicate reinitialize'0 [#"05_map.rs" 99 4 99 29] (_1 : ()) = + [%#s05_map7] forall iter : borrowed t_I'0, func : t_F'0 . completed'0 iter + -> next_precondition'0 iter.final func /\ preservation'0 iter.final func - predicate invariant'0 [#"05_map.rs" 153 4 153 30] (self : t_Map'0) = - [%#s05_map25] reinitialize'0 () + predicate invariant'0 [#"05_map.rs" 139 4 139 30] (self : t_Map'0) = + [%#s05_map21] reinitialize'0 () /\ preservation'0 self.t_Map__iter'0 self.t_Map__func'0 /\ next_precondition'0 self.t_Map__iter'0 self.t_Map__func'0 - predicate inv'3 (_1 : t_Map'0) + predicate inv'2 (_1 : t_Map'0) - axiom inv_axiom'0 [@rewrite] : forall x : t_Map'0 [inv'3 x] . inv'3 x + axiom inv_axiom'0 [@rewrite] : forall x : t_Map'0 [inv'2 x] . inv'2 x = (invariant'0 x /\ match x with | {t_Map__iter'0 = iter ; t_Map__func'0 = func} -> inv'0 iter /\ inv'1 func @@ -1502,8 +1015,8 @@ module M_05_map__map [#"05_map.rs" 168 0 168 84] let rec map'0 (iter:t_I'0) (func:t_F'0) (return' (ret:t_Map'0))= {[@expl:map 'iter' type invariant] [%#s05_map0] inv'0 iter} {[@expl:map 'func' type invariant] [%#s05_map1] inv'1 func} - {[@expl:map requires #0] [%#s05_map2] forall e : t_Item'0, i2 : t_I'0 . inv'2 e /\ inv'0 i2 - -> produces'0 iter (Seq.singleton e) i2 -> precondition'0 func (e)} + {[@expl:map requires #0] [%#s05_map2] forall e : t_Item'0, i2 : t_I'0 . produces'0 iter (Seq.singleton e) i2 + -> precondition'0 func (e)} {[@expl:map requires #1] [%#s05_map3] reinitialize'0 ()} {[@expl:map requires #2] [%#s05_map4] preservation'0 iter func} (! bb0 @@ -1516,39 +1029,33 @@ module M_05_map__map [#"05_map.rs" 168 0 168 84] | bb6 = bb7 | bb7 = return' {_0} ] ) [ & _0 : t_Map'0 = any_l () | & iter : t_I'0 = iter | & func : t_F'0 = func ] - [ return' (result:t_Map'0)-> {[@expl:map result type invariant] [%#s05_map5] inv'3 result} + [ return' (result:t_Map'0)-> {[@expl:map result type invariant] [%#s05_map5] inv'2 result} {[@expl:map ensures] [%#s05_map6] result = { t_Map__iter'0 = iter; t_Map__func'0 = func }} (! return' {result}) ] end -module M_05_map__qyi14910388998417814812__next__refines [#"05_map.rs" 69 4 69 44] (* as common::Iterator> *) - let%span s05_map0 = "05_map.rs" 69 4 69 44 - let%span s05_map1 = "05_map.rs" 26 8 26 75 - let%span s05_map2 = "05_map.rs" 137 14 137 68 - let%span s05_map3 = "05_map.rs" 140 12 145 60 - let%span s05_map4 = "05_map.rs" 49 8 62 9 +module M_05_map__qyi14910388998417814812__next__refines [#"05_map.rs" 62 4 62 44] (* as common::Iterator> *) + let%span s05_map0 = "05_map.rs" 62 4 62 44 + let%span s05_map1 = "05_map.rs" 23 8 23 75 + let%span s05_map2 = "05_map.rs" 123 14 123 68 + let%span s05_map3 = "05_map.rs" 126 12 131 60 + let%span s05_map4 = "05_map.rs" 42 8 55 9 let%span sinvariant5 = "../../../../creusot-contracts/src/invariant.rs" 34 20 34 44 - let%span scommon6 = "common.rs" 14 15 14 24 - let%span scommon7 = "common.rs" 15 14 15 45 - let%span scommon8 = "common.rs" 19 15 19 21 - let%span scommon9 = "common.rs" 20 15 20 21 - let%span scommon10 = "common.rs" 21 15 21 21 - let%span scommon11 = "common.rs" 22 15 22 32 - let%span scommon12 = "common.rs" 23 15 23 32 - let%span scommon13 = "common.rs" 24 14 24 42 - let%span sops14 = "../../../../creusot-contracts/src/std/ops.rs" 109 15 109 59 - let%span sops15 = "../../../../creusot-contracts/src/std/ops.rs" 110 14 110 36 - let%span sops16 = "../../../../creusot-contracts/src/std/ops.rs" 115 14 115 31 - let%span sops17 = "../../../../creusot-contracts/src/std/ops.rs" 120 15 120 29 - let%span sops18 = "../../../../creusot-contracts/src/std/ops.rs" 121 15 121 26 - let%span sops19 = "../../../../creusot-contracts/src/std/ops.rs" 122 14 122 28 - let%span sops20 = "../../../../creusot-contracts/src/std/ops.rs" 127 14 128 105 - let%span sseq21 = "../../../../creusot-contracts/src/logic/seq.rs" 611 20 611 95 - let%span s05_map22 = "05_map.rs" 155 12 157 57 - let%span s05_map23 = "05_map.rs" 109 12 112 87 - let%span s05_map24 = "05_map.rs" 96 12 102 41 - let%span s05_map25 = "05_map.rs" 85 12 89 39 - let%span sboxed26 = "../../../../creusot-contracts/src/std/boxed.rs" 28 8 28 18 + let%span scommon6 = "common.rs" 14 14 14 45 + let%span scommon7 = "common.rs" 18 15 18 32 + let%span scommon8 = "common.rs" 19 15 19 32 + let%span scommon9 = "common.rs" 20 14 20 42 + let%span sops10 = "../../../../creusot-contracts/src/std/ops.rs" 109 15 109 59 + let%span sops11 = "../../../../creusot-contracts/src/std/ops.rs" 110 14 110 36 + let%span sops12 = "../../../../creusot-contracts/src/std/ops.rs" 115 14 115 31 + let%span sops13 = "../../../../creusot-contracts/src/std/ops.rs" 120 15 120 29 + let%span sops14 = "../../../../creusot-contracts/src/std/ops.rs" 121 15 121 26 + let%span sops15 = "../../../../creusot-contracts/src/std/ops.rs" 122 14 122 28 + let%span sops16 = "../../../../creusot-contracts/src/std/ops.rs" 127 14 128 105 + let%span s05_map17 = "05_map.rs" 141 12 143 57 + let%span s05_map18 = "05_map.rs" 101 12 103 87 + let%span s05_map19 = "05_map.rs" 88 12 94 41 + let%span s05_map20 = "05_map.rs" 78 12 81 39 use prelude.prelude.Borrow @@ -1559,17 +1066,6 @@ module M_05_map__qyi14910388998417814812__next__refines [#"05_map.rs" 69 4 69 44 type t_Map'0 = { t_Map__iter'0: t_I'0; t_Map__func'0: t_F'0 } - predicate inv'8 (_1 : t_I'0) - - predicate invariant'7 (self : borrowed t_I'0) = - [%#sinvariant5] inv'8 self.current /\ inv'8 self.final - - predicate inv'12 (_1 : borrowed t_I'0) - - axiom inv_axiom'8 [@rewrite] : forall x : borrowed t_I'0 [inv'12 x] . inv'12 x = invariant'7 x - - predicate inv'9 (_1 : t_F'0) - use seq.Seq use seq.Seq @@ -1580,61 +1076,28 @@ module M_05_map__qyi14910388998417814812__next__refines [#"05_map.rs" 69 4 69 44 predicate produces'1 [#"common.rs" 8 4 8 65] (self : t_I'0) (visited : Seq.seq t_Item'0) (o : t_I'0) - function produces_trans'0 [#"common.rs" 25 4 25 91] (a : t_I'0) (ab : Seq.seq t_Item'0) (b : t_I'0) (bc : Seq.seq t_Item'0) (c : t_I'0) : () + function produces_trans'0 [#"common.rs" 21 4 21 91] (a : t_I'0) (ab : Seq.seq t_Item'0) (b : t_I'0) (bc : Seq.seq t_Item'0) (c : t_I'0) : () - axiom produces_trans'0_spec : forall a : t_I'0, ab : Seq.seq t_Item'0, b : t_I'0, bc : Seq.seq t_Item'0, c : t_I'0 . ([%#scommon8] inv'8 a) - -> ([%#scommon9] inv'8 b) - -> ([%#scommon10] inv'8 c) - -> ([%#scommon11] produces'1 a ab b) - -> ([%#scommon12] produces'1 b bc c) -> ([%#scommon13] produces'1 a (Seq.(++) ab bc) c) + axiom produces_trans'0_spec : forall a : t_I'0, ab : Seq.seq t_Item'0, b : t_I'0, bc : Seq.seq t_Item'0, c : t_I'0 . ([%#scommon7] produces'1 a ab b) + -> ([%#scommon8] produces'1 b bc c) -> ([%#scommon9] produces'1 a (Seq.(++) ab bc) c) - function produces_refl'0 [#"common.rs" 16 4 16 27] (self : t_I'0) : () + function produces_refl'0 [#"common.rs" 15 4 15 27] (self : t_I'0) : () - axiom produces_refl'0_spec : forall self : t_I'0 . ([%#scommon6] inv'8 self) - -> ([%#scommon7] produces'1 self (Seq.empty : Seq.seq t_Item'0) self) + axiom produces_refl'0_spec : forall self : t_I'0 . [%#scommon6] produces'1 self (Seq.empty : Seq.seq t_Item'0) self predicate completed'1 [#"common.rs" 11 4 11 36] (self : borrowed t_I'0) - predicate inv'3 (_1 : t_Item'0) - use seq.Seq predicate precondition'0 (self : t_F'0) (args : t_Item'0) - predicate next_precondition'0 [#"05_map.rs" 83 4 83 50] (iter : t_I'0) (func : t_F'0) = - [%#s05_map25] forall e : t_Item'0, i : t_I'0 [produces'1 iter (Seq.singleton e) i] . inv'3 e /\ inv'8 i - -> produces'1 iter (Seq.singleton e) i -> precondition'0 func (e) + predicate next_precondition'0 [#"05_map.rs" 76 4 76 50] (iter : t_I'0) (func : t_F'0) = + [%#s05_map20] forall e : t_Item'0, i : t_I'0 [produces'1 iter (Seq.singleton e) i] . produces'1 iter (Seq.singleton e) i + -> precondition'0 func (e) type t_B'0 - use prelude.prelude.Int - - use seq.Seq - - use seq.Seq - - predicate invariant'6 (self : t_Item'0) = - [%#sboxed26] inv'3 self - - predicate inv'11 (_1 : t_Item'0) - - axiom inv_axiom'7 [@rewrite] : forall x : t_Item'0 [inv'11 x] . inv'11 x = invariant'6 x - - predicate invariant'3 (self : Seq.seq t_Item'0) = - [%#sseq21] forall i : int . 0 <= i /\ i < Seq.length self -> inv'11 (Seq.get self i) - - predicate inv'5 (_1 : Seq.seq t_Item'0) - - axiom inv_axiom'4 [@rewrite] : forall x : Seq.seq t_Item'0 [inv'5 x] . inv'5 x = invariant'3 x - - predicate invariant'1 (self : borrowed t_F'0) = - [%#sinvariant5] inv'9 self.current /\ inv'9 self.final - - predicate inv'2 (_1 : borrowed t_F'0) - - axiom inv_axiom'2 [@rewrite] : forall x : borrowed t_F'0 [inv'2 x] . inv'2 x = invariant'1 x - predicate postcondition_once'0 (self : t_F'0) (args : t_Item'0) (result : t_B'0) predicate resolve'0 (_1 : t_F'0) @@ -1643,51 +1106,54 @@ module M_05_map__qyi14910388998417814812__next__refines [#"05_map.rs" 69 4 69 44 function fn_mut_once'0 (self : t_F'0) (args : t_Item'0) (res : t_B'0) : () - axiom fn_mut_once'0_spec : forall self : t_F'0, args : t_Item'0, res : t_B'0 . [%#sops20] postcondition_once'0 self args res + axiom fn_mut_once'0_spec : forall self : t_F'0, args : t_Item'0, res : t_B'0 . [%#sops16] postcondition_once'0 self args res = (exists res_state : t_F'0 . postcondition_mut'0 self args res_state res /\ resolve'0 res_state) predicate unnest'0 (self : t_F'0) (_2 : t_F'0) function unnest_trans'0 (self : t_F'0) (b : t_F'0) (c : t_F'0) : () - axiom unnest_trans'0_spec : forall self : t_F'0, b : t_F'0, c : t_F'0 . ([%#sops17] unnest'0 self b) - -> ([%#sops18] unnest'0 b c) -> ([%#sops19] unnest'0 self c) + axiom unnest_trans'0_spec : forall self : t_F'0, b : t_F'0, c : t_F'0 . ([%#sops13] unnest'0 self b) + -> ([%#sops14] unnest'0 b c) -> ([%#sops15] unnest'0 self c) function unnest_refl'0 (self : t_F'0) : () - axiom unnest_refl'0_spec : forall self : t_F'0 . [%#sops16] unnest'0 self self + axiom unnest_refl'0_spec : forall self : t_F'0 . [%#sops12] unnest'0 self self function postcondition_mut_unnest'0 (self : t_F'0) (args : t_Item'0) (res_state : t_F'0) (res : t_B'0) : () - axiom postcondition_mut_unnest'0_spec : forall self : t_F'0, args : t_Item'0, res_state : t_F'0, res : t_B'0 . ([%#sops14] postcondition_mut'0 self args res_state res) - -> ([%#sops15] unnest'0 self res_state) + axiom postcondition_mut_unnest'0_spec : forall self : t_F'0, args : t_Item'0, res_state : t_F'0, res : t_B'0 . ([%#sops10] postcondition_mut'0 self args res_state res) + -> ([%#sops11] unnest'0 self res_state) use seq.Seq - predicate preservation'0 [#"05_map.rs" 94 4 94 45] (iter : t_I'0) (func : t_F'0) = - [%#s05_map24] forall s : Seq.seq t_Item'0, e1 : t_Item'0, e2 : t_Item'0, f : borrowed t_F'0, b : t_B'0, i : t_I'0 [produces'1 iter (Seq.snoc (Seq.snoc s e1) e2) i, postcondition_mut'0 f.current (e1) f.final b] . inv'5 s - /\ inv'3 e1 /\ inv'3 e2 /\ inv'2 f /\ inv'8 i /\ unnest'0 func f.current + predicate preservation'0 [#"05_map.rs" 86 4 86 45] (iter : t_I'0) (func : t_F'0) = + [%#s05_map19] forall s : Seq.seq t_Item'0, e1 : t_Item'0, e2 : t_Item'0, f : borrowed t_F'0, b : t_B'0, i : t_I'0 [produces'1 iter (Seq.snoc (Seq.snoc s e1) e2) i, postcondition_mut'0 f.current (e1) f.final b] . unnest'0 func f.current -> produces'1 iter (Seq.snoc (Seq.snoc s e1) e2) i -> precondition'0 f.current (e1) -> postcondition_mut'0 f.current (e1) f.final b -> precondition'0 f.final (e2) - predicate reinitialize'0 [#"05_map.rs" 107 4 107 29] (_1 : ()) = - [%#s05_map23] forall iter : borrowed t_I'0, func : t_F'0 . inv'12 iter /\ inv'9 func - -> completed'1 iter -> next_precondition'0 iter.final func /\ preservation'0 iter.final func + predicate reinitialize'0 [#"05_map.rs" 99 4 99 29] (_1 : ()) = + [%#s05_map18] forall iter : borrowed t_I'0, func : t_F'0 . completed'1 iter + -> next_precondition'0 iter.final func /\ preservation'0 iter.final func - predicate invariant'4 [#"05_map.rs" 153 4 153 30] (self : t_Map'0) = - [%#s05_map22] reinitialize'0 () + predicate invariant'1 [#"05_map.rs" 139 4 139 30] (self : t_Map'0) = + [%#s05_map17] reinitialize'0 () /\ preservation'0 self.t_Map__iter'0 self.t_Map__func'0 /\ next_precondition'0 self.t_Map__iter'0 self.t_Map__func'0 - predicate inv'7 (_1 : t_Map'0) + predicate inv'4 (_1 : t_I'0) + + predicate inv'5 (_1 : t_F'0) - axiom inv_axiom'5 [@rewrite] : forall x : t_Map'0 [inv'7 x] . inv'7 x - = (invariant'4 x + predicate inv'3 (_1 : t_Map'0) + + axiom inv_axiom'2 [@rewrite] : forall x : t_Map'0 [inv'3 x] . inv'3 x + = (invariant'1 x /\ match x with - | {t_Map__iter'0 = iter ; t_Map__func'0 = func} -> inv'8 iter /\ inv'9 func + | {t_Map__iter'0 = iter ; t_Map__func'0 = func} -> inv'4 iter /\ inv'5 func end) predicate invariant'0 (self : borrowed (t_Map'0)) = - [%#sinvariant5] inv'7 self.current /\ inv'7 self.final + [%#sinvariant5] inv'3 self.current /\ inv'3 self.final predicate inv'0 (_1 : borrowed (t_Map'0)) @@ -1697,7 +1163,7 @@ module M_05_map__qyi14910388998417814812__next__refines [#"05_map.rs" 69 4 69 44 | C_None'0 | C_Some'0 t_B'0 - predicate completed'0 [#"05_map.rs" 25 4 25 35] (self : borrowed (t_Map'0)) = + predicate completed'0 [#"05_map.rs" 22 4 22 35] (self : borrowed (t_Map'0)) = [%#s05_map1] completed'1 (Borrow.borrow_logic (self.current).t_Map__iter'0 (self.final).t_Map__iter'0 (Borrow.inherit_id (Borrow.get_id self) 1)) /\ (self.current).t_Map__func'0 = (self.final).t_Map__func'0 @@ -1711,36 +1177,23 @@ module M_05_map__qyi14910388998417814812__next__refines [#"05_map.rs" 69 4 69 44 use seq.Seq - predicate invariant'5 (self : borrowed t_F'0) = - [%#sboxed26] inv'2 self - - predicate inv'10 (_1 : borrowed t_F'0) - - axiom inv_axiom'6 [@rewrite] : forall x : borrowed t_F'0 [inv'10 x] . inv'10 x = invariant'5 x - - predicate invariant'2 (self : Seq.seq (borrowed t_F'0)) = - [%#sseq21] forall i : int . 0 <= i /\ i < Seq.length self -> inv'10 (Seq.get self i) - - predicate inv'4 (_1 : Seq.seq (borrowed t_F'0)) - - axiom inv_axiom'3 [@rewrite] : forall x : Seq.seq (borrowed t_F'0) [inv'4 x] . inv'4 x = invariant'2 x - use seq.Seq + use prelude.prelude.Int + use seq.Seq use seq.Seq use seq.Seq - predicate produces'0 [@inline:trivial] [#"05_map.rs" 48 4 48 67] (self : t_Map'0) (visited : Seq.seq t_B'0) (succ : t_Map'0) + predicate produces'0 [@inline:trivial] [#"05_map.rs" 41 4 41 67] (self : t_Map'0) (visited : Seq.seq t_B'0) (succ : t_Map'0) = [%#s05_map4] unnest'0 self.t_Map__func'0 succ.t_Map__func'0 - /\ (exists fs : Seq.seq (borrowed t_F'0) . inv'4 fs - /\ Seq.length fs = Seq.length visited - /\ (exists s : Seq.seq t_Item'0 [produces'1 self.t_Map__iter'0 s succ.t_Map__iter'0] . inv'5 s - /\ Seq.length s = Seq.length visited + /\ (exists fs : Seq.seq (borrowed t_F'0) . Seq.length fs = Seq.length visited + /\ (exists s : Seq.seq t_Item'0 [produces'1 self.t_Map__iter'0 s succ.t_Map__iter'0] . Seq.length s + = Seq.length visited /\ produces'1 self.t_Map__iter'0 s succ.t_Map__iter'0 /\ (forall i : int . 1 <= i /\ i < Seq.length fs -> (Seq.get fs (i - 1)).final = (Seq.get fs i).current) /\ (if Seq.length visited = 0 then @@ -1753,10 +1206,9 @@ module M_05_map__qyi14910388998417814812__next__refines [#"05_map.rs" 69 4 69 44 /\ precondition'0 (Seq.get fs i).current (Seq.get s i) /\ postcondition_mut'0 (Seq.get fs i).current (Seq.get s i) (Seq.get fs i).final (Seq.get visited i)))) - predicate produces_one'0 [#"05_map.rs" 138 4 138 57] (self : t_Map'0) (visited : t_B'0) (succ : t_Map'0) = - [%#s05_map3] exists f : borrowed t_F'0, e : t_Item'0 [postcondition_mut'0 f.current (e) f.final visited] . inv'2 f - /\ inv'3 e - /\ f.current = self.t_Map__func'0 + predicate produces_one'0 [#"05_map.rs" 124 4 124 57] (self : t_Map'0) (visited : t_B'0) (succ : t_Map'0) = + [%#s05_map3] exists f : borrowed t_F'0, e : t_Item'0 [postcondition_mut'0 f.current (e) f.final visited] . f.current + = self.t_Map__func'0 /\ f.final = succ.t_Map__func'0 /\ produces'1 self.t_Map__iter'0 (Seq.singleton e) succ.t_Map__iter'0 /\ precondition'0 f.current (e) /\ postcondition_mut'0 f.current (e) f.final visited @@ -1764,14 +1216,14 @@ module M_05_map__qyi14910388998417814812__next__refines [#"05_map.rs" 69 4 69 44 axiom produces_one'0_spec : forall self : t_Map'0, visited : t_B'0, succ : t_Map'0 . [%#s05_map2] produces_one'0 self visited succ = produces'0 self (Seq.singleton visited) succ - predicate inv'6 (_1 : t_B'0) + predicate inv'2 (_1 : t_B'0) predicate inv'1 (_1 : t_Option'0) axiom inv_axiom'1 [@rewrite] : forall x : t_Option'0 [inv'1 x] . inv'1 x = match x with | C_None'0 -> true - | C_Some'0 a_0 -> inv'6 a_0 + | C_Some'0 a_0 -> inv'2 a_0 end goal refines : [%#s05_map0] forall self : borrowed (t_Map'0) . inv'0 self @@ -1787,31 +1239,20 @@ module M_05_map__qyi14910388998417814812__next__refines [#"05_map.rs" 69 4 69 44 end /\ inv'1 result) end -module M_05_map__qyi14910388998417814812__produces_refl__refines [#"05_map.rs" 33 4 33 26] (* as common::Iterator> *) - let%span s05_map0 = "05_map.rs" 33 4 33 26 - let%span s05_map1 = "05_map.rs" 49 8 62 9 - let%span s05_map2 = "05_map.rs" 155 12 157 57 - let%span sops3 = "../../../../creusot-contracts/src/std/ops.rs" 109 15 109 59 - let%span sops4 = "../../../../creusot-contracts/src/std/ops.rs" 110 14 110 36 - let%span sops5 = "../../../../creusot-contracts/src/std/ops.rs" 115 14 115 31 - let%span sops6 = "../../../../creusot-contracts/src/std/ops.rs" 120 15 120 29 - let%span sops7 = "../../../../creusot-contracts/src/std/ops.rs" 121 15 121 26 - let%span sops8 = "../../../../creusot-contracts/src/std/ops.rs" 122 14 122 28 - let%span sops9 = "../../../../creusot-contracts/src/std/ops.rs" 127 14 128 105 - let%span scommon10 = "common.rs" 14 15 14 24 - let%span scommon11 = "common.rs" 15 14 15 45 - let%span scommon12 = "common.rs" 19 15 19 21 - let%span scommon13 = "common.rs" 20 15 20 21 - let%span scommon14 = "common.rs" 21 15 21 21 - let%span scommon15 = "common.rs" 22 15 22 32 - let%span scommon16 = "common.rs" 23 15 23 32 - let%span scommon17 = "common.rs" 24 14 24 42 - let%span s05_map18 = "05_map.rs" 109 12 112 87 - let%span s05_map19 = "05_map.rs" 96 12 102 41 - let%span s05_map20 = "05_map.rs" 85 12 89 39 - let%span sseq21 = "../../../../creusot-contracts/src/logic/seq.rs" 611 20 611 95 - let%span sinvariant22 = "../../../../creusot-contracts/src/invariant.rs" 34 20 34 44 - let%span sboxed23 = "../../../../creusot-contracts/src/std/boxed.rs" 28 8 28 18 +module M_05_map__qyi14910388998417814812__produces_refl__refines [#"05_map.rs" 29 4 29 26] (* as common::Iterator> *) + let%span s05_map0 = "05_map.rs" 29 4 29 26 + let%span s05_map1 = "05_map.rs" 42 8 55 9 + let%span sops2 = "../../../../creusot-contracts/src/std/ops.rs" 109 15 109 59 + let%span sops3 = "../../../../creusot-contracts/src/std/ops.rs" 110 14 110 36 + let%span sops4 = "../../../../creusot-contracts/src/std/ops.rs" 115 14 115 31 + let%span sops5 = "../../../../creusot-contracts/src/std/ops.rs" 120 15 120 29 + let%span sops6 = "../../../../creusot-contracts/src/std/ops.rs" 121 15 121 26 + let%span sops7 = "../../../../creusot-contracts/src/std/ops.rs" 122 14 122 28 + let%span sops8 = "../../../../creusot-contracts/src/std/ops.rs" 127 14 128 105 + let%span scommon9 = "common.rs" 14 14 14 45 + let%span scommon10 = "common.rs" 18 15 18 32 + let%span scommon11 = "common.rs" 19 15 19 32 + let%span scommon12 = "common.rs" 20 14 20 42 type t_I'0 @@ -1820,18 +1261,11 @@ module M_05_map__qyi14910388998417814812__produces_refl__refines [#"05_map.rs" 3 type t_Map'0 = { t_Map__iter'0: t_I'0; t_Map__func'0: t_F'0 } - use prelude.prelude.Borrow - - predicate inv'3 (_1 : t_I'0) - - predicate invariant'3 (self : borrowed t_I'0) = - [%#sinvariant22] inv'3 self.current /\ inv'3 self.final - - predicate inv'5 (_1 : borrowed t_I'0) + use seq.Seq - axiom inv_axiom'3 [@rewrite] : forall x : borrowed t_I'0 [inv'5 x] . inv'5 x = invariant'3 x + type t_B'0 - predicate inv'4 (_1 : t_F'0) + use seq.Seq use seq.Seq @@ -1843,113 +1277,44 @@ module M_05_map__qyi14910388998417814812__produces_refl__refines [#"05_map.rs" 3 predicate produces'1 [#"common.rs" 8 4 8 65] (self : t_I'0) (visited : Seq.seq t_Item'0) (o : t_I'0) - function produces_trans'0 [#"common.rs" 25 4 25 91] (a : t_I'0) (ab : Seq.seq t_Item'0) (b : t_I'0) (bc : Seq.seq t_Item'0) (c : t_I'0) : () + function produces_trans'0 [#"common.rs" 21 4 21 91] (a : t_I'0) (ab : Seq.seq t_Item'0) (b : t_I'0) (bc : Seq.seq t_Item'0) (c : t_I'0) : () - axiom produces_trans'0_spec : forall a : t_I'0, ab : Seq.seq t_Item'0, b : t_I'0, bc : Seq.seq t_Item'0, c : t_I'0 . ([%#scommon12] inv'3 a) - -> ([%#scommon13] inv'3 b) - -> ([%#scommon14] inv'3 c) - -> ([%#scommon15] produces'1 a ab b) - -> ([%#scommon16] produces'1 b bc c) -> ([%#scommon17] produces'1 a (Seq.(++) ab bc) c) - - function produces_refl'1 [#"common.rs" 16 4 16 27] (self : t_I'0) : () - - axiom produces_refl'1_spec : forall self : t_I'0 . ([%#scommon10] inv'3 self) - -> ([%#scommon11] produces'1 self (Seq.empty : Seq.seq t_Item'0) self) - - predicate completed'0 [#"common.rs" 11 4 11 36] (self : borrowed t_I'0) - - predicate inv'6 (_1 : t_Item'0) - - use seq.Seq - - predicate precondition'0 (self : t_F'0) (args : t_Item'0) - - predicate next_precondition'0 [#"05_map.rs" 83 4 83 50] (iter : t_I'0) (func : t_F'0) = - [%#s05_map20] forall e : t_Item'0, i : t_I'0 [produces'1 iter (Seq.singleton e) i] . inv'6 e /\ inv'3 i - -> produces'1 iter (Seq.singleton e) i -> precondition'0 func (e) - - type t_B'0 - - use prelude.prelude.Int - - use seq.Seq + axiom produces_trans'0_spec : forall a : t_I'0, ab : Seq.seq t_Item'0, b : t_I'0, bc : Seq.seq t_Item'0, c : t_I'0 . ([%#scommon10] produces'1 a ab b) + -> ([%#scommon11] produces'1 b bc c) -> ([%#scommon12] produces'1 a (Seq.(++) ab bc) c) - use seq.Seq - - predicate invariant'6 (self : t_Item'0) = - [%#sboxed23] inv'6 self - - predicate inv'9 (_1 : t_Item'0) + function produces_refl'1 [#"common.rs" 15 4 15 27] (self : t_I'0) : () - axiom inv_axiom'6 [@rewrite] : forall x : t_Item'0 [inv'9 x] . inv'9 x = invariant'6 x - - predicate invariant'2 (self : Seq.seq t_Item'0) = - [%#sseq21] forall i : int . 0 <= i /\ i < Seq.length self -> inv'9 (Seq.get self i) - - predicate inv'2 (_1 : Seq.seq t_Item'0) - - axiom inv_axiom'2 [@rewrite] : forall x : Seq.seq t_Item'0 [inv'2 x] . inv'2 x = invariant'2 x - - predicate invariant'4 (self : borrowed t_F'0) = - [%#sinvariant22] inv'4 self.current /\ inv'4 self.final - - predicate inv'7 (_1 : borrowed t_F'0) - - axiom inv_axiom'4 [@rewrite] : forall x : borrowed t_F'0 [inv'7 x] . inv'7 x = invariant'4 x + axiom produces_refl'1_spec : forall self : t_I'0 . [%#scommon9] produces'1 self (Seq.empty : Seq.seq t_Item'0) self predicate postcondition_once'0 (self : t_F'0) (args : t_Item'0) (result : t_B'0) + use prelude.prelude.Borrow + predicate resolve'0 (_1 : t_F'0) predicate postcondition_mut'0 (self : t_F'0) (args : t_Item'0) (result_state : t_F'0) (result : t_B'0) function fn_mut_once'0 (self : t_F'0) (args : t_Item'0) (res : t_B'0) : () - axiom fn_mut_once'0_spec : forall self : t_F'0, args : t_Item'0, res : t_B'0 . [%#sops9] postcondition_once'0 self args res + axiom fn_mut_once'0_spec : forall self : t_F'0, args : t_Item'0, res : t_B'0 . [%#sops8] postcondition_once'0 self args res = (exists res_state : t_F'0 . postcondition_mut'0 self args res_state res /\ resolve'0 res_state) predicate unnest'0 (self : t_F'0) (_2 : t_F'0) function unnest_trans'0 (self : t_F'0) (b : t_F'0) (c : t_F'0) : () - axiom unnest_trans'0_spec : forall self : t_F'0, b : t_F'0, c : t_F'0 . ([%#sops6] unnest'0 self b) - -> ([%#sops7] unnest'0 b c) -> ([%#sops8] unnest'0 self c) + axiom unnest_trans'0_spec : forall self : t_F'0, b : t_F'0, c : t_F'0 . ([%#sops5] unnest'0 self b) + -> ([%#sops6] unnest'0 b c) -> ([%#sops7] unnest'0 self c) function unnest_refl'0 (self : t_F'0) : () - axiom unnest_refl'0_spec : forall self : t_F'0 . [%#sops5] unnest'0 self self + axiom unnest_refl'0_spec : forall self : t_F'0 . [%#sops4] unnest'0 self self function postcondition_mut_unnest'0 (self : t_F'0) (args : t_Item'0) (res_state : t_F'0) (res : t_B'0) : () - axiom postcondition_mut_unnest'0_spec : forall self : t_F'0, args : t_Item'0, res_state : t_F'0, res : t_B'0 . ([%#sops3] postcondition_mut'0 self args res_state res) - -> ([%#sops4] unnest'0 self res_state) - - use seq.Seq - - predicate preservation'0 [#"05_map.rs" 94 4 94 45] (iter : t_I'0) (func : t_F'0) = - [%#s05_map19] forall s : Seq.seq t_Item'0, e1 : t_Item'0, e2 : t_Item'0, f : borrowed t_F'0, b : t_B'0, i : t_I'0 [produces'1 iter (Seq.snoc (Seq.snoc s e1) e2) i, postcondition_mut'0 f.current (e1) f.final b] . inv'2 s - /\ inv'6 e1 /\ inv'6 e2 /\ inv'7 f /\ inv'3 i /\ unnest'0 func f.current - -> produces'1 iter (Seq.snoc (Seq.snoc s e1) e2) i - -> precondition'0 f.current (e1) -> postcondition_mut'0 f.current (e1) f.final b -> precondition'0 f.final (e2) - - predicate reinitialize'0 [#"05_map.rs" 107 4 107 29] (_1 : ()) = - [%#s05_map18] forall iter : borrowed t_I'0, func : t_F'0 . inv'5 iter /\ inv'4 func - -> completed'0 iter -> next_precondition'0 iter.final func /\ preservation'0 iter.final func - - predicate invariant'0 [#"05_map.rs" 153 4 153 30] (self : t_Map'0) = - [%#s05_map2] reinitialize'0 () - /\ preservation'0 self.t_Map__iter'0 self.t_Map__func'0 /\ next_precondition'0 self.t_Map__iter'0 self.t_Map__func'0 - - predicate inv'0 (_1 : t_Map'0) - - axiom inv_axiom'0 [@rewrite] : forall x : t_Map'0 [inv'0 x] . inv'0 x - = (invariant'0 x - /\ match x with - | {t_Map__iter'0 = iter ; t_Map__func'0 = func} -> inv'3 iter /\ inv'4 func - end) - - use seq.Seq + axiom postcondition_mut_unnest'0_spec : forall self : t_F'0, args : t_Item'0, res_state : t_F'0, res : t_B'0 . ([%#sops2] postcondition_mut'0 self args res_state res) + -> ([%#sops3] unnest'0 self res_state) use seq.Seq @@ -1959,36 +1324,23 @@ module M_05_map__qyi14910388998417814812__produces_refl__refines [#"05_map.rs" 3 use seq.Seq - predicate invariant'5 (self : borrowed t_F'0) = - [%#sboxed23] inv'7 self - - predicate inv'8 (_1 : borrowed t_F'0) - - axiom inv_axiom'5 [@rewrite] : forall x : borrowed t_F'0 [inv'8 x] . inv'8 x = invariant'5 x - - predicate invariant'1 (self : Seq.seq (borrowed t_F'0)) = - [%#sseq21] forall i : int . 0 <= i /\ i < Seq.length self -> inv'8 (Seq.get self i) - - predicate inv'1 (_1 : Seq.seq (borrowed t_F'0)) - - axiom inv_axiom'1 [@rewrite] : forall x : Seq.seq (borrowed t_F'0) [inv'1 x] . inv'1 x = invariant'1 x + use prelude.prelude.Int use seq.Seq use seq.Seq - use seq.Seq + predicate precondition'0 (self : t_F'0) (args : t_Item'0) use seq.Seq - predicate produces'0 [@inline:trivial] [#"05_map.rs" 48 4 48 67] (self : t_Map'0) (visited : Seq.seq t_B'0) (succ : t_Map'0) + predicate produces'0 [@inline:trivial] [#"05_map.rs" 41 4 41 67] (self : t_Map'0) (visited : Seq.seq t_B'0) (succ : t_Map'0) = [%#s05_map1] unnest'0 self.t_Map__func'0 succ.t_Map__func'0 - /\ (exists fs : Seq.seq (borrowed t_F'0) . inv'1 fs - /\ Seq.length fs = Seq.length visited - /\ (exists s : Seq.seq t_Item'0 [produces'1 self.t_Map__iter'0 s succ.t_Map__iter'0] . inv'2 s - /\ Seq.length s = Seq.length visited + /\ (exists fs : Seq.seq (borrowed t_F'0) . Seq.length fs = Seq.length visited + /\ (exists s : Seq.seq t_Item'0 [produces'1 self.t_Map__iter'0 s succ.t_Map__iter'0] . Seq.length s + = Seq.length visited /\ produces'1 self.t_Map__iter'0 s succ.t_Map__iter'0 /\ (forall i : int . 1 <= i /\ i < Seq.length fs -> (Seq.get fs (i - 1)).final = (Seq.get fs i).current) /\ (if Seq.length visited = 0 then @@ -2001,14 +1353,12 @@ module M_05_map__qyi14910388998417814812__produces_refl__refines [#"05_map.rs" 3 /\ precondition'0 (Seq.get fs i).current (Seq.get s i) /\ postcondition_mut'0 (Seq.get fs i).current (Seq.get s i) (Seq.get fs i).final (Seq.get visited i)))) - goal refines : [%#s05_map0] forall self : t_Map'0 . inv'0 self - -> inv'0 self - /\ (forall result : () . produces'0 self (Seq.empty : Seq.seq t_B'0) self - -> produces'0 self (Seq.empty : Seq.seq t_B'0) self) + goal refines : [%#s05_map0] forall self : t_Map'0 . forall result : () . produces'0 self (Seq.empty : Seq.seq t_B'0) self + -> produces'0 self (Seq.empty : Seq.seq t_B'0) self end -module M_05_map__qyi14910388998417814812__produces_trans__refines [#"05_map.rs" 43 4 43 90] (* as common::Iterator> *) - let%span s05_map0 = "05_map.rs" 43 4 43 90 - let%span s05_map1 = "05_map.rs" 49 8 62 9 +module M_05_map__qyi14910388998417814812__produces_trans__refines [#"05_map.rs" 36 4 36 90] (* as common::Iterator> *) + let%span s05_map0 = "05_map.rs" 36 4 36 90 + let%span s05_map1 = "05_map.rs" 42 8 55 9 let%span sops2 = "../../../../creusot-contracts/src/std/ops.rs" 109 15 109 59 let%span sops3 = "../../../../creusot-contracts/src/std/ops.rs" 110 14 110 36 let%span sops4 = "../../../../creusot-contracts/src/std/ops.rs" 115 14 115 31 @@ -2016,21 +1366,10 @@ module M_05_map__qyi14910388998417814812__produces_trans__refines [#"05_map.rs" let%span sops6 = "../../../../creusot-contracts/src/std/ops.rs" 121 15 121 26 let%span sops7 = "../../../../creusot-contracts/src/std/ops.rs" 122 14 122 28 let%span sops8 = "../../../../creusot-contracts/src/std/ops.rs" 127 14 128 105 - let%span scommon9 = "common.rs" 14 15 14 24 - let%span scommon10 = "common.rs" 15 14 15 45 - let%span scommon11 = "common.rs" 19 15 19 21 - let%span scommon12 = "common.rs" 20 15 20 21 - let%span scommon13 = "common.rs" 21 15 21 21 - let%span scommon14 = "common.rs" 22 15 22 32 - let%span scommon15 = "common.rs" 23 15 23 32 - let%span scommon16 = "common.rs" 24 14 24 42 - let%span s05_map17 = "05_map.rs" 155 12 157 57 - let%span sseq18 = "../../../../creusot-contracts/src/logic/seq.rs" 611 20 611 95 - let%span s05_map19 = "05_map.rs" 109 12 112 87 - let%span s05_map20 = "05_map.rs" 96 12 102 41 - let%span s05_map21 = "05_map.rs" 85 12 89 39 - let%span sboxed22 = "../../../../creusot-contracts/src/std/boxed.rs" 28 8 28 18 - let%span sinvariant23 = "../../../../creusot-contracts/src/invariant.rs" 34 20 34 44 + let%span scommon9 = "common.rs" 14 14 14 45 + let%span scommon10 = "common.rs" 18 15 18 32 + let%span scommon11 = "common.rs" 19 15 19 32 + let%span scommon12 = "common.rs" 20 14 20 42 type t_I'0 @@ -2043,8 +1382,6 @@ module M_05_map__qyi14910388998417814812__produces_trans__refines [#"05_map.rs" use seq.Seq - predicate inv'3 (_1 : t_I'0) - use seq.Seq use seq.Seq @@ -2055,19 +1392,15 @@ module M_05_map__qyi14910388998417814812__produces_trans__refines [#"05_map.rs" predicate produces'1 [#"common.rs" 8 4 8 65] (self : t_I'0) (visited : Seq.seq t_Item'0) (o : t_I'0) - function produces_trans'1 [#"common.rs" 25 4 25 91] (a : t_I'0) (ab : Seq.seq t_Item'0) (b : t_I'0) (bc : Seq.seq t_Item'0) (c : t_I'0) : () + function produces_trans'1 [#"common.rs" 21 4 21 91] (a : t_I'0) (ab : Seq.seq t_Item'0) (b : t_I'0) (bc : Seq.seq t_Item'0) (c : t_I'0) : () - axiom produces_trans'1_spec : forall a : t_I'0, ab : Seq.seq t_Item'0, b : t_I'0, bc : Seq.seq t_Item'0, c : t_I'0 . ([%#scommon11] inv'3 a) - -> ([%#scommon12] inv'3 b) - -> ([%#scommon13] inv'3 c) - -> ([%#scommon14] produces'1 a ab b) - -> ([%#scommon15] produces'1 b bc c) -> ([%#scommon16] produces'1 a (Seq.(++) ab bc) c) + axiom produces_trans'1_spec : forall a : t_I'0, ab : Seq.seq t_Item'0, b : t_I'0, bc : Seq.seq t_Item'0, c : t_I'0 . ([%#scommon10] produces'1 a ab b) + -> ([%#scommon11] produces'1 b bc c) -> ([%#scommon12] produces'1 a (Seq.(++) ab bc) c) - function produces_refl'0 [#"common.rs" 16 4 16 27] (self : t_I'0) : () + function produces_refl'0 [#"common.rs" 15 4 15 27] (self : t_I'0) : () - axiom produces_refl'0_spec : forall self : t_I'0 . ([%#scommon9] inv'3 self) - -> ([%#scommon10] produces'1 self (Seq.empty : Seq.seq t_Item'0) self) + axiom produces_refl'0_spec : forall self : t_I'0 . [%#scommon9] produces'1 self (Seq.empty : Seq.seq t_Item'0) self predicate postcondition_once'0 (self : t_F'0) (args : t_Item'0) (result : t_B'0) @@ -2100,56 +1433,13 @@ module M_05_map__qyi14910388998417814812__produces_trans__refines [#"05_map.rs" use seq.Seq - use prelude.prelude.Int - - use seq.Seq - - use seq.Seq - - predicate inv'4 (_1 : t_F'0) - - predicate invariant'6 (self : borrowed t_F'0) = - [%#sinvariant23] inv'4 self.current /\ inv'4 self.final - - predicate inv'9 (_1 : borrowed t_F'0) - - axiom inv_axiom'6 [@rewrite] : forall x : borrowed t_F'0 [inv'9 x] . inv'9 x = invariant'6 x - - predicate invariant'3 (self : borrowed t_F'0) = - [%#sboxed22] inv'9 self - - predicate inv'5 (_1 : borrowed t_F'0) - - axiom inv_axiom'3 [@rewrite] : forall x : borrowed t_F'0 [inv'5 x] . inv'5 x = invariant'3 x - - predicate invariant'1 (self : Seq.seq (borrowed t_F'0)) = - [%#sseq18] forall i : int . 0 <= i /\ i < Seq.length self -> inv'5 (Seq.get self i) - - predicate inv'1 (_1 : Seq.seq (borrowed t_F'0)) - - axiom inv_axiom'1 [@rewrite] : forall x : Seq.seq (borrowed t_F'0) [inv'1 x] . inv'1 x = invariant'1 x - use seq.Seq use seq.Seq use seq.Seq - predicate inv'8 (_1 : t_Item'0) - - predicate invariant'4 (self : t_Item'0) = - [%#sboxed22] inv'8 self - - predicate inv'6 (_1 : t_Item'0) - - axiom inv_axiom'4 [@rewrite] : forall x : t_Item'0 [inv'6 x] . inv'6 x = invariant'4 x - - predicate invariant'2 (self : Seq.seq t_Item'0) = - [%#sseq18] forall i : int . 0 <= i /\ i < Seq.length self -> inv'6 (Seq.get self i) - - predicate inv'2 (_1 : Seq.seq t_Item'0) - - axiom inv_axiom'2 [@rewrite] : forall x : Seq.seq t_Item'0 [inv'2 x] . inv'2 x = invariant'2 x + use prelude.prelude.Int use seq.Seq @@ -2159,14 +1449,13 @@ module M_05_map__qyi14910388998417814812__produces_trans__refines [#"05_map.rs" use seq.Seq - predicate produces'0 [@inline:trivial] [#"05_map.rs" 48 4 48 67] (self : t_Map'0) (visited : Seq.seq t_B'0) (succ : t_Map'0) + predicate produces'0 [@inline:trivial] [#"05_map.rs" 41 4 41 67] (self : t_Map'0) (visited : Seq.seq t_B'0) (succ : t_Map'0) = [%#s05_map1] unnest'0 self.t_Map__func'0 succ.t_Map__func'0 - /\ (exists fs : Seq.seq (borrowed t_F'0) . inv'1 fs - /\ Seq.length fs = Seq.length visited - /\ (exists s : Seq.seq t_Item'0 [produces'1 self.t_Map__iter'0 s succ.t_Map__iter'0] . inv'2 s - /\ Seq.length s = Seq.length visited + /\ (exists fs : Seq.seq (borrowed t_F'0) . Seq.length fs = Seq.length visited + /\ (exists s : Seq.seq t_Item'0 [produces'1 self.t_Map__iter'0 s succ.t_Map__iter'0] . Seq.length s + = Seq.length visited /\ produces'1 self.t_Map__iter'0 s succ.t_Map__iter'0 /\ (forall i : int . 1 <= i /\ i < Seq.length fs -> (Seq.get fs (i - 1)).final = (Seq.get fs i).current) /\ (if Seq.length visited = 0 then @@ -2179,51 +1468,10 @@ module M_05_map__qyi14910388998417814812__produces_trans__refines [#"05_map.rs" /\ precondition'0 (Seq.get fs i).current (Seq.get s i) /\ postcondition_mut'0 (Seq.get fs i).current (Seq.get s i) (Seq.get fs i).final (Seq.get visited i)))) - predicate invariant'5 (self : borrowed t_I'0) = - [%#sinvariant23] inv'3 self.current /\ inv'3 self.final - - predicate inv'7 (_1 : borrowed t_I'0) - - axiom inv_axiom'5 [@rewrite] : forall x : borrowed t_I'0 [inv'7 x] . inv'7 x = invariant'5 x - - predicate completed'0 [#"common.rs" 11 4 11 36] (self : borrowed t_I'0) - - use seq.Seq - - predicate next_precondition'0 [#"05_map.rs" 83 4 83 50] (iter : t_I'0) (func : t_F'0) = - [%#s05_map21] forall e : t_Item'0, i : t_I'0 [produces'1 iter (Seq.singleton e) i] . inv'8 e /\ inv'3 i - -> produces'1 iter (Seq.singleton e) i -> precondition'0 func (e) - - use seq.Seq - - predicate preservation'0 [#"05_map.rs" 94 4 94 45] (iter : t_I'0) (func : t_F'0) = - [%#s05_map20] forall s : Seq.seq t_Item'0, e1 : t_Item'0, e2 : t_Item'0, f : borrowed t_F'0, b : t_B'0, i : t_I'0 [produces'1 iter (Seq.snoc (Seq.snoc s e1) e2) i, postcondition_mut'0 f.current (e1) f.final b] . inv'2 s - /\ inv'8 e1 /\ inv'8 e2 /\ inv'9 f /\ inv'3 i /\ unnest'0 func f.current - -> produces'1 iter (Seq.snoc (Seq.snoc s e1) e2) i - -> precondition'0 f.current (e1) -> postcondition_mut'0 f.current (e1) f.final b -> precondition'0 f.final (e2) - - predicate reinitialize'0 [#"05_map.rs" 107 4 107 29] (_1 : ()) = - [%#s05_map19] forall iter : borrowed t_I'0, func : t_F'0 . inv'7 iter /\ inv'4 func - -> completed'0 iter -> next_precondition'0 iter.final func /\ preservation'0 iter.final func - - predicate invariant'0 [#"05_map.rs" 153 4 153 30] (self : t_Map'0) = - [%#s05_map17] reinitialize'0 () - /\ preservation'0 self.t_Map__iter'0 self.t_Map__func'0 /\ next_precondition'0 self.t_Map__iter'0 self.t_Map__func'0 - - predicate inv'0 (_1 : t_Map'0) - - axiom inv_axiom'0 [@rewrite] : forall x : t_Map'0 [inv'0 x] . inv'0 x - = (invariant'0 x - /\ match x with - | {t_Map__iter'0 = iter ; t_Map__func'0 = func} -> inv'3 iter /\ inv'4 func - end) - use seq.Seq goal refines : [%#s05_map0] forall a : t_Map'0 . forall ab : Seq.seq t_B'0 . forall b : t_Map'0 . forall bc : Seq.seq t_B'0 . forall c : t_Map'0 . produces'0 b bc c - /\ produces'0 a ab b /\ inv'0 c /\ inv'0 b /\ inv'0 a - -> produces'0 b bc c /\ produces'0 a ab b - /\ inv'0 c - /\ inv'0 b /\ inv'0 a /\ (forall result : () . produces'0 a (Seq.(++) ab bc) c -> produces'0 a (Seq.(++) ab bc) c) + -> produces'0 b bc c + /\ produces'0 a ab b /\ (forall result : () . produces'0 a (Seq.(++) ab bc) c -> produces'0 a (Seq.(++) ab bc) c) end diff --git a/creusot/tests/should_succeed/iterators/05_map.rs b/creusot/tests/should_succeed/iterators/05_map.rs index 3c081e25a..3e1478a1e 100644 --- a/creusot/tests/should_succeed/iterators/05_map.rs +++ b/creusot/tests/should_succeed/iterators/05_map.rs @@ -1,10 +1,7 @@ #![feature(unboxed_closures)] extern crate creusot_contracts; -use creusot_contracts::{ - invariant::{inv, Invariant}, - *, -}; +use creusot_contracts::{invariant::Invariant, *}; mod common; use common::Iterator; @@ -28,15 +25,11 @@ impl B> Iterator for Map { #[law] #[open] - #[requires(inv(self))] #[ensures(self.produces(Seq::EMPTY, self))] fn produces_refl(self) {} #[law] #[open] - #[requires(inv(a))] - #[requires(inv(b))] - #[requires(inv(c))] #[requires(a.produces(ab, b))] #[requires(b.produces(bc, c))] #[ensures(a.produces(ab.concat(bc), c))] @@ -48,10 +41,10 @@ impl B> Iterator for Map { fn produces(self, visited: Seq, succ: Self) -> bool { pearlite! { self.func.unnest(succ.func) - && exists> inv(fs) && fs.len() == visited.len() + && exists> fs.len() == visited.len() && exists> #![trigger self.iter.produces(s, succ.iter)] - inv(s) && s.len() == visited.len() && self.iter.produces(s, succ.iter) + s.len() == visited.len() && self.iter.produces(s, succ.iter) && (forall 1 <= i && i < fs.len() ==> ^fs[i - 1] == *fs[i]) && if visited.len() == 0 { self.func == succ.func } else { *fs[0] == self.func && ^fs[visited.len() - 1] == succ.func } @@ -84,7 +77,6 @@ impl B> Map { pearlite! { forall #![trigger iter.produces(Seq::singleton(e), i)] - inv(e) && inv(i) ==> iter.produces(Seq::singleton(e), i) ==> func.precondition((e,)) } @@ -95,7 +87,7 @@ impl B> Map { pearlite! { forall, e1: I::Item, e2: I::Item, f: &mut F, b: B, i: I> #![trigger iter.produces(s.push_back(e1).push_back(e2), i), (*f).postcondition_mut((e1,), ^f, b)] - inv(s) && inv(e1) && inv(e2) && inv(f) && inv(i) && func.unnest(*f) ==> + func.unnest(*f) ==> iter.produces(s.push_back(e1).push_back(e2), i) ==> (*f).precondition((e1,)) ==> (*f).postcondition_mut((e1,), ^f, b) ==> @@ -107,18 +99,13 @@ impl B> Map { fn reinitialize() -> bool { pearlite! { forall - inv(iter) && inv(func) ==> iter.completed() ==> Self::next_precondition(^iter, func) && Self::preservation(^iter, func) } } #[logic] - #[requires(inv(self))] - #[requires(inv(e))] - #[requires(inv(r))] - #[requires(inv(f))] - #[requires(inv(iter))] + #[requires(self.invariant())] #[requires(self.iter.produces(Seq::singleton(e), iter))] #[requires(*f == self.func)] #[requires((*f).postcondition_mut((e,), ^f, r) )] @@ -127,7 +114,6 @@ impl B> Map { fn produces_one_invariant(self, e: I::Item, r: B, f: &mut F, iter: I) { proof_assert! { forall, e1: I::Item, e2: I::Item, i: I> - inv(s) && inv(e1) && inv(e2) && inv(i) ==> iter.produces(s.push_back(e1).push_back(e2), i) ==> self.iter.produces(Seq::singleton(e).concat(s).push_back(e1).push_back(e2), i) } @@ -139,7 +125,7 @@ impl B> Map { pearlite! { exists #![trigger (*f).postcondition_mut((e,), ^f, visited)] - inv(f) && inv(e) && *f == self.func && ^f == succ.func + *f == self.func && ^f == succ.func && self.iter.produces(Seq::singleton(e), succ.iter) && (*f).precondition((e,)) && (*f).postcondition_mut((e,), ^f, visited) @@ -159,7 +145,7 @@ impl B> Invariant for Map { } } -#[requires(forall inv(e) && inv(i2) ==> +#[requires(forall iter.produces(Seq::singleton(e), i2) ==> func.precondition((e,)))] #[requires(Map::::reinitialize())] diff --git a/creusot/tests/should_succeed/iterators/05_map/why3session.xml b/creusot/tests/should_succeed/iterators/05_map/why3session.xml index 927bd4302..c0e0c6f28 100644 --- a/creusot/tests/should_succeed/iterators/05_map/why3session.xml +++ b/creusot/tests/should_succeed/iterators/05_map/why3session.xml @@ -4,7 +4,7 @@ - + @@ -15,7 +15,7 @@ - + @@ -29,59 +29,21 @@ - + - + - + - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - + @@ -98,37 +60,19 @@ - + - + - - - - - - - - - - - - - - - - - - - + @@ -137,27 +81,12 @@ - - - - - - - - - - - - - - - - + - + @@ -166,7 +95,7 @@ - + diff --git a/creusot/tests/should_succeed/iterators/05_map/why3shapes.gz b/creusot/tests/should_succeed/iterators/05_map/why3shapes.gz index 8d1a2779a426f1318200355f4cc979417a0b3b81..78fe98279dbd4bdbde1d46a97598839ee0ebac7d 100644 GIT binary patch literal 2407 zcmV-t37GaDiwFP!00000|Ls~yZ(}zSzUx=`=9w4`u!{R2J_wBn6p+bf2D}cNZ91gqvL087Q{-%E>k&NS6nxONT8{gw z4mN5;b`s^n$W{K++lG!$f2WtHr}A|h?-_;3@3^2xdQRJ)kH1iPXr(Z09<}zIXn{7z zw6A~mj+-&KYeon`X{>g)hK=F0IPupYDTG{{mY?*EuOZxsXLUzDnGsEat6JffU zB|T2i16E&J2~T?AR4_uovZvYzdiTv?BK zu;*DoQ`8X)pcO~$0Q$2y-&P zj14qn!^||j1t{Fc2Ji^ACo5^R?-@`{T%y_(>o$(nS~EkB$R#G^%GP*0t32ZGLZ@mq z9_5%v)xKo4FWLLNWsbbU9Da#8vqN~9ITx|!EWFMcFu9_sq+GNQEYbB;Y+)DKGC{em zK&-XKHC4|OHsuMJHVfXk1*jz-o?12@nBkRz$I>kTp6GD=df(Pz=~@q zW`J_RF|+#WBce?%B>$i|)0dGKBg_r8`1@kZq!j`0~D~`T%W!*^=Rfr#x_j(R~O!lK|*>B3hi#hOi4xY$_ zAHu#8H)h4(%0cQ7E_AHt6kVSn@@Lv?zun71%Z-&N`{)fbjd8hsQ-q{C+W^K&}xwsj)@+I2tewy7FY zcdQnlkM#NJr>eC=!+fGYKmB9(C6Dtc>*=Z-)=7(2GRw~tcVAwf(=inpSNCWGi!_YN z-Gh}i-!E&WZbGwu3wXVs!33VO)3B>$Yc0L*r15w9lg}1x_H4oC&lYU-Y|;A*z53cX zU#(hUW^?P!V5$0RLma(oh5jW3J>co55L-WPcz|=SA@=n1h8(_sh{&ipgf1`QdN%-F9A~U`nTYV3C9CVJ)dlk(F z%p3)k9OMT4tP8sF;Tw6Edu-gRJU0H#(xUMynjbwj?$nuWozw&e@ElrNayAYQXqV%; zZF3T{xa!5lD1>nQ+8kq!t4tXJKQ{HR~nchI$&b^u40Vk8{IhesY6)I!)sYS4LlTrk094mg~(%M|gZJS`n zASVMq<-Vr&ET@rw)cGU*^Y!I9jozOptE}F~58GX=|9W`n4M3?*Kl6v}dXi3SIBYeF z`4#;6l+n!IPgnsDG7yy$0yTISZZsvOcKfuy^|}Az>;1S?LEh9VnEz+P<(2mDsk7eK zc7BYKgw?Xcf=h7wh2{?m**p zWazmSx?9++R_VIW6*Cq75AWE}t;U)blK-E^YHPLjBFC;=ppF^o8yL_H~-C{zYc_Jn%2-*mAu3A4b%JIs=HHRclUwSVqt>`B`T$X0@s3r zN&rTbXn>)`aHpMe(h0{MI&f@JG9wFZlF|mWutpP)nnALb0)UNo+L@7pDX^dt0;sYm z3PK%Bl9EuDhS@;uPCGkNU@4Z0NflX9NHiir!IIR$@+2YgJOdxE$rf4{END$o3SJ;; zQ^+Vosf;d7fUF@M=Z@n@Pun0Ua2Z78rZhToE{q9f6oG;%DC>z6dbYGCf2UzK2%`!@ zu0>Q@S&NA*lUWZOXAZ|Z(~OrYaT_s;!X#xaH>H$;N5dILey1G@huk4L1c%IlbzmH5 z2g-qTARKT9=l~qBF}5;*ij1+*$kGU_QnWlMu2UIRC^NQsCw3_kgT$dAkOXB4p->@| zJa7!a!DMXxPHdq=;3864L{*j%lTe@#j7=qx2sUHOcVZXDlm!#kS`ggGRPZ2*LTVj& zD9SSX3DrBXF~+0`NXDXwLFtfqDlqC44G0_6opu78V2)eIjpKTJC_>bw)r?{Rps5I2 zks+;RD0IO|-)Seclgdfyq;QfuiB5u(%n9p+aY8$xoRCfkC%6;1fFLOGXb6xA#!zaL z3T`>-kU*qNF4>>VS_efUld#apL&1|l&A7r+D;1d}p-$;=VTyd-HKW8V*Z>R^kA+NN zv?!{GVVq)4j>&JCBuObU%N59&q=gbx5QRa-waU&=$|>oTaEd#HPQeM71d-`vbWDo0 zkya%ItdJbJP-u8wvZ|40s-*;mA|=fzD6K%ERhAbNkrG+57gWK5GTcJYM3PDy4KgAg Z3uaA{CL32Xr|iU5{{xqH_r5AC001{U!8rf` literal 4307 zcmV;^5G?N>iwFP!00000|Lt2#j~q9WzSpntO}iruz=+^;VILZX3oKyPmmTC)VDe!X zM(UQkTi(a7UobPtd{t&uOWhs}U<0zEm}D>*{1_2rg#PU>-#z{6KF6o;evgk&=ZE|M z_)dQJmw!LF^ZoDc@$BxO-%-PU%Rk?Vh8+uWaGxI^!WSQ(-a!NI{rd(R-iXt*nN}^( zU_+;l2jx#aQCr|RV=G>uvK`T6{C|KZb@=iJU3fCi`m{OPwvkB567$1Zq0 zxG(qj@u?fe8<3~TZ?X8z8xXSrssS}?&<(QFWtnsXra{&q91lNstKkjuyFqtI?)k%i zy3g;}yHEdUng;Q1q6yX@_NvI#u~JiQi3UaAM>i;rm74Z}24&wTQ^!h8_LViLhK)sa z+Gs!C6%o{_QpZF0`9lZTDM$AdKc;?cM-D?edWI;Lf!YCc21{JEung4#J6?#|!sb8~ zgWMI-c@swznad!OjcQDzw*Zts>)GD325^cNSp3dSvjNlqUBKT(^za^yJ>I5=40JhV zppTWB8wfDPLV!6|Y5@#Zfx#*;*!(ym^nGLoai!*Gx&Rd`P;m`ZD(4#MSgG+;$a*To z;#Ba(so?cg@Omov63yBA>4sQCumtqv(*)C%GKC_zn~%)H^5EM2FALIQm&%e6#RH%07fNuJI_IW%qh4=Y6K6Z0GEn0l$ zkFE^-*?+EvoW=8(%{;O!Fm5aLu4@|x2y;3psb8p8KMjqcRsl9-FYR_9EhW& ze|6^t8pm(vxuBh783)&Z;}1V?4ZJwf8k^hFF1fC(W2XkTR>Ppzn~*e9!46O-{mSod zXU^Bp%I46E>#lveRlJCQLol5n|GY56q*ph^;GeIre9ivG(>mqQomp6JRynzFygPqA z9+tLn2X)theF@fgTe3BTTSu!Q?ADB{b2=D(!sFdn*nqpMmgR0~ie3OD%nc1?=`Ldk z7Z}1@F*M=)a`>!OIfD=W%fg4Y;X~b;X%jxQ3!i-0Hj#7jB=*-Af}dW-^-p;H39mPV z*WC@V*WEf`yMoCMDAZG!sj9#6%LIkAhr%VV+u+xaTJ6CMceKD=R?o`;*U;D846Y-s zlcpg)hgi2R-mQy|a44YSS3re(pt^8A2Tyl%x*9@XuJ+VXK~ zg)H$^K2E%mj}sYXdWka8Q1@I(y6&eaDAQL^CilFN-1KpBA8Wf@#ioxFwR$RW4=XBRR=K`1e{_}QRUhtx?g3H(TrS4W=y2RzKN4>`Nf>pTgSNC!0 z#wWDx4<#w<3egtApVo*zUBdmCnNy`E0k9M$Wa^u%5_HMo>ak_NDnV~mB>;2$Q>Ch=O4TA&%4$xZ)to+ClrIM2DaO3ibn+C81`fB6`nAMX1!uxa4}D}@VeY+-Y@i^2ug6)sG1D9e`0 zvZHdfFRIa#<){K}RiLfr$76stP{DSl=4AlD>Jb8V9LYt|0o1|-sD%kI7G7WjVxxQq zyV?lR0N*U%>AUb*`9v;;m=;{9#c#Q+)-kyrV$zVSbMSHjMpwAgAm)mN;iy9`RA5&M z6|fd6$Xci%yF!Kg_&?7d=Dxh9DoVcaDL(%0*55A5IpUesbah9Y)98h>E1da@MWxT& zJ!O|Pu?l)p;ZP{ki8B~Ib1J4xpUO&yqLp{5A^KZGSnURFo2%U9 zvsk;w;$gTxmIv0Yu`gNXX@(1xadC1#G@MUb#qnZptx{%%_ zou-}{F70LsiYE%9^={_vfQuo+7MsaI6)f`{ogyDRvB;Y5SI)mtwCdxjgb#BjbC1eO z;U+6}n`{;cT#S|3DpqFGSeciwfsZXPk1rOnGGD~XRH6k{q6M{4!Fx4QuF(Y5NLkiM znSXWl>)y3Gxj0-7lY5*NVWb6g7iFkR1a-x$6+14v+(p^mCE`=xbWo2$@$?Sgh`E~i&QRxWa^+~dCeB}WwRB*vEgmmIP1PNH}xUA&Xt@J>{`6V1I7 zE8d9}@5C;6Cvn9)QT0x|dMCbk$KmxIN7Z*6wfS!|us-A9g@2o|S9{)S(m+$`@do-y|U&*m3`k6_elVPx}BGIWxta+!BDG+;^f-G!) zHCzLFnsK6?9TEZ_lCr2en#mjULRoRUoHV%>}OEtOmD__KX7Z$ z7O)npY$|;tnsW`=9|Ph})`sLV*P0)zyXDIfT?MJ~I#T%+r0&^@0jc~dQm;*N?KtFk z@`h@oKY{rtF#id_+=s+&T(pXW2JY8`kZH7$<*Z_DT`y?}HExQ?wlz~H+(qDp4)J5E zcTYa1(SG`hMc%5wWy0uB1y%)4?;}@U_NZKqWVss2dNqQ2HDWhE+)=$6QMnqun+@$A zj84mR*U$S-}0A_D*d&5e)|#A%+>f9#p*3Rr^S!uRUc*jERKhR zY#AEvgTyF^84s;$nKH;_O9qqv4!8xffEK_4v&L$xthB;%OBO9yc3{jiY7;V#L5OG) zZ?#ZTD`Z;Aw(WR`eI6J+6I^>_3=|@Ulsro&cpkJAqLTxSMQu@8loo|WZjmgaMX<;$ z7z^5hvLFvmIGLmaW59UUMlPgekUVG|gd&r^Bh~RB4gfx zFe#CWvJ>HLH^TX-Avy}dVDdZ~a2!b+XHsZ&WZg!*EgYkB%#-oK37JAnN(P242%zAA zsm{PD_NF2LD4_sEiWE6Y6-`W_J#W2C&WX-+2>!NO045Mw8zmBYY`Nk=BPGFtS5l=; z1o6gj3<{Ja#ZWOBxf9^DMvW{g6&-aV$Tt-sIf??>7TY#5V*>C9Qnw6MtCB<4iD0bI zR;V`>M4&N=DTo3?@>+vo+_%yztrddmJf;LI-xil1g+}y}^FUsh#Jr9&fovTYO7xam zl9g|3rbu~;l9)pl4dXE)@FZK!$Oi`rJ1O{EOA(Z!&>E8**O7DxQWL0FI;nk&&`Y7L zlvcj&G4T+9hvZoDOfnw4B!ifENZNCSJv8(mAPCorC#I$HJPD^F4?eU6JSlH<@I5-r zA0S9V6`WF1$!NIYf=n<0IZMGM2&r=-hFe3{pfz9(v)Wj#D>JREmR1X^xz%Jf9#Ev# z7%f}VY8|CRCJ2J|0Rpzcb>11eKV+d34lDq(z>Ec^Eih$)NefI^VB7*D3k)r=yb5NG zu|`{?tdZ7;gZIFkW6UcPB1*#@sib107NUsI*&X0H%7!X5?W3xu#h`ERm7Xo0{& zw`IlxY73a7+&o8~Gl!@7#(_7@Z+uJ`ohL^v(-A0XMc5{d!XwxH<%8#W<*Urcg^bX8 z^a5Dq5nHdp3)V6vm2+P7^Wm$_2P%p|CQ zuJ2cp$%R(7On?+lK$2iQIvKRoOa<@zdkpZ`)jRT_b*p1Cinr*E44xaG1R;sYd5?do zEeL5r2n!-#I>~~-k+%Q~f?43k0@oI}vcTn`m0WO>oJk%;lFINDh_k2?b0+G3Po=aV z!GdHKgs~v>Ab*}yebu~yF_!Xt)ZOAzj<8$s2#hhM!Z5FR^?8|LDgWCN(uk3@PLt#+ zUv`~R`Q-NV;;YZ=oJcJyfvplIP;6V*y66*u9cpO;G?^Nm4y9fIT1ONGuUuQ@0k^)RpMvGq0hL6@RbZGJ2XLbidlV3b4A zRzWcOTlp&p&Hw<$q>~p~dBFlpA=_ETb?3f8p#?QLziK$Y(u~gQ{{eG?muliu000o( BZI=K5 diff --git a/creusot/tests/should_succeed/iterators/06_map_precond.coma b/creusot/tests/should_succeed/iterators/06_map_precond.coma index 542dd9711..d50adbc72 100644 --- a/creusot/tests/should_succeed/iterators/06_map_precond.coma +++ b/creusot/tests/should_succeed/iterators/06_map_precond.coma @@ -1,39 +1,29 @@ -module M_06_map_precond__qyi18374305379273630819__produces_refl [#"06_map_precond.rs" 35 4 35 26] (* as common::Iterator> *) - let%span s06_map_precond0 = "06_map_precond.rs" 33 15 33 24 - let%span s06_map_precond1 = "06_map_precond.rs" 34 14 34 45 - let%span s06_map_precond2 = "06_map_precond.rs" 31 4 31 10 - let%span s06_map_precond3 = "06_map_precond.rs" 51 8 65 9 - let%span s06_map_precond4 = "06_map_precond.rs" 178 12 180 73 - let%span sops5 = "../../../../creusot-contracts/src/std/ops.rs" 109 15 109 59 - let%span sops6 = "../../../../creusot-contracts/src/std/ops.rs" 110 14 110 36 - let%span sops7 = "../../../../creusot-contracts/src/std/ops.rs" 115 14 115 31 - let%span sops8 = "../../../../creusot-contracts/src/std/ops.rs" 120 15 120 29 - let%span sops9 = "../../../../creusot-contracts/src/std/ops.rs" 121 15 121 26 - let%span sops10 = "../../../../creusot-contracts/src/std/ops.rs" 122 14 122 28 - let%span sops11 = "../../../../creusot-contracts/src/std/ops.rs" 127 14 128 105 - let%span scommon12 = "common.rs" 14 15 14 24 - let%span scommon13 = "common.rs" 15 14 15 45 - let%span scommon14 = "common.rs" 19 15 19 21 - let%span scommon15 = "common.rs" 20 15 20 21 - let%span scommon16 = "common.rs" 21 15 21 21 - let%span scommon17 = "common.rs" 22 15 22 32 - let%span scommon18 = "common.rs" 23 15 23 32 - let%span scommon19 = "common.rs" 24 14 24 42 - let%span s06_map_precond20 = "06_map_precond.rs" 130 12 134 47 - let%span s06_map_precond21 = "06_map_precond.rs" 102 14 102 81 - let%span s06_map_precond22 = "06_map_precond.rs" 105 12 111 88 - let%span s06_map_precond23 = "06_map_precond.rs" 94 12 97 63 - let%span sseq24 = "../../../../creusot-contracts/src/logic/seq.rs" 611 20 611 95 - let%span s06_map_precond25 = "06_map_precond.rs" 118 12 123 71 - let%span sinvariant26 = "../../../../creusot-contracts/src/invariant.rs" 34 20 34 44 - let%span sboxed27 = "../../../../creusot-contracts/src/std/boxed.rs" 28 8 28 18 +module M_06_map_precond__qyi18374305379273630819__produces_refl [#"06_map_precond.rs" 31 4 31 26] (* as common::Iterator> *) + let%span s06_map_precond0 = "06_map_precond.rs" 30 14 30 45 + let%span s06_map_precond1 = "06_map_precond.rs" 28 4 28 10 + let%span s06_map_precond2 = "06_map_precond.rs" 44 8 58 9 + let%span sops3 = "../../../../creusot-contracts/src/std/ops.rs" 109 15 109 59 + let%span sops4 = "../../../../creusot-contracts/src/std/ops.rs" 110 14 110 36 + let%span sops5 = "../../../../creusot-contracts/src/std/ops.rs" 115 14 115 31 + let%span sops6 = "../../../../creusot-contracts/src/std/ops.rs" 120 15 120 29 + let%span sops7 = "../../../../creusot-contracts/src/std/ops.rs" 121 15 121 26 + let%span sops8 = "../../../../creusot-contracts/src/std/ops.rs" 122 14 122 28 + let%span sops9 = "../../../../creusot-contracts/src/std/ops.rs" 127 14 128 105 + let%span scommon10 = "common.rs" 14 14 14 45 + let%span scommon11 = "common.rs" 18 15 18 32 + let%span scommon12 = "common.rs" 19 15 19 32 + let%span scommon13 = "common.rs" 20 14 20 42 + + use seq.Seq + + type t_B'0 + + use seq.Seq type t_I'0 type t_F'0 - predicate inv'3 (_1 : t_I'0) - use seq.Seq use seq.Seq @@ -44,86 +34,26 @@ module M_06_map_precond__qyi18374305379273630819__produces_refl [#"06_map_precon predicate produces'1 [#"common.rs" 8 4 8 65] (self : t_I'0) (visited : Seq.seq t_Item'0) (o : t_I'0) - function produces_trans'0 [#"common.rs" 25 4 25 91] (a : t_I'0) (ab : Seq.seq t_Item'0) (b : t_I'0) (bc : Seq.seq t_Item'0) (c : t_I'0) : () + function produces_trans'0 [#"common.rs" 21 4 21 91] (a : t_I'0) (ab : Seq.seq t_Item'0) (b : t_I'0) (bc : Seq.seq t_Item'0) (c : t_I'0) : () - axiom produces_trans'0_spec : forall a : t_I'0, ab : Seq.seq t_Item'0, b : t_I'0, bc : Seq.seq t_Item'0, c : t_I'0 . ([%#scommon14] inv'3 a) - -> ([%#scommon15] inv'3 b) - -> ([%#scommon16] inv'3 c) - -> ([%#scommon17] produces'1 a ab b) - -> ([%#scommon18] produces'1 b bc c) -> ([%#scommon19] produces'1 a (Seq.(++) ab bc) c) + axiom produces_trans'0_spec : forall a : t_I'0, ab : Seq.seq t_Item'0, b : t_I'0, bc : Seq.seq t_Item'0, c : t_I'0 . ([%#scommon11] produces'1 a ab b) + -> ([%#scommon12] produces'1 b bc c) -> ([%#scommon13] produces'1 a (Seq.(++) ab bc) c) - function produces_refl'1 [#"common.rs" 16 4 16 27] (self : t_I'0) : () + function produces_refl'1 [#"common.rs" 15 4 15 27] (self : t_I'0) : () - axiom produces_refl'1_spec : forall self : t_I'0 . ([%#scommon12] inv'3 self) - -> ([%#scommon13] produces'1 self (Seq.empty : Seq.seq t_Item'0) self) + axiom produces_refl'1_spec : forall self : t_I'0 . [%#scommon10] produces'1 self (Seq.empty : Seq.seq t_Item'0) self use prelude.prelude.Snapshot type t_Map'0 = { t_Map__iter'0: t_I'0; t_Map__func'0: t_F'0; t_Map__produced'0: Snapshot.snap_ty (Seq.seq t_Item'0) } - use prelude.prelude.Borrow - - predicate invariant'3 (self : borrowed t_I'0) = - [%#sinvariant26] inv'3 self.current /\ inv'3 self.final - - predicate inv'5 (_1 : borrowed t_I'0) - - axiom inv_axiom'3 [@rewrite] : forall x : borrowed t_I'0 [inv'5 x] . inv'5 x = invariant'3 x - - predicate inv'4 (_1 : t_F'0) - - predicate completed'0 [#"common.rs" 11 4 11 36] (self : borrowed t_I'0) - - predicate inv'6 (_1 : t_Item'0) - - use seq.Seq - - use prelude.prelude.Snapshot - - predicate precondition'0 (self : t_F'0) (args : (t_Item'0, Snapshot.snap_ty (Seq.seq t_Item'0))) - - predicate next_precondition'0 [#"06_map_precond.rs" 92 4 92 74] (iter : t_I'0) (func : t_F'0) (produced : Seq.seq t_Item'0) - - = - [%#s06_map_precond23] forall e : t_Item'0, i : t_I'0 [produces'1 iter (Seq.singleton e) i] . inv'6 e - /\ inv'3 i /\ produces'1 iter (Seq.singleton e) i -> precondition'0 func (e, Snapshot.new produced) - - type t_B'0 - - use prelude.prelude.Int - - use seq.Seq - - use seq.Seq - - predicate invariant'6 (self : t_Item'0) = - [%#sboxed27] inv'6 self - - predicate inv'10 (_1 : t_Item'0) - - axiom inv_axiom'6 [@rewrite] : forall x : t_Item'0 [inv'10 x] . inv'10 x = invariant'6 x - - predicate invariant'2 (self : Seq.seq t_Item'0) = - [%#sseq24] forall i : int . 0 <= i /\ i < Seq.length self -> inv'10 (Seq.get self i) - - predicate inv'2 (_1 : Seq.seq t_Item'0) - - axiom inv_axiom'2 [@rewrite] : forall x : Seq.seq t_Item'0 [inv'2 x] . inv'2 x = invariant'2 x - - predicate invariant'4 (self : borrowed t_F'0) = - [%#sinvariant26] inv'4 self.current /\ inv'4 self.final - - predicate inv'7 (_1 : borrowed t_F'0) - - axiom inv_axiom'4 [@rewrite] : forall x : borrowed t_F'0 [inv'7 x] . inv'7 x = invariant'4 x - - predicate inv'8 (_1 : t_B'0) - predicate postcondition_once'0 (self : t_F'0) (args : (t_Item'0, Snapshot.snap_ty (Seq.seq t_Item'0))) (result : t_B'0) + use prelude.prelude.Borrow + predicate resolve'0 (_1 : t_F'0) predicate postcondition_mut'0 (self : t_F'0) (args : (t_Item'0, Snapshot.snap_ty (Seq.seq t_Item'0))) (result_state : t_F'0) (result : t_B'0) @@ -131,70 +61,25 @@ module M_06_map_precond__qyi18374305379273630819__produces_refl [#"06_map_precon function fn_mut_once'0 (self : t_F'0) (args : (t_Item'0, Snapshot.snap_ty (Seq.seq t_Item'0))) (res : t_B'0) : () - axiom fn_mut_once'0_spec : forall self : t_F'0, args : (t_Item'0, Snapshot.snap_ty (Seq.seq t_Item'0)), res : t_B'0 . [%#sops11] postcondition_once'0 self args res + axiom fn_mut_once'0_spec : forall self : t_F'0, args : (t_Item'0, Snapshot.snap_ty (Seq.seq t_Item'0)), res : t_B'0 . [%#sops9] postcondition_once'0 self args res = (exists res_state : t_F'0 . postcondition_mut'0 self args res_state res /\ resolve'0 res_state) predicate unnest'0 (self : t_F'0) (_2 : t_F'0) function unnest_trans'0 (self : t_F'0) (b : t_F'0) (c : t_F'0) : () - axiom unnest_trans'0_spec : forall self : t_F'0, b : t_F'0, c : t_F'0 . ([%#sops8] unnest'0 self b) - -> ([%#sops9] unnest'0 b c) -> ([%#sops10] unnest'0 self c) + axiom unnest_trans'0_spec : forall self : t_F'0, b : t_F'0, c : t_F'0 . ([%#sops6] unnest'0 self b) + -> ([%#sops7] unnest'0 b c) -> ([%#sops8] unnest'0 self c) function unnest_refl'0 (self : t_F'0) : () - axiom unnest_refl'0_spec : forall self : t_F'0 . [%#sops7] unnest'0 self self + axiom unnest_refl'0_spec : forall self : t_F'0 . [%#sops5] unnest'0 self self function postcondition_mut_unnest'0 (self : t_F'0) (args : (t_Item'0, Snapshot.snap_ty (Seq.seq t_Item'0))) (res_state : t_F'0) (res : t_B'0) : () - axiom postcondition_mut_unnest'0_spec : forall self : t_F'0, args : (t_Item'0, Snapshot.snap_ty (Seq.seq t_Item'0)), res_state : t_F'0, res : t_B'0 . ([%#sops5] postcondition_mut'0 self args res_state res) - -> ([%#sops6] unnest'0 self res_state) - - use seq.Seq - - predicate preservation'0 [#"06_map_precond.rs" 116 4 116 45] (iter : t_I'0) (func : t_F'0) = - [%#s06_map_precond25] forall s : Seq.seq t_Item'0, e1 : t_Item'0, e2 : t_Item'0, f : borrowed t_F'0, b : t_B'0, i : t_I'0 . inv'2 s - /\ inv'6 e1 /\ inv'6 e2 /\ inv'7 f /\ inv'8 b /\ inv'3 i /\ unnest'0 func f.current - -> produces'1 iter (Seq.snoc (Seq.snoc s e1) e2) i - -> precondition'0 f.current (e1, Snapshot.new s) - -> postcondition_mut'0 f.current (e1, Snapshot.new s) f.final b - -> precondition'0 f.final (e2, Snapshot.new (Seq.snoc s e1)) - - predicate reinitialize'0 [#"06_map_precond.rs" 128 4 128 29] (_1 : ()) = - [%#s06_map_precond20] forall iter : borrowed t_I'0, func : t_F'0 . inv'5 iter /\ inv'4 func - -> completed'0 iter - -> next_precondition'0 iter.final func (Seq.empty : Seq.seq t_Item'0) /\ preservation'0 iter.final func - - use prelude.prelude.Snapshot - - predicate preservation_inv'0 [#"06_map_precond.rs" 103 4 103 73] (iter : t_I'0) (func : t_F'0) (produced : Seq.seq t_Item'0) - - = - [%#s06_map_precond22] forall s : Seq.seq t_Item'0, e1 : t_Item'0, e2 : t_Item'0, f : borrowed t_F'0, b : t_B'0, i : t_I'0 [produces'1 iter (Seq.snoc (Seq.snoc s e1) e2) i, postcondition_mut'0 f.current (e1, Snapshot.new (Seq.(++) produced s)) f.final b] . inv'2 s - /\ inv'6 e1 /\ inv'6 e2 /\ inv'7 f /\ inv'8 b /\ inv'3 i /\ unnest'0 func f.current - -> produces'1 iter (Seq.snoc (Seq.snoc s e1) e2) i - -> precondition'0 f.current (e1, Snapshot.new (Seq.(++) produced s)) - -> postcondition_mut'0 f.current (e1, Snapshot.new (Seq.(++) produced s)) f.final b - -> precondition'0 f.final (e2, Snapshot.new (Seq.snoc (Seq.(++) produced s) e1)) - - axiom preservation_inv'0_spec : forall iter : t_I'0, func : t_F'0, produced : Seq.seq t_Item'0 . [%#s06_map_precond21] produced - = (Seq.empty : Seq.seq t_Item'0) -> preservation_inv'0 iter func produced = preservation'0 iter func - - predicate invariant'0 [#"06_map_precond.rs" 176 4 176 30] (self : t_Map'0) = - [%#s06_map_precond4] reinitialize'0 () - /\ preservation_inv'0 self.t_Map__iter'0 self.t_Map__func'0 (Snapshot.inner self.t_Map__produced'0) - /\ next_precondition'0 self.t_Map__iter'0 self.t_Map__func'0 (Snapshot.inner self.t_Map__produced'0) - - predicate inv'0 (_1 : t_Map'0) - - axiom inv_axiom'0 [@rewrite] : forall x : t_Map'0 [inv'0 x] . inv'0 x - = (invariant'0 x - /\ match x with - | {t_Map__iter'0 = iter ; t_Map__func'0 = func ; t_Map__produced'0 = produced} -> inv'3 iter /\ inv'4 func - end) - - use seq.Seq + axiom postcondition_mut_unnest'0_spec : forall self : t_F'0, args : (t_Item'0, Snapshot.snap_ty (Seq.seq t_Item'0)), res_state : t_F'0, res : t_B'0 . ([%#sops3] postcondition_mut'0 self args res_state res) + -> ([%#sops4] unnest'0 self res_state) use seq.Seq @@ -204,40 +89,31 @@ module M_06_map_precond__qyi18374305379273630819__produces_refl [#"06_map_precon use seq.Seq - predicate invariant'5 (self : borrowed t_F'0) = - [%#sboxed27] inv'7 self - - predicate inv'9 (_1 : borrowed t_F'0) - - axiom inv_axiom'5 [@rewrite] : forall x : borrowed t_F'0 [inv'9 x] . inv'9 x = invariant'5 x - - predicate invariant'1 (self : Seq.seq (borrowed t_F'0)) = - [%#sseq24] forall i : int . 0 <= i /\ i < Seq.length self -> inv'9 (Seq.get self i) + use prelude.prelude.Snapshot - predicate inv'1 (_1 : Seq.seq (borrowed t_F'0)) + use prelude.prelude.Snapshot - axiom inv_axiom'1 [@rewrite] : forall x : Seq.seq (borrowed t_F'0) [inv'1 x] . inv'1 x = invariant'1 x + use prelude.prelude.Int use seq.Seq - use prelude.prelude.Snapshot - use seq.Seq use seq.Seq - use seq.Seq + use prelude.prelude.Snapshot + + predicate precondition'0 (self : t_F'0) (args : (t_Item'0, Snapshot.snap_ty (Seq.seq t_Item'0))) use seq.Seq - predicate produces'0 [@inline:trivial] [#"06_map_precond.rs" 50 4 50 67] (self : t_Map'0) (visited : Seq.seq t_B'0) (succ : t_Map'0) + predicate produces'0 [@inline:trivial] [#"06_map_precond.rs" 43 4 43 67] (self : t_Map'0) (visited : Seq.seq t_B'0) (succ : t_Map'0) = - [%#s06_map_precond3] unnest'0 self.t_Map__func'0 succ.t_Map__func'0 - /\ (exists fs : Seq.seq (borrowed t_F'0) . inv'1 fs - /\ Seq.length fs = Seq.length visited - /\ (exists s : Seq.seq t_Item'0 [produces'1 self.t_Map__iter'0 s succ.t_Map__iter'0] . inv'2 s - /\ Seq.length s = Seq.length visited + [%#s06_map_precond2] unnest'0 self.t_Map__func'0 succ.t_Map__func'0 + /\ (exists fs : Seq.seq (borrowed t_F'0) . Seq.length fs = Seq.length visited + /\ (exists s : Seq.seq t_Item'0 [produces'1 self.t_Map__iter'0 s succ.t_Map__iter'0] . Seq.length s + = Seq.length visited /\ produces'1 self.t_Map__iter'0 s succ.t_Map__iter'0 /\ Snapshot.inner succ.t_Map__produced'0 = Seq.(++) (Snapshot.inner self.t_Map__produced'0) s /\ (forall i : int . 1 <= i /\ i < Seq.length fs -> (Seq.get fs (i - 1)).final = (Seq.get fs i).current) @@ -253,51 +129,32 @@ module M_06_map_precond__qyi18374305379273630819__produces_refl [#"06_map_precon constant self : t_Map'0 - function produces_refl'0 [#"06_map_precond.rs" 35 4 35 26] (self : t_Map'0) : () + function produces_refl'0 [#"06_map_precond.rs" 31 4 31 26] (self : t_Map'0) : () - goal vc_produces_refl'0 : ([%#s06_map_precond0] inv'0 self) - -> ([%#s06_map_precond1] produces'0 self (Seq.empty : Seq.seq t_B'0) self) + goal vc_produces_refl'0 : [%#s06_map_precond0] produces'0 self (Seq.empty : Seq.seq t_B'0) self end -module M_06_map_precond__qyi18374305379273630819__produces_trans [#"06_map_precond.rs" 45 4 45 90] (* as common::Iterator> *) - let%span s06_map_precond0 = "06_map_precond.rs" 39 15 39 21 - let%span s06_map_precond1 = "06_map_precond.rs" 40 15 40 21 - let%span s06_map_precond2 = "06_map_precond.rs" 41 15 41 21 - let%span s06_map_precond3 = "06_map_precond.rs" 42 15 42 32 - let%span s06_map_precond4 = "06_map_precond.rs" 43 15 43 32 - let%span s06_map_precond5 = "06_map_precond.rs" 44 14 44 42 - let%span s06_map_precond6 = "06_map_precond.rs" 37 4 37 10 - let%span s06_map_precond7 = "06_map_precond.rs" 51 8 65 9 - let%span s06_map_precond8 = "06_map_precond.rs" 178 12 180 73 - let%span sops9 = "../../../../creusot-contracts/src/std/ops.rs" 109 15 109 59 - let%span sops10 = "../../../../creusot-contracts/src/std/ops.rs" 110 14 110 36 - let%span sops11 = "../../../../creusot-contracts/src/std/ops.rs" 115 14 115 31 - let%span sops12 = "../../../../creusot-contracts/src/std/ops.rs" 120 15 120 29 - let%span sops13 = "../../../../creusot-contracts/src/std/ops.rs" 121 15 121 26 - let%span sops14 = "../../../../creusot-contracts/src/std/ops.rs" 122 14 122 28 - let%span sops15 = "../../../../creusot-contracts/src/std/ops.rs" 127 14 128 105 - let%span scommon16 = "common.rs" 14 15 14 24 - let%span scommon17 = "common.rs" 15 14 15 45 - let%span scommon18 = "common.rs" 19 15 19 21 - let%span scommon19 = "common.rs" 20 15 20 21 - let%span scommon20 = "common.rs" 21 15 21 21 - let%span scommon21 = "common.rs" 22 15 22 32 - let%span scommon22 = "common.rs" 23 15 23 32 - let%span scommon23 = "common.rs" 24 14 24 42 - let%span s06_map_precond24 = "06_map_precond.rs" 130 12 134 47 - let%span s06_map_precond25 = "06_map_precond.rs" 102 14 102 81 - let%span s06_map_precond26 = "06_map_precond.rs" 105 12 111 88 - let%span s06_map_precond27 = "06_map_precond.rs" 94 12 97 63 - let%span sseq28 = "../../../../creusot-contracts/src/logic/seq.rs" 611 20 611 95 - let%span s06_map_precond29 = "06_map_precond.rs" 118 12 123 71 - let%span sinvariant30 = "../../../../creusot-contracts/src/invariant.rs" 34 20 34 44 - let%span sboxed31 = "../../../../creusot-contracts/src/std/boxed.rs" 28 8 28 18 +module M_06_map_precond__qyi18374305379273630819__produces_trans [#"06_map_precond.rs" 38 4 38 90] (* as common::Iterator> *) + let%span s06_map_precond0 = "06_map_precond.rs" 35 15 35 32 + let%span s06_map_precond1 = "06_map_precond.rs" 36 15 36 32 + let%span s06_map_precond2 = "06_map_precond.rs" 37 14 37 42 + let%span s06_map_precond3 = "06_map_precond.rs" 33 4 33 10 + let%span s06_map_precond4 = "06_map_precond.rs" 44 8 58 9 + let%span sops5 = "../../../../creusot-contracts/src/std/ops.rs" 109 15 109 59 + let%span sops6 = "../../../../creusot-contracts/src/std/ops.rs" 110 14 110 36 + let%span sops7 = "../../../../creusot-contracts/src/std/ops.rs" 115 14 115 31 + let%span sops8 = "../../../../creusot-contracts/src/std/ops.rs" 120 15 120 29 + let%span sops9 = "../../../../creusot-contracts/src/std/ops.rs" 121 15 121 26 + let%span sops10 = "../../../../creusot-contracts/src/std/ops.rs" 122 14 122 28 + let%span sops11 = "../../../../creusot-contracts/src/std/ops.rs" 127 14 128 105 + let%span scommon12 = "common.rs" 14 14 14 45 + let%span scommon13 = "common.rs" 18 15 18 32 + let%span scommon14 = "common.rs" 19 15 19 32 + let%span scommon15 = "common.rs" 20 14 20 42 type t_I'0 type t_F'0 - predicate inv'3 (_1 : t_I'0) - use seq.Seq use seq.Seq @@ -308,86 +165,30 @@ module M_06_map_precond__qyi18374305379273630819__produces_trans [#"06_map_preco predicate produces'1 [#"common.rs" 8 4 8 65] (self : t_I'0) (visited : Seq.seq t_Item'0) (o : t_I'0) - function produces_trans'1 [#"common.rs" 25 4 25 91] (a : t_I'0) (ab : Seq.seq t_Item'0) (b : t_I'0) (bc : Seq.seq t_Item'0) (c : t_I'0) : () + function produces_trans'1 [#"common.rs" 21 4 21 91] (a : t_I'0) (ab : Seq.seq t_Item'0) (b : t_I'0) (bc : Seq.seq t_Item'0) (c : t_I'0) : () - axiom produces_trans'1_spec : forall a : t_I'0, ab : Seq.seq t_Item'0, b : t_I'0, bc : Seq.seq t_Item'0, c : t_I'0 . ([%#scommon18] inv'3 a) - -> ([%#scommon19] inv'3 b) - -> ([%#scommon20] inv'3 c) - -> ([%#scommon21] produces'1 a ab b) - -> ([%#scommon22] produces'1 b bc c) -> ([%#scommon23] produces'1 a (Seq.(++) ab bc) c) + axiom produces_trans'1_spec : forall a : t_I'0, ab : Seq.seq t_Item'0, b : t_I'0, bc : Seq.seq t_Item'0, c : t_I'0 . ([%#scommon13] produces'1 a ab b) + -> ([%#scommon14] produces'1 b bc c) -> ([%#scommon15] produces'1 a (Seq.(++) ab bc) c) - function produces_refl'0 [#"common.rs" 16 4 16 27] (self : t_I'0) : () + function produces_refl'0 [#"common.rs" 15 4 15 27] (self : t_I'0) : () - axiom produces_refl'0_spec : forall self : t_I'0 . ([%#scommon16] inv'3 self) - -> ([%#scommon17] produces'1 self (Seq.empty : Seq.seq t_Item'0) self) + axiom produces_refl'0_spec : forall self : t_I'0 . [%#scommon12] produces'1 self (Seq.empty : Seq.seq t_Item'0) self use prelude.prelude.Snapshot type t_Map'0 = { t_Map__iter'0: t_I'0; t_Map__func'0: t_F'0; t_Map__produced'0: Snapshot.snap_ty (Seq.seq t_Item'0) } - use prelude.prelude.Borrow - - predicate invariant'3 (self : borrowed t_I'0) = - [%#sinvariant30] inv'3 self.current /\ inv'3 self.final - - predicate inv'5 (_1 : borrowed t_I'0) - - axiom inv_axiom'3 [@rewrite] : forall x : borrowed t_I'0 [inv'5 x] . inv'5 x = invariant'3 x - - predicate inv'4 (_1 : t_F'0) - - predicate completed'0 [#"common.rs" 11 4 11 36] (self : borrowed t_I'0) - - predicate inv'6 (_1 : t_Item'0) - - use seq.Seq - - use prelude.prelude.Snapshot - - predicate precondition'0 (self : t_F'0) (args : (t_Item'0, Snapshot.snap_ty (Seq.seq t_Item'0))) - - predicate next_precondition'0 [#"06_map_precond.rs" 92 4 92 74] (iter : t_I'0) (func : t_F'0) (produced : Seq.seq t_Item'0) - - = - [%#s06_map_precond27] forall e : t_Item'0, i : t_I'0 [produces'1 iter (Seq.singleton e) i] . inv'6 e - /\ inv'3 i /\ produces'1 iter (Seq.singleton e) i -> precondition'0 func (e, Snapshot.new produced) - type t_B'0 - use prelude.prelude.Int - - use seq.Seq - use seq.Seq - predicate invariant'6 (self : t_Item'0) = - [%#sboxed31] inv'6 self - - predicate inv'10 (_1 : t_Item'0) - - axiom inv_axiom'6 [@rewrite] : forall x : t_Item'0 [inv'10 x] . inv'10 x = invariant'6 x - - predicate invariant'2 (self : Seq.seq t_Item'0) = - [%#sseq28] forall i : int . 0 <= i /\ i < Seq.length self -> inv'10 (Seq.get self i) - - predicate inv'2 (_1 : Seq.seq t_Item'0) - - axiom inv_axiom'2 [@rewrite] : forall x : Seq.seq t_Item'0 [inv'2 x] . inv'2 x = invariant'2 x - - predicate invariant'4 (self : borrowed t_F'0) = - [%#sinvariant30] inv'4 self.current /\ inv'4 self.final - - predicate inv'7 (_1 : borrowed t_F'0) - - axiom inv_axiom'4 [@rewrite] : forall x : borrowed t_F'0 [inv'7 x] . inv'7 x = invariant'4 x - - predicate inv'8 (_1 : t_B'0) - predicate postcondition_once'0 (self : t_F'0) (args : (t_Item'0, Snapshot.snap_ty (Seq.seq t_Item'0))) (result : t_B'0) + use prelude.prelude.Borrow + predicate resolve'0 (_1 : t_F'0) predicate postcondition_mut'0 (self : t_F'0) (args : (t_Item'0, Snapshot.snap_ty (Seq.seq t_Item'0))) (result_state : t_F'0) (result : t_B'0) @@ -395,68 +196,25 @@ module M_06_map_precond__qyi18374305379273630819__produces_trans [#"06_map_preco function fn_mut_once'0 (self : t_F'0) (args : (t_Item'0, Snapshot.snap_ty (Seq.seq t_Item'0))) (res : t_B'0) : () - axiom fn_mut_once'0_spec : forall self : t_F'0, args : (t_Item'0, Snapshot.snap_ty (Seq.seq t_Item'0)), res : t_B'0 . [%#sops15] postcondition_once'0 self args res + axiom fn_mut_once'0_spec : forall self : t_F'0, args : (t_Item'0, Snapshot.snap_ty (Seq.seq t_Item'0)), res : t_B'0 . [%#sops11] postcondition_once'0 self args res = (exists res_state : t_F'0 . postcondition_mut'0 self args res_state res /\ resolve'0 res_state) predicate unnest'0 (self : t_F'0) (_2 : t_F'0) function unnest_trans'0 (self : t_F'0) (b : t_F'0) (c : t_F'0) : () - axiom unnest_trans'0_spec : forall self : t_F'0, b : t_F'0, c : t_F'0 . ([%#sops12] unnest'0 self b) - -> ([%#sops13] unnest'0 b c) -> ([%#sops14] unnest'0 self c) + axiom unnest_trans'0_spec : forall self : t_F'0, b : t_F'0, c : t_F'0 . ([%#sops8] unnest'0 self b) + -> ([%#sops9] unnest'0 b c) -> ([%#sops10] unnest'0 self c) function unnest_refl'0 (self : t_F'0) : () - axiom unnest_refl'0_spec : forall self : t_F'0 . [%#sops11] unnest'0 self self + axiom unnest_refl'0_spec : forall self : t_F'0 . [%#sops7] unnest'0 self self function postcondition_mut_unnest'0 (self : t_F'0) (args : (t_Item'0, Snapshot.snap_ty (Seq.seq t_Item'0))) (res_state : t_F'0) (res : t_B'0) : () - axiom postcondition_mut_unnest'0_spec : forall self : t_F'0, args : (t_Item'0, Snapshot.snap_ty (Seq.seq t_Item'0)), res_state : t_F'0, res : t_B'0 . ([%#sops9] postcondition_mut'0 self args res_state res) - -> ([%#sops10] unnest'0 self res_state) - - use seq.Seq - - predicate preservation'0 [#"06_map_precond.rs" 116 4 116 45] (iter : t_I'0) (func : t_F'0) = - [%#s06_map_precond29] forall s : Seq.seq t_Item'0, e1 : t_Item'0, e2 : t_Item'0, f : borrowed t_F'0, b : t_B'0, i : t_I'0 . inv'2 s - /\ inv'6 e1 /\ inv'6 e2 /\ inv'7 f /\ inv'8 b /\ inv'3 i /\ unnest'0 func f.current - -> produces'1 iter (Seq.snoc (Seq.snoc s e1) e2) i - -> precondition'0 f.current (e1, Snapshot.new s) - -> postcondition_mut'0 f.current (e1, Snapshot.new s) f.final b - -> precondition'0 f.final (e2, Snapshot.new (Seq.snoc s e1)) - - predicate reinitialize'0 [#"06_map_precond.rs" 128 4 128 29] (_1 : ()) = - [%#s06_map_precond24] forall iter : borrowed t_I'0, func : t_F'0 . inv'5 iter /\ inv'4 func - -> completed'0 iter - -> next_precondition'0 iter.final func (Seq.empty : Seq.seq t_Item'0) /\ preservation'0 iter.final func - - use prelude.prelude.Snapshot - - predicate preservation_inv'0 [#"06_map_precond.rs" 103 4 103 73] (iter : t_I'0) (func : t_F'0) (produced : Seq.seq t_Item'0) - - = - [%#s06_map_precond26] forall s : Seq.seq t_Item'0, e1 : t_Item'0, e2 : t_Item'0, f : borrowed t_F'0, b : t_B'0, i : t_I'0 [produces'1 iter (Seq.snoc (Seq.snoc s e1) e2) i, postcondition_mut'0 f.current (e1, Snapshot.new (Seq.(++) produced s)) f.final b] . inv'2 s - /\ inv'6 e1 /\ inv'6 e2 /\ inv'7 f /\ inv'8 b /\ inv'3 i /\ unnest'0 func f.current - -> produces'1 iter (Seq.snoc (Seq.snoc s e1) e2) i - -> precondition'0 f.current (e1, Snapshot.new (Seq.(++) produced s)) - -> postcondition_mut'0 f.current (e1, Snapshot.new (Seq.(++) produced s)) f.final b - -> precondition'0 f.final (e2, Snapshot.new (Seq.snoc (Seq.(++) produced s) e1)) - - axiom preservation_inv'0_spec : forall iter : t_I'0, func : t_F'0, produced : Seq.seq t_Item'0 . [%#s06_map_precond25] produced - = (Seq.empty : Seq.seq t_Item'0) -> preservation_inv'0 iter func produced = preservation'0 iter func - - predicate invariant'0 [#"06_map_precond.rs" 176 4 176 30] (self : t_Map'0) = - [%#s06_map_precond8] reinitialize'0 () - /\ preservation_inv'0 self.t_Map__iter'0 self.t_Map__func'0 (Snapshot.inner self.t_Map__produced'0) - /\ next_precondition'0 self.t_Map__iter'0 self.t_Map__func'0 (Snapshot.inner self.t_Map__produced'0) - - predicate inv'0 (_1 : t_Map'0) - - axiom inv_axiom'0 [@rewrite] : forall x : t_Map'0 [inv'0 x] . inv'0 x - = (invariant'0 x - /\ match x with - | {t_Map__iter'0 = iter ; t_Map__func'0 = func ; t_Map__produced'0 = produced} -> inv'3 iter /\ inv'4 func - end) + axiom postcondition_mut_unnest'0_spec : forall self : t_F'0, args : (t_Item'0, Snapshot.snap_ty (Seq.seq t_Item'0)), res_state : t_F'0, res : t_B'0 . ([%#sops5] postcondition_mut'0 self args res_state res) + -> ([%#sops6] unnest'0 self res_state) use seq.Seq @@ -466,40 +224,31 @@ module M_06_map_precond__qyi18374305379273630819__produces_trans [#"06_map_preco use seq.Seq - predicate invariant'5 (self : borrowed t_F'0) = - [%#sboxed31] inv'7 self - - predicate inv'9 (_1 : borrowed t_F'0) - - axiom inv_axiom'5 [@rewrite] : forall x : borrowed t_F'0 [inv'9 x] . inv'9 x = invariant'5 x - - predicate invariant'1 (self : Seq.seq (borrowed t_F'0)) = - [%#sseq28] forall i : int . 0 <= i /\ i < Seq.length self -> inv'9 (Seq.get self i) + use prelude.prelude.Snapshot - predicate inv'1 (_1 : Seq.seq (borrowed t_F'0)) + use prelude.prelude.Snapshot - axiom inv_axiom'1 [@rewrite] : forall x : Seq.seq (borrowed t_F'0) [inv'1 x] . inv'1 x = invariant'1 x + use prelude.prelude.Int use seq.Seq - use prelude.prelude.Snapshot - use seq.Seq use seq.Seq - use seq.Seq + use prelude.prelude.Snapshot + + predicate precondition'0 (self : t_F'0) (args : (t_Item'0, Snapshot.snap_ty (Seq.seq t_Item'0))) use seq.Seq - predicate produces'0 [@inline:trivial] [#"06_map_precond.rs" 50 4 50 67] (self : t_Map'0) (visited : Seq.seq t_B'0) (succ : t_Map'0) + predicate produces'0 [@inline:trivial] [#"06_map_precond.rs" 43 4 43 67] (self : t_Map'0) (visited : Seq.seq t_B'0) (succ : t_Map'0) = - [%#s06_map_precond7] unnest'0 self.t_Map__func'0 succ.t_Map__func'0 - /\ (exists fs : Seq.seq (borrowed t_F'0) . inv'1 fs - /\ Seq.length fs = Seq.length visited - /\ (exists s : Seq.seq t_Item'0 [produces'1 self.t_Map__iter'0 s succ.t_Map__iter'0] . inv'2 s - /\ Seq.length s = Seq.length visited + [%#s06_map_precond4] unnest'0 self.t_Map__func'0 succ.t_Map__func'0 + /\ (exists fs : Seq.seq (borrowed t_F'0) . Seq.length fs = Seq.length visited + /\ (exists s : Seq.seq t_Item'0 [produces'1 self.t_Map__iter'0 s succ.t_Map__iter'0] . Seq.length s + = Seq.length visited /\ produces'1 self.t_Map__iter'0 s succ.t_Map__iter'0 /\ Snapshot.inner succ.t_Map__produced'0 = Seq.(++) (Snapshot.inner self.t_Map__produced'0) s /\ (forall i : int . 1 <= i /\ i < Seq.length fs -> (Seq.get fs (i - 1)).final = (Seq.get fs i).current) @@ -525,68 +274,55 @@ module M_06_map_precond__qyi18374305379273630819__produces_trans [#"06_map_preco constant c : t_Map'0 - function produces_trans'0 [#"06_map_precond.rs" 45 4 45 90] (a : t_Map'0) (ab : Seq.seq t_B'0) (b : t_Map'0) (bc : Seq.seq t_B'0) (c : t_Map'0) : () + function produces_trans'0 [#"06_map_precond.rs" 38 4 38 90] (a : t_Map'0) (ab : Seq.seq t_B'0) (b : t_Map'0) (bc : Seq.seq t_B'0) (c : t_Map'0) : () - goal vc_produces_trans'0 : ([%#s06_map_precond4] produces'0 b bc c) - -> ([%#s06_map_precond3] produces'0 a ab b) - -> ([%#s06_map_precond2] inv'0 c) - -> ([%#s06_map_precond1] inv'0 b) - -> ([%#s06_map_precond0] inv'0 a) -> ([%#s06_map_precond5] produces'0 a (Seq.(++) ab bc) c) + goal vc_produces_trans'0 : ([%#s06_map_precond1] produces'0 b bc c) + -> ([%#s06_map_precond0] produces'0 a ab b) -> ([%#s06_map_precond2] produces'0 a (Seq.(++) ab bc) c) end -module M_06_map_precond__qyi18374305379273630819__next [#"06_map_precond.rs" 72 4 72 44] (* as common::Iterator> *) - let%span s06_map_precond0 = "06_map_precond.rs" 75 16 75 76 - let%span s06_map_precond1 = "06_map_precond.rs" 76 31 76 71 - let%span s06_map_precond2 = "06_map_precond.rs" 79 16 79 58 - let%span s06_map_precond3 = "06_map_precond.rs" 83 32 83 56 - let%span s06_map_precond4 = "06_map_precond.rs" 72 17 72 21 - let%span s06_map_precond5 = "06_map_precond.rs" 72 26 72 44 - let%span s06_map_precond6 = "06_map_precond.rs" 68 14 71 5 - let%span scommon7 = "common.rs" 31 17 31 21 - let%span scommon8 = "common.rs" 31 26 31 44 - let%span scommon9 = "common.rs" 27 14 30 5 +module M_06_map_precond__qyi18374305379273630819__next [#"06_map_precond.rs" 65 4 65 44] (* as common::Iterator> *) + let%span s06_map_precond0 = "06_map_precond.rs" 68 16 68 76 + let%span s06_map_precond1 = "06_map_precond.rs" 69 31 69 71 + let%span s06_map_precond2 = "06_map_precond.rs" 72 16 72 58 + let%span s06_map_precond3 = "06_map_precond.rs" 76 32 76 56 + let%span s06_map_precond4 = "06_map_precond.rs" 65 17 65 21 + let%span s06_map_precond5 = "06_map_precond.rs" 65 26 65 44 + let%span s06_map_precond6 = "06_map_precond.rs" 61 14 64 5 + let%span scommon7 = "common.rs" 27 17 27 21 + let%span scommon8 = "common.rs" 27 26 27 44 + let%span scommon9 = "common.rs" 23 14 26 5 let%span sops10 = "../../../../creusot-contracts/src/std/ops.rs" 162 27 162 52 let%span sops11 = "../../../../creusot-contracts/src/std/ops.rs" 163 26 163 71 - let%span s06_map_precond12 = "06_map_precond.rs" 139 15 139 24 - let%span s06_map_precond13 = "06_map_precond.rs" 140 15 140 21 - let%span s06_map_precond14 = "06_map_precond.rs" 141 15 141 21 - let%span s06_map_precond15 = "06_map_precond.rs" 142 15 142 21 - let%span s06_map_precond16 = "06_map_precond.rs" 143 15 143 24 - let%span s06_map_precond17 = "06_map_precond.rs" 144 4 144 60 - let%span s06_map_precond18 = "06_map_precond.rs" 145 15 145 30 - let%span s06_map_precond19 = "06_map_precond.rs" 146 15 146 64 - let%span s06_map_precond20 = "06_map_precond.rs" 147 14 147 74 - let%span s06_map_precond21 = "06_map_precond.rs" 148 14 148 75 - let%span s06_map_precond22 = "06_map_precond.rs" 150 8 155 9 - let%span s06_map_precond23 = "06_map_precond.rs" 25 8 28 9 - let%span s06_map_precond24 = "06_map_precond.rs" 159 14 159 68 - let%span s06_map_precond25 = "06_map_precond.rs" 162 12 168 74 - let%span scommon26 = "common.rs" 14 15 14 24 - let%span scommon27 = "common.rs" 15 14 15 45 - let%span scommon28 = "common.rs" 19 15 19 21 - let%span scommon29 = "common.rs" 20 15 20 21 - let%span scommon30 = "common.rs" 21 15 21 21 - let%span scommon31 = "common.rs" 22 15 22 32 - let%span scommon32 = "common.rs" 23 15 23 32 - let%span scommon33 = "common.rs" 24 14 24 42 - let%span sresolve34 = "../../../../creusot-contracts/src/resolve.rs" 54 20 54 34 - let%span s06_map_precond35 = "06_map_precond.rs" 102 14 102 81 - let%span s06_map_precond36 = "06_map_precond.rs" 105 12 111 88 - let%span s06_map_precond37 = "06_map_precond.rs" 94 12 97 63 - let%span s06_map_precond38 = "06_map_precond.rs" 51 8 65 9 - let%span sops39 = "../../../../creusot-contracts/src/std/ops.rs" 109 15 109 59 - let%span sops40 = "../../../../creusot-contracts/src/std/ops.rs" 110 14 110 36 - let%span sops41 = "../../../../creusot-contracts/src/std/ops.rs" 115 14 115 31 - let%span sops42 = "../../../../creusot-contracts/src/std/ops.rs" 120 15 120 29 - let%span sops43 = "../../../../creusot-contracts/src/std/ops.rs" 121 15 121 26 - let%span sops44 = "../../../../creusot-contracts/src/std/ops.rs" 122 14 122 28 - let%span sops45 = "../../../../creusot-contracts/src/std/ops.rs" 127 14 128 105 - let%span sinvariant46 = "../../../../creusot-contracts/src/invariant.rs" 34 20 34 44 - let%span s06_map_precond47 = "06_map_precond.rs" 118 12 123 71 - let%span s06_map_precond48 = "06_map_precond.rs" 178 12 180 73 - let%span s06_map_precond49 = "06_map_precond.rs" 130 12 134 47 - let%span sseq50 = "../../../../creusot-contracts/src/logic/seq.rs" 611 20 611 95 - let%span sboxed51 = "../../../../creusot-contracts/src/std/boxed.rs" 28 8 28 18 + let%span s06_map_precond12 = "06_map_precond.rs" 131 15 131 31 + let%span s06_map_precond13 = "06_map_precond.rs" 132 4 132 60 + let%span s06_map_precond14 = "06_map_precond.rs" 133 15 133 30 + let%span s06_map_precond15 = "06_map_precond.rs" 134 15 134 64 + let%span s06_map_precond16 = "06_map_precond.rs" 135 14 135 74 + let%span s06_map_precond17 = "06_map_precond.rs" 136 14 136 75 + let%span s06_map_precond18 = "06_map_precond.rs" 138 8 142 9 + let%span s06_map_precond19 = "06_map_precond.rs" 22 8 25 9 + let%span s06_map_precond20 = "06_map_precond.rs" 146 14 146 68 + let%span s06_map_precond21 = "06_map_precond.rs" 149 12 155 74 + let%span scommon22 = "common.rs" 14 14 14 45 + let%span scommon23 = "common.rs" 18 15 18 32 + let%span scommon24 = "common.rs" 19 15 19 32 + let%span scommon25 = "common.rs" 20 14 20 42 + let%span sresolve26 = "../../../../creusot-contracts/src/resolve.rs" 54 20 54 34 + let%span s06_map_precond27 = "06_map_precond.rs" 165 12 167 73 + let%span s06_map_precond28 = "06_map_precond.rs" 95 14 95 81 + let%span s06_map_precond29 = "06_map_precond.rs" 98 12 104 88 + let%span s06_map_precond30 = "06_map_precond.rs" 87 12 90 63 + let%span s06_map_precond31 = "06_map_precond.rs" 44 8 58 9 + let%span sops32 = "../../../../creusot-contracts/src/std/ops.rs" 109 15 109 59 + let%span sops33 = "../../../../creusot-contracts/src/std/ops.rs" 110 14 110 36 + let%span sops34 = "../../../../creusot-contracts/src/std/ops.rs" 115 14 115 31 + let%span sops35 = "../../../../creusot-contracts/src/std/ops.rs" 120 15 120 29 + let%span sops36 = "../../../../creusot-contracts/src/std/ops.rs" 121 15 121 26 + let%span sops37 = "../../../../creusot-contracts/src/std/ops.rs" 122 14 122 28 + let%span sops38 = "../../../../creusot-contracts/src/std/ops.rs" 127 14 128 105 + let%span sinvariant39 = "../../../../creusot-contracts/src/invariant.rs" 34 20 34 44 + let%span s06_map_precond40 = "06_map_precond.rs" 123 12 126 47 + let%span s06_map_precond41 = "06_map_precond.rs" 111 12 116 71 use prelude.prelude.Borrow @@ -606,44 +342,40 @@ module M_06_map_precond__qyi18374305379273630819__next [#"06_map_precond.rs" 72 predicate produces'0 [#"common.rs" 8 4 8 65] (self : t_I'0) (visited : Seq.seq t_Item'0) (o : t_I'0) - function produces_trans'0 [#"common.rs" 25 4 25 91] (a : t_I'0) (ab : Seq.seq t_Item'0) (b : t_I'0) (bc : Seq.seq t_Item'0) (c : t_I'0) : () + function produces_trans'0 [#"common.rs" 21 4 21 91] (a : t_I'0) (ab : Seq.seq t_Item'0) (b : t_I'0) (bc : Seq.seq t_Item'0) (c : t_I'0) : () - axiom produces_trans'0_spec : forall a : t_I'0, ab : Seq.seq t_Item'0, b : t_I'0, bc : Seq.seq t_Item'0, c : t_I'0 . ([%#scommon28] inv'0 a) - -> ([%#scommon29] inv'0 b) - -> ([%#scommon30] inv'0 c) - -> ([%#scommon31] produces'0 a ab b) - -> ([%#scommon32] produces'0 b bc c) -> ([%#scommon33] produces'0 a (Seq.(++) ab bc) c) + axiom produces_trans'0_spec : forall a : t_I'0, ab : Seq.seq t_Item'0, b : t_I'0, bc : Seq.seq t_Item'0, c : t_I'0 . ([%#scommon23] produces'0 a ab b) + -> ([%#scommon24] produces'0 b bc c) -> ([%#scommon25] produces'0 a (Seq.(++) ab bc) c) - function produces_refl'0 [#"common.rs" 16 4 16 27] (self : t_I'0) : () + function produces_refl'0 [#"common.rs" 15 4 15 27] (self : t_I'0) : () - axiom produces_refl'0_spec : forall self : t_I'0 . ([%#scommon26] inv'0 self) - -> ([%#scommon27] produces'0 self (Seq.empty : Seq.seq t_Item'0) self) + axiom produces_refl'0_spec : forall self : t_I'0 . [%#scommon22] produces'0 self (Seq.empty : Seq.seq t_Item'0) self use prelude.prelude.Snapshot type t_Map'0 = { t_Map__iter'0: t_I'0; t_Map__func'0: t_F'0; t_Map__produced'0: Snapshot.snap_ty (Seq.seq t_Item'0) } - predicate invariant'1 (self : borrowed t_I'0) = - [%#sinvariant46] inv'0 self.current /\ inv'0 self.final + predicate invariant'2 (self : borrowed t_I'0) = + [%#sinvariant39] inv'0 self.current /\ inv'0 self.final predicate inv'4 (_1 : borrowed t_I'0) - axiom inv_axiom'2 [@rewrite] : forall x : borrowed t_I'0 [inv'4 x] . inv'4 x = invariant'1 x + axiom inv_axiom'2 [@rewrite] : forall x : borrowed t_I'0 [inv'4 x] . inv'4 x = invariant'2 x type t_Option'0 = | C_None'0 | C_Some'0 t_Item'0 - predicate inv'10 (_1 : t_Item'0) + predicate inv'9 (_1 : t_Item'0) predicate inv'5 (_1 : t_Option'0) axiom inv_axiom'3 [@rewrite] : forall x : t_Option'0 [inv'5 x] . inv'5 x = match x with | C_None'0 -> true - | C_Some'0 a_0 -> inv'10 a_0 + | C_Some'0 a_0 -> inv'9 a_0 end predicate completed'1 [#"common.rs" 11 4 11 36] (self : borrowed t_I'0) @@ -675,17 +407,17 @@ module M_06_map_precond__qyi18374305379273630819__next [#"06_map_precond.rs" 72 predicate inv'1 (_1 : t_F'0) - predicate invariant'2 (self : borrowed t_F'0) = - [%#sinvariant46] inv'1 self.current /\ inv'1 self.final + predicate invariant'3 (self : borrowed t_F'0) = + [%#sinvariant39] inv'1 self.current /\ inv'1 self.final predicate inv'6 (_1 : borrowed t_F'0) - axiom inv_axiom'4 [@rewrite] : forall x : borrowed t_F'0 [inv'6 x] . inv'6 x = invariant'2 x + axiom inv_axiom'4 [@rewrite] : forall x : borrowed t_F'0 [inv'6 x] . inv'6 x = invariant'3 x predicate inv'7 (_1 : (t_Item'0, Snapshot.snap_ty (Seq.seq t_Item'0))) axiom inv_axiom'5 [@rewrite] : forall x : (t_Item'0, Snapshot.snap_ty (Seq.seq t_Item'0)) [inv'7 x] . inv'7 x - = (let (x0, x1) = x in inv'10 x0) + = (let (x0, x1) = x in inv'9 x0) type t_B'0 @@ -701,25 +433,25 @@ module M_06_map_precond__qyi18374305379273630819__next [#"06_map_precond.rs" 72 function fn_mut_once'0 (self : t_F'0) (args : (t_Item'0, Snapshot.snap_ty (Seq.seq t_Item'0))) (res : t_B'0) : () - axiom fn_mut_once'0_spec : forall self : t_F'0, args : (t_Item'0, Snapshot.snap_ty (Seq.seq t_Item'0)), res : t_B'0 . [%#sops45] postcondition_once'0 self args res + axiom fn_mut_once'0_spec : forall self : t_F'0, args : (t_Item'0, Snapshot.snap_ty (Seq.seq t_Item'0)), res : t_B'0 . [%#sops38] postcondition_once'0 self args res = (exists res_state : t_F'0 . postcondition_mut'0 self args res_state res /\ resolve'2 res_state) predicate unnest'0 (self : t_F'0) (_2 : t_F'0) function unnest_trans'0 (self : t_F'0) (b : t_F'0) (c : t_F'0) : () - axiom unnest_trans'0_spec : forall self : t_F'0, b : t_F'0, c : t_F'0 . ([%#sops42] unnest'0 self b) - -> ([%#sops43] unnest'0 b c) -> ([%#sops44] unnest'0 self c) + axiom unnest_trans'0_spec : forall self : t_F'0, b : t_F'0, c : t_F'0 . ([%#sops35] unnest'0 self b) + -> ([%#sops36] unnest'0 b c) -> ([%#sops37] unnest'0 self c) function unnest_refl'0 (self : t_F'0) : () - axiom unnest_refl'0_spec : forall self : t_F'0 . [%#sops41] unnest'0 self self + axiom unnest_refl'0_spec : forall self : t_F'0 . [%#sops34] unnest'0 self self function postcondition_mut_unnest'0 (self : t_F'0) (args : (t_Item'0, Snapshot.snap_ty (Seq.seq t_Item'0))) (res_state : t_F'0) (res : t_B'0) : () - axiom postcondition_mut_unnest'0_spec : forall self : t_F'0, args : (t_Item'0, Snapshot.snap_ty (Seq.seq t_Item'0)), res_state : t_F'0, res : t_B'0 . ([%#sops39] postcondition_mut'0 self args res_state res) - -> ([%#sops40] unnest'0 self res_state) + axiom postcondition_mut_unnest'0_spec : forall self : t_F'0, args : (t_Item'0, Snapshot.snap_ty (Seq.seq t_Item'0)), res_state : t_F'0, res : t_B'0 . ([%#sops32] postcondition_mut'0 self args res_state res) + -> ([%#sops33] unnest'0 self res_state) let rec call_mut'0 (self:borrowed t_F'0) (args:(t_Item'0, Snapshot.snap_ty (Seq.seq t_Item'0))) (return' (ret:t_B'0))= {[@expl:call_mut 'self' type invariant] inv'6 self} {[@expl:call_mut 'args' type invariant] inv'7 args} @@ -730,99 +462,72 @@ module M_06_map_precond__qyi18374305379273630819__next [#"06_map_precond.rs" 72 (! return' {result}) ] - predicate next_precondition'0 [#"06_map_precond.rs" 92 4 92 74] (iter : t_I'0) (func : t_F'0) (produced : Seq.seq t_Item'0) + predicate next_precondition'0 [#"06_map_precond.rs" 85 4 85 74] (iter : t_I'0) (func : t_F'0) (produced : Seq.seq t_Item'0) = - [%#s06_map_precond37] forall e : t_Item'0, i : t_I'0 [produces'0 iter (Seq.singleton e) i] . inv'10 e - /\ inv'0 i /\ produces'0 iter (Seq.singleton e) i -> precondition'0 func (e, Snapshot.new produced) - - use prelude.prelude.Int - - use seq.Seq - - use seq.Seq - - predicate invariant'6 (self : t_Item'0) = - [%#sboxed51] inv'10 self + [%#s06_map_precond30] forall e : t_Item'0, i : t_I'0 [produces'0 iter (Seq.singleton e) i] . produces'0 iter (Seq.singleton e) i + -> precondition'0 func (e, Snapshot.new produced) - predicate inv'13 (_1 : t_Item'0) - - axiom inv_axiom'9 [@rewrite] : forall x : t_Item'0 [inv'13 x] . inv'13 x = invariant'6 x - - predicate invariant'4 (self : Seq.seq t_Item'0) = - [%#sseq50] forall i : int . 0 <= i /\ i < Seq.length self -> inv'13 (Seq.get self i) - - predicate inv'11 (_1 : Seq.seq t_Item'0) - - axiom inv_axiom'7 [@rewrite] : forall x : Seq.seq t_Item'0 [inv'11 x] . inv'11 x = invariant'4 x - - predicate preservation'0 [#"06_map_precond.rs" 116 4 116 45] (iter : t_I'0) (func : t_F'0) = - [%#s06_map_precond47] forall s : Seq.seq t_Item'0, e1 : t_Item'0, e2 : t_Item'0, f : borrowed t_F'0, b : t_B'0, i : t_I'0 . inv'11 s - /\ inv'10 e1 /\ inv'10 e2 /\ inv'6 f /\ inv'8 b /\ inv'0 i /\ unnest'0 func f.current + predicate preservation'0 [#"06_map_precond.rs" 109 4 109 45] (iter : t_I'0) (func : t_F'0) = + [%#s06_map_precond41] forall s : Seq.seq t_Item'0, e1 : t_Item'0, e2 : t_Item'0, f : borrowed t_F'0, b : t_B'0, i : t_I'0 . unnest'0 func f.current -> produces'0 iter (Seq.snoc (Seq.snoc s e1) e2) i -> precondition'0 f.current (e1, Snapshot.new s) -> postcondition_mut'0 f.current (e1, Snapshot.new s) f.final b -> precondition'0 f.final (e2, Snapshot.new (Seq.snoc s e1)) - predicate reinitialize'0 [#"06_map_precond.rs" 128 4 128 29] (_1 : ()) = - [%#s06_map_precond49] forall iter : borrowed t_I'0, func : t_F'0 . inv'4 iter /\ inv'1 func - -> completed'1 iter + predicate reinitialize'0 [#"06_map_precond.rs" 121 4 121 29] (_1 : ()) = + [%#s06_map_precond40] forall iter : borrowed t_I'0, func : t_F'0 . completed'1 iter -> next_precondition'0 iter.final func (Seq.empty : Seq.seq t_Item'0) /\ preservation'0 iter.final func - predicate preservation_inv'0 [#"06_map_precond.rs" 103 4 103 73] (iter : t_I'0) (func : t_F'0) (produced : Seq.seq t_Item'0) + predicate preservation_inv'0 [#"06_map_precond.rs" 96 4 96 73] (iter : t_I'0) (func : t_F'0) (produced : Seq.seq t_Item'0) = - [%#s06_map_precond36] forall s : Seq.seq t_Item'0, e1 : t_Item'0, e2 : t_Item'0, f : borrowed t_F'0, b : t_B'0, i : t_I'0 [produces'0 iter (Seq.snoc (Seq.snoc s e1) e2) i, postcondition_mut'0 f.current (e1, Snapshot.new (Seq.(++) produced s)) f.final b] . inv'11 s - /\ inv'10 e1 /\ inv'10 e2 /\ inv'6 f /\ inv'8 b /\ inv'0 i /\ unnest'0 func f.current + [%#s06_map_precond29] forall s : Seq.seq t_Item'0, e1 : t_Item'0, e2 : t_Item'0, f : borrowed t_F'0, b : t_B'0, i : t_I'0 [produces'0 iter (Seq.snoc (Seq.snoc s e1) e2) i, postcondition_mut'0 f.current (e1, Snapshot.new (Seq.(++) produced s)) f.final b] . unnest'0 func f.current -> produces'0 iter (Seq.snoc (Seq.snoc s e1) e2) i -> precondition'0 f.current (e1, Snapshot.new (Seq.(++) produced s)) -> postcondition_mut'0 f.current (e1, Snapshot.new (Seq.(++) produced s)) f.final b -> precondition'0 f.final (e2, Snapshot.new (Seq.snoc (Seq.(++) produced s) e1)) - axiom preservation_inv'0_spec : forall iter : t_I'0, func : t_F'0, produced : Seq.seq t_Item'0 . [%#s06_map_precond35] produced + axiom preservation_inv'0_spec : forall iter : t_I'0, func : t_F'0, produced : Seq.seq t_Item'0 . [%#s06_map_precond28] produced = (Seq.empty : Seq.seq t_Item'0) -> preservation_inv'0 iter func produced = preservation'0 iter func - predicate invariant'3 [#"06_map_precond.rs" 176 4 176 30] (self : t_Map'0) = - [%#s06_map_precond48] reinitialize'0 () + predicate invariant'0 [#"06_map_precond.rs" 163 4 163 30] (self : t_Map'0) = + [%#s06_map_precond27] reinitialize'0 () /\ preservation_inv'0 self.t_Map__iter'0 self.t_Map__func'0 (Snapshot.inner self.t_Map__produced'0) /\ next_precondition'0 self.t_Map__iter'0 self.t_Map__func'0 (Snapshot.inner self.t_Map__produced'0) - predicate inv'9 (_1 : t_Map'0) + predicate inv'10 (_1 : t_Map'0) - axiom inv_axiom'6 [@rewrite] : forall x : t_Map'0 [inv'9 x] . inv'9 x - = (invariant'3 x + axiom inv_axiom'6 [@rewrite] : forall x : t_Map'0 [inv'10 x] . inv'10 x + = (invariant'0 x /\ match x with | {t_Map__iter'0 = iter ; t_Map__func'0 = func ; t_Map__produced'0 = produced} -> inv'0 iter /\ inv'1 func end) - predicate invariant'0 (self : borrowed (t_Map'0)) = - [%#sinvariant46] inv'9 self.current /\ inv'9 self.final + predicate invariant'1 (self : borrowed (t_Map'0)) = + [%#sinvariant39] inv'10 self.current /\ inv'10 self.final predicate inv'2 (_1 : borrowed (t_Map'0)) - axiom inv_axiom'0 [@rewrite] : forall x : borrowed (t_Map'0) [inv'2 x] . inv'2 x = invariant'0 x + axiom inv_axiom'0 [@rewrite] : forall x : borrowed (t_Map'0) [inv'2 x] . inv'2 x = invariant'1 x predicate resolve'1 (self : borrowed (t_Map'0)) = - [%#sresolve34] self.final = self.current + [%#sresolve26] self.final = self.current predicate resolve'0 (_1 : borrowed (t_Map'0)) = resolve'1 _1 - function produces_one_invariant'0 [#"06_map_precond.rs" 149 4 149 73] (self : t_Map'0) (e : t_Item'0) (r : t_B'0) (f : borrowed t_F'0) (iter : t_I'0) : () + function produces_one_invariant'0 [#"06_map_precond.rs" 137 4 137 73] (self : t_Map'0) (e : t_Item'0) (r : t_B'0) (f : borrowed t_F'0) (iter : t_I'0) : () = - [%#s06_map_precond22] let _ = () in () - - axiom produces_one_invariant'0_spec : forall self : t_Map'0, e : t_Item'0, r : t_B'0, f : borrowed t_F'0, iter : t_I'0 . ([%#s06_map_precond12] inv'9 self) - -> ([%#s06_map_precond13] inv'10 e) - -> ([%#s06_map_precond14] inv'8 r) - -> ([%#s06_map_precond15] inv'6 f) - -> ([%#s06_map_precond16] inv'0 iter) - -> ([%#s06_map_precond17] produces'0 self.t_Map__iter'0 (Seq.singleton e) iter) - -> ([%#s06_map_precond18] f.current = self.t_Map__func'0) - -> ([%#s06_map_precond19] postcondition_mut'0 f.current (e, self.t_Map__produced'0) f.final r) - -> ([%#s06_map_precond20] preservation_inv'0 iter f.final (Seq.snoc (Snapshot.inner self.t_Map__produced'0) e)) - && ([%#s06_map_precond21] next_precondition'0 iter f.final (Seq.snoc (Snapshot.inner self.t_Map__produced'0) e)) + [%#s06_map_precond18] let _ = () in () + + axiom produces_one_invariant'0_spec : forall self : t_Map'0, e : t_Item'0, r : t_B'0, f : borrowed t_F'0, iter : t_I'0 . ([%#s06_map_precond12] invariant'0 self) + -> ([%#s06_map_precond13] produces'0 self.t_Map__iter'0 (Seq.singleton e) iter) + -> ([%#s06_map_precond14] f.current = self.t_Map__func'0) + -> ([%#s06_map_precond15] postcondition_mut'0 f.current (e, self.t_Map__produced'0) f.final r) + -> ([%#s06_map_precond16] preservation_inv'0 iter f.final (Seq.snoc (Snapshot.inner self.t_Map__produced'0) e)) + && ([%#s06_map_precond17] next_precondition'0 iter f.final (Seq.snoc (Snapshot.inner self.t_Map__produced'0) e)) use prelude.prelude.Snapshot @@ -842,8 +547,8 @@ module M_06_map_precond__qyi18374305379273630819__next [#"06_map_precond.rs" 72 | C_Some'1 a_0 -> inv'8 a_0 end - predicate completed'0 [#"06_map_precond.rs" 24 4 24 35] (self : borrowed (t_Map'0)) = - [%#s06_map_precond23] Snapshot.inner (self.final).t_Map__produced'0 = (Seq.empty : Seq.seq t_Item'0) + predicate completed'0 [#"06_map_precond.rs" 21 4 21 35] (self : borrowed (t_Map'0)) = + [%#s06_map_precond19] Snapshot.inner (self.final).t_Map__produced'0 = (Seq.empty : Seq.seq t_Item'0) /\ completed'1 (Borrow.borrow_logic (self.current).t_Map__iter'0 (self.final).t_Map__iter'0 (Borrow.inherit_id (Borrow.get_id self) 1)) /\ (self.current).t_Map__func'0 = (self.final).t_Map__func'0 @@ -857,24 +562,12 @@ module M_06_map_precond__qyi18374305379273630819__next [#"06_map_precond.rs" 72 use seq.Seq - predicate invariant'7 (self : borrowed t_F'0) = - [%#sboxed51] inv'6 self - - predicate inv'14 (_1 : borrowed t_F'0) - - axiom inv_axiom'10 [@rewrite] : forall x : borrowed t_F'0 [inv'14 x] . inv'14 x = invariant'7 x - - predicate invariant'5 (self : Seq.seq (borrowed t_F'0)) = - [%#sseq50] forall i : int . 0 <= i /\ i < Seq.length self -> inv'14 (Seq.get self i) - - predicate inv'12 (_1 : Seq.seq (borrowed t_F'0)) - - axiom inv_axiom'8 [@rewrite] : forall x : Seq.seq (borrowed t_F'0) [inv'12 x] . inv'12 x = invariant'5 x - use seq.Seq use prelude.prelude.Snapshot + use prelude.prelude.Int + use seq.Seq use seq.Seq @@ -883,14 +576,13 @@ module M_06_map_precond__qyi18374305379273630819__next [#"06_map_precond.rs" 72 use seq.Seq - predicate produces'1 [@inline:trivial] [#"06_map_precond.rs" 50 4 50 67] (self : t_Map'0) (visited : Seq.seq t_B'0) (succ : t_Map'0) + predicate produces'1 [@inline:trivial] [#"06_map_precond.rs" 43 4 43 67] (self : t_Map'0) (visited : Seq.seq t_B'0) (succ : t_Map'0) = - [%#s06_map_precond38] unnest'0 self.t_Map__func'0 succ.t_Map__func'0 - /\ (exists fs : Seq.seq (borrowed t_F'0) . inv'12 fs - /\ Seq.length fs = Seq.length visited - /\ (exists s : Seq.seq t_Item'0 [produces'0 self.t_Map__iter'0 s succ.t_Map__iter'0] . inv'11 s - /\ Seq.length s = Seq.length visited + [%#s06_map_precond31] unnest'0 self.t_Map__func'0 succ.t_Map__func'0 + /\ (exists fs : Seq.seq (borrowed t_F'0) . Seq.length fs = Seq.length visited + /\ (exists s : Seq.seq t_Item'0 [produces'0 self.t_Map__iter'0 s succ.t_Map__iter'0] . Seq.length s + = Seq.length visited /\ produces'0 self.t_Map__iter'0 s succ.t_Map__iter'0 /\ Snapshot.inner succ.t_Map__produced'0 = Seq.(++) (Snapshot.inner self.t_Map__produced'0) s /\ (forall i : int . 1 <= i /\ i < Seq.length fs -> (Seq.get fs (i - 1)).final = (Seq.get fs i).current) @@ -904,17 +596,16 @@ module M_06_map_precond__qyi18374305379273630819__next [#"06_map_precond.rs" 72 /\ precondition'0 (Seq.get fs i).current (Seq.get s i, Snapshot.new (Seq.(++) (Snapshot.inner self.t_Map__produced'0) (Seq.([..]) s 0 i))) /\ postcondition_mut'0 (Seq.get fs i).current (Seq.get s i, Snapshot.new (Seq.(++) (Snapshot.inner self.t_Map__produced'0) (Seq.([..]) s 0 i))) (Seq.get fs i).final (Seq.get visited i)))) - predicate produces_one'0 [#"06_map_precond.rs" 160 4 160 57] (self : t_Map'0) (visited : t_B'0) (succ : t_Map'0) = - [%#s06_map_precond25] exists f : borrowed t_F'0, e : t_Item'0 [postcondition_mut'0 f.current (e, self.t_Map__produced'0) f.final visited] . inv'6 f - /\ inv'10 e - /\ f.current = self.t_Map__func'0 + predicate produces_one'0 [#"06_map_precond.rs" 147 4 147 57] (self : t_Map'0) (visited : t_B'0) (succ : t_Map'0) = + [%#s06_map_precond21] exists f : borrowed t_F'0, e : t_Item'0 [postcondition_mut'0 f.current (e, self.t_Map__produced'0) f.final visited] . f.current + = self.t_Map__func'0 /\ f.final = succ.t_Map__func'0 /\ produces'0 self.t_Map__iter'0 (Seq.singleton e) succ.t_Map__iter'0 /\ Snapshot.inner succ.t_Map__produced'0 = Seq.snoc (Snapshot.inner self.t_Map__produced'0) e /\ precondition'0 f.current (e, self.t_Map__produced'0) /\ postcondition_mut'0 f.current (e, self.t_Map__produced'0) f.final visited - axiom produces_one'0_spec : forall self : t_Map'0, visited : t_B'0, succ : t_Map'0 . [%#s06_map_precond24] produces_one'0 self visited succ + axiom produces_one'0_spec : forall self : t_Map'0, visited : t_B'0, succ : t_Map'0 . [%#s06_map_precond20] produces_one'0 self visited succ = produces'1 self (Seq.singleton visited) succ meta "compute_max_steps" 1000000 @@ -1002,35 +693,26 @@ module M_06_map_precond__qyi18374305379273630819__next [#"06_map_precond.rs" 72 (! return' {result}) ] end -module M_06_map_precond__qyi16548623944279504987__preservation_inv [#"06_map_precond.rs" 103 4 103 73] (* Map *) - let%span s06_map_precond0 = "06_map_precond.rs" 102 14 102 81 - let%span s06_map_precond1 = "06_map_precond.rs" 105 12 111 88 - let%span s06_map_precond2 = "06_map_precond.rs" 118 12 123 71 - let%span scommon3 = "common.rs" 14 15 14 24 - let%span scommon4 = "common.rs" 15 14 15 45 - let%span scommon5 = "common.rs" 19 15 19 21 - let%span scommon6 = "common.rs" 20 15 20 21 - let%span scommon7 = "common.rs" 21 15 21 21 - let%span scommon8 = "common.rs" 22 15 22 32 - let%span scommon9 = "common.rs" 23 15 23 32 - let%span scommon10 = "common.rs" 24 14 24 42 - let%span sops11 = "../../../../creusot-contracts/src/std/ops.rs" 109 15 109 59 - let%span sops12 = "../../../../creusot-contracts/src/std/ops.rs" 110 14 110 36 - let%span sops13 = "../../../../creusot-contracts/src/std/ops.rs" 115 14 115 31 - let%span sops14 = "../../../../creusot-contracts/src/std/ops.rs" 120 15 120 29 - let%span sops15 = "../../../../creusot-contracts/src/std/ops.rs" 121 15 121 26 - let%span sops16 = "../../../../creusot-contracts/src/std/ops.rs" 122 14 122 28 - let%span sops17 = "../../../../creusot-contracts/src/std/ops.rs" 127 14 128 105 - let%span sseq18 = "../../../../creusot-contracts/src/logic/seq.rs" 611 20 611 95 - let%span sinvariant19 = "../../../../creusot-contracts/src/invariant.rs" 34 20 34 44 - let%span sboxed20 = "../../../../creusot-contracts/src/std/boxed.rs" 28 8 28 18 +module M_06_map_precond__qyi16548623944279504987__preservation_inv [#"06_map_precond.rs" 96 4 96 73] (* Map *) + let%span s06_map_precond0 = "06_map_precond.rs" 95 14 95 81 + let%span s06_map_precond1 = "06_map_precond.rs" 98 12 104 88 + let%span s06_map_precond2 = "06_map_precond.rs" 111 12 116 71 + let%span scommon3 = "common.rs" 14 14 14 45 + let%span scommon4 = "common.rs" 18 15 18 32 + let%span scommon5 = "common.rs" 19 15 19 32 + let%span scommon6 = "common.rs" 20 14 20 42 + let%span sops7 = "../../../../creusot-contracts/src/std/ops.rs" 109 15 109 59 + let%span sops8 = "../../../../creusot-contracts/src/std/ops.rs" 110 14 110 36 + let%span sops9 = "../../../../creusot-contracts/src/std/ops.rs" 115 14 115 31 + let%span sops10 = "../../../../creusot-contracts/src/std/ops.rs" 120 15 120 29 + let%span sops11 = "../../../../creusot-contracts/src/std/ops.rs" 121 15 121 26 + let%span sops12 = "../../../../creusot-contracts/src/std/ops.rs" 122 14 122 28 + let%span sops13 = "../../../../creusot-contracts/src/std/ops.rs" 127 14 128 105 use seq.Seq type t_I'0 - predicate inv'4 (_1 : t_I'0) - use seq.Seq type t_Item'0 @@ -1039,19 +721,15 @@ module M_06_map_precond__qyi16548623944279504987__preservation_inv [#"06_map_pre predicate produces'0 [#"common.rs" 8 4 8 65] (self : t_I'0) (visited : Seq.seq t_Item'0) (o : t_I'0) - function produces_trans'0 [#"common.rs" 25 4 25 91] (a : t_I'0) (ab : Seq.seq t_Item'0) (b : t_I'0) (bc : Seq.seq t_Item'0) (c : t_I'0) : () + function produces_trans'0 [#"common.rs" 21 4 21 91] (a : t_I'0) (ab : Seq.seq t_Item'0) (b : t_I'0) (bc : Seq.seq t_Item'0) (c : t_I'0) : () - axiom produces_trans'0_spec : forall a : t_I'0, ab : Seq.seq t_Item'0, b : t_I'0, bc : Seq.seq t_Item'0, c : t_I'0 . ([%#scommon5] inv'4 a) - -> ([%#scommon6] inv'4 b) - -> ([%#scommon7] inv'4 c) - -> ([%#scommon8] produces'0 a ab b) - -> ([%#scommon9] produces'0 b bc c) -> ([%#scommon10] produces'0 a (Seq.(++) ab bc) c) + axiom produces_trans'0_spec : forall a : t_I'0, ab : Seq.seq t_Item'0, b : t_I'0, bc : Seq.seq t_Item'0, c : t_I'0 . ([%#scommon4] produces'0 a ab b) + -> ([%#scommon5] produces'0 b bc c) -> ([%#scommon6] produces'0 a (Seq.(++) ab bc) c) - function produces_refl'0 [#"common.rs" 16 4 16 27] (self : t_I'0) : () + function produces_refl'0 [#"common.rs" 15 4 15 27] (self : t_I'0) : () - axiom produces_refl'0_spec : forall self : t_I'0 . ([%#scommon3] inv'4 self) - -> ([%#scommon4] produces'0 self (Seq.empty : Seq.seq t_Item'0) self) + axiom produces_refl'0_spec : forall self : t_I'0 . [%#scommon3] produces'0 self (Seq.empty : Seq.seq t_Item'0) self type t_F'0 @@ -1059,39 +737,6 @@ module M_06_map_precond__qyi16548623944279504987__preservation_inv [#"06_map_pre type t_B'0 - use prelude.prelude.Int - - use seq.Seq - - use seq.Seq - - predicate inv'1 (_1 : t_Item'0) - - predicate invariant'2 (self : t_Item'0) = - [%#sboxed20] inv'1 self - - predicate inv'5 (_1 : t_Item'0) - - axiom inv_axiom'2 [@rewrite] : forall x : t_Item'0 [inv'5 x] . inv'5 x = invariant'2 x - - predicate invariant'0 (self : Seq.seq t_Item'0) = - [%#sseq18] forall i : int . 0 <= i /\ i < Seq.length self -> inv'5 (Seq.get self i) - - predicate inv'0 (_1 : Seq.seq t_Item'0) - - axiom inv_axiom'0 [@rewrite] : forall x : Seq.seq t_Item'0 [inv'0 x] . inv'0 x = invariant'0 x - - predicate inv'6 (_1 : t_F'0) - - predicate invariant'1 (self : borrowed t_F'0) = - [%#sinvariant19] inv'6 self.current /\ inv'6 self.final - - predicate inv'2 (_1 : borrowed t_F'0) - - axiom inv_axiom'1 [@rewrite] : forall x : borrowed t_F'0 [inv'2 x] . inv'2 x = invariant'1 x - - predicate inv'3 (_1 : t_B'0) - use prelude.prelude.Snapshot predicate postcondition_once'0 (self : t_F'0) (args : (t_Item'0, Snapshot.snap_ty (Seq.seq t_Item'0))) (result : t_B'0) @@ -1104,25 +749,25 @@ module M_06_map_precond__qyi16548623944279504987__preservation_inv [#"06_map_pre function fn_mut_once'0 (self : t_F'0) (args : (t_Item'0, Snapshot.snap_ty (Seq.seq t_Item'0))) (res : t_B'0) : () - axiom fn_mut_once'0_spec : forall self : t_F'0, args : (t_Item'0, Snapshot.snap_ty (Seq.seq t_Item'0)), res : t_B'0 . [%#sops17] postcondition_once'0 self args res + axiom fn_mut_once'0_spec : forall self : t_F'0, args : (t_Item'0, Snapshot.snap_ty (Seq.seq t_Item'0)), res : t_B'0 . [%#sops13] postcondition_once'0 self args res = (exists res_state : t_F'0 . postcondition_mut'0 self args res_state res /\ resolve'0 res_state) predicate unnest'0 (self : t_F'0) (_2 : t_F'0) function unnest_trans'0 (self : t_F'0) (b : t_F'0) (c : t_F'0) : () - axiom unnest_trans'0_spec : forall self : t_F'0, b : t_F'0, c : t_F'0 . ([%#sops14] unnest'0 self b) - -> ([%#sops15] unnest'0 b c) -> ([%#sops16] unnest'0 self c) + axiom unnest_trans'0_spec : forall self : t_F'0, b : t_F'0, c : t_F'0 . ([%#sops10] unnest'0 self b) + -> ([%#sops11] unnest'0 b c) -> ([%#sops12] unnest'0 self c) function unnest_refl'0 (self : t_F'0) : () - axiom unnest_refl'0_spec : forall self : t_F'0 . [%#sops13] unnest'0 self self + axiom unnest_refl'0_spec : forall self : t_F'0 . [%#sops9] unnest'0 self self function postcondition_mut_unnest'0 (self : t_F'0) (args : (t_Item'0, Snapshot.snap_ty (Seq.seq t_Item'0))) (res_state : t_F'0) (res : t_B'0) : () - axiom postcondition_mut_unnest'0_spec : forall self : t_F'0, args : (t_Item'0, Snapshot.snap_ty (Seq.seq t_Item'0)), res_state : t_F'0, res : t_B'0 . ([%#sops11] postcondition_mut'0 self args res_state res) - -> ([%#sops12] unnest'0 self res_state) + axiom postcondition_mut_unnest'0_spec : forall self : t_F'0, args : (t_Item'0, Snapshot.snap_ty (Seq.seq t_Item'0)), res_state : t_F'0, res : t_B'0 . ([%#sops7] postcondition_mut'0 self args res_state res) + -> ([%#sops8] unnest'0 self res_state) use seq.Seq @@ -1130,9 +775,8 @@ module M_06_map_precond__qyi16548623944279504987__preservation_inv [#"06_map_pre predicate precondition'0 (self : t_F'0) (args : (t_Item'0, Snapshot.snap_ty (Seq.seq t_Item'0))) - predicate preservation'0 [#"06_map_precond.rs" 116 4 116 45] (iter : t_I'0) (func : t_F'0) = - [%#s06_map_precond2] forall s : Seq.seq t_Item'0, e1 : t_Item'0, e2 : t_Item'0, f : borrowed t_F'0, b : t_B'0, i : t_I'0 . inv'0 s - /\ inv'1 e1 /\ inv'1 e2 /\ inv'2 f /\ inv'3 b /\ inv'4 i /\ unnest'0 func f.current + predicate preservation'0 [#"06_map_precond.rs" 109 4 109 45] (iter : t_I'0) (func : t_F'0) = + [%#s06_map_precond2] forall s : Seq.seq t_Item'0, e1 : t_Item'0, e2 : t_Item'0, f : borrowed t_F'0, b : t_B'0, i : t_I'0 . unnest'0 func f.current -> produces'0 iter (Seq.snoc (Seq.snoc s e1) e2) i -> precondition'0 f.current (e1, Snapshot.new s) -> postcondition_mut'0 f.current (e1, Snapshot.new s) f.final b @@ -1144,62 +788,48 @@ module M_06_map_precond__qyi16548623944279504987__preservation_inv [#"06_map_pre constant produced : Seq.seq t_Item'0 - predicate preservation_inv'0 [#"06_map_precond.rs" 103 4 103 73] (iter : t_I'0) (func : t_F'0) (produced : Seq.seq t_Item'0) + predicate preservation_inv'0 [#"06_map_precond.rs" 96 4 96 73] (iter : t_I'0) (func : t_F'0) (produced : Seq.seq t_Item'0) goal vc_preservation_inv'0 : [%#s06_map_precond0] produced = (Seq.empty : Seq.seq t_Item'0) - -> ([%#s06_map_precond1] forall s : Seq.seq t_Item'0, e1 : t_Item'0, e2 : t_Item'0, f : borrowed t_F'0, b : t_B'0, i : t_I'0 [produces'0 iter (Seq.snoc (Seq.snoc s e1) e2) i, postcondition_mut'0 f.current (e1, Snapshot.new (Seq.(++) produced s)) f.final b] . inv'0 s - /\ inv'1 e1 /\ inv'1 e2 /\ inv'2 f /\ inv'3 b /\ inv'4 i /\ unnest'0 func f.current + -> ([%#s06_map_precond1] forall s : Seq.seq t_Item'0, e1 : t_Item'0, e2 : t_Item'0, f : borrowed t_F'0, b : t_B'0, i : t_I'0 [produces'0 iter (Seq.snoc (Seq.snoc s e1) e2) i, postcondition_mut'0 f.current (e1, Snapshot.new (Seq.(++) produced s)) f.final b] . unnest'0 func f.current -> produces'0 iter (Seq.snoc (Seq.snoc s e1) e2) i -> precondition'0 f.current (e1, Snapshot.new (Seq.(++) produced s)) -> postcondition_mut'0 f.current (e1, Snapshot.new (Seq.(++) produced s)) f.final b -> precondition'0 f.final (e2, Snapshot.new (Seq.snoc (Seq.(++) produced s) e1))) = preservation'0 iter func end -module M_06_map_precond__qyi16548623944279504987__produces_one_invariant [#"06_map_precond.rs" 149 4 149 73] (* Map *) - let%span s06_map_precond0 = "06_map_precond.rs" 139 15 139 24 - let%span s06_map_precond1 = "06_map_precond.rs" 140 15 140 21 - let%span s06_map_precond2 = "06_map_precond.rs" 141 15 141 21 - let%span s06_map_precond3 = "06_map_precond.rs" 142 15 142 21 - let%span s06_map_precond4 = "06_map_precond.rs" 143 15 143 24 - let%span s06_map_precond5 = "06_map_precond.rs" 144 4 144 60 - let%span s06_map_precond6 = "06_map_precond.rs" 145 15 145 30 - let%span s06_map_precond7 = "06_map_precond.rs" 146 15 146 64 - let%span s06_map_precond8 = "06_map_precond.rs" 147 14 147 74 - let%span s06_map_precond9 = "06_map_precond.rs" 148 14 148 75 - let%span s06_map_precond10 = "06_map_precond.rs" 151 12 154 94 - let%span s06_map_precond11 = "06_map_precond.rs" 150 8 155 9 - let%span s06_map_precond12 = "06_map_precond.rs" 102 14 102 81 - let%span s06_map_precond13 = "06_map_precond.rs" 105 12 111 88 - let%span s06_map_precond14 = "06_map_precond.rs" 94 12 97 63 - let%span scommon15 = "common.rs" 14 15 14 24 - let%span scommon16 = "common.rs" 15 14 15 45 - let%span scommon17 = "common.rs" 19 15 19 21 - let%span scommon18 = "common.rs" 20 15 20 21 - let%span scommon19 = "common.rs" 21 15 21 21 - let%span scommon20 = "common.rs" 22 15 22 32 - let%span scommon21 = "common.rs" 23 15 23 32 - let%span scommon22 = "common.rs" 24 14 24 42 - let%span sops23 = "../../../../creusot-contracts/src/std/ops.rs" 109 15 109 59 - let%span sops24 = "../../../../creusot-contracts/src/std/ops.rs" 110 14 110 36 - let%span sops25 = "../../../../creusot-contracts/src/std/ops.rs" 115 14 115 31 - let%span sops26 = "../../../../creusot-contracts/src/std/ops.rs" 120 15 120 29 - let%span sops27 = "../../../../creusot-contracts/src/std/ops.rs" 121 15 121 26 - let%span sops28 = "../../../../creusot-contracts/src/std/ops.rs" 122 14 122 28 - let%span sops29 = "../../../../creusot-contracts/src/std/ops.rs" 127 14 128 105 - let%span s06_map_precond30 = "06_map_precond.rs" 118 12 123 71 - let%span s06_map_precond31 = "06_map_precond.rs" 178 12 180 73 - let%span sinvariant32 = "../../../../creusot-contracts/src/invariant.rs" 34 20 34 44 - let%span sseq33 = "../../../../creusot-contracts/src/logic/seq.rs" 611 20 611 95 - let%span s06_map_precond34 = "06_map_precond.rs" 130 12 134 47 - let%span sboxed35 = "../../../../creusot-contracts/src/std/boxed.rs" 28 8 28 18 +module M_06_map_precond__qyi16548623944279504987__produces_one_invariant [#"06_map_precond.rs" 137 4 137 73] (* Map *) + let%span s06_map_precond0 = "06_map_precond.rs" 131 15 131 31 + let%span s06_map_precond1 = "06_map_precond.rs" 132 4 132 60 + let%span s06_map_precond2 = "06_map_precond.rs" 133 15 133 30 + let%span s06_map_precond3 = "06_map_precond.rs" 134 15 134 64 + let%span s06_map_precond4 = "06_map_precond.rs" 135 14 135 74 + let%span s06_map_precond5 = "06_map_precond.rs" 136 14 136 75 + let%span s06_map_precond6 = "06_map_precond.rs" 139 12 141 94 + let%span s06_map_precond7 = "06_map_precond.rs" 138 8 142 9 + let%span s06_map_precond8 = "06_map_precond.rs" 165 12 167 73 + let%span s06_map_precond9 = "06_map_precond.rs" 95 14 95 81 + let%span s06_map_precond10 = "06_map_precond.rs" 98 12 104 88 + let%span s06_map_precond11 = "06_map_precond.rs" 87 12 90 63 + let%span s06_map_precond12 = "06_map_precond.rs" 123 12 126 47 + let%span scommon13 = "common.rs" 14 14 14 45 + let%span scommon14 = "common.rs" 18 15 18 32 + let%span scommon15 = "common.rs" 19 15 19 32 + let%span scommon16 = "common.rs" 20 14 20 42 + let%span sops17 = "../../../../creusot-contracts/src/std/ops.rs" 109 15 109 59 + let%span sops18 = "../../../../creusot-contracts/src/std/ops.rs" 110 14 110 36 + let%span sops19 = "../../../../creusot-contracts/src/std/ops.rs" 115 14 115 31 + let%span sops20 = "../../../../creusot-contracts/src/std/ops.rs" 120 15 120 29 + let%span sops21 = "../../../../creusot-contracts/src/std/ops.rs" 121 15 121 26 + let%span sops22 = "../../../../creusot-contracts/src/std/ops.rs" 122 14 122 28 + let%span sops23 = "../../../../creusot-contracts/src/std/ops.rs" 127 14 128 105 + let%span s06_map_precond24 = "06_map_precond.rs" 111 12 116 71 type t_I'0 type t_F'0 - predicate inv'4 (_1 : t_I'0) - use seq.Seq use seq.Seq @@ -1210,19 +840,15 @@ module M_06_map_precond__qyi16548623944279504987__produces_one_invariant [#"06_m predicate produces'0 [#"common.rs" 8 4 8 65] (self : t_I'0) (visited : Seq.seq t_Item'0) (o : t_I'0) - function produces_trans'0 [#"common.rs" 25 4 25 91] (a : t_I'0) (ab : Seq.seq t_Item'0) (b : t_I'0) (bc : Seq.seq t_Item'0) (c : t_I'0) : () + function produces_trans'0 [#"common.rs" 21 4 21 91] (a : t_I'0) (ab : Seq.seq t_Item'0) (b : t_I'0) (bc : Seq.seq t_Item'0) (c : t_I'0) : () - axiom produces_trans'0_spec : forall a : t_I'0, ab : Seq.seq t_Item'0, b : t_I'0, bc : Seq.seq t_Item'0, c : t_I'0 . ([%#scommon17] inv'4 a) - -> ([%#scommon18] inv'4 b) - -> ([%#scommon19] inv'4 c) - -> ([%#scommon20] produces'0 a ab b) - -> ([%#scommon21] produces'0 b bc c) -> ([%#scommon22] produces'0 a (Seq.(++) ab bc) c) + axiom produces_trans'0_spec : forall a : t_I'0, ab : Seq.seq t_Item'0, b : t_I'0, bc : Seq.seq t_Item'0, c : t_I'0 . ([%#scommon14] produces'0 a ab b) + -> ([%#scommon15] produces'0 b bc c) -> ([%#scommon16] produces'0 a (Seq.(++) ab bc) c) - function produces_refl'0 [#"common.rs" 16 4 16 27] (self : t_I'0) : () + function produces_refl'0 [#"common.rs" 15 4 15 27] (self : t_I'0) : () - axiom produces_refl'0_spec : forall self : t_I'0 . ([%#scommon15] inv'4 self) - -> ([%#scommon16] produces'0 self (Seq.empty : Seq.seq t_Item'0) self) + axiom produces_refl'0_spec : forall self : t_I'0 . [%#scommon13] produces'0 self (Seq.empty : Seq.seq t_Item'0) self use prelude.prelude.Snapshot @@ -1231,62 +857,22 @@ module M_06_map_precond__qyi16548623944279504987__produces_one_invariant [#"06_m use prelude.prelude.Borrow - predicate invariant'4 (self : borrowed t_I'0) = - [%#sinvariant32] inv'4 self.current /\ inv'4 self.final - - predicate inv'8 (_1 : borrowed t_I'0) - - axiom inv_axiom'4 [@rewrite] : forall x : borrowed t_I'0 [inv'8 x] . inv'8 x = invariant'4 x - - predicate inv'6 (_1 : t_F'0) - predicate completed'0 [#"common.rs" 11 4 11 36] (self : borrowed t_I'0) - predicate inv'1 (_1 : t_Item'0) - use seq.Seq use prelude.prelude.Snapshot predicate precondition'0 (self : t_F'0) (args : (t_Item'0, Snapshot.snap_ty (Seq.seq t_Item'0))) - predicate next_precondition'0 [#"06_map_precond.rs" 92 4 92 74] (iter : t_I'0) (func : t_F'0) (produced : Seq.seq t_Item'0) + predicate next_precondition'0 [#"06_map_precond.rs" 85 4 85 74] (iter : t_I'0) (func : t_F'0) (produced : Seq.seq t_Item'0) = - [%#s06_map_precond14] forall e : t_Item'0, i : t_I'0 [produces'0 iter (Seq.singleton e) i] . inv'1 e - /\ inv'4 i /\ produces'0 iter (Seq.singleton e) i -> precondition'0 func (e, Snapshot.new produced) + [%#s06_map_precond11] forall e : t_Item'0, i : t_I'0 [produces'0 iter (Seq.singleton e) i] . produces'0 iter (Seq.singleton e) i + -> precondition'0 func (e, Snapshot.new produced) type t_B'0 - use prelude.prelude.Int - - use seq.Seq - - use seq.Seq - - predicate invariant'3 (self : t_Item'0) = - [%#sboxed35] inv'1 self - - predicate inv'7 (_1 : t_Item'0) - - axiom inv_axiom'3 [@rewrite] : forall x : t_Item'0 [inv'7 x] . inv'7 x = invariant'3 x - - predicate invariant'2 (self : Seq.seq t_Item'0) = - [%#sseq33] forall i : int . 0 <= i /\ i < Seq.length self -> inv'7 (Seq.get self i) - - predicate inv'5 (_1 : Seq.seq t_Item'0) - - axiom inv_axiom'2 [@rewrite] : forall x : Seq.seq t_Item'0 [inv'5 x] . inv'5 x = invariant'2 x - - predicate invariant'1 (self : borrowed t_F'0) = - [%#sinvariant32] inv'6 self.current /\ inv'6 self.final - - predicate inv'3 (_1 : borrowed t_F'0) - - axiom inv_axiom'1 [@rewrite] : forall x : borrowed t_F'0 [inv'3 x] . inv'3 x = invariant'1 x - - predicate inv'2 (_1 : t_B'0) - predicate postcondition_once'0 (self : t_F'0) (args : (t_Item'0, Snapshot.snap_ty (Seq.seq t_Item'0))) (result : t_B'0) @@ -1297,69 +883,58 @@ module M_06_map_precond__qyi16548623944279504987__produces_one_invariant [#"06_m function fn_mut_once'0 (self : t_F'0) (args : (t_Item'0, Snapshot.snap_ty (Seq.seq t_Item'0))) (res : t_B'0) : () - axiom fn_mut_once'0_spec : forall self : t_F'0, args : (t_Item'0, Snapshot.snap_ty (Seq.seq t_Item'0)), res : t_B'0 . [%#sops29] postcondition_once'0 self args res + axiom fn_mut_once'0_spec : forall self : t_F'0, args : (t_Item'0, Snapshot.snap_ty (Seq.seq t_Item'0)), res : t_B'0 . [%#sops23] postcondition_once'0 self args res = (exists res_state : t_F'0 . postcondition_mut'0 self args res_state res /\ resolve'0 res_state) predicate unnest'0 (self : t_F'0) (_2 : t_F'0) function unnest_trans'0 (self : t_F'0) (b : t_F'0) (c : t_F'0) : () - axiom unnest_trans'0_spec : forall self : t_F'0, b : t_F'0, c : t_F'0 . ([%#sops26] unnest'0 self b) - -> ([%#sops27] unnest'0 b c) -> ([%#sops28] unnest'0 self c) + axiom unnest_trans'0_spec : forall self : t_F'0, b : t_F'0, c : t_F'0 . ([%#sops20] unnest'0 self b) + -> ([%#sops21] unnest'0 b c) -> ([%#sops22] unnest'0 self c) function unnest_refl'0 (self : t_F'0) : () - axiom unnest_refl'0_spec : forall self : t_F'0 . [%#sops25] unnest'0 self self + axiom unnest_refl'0_spec : forall self : t_F'0 . [%#sops19] unnest'0 self self function postcondition_mut_unnest'0 (self : t_F'0) (args : (t_Item'0, Snapshot.snap_ty (Seq.seq t_Item'0))) (res_state : t_F'0) (res : t_B'0) : () - axiom postcondition_mut_unnest'0_spec : forall self : t_F'0, args : (t_Item'0, Snapshot.snap_ty (Seq.seq t_Item'0)), res_state : t_F'0, res : t_B'0 . ([%#sops23] postcondition_mut'0 self args res_state res) - -> ([%#sops24] unnest'0 self res_state) + axiom postcondition_mut_unnest'0_spec : forall self : t_F'0, args : (t_Item'0, Snapshot.snap_ty (Seq.seq t_Item'0)), res_state : t_F'0, res : t_B'0 . ([%#sops17] postcondition_mut'0 self args res_state res) + -> ([%#sops18] unnest'0 self res_state) use seq.Seq - predicate preservation'0 [#"06_map_precond.rs" 116 4 116 45] (iter : t_I'0) (func : t_F'0) = - [%#s06_map_precond30] forall s : Seq.seq t_Item'0, e1 : t_Item'0, e2 : t_Item'0, f : borrowed t_F'0, b : t_B'0, i : t_I'0 . inv'5 s - /\ inv'1 e1 /\ inv'1 e2 /\ inv'3 f /\ inv'2 b /\ inv'4 i /\ unnest'0 func f.current + predicate preservation'0 [#"06_map_precond.rs" 109 4 109 45] (iter : t_I'0) (func : t_F'0) = + [%#s06_map_precond24] forall s : Seq.seq t_Item'0, e1 : t_Item'0, e2 : t_Item'0, f : borrowed t_F'0, b : t_B'0, i : t_I'0 . unnest'0 func f.current -> produces'0 iter (Seq.snoc (Seq.snoc s e1) e2) i -> precondition'0 f.current (e1, Snapshot.new s) -> postcondition_mut'0 f.current (e1, Snapshot.new s) f.final b -> precondition'0 f.final (e2, Snapshot.new (Seq.snoc s e1)) - predicate reinitialize'0 [#"06_map_precond.rs" 128 4 128 29] (_1 : ()) = - [%#s06_map_precond34] forall iter : borrowed t_I'0, func : t_F'0 . inv'8 iter /\ inv'6 func - -> completed'0 iter + predicate reinitialize'0 [#"06_map_precond.rs" 121 4 121 29] (_1 : ()) = + [%#s06_map_precond12] forall iter : borrowed t_I'0, func : t_F'0 . completed'0 iter -> next_precondition'0 iter.final func (Seq.empty : Seq.seq t_Item'0) /\ preservation'0 iter.final func use prelude.prelude.Snapshot - predicate preservation_inv'0 [#"06_map_precond.rs" 103 4 103 73] (iter : t_I'0) (func : t_F'0) (produced : Seq.seq t_Item'0) + predicate preservation_inv'0 [#"06_map_precond.rs" 96 4 96 73] (iter : t_I'0) (func : t_F'0) (produced : Seq.seq t_Item'0) = - [%#s06_map_precond13] forall s : Seq.seq t_Item'0, e1 : t_Item'0, e2 : t_Item'0, f : borrowed t_F'0, b : t_B'0, i : t_I'0 [produces'0 iter (Seq.snoc (Seq.snoc s e1) e2) i, postcondition_mut'0 f.current (e1, Snapshot.new (Seq.(++) produced s)) f.final b] . inv'5 s - /\ inv'1 e1 /\ inv'1 e2 /\ inv'3 f /\ inv'2 b /\ inv'4 i /\ unnest'0 func f.current + [%#s06_map_precond10] forall s : Seq.seq t_Item'0, e1 : t_Item'0, e2 : t_Item'0, f : borrowed t_F'0, b : t_B'0, i : t_I'0 [produces'0 iter (Seq.snoc (Seq.snoc s e1) e2) i, postcondition_mut'0 f.current (e1, Snapshot.new (Seq.(++) produced s)) f.final b] . unnest'0 func f.current -> produces'0 iter (Seq.snoc (Seq.snoc s e1) e2) i -> precondition'0 f.current (e1, Snapshot.new (Seq.(++) produced s)) -> postcondition_mut'0 f.current (e1, Snapshot.new (Seq.(++) produced s)) f.final b -> precondition'0 f.final (e2, Snapshot.new (Seq.snoc (Seq.(++) produced s) e1)) - axiom preservation_inv'0_spec : forall iter : t_I'0, func : t_F'0, produced : Seq.seq t_Item'0 . [%#s06_map_precond12] produced + axiom preservation_inv'0_spec : forall iter : t_I'0, func : t_F'0, produced : Seq.seq t_Item'0 . [%#s06_map_precond9] produced = (Seq.empty : Seq.seq t_Item'0) -> preservation_inv'0 iter func produced = preservation'0 iter func - predicate invariant'0 [#"06_map_precond.rs" 176 4 176 30] (self : t_Map'0) = - [%#s06_map_precond31] reinitialize'0 () + predicate invariant'0 [#"06_map_precond.rs" 163 4 163 30] (self : t_Map'0) = + [%#s06_map_precond8] reinitialize'0 () /\ preservation_inv'0 self.t_Map__iter'0 self.t_Map__func'0 (Snapshot.inner self.t_Map__produced'0) /\ next_precondition'0 self.t_Map__iter'0 self.t_Map__func'0 (Snapshot.inner self.t_Map__produced'0) - predicate inv'0 (_1 : t_Map'0) - - axiom inv_axiom'0 [@rewrite] : forall x : t_Map'0 [inv'0 x] . inv'0 x - = (invariant'0 x - /\ match x with - | {t_Map__iter'0 = iter ; t_Map__func'0 = func ; t_Map__produced'0 = produced} -> inv'4 iter /\ inv'6 func - end) - constant self : t_Map'0 constant e : t_Item'0 @@ -1370,62 +945,41 @@ module M_06_map_precond__qyi16548623944279504987__produces_one_invariant [#"06_m constant iter : t_I'0 - function produces_one_invariant'0 [#"06_map_precond.rs" 149 4 149 73] (self : t_Map'0) (e : t_Item'0) (r : t_B'0) (f : borrowed t_F'0) (iter : t_I'0) : () + function produces_one_invariant'0 [#"06_map_precond.rs" 137 4 137 73] (self : t_Map'0) (e : t_Item'0) (r : t_B'0) (f : borrowed t_F'0) (iter : t_I'0) : () - goal vc_produces_one_invariant'0 : ([%#s06_map_precond7] postcondition_mut'0 f.current (e, self.t_Map__produced'0) f.final r) - -> ([%#s06_map_precond6] f.current = self.t_Map__func'0) - -> ([%#s06_map_precond5] produces'0 self.t_Map__iter'0 (Seq.singleton e) iter) - -> ([%#s06_map_precond4] inv'4 iter) - -> ([%#s06_map_precond3] inv'3 f) - -> ([%#s06_map_precond2] inv'2 r) - -> ([%#s06_map_precond1] inv'1 e) - -> ([%#s06_map_precond0] inv'0 self) - -> ([%#s06_map_precond10] forall s : Seq.seq t_Item'0, e1 : t_Item'0, e2 : t_Item'0, i : t_I'0 . inv'5 s - /\ inv'1 e1 /\ inv'1 e2 /\ inv'4 i - -> produces'0 iter (Seq.snoc (Seq.snoc s e1) e2) i + goal vc_produces_one_invariant'0 : ([%#s06_map_precond3] postcondition_mut'0 f.current (e, self.t_Map__produced'0) f.final r) + -> ([%#s06_map_precond2] f.current = self.t_Map__func'0) + -> ([%#s06_map_precond1] produces'0 self.t_Map__iter'0 (Seq.singleton e) iter) + -> ([%#s06_map_precond0] invariant'0 self) + -> ([%#s06_map_precond6] forall s : Seq.seq t_Item'0, e1 : t_Item'0, e2 : t_Item'0, i : t_I'0 . produces'0 iter (Seq.snoc (Seq.snoc s e1) e2) i -> produces'0 self.t_Map__iter'0 (Seq.snoc (Seq.snoc (Seq.(++) (Seq.singleton e) s) e1) e2) i) - && (let _ = () in ([%#s06_map_precond8] preservation_inv'0 iter f.final (Seq.snoc (Snapshot.inner self.t_Map__produced'0) e)) - && ([%#s06_map_precond9] next_precondition'0 iter f.final (Seq.snoc (Snapshot.inner self.t_Map__produced'0) e))) + && (let _ = () in ([%#s06_map_precond4] preservation_inv'0 iter f.final (Seq.snoc (Snapshot.inner self.t_Map__produced'0) e)) + && ([%#s06_map_precond5] next_precondition'0 iter f.final (Seq.snoc (Snapshot.inner self.t_Map__produced'0) e))) end -module M_06_map_precond__qyi16548623944279504987__produces_one [#"06_map_precond.rs" 160 4 160 57] (* Map *) - let%span s06_map_precond0 = "06_map_precond.rs" 159 14 159 68 - let%span s06_map_precond1 = "06_map_precond.rs" 162 12 168 74 - let%span s06_map_precond2 = "06_map_precond.rs" 51 8 65 9 - let%span s06_map_precond3 = "06_map_precond.rs" 33 15 33 24 - let%span s06_map_precond4 = "06_map_precond.rs" 34 14 34 45 - let%span s06_map_precond5 = "06_map_precond.rs" 31 4 31 10 - let%span s06_map_precond6 = "06_map_precond.rs" 39 15 39 21 - let%span s06_map_precond7 = "06_map_precond.rs" 40 15 40 21 - let%span s06_map_precond8 = "06_map_precond.rs" 41 15 41 21 - let%span s06_map_precond9 = "06_map_precond.rs" 42 15 42 32 - let%span s06_map_precond10 = "06_map_precond.rs" 43 15 43 32 - let%span s06_map_precond11 = "06_map_precond.rs" 44 14 44 42 - let%span s06_map_precond12 = "06_map_precond.rs" 37 4 37 10 - let%span scommon13 = "common.rs" 14 15 14 24 - let%span scommon14 = "common.rs" 15 14 15 45 - let%span scommon15 = "common.rs" 19 15 19 21 - let%span scommon16 = "common.rs" 20 15 20 21 - let%span scommon17 = "common.rs" 21 15 21 21 - let%span scommon18 = "common.rs" 22 15 22 32 - let%span scommon19 = "common.rs" 23 15 23 32 - let%span scommon20 = "common.rs" 24 14 24 42 - let%span sops21 = "../../../../creusot-contracts/src/std/ops.rs" 109 15 109 59 - let%span sops22 = "../../../../creusot-contracts/src/std/ops.rs" 110 14 110 36 - let%span sops23 = "../../../../creusot-contracts/src/std/ops.rs" 115 14 115 31 - let%span sops24 = "../../../../creusot-contracts/src/std/ops.rs" 120 15 120 29 - let%span sops25 = "../../../../creusot-contracts/src/std/ops.rs" 121 15 121 26 - let%span sops26 = "../../../../creusot-contracts/src/std/ops.rs" 122 14 122 28 - let%span sops27 = "../../../../creusot-contracts/src/std/ops.rs" 127 14 128 105 - let%span sinvariant28 = "../../../../creusot-contracts/src/invariant.rs" 34 20 34 44 - let%span sseq29 = "../../../../creusot-contracts/src/logic/seq.rs" 611 20 611 95 - let%span s06_map_precond30 = "06_map_precond.rs" 178 12 180 73 - let%span s06_map_precond31 = "06_map_precond.rs" 130 12 134 47 - let%span s06_map_precond32 = "06_map_precond.rs" 102 14 102 81 - let%span s06_map_precond33 = "06_map_precond.rs" 105 12 111 88 - let%span s06_map_precond34 = "06_map_precond.rs" 94 12 97 63 - let%span s06_map_precond35 = "06_map_precond.rs" 118 12 123 71 - let%span sboxed36 = "../../../../creusot-contracts/src/std/boxed.rs" 28 8 28 18 +module M_06_map_precond__qyi16548623944279504987__produces_one [#"06_map_precond.rs" 147 4 147 57] (* Map *) + let%span s06_map_precond0 = "06_map_precond.rs" 146 14 146 68 + let%span s06_map_precond1 = "06_map_precond.rs" 149 12 155 74 + let%span s06_map_precond2 = "06_map_precond.rs" 44 8 58 9 + let%span s06_map_precond3 = "06_map_precond.rs" 30 14 30 45 + let%span s06_map_precond4 = "06_map_precond.rs" 28 4 28 10 + let%span s06_map_precond5 = "06_map_precond.rs" 35 15 35 32 + let%span s06_map_precond6 = "06_map_precond.rs" 36 15 36 32 + let%span s06_map_precond7 = "06_map_precond.rs" 37 14 37 42 + let%span s06_map_precond8 = "06_map_precond.rs" 33 4 33 10 + let%span scommon9 = "common.rs" 14 14 14 45 + let%span scommon10 = "common.rs" 18 15 18 32 + let%span scommon11 = "common.rs" 19 15 19 32 + let%span scommon12 = "common.rs" 20 14 20 42 + let%span sops13 = "../../../../creusot-contracts/src/std/ops.rs" 109 15 109 59 + let%span sops14 = "../../../../creusot-contracts/src/std/ops.rs" 110 14 110 36 + let%span sops15 = "../../../../creusot-contracts/src/std/ops.rs" 115 14 115 31 + let%span sops16 = "../../../../creusot-contracts/src/std/ops.rs" 120 15 120 29 + let%span sops17 = "../../../../creusot-contracts/src/std/ops.rs" 121 15 121 26 + let%span sops18 = "../../../../creusot-contracts/src/std/ops.rs" 122 14 122 28 + let%span sops19 = "../../../../creusot-contracts/src/std/ops.rs" 127 14 128 105 + + use seq.Seq use seq.Seq @@ -1433,8 +987,6 @@ module M_06_map_precond__qyi16548623944279504987__produces_one [#"06_map_precond type t_F'0 - predicate inv'5 (_1 : t_I'0) - use seq.Seq use seq.Seq @@ -1445,86 +997,32 @@ module M_06_map_precond__qyi16548623944279504987__produces_one [#"06_map_precond predicate produces'1 [#"common.rs" 8 4 8 65] (self : t_I'0) (visited : Seq.seq t_Item'0) (o : t_I'0) - function produces_trans'1 [#"common.rs" 25 4 25 91] (a : t_I'0) (ab : Seq.seq t_Item'0) (b : t_I'0) (bc : Seq.seq t_Item'0) (c : t_I'0) : () + function produces_trans'1 [#"common.rs" 21 4 21 91] (a : t_I'0) (ab : Seq.seq t_Item'0) (b : t_I'0) (bc : Seq.seq t_Item'0) (c : t_I'0) : () - axiom produces_trans'1_spec : forall a : t_I'0, ab : Seq.seq t_Item'0, b : t_I'0, bc : Seq.seq t_Item'0, c : t_I'0 . ([%#scommon15] inv'5 a) - -> ([%#scommon16] inv'5 b) - -> ([%#scommon17] inv'5 c) - -> ([%#scommon18] produces'1 a ab b) - -> ([%#scommon19] produces'1 b bc c) -> ([%#scommon20] produces'1 a (Seq.(++) ab bc) c) + axiom produces_trans'1_spec : forall a : t_I'0, ab : Seq.seq t_Item'0, b : t_I'0, bc : Seq.seq t_Item'0, c : t_I'0 . ([%#scommon10] produces'1 a ab b) + -> ([%#scommon11] produces'1 b bc c) -> ([%#scommon12] produces'1 a (Seq.(++) ab bc) c) - function produces_refl'1 [#"common.rs" 16 4 16 27] (self : t_I'0) : () + function produces_refl'1 [#"common.rs" 15 4 15 27] (self : t_I'0) : () - axiom produces_refl'1_spec : forall self : t_I'0 . ([%#scommon13] inv'5 self) - -> ([%#scommon14] produces'1 self (Seq.empty : Seq.seq t_Item'0) self) + axiom produces_refl'1_spec : forall self : t_I'0 . [%#scommon9] produces'1 self (Seq.empty : Seq.seq t_Item'0) self use prelude.prelude.Snapshot type t_Map'0 = { t_Map__iter'0: t_I'0; t_Map__func'0: t_F'0; t_Map__produced'0: Snapshot.snap_ty (Seq.seq t_Item'0) } - use prelude.prelude.Borrow - - predicate invariant'6 (self : borrowed t_I'0) = - [%#sinvariant28] inv'5 self.current /\ inv'5 self.final - - predicate inv'9 (_1 : borrowed t_I'0) - - axiom inv_axiom'6 [@rewrite] : forall x : borrowed t_I'0 [inv'9 x] . inv'9 x = invariant'6 x - - predicate inv'6 (_1 : t_F'0) - - predicate completed'0 [#"common.rs" 11 4 11 36] (self : borrowed t_I'0) - - predicate inv'1 (_1 : t_Item'0) - - use seq.Seq - - use prelude.prelude.Snapshot - - predicate precondition'0 (self : t_F'0) (args : (t_Item'0, Snapshot.snap_ty (Seq.seq t_Item'0))) - - predicate next_precondition'0 [#"06_map_precond.rs" 92 4 92 74] (iter : t_I'0) (func : t_F'0) (produced : Seq.seq t_Item'0) - - = - [%#s06_map_precond34] forall e : t_Item'0, i : t_I'0 [produces'1 iter (Seq.singleton e) i] . inv'1 e - /\ inv'5 i /\ produces'1 iter (Seq.singleton e) i -> precondition'0 func (e, Snapshot.new produced) - type t_B'0 - use prelude.prelude.Int - use seq.Seq use seq.Seq - predicate invariant'5 (self : t_Item'0) = - [%#sboxed36] inv'1 self - - predicate inv'8 (_1 : t_Item'0) - - axiom inv_axiom'5 [@rewrite] : forall x : t_Item'0 [inv'8 x] . inv'8 x = invariant'5 x - - predicate invariant'2 (self : Seq.seq t_Item'0) = - [%#sseq29] forall i : int . 0 <= i /\ i < Seq.length self -> inv'8 (Seq.get self i) - - predicate inv'3 (_1 : Seq.seq t_Item'0) - - axiom inv_axiom'2 [@rewrite] : forall x : Seq.seq t_Item'0 [inv'3 x] . inv'3 x = invariant'2 x - - predicate invariant'0 (self : borrowed t_F'0) = - [%#sinvariant28] inv'6 self.current /\ inv'6 self.final - - predicate inv'0 (_1 : borrowed t_F'0) - - axiom inv_axiom'0 [@rewrite] : forall x : borrowed t_F'0 [inv'0 x] . inv'0 x = invariant'0 x - - predicate inv'10 (_1 : t_B'0) - predicate postcondition_once'0 (self : t_F'0) (args : (t_Item'0, Snapshot.snap_ty (Seq.seq t_Item'0))) (result : t_B'0) + use prelude.prelude.Borrow + predicate resolve'0 (_1 : t_F'0) predicate postcondition_mut'0 (self : t_F'0) (args : (t_Item'0, Snapshot.snap_ty (Seq.seq t_Item'0))) (result_state : t_F'0) (result : t_B'0) @@ -1532,70 +1030,25 @@ module M_06_map_precond__qyi16548623944279504987__produces_one [#"06_map_precond function fn_mut_once'0 (self : t_F'0) (args : (t_Item'0, Snapshot.snap_ty (Seq.seq t_Item'0))) (res : t_B'0) : () - axiom fn_mut_once'0_spec : forall self : t_F'0, args : (t_Item'0, Snapshot.snap_ty (Seq.seq t_Item'0)), res : t_B'0 . [%#sops27] postcondition_once'0 self args res + axiom fn_mut_once'0_spec : forall self : t_F'0, args : (t_Item'0, Snapshot.snap_ty (Seq.seq t_Item'0)), res : t_B'0 . [%#sops19] postcondition_once'0 self args res = (exists res_state : t_F'0 . postcondition_mut'0 self args res_state res /\ resolve'0 res_state) predicate unnest'0 (self : t_F'0) (_2 : t_F'0) function unnest_trans'0 (self : t_F'0) (b : t_F'0) (c : t_F'0) : () - axiom unnest_trans'0_spec : forall self : t_F'0, b : t_F'0, c : t_F'0 . ([%#sops24] unnest'0 self b) - -> ([%#sops25] unnest'0 b c) -> ([%#sops26] unnest'0 self c) + axiom unnest_trans'0_spec : forall self : t_F'0, b : t_F'0, c : t_F'0 . ([%#sops16] unnest'0 self b) + -> ([%#sops17] unnest'0 b c) -> ([%#sops18] unnest'0 self c) function unnest_refl'0 (self : t_F'0) : () - axiom unnest_refl'0_spec : forall self : t_F'0 . [%#sops23] unnest'0 self self + axiom unnest_refl'0_spec : forall self : t_F'0 . [%#sops15] unnest'0 self self function postcondition_mut_unnest'0 (self : t_F'0) (args : (t_Item'0, Snapshot.snap_ty (Seq.seq t_Item'0))) (res_state : t_F'0) (res : t_B'0) : () - axiom postcondition_mut_unnest'0_spec : forall self : t_F'0, args : (t_Item'0, Snapshot.snap_ty (Seq.seq t_Item'0)), res_state : t_F'0, res : t_B'0 . ([%#sops21] postcondition_mut'0 self args res_state res) - -> ([%#sops22] unnest'0 self res_state) - - use seq.Seq - - predicate preservation'0 [#"06_map_precond.rs" 116 4 116 45] (iter : t_I'0) (func : t_F'0) = - [%#s06_map_precond35] forall s : Seq.seq t_Item'0, e1 : t_Item'0, e2 : t_Item'0, f : borrowed t_F'0, b : t_B'0, i : t_I'0 . inv'3 s - /\ inv'1 e1 /\ inv'1 e2 /\ inv'0 f /\ inv'10 b /\ inv'5 i /\ unnest'0 func f.current - -> produces'1 iter (Seq.snoc (Seq.snoc s e1) e2) i - -> precondition'0 f.current (e1, Snapshot.new s) - -> postcondition_mut'0 f.current (e1, Snapshot.new s) f.final b - -> precondition'0 f.final (e2, Snapshot.new (Seq.snoc s e1)) - - predicate reinitialize'0 [#"06_map_precond.rs" 128 4 128 29] (_1 : ()) = - [%#s06_map_precond31] forall iter : borrowed t_I'0, func : t_F'0 . inv'9 iter /\ inv'6 func - -> completed'0 iter - -> next_precondition'0 iter.final func (Seq.empty : Seq.seq t_Item'0) /\ preservation'0 iter.final func - - use prelude.prelude.Snapshot - - predicate preservation_inv'0 [#"06_map_precond.rs" 103 4 103 73] (iter : t_I'0) (func : t_F'0) (produced : Seq.seq t_Item'0) - - = - [%#s06_map_precond33] forall s : Seq.seq t_Item'0, e1 : t_Item'0, e2 : t_Item'0, f : borrowed t_F'0, b : t_B'0, i : t_I'0 [produces'1 iter (Seq.snoc (Seq.snoc s e1) e2) i, postcondition_mut'0 f.current (e1, Snapshot.new (Seq.(++) produced s)) f.final b] . inv'3 s - /\ inv'1 e1 /\ inv'1 e2 /\ inv'0 f /\ inv'10 b /\ inv'5 i /\ unnest'0 func f.current - -> produces'1 iter (Seq.snoc (Seq.snoc s e1) e2) i - -> precondition'0 f.current (e1, Snapshot.new (Seq.(++) produced s)) - -> postcondition_mut'0 f.current (e1, Snapshot.new (Seq.(++) produced s)) f.final b - -> precondition'0 f.final (e2, Snapshot.new (Seq.snoc (Seq.(++) produced s) e1)) - - axiom preservation_inv'0_spec : forall iter : t_I'0, func : t_F'0, produced : Seq.seq t_Item'0 . [%#s06_map_precond32] produced - = (Seq.empty : Seq.seq t_Item'0) -> preservation_inv'0 iter func produced = preservation'0 iter func - - predicate invariant'3 [#"06_map_precond.rs" 176 4 176 30] (self : t_Map'0) = - [%#s06_map_precond30] reinitialize'0 () - /\ preservation_inv'0 self.t_Map__iter'0 self.t_Map__func'0 (Snapshot.inner self.t_Map__produced'0) - /\ next_precondition'0 self.t_Map__iter'0 self.t_Map__func'0 (Snapshot.inner self.t_Map__produced'0) - - predicate inv'4 (_1 : t_Map'0) - - axiom inv_axiom'3 [@rewrite] : forall x : t_Map'0 [inv'4 x] . inv'4 x - = (invariant'3 x - /\ match x with - | {t_Map__iter'0 = iter ; t_Map__func'0 = func ; t_Map__produced'0 = produced} -> inv'5 iter /\ inv'6 func - end) - - use seq.Seq + axiom postcondition_mut_unnest'0_spec : forall self : t_F'0, args : (t_Item'0, Snapshot.snap_ty (Seq.seq t_Item'0)), res_state : t_F'0, res : t_B'0 . ([%#sops13] postcondition_mut'0 self args res_state res) + -> ([%#sops14] unnest'0 self res_state) use seq.Seq @@ -1605,42 +1058,31 @@ module M_06_map_precond__qyi16548623944279504987__produces_one [#"06_map_precond use seq.Seq - use seq.Seq - - predicate invariant'4 (self : borrowed t_F'0) = - [%#sboxed36] inv'0 self - - predicate inv'7 (_1 : borrowed t_F'0) - - axiom inv_axiom'4 [@rewrite] : forall x : borrowed t_F'0 [inv'7 x] . inv'7 x = invariant'4 x - - predicate invariant'1 (self : Seq.seq (borrowed t_F'0)) = - [%#sseq29] forall i : int . 0 <= i /\ i < Seq.length self -> inv'7 (Seq.get self i) + use prelude.prelude.Snapshot - predicate inv'2 (_1 : Seq.seq (borrowed t_F'0)) + use prelude.prelude.Snapshot - axiom inv_axiom'1 [@rewrite] : forall x : Seq.seq (borrowed t_F'0) [inv'2 x] . inv'2 x = invariant'1 x + use prelude.prelude.Int use seq.Seq - use prelude.prelude.Snapshot - use seq.Seq use seq.Seq - use seq.Seq + use prelude.prelude.Snapshot + + predicate precondition'0 (self : t_F'0) (args : (t_Item'0, Snapshot.snap_ty (Seq.seq t_Item'0))) use seq.Seq - predicate produces'0 [@inline:trivial] [#"06_map_precond.rs" 50 4 50 67] (self : t_Map'0) (visited : Seq.seq t_B'0) (succ : t_Map'0) + predicate produces'0 [@inline:trivial] [#"06_map_precond.rs" 43 4 43 67] (self : t_Map'0) (visited : Seq.seq t_B'0) (succ : t_Map'0) = [%#s06_map_precond2] unnest'0 self.t_Map__func'0 succ.t_Map__func'0 - /\ (exists fs : Seq.seq (borrowed t_F'0) . inv'2 fs - /\ Seq.length fs = Seq.length visited - /\ (exists s : Seq.seq t_Item'0 [produces'1 self.t_Map__iter'0 s succ.t_Map__iter'0] . inv'3 s - /\ Seq.length s = Seq.length visited + /\ (exists fs : Seq.seq (borrowed t_F'0) . Seq.length fs = Seq.length visited + /\ (exists s : Seq.seq t_Item'0 [produces'1 self.t_Map__iter'0 s succ.t_Map__iter'0] . Seq.length s + = Seq.length visited /\ produces'1 self.t_Map__iter'0 s succ.t_Map__iter'0 /\ Snapshot.inner succ.t_Map__produced'0 = Seq.(++) (Snapshot.inner self.t_Map__produced'0) s /\ (forall i : int . 1 <= i /\ i < Seq.length fs -> (Seq.get fs (i - 1)).final = (Seq.get fs i).current) @@ -1654,22 +1096,22 @@ module M_06_map_precond__qyi16548623944279504987__produces_one [#"06_map_precond /\ precondition'0 (Seq.get fs i).current (Seq.get s i, Snapshot.new (Seq.(++) (Snapshot.inner self.t_Map__produced'0) (Seq.([..]) s 0 i))) /\ postcondition_mut'0 (Seq.get fs i).current (Seq.get s i, Snapshot.new (Seq.(++) (Snapshot.inner self.t_Map__produced'0) (Seq.([..]) s 0 i))) (Seq.get fs i).final (Seq.get visited i)))) - function produces_trans'0 [#"06_map_precond.rs" 45 4 45 90] (a : t_Map'0) (ab : Seq.seq t_B'0) (b : t_Map'0) (bc : Seq.seq t_B'0) (c : t_Map'0) : () + function produces_trans'0 [#"06_map_precond.rs" 38 4 38 90] (a : t_Map'0) (ab : Seq.seq t_B'0) (b : t_Map'0) (bc : Seq.seq t_B'0) (c : t_Map'0) : () = - [%#s06_map_precond12] () + [%#s06_map_precond8] () + + axiom produces_trans'0_spec : forall a : t_Map'0, ab : Seq.seq t_B'0, b : t_Map'0, bc : Seq.seq t_B'0, c : t_Map'0 . ([%#s06_map_precond5] produces'0 a ab b) + -> ([%#s06_map_precond6] produces'0 b bc c) -> ([%#s06_map_precond7] produces'0 a (Seq.(++) ab bc) c) - axiom produces_trans'0_spec : forall a : t_Map'0, ab : Seq.seq t_B'0, b : t_Map'0, bc : Seq.seq t_B'0, c : t_Map'0 . ([%#s06_map_precond6] inv'4 a) - -> ([%#s06_map_precond7] inv'4 b) - -> ([%#s06_map_precond8] inv'4 c) - -> ([%#s06_map_precond9] produces'0 a ab b) - -> ([%#s06_map_precond10] produces'0 b bc c) -> ([%#s06_map_precond11] produces'0 a (Seq.(++) ab bc) c) + function produces_refl'0 [#"06_map_precond.rs" 31 4 31 26] (self : t_Map'0) : () = + [%#s06_map_precond4] () - function produces_refl'0 [#"06_map_precond.rs" 35 4 35 26] (self : t_Map'0) : () = - [%#s06_map_precond5] () + axiom produces_refl'0_spec : forall self : t_Map'0 . [%#s06_map_precond3] produces'0 self (Seq.empty : Seq.seq t_B'0) self - axiom produces_refl'0_spec : forall self : t_Map'0 . ([%#s06_map_precond3] inv'4 self) - -> ([%#s06_map_precond4] produces'0 self (Seq.empty : Seq.seq t_B'0) self) + use seq.Seq + + use seq.Seq constant self : t_Map'0 @@ -1677,11 +1119,10 @@ module M_06_map_precond__qyi16548623944279504987__produces_one [#"06_map_precond constant succ : t_Map'0 - predicate produces_one'0 [#"06_map_precond.rs" 160 4 160 57] (self : t_Map'0) (visited : t_B'0) (succ : t_Map'0) + predicate produces_one'0 [#"06_map_precond.rs" 147 4 147 57] (self : t_Map'0) (visited : t_B'0) (succ : t_Map'0) - goal vc_produces_one'0 : [%#s06_map_precond0] ([%#s06_map_precond1] exists f : borrowed t_F'0, e : t_Item'0 [postcondition_mut'0 f.current (e, self.t_Map__produced'0) f.final visited] . inv'0 f - /\ inv'1 e - /\ f.current = self.t_Map__func'0 + goal vc_produces_one'0 : [%#s06_map_precond0] ([%#s06_map_precond1] exists f : borrowed t_F'0, e : t_Item'0 [postcondition_mut'0 f.current (e, self.t_Map__produced'0) f.final visited] . f.current + = self.t_Map__func'0 /\ f.final = succ.t_Map__func'0 /\ produces'1 self.t_Map__iter'0 (Seq.singleton e) succ.t_Map__iter'0 /\ Snapshot.inner succ.t_Map__produced'0 = Seq.snoc (Snapshot.inner self.t_Map__produced'0) e @@ -1689,46 +1130,37 @@ module M_06_map_precond__qyi16548623944279504987__produces_one [#"06_map_precond /\ postcondition_mut'0 f.current (e, self.t_Map__produced'0) f.final visited) = produces'0 self (Seq.singleton visited) succ end -module M_06_map_precond__map [#"06_map_precond.rs" 191 0 194 17] - let%span s06_map_precond0 = "06_map_precond.rs" 195 32 195 54 - let%span s06_map_precond1 = "06_map_precond.rs" 192 4 192 8 - let%span s06_map_precond2 = "06_map_precond.rs" 193 4 193 8 - let%span s06_map_precond3 = "06_map_precond.rs" 185 11 187 65 - let%span s06_map_precond4 = "06_map_precond.rs" 188 11 188 41 - let%span s06_map_precond5 = "06_map_precond.rs" 189 11 189 51 - let%span s06_map_precond6 = "06_map_precond.rs" 194 5 194 17 - let%span s06_map_precond7 = "06_map_precond.rs" 190 10 190 75 - let%span s06_map_precond8 = "06_map_precond.rs" 130 12 134 47 - let%span s06_map_precond9 = "06_map_precond.rs" 118 12 123 71 - let%span scommon10 = "common.rs" 14 15 14 24 - let%span scommon11 = "common.rs" 15 14 15 45 - let%span scommon12 = "common.rs" 19 15 19 21 - let%span scommon13 = "common.rs" 20 15 20 21 - let%span scommon14 = "common.rs" 21 15 21 21 - let%span scommon15 = "common.rs" 22 15 22 32 - let%span scommon16 = "common.rs" 23 15 23 32 - let%span scommon17 = "common.rs" 24 14 24 42 - let%span s06_map_precond18 = "06_map_precond.rs" 94 12 97 63 - let%span sops19 = "../../../../creusot-contracts/src/std/ops.rs" 109 15 109 59 - let%span sops20 = "../../../../creusot-contracts/src/std/ops.rs" 110 14 110 36 - let%span sops21 = "../../../../creusot-contracts/src/std/ops.rs" 115 14 115 31 - let%span sops22 = "../../../../creusot-contracts/src/std/ops.rs" 120 15 120 29 - let%span sops23 = "../../../../creusot-contracts/src/std/ops.rs" 121 15 121 26 - let%span sops24 = "../../../../creusot-contracts/src/std/ops.rs" 122 14 122 28 - let%span sops25 = "../../../../creusot-contracts/src/std/ops.rs" 127 14 128 105 - let%span s06_map_precond26 = "06_map_precond.rs" 178 12 180 73 - let%span sinvariant27 = "../../../../creusot-contracts/src/invariant.rs" 34 20 34 44 - let%span sseq28 = "../../../../creusot-contracts/src/logic/seq.rs" 611 20 611 95 - let%span s06_map_precond29 = "06_map_precond.rs" 102 14 102 81 - let%span s06_map_precond30 = "06_map_precond.rs" 105 12 111 88 - let%span sboxed31 = "../../../../creusot-contracts/src/std/boxed.rs" 28 8 28 18 +module M_06_map_precond__map [#"06_map_precond.rs" 178 0 181 17] + let%span s06_map_precond0 = "06_map_precond.rs" 182 32 182 54 + let%span s06_map_precond1 = "06_map_precond.rs" 179 4 179 8 + let%span s06_map_precond2 = "06_map_precond.rs" 180 4 180 8 + let%span s06_map_precond3 = "06_map_precond.rs" 172 11 174 65 + let%span s06_map_precond4 = "06_map_precond.rs" 175 11 175 41 + let%span s06_map_precond5 = "06_map_precond.rs" 176 11 176 51 + let%span s06_map_precond6 = "06_map_precond.rs" 181 5 181 17 + let%span s06_map_precond7 = "06_map_precond.rs" 177 10 177 75 + let%span s06_map_precond8 = "06_map_precond.rs" 123 12 126 47 + let%span s06_map_precond9 = "06_map_precond.rs" 111 12 116 71 + let%span scommon10 = "common.rs" 14 14 14 45 + let%span scommon11 = "common.rs" 18 15 18 32 + let%span scommon12 = "common.rs" 19 15 19 32 + let%span scommon13 = "common.rs" 20 14 20 42 + let%span s06_map_precond14 = "06_map_precond.rs" 87 12 90 63 + let%span sops15 = "../../../../creusot-contracts/src/std/ops.rs" 109 15 109 59 + let%span sops16 = "../../../../creusot-contracts/src/std/ops.rs" 110 14 110 36 + let%span sops17 = "../../../../creusot-contracts/src/std/ops.rs" 115 14 115 31 + let%span sops18 = "../../../../creusot-contracts/src/std/ops.rs" 120 15 120 29 + let%span sops19 = "../../../../creusot-contracts/src/std/ops.rs" 121 15 121 26 + let%span sops20 = "../../../../creusot-contracts/src/std/ops.rs" 122 14 122 28 + let%span sops21 = "../../../../creusot-contracts/src/std/ops.rs" 127 14 128 105 + let%span s06_map_precond22 = "06_map_precond.rs" 165 12 167 73 + let%span s06_map_precond23 = "06_map_precond.rs" 95 14 95 81 + let%span s06_map_precond24 = "06_map_precond.rs" 98 12 104 88 use seq.Seq type t_I'0 - predicate inv'0 (_1 : t_I'0) - use seq.Seq type t_Item'0 @@ -1737,19 +1169,15 @@ module M_06_map_precond__map [#"06_map_precond.rs" 191 0 194 17] predicate produces'0 [#"common.rs" 8 4 8 65] (self : t_I'0) (visited : Seq.seq t_Item'0) (o : t_I'0) - function produces_trans'0 [#"common.rs" 25 4 25 91] (a : t_I'0) (ab : Seq.seq t_Item'0) (b : t_I'0) (bc : Seq.seq t_Item'0) (c : t_I'0) : () + function produces_trans'0 [#"common.rs" 21 4 21 91] (a : t_I'0) (ab : Seq.seq t_Item'0) (b : t_I'0) (bc : Seq.seq t_Item'0) (c : t_I'0) : () - axiom produces_trans'0_spec : forall a : t_I'0, ab : Seq.seq t_Item'0, b : t_I'0, bc : Seq.seq t_Item'0, c : t_I'0 . ([%#scommon12] inv'0 a) - -> ([%#scommon13] inv'0 b) - -> ([%#scommon14] inv'0 c) - -> ([%#scommon15] produces'0 a ab b) - -> ([%#scommon16] produces'0 b bc c) -> ([%#scommon17] produces'0 a (Seq.(++) ab bc) c) + axiom produces_trans'0_spec : forall a : t_I'0, ab : Seq.seq t_Item'0, b : t_I'0, bc : Seq.seq t_Item'0, c : t_I'0 . ([%#scommon11] produces'0 a ab b) + -> ([%#scommon12] produces'0 b bc c) -> ([%#scommon13] produces'0 a (Seq.(++) ab bc) c) - function produces_refl'0 [#"common.rs" 16 4 16 27] (self : t_I'0) : () + function produces_refl'0 [#"common.rs" 15 4 15 27] (self : t_I'0) : () - axiom produces_refl'0_spec : forall self : t_I'0 . ([%#scommon10] inv'0 self) - -> ([%#scommon11] produces'0 self (Seq.empty : Seq.seq t_Item'0) self) + axiom produces_refl'0_spec : forall self : t_I'0 . [%#scommon10] produces'0 self (Seq.empty : Seq.seq t_Item'0) self use prelude.prelude.Snapshot @@ -1762,9 +1190,9 @@ module M_06_map_precond__map [#"06_map_precond.rs" 191 0 194 17] use prelude.prelude.Intrinsic - predicate inv'1 (_1 : t_F'0) + predicate inv'0 (_1 : t_I'0) - predicate inv'2 (_1 : t_Item'0) + predicate inv'1 (_1 : t_F'0) use seq.Seq @@ -1772,52 +1200,16 @@ module M_06_map_precond__map [#"06_map_precond.rs" 191 0 194 17] use prelude.prelude.Borrow - predicate invariant'1 (self : borrowed t_I'0) = - [%#sinvariant27] inv'0 self.current /\ inv'0 self.final - - predicate inv'4 (_1 : borrowed t_I'0) - - axiom inv_axiom'1 [@rewrite] : forall x : borrowed t_I'0 [inv'4 x] . inv'4 x = invariant'1 x - predicate completed'0 [#"common.rs" 11 4 11 36] (self : borrowed t_I'0) - predicate next_precondition'0 [#"06_map_precond.rs" 92 4 92 74] (iter : t_I'0) (func : t_F'0) (produced : Seq.seq t_Item'0) + predicate next_precondition'0 [#"06_map_precond.rs" 85 4 85 74] (iter : t_I'0) (func : t_F'0) (produced : Seq.seq t_Item'0) = - [%#s06_map_precond18] forall e : t_Item'0, i : t_I'0 [produces'0 iter (Seq.singleton e) i] . inv'2 e - /\ inv'0 i /\ produces'0 iter (Seq.singleton e) i -> precondition'0 func (e, Snapshot.new produced) + [%#s06_map_precond14] forall e : t_Item'0, i : t_I'0 [produces'0 iter (Seq.singleton e) i] . produces'0 iter (Seq.singleton e) i + -> precondition'0 func (e, Snapshot.new produced) type t_B'0 - use prelude.prelude.Int - - use seq.Seq - - use seq.Seq - - predicate invariant'4 (self : t_Item'0) = - [%#sboxed31] inv'2 self - - predicate inv'8 (_1 : t_Item'0) - - axiom inv_axiom'4 [@rewrite] : forall x : t_Item'0 [inv'8 x] . inv'8 x = invariant'4 x - - predicate invariant'2 (self : Seq.seq t_Item'0) = - [%#sseq28] forall i : int . 0 <= i /\ i < Seq.length self -> inv'8 (Seq.get self i) - - predicate inv'5 (_1 : Seq.seq t_Item'0) - - axiom inv_axiom'2 [@rewrite] : forall x : Seq.seq t_Item'0 [inv'5 x] . inv'5 x = invariant'2 x - - predicate invariant'3 (self : borrowed t_F'0) = - [%#sinvariant27] inv'1 self.current /\ inv'1 self.final - - predicate inv'6 (_1 : borrowed t_F'0) - - axiom inv_axiom'3 [@rewrite] : forall x : borrowed t_F'0 [inv'6 x] . inv'6 x = invariant'3 x - - predicate inv'7 (_1 : t_B'0) - predicate postcondition_once'0 (self : t_F'0) (args : (t_Item'0, Snapshot.snap_ty (Seq.seq t_Item'0))) (result : t_B'0) @@ -1828,64 +1220,61 @@ module M_06_map_precond__map [#"06_map_precond.rs" 191 0 194 17] function fn_mut_once'0 (self : t_F'0) (args : (t_Item'0, Snapshot.snap_ty (Seq.seq t_Item'0))) (res : t_B'0) : () - axiom fn_mut_once'0_spec : forall self : t_F'0, args : (t_Item'0, Snapshot.snap_ty (Seq.seq t_Item'0)), res : t_B'0 . [%#sops25] postcondition_once'0 self args res + axiom fn_mut_once'0_spec : forall self : t_F'0, args : (t_Item'0, Snapshot.snap_ty (Seq.seq t_Item'0)), res : t_B'0 . [%#sops21] postcondition_once'0 self args res = (exists res_state : t_F'0 . postcondition_mut'0 self args res_state res /\ resolve'0 res_state) predicate unnest'0 (self : t_F'0) (_2 : t_F'0) function unnest_trans'0 (self : t_F'0) (b : t_F'0) (c : t_F'0) : () - axiom unnest_trans'0_spec : forall self : t_F'0, b : t_F'0, c : t_F'0 . ([%#sops22] unnest'0 self b) - -> ([%#sops23] unnest'0 b c) -> ([%#sops24] unnest'0 self c) + axiom unnest_trans'0_spec : forall self : t_F'0, b : t_F'0, c : t_F'0 . ([%#sops18] unnest'0 self b) + -> ([%#sops19] unnest'0 b c) -> ([%#sops20] unnest'0 self c) function unnest_refl'0 (self : t_F'0) : () - axiom unnest_refl'0_spec : forall self : t_F'0 . [%#sops21] unnest'0 self self + axiom unnest_refl'0_spec : forall self : t_F'0 . [%#sops17] unnest'0 self self function postcondition_mut_unnest'0 (self : t_F'0) (args : (t_Item'0, Snapshot.snap_ty (Seq.seq t_Item'0))) (res_state : t_F'0) (res : t_B'0) : () - axiom postcondition_mut_unnest'0_spec : forall self : t_F'0, args : (t_Item'0, Snapshot.snap_ty (Seq.seq t_Item'0)), res_state : t_F'0, res : t_B'0 . ([%#sops19] postcondition_mut'0 self args res_state res) - -> ([%#sops20] unnest'0 self res_state) + axiom postcondition_mut_unnest'0_spec : forall self : t_F'0, args : (t_Item'0, Snapshot.snap_ty (Seq.seq t_Item'0)), res_state : t_F'0, res : t_B'0 . ([%#sops15] postcondition_mut'0 self args res_state res) + -> ([%#sops16] unnest'0 self res_state) use seq.Seq - predicate preservation'0 [#"06_map_precond.rs" 116 4 116 45] (iter : t_I'0) (func : t_F'0) = - [%#s06_map_precond9] forall s : Seq.seq t_Item'0, e1 : t_Item'0, e2 : t_Item'0, f : borrowed t_F'0, b : t_B'0, i : t_I'0 . inv'5 s - /\ inv'2 e1 /\ inv'2 e2 /\ inv'6 f /\ inv'7 b /\ inv'0 i /\ unnest'0 func f.current + predicate preservation'0 [#"06_map_precond.rs" 109 4 109 45] (iter : t_I'0) (func : t_F'0) = + [%#s06_map_precond9] forall s : Seq.seq t_Item'0, e1 : t_Item'0, e2 : t_Item'0, f : borrowed t_F'0, b : t_B'0, i : t_I'0 . unnest'0 func f.current -> produces'0 iter (Seq.snoc (Seq.snoc s e1) e2) i -> precondition'0 f.current (e1, Snapshot.new s) -> postcondition_mut'0 f.current (e1, Snapshot.new s) f.final b -> precondition'0 f.final (e2, Snapshot.new (Seq.snoc s e1)) - predicate reinitialize'0 [#"06_map_precond.rs" 128 4 128 29] (_1 : ()) = - [%#s06_map_precond8] forall iter : borrowed t_I'0, func : t_F'0 . inv'4 iter /\ inv'1 func - -> completed'0 iter + predicate reinitialize'0 [#"06_map_precond.rs" 121 4 121 29] (_1 : ()) = + [%#s06_map_precond8] forall iter : borrowed t_I'0, func : t_F'0 . completed'0 iter -> next_precondition'0 iter.final func (Seq.empty : Seq.seq t_Item'0) /\ preservation'0 iter.final func use prelude.prelude.Snapshot - predicate preservation_inv'0 [#"06_map_precond.rs" 103 4 103 73] (iter : t_I'0) (func : t_F'0) (produced : Seq.seq t_Item'0) + predicate preservation_inv'0 [#"06_map_precond.rs" 96 4 96 73] (iter : t_I'0) (func : t_F'0) (produced : Seq.seq t_Item'0) = - [%#s06_map_precond30] forall s : Seq.seq t_Item'0, e1 : t_Item'0, e2 : t_Item'0, f : borrowed t_F'0, b : t_B'0, i : t_I'0 [produces'0 iter (Seq.snoc (Seq.snoc s e1) e2) i, postcondition_mut'0 f.current (e1, Snapshot.new (Seq.(++) produced s)) f.final b] . inv'5 s - /\ inv'2 e1 /\ inv'2 e2 /\ inv'6 f /\ inv'7 b /\ inv'0 i /\ unnest'0 func f.current + [%#s06_map_precond24] forall s : Seq.seq t_Item'0, e1 : t_Item'0, e2 : t_Item'0, f : borrowed t_F'0, b : t_B'0, i : t_I'0 [produces'0 iter (Seq.snoc (Seq.snoc s e1) e2) i, postcondition_mut'0 f.current (e1, Snapshot.new (Seq.(++) produced s)) f.final b] . unnest'0 func f.current -> produces'0 iter (Seq.snoc (Seq.snoc s e1) e2) i -> precondition'0 f.current (e1, Snapshot.new (Seq.(++) produced s)) -> postcondition_mut'0 f.current (e1, Snapshot.new (Seq.(++) produced s)) f.final b -> precondition'0 f.final (e2, Snapshot.new (Seq.snoc (Seq.(++) produced s) e1)) - axiom preservation_inv'0_spec : forall iter : t_I'0, func : t_F'0, produced : Seq.seq t_Item'0 . [%#s06_map_precond29] produced + axiom preservation_inv'0_spec : forall iter : t_I'0, func : t_F'0, produced : Seq.seq t_Item'0 . [%#s06_map_precond23] produced = (Seq.empty : Seq.seq t_Item'0) -> preservation_inv'0 iter func produced = preservation'0 iter func - predicate invariant'0 [#"06_map_precond.rs" 176 4 176 30] (self : t_Map'0) = - [%#s06_map_precond26] reinitialize'0 () + predicate invariant'0 [#"06_map_precond.rs" 163 4 163 30] (self : t_Map'0) = + [%#s06_map_precond22] reinitialize'0 () /\ preservation_inv'0 self.t_Map__iter'0 self.t_Map__func'0 (Snapshot.inner self.t_Map__produced'0) /\ next_precondition'0 self.t_Map__iter'0 self.t_Map__func'0 (Snapshot.inner self.t_Map__produced'0) - predicate inv'3 (_1 : t_Map'0) + predicate inv'2 (_1 : t_Map'0) - axiom inv_axiom'0 [@rewrite] : forall x : t_Map'0 [inv'3 x] . inv'3 x + axiom inv_axiom'0 [@rewrite] : forall x : t_Map'0 [inv'2 x] . inv'2 x = (invariant'0 x /\ match x with | {t_Map__iter'0 = iter ; t_Map__func'0 = func ; t_Map__produced'0 = produced} -> inv'0 iter /\ inv'1 func @@ -1895,8 +1284,8 @@ module M_06_map_precond__map [#"06_map_precond.rs" 191 0 194 17] let rec map'0 (iter:t_I'0) (func:t_F'0) (return' (ret:t_Map'0))= {[@expl:map 'iter' type invariant] [%#s06_map_precond1] inv'0 iter} {[@expl:map 'func' type invariant] [%#s06_map_precond2] inv'1 func} - {[@expl:map requires #0] [%#s06_map_precond3] forall e : t_Item'0, i2 : t_I'0 . inv'2 e /\ inv'0 i2 - -> produces'0 iter (Seq.singleton e) i2 -> precondition'0 func (e, Snapshot.new (Seq.empty : Seq.seq t_Item'0))} + {[@expl:map requires #0] [%#s06_map_precond3] forall e : t_Item'0, i2 : t_I'0 . produces'0 iter (Seq.singleton e) i2 + -> precondition'0 func (e, Snapshot.new (Seq.empty : Seq.seq t_Item'0))} {[@expl:map requires #1] [%#s06_map_precond4] reinitialize'0 ()} {[@expl:map requires #2] [%#s06_map_precond5] preservation'0 iter func} (! bb0 @@ -1917,7 +1306,7 @@ module M_06_map_precond__map [#"06_map_precond.rs" 191 0 194 17] | & func : t_F'0 = func | & _9 : Snapshot.snap_ty (Seq.seq t_Item'0) = any_l () ] - [ return' (result:t_Map'0)-> {[@expl:map result type invariant] [%#s06_map_precond6] inv'3 result} + [ return' (result:t_Map'0)-> {[@expl:map result type invariant] [%#s06_map_precond6] inv'2 result} {[@expl:map ensures] [%#s06_map_precond7] result = { t_Map__iter'0 = iter; t_Map__func'0 = func; @@ -1925,42 +1314,35 @@ module M_06_map_precond__map [#"06_map_precond.rs" 191 0 194 17] (! return' {result}) ] end -module M_06_map_precond__identity [#"06_map_precond.rs" 198 0 198 37] - let%span s06_map_precond0 = "06_map_precond.rs" 198 29 198 33 - let%span s06_map_precond1 = "06_map_precond.rs" 199 15 199 16 - let%span s06_map_precond2 = "06_map_precond.rs" 199 14 199 20 - let%span s06_map_precond3 = "06_map_precond.rs" 192 4 192 8 - let%span s06_map_precond4 = "06_map_precond.rs" 193 4 193 8 - let%span s06_map_precond5 = "06_map_precond.rs" 185 11 187 65 - let%span s06_map_precond6 = "06_map_precond.rs" 188 11 188 41 - let%span s06_map_precond7 = "06_map_precond.rs" 189 11 189 51 - let%span s06_map_precond8 = "06_map_precond.rs" 194 5 194 17 - let%span s06_map_precond9 = "06_map_precond.rs" 190 10 190 75 - let%span s06_map_precond10 = "06_map_precond.rs" 130 12 134 47 - let%span s06_map_precond11 = "06_map_precond.rs" 118 12 123 71 +module M_06_map_precond__identity [#"06_map_precond.rs" 185 0 185 37] + let%span s06_map_precond0 = "06_map_precond.rs" 185 29 185 33 + let%span s06_map_precond1 = "06_map_precond.rs" 186 15 186 16 + let%span s06_map_precond2 = "06_map_precond.rs" 186 14 186 20 + let%span s06_map_precond3 = "06_map_precond.rs" 179 4 179 8 + let%span s06_map_precond4 = "06_map_precond.rs" 180 4 180 8 + let%span s06_map_precond5 = "06_map_precond.rs" 172 11 174 65 + let%span s06_map_precond6 = "06_map_precond.rs" 175 11 175 41 + let%span s06_map_precond7 = "06_map_precond.rs" 176 11 176 51 + let%span s06_map_precond8 = "06_map_precond.rs" 181 5 181 17 + let%span s06_map_precond9 = "06_map_precond.rs" 177 10 177 75 + let%span s06_map_precond10 = "06_map_precond.rs" 123 12 126 47 + let%span s06_map_precond11 = "06_map_precond.rs" 111 12 116 71 let%span sresolve12 = "../../../../creusot-contracts/src/resolve.rs" 54 20 54 34 - let%span scommon13 = "common.rs" 14 15 14 24 - let%span scommon14 = "common.rs" 15 14 15 45 - let%span scommon15 = "common.rs" 19 15 19 21 - let%span scommon16 = "common.rs" 20 15 20 21 - let%span scommon17 = "common.rs" 21 15 21 21 - let%span scommon18 = "common.rs" 22 15 22 32 - let%span scommon19 = "common.rs" 23 15 23 32 - let%span scommon20 = "common.rs" 24 14 24 42 - let%span sops21 = "../../../../creusot-contracts/src/std/ops.rs" 109 15 109 59 - let%span sops22 = "../../../../creusot-contracts/src/std/ops.rs" 110 14 110 36 - let%span sops23 = "../../../../creusot-contracts/src/std/ops.rs" 115 14 115 31 - let%span sops24 = "../../../../creusot-contracts/src/std/ops.rs" 120 15 120 29 - let%span sops25 = "../../../../creusot-contracts/src/std/ops.rs" 121 15 121 26 - let%span sops26 = "../../../../creusot-contracts/src/std/ops.rs" 122 14 122 28 - let%span sops27 = "../../../../creusot-contracts/src/std/ops.rs" 127 14 128 105 - let%span s06_map_precond28 = "06_map_precond.rs" 94 12 97 63 - let%span s06_map_precond29 = "06_map_precond.rs" 178 12 180 73 - let%span s06_map_precond30 = "06_map_precond.rs" 102 14 102 81 - let%span s06_map_precond31 = "06_map_precond.rs" 105 12 111 88 - let%span sinvariant32 = "../../../../creusot-contracts/src/invariant.rs" 34 20 34 44 - let%span sseq33 = "../../../../creusot-contracts/src/logic/seq.rs" 611 20 611 95 - let%span sboxed34 = "../../../../creusot-contracts/src/std/boxed.rs" 28 8 28 18 + let%span scommon13 = "common.rs" 14 14 14 45 + let%span scommon14 = "common.rs" 18 15 18 32 + let%span scommon15 = "common.rs" 19 15 19 32 + let%span scommon16 = "common.rs" 20 14 20 42 + let%span sops17 = "../../../../creusot-contracts/src/std/ops.rs" 109 15 109 59 + let%span sops18 = "../../../../creusot-contracts/src/std/ops.rs" 110 14 110 36 + let%span sops19 = "../../../../creusot-contracts/src/std/ops.rs" 115 14 115 31 + let%span sops20 = "../../../../creusot-contracts/src/std/ops.rs" 120 15 120 29 + let%span sops21 = "../../../../creusot-contracts/src/std/ops.rs" 121 15 121 26 + let%span sops22 = "../../../../creusot-contracts/src/std/ops.rs" 122 14 122 28 + let%span sops23 = "../../../../creusot-contracts/src/std/ops.rs" 127 14 128 105 + let%span s06_map_precond24 = "06_map_precond.rs" 87 12 90 63 + let%span s06_map_precond25 = "06_map_precond.rs" 165 12 167 73 + let%span s06_map_precond26 = "06_map_precond.rs" 95 14 95 81 + let%span s06_map_precond27 = "06_map_precond.rs" 98 12 104 88 use prelude.prelude.Borrow @@ -1972,8 +1354,6 @@ module M_06_map_precond__identity [#"06_map_precond.rs" 198 0 198 37] type t_I'0 - predicate inv'1 (_1 : t_I'0) - use seq.Seq use seq.Seq @@ -1984,19 +1364,15 @@ module M_06_map_precond__identity [#"06_map_precond.rs" 198 0 198 37] predicate produces'0 [#"common.rs" 8 4 8 65] (self : t_I'0) (visited : Seq.seq t_Item'0) (o : t_I'0) - function produces_trans'0 [#"common.rs" 25 4 25 91] (a : t_I'0) (ab : Seq.seq t_Item'0) (b : t_I'0) (bc : Seq.seq t_Item'0) (c : t_I'0) : () + function produces_trans'0 [#"common.rs" 21 4 21 91] (a : t_I'0) (ab : Seq.seq t_Item'0) (b : t_I'0) (bc : Seq.seq t_Item'0) (c : t_I'0) : () - axiom produces_trans'0_spec : forall a : t_I'0, ab : Seq.seq t_Item'0, b : t_I'0, bc : Seq.seq t_Item'0, c : t_I'0 . ([%#scommon15] inv'1 a) - -> ([%#scommon16] inv'1 b) - -> ([%#scommon17] inv'1 c) - -> ([%#scommon18] produces'0 a ab b) - -> ([%#scommon19] produces'0 b bc c) -> ([%#scommon20] produces'0 a (Seq.(++) ab bc) c) + axiom produces_trans'0_spec : forall a : t_I'0, ab : Seq.seq t_Item'0, b : t_I'0, bc : Seq.seq t_Item'0, c : t_I'0 . ([%#scommon14] produces'0 a ab b) + -> ([%#scommon15] produces'0 b bc c) -> ([%#scommon16] produces'0 a (Seq.(++) ab bc) c) - function produces_refl'0 [#"common.rs" 16 4 16 27] (self : t_I'0) : () + function produces_refl'0 [#"common.rs" 15 4 15 27] (self : t_I'0) : () - axiom produces_refl'0_spec : forall self : t_I'0 . ([%#scommon13] inv'1 self) - -> ([%#scommon14] produces'0 self (Seq.empty : Seq.seq t_Item'0) self) + axiom produces_refl'0_spec : forall self : t_I'0 . [%#scommon13] produces'0 self (Seq.empty : Seq.seq t_Item'0) self use prelude.prelude.Intrinsic @@ -2022,23 +1398,23 @@ module M_06_map_precond__identity [#"06_map_precond.rs" 198 0 198 37] function fn_mut_once'0 (self : ()) (args : (t_Item'0, Snapshot.snap_ty (Seq.seq t_Item'0))) (res : t_Item'0) : () - axiom fn_mut_once'0_spec : forall self : (), args : (t_Item'0, Snapshot.snap_ty (Seq.seq t_Item'0)), res : t_Item'0 . [%#sops27] postcondition_once'0 self args res + axiom fn_mut_once'0_spec : forall self : (), args : (t_Item'0, Snapshot.snap_ty (Seq.seq t_Item'0)), res : t_Item'0 . [%#sops23] postcondition_once'0 self args res = (exists res_state : () . postcondition_mut'0 self args res_state res /\ resolve'2 res_state) function unnest_trans'0 (self : ()) (b : ()) (c : ()) : () - axiom unnest_trans'0_spec : forall self : (), b : (), c : () . ([%#sops24] unnest'0 self b) - -> ([%#sops25] unnest'0 b c) -> ([%#sops26] unnest'0 self c) + axiom unnest_trans'0_spec : forall self : (), b : (), c : () . ([%#sops20] unnest'0 self b) + -> ([%#sops21] unnest'0 b c) -> ([%#sops22] unnest'0 self c) function unnest_refl'0 (self : ()) : () - axiom unnest_refl'0_spec : forall self : () . [%#sops23] unnest'0 self self + axiom unnest_refl'0_spec : forall self : () . [%#sops19] unnest'0 self self function postcondition_mut_unnest'0 (self : ()) (args : (t_Item'0, Snapshot.snap_ty (Seq.seq t_Item'0))) (res_state : ()) (res : t_Item'0) : () - axiom postcondition_mut_unnest'0_spec : forall self : (), args : (t_Item'0, Snapshot.snap_ty (Seq.seq t_Item'0)), res_state : (), res : t_Item'0 . ([%#sops21] postcondition_mut'0 self args res_state res) - -> ([%#sops22] unnest'0 self res_state) + axiom postcondition_mut_unnest'0_spec : forall self : (), args : (t_Item'0, Snapshot.snap_ty (Seq.seq t_Item'0)), res_state : (), res : t_Item'0 . ([%#sops17] postcondition_mut'0 self args res_state res) + -> ([%#sops18] unnest'0 self res_state) let rec closure0'0 (_1:borrowed ()) (x:t_Item'0) (_3:Snapshot.snap_ty (Seq.seq t_Item'0)) (return' (ret:t_Item'0))= {[@expl:closure 'x' type invariant] [%#s06_map_precond1] inv'2 x} (! bb0 [ bb0 = s0 [ s0 = -{resolve'0 _1}- s1 | s1 = [ &_0 <- x ] s2 | s2 = bb1 ] | bb1 = return' {_0} ] ) @@ -2049,69 +1425,38 @@ module M_06_map_precond__identity [#"06_map_precond.rs" 198 0 198 37] (! return' {result}) ] - predicate inv'3 (_1 : ()) - - axiom inv_axiom'1 [@rewrite] : forall x : () [inv'3 x] . inv'3 x = true - - use seq.Seq - - use prelude.prelude.Snapshot - - predicate precondition'0 (self : ()) (args : (t_Item'0, Snapshot.snap_ty (Seq.seq t_Item'0))) = - let (x, _3) = args in true - - predicate invariant'1 (self : borrowed t_I'0) = - [%#sinvariant32] inv'1 self.current /\ inv'1 self.final - - predicate inv'4 (_1 : borrowed t_I'0) - - axiom inv_axiom'2 [@rewrite] : forall x : borrowed t_I'0 [inv'4 x] . inv'4 x = invariant'1 x - - predicate completed'0 [#"common.rs" 11 4 11 36] (self : borrowed t_I'0) - - predicate next_precondition'0 [#"06_map_precond.rs" 92 4 92 74] (iter : t_I'0) (func : ()) (produced : Seq.seq t_Item'0) - - = - [%#s06_map_precond28] forall e : t_Item'0, i : t_I'0 [produces'0 iter (Seq.singleton e) i] . inv'2 e - /\ inv'1 i /\ produces'0 iter (Seq.singleton e) i -> precondition'0 func (e, Snapshot.new produced) - - use prelude.prelude.Int - - use seq.Seq - - use seq.Seq - - predicate invariant'3 (self : t_Item'0) = - [%#sboxed34] inv'2 self + predicate inv'1 (_1 : t_I'0) - predicate inv'7 (_1 : t_Item'0) + predicate inv'3 (_1 : ()) - axiom inv_axiom'5 [@rewrite] : forall x : t_Item'0 [inv'7 x] . inv'7 x = invariant'3 x + axiom inv_axiom'1 [@rewrite] : forall x : () [inv'3 x] . inv'3 x = true - predicate invariant'2 (self : Seq.seq t_Item'0) = - [%#sseq33] forall i : int . 0 <= i /\ i < Seq.length self -> inv'7 (Seq.get self i) + use seq.Seq - predicate inv'5 (_1 : Seq.seq t_Item'0) + use prelude.prelude.Snapshot - axiom inv_axiom'3 [@rewrite] : forall x : Seq.seq t_Item'0 [inv'5 x] . inv'5 x = invariant'2 x + predicate precondition'0 (self : ()) (args : (t_Item'0, Snapshot.snap_ty (Seq.seq t_Item'0))) = + let (x, _3) = args in true - predicate inv'6 (_1 : borrowed ()) + predicate completed'0 [#"common.rs" 11 4 11 36] (self : borrowed t_I'0) - axiom inv_axiom'4 [@rewrite] : forall x : borrowed () [inv'6 x] . inv'6 x = true + predicate next_precondition'0 [#"06_map_precond.rs" 85 4 85 74] (iter : t_I'0) (func : ()) (produced : Seq.seq t_Item'0) + + = + [%#s06_map_precond24] forall e : t_Item'0, i : t_I'0 [produces'0 iter (Seq.singleton e) i] . produces'0 iter (Seq.singleton e) i + -> precondition'0 func (e, Snapshot.new produced) use seq.Seq - predicate preservation'0 [#"06_map_precond.rs" 116 4 116 45] (iter : t_I'0) (func : ()) = - [%#s06_map_precond11] forall s : Seq.seq t_Item'0, e1 : t_Item'0, e2 : t_Item'0, f : borrowed (), b : t_Item'0, i : t_I'0 . inv'5 s - /\ inv'2 e1 /\ inv'2 e2 /\ inv'6 f /\ inv'2 b /\ inv'1 i /\ unnest'0 func f.current + predicate preservation'0 [#"06_map_precond.rs" 109 4 109 45] (iter : t_I'0) (func : ()) = + [%#s06_map_precond11] forall s : Seq.seq t_Item'0, e1 : t_Item'0, e2 : t_Item'0, f : borrowed (), b : t_Item'0, i : t_I'0 . unnest'0 func f.current -> produces'0 iter (Seq.snoc (Seq.snoc s e1) e2) i -> precondition'0 f.current (e1, Snapshot.new s) -> postcondition_mut'0 f.current (e1, Snapshot.new s) f.final b -> precondition'0 f.final (e2, Snapshot.new (Seq.snoc s e1)) - predicate reinitialize'0 [#"06_map_precond.rs" 128 4 128 29] (_1 : ()) = - [%#s06_map_precond10] forall iter : borrowed t_I'0, func : () . inv'4 iter /\ inv'3 func - -> completed'0 iter + predicate reinitialize'0 [#"06_map_precond.rs" 121 4 121 29] (_1 : ()) = + [%#s06_map_precond10] forall iter : borrowed t_I'0, func : () . completed'0 iter -> next_precondition'0 iter.final func (Seq.empty : Seq.seq t_Item'0) /\ preservation'0 iter.final func type t_Map'0 = @@ -2119,21 +1464,20 @@ module M_06_map_precond__identity [#"06_map_precond.rs" 198 0 198 37] use prelude.prelude.Snapshot - predicate preservation_inv'0 [#"06_map_precond.rs" 103 4 103 73] (iter : t_I'0) (func : ()) (produced : Seq.seq t_Item'0) + predicate preservation_inv'0 [#"06_map_precond.rs" 96 4 96 73] (iter : t_I'0) (func : ()) (produced : Seq.seq t_Item'0) = - [%#s06_map_precond31] forall s : Seq.seq t_Item'0, e1 : t_Item'0, e2 : t_Item'0, f : borrowed (), b : t_Item'0, i : t_I'0 [produces'0 iter (Seq.snoc (Seq.snoc s e1) e2) i, postcondition_mut'0 f.current (e1, Snapshot.new (Seq.(++) produced s)) f.final b] . inv'5 s - /\ inv'2 e1 /\ inv'2 e2 /\ inv'6 f /\ inv'2 b /\ inv'1 i /\ unnest'0 func f.current + [%#s06_map_precond27] forall s : Seq.seq t_Item'0, e1 : t_Item'0, e2 : t_Item'0, f : borrowed (), b : t_Item'0, i : t_I'0 [produces'0 iter (Seq.snoc (Seq.snoc s e1) e2) i, postcondition_mut'0 f.current (e1, Snapshot.new (Seq.(++) produced s)) f.final b] . unnest'0 func f.current -> produces'0 iter (Seq.snoc (Seq.snoc s e1) e2) i -> precondition'0 f.current (e1, Snapshot.new (Seq.(++) produced s)) -> postcondition_mut'0 f.current (e1, Snapshot.new (Seq.(++) produced s)) f.final b -> precondition'0 f.final (e2, Snapshot.new (Seq.snoc (Seq.(++) produced s) e1)) - axiom preservation_inv'0_spec : forall iter : t_I'0, func : (), produced : Seq.seq t_Item'0 . [%#s06_map_precond30] produced + axiom preservation_inv'0_spec : forall iter : t_I'0, func : (), produced : Seq.seq t_Item'0 . [%#s06_map_precond26] produced = (Seq.empty : Seq.seq t_Item'0) -> preservation_inv'0 iter func produced = preservation'0 iter func - predicate invariant'0 [#"06_map_precond.rs" 176 4 176 30] (self : t_Map'0) = - [%#s06_map_precond29] reinitialize'0 () + predicate invariant'0 [#"06_map_precond.rs" 163 4 163 30] (self : t_Map'0) = + [%#s06_map_precond25] reinitialize'0 () /\ preservation_inv'0 self.t_Map__iter'0 self.t_Map__func'0 (Snapshot.inner self.t_Map__produced'0) /\ next_precondition'0 self.t_Map__iter'0 self.t_Map__func'0 (Snapshot.inner self.t_Map__produced'0) @@ -2147,8 +1491,8 @@ module M_06_map_precond__identity [#"06_map_precond.rs" 198 0 198 37] let rec map'0 (iter:t_I'0) (func:()) (return' (ret:t_Map'0))= {[@expl:map 'iter' type invariant] [%#s06_map_precond3] inv'1 iter} {[@expl:map 'func' type invariant] [%#s06_map_precond4] inv'3 func} - {[@expl:map requires #0] [%#s06_map_precond5] forall e : t_Item'0, i2 : t_I'0 . inv'2 e /\ inv'1 i2 - -> produces'0 iter (Seq.singleton e) i2 -> precondition'0 func (e, Snapshot.new (Seq.empty : Seq.seq t_Item'0))} + {[@expl:map requires #0] [%#s06_map_precond5] forall e : t_Item'0, i2 : t_I'0 . produces'0 iter (Seq.singleton e) i2 + -> precondition'0 func (e, Snapshot.new (Seq.empty : Seq.seq t_Item'0))} {[@expl:map requires #1] [%#s06_map_precond6] reinitialize'0 ()} {[@expl:map requires #2] [%#s06_map_precond7] preservation'0 iter func} any @@ -2177,60 +1521,51 @@ module M_06_map_precond__identity [#"06_map_precond.rs" 198 0 198 37] [ return' (result:())-> (! return' {result}) ] end -module M_06_map_precond__increment [#"06_map_precond.rs" 206 0 206 50] - let%span s06_map_precond0 = "06_map_precond.rs" 215 8 216 71 - let%span s06_map_precond1 = "06_map_precond.rs" 206 42 206 46 - let%span s06_map_precond2 = "06_map_precond.rs" 202 11 202 169 - let%span s06_map_precond3 = "06_map_precond.rs" 203 11 204 63 - let%span s06_map_precond4 = "06_map_precond.rs" 211 24 211 25 - let%span s06_map_precond5 = "06_map_precond.rs" 209 19 209 27 - let%span s06_map_precond6 = "06_map_precond.rs" 210 18 210 33 - let%span s06_map_precond7 = "06_map_precond.rs" 192 4 192 8 - let%span s06_map_precond8 = "06_map_precond.rs" 193 4 193 8 - let%span s06_map_precond9 = "06_map_precond.rs" 185 11 187 65 - let%span s06_map_precond10 = "06_map_precond.rs" 188 11 188 41 - let%span s06_map_precond11 = "06_map_precond.rs" 189 11 189 51 - let%span s06_map_precond12 = "06_map_precond.rs" 194 5 194 17 - let%span s06_map_precond13 = "06_map_precond.rs" 190 10 190 75 - let%span s06_map_precond14 = "06_map_precond.rs" 51 8 65 9 - let%span s06_map_precond15 = "06_map_precond.rs" 130 12 134 47 - let%span s06_map_precond16 = "06_map_precond.rs" 118 12 123 71 - let%span s06_map_precond17 = "06_map_precond.rs" 33 15 33 24 - let%span s06_map_precond18 = "06_map_precond.rs" 34 14 34 45 - let%span s06_map_precond19 = "06_map_precond.rs" 31 4 31 10 - let%span s06_map_precond20 = "06_map_precond.rs" 39 15 39 21 - let%span s06_map_precond21 = "06_map_precond.rs" 40 15 40 21 - let%span s06_map_precond22 = "06_map_precond.rs" 41 15 41 21 - let%span s06_map_precond23 = "06_map_precond.rs" 42 15 42 32 - let%span s06_map_precond24 = "06_map_precond.rs" 43 15 43 32 - let%span s06_map_precond25 = "06_map_precond.rs" 44 14 44 42 - let%span s06_map_precond26 = "06_map_precond.rs" 37 4 37 10 - let%span scommon27 = "common.rs" 14 15 14 24 - let%span scommon28 = "common.rs" 15 14 15 45 - let%span scommon29 = "common.rs" 19 15 19 21 - let%span scommon30 = "common.rs" 20 15 20 21 - let%span scommon31 = "common.rs" 21 15 21 21 - let%span scommon32 = "common.rs" 22 15 22 32 - let%span scommon33 = "common.rs" 23 15 23 32 - let%span scommon34 = "common.rs" 24 14 24 42 - let%span sresolve35 = "../../../../creusot-contracts/src/resolve.rs" 54 20 54 34 - let%span sops36 = "../../../../creusot-contracts/src/std/ops.rs" 109 15 109 59 - let%span sops37 = "../../../../creusot-contracts/src/std/ops.rs" 110 14 110 36 - let%span sops38 = "../../../../creusot-contracts/src/std/ops.rs" 115 14 115 31 - let%span sops39 = "../../../../creusot-contracts/src/std/ops.rs" 120 15 120 29 - let%span sops40 = "../../../../creusot-contracts/src/std/ops.rs" 121 15 121 26 - let%span sops41 = "../../../../creusot-contracts/src/std/ops.rs" 122 14 122 28 - let%span sops42 = "../../../../creusot-contracts/src/std/ops.rs" 127 14 128 105 - let%span s06_map_precond43 = "06_map_precond.rs" 94 12 97 63 - let%span s06_map_precond44 = "06_map_precond.rs" 178 12 180 73 - let%span sinvariant45 = "../../../../creusot-contracts/src/invariant.rs" 34 20 34 44 - let%span s06_map_precond46 = "06_map_precond.rs" 102 14 102 81 - let%span s06_map_precond47 = "06_map_precond.rs" 105 12 111 88 +module M_06_map_precond__increment [#"06_map_precond.rs" 193 0 193 50] + let%span s06_map_precond0 = "06_map_precond.rs" 202 8 203 71 + let%span s06_map_precond1 = "06_map_precond.rs" 193 42 193 46 + let%span s06_map_precond2 = "06_map_precond.rs" 189 11 189 156 + let%span s06_map_precond3 = "06_map_precond.rs" 190 11 191 63 + let%span s06_map_precond4 = "06_map_precond.rs" 198 24 198 25 + let%span s06_map_precond5 = "06_map_precond.rs" 196 19 196 27 + let%span s06_map_precond6 = "06_map_precond.rs" 197 18 197 33 + let%span s06_map_precond7 = "06_map_precond.rs" 179 4 179 8 + let%span s06_map_precond8 = "06_map_precond.rs" 180 4 180 8 + let%span s06_map_precond9 = "06_map_precond.rs" 172 11 174 65 + let%span s06_map_precond10 = "06_map_precond.rs" 175 11 175 41 + let%span s06_map_precond11 = "06_map_precond.rs" 176 11 176 51 + let%span s06_map_precond12 = "06_map_precond.rs" 181 5 181 17 + let%span s06_map_precond13 = "06_map_precond.rs" 177 10 177 75 + let%span s06_map_precond14 = "06_map_precond.rs" 44 8 58 9 + let%span s06_map_precond15 = "06_map_precond.rs" 123 12 126 47 + let%span s06_map_precond16 = "06_map_precond.rs" 111 12 116 71 + let%span s06_map_precond17 = "06_map_precond.rs" 30 14 30 45 + let%span s06_map_precond18 = "06_map_precond.rs" 28 4 28 10 + let%span s06_map_precond19 = "06_map_precond.rs" 35 15 35 32 + let%span s06_map_precond20 = "06_map_precond.rs" 36 15 36 32 + let%span s06_map_precond21 = "06_map_precond.rs" 37 14 37 42 + let%span s06_map_precond22 = "06_map_precond.rs" 33 4 33 10 + let%span scommon23 = "common.rs" 14 14 14 45 + let%span scommon24 = "common.rs" 18 15 18 32 + let%span scommon25 = "common.rs" 19 15 19 32 + let%span scommon26 = "common.rs" 20 14 20 42 + let%span sresolve27 = "../../../../creusot-contracts/src/resolve.rs" 54 20 54 34 + let%span sops28 = "../../../../creusot-contracts/src/std/ops.rs" 109 15 109 59 + let%span sops29 = "../../../../creusot-contracts/src/std/ops.rs" 110 14 110 36 + let%span sops30 = "../../../../creusot-contracts/src/std/ops.rs" 115 14 115 31 + let%span sops31 = "../../../../creusot-contracts/src/std/ops.rs" 120 15 120 29 + let%span sops32 = "../../../../creusot-contracts/src/std/ops.rs" 121 15 121 26 + let%span sops33 = "../../../../creusot-contracts/src/std/ops.rs" 122 14 122 28 + let%span sops34 = "../../../../creusot-contracts/src/std/ops.rs" 127 14 128 105 + let%span s06_map_precond35 = "06_map_precond.rs" 87 12 90 63 + let%span s06_map_precond36 = "06_map_precond.rs" 165 12 167 73 + let%span s06_map_precond37 = "06_map_precond.rs" 95 14 95 81 + let%span s06_map_precond38 = "06_map_precond.rs" 98 12 104 88 use prelude.prelude.Borrow predicate resolve'1 (self : borrowed ()) = - [%#sresolve35] self.final = self.current + [%#sresolve27] self.final = self.current predicate resolve'0 (_1 : borrowed ()) = resolve'1 _1 @@ -2263,23 +1598,23 @@ module M_06_map_precond__increment [#"06_map_precond.rs" 206 0 206 50] function fn_mut_once'0 (self : ()) (args : (uint32, Snapshot.snap_ty (Seq.seq uint32))) (res : uint32) : () - axiom fn_mut_once'0_spec : forall self : (), args : (uint32, Snapshot.snap_ty (Seq.seq uint32)), res : uint32 . [%#sops42] postcondition_once'0 self args res + axiom fn_mut_once'0_spec : forall self : (), args : (uint32, Snapshot.snap_ty (Seq.seq uint32)), res : uint32 . [%#sops34] postcondition_once'0 self args res = (exists res_state : () . postcondition_mut'0 self args res_state res /\ resolve'2 res_state) function unnest_trans'0 (self : ()) (b : ()) (c : ()) : () - axiom unnest_trans'0_spec : forall self : (), b : (), c : () . ([%#sops39] unnest'0 self b) - -> ([%#sops40] unnest'0 b c) -> ([%#sops41] unnest'0 self c) + axiom unnest_trans'0_spec : forall self : (), b : (), c : () . ([%#sops31] unnest'0 self b) + -> ([%#sops32] unnest'0 b c) -> ([%#sops33] unnest'0 self c) function unnest_refl'0 (self : ()) : () - axiom unnest_refl'0_spec : forall self : () . [%#sops38] unnest'0 self self + axiom unnest_refl'0_spec : forall self : () . [%#sops30] unnest'0 self self function postcondition_mut_unnest'0 (self : ()) (args : (uint32, Snapshot.snap_ty (Seq.seq uint32))) (res_state : ()) (res : uint32) : () - axiom postcondition_mut_unnest'0_spec : forall self : (), args : (uint32, Snapshot.snap_ty (Seq.seq uint32)), res_state : (), res : uint32 . ([%#sops36] postcondition_mut'0 self args res_state res) - -> ([%#sops37] unnest'0 self res_state) + axiom postcondition_mut_unnest'0_spec : forall self : (), args : (uint32, Snapshot.snap_ty (Seq.seq uint32)), res_state : (), res : uint32 . ([%#sops28] postcondition_mut'0 self args res_state res) + -> ([%#sops29] unnest'0 self res_state) let rec closure2'0 (_1:borrowed ()) (x:uint32) (_3:Snapshot.snap_ty (Seq.seq uint32)) (return' (ret:uint32))= {[@expl:closure requires] [%#s06_map_precond5] UInt32.to_int x <= 15} @@ -2306,15 +1641,11 @@ module M_06_map_precond__increment [#"06_map_precond.rs" 206 0 206 50] type t_U'0 - predicate inv'2 (_1 : t_U'0) - - predicate inv'4 (_1 : ()) + predicate inv'1 (_1 : t_U'0) - axiom inv_axiom'3 [@rewrite] : forall x : () [inv'4 x] . inv'4 x = true + predicate inv'2 (_1 : ()) - predicate inv'5 (_1 : uint32) - - axiom inv_axiom'4 [@rewrite] : forall x : uint32 [inv'5 x] . inv'5 x = true + axiom inv_axiom'1 [@rewrite] : forall x : () [inv'2 x] . inv'2 x = true use seq.Seq @@ -2324,60 +1655,39 @@ module M_06_map_precond__increment [#"06_map_precond.rs" 206 0 206 50] predicate produces'1 [#"common.rs" 8 4 8 65] (self : t_U'0) (visited : Seq.seq uint32) (o : t_U'0) - function produces_trans'1 [#"common.rs" 25 4 25 91] (a : t_U'0) (ab : Seq.seq uint32) (b : t_U'0) (bc : Seq.seq uint32) (c : t_U'0) : () + function produces_trans'1 [#"common.rs" 21 4 21 91] (a : t_U'0) (ab : Seq.seq uint32) (b : t_U'0) (bc : Seq.seq uint32) (c : t_U'0) : () - axiom produces_trans'1_spec : forall a : t_U'0, ab : Seq.seq uint32, b : t_U'0, bc : Seq.seq uint32, c : t_U'0 . ([%#scommon29] inv'2 a) - -> ([%#scommon30] inv'2 b) - -> ([%#scommon31] inv'2 c) - -> ([%#scommon32] produces'1 a ab b) - -> ([%#scommon33] produces'1 b bc c) -> ([%#scommon34] produces'1 a (Seq.(++) ab bc) c) + axiom produces_trans'1_spec : forall a : t_U'0, ab : Seq.seq uint32, b : t_U'0, bc : Seq.seq uint32, c : t_U'0 . ([%#scommon24] produces'1 a ab b) + -> ([%#scommon25] produces'1 b bc c) -> ([%#scommon26] produces'1 a (Seq.(++) ab bc) c) - function produces_refl'1 [#"common.rs" 16 4 16 27] (self : t_U'0) : () + function produces_refl'1 [#"common.rs" 15 4 15 27] (self : t_U'0) : () - axiom produces_refl'1_spec : forall self : t_U'0 . ([%#scommon27] inv'2 self) - -> ([%#scommon28] produces'1 self (Seq.empty : Seq.seq uint32) self) + axiom produces_refl'1_spec : forall self : t_U'0 . [%#scommon23] produces'1 self (Seq.empty : Seq.seq uint32) self use prelude.prelude.Snapshot predicate precondition'0 (self : ()) (args : (uint32, Snapshot.snap_ty (Seq.seq uint32))) = [%#s06_map_precond5] let (x, _3) = args in UInt32.to_int x <= 15 - predicate invariant'1 (self : borrowed t_U'0) = - [%#sinvariant45] inv'2 self.current /\ inv'2 self.final - - predicate inv'3 (_1 : borrowed t_U'0) - - axiom inv_axiom'2 [@rewrite] : forall x : borrowed t_U'0 [inv'3 x] . inv'3 x = invariant'1 x - predicate completed'0 [#"common.rs" 11 4 11 36] (self : borrowed t_U'0) - predicate next_precondition'0 [#"06_map_precond.rs" 92 4 92 74] (iter : t_U'0) (func : ()) (produced : Seq.seq uint32) + predicate next_precondition'0 [#"06_map_precond.rs" 85 4 85 74] (iter : t_U'0) (func : ()) (produced : Seq.seq uint32) = - [%#s06_map_precond43] forall e : uint32, i : t_U'0 [produces'1 iter (Seq.singleton e) i] . inv'5 e - /\ inv'2 i /\ produces'1 iter (Seq.singleton e) i -> precondition'0 func (e, Snapshot.new produced) - - predicate inv'1 (_1 : Seq.seq uint32) - - axiom inv_axiom'1 [@rewrite] : forall x : Seq.seq uint32 [inv'1 x] . inv'1 x = true - - predicate inv'7 (_1 : borrowed ()) - - axiom inv_axiom'6 [@rewrite] : forall x : borrowed () [inv'7 x] . inv'7 x = true + [%#s06_map_precond35] forall e : uint32, i : t_U'0 [produces'1 iter (Seq.singleton e) i] . produces'1 iter (Seq.singleton e) i + -> precondition'0 func (e, Snapshot.new produced) use seq.Seq - predicate preservation'0 [#"06_map_precond.rs" 116 4 116 45] (iter : t_U'0) (func : ()) = - [%#s06_map_precond16] forall s : Seq.seq uint32, e1 : uint32, e2 : uint32, f : borrowed (), b : uint32, i : t_U'0 . inv'1 s - /\ inv'5 e1 /\ inv'5 e2 /\ inv'7 f /\ inv'5 b /\ inv'2 i /\ unnest'0 func f.current + predicate preservation'0 [#"06_map_precond.rs" 109 4 109 45] (iter : t_U'0) (func : ()) = + [%#s06_map_precond16] forall s : Seq.seq uint32, e1 : uint32, e2 : uint32, f : borrowed (), b : uint32, i : t_U'0 . unnest'0 func f.current -> produces'1 iter (Seq.snoc (Seq.snoc s e1) e2) i -> precondition'0 f.current (e1, Snapshot.new s) -> postcondition_mut'0 f.current (e1, Snapshot.new s) f.final b -> precondition'0 f.final (e2, Snapshot.new (Seq.snoc s e1)) - predicate reinitialize'0 [#"06_map_precond.rs" 128 4 128 29] (_1 : ()) = - [%#s06_map_precond15] forall iter : borrowed t_U'0, func : () . inv'3 iter /\ inv'4 func - -> completed'0 iter + predicate reinitialize'0 [#"06_map_precond.rs" 121 4 121 29] (_1 : ()) = + [%#s06_map_precond15] forall iter : borrowed t_U'0, func : () . completed'0 iter -> next_precondition'0 iter.final func (Seq.empty : Seq.seq uint32) /\ preservation'0 iter.final func type t_Map'0 = @@ -2385,21 +1695,19 @@ module M_06_map_precond__increment [#"06_map_precond.rs" 206 0 206 50] use prelude.prelude.Snapshot - predicate preservation_inv'0 [#"06_map_precond.rs" 103 4 103 73] (iter : t_U'0) (func : ()) (produced : Seq.seq uint32) - + predicate preservation_inv'0 [#"06_map_precond.rs" 96 4 96 73] (iter : t_U'0) (func : ()) (produced : Seq.seq uint32) = - [%#s06_map_precond47] forall s : Seq.seq uint32, e1 : uint32, e2 : uint32, f : borrowed (), b : uint32, i : t_U'0 [produces'1 iter (Seq.snoc (Seq.snoc s e1) e2) i, postcondition_mut'0 f.current (e1, Snapshot.new (Seq.(++) produced s)) f.final b] . inv'1 s - /\ inv'5 e1 /\ inv'5 e2 /\ inv'7 f /\ inv'5 b /\ inv'2 i /\ unnest'0 func f.current + [%#s06_map_precond38] forall s : Seq.seq uint32, e1 : uint32, e2 : uint32, f : borrowed (), b : uint32, i : t_U'0 [produces'1 iter (Seq.snoc (Seq.snoc s e1) e2) i, postcondition_mut'0 f.current (e1, Snapshot.new (Seq.(++) produced s)) f.final b] . unnest'0 func f.current -> produces'1 iter (Seq.snoc (Seq.snoc s e1) e2) i -> precondition'0 f.current (e1, Snapshot.new (Seq.(++) produced s)) -> postcondition_mut'0 f.current (e1, Snapshot.new (Seq.(++) produced s)) f.final b -> precondition'0 f.final (e2, Snapshot.new (Seq.snoc (Seq.(++) produced s) e1)) - axiom preservation_inv'0_spec : forall iter : t_U'0, func : (), produced : Seq.seq uint32 . [%#s06_map_precond46] produced + axiom preservation_inv'0_spec : forall iter : t_U'0, func : (), produced : Seq.seq uint32 . [%#s06_map_precond37] produced = (Seq.empty : Seq.seq uint32) -> preservation_inv'0 iter func produced = preservation'0 iter func - predicate invariant'0 [#"06_map_precond.rs" 176 4 176 30] (self : t_Map'0) = - [%#s06_map_precond44] reinitialize'0 () + predicate invariant'0 [#"06_map_precond.rs" 163 4 163 30] (self : t_Map'0) = + [%#s06_map_precond36] reinitialize'0 () /\ preservation_inv'0 self.t_Map__iter'0 self.t_Map__func'0 (Snapshot.inner self.t_Map__produced'0) /\ next_precondition'0 self.t_Map__iter'0 self.t_Map__func'0 (Snapshot.inner self.t_Map__produced'0) @@ -2408,13 +1716,13 @@ module M_06_map_precond__increment [#"06_map_precond.rs" 206 0 206 50] axiom inv_axiom'0 [@rewrite] : forall x : t_Map'0 [inv'0 x] . inv'0 x = (invariant'0 x /\ match x with - | {t_Map__iter'0 = iter ; t_Map__func'0 = func ; t_Map__produced'0 = produced} -> inv'2 iter + | {t_Map__iter'0 = iter ; t_Map__func'0 = func ; t_Map__produced'0 = produced} -> inv'1 iter end) - let rec map'0 (iter:t_U'0) (func:()) (return' (ret:t_Map'0))= {[@expl:map 'iter' type invariant] [%#s06_map_precond7] inv'2 iter} - {[@expl:map 'func' type invariant] [%#s06_map_precond8] inv'4 func} - {[@expl:map requires #0] [%#s06_map_precond9] forall e : uint32, i2 : t_U'0 . inv'5 e /\ inv'2 i2 - -> produces'1 iter (Seq.singleton e) i2 -> precondition'0 func (e, Snapshot.new (Seq.empty : Seq.seq uint32))} + let rec map'0 (iter:t_U'0) (func:()) (return' (ret:t_Map'0))= {[@expl:map 'iter' type invariant] [%#s06_map_precond7] inv'1 iter} + {[@expl:map 'func' type invariant] [%#s06_map_precond8] inv'2 func} + {[@expl:map requires #0] [%#s06_map_precond9] forall e : uint32, i2 : t_U'0 . produces'1 iter (Seq.singleton e) i2 + -> precondition'0 func (e, Snapshot.new (Seq.empty : Seq.seq uint32))} {[@expl:map requires #1] [%#s06_map_precond10] reinitialize'0 ()} {[@expl:map requires #2] [%#s06_map_precond11] preservation'0 iter func} any @@ -2426,10 +1734,6 @@ module M_06_map_precond__increment [#"06_map_precond.rs" 206 0 206 50] use seq.Seq - predicate inv'6 (_1 : Seq.seq (borrowed ())) - - axiom inv_axiom'5 [@rewrite] : forall x : Seq.seq (borrowed ()) [inv'6 x] . inv'6 x = true - use seq.Seq use seq.Seq @@ -2442,14 +1746,13 @@ module M_06_map_precond__increment [#"06_map_precond.rs" 206 0 206 50] use seq.Seq - predicate produces'0 [@inline:trivial] [#"06_map_precond.rs" 50 4 50 67] (self : t_Map'0) (visited : Seq.seq uint32) (succ : t_Map'0) + predicate produces'0 [@inline:trivial] [#"06_map_precond.rs" 43 4 43 67] (self : t_Map'0) (visited : Seq.seq uint32) (succ : t_Map'0) = [%#s06_map_precond14] unnest'0 self.t_Map__func'0 succ.t_Map__func'0 - /\ (exists fs : Seq.seq (borrowed ()) . inv'6 fs - /\ Seq.length fs = Seq.length visited - /\ (exists s : Seq.seq uint32 [produces'1 self.t_Map__iter'0 s succ.t_Map__iter'0] . inv'1 s - /\ Seq.length s = Seq.length visited + /\ (exists fs : Seq.seq (borrowed ()) . Seq.length fs = Seq.length visited + /\ (exists s : Seq.seq uint32 [produces'1 self.t_Map__iter'0 s succ.t_Map__iter'0] . Seq.length s + = Seq.length visited /\ produces'1 self.t_Map__iter'0 s succ.t_Map__iter'0 /\ Snapshot.inner succ.t_Map__produced'0 = Seq.(++) (Snapshot.inner self.t_Map__produced'0) s /\ (forall i : int . 1 <= i /\ i < Seq.length fs -> (Seq.get fs (i - 1)).final = (Seq.get fs i).current) @@ -2463,31 +1766,26 @@ module M_06_map_precond__increment [#"06_map_precond.rs" 206 0 206 50] /\ precondition'0 (Seq.get fs i).current (Seq.get s i, Snapshot.new (Seq.(++) (Snapshot.inner self.t_Map__produced'0) (Seq.([..]) s 0 i))) /\ postcondition_mut'0 (Seq.get fs i).current (Seq.get s i, Snapshot.new (Seq.(++) (Snapshot.inner self.t_Map__produced'0) (Seq.([..]) s 0 i))) (Seq.get fs i).final (Seq.get visited i)))) - function produces_trans'0 [#"06_map_precond.rs" 45 4 45 90] (a : t_Map'0) (ab : Seq.seq uint32) (b : t_Map'0) (bc : Seq.seq uint32) (c : t_Map'0) : () + function produces_trans'0 [#"06_map_precond.rs" 38 4 38 90] (a : t_Map'0) (ab : Seq.seq uint32) (b : t_Map'0) (bc : Seq.seq uint32) (c : t_Map'0) : () = - [%#s06_map_precond26] () + [%#s06_map_precond22] () - axiom produces_trans'0_spec : forall a : t_Map'0, ab : Seq.seq uint32, b : t_Map'0, bc : Seq.seq uint32, c : t_Map'0 . ([%#s06_map_precond20] inv'0 a) - -> ([%#s06_map_precond21] inv'0 b) - -> ([%#s06_map_precond22] inv'0 c) - -> ([%#s06_map_precond23] produces'0 a ab b) - -> ([%#s06_map_precond24] produces'0 b bc c) -> ([%#s06_map_precond25] produces'0 a (Seq.(++) ab bc) c) + axiom produces_trans'0_spec : forall a : t_Map'0, ab : Seq.seq uint32, b : t_Map'0, bc : Seq.seq uint32, c : t_Map'0 . ([%#s06_map_precond19] produces'0 a ab b) + -> ([%#s06_map_precond20] produces'0 b bc c) -> ([%#s06_map_precond21] produces'0 a (Seq.(++) ab bc) c) - function produces_refl'0 [#"06_map_precond.rs" 35 4 35 26] (self : t_Map'0) : () = - [%#s06_map_precond19] () + function produces_refl'0 [#"06_map_precond.rs" 31 4 31 26] (self : t_Map'0) : () = + [%#s06_map_precond18] () - axiom produces_refl'0_spec : forall self : t_Map'0 . ([%#s06_map_precond17] inv'0 self) - -> ([%#s06_map_precond18] produces'0 self (Seq.empty : Seq.seq uint32) self) + axiom produces_refl'0_spec : forall self : t_Map'0 . [%#s06_map_precond17] produces'0 self (Seq.empty : Seq.seq uint32) self meta "compute_max_steps" 1000000 - let rec increment'0 (iter:t_U'0) (return' (ret:()))= {[@expl:increment 'iter' type invariant] [%#s06_map_precond1] inv'2 iter} - {[@expl:increment requires #0] [%#s06_map_precond2] forall done' : borrowed t_U'0 . inv'3 done' /\ completed'0 done' + let rec increment'0 (iter:t_U'0) (return' (ret:()))= {[@expl:increment 'iter' type invariant] [%#s06_map_precond1] inv'1 iter} + {[@expl:increment requires #0] [%#s06_map_precond2] forall done' : borrowed t_U'0 . completed'0 done' -> (forall next : t_U'0, steps : Seq.seq uint32 . produces'1 done'.final steps next -> steps = (Seq.empty : Seq.seq uint32) /\ done'.final = next)} - {[@expl:increment requires #1] [%#s06_map_precond3] forall prod : Seq.seq uint32, fin : t_U'0 . inv'1 prod - /\ inv'2 fin /\ produces'1 iter prod fin + {[@expl:increment requires #1] [%#s06_map_precond3] forall prod : Seq.seq uint32, fin : t_U'0 . produces'1 iter prod fin -> (forall x : int . 0 <= x /\ x < Seq.length prod -> Seq.get prod x <= (10 : uint32))} (! bb0 [ bb0 = bb1 @@ -2496,8 +1794,7 @@ module M_06_map_precond__increment [#"06_map_precond.rs" 206 0 206 50] | bb2 = s0 [ s0 = {[@expl:type invariant] inv'0 i} s1 - | s1 = {[@expl:assertion] [%#s06_map_precond0] forall prod : Seq.seq uint32, fin : t_Map'0 . inv'1 prod - /\ inv'0 fin /\ produces'0 i prod fin + | s1 = {[@expl:assertion] [%#s06_map_precond0] forall prod : Seq.seq uint32, fin : t_Map'0 . produces'0 i prod fin -> (forall x : int . 0 <= x /\ x < Seq.length prod -> Seq.get prod x <= (11 : uint32))} s2 | s2 = bb3 ] @@ -2509,44 +1806,39 @@ module M_06_map_precond__increment [#"06_map_precond.rs" 206 0 206 50] [ return' (result:())-> (! return' {result}) ] end -module M_06_map_precond__counter [#"06_map_precond.rs" 222 0 222 48] - let%span s06_map_precond0 = "06_map_precond.rs" 223 18 223 19 - let%span s06_map_precond1 = "06_map_precond.rs" 222 40 222 44 - let%span s06_map_precond2 = "06_map_precond.rs" 220 11 220 169 - let%span s06_map_precond3 = "06_map_precond.rs" 221 11 221 115 - let%span s06_map_precond4 = "06_map_precond.rs" 229 19 229 20 - let%span s06_map_precond5 = "06_map_precond.rs" 226 19 226 61 - let%span s06_map_precond6 = "06_map_precond.rs" 227 18 227 39 - let%span s06_map_precond7 = "06_map_precond.rs" 192 4 192 8 - let%span s06_map_precond8 = "06_map_precond.rs" 193 4 193 8 - let%span s06_map_precond9 = "06_map_precond.rs" 185 11 187 65 - let%span s06_map_precond10 = "06_map_precond.rs" 188 11 188 41 - let%span s06_map_precond11 = "06_map_precond.rs" 189 11 189 51 - let%span s06_map_precond12 = "06_map_precond.rs" 194 5 194 17 - let%span s06_map_precond13 = "06_map_precond.rs" 190 10 190 75 - let%span s06_map_precond14 = "06_map_precond.rs" 130 12 134 47 - let%span s06_map_precond15 = "06_map_precond.rs" 118 12 123 71 - let%span scommon16 = "common.rs" 14 15 14 24 - let%span scommon17 = "common.rs" 15 14 15 45 - let%span scommon18 = "common.rs" 19 15 19 21 - let%span scommon19 = "common.rs" 20 15 20 21 - let%span scommon20 = "common.rs" 21 15 21 21 - let%span scommon21 = "common.rs" 22 15 22 32 - let%span scommon22 = "common.rs" 23 15 23 32 - let%span scommon23 = "common.rs" 24 14 24 42 - let%span sresolve24 = "../../../../creusot-contracts/src/resolve.rs" 54 20 54 34 - let%span sops25 = "../../../../creusot-contracts/src/std/ops.rs" 109 15 109 59 - let%span sops26 = "../../../../creusot-contracts/src/std/ops.rs" 110 14 110 36 - let%span sops27 = "../../../../creusot-contracts/src/std/ops.rs" 115 14 115 31 - let%span sops28 = "../../../../creusot-contracts/src/std/ops.rs" 120 15 120 29 - let%span sops29 = "../../../../creusot-contracts/src/std/ops.rs" 121 15 121 26 - let%span sops30 = "../../../../creusot-contracts/src/std/ops.rs" 122 14 122 28 - let%span sops31 = "../../../../creusot-contracts/src/std/ops.rs" 127 14 128 105 - let%span s06_map_precond32 = "06_map_precond.rs" 94 12 97 63 - let%span s06_map_precond33 = "06_map_precond.rs" 178 12 180 73 - let%span sinvariant34 = "../../../../creusot-contracts/src/invariant.rs" 34 20 34 44 - let%span s06_map_precond35 = "06_map_precond.rs" 102 14 102 81 - let%span s06_map_precond36 = "06_map_precond.rs" 105 12 111 88 +module M_06_map_precond__counter [#"06_map_precond.rs" 209 0 209 48] + let%span s06_map_precond0 = "06_map_precond.rs" 210 18 210 19 + let%span s06_map_precond1 = "06_map_precond.rs" 209 40 209 44 + let%span s06_map_precond2 = "06_map_precond.rs" 207 11 207 156 + let%span s06_map_precond3 = "06_map_precond.rs" 208 11 208 90 + let%span s06_map_precond4 = "06_map_precond.rs" 216 19 216 20 + let%span s06_map_precond5 = "06_map_precond.rs" 213 19 213 61 + let%span s06_map_precond6 = "06_map_precond.rs" 214 18 214 39 + let%span s06_map_precond7 = "06_map_precond.rs" 179 4 179 8 + let%span s06_map_precond8 = "06_map_precond.rs" 180 4 180 8 + let%span s06_map_precond9 = "06_map_precond.rs" 172 11 174 65 + let%span s06_map_precond10 = "06_map_precond.rs" 175 11 175 41 + let%span s06_map_precond11 = "06_map_precond.rs" 176 11 176 51 + let%span s06_map_precond12 = "06_map_precond.rs" 181 5 181 17 + let%span s06_map_precond13 = "06_map_precond.rs" 177 10 177 75 + let%span s06_map_precond14 = "06_map_precond.rs" 123 12 126 47 + let%span s06_map_precond15 = "06_map_precond.rs" 111 12 116 71 + let%span scommon16 = "common.rs" 14 14 14 45 + let%span scommon17 = "common.rs" 18 15 18 32 + let%span scommon18 = "common.rs" 19 15 19 32 + let%span scommon19 = "common.rs" 20 14 20 42 + let%span sresolve20 = "../../../../creusot-contracts/src/resolve.rs" 54 20 54 34 + let%span sops21 = "../../../../creusot-contracts/src/std/ops.rs" 109 15 109 59 + let%span sops22 = "../../../../creusot-contracts/src/std/ops.rs" 110 14 110 36 + let%span sops23 = "../../../../creusot-contracts/src/std/ops.rs" 115 14 115 31 + let%span sops24 = "../../../../creusot-contracts/src/std/ops.rs" 120 15 120 29 + let%span sops25 = "../../../../creusot-contracts/src/std/ops.rs" 121 15 121 26 + let%span sops26 = "../../../../creusot-contracts/src/std/ops.rs" 122 14 122 28 + let%span sops27 = "../../../../creusot-contracts/src/std/ops.rs" 127 14 128 105 + let%span s06_map_precond28 = "06_map_precond.rs" 87 12 90 63 + let%span s06_map_precond29 = "06_map_precond.rs" 165 12 167 73 + let%span s06_map_precond30 = "06_map_precond.rs" 95 14 95 81 + let%span s06_map_precond31 = "06_map_precond.rs" 98 12 104 88 use prelude.prelude.UIntSize @@ -2556,7 +1848,7 @@ module M_06_map_precond__counter [#"06_map_precond.rs" 222 0 222 48] { field_0'0: borrowed usize } predicate resolve'1 (self : borrowed closure2'1) = - [%#sresolve24] self.final = self.current + [%#sresolve20] self.final = self.current predicate resolve'0 (_1 : borrowed closure2'1) = resolve'1 _1 @@ -2586,7 +1878,7 @@ module M_06_map_precond__counter [#"06_map_precond.rs" 222 0 222 48] = UIntSize.to_int (self.field_0'0).current + 1 predicate resolve'4 (self : borrowed usize) = - [%#sresolve24] self.final = self.current + [%#sresolve20] self.final = self.current predicate resolve'3 (_1 : borrowed usize) = resolve'4 _1 @@ -2606,23 +1898,23 @@ module M_06_map_precond__counter [#"06_map_precond.rs" 222 0 222 48] function fn_mut_once'0 (self : closure2'1) (args : (uint32, Snapshot.snap_ty (Seq.seq uint32))) (res : uint32) : () - axiom fn_mut_once'0_spec : forall self : closure2'1, args : (uint32, Snapshot.snap_ty (Seq.seq uint32)), res : uint32 . [%#sops31] postcondition_once'0 self args res + axiom fn_mut_once'0_spec : forall self : closure2'1, args : (uint32, Snapshot.snap_ty (Seq.seq uint32)), res : uint32 . [%#sops27] postcondition_once'0 self args res = (exists res_state : closure2'1 . postcondition_mut'0 self args res_state res /\ resolve'2 res_state) function unnest_trans'0 (self : closure2'1) (b : closure2'1) (c : closure2'1) : () - axiom unnest_trans'0_spec : forall self : closure2'1, b : closure2'1, c : closure2'1 . ([%#sops28] unnest'0 self b) - -> ([%#sops29] unnest'0 b c) -> ([%#sops30] unnest'0 self c) + axiom unnest_trans'0_spec : forall self : closure2'1, b : closure2'1, c : closure2'1 . ([%#sops24] unnest'0 self b) + -> ([%#sops25] unnest'0 b c) -> ([%#sops26] unnest'0 self c) function unnest_refl'0 (self : closure2'1) : () - axiom unnest_refl'0_spec : forall self : closure2'1 . [%#sops27] unnest'0 self self + axiom unnest_refl'0_spec : forall self : closure2'1 . [%#sops23] unnest'0 self self function postcondition_mut_unnest'0 (self : closure2'1) (args : (uint32, Snapshot.snap_ty (Seq.seq uint32))) (res_state : closure2'1) (res : uint32) : () - axiom postcondition_mut_unnest'0_spec : forall self : closure2'1, args : (uint32, Snapshot.snap_ty (Seq.seq uint32)), res_state : closure2'1, res : uint32 . ([%#sops25] postcondition_mut'0 self args res_state res) - -> ([%#sops26] unnest'0 self res_state) + axiom postcondition_mut_unnest'0_spec : forall self : closure2'1, args : (uint32, Snapshot.snap_ty (Seq.seq uint32)), res_state : closure2'1, res : uint32 . ([%#sops21] postcondition_mut'0 self args res_state res) + -> ([%#sops22] unnest'0 self res_state) let rec closure2'0 (_1:borrowed closure2'1) (x:uint32) (_prod:Snapshot.snap_ty (Seq.seq uint32)) (return' (ret:uint32))= {[@expl:closure requires] [%#s06_map_precond5] UIntSize.to_int ((_1.current).field_0'0).current = Seq.length (Snapshot.inner _prod) @@ -2656,13 +1948,9 @@ module M_06_map_precond__counter [#"06_map_precond.rs" 222 0 222 48] predicate inv'1 (_1 : t_I'0) - predicate inv'4 (_1 : closure2'1) - - axiom inv_axiom'3 [@rewrite] : forall x : closure2'1 [inv'4 x] . inv'4 x = true + predicate inv'2 (_1 : closure2'1) - predicate inv'5 (_1 : uint32) - - axiom inv_axiom'4 [@rewrite] : forall x : uint32 [inv'5 x] . inv'5 x = true + axiom inv_axiom'1 [@rewrite] : forall x : closure2'1 [inv'2 x] . inv'2 x = true use seq.Seq @@ -2672,19 +1960,15 @@ module M_06_map_precond__counter [#"06_map_precond.rs" 222 0 222 48] predicate produces'0 [#"common.rs" 8 4 8 65] (self : t_I'0) (visited : Seq.seq uint32) (o : t_I'0) - function produces_trans'0 [#"common.rs" 25 4 25 91] (a : t_I'0) (ab : Seq.seq uint32) (b : t_I'0) (bc : Seq.seq uint32) (c : t_I'0) : () + function produces_trans'0 [#"common.rs" 21 4 21 91] (a : t_I'0) (ab : Seq.seq uint32) (b : t_I'0) (bc : Seq.seq uint32) (c : t_I'0) : () - axiom produces_trans'0_spec : forall a : t_I'0, ab : Seq.seq uint32, b : t_I'0, bc : Seq.seq uint32, c : t_I'0 . ([%#scommon18] inv'1 a) - -> ([%#scommon19] inv'1 b) - -> ([%#scommon20] inv'1 c) - -> ([%#scommon21] produces'0 a ab b) - -> ([%#scommon22] produces'0 b bc c) -> ([%#scommon23] produces'0 a (Seq.(++) ab bc) c) + axiom produces_trans'0_spec : forall a : t_I'0, ab : Seq.seq uint32, b : t_I'0, bc : Seq.seq uint32, c : t_I'0 . ([%#scommon17] produces'0 a ab b) + -> ([%#scommon18] produces'0 b bc c) -> ([%#scommon19] produces'0 a (Seq.(++) ab bc) c) - function produces_refl'0 [#"common.rs" 16 4 16 27] (self : t_I'0) : () + function produces_refl'0 [#"common.rs" 15 4 15 27] (self : t_I'0) : () - axiom produces_refl'0_spec : forall self : t_I'0 . ([%#scommon16] inv'1 self) - -> ([%#scommon17] produces'0 self (Seq.empty : Seq.seq uint32) self) + axiom produces_refl'0_spec : forall self : t_I'0 . [%#scommon16] produces'0 self (Seq.empty : Seq.seq uint32) self use prelude.prelude.Snapshot @@ -2693,62 +1977,44 @@ module M_06_map_precond__counter [#"06_map_precond.rs" 222 0 222 48] = Seq.length (Snapshot.inner _prod) /\ (self.field_0'0).current < (v_MAX'0 : usize) - predicate invariant'1 (self : borrowed t_I'0) = - [%#sinvariant34] inv'1 self.current /\ inv'1 self.final - - predicate inv'2 (_1 : borrowed t_I'0) - - axiom inv_axiom'1 [@rewrite] : forall x : borrowed t_I'0 [inv'2 x] . inv'2 x = invariant'1 x - predicate completed'0 [#"common.rs" 11 4 11 36] (self : borrowed t_I'0) - predicate next_precondition'0 [#"06_map_precond.rs" 92 4 92 74] (iter : t_I'0) (func : closure2'1) (produced : Seq.seq uint32) + predicate next_precondition'0 [#"06_map_precond.rs" 85 4 85 74] (iter : t_I'0) (func : closure2'1) (produced : Seq.seq uint32) = - [%#s06_map_precond32] forall e : uint32, i : t_I'0 [produces'0 iter (Seq.singleton e) i] . inv'5 e - /\ inv'1 i /\ produces'0 iter (Seq.singleton e) i -> precondition'0 func (e, Snapshot.new produced) - - predicate inv'3 (_1 : Seq.seq uint32) - - axiom inv_axiom'2 [@rewrite] : forall x : Seq.seq uint32 [inv'3 x] . inv'3 x = true - - predicate inv'6 (_1 : borrowed closure2'1) - - axiom inv_axiom'5 [@rewrite] : forall x : borrowed closure2'1 [inv'6 x] . inv'6 x = true + [%#s06_map_precond28] forall e : uint32, i : t_I'0 [produces'0 iter (Seq.singleton e) i] . produces'0 iter (Seq.singleton e) i + -> precondition'0 func (e, Snapshot.new produced) use seq.Seq - predicate preservation'0 [#"06_map_precond.rs" 116 4 116 45] (iter : t_I'0) (func : closure2'1) = - [%#s06_map_precond15] forall s : Seq.seq uint32, e1 : uint32, e2 : uint32, f : borrowed closure2'1, b : uint32, i : t_I'0 . inv'3 s - /\ inv'5 e1 /\ inv'5 e2 /\ inv'6 f /\ inv'5 b /\ inv'1 i /\ unnest'0 func f.current + predicate preservation'0 [#"06_map_precond.rs" 109 4 109 45] (iter : t_I'0) (func : closure2'1) = + [%#s06_map_precond15] forall s : Seq.seq uint32, e1 : uint32, e2 : uint32, f : borrowed closure2'1, b : uint32, i : t_I'0 . unnest'0 func f.current -> produces'0 iter (Seq.snoc (Seq.snoc s e1) e2) i -> precondition'0 f.current (e1, Snapshot.new s) -> postcondition_mut'0 f.current (e1, Snapshot.new s) f.final b -> precondition'0 f.final (e2, Snapshot.new (Seq.snoc s e1)) - predicate reinitialize'0 [#"06_map_precond.rs" 128 4 128 29] (_1 : ()) = - [%#s06_map_precond14] forall iter : borrowed t_I'0, func : closure2'1 . inv'2 iter /\ inv'4 func - -> completed'0 iter + predicate reinitialize'0 [#"06_map_precond.rs" 121 4 121 29] (_1 : ()) = + [%#s06_map_precond14] forall iter : borrowed t_I'0, func : closure2'1 . completed'0 iter -> next_precondition'0 iter.final func (Seq.empty : Seq.seq uint32) /\ preservation'0 iter.final func type t_Map'0 = { t_Map__iter'0: t_I'0; t_Map__func'0: closure2'1; t_Map__produced'0: Snapshot.snap_ty (Seq.seq uint32) } - predicate preservation_inv'0 [#"06_map_precond.rs" 103 4 103 73] (iter : t_I'0) (func : closure2'1) (produced : Seq.seq uint32) + predicate preservation_inv'0 [#"06_map_precond.rs" 96 4 96 73] (iter : t_I'0) (func : closure2'1) (produced : Seq.seq uint32) = - [%#s06_map_precond36] forall s : Seq.seq uint32, e1 : uint32, e2 : uint32, f : borrowed closure2'1, b : uint32, i : t_I'0 [produces'0 iter (Seq.snoc (Seq.snoc s e1) e2) i, postcondition_mut'0 f.current (e1, Snapshot.new (Seq.(++) produced s)) f.final b] . inv'3 s - /\ inv'5 e1 /\ inv'5 e2 /\ inv'6 f /\ inv'5 b /\ inv'1 i /\ unnest'0 func f.current + [%#s06_map_precond31] forall s : Seq.seq uint32, e1 : uint32, e2 : uint32, f : borrowed closure2'1, b : uint32, i : t_I'0 [produces'0 iter (Seq.snoc (Seq.snoc s e1) e2) i, postcondition_mut'0 f.current (e1, Snapshot.new (Seq.(++) produced s)) f.final b] . unnest'0 func f.current -> produces'0 iter (Seq.snoc (Seq.snoc s e1) e2) i -> precondition'0 f.current (e1, Snapshot.new (Seq.(++) produced s)) -> postcondition_mut'0 f.current (e1, Snapshot.new (Seq.(++) produced s)) f.final b -> precondition'0 f.final (e2, Snapshot.new (Seq.snoc (Seq.(++) produced s) e1)) - axiom preservation_inv'0_spec : forall iter : t_I'0, func : closure2'1, produced : Seq.seq uint32 . [%#s06_map_precond35] produced + axiom preservation_inv'0_spec : forall iter : t_I'0, func : closure2'1, produced : Seq.seq uint32 . [%#s06_map_precond30] produced = (Seq.empty : Seq.seq uint32) -> preservation_inv'0 iter func produced = preservation'0 iter func - predicate invariant'0 [#"06_map_precond.rs" 176 4 176 30] (self : t_Map'0) = - [%#s06_map_precond33] reinitialize'0 () + predicate invariant'0 [#"06_map_precond.rs" 163 4 163 30] (self : t_Map'0) = + [%#s06_map_precond29] reinitialize'0 () /\ preservation_inv'0 self.t_Map__iter'0 self.t_Map__func'0 (Snapshot.inner self.t_Map__produced'0) /\ next_precondition'0 self.t_Map__iter'0 self.t_Map__func'0 (Snapshot.inner self.t_Map__produced'0) @@ -2761,9 +2027,9 @@ module M_06_map_precond__counter [#"06_map_precond.rs" 222 0 222 48] end) let rec map'0 (iter:t_I'0) (func:closure2'1) (return' (ret:t_Map'0))= {[@expl:map 'iter' type invariant] [%#s06_map_precond7] inv'1 iter} - {[@expl:map 'func' type invariant] [%#s06_map_precond8] inv'4 func} - {[@expl:map requires #0] [%#s06_map_precond9] forall e : uint32, i2 : t_I'0 . inv'5 e /\ inv'1 i2 - -> produces'0 iter (Seq.singleton e) i2 -> precondition'0 func (e, Snapshot.new (Seq.empty : Seq.seq uint32))} + {[@expl:map 'func' type invariant] [%#s06_map_precond8] inv'2 func} + {[@expl:map requires #0] [%#s06_map_precond9] forall e : uint32, i2 : t_I'0 . produces'0 iter (Seq.singleton e) i2 + -> precondition'0 func (e, Snapshot.new (Seq.empty : Seq.seq uint32))} {[@expl:map requires #1] [%#s06_map_precond10] reinitialize'0 ()} {[@expl:map requires #2] [%#s06_map_precond11] preservation'0 iter func} any @@ -2776,11 +2042,11 @@ module M_06_map_precond__counter [#"06_map_precond.rs" 222 0 222 48] meta "compute_max_steps" 1000000 let rec counter'0 (iter:t_I'0) (return' (ret:()))= {[@expl:counter 'iter' type invariant] [%#s06_map_precond1] inv'1 iter} - {[@expl:counter requires #0] [%#s06_map_precond2] forall done' : borrowed t_I'0 . inv'2 done' /\ completed'0 done' + {[@expl:counter requires #0] [%#s06_map_precond2] forall done' : borrowed t_I'0 . completed'0 done' -> (forall next : t_I'0, steps : Seq.seq uint32 . produces'0 done'.final steps next -> steps = (Seq.empty : Seq.seq uint32) /\ done'.final = next)} - {[@expl:counter requires #1] [%#s06_map_precond3] forall prod : Seq.seq uint32, fin : t_I'0 . inv'3 prod - /\ inv'1 fin /\ produces'0 iter prod fin -> Seq.length prod <= UIntSize.to_int (v_MAX'0 : usize)} + {[@expl:counter requires #1] [%#s06_map_precond3] forall prod : Seq.seq uint32, fin : t_I'0 . produces'0 iter prod fin + -> Seq.length prod <= UIntSize.to_int (v_MAX'0 : usize)} (! bb0 [ bb0 = bb1 | bb1 = s0 @@ -2804,36 +2070,30 @@ module M_06_map_precond__counter [#"06_map_precond.rs" 222 0 222 48] | & _8 : borrowed usize = any_l () ] [ return' (result:())-> (! return' {result}) ] end -module M_06_map_precond__qyi18374305379273630819__next__refines [#"06_map_precond.rs" 72 4 72 44] (* as common::Iterator> *) - let%span s06_map_precond0 = "06_map_precond.rs" 72 4 72 44 - let%span s06_map_precond1 = "06_map_precond.rs" 25 8 28 9 - let%span s06_map_precond2 = "06_map_precond.rs" 159 14 159 68 - let%span s06_map_precond3 = "06_map_precond.rs" 162 12 168 74 - let%span s06_map_precond4 = "06_map_precond.rs" 51 8 65 9 - let%span scommon5 = "common.rs" 14 15 14 24 - let%span scommon6 = "common.rs" 15 14 15 45 - let%span scommon7 = "common.rs" 19 15 19 21 - let%span scommon8 = "common.rs" 20 15 20 21 - let%span scommon9 = "common.rs" 21 15 21 21 - let%span scommon10 = "common.rs" 22 15 22 32 - let%span scommon11 = "common.rs" 23 15 23 32 - let%span scommon12 = "common.rs" 24 14 24 42 - let%span sinvariant13 = "../../../../creusot-contracts/src/invariant.rs" 34 20 34 44 - let%span sops14 = "../../../../creusot-contracts/src/std/ops.rs" 109 15 109 59 - let%span sops15 = "../../../../creusot-contracts/src/std/ops.rs" 110 14 110 36 - let%span sops16 = "../../../../creusot-contracts/src/std/ops.rs" 115 14 115 31 - let%span sops17 = "../../../../creusot-contracts/src/std/ops.rs" 120 15 120 29 - let%span sops18 = "../../../../creusot-contracts/src/std/ops.rs" 121 15 121 26 - let%span sops19 = "../../../../creusot-contracts/src/std/ops.rs" 122 14 122 28 - let%span sops20 = "../../../../creusot-contracts/src/std/ops.rs" 127 14 128 105 - let%span sseq21 = "../../../../creusot-contracts/src/logic/seq.rs" 611 20 611 95 - let%span s06_map_precond22 = "06_map_precond.rs" 178 12 180 73 - let%span s06_map_precond23 = "06_map_precond.rs" 130 12 134 47 - let%span s06_map_precond24 = "06_map_precond.rs" 102 14 102 81 - let%span s06_map_precond25 = "06_map_precond.rs" 105 12 111 88 - let%span s06_map_precond26 = "06_map_precond.rs" 94 12 97 63 - let%span sboxed27 = "../../../../creusot-contracts/src/std/boxed.rs" 28 8 28 18 - let%span s06_map_precond28 = "06_map_precond.rs" 118 12 123 71 +module M_06_map_precond__qyi18374305379273630819__next__refines [#"06_map_precond.rs" 65 4 65 44] (* as common::Iterator> *) + let%span s06_map_precond0 = "06_map_precond.rs" 65 4 65 44 + let%span s06_map_precond1 = "06_map_precond.rs" 22 8 25 9 + let%span s06_map_precond2 = "06_map_precond.rs" 146 14 146 68 + let%span s06_map_precond3 = "06_map_precond.rs" 149 12 155 74 + let%span s06_map_precond4 = "06_map_precond.rs" 44 8 58 9 + let%span scommon5 = "common.rs" 14 14 14 45 + let%span scommon6 = "common.rs" 18 15 18 32 + let%span scommon7 = "common.rs" 19 15 19 32 + let%span scommon8 = "common.rs" 20 14 20 42 + let%span sinvariant9 = "../../../../creusot-contracts/src/invariant.rs" 34 20 34 44 + let%span sops10 = "../../../../creusot-contracts/src/std/ops.rs" 109 15 109 59 + let%span sops11 = "../../../../creusot-contracts/src/std/ops.rs" 110 14 110 36 + let%span sops12 = "../../../../creusot-contracts/src/std/ops.rs" 115 14 115 31 + let%span sops13 = "../../../../creusot-contracts/src/std/ops.rs" 120 15 120 29 + let%span sops14 = "../../../../creusot-contracts/src/std/ops.rs" 121 15 121 26 + let%span sops15 = "../../../../creusot-contracts/src/std/ops.rs" 122 14 122 28 + let%span sops16 = "../../../../creusot-contracts/src/std/ops.rs" 127 14 128 105 + let%span s06_map_precond17 = "06_map_precond.rs" 165 12 167 73 + let%span s06_map_precond18 = "06_map_precond.rs" 123 12 126 47 + let%span s06_map_precond19 = "06_map_precond.rs" 95 14 95 81 + let%span s06_map_precond20 = "06_map_precond.rs" 98 12 104 88 + let%span s06_map_precond21 = "06_map_precond.rs" 87 12 90 63 + let%span s06_map_precond22 = "06_map_precond.rs" 111 12 116 71 use prelude.prelude.Borrow @@ -2841,8 +2101,6 @@ module M_06_map_precond__qyi18374305379273630819__next__refines [#"06_map_precon type t_F'0 - predicate inv'7 (_1 : t_I'0) - use seq.Seq use seq.Seq @@ -2853,81 +2111,37 @@ module M_06_map_precond__qyi18374305379273630819__next__refines [#"06_map_precon predicate produces'1 [#"common.rs" 8 4 8 65] (self : t_I'0) (visited : Seq.seq t_Item'0) (o : t_I'0) - function produces_trans'0 [#"common.rs" 25 4 25 91] (a : t_I'0) (ab : Seq.seq t_Item'0) (b : t_I'0) (bc : Seq.seq t_Item'0) (c : t_I'0) : () + function produces_trans'0 [#"common.rs" 21 4 21 91] (a : t_I'0) (ab : Seq.seq t_Item'0) (b : t_I'0) (bc : Seq.seq t_Item'0) (c : t_I'0) : () - axiom produces_trans'0_spec : forall a : t_I'0, ab : Seq.seq t_Item'0, b : t_I'0, bc : Seq.seq t_Item'0, c : t_I'0 . ([%#scommon7] inv'7 a) - -> ([%#scommon8] inv'7 b) - -> ([%#scommon9] inv'7 c) - -> ([%#scommon10] produces'1 a ab b) - -> ([%#scommon11] produces'1 b bc c) -> ([%#scommon12] produces'1 a (Seq.(++) ab bc) c) + axiom produces_trans'0_spec : forall a : t_I'0, ab : Seq.seq t_Item'0, b : t_I'0, bc : Seq.seq t_Item'0, c : t_I'0 . ([%#scommon6] produces'1 a ab b) + -> ([%#scommon7] produces'1 b bc c) -> ([%#scommon8] produces'1 a (Seq.(++) ab bc) c) - function produces_refl'0 [#"common.rs" 16 4 16 27] (self : t_I'0) : () + function produces_refl'0 [#"common.rs" 15 4 15 27] (self : t_I'0) : () - axiom produces_refl'0_spec : forall self : t_I'0 . ([%#scommon5] inv'7 self) - -> ([%#scommon6] produces'1 self (Seq.empty : Seq.seq t_Item'0) self) + axiom produces_refl'0_spec : forall self : t_I'0 . [%#scommon5] produces'1 self (Seq.empty : Seq.seq t_Item'0) self use prelude.prelude.Snapshot type t_Map'0 = { t_Map__iter'0: t_I'0; t_Map__func'0: t_F'0; t_Map__produced'0: Snapshot.snap_ty (Seq.seq t_Item'0) } - predicate invariant'7 (self : borrowed t_I'0) = - [%#sinvariant13] inv'7 self.current /\ inv'7 self.final - - predicate inv'12 (_1 : borrowed t_I'0) - - axiom inv_axiom'8 [@rewrite] : forall x : borrowed t_I'0 [inv'12 x] . inv'12 x = invariant'7 x - - predicate inv'9 (_1 : t_F'0) - predicate completed'1 [#"common.rs" 11 4 11 36] (self : borrowed t_I'0) - predicate inv'3 (_1 : t_Item'0) - use seq.Seq use prelude.prelude.Snapshot predicate precondition'0 (self : t_F'0) (args : (t_Item'0, Snapshot.snap_ty (Seq.seq t_Item'0))) - predicate next_precondition'0 [#"06_map_precond.rs" 92 4 92 74] (iter : t_I'0) (func : t_F'0) (produced : Seq.seq t_Item'0) + predicate next_precondition'0 [#"06_map_precond.rs" 85 4 85 74] (iter : t_I'0) (func : t_F'0) (produced : Seq.seq t_Item'0) = - [%#s06_map_precond26] forall e : t_Item'0, i : t_I'0 [produces'1 iter (Seq.singleton e) i] . inv'3 e - /\ inv'7 i /\ produces'1 iter (Seq.singleton e) i -> precondition'0 func (e, Snapshot.new produced) + [%#s06_map_precond21] forall e : t_Item'0, i : t_I'0 [produces'1 iter (Seq.singleton e) i] . produces'1 iter (Seq.singleton e) i + -> precondition'0 func (e, Snapshot.new produced) type t_B'0 - use prelude.prelude.Int - - use seq.Seq - - use seq.Seq - - predicate invariant'6 (self : t_Item'0) = - [%#sboxed27] inv'3 self - - predicate inv'11 (_1 : t_Item'0) - - axiom inv_axiom'7 [@rewrite] : forall x : t_Item'0 [inv'11 x] . inv'11 x = invariant'6 x - - predicate invariant'3 (self : Seq.seq t_Item'0) = - [%#sseq21] forall i : int . 0 <= i /\ i < Seq.length self -> inv'11 (Seq.get self i) - - predicate inv'5 (_1 : Seq.seq t_Item'0) - - axiom inv_axiom'4 [@rewrite] : forall x : Seq.seq t_Item'0 [inv'5 x] . inv'5 x = invariant'3 x - - predicate invariant'1 (self : borrowed t_F'0) = - [%#sinvariant13] inv'9 self.current /\ inv'9 self.final - - predicate inv'2 (_1 : borrowed t_F'0) - - axiom inv_axiom'2 [@rewrite] : forall x : borrowed t_F'0 [inv'2 x] . inv'2 x = invariant'1 x - - predicate inv'6 (_1 : t_B'0) - predicate postcondition_once'0 (self : t_F'0) (args : (t_Item'0, Snapshot.snap_ty (Seq.seq t_Item'0))) (result : t_B'0) @@ -2938,71 +2152,72 @@ module M_06_map_precond__qyi18374305379273630819__next__refines [#"06_map_precon function fn_mut_once'0 (self : t_F'0) (args : (t_Item'0, Snapshot.snap_ty (Seq.seq t_Item'0))) (res : t_B'0) : () - axiom fn_mut_once'0_spec : forall self : t_F'0, args : (t_Item'0, Snapshot.snap_ty (Seq.seq t_Item'0)), res : t_B'0 . [%#sops20] postcondition_once'0 self args res + axiom fn_mut_once'0_spec : forall self : t_F'0, args : (t_Item'0, Snapshot.snap_ty (Seq.seq t_Item'0)), res : t_B'0 . [%#sops16] postcondition_once'0 self args res = (exists res_state : t_F'0 . postcondition_mut'0 self args res_state res /\ resolve'0 res_state) predicate unnest'0 (self : t_F'0) (_2 : t_F'0) function unnest_trans'0 (self : t_F'0) (b : t_F'0) (c : t_F'0) : () - axiom unnest_trans'0_spec : forall self : t_F'0, b : t_F'0, c : t_F'0 . ([%#sops17] unnest'0 self b) - -> ([%#sops18] unnest'0 b c) -> ([%#sops19] unnest'0 self c) + axiom unnest_trans'0_spec : forall self : t_F'0, b : t_F'0, c : t_F'0 . ([%#sops13] unnest'0 self b) + -> ([%#sops14] unnest'0 b c) -> ([%#sops15] unnest'0 self c) function unnest_refl'0 (self : t_F'0) : () - axiom unnest_refl'0_spec : forall self : t_F'0 . [%#sops16] unnest'0 self self + axiom unnest_refl'0_spec : forall self : t_F'0 . [%#sops12] unnest'0 self self function postcondition_mut_unnest'0 (self : t_F'0) (args : (t_Item'0, Snapshot.snap_ty (Seq.seq t_Item'0))) (res_state : t_F'0) (res : t_B'0) : () - axiom postcondition_mut_unnest'0_spec : forall self : t_F'0, args : (t_Item'0, Snapshot.snap_ty (Seq.seq t_Item'0)), res_state : t_F'0, res : t_B'0 . ([%#sops14] postcondition_mut'0 self args res_state res) - -> ([%#sops15] unnest'0 self res_state) + axiom postcondition_mut_unnest'0_spec : forall self : t_F'0, args : (t_Item'0, Snapshot.snap_ty (Seq.seq t_Item'0)), res_state : t_F'0, res : t_B'0 . ([%#sops10] postcondition_mut'0 self args res_state res) + -> ([%#sops11] unnest'0 self res_state) use seq.Seq - predicate preservation'0 [#"06_map_precond.rs" 116 4 116 45] (iter : t_I'0) (func : t_F'0) = - [%#s06_map_precond28] forall s : Seq.seq t_Item'0, e1 : t_Item'0, e2 : t_Item'0, f : borrowed t_F'0, b : t_B'0, i : t_I'0 . inv'5 s - /\ inv'3 e1 /\ inv'3 e2 /\ inv'2 f /\ inv'6 b /\ inv'7 i /\ unnest'0 func f.current + predicate preservation'0 [#"06_map_precond.rs" 109 4 109 45] (iter : t_I'0) (func : t_F'0) = + [%#s06_map_precond22] forall s : Seq.seq t_Item'0, e1 : t_Item'0, e2 : t_Item'0, f : borrowed t_F'0, b : t_B'0, i : t_I'0 . unnest'0 func f.current -> produces'1 iter (Seq.snoc (Seq.snoc s e1) e2) i -> precondition'0 f.current (e1, Snapshot.new s) -> postcondition_mut'0 f.current (e1, Snapshot.new s) f.final b -> precondition'0 f.final (e2, Snapshot.new (Seq.snoc s e1)) - predicate reinitialize'0 [#"06_map_precond.rs" 128 4 128 29] (_1 : ()) = - [%#s06_map_precond23] forall iter : borrowed t_I'0, func : t_F'0 . inv'12 iter /\ inv'9 func - -> completed'1 iter + predicate reinitialize'0 [#"06_map_precond.rs" 121 4 121 29] (_1 : ()) = + [%#s06_map_precond18] forall iter : borrowed t_I'0, func : t_F'0 . completed'1 iter -> next_precondition'0 iter.final func (Seq.empty : Seq.seq t_Item'0) /\ preservation'0 iter.final func use prelude.prelude.Snapshot - predicate preservation_inv'0 [#"06_map_precond.rs" 103 4 103 73] (iter : t_I'0) (func : t_F'0) (produced : Seq.seq t_Item'0) + predicate preservation_inv'0 [#"06_map_precond.rs" 96 4 96 73] (iter : t_I'0) (func : t_F'0) (produced : Seq.seq t_Item'0) = - [%#s06_map_precond25] forall s : Seq.seq t_Item'0, e1 : t_Item'0, e2 : t_Item'0, f : borrowed t_F'0, b : t_B'0, i : t_I'0 [produces'1 iter (Seq.snoc (Seq.snoc s e1) e2) i, postcondition_mut'0 f.current (e1, Snapshot.new (Seq.(++) produced s)) f.final b] . inv'5 s - /\ inv'3 e1 /\ inv'3 e2 /\ inv'2 f /\ inv'6 b /\ inv'7 i /\ unnest'0 func f.current + [%#s06_map_precond20] forall s : Seq.seq t_Item'0, e1 : t_Item'0, e2 : t_Item'0, f : borrowed t_F'0, b : t_B'0, i : t_I'0 [produces'1 iter (Seq.snoc (Seq.snoc s e1) e2) i, postcondition_mut'0 f.current (e1, Snapshot.new (Seq.(++) produced s)) f.final b] . unnest'0 func f.current -> produces'1 iter (Seq.snoc (Seq.snoc s e1) e2) i -> precondition'0 f.current (e1, Snapshot.new (Seq.(++) produced s)) -> postcondition_mut'0 f.current (e1, Snapshot.new (Seq.(++) produced s)) f.final b -> precondition'0 f.final (e2, Snapshot.new (Seq.snoc (Seq.(++) produced s) e1)) - axiom preservation_inv'0_spec : forall iter : t_I'0, func : t_F'0, produced : Seq.seq t_Item'0 . [%#s06_map_precond24] produced + axiom preservation_inv'0_spec : forall iter : t_I'0, func : t_F'0, produced : Seq.seq t_Item'0 . [%#s06_map_precond19] produced = (Seq.empty : Seq.seq t_Item'0) -> preservation_inv'0 iter func produced = preservation'0 iter func - predicate invariant'4 [#"06_map_precond.rs" 176 4 176 30] (self : t_Map'0) = - [%#s06_map_precond22] reinitialize'0 () + predicate invariant'1 [#"06_map_precond.rs" 163 4 163 30] (self : t_Map'0) = + [%#s06_map_precond17] reinitialize'0 () /\ preservation_inv'0 self.t_Map__iter'0 self.t_Map__func'0 (Snapshot.inner self.t_Map__produced'0) /\ next_precondition'0 self.t_Map__iter'0 self.t_Map__func'0 (Snapshot.inner self.t_Map__produced'0) - predicate inv'8 (_1 : t_Map'0) + predicate inv'4 (_1 : t_I'0) + + predicate inv'5 (_1 : t_F'0) + + predicate inv'3 (_1 : t_Map'0) - axiom inv_axiom'5 [@rewrite] : forall x : t_Map'0 [inv'8 x] . inv'8 x - = (invariant'4 x + axiom inv_axiom'2 [@rewrite] : forall x : t_Map'0 [inv'3 x] . inv'3 x + = (invariant'1 x /\ match x with - | {t_Map__iter'0 = iter ; t_Map__func'0 = func ; t_Map__produced'0 = produced} -> inv'7 iter /\ inv'9 func + | {t_Map__iter'0 = iter ; t_Map__func'0 = func ; t_Map__produced'0 = produced} -> inv'4 iter /\ inv'5 func end) predicate invariant'0 (self : borrowed (t_Map'0)) = - [%#sinvariant13] inv'8 self.current /\ inv'8 self.final + [%#sinvariant9] inv'3 self.current /\ inv'3 self.final predicate inv'0 (_1 : borrowed (t_Map'0)) @@ -3012,7 +2227,7 @@ module M_06_map_precond__qyi18374305379273630819__next__refines [#"06_map_precon | C_None'0 | C_Some'0 t_B'0 - predicate completed'0 [#"06_map_precond.rs" 24 4 24 35] (self : borrowed (t_Map'0)) = + predicate completed'0 [#"06_map_precond.rs" 21 4 21 35] (self : borrowed (t_Map'0)) = [%#s06_map_precond1] Snapshot.inner (self.final).t_Map__produced'0 = (Seq.empty : Seq.seq t_Item'0) /\ completed'1 (Borrow.borrow_logic (self.current).t_Map__iter'0 (self.final).t_Map__iter'0 (Borrow.inherit_id (Borrow.get_id self) 1)) /\ (self.current).t_Map__func'0 = (self.final).t_Map__func'0 @@ -3027,24 +2242,12 @@ module M_06_map_precond__qyi18374305379273630819__next__refines [#"06_map_precon use seq.Seq - predicate invariant'5 (self : borrowed t_F'0) = - [%#sboxed27] inv'2 self - - predicate inv'10 (_1 : borrowed t_F'0) - - axiom inv_axiom'6 [@rewrite] : forall x : borrowed t_F'0 [inv'10 x] . inv'10 x = invariant'5 x - - predicate invariant'2 (self : Seq.seq (borrowed t_F'0)) = - [%#sseq21] forall i : int . 0 <= i /\ i < Seq.length self -> inv'10 (Seq.get self i) - - predicate inv'4 (_1 : Seq.seq (borrowed t_F'0)) - - axiom inv_axiom'3 [@rewrite] : forall x : Seq.seq (borrowed t_F'0) [inv'4 x] . inv'4 x = invariant'2 x - use seq.Seq use prelude.prelude.Snapshot + use prelude.prelude.Int + use seq.Seq use seq.Seq @@ -3053,14 +2256,13 @@ module M_06_map_precond__qyi18374305379273630819__next__refines [#"06_map_precon use seq.Seq - predicate produces'0 [@inline:trivial] [#"06_map_precond.rs" 50 4 50 67] (self : t_Map'0) (visited : Seq.seq t_B'0) (succ : t_Map'0) + predicate produces'0 [@inline:trivial] [#"06_map_precond.rs" 43 4 43 67] (self : t_Map'0) (visited : Seq.seq t_B'0) (succ : t_Map'0) = [%#s06_map_precond4] unnest'0 self.t_Map__func'0 succ.t_Map__func'0 - /\ (exists fs : Seq.seq (borrowed t_F'0) . inv'4 fs - /\ Seq.length fs = Seq.length visited - /\ (exists s : Seq.seq t_Item'0 [produces'1 self.t_Map__iter'0 s succ.t_Map__iter'0] . inv'5 s - /\ Seq.length s = Seq.length visited + /\ (exists fs : Seq.seq (borrowed t_F'0) . Seq.length fs = Seq.length visited + /\ (exists s : Seq.seq t_Item'0 [produces'1 self.t_Map__iter'0 s succ.t_Map__iter'0] . Seq.length s + = Seq.length visited /\ produces'1 self.t_Map__iter'0 s succ.t_Map__iter'0 /\ Snapshot.inner succ.t_Map__produced'0 = Seq.(++) (Snapshot.inner self.t_Map__produced'0) s /\ (forall i : int . 1 <= i /\ i < Seq.length fs -> (Seq.get fs (i - 1)).final = (Seq.get fs i).current) @@ -3074,10 +2276,9 @@ module M_06_map_precond__qyi18374305379273630819__next__refines [#"06_map_precon /\ precondition'0 (Seq.get fs i).current (Seq.get s i, Snapshot.new (Seq.(++) (Snapshot.inner self.t_Map__produced'0) (Seq.([..]) s 0 i))) /\ postcondition_mut'0 (Seq.get fs i).current (Seq.get s i, Snapshot.new (Seq.(++) (Snapshot.inner self.t_Map__produced'0) (Seq.([..]) s 0 i))) (Seq.get fs i).final (Seq.get visited i)))) - predicate produces_one'0 [#"06_map_precond.rs" 160 4 160 57] (self : t_Map'0) (visited : t_B'0) (succ : t_Map'0) = - [%#s06_map_precond3] exists f : borrowed t_F'0, e : t_Item'0 [postcondition_mut'0 f.current (e, self.t_Map__produced'0) f.final visited] . inv'2 f - /\ inv'3 e - /\ f.current = self.t_Map__func'0 + predicate produces_one'0 [#"06_map_precond.rs" 147 4 147 57] (self : t_Map'0) (visited : t_B'0) (succ : t_Map'0) = + [%#s06_map_precond3] exists f : borrowed t_F'0, e : t_Item'0 [postcondition_mut'0 f.current (e, self.t_Map__produced'0) f.final visited] . f.current + = self.t_Map__func'0 /\ f.final = succ.t_Map__func'0 /\ produces'1 self.t_Map__iter'0 (Seq.singleton e) succ.t_Map__iter'0 /\ Snapshot.inner succ.t_Map__produced'0 = Seq.snoc (Snapshot.inner self.t_Map__produced'0) e @@ -3087,12 +2288,14 @@ module M_06_map_precond__qyi18374305379273630819__next__refines [#"06_map_precon axiom produces_one'0_spec : forall self : t_Map'0, visited : t_B'0, succ : t_Map'0 . [%#s06_map_precond2] produces_one'0 self visited succ = produces'0 self (Seq.singleton visited) succ + predicate inv'2 (_1 : t_B'0) + predicate inv'1 (_1 : t_Option'0) axiom inv_axiom'1 [@rewrite] : forall x : t_Option'0 [inv'1 x] . inv'1 x = match x with | C_None'0 -> true - | C_Some'0 a_0 -> inv'6 a_0 + | C_Some'0 a_0 -> inv'2 a_0 end goal refines : [%#s06_map_precond0] forall self : borrowed (t_Map'0) . inv'0 self @@ -3108,40 +2311,25 @@ module M_06_map_precond__qyi18374305379273630819__next__refines [#"06_map_precon end /\ inv'1 result) end -module M_06_map_precond__qyi18374305379273630819__produces_refl__refines [#"06_map_precond.rs" 35 4 35 26] (* as common::Iterator> *) - let%span s06_map_precond0 = "06_map_precond.rs" 35 4 35 26 - let%span s06_map_precond1 = "06_map_precond.rs" 51 8 65 9 - let%span scommon2 = "common.rs" 14 15 14 24 - let%span scommon3 = "common.rs" 15 14 15 45 - let%span scommon4 = "common.rs" 19 15 19 21 - let%span scommon5 = "common.rs" 20 15 20 21 - let%span scommon6 = "common.rs" 21 15 21 21 - let%span scommon7 = "common.rs" 22 15 22 32 - let%span scommon8 = "common.rs" 23 15 23 32 - let%span scommon9 = "common.rs" 24 14 24 42 - let%span s06_map_precond10 = "06_map_precond.rs" 178 12 180 73 - let%span sops11 = "../../../../creusot-contracts/src/std/ops.rs" 109 15 109 59 - let%span sops12 = "../../../../creusot-contracts/src/std/ops.rs" 110 14 110 36 - let%span sops13 = "../../../../creusot-contracts/src/std/ops.rs" 115 14 115 31 - let%span sops14 = "../../../../creusot-contracts/src/std/ops.rs" 120 15 120 29 - let%span sops15 = "../../../../creusot-contracts/src/std/ops.rs" 121 15 121 26 - let%span sops16 = "../../../../creusot-contracts/src/std/ops.rs" 122 14 122 28 - let%span sops17 = "../../../../creusot-contracts/src/std/ops.rs" 127 14 128 105 - let%span s06_map_precond18 = "06_map_precond.rs" 130 12 134 47 - let%span s06_map_precond19 = "06_map_precond.rs" 102 14 102 81 - let%span s06_map_precond20 = "06_map_precond.rs" 105 12 111 88 - let%span s06_map_precond21 = "06_map_precond.rs" 94 12 97 63 - let%span sseq22 = "../../../../creusot-contracts/src/logic/seq.rs" 611 20 611 95 - let%span s06_map_precond23 = "06_map_precond.rs" 118 12 123 71 - let%span sinvariant24 = "../../../../creusot-contracts/src/invariant.rs" 34 20 34 44 - let%span sboxed25 = "../../../../creusot-contracts/src/std/boxed.rs" 28 8 28 18 +module M_06_map_precond__qyi18374305379273630819__produces_refl__refines [#"06_map_precond.rs" 31 4 31 26] (* as common::Iterator> *) + let%span s06_map_precond0 = "06_map_precond.rs" 31 4 31 26 + let%span s06_map_precond1 = "06_map_precond.rs" 44 8 58 9 + let%span scommon2 = "common.rs" 14 14 14 45 + let%span scommon3 = "common.rs" 18 15 18 32 + let%span scommon4 = "common.rs" 19 15 19 32 + let%span scommon5 = "common.rs" 20 14 20 42 + let%span sops6 = "../../../../creusot-contracts/src/std/ops.rs" 109 15 109 59 + let%span sops7 = "../../../../creusot-contracts/src/std/ops.rs" 110 14 110 36 + let%span sops8 = "../../../../creusot-contracts/src/std/ops.rs" 115 14 115 31 + let%span sops9 = "../../../../creusot-contracts/src/std/ops.rs" 120 15 120 29 + let%span sops10 = "../../../../creusot-contracts/src/std/ops.rs" 121 15 121 26 + let%span sops11 = "../../../../creusot-contracts/src/std/ops.rs" 122 14 122 28 + let%span sops12 = "../../../../creusot-contracts/src/std/ops.rs" 127 14 128 105 type t_I'0 type t_F'0 - predicate inv'3 (_1 : t_I'0) - use seq.Seq use seq.Seq @@ -3152,86 +2340,32 @@ module M_06_map_precond__qyi18374305379273630819__produces_refl__refines [#"06_m predicate produces'1 [#"common.rs" 8 4 8 65] (self : t_I'0) (visited : Seq.seq t_Item'0) (o : t_I'0) - function produces_trans'0 [#"common.rs" 25 4 25 91] (a : t_I'0) (ab : Seq.seq t_Item'0) (b : t_I'0) (bc : Seq.seq t_Item'0) (c : t_I'0) : () + function produces_trans'0 [#"common.rs" 21 4 21 91] (a : t_I'0) (ab : Seq.seq t_Item'0) (b : t_I'0) (bc : Seq.seq t_Item'0) (c : t_I'0) : () - axiom produces_trans'0_spec : forall a : t_I'0, ab : Seq.seq t_Item'0, b : t_I'0, bc : Seq.seq t_Item'0, c : t_I'0 . ([%#scommon4] inv'3 a) - -> ([%#scommon5] inv'3 b) - -> ([%#scommon6] inv'3 c) - -> ([%#scommon7] produces'1 a ab b) - -> ([%#scommon8] produces'1 b bc c) -> ([%#scommon9] produces'1 a (Seq.(++) ab bc) c) + axiom produces_trans'0_spec : forall a : t_I'0, ab : Seq.seq t_Item'0, b : t_I'0, bc : Seq.seq t_Item'0, c : t_I'0 . ([%#scommon3] produces'1 a ab b) + -> ([%#scommon4] produces'1 b bc c) -> ([%#scommon5] produces'1 a (Seq.(++) ab bc) c) - function produces_refl'1 [#"common.rs" 16 4 16 27] (self : t_I'0) : () + function produces_refl'1 [#"common.rs" 15 4 15 27] (self : t_I'0) : () - axiom produces_refl'1_spec : forall self : t_I'0 . ([%#scommon2] inv'3 self) - -> ([%#scommon3] produces'1 self (Seq.empty : Seq.seq t_Item'0) self) + axiom produces_refl'1_spec : forall self : t_I'0 . [%#scommon2] produces'1 self (Seq.empty : Seq.seq t_Item'0) self use prelude.prelude.Snapshot type t_Map'0 = { t_Map__iter'0: t_I'0; t_Map__func'0: t_F'0; t_Map__produced'0: Snapshot.snap_ty (Seq.seq t_Item'0) } - use prelude.prelude.Borrow - - predicate invariant'3 (self : borrowed t_I'0) = - [%#sinvariant24] inv'3 self.current /\ inv'3 self.final - - predicate inv'5 (_1 : borrowed t_I'0) - - axiom inv_axiom'3 [@rewrite] : forall x : borrowed t_I'0 [inv'5 x] . inv'5 x = invariant'3 x - - predicate inv'4 (_1 : t_F'0) - - predicate completed'0 [#"common.rs" 11 4 11 36] (self : borrowed t_I'0) - - predicate inv'6 (_1 : t_Item'0) - use seq.Seq - use prelude.prelude.Snapshot - - predicate precondition'0 (self : t_F'0) (args : (t_Item'0, Snapshot.snap_ty (Seq.seq t_Item'0))) - - predicate next_precondition'0 [#"06_map_precond.rs" 92 4 92 74] (iter : t_I'0) (func : t_F'0) (produced : Seq.seq t_Item'0) - - = - [%#s06_map_precond21] forall e : t_Item'0, i : t_I'0 [produces'1 iter (Seq.singleton e) i] . inv'6 e - /\ inv'3 i /\ produces'1 iter (Seq.singleton e) i -> precondition'0 func (e, Snapshot.new produced) - type t_B'0 - use prelude.prelude.Int - - use seq.Seq - use seq.Seq - predicate invariant'6 (self : t_Item'0) = - [%#sboxed25] inv'6 self - - predicate inv'10 (_1 : t_Item'0) - - axiom inv_axiom'6 [@rewrite] : forall x : t_Item'0 [inv'10 x] . inv'10 x = invariant'6 x - - predicate invariant'2 (self : Seq.seq t_Item'0) = - [%#sseq22] forall i : int . 0 <= i /\ i < Seq.length self -> inv'10 (Seq.get self i) - - predicate inv'2 (_1 : Seq.seq t_Item'0) - - axiom inv_axiom'2 [@rewrite] : forall x : Seq.seq t_Item'0 [inv'2 x] . inv'2 x = invariant'2 x - - predicate invariant'4 (self : borrowed t_F'0) = - [%#sinvariant24] inv'4 self.current /\ inv'4 self.final - - predicate inv'7 (_1 : borrowed t_F'0) - - axiom inv_axiom'4 [@rewrite] : forall x : borrowed t_F'0 [inv'7 x] . inv'7 x = invariant'4 x - - predicate inv'8 (_1 : t_B'0) - predicate postcondition_once'0 (self : t_F'0) (args : (t_Item'0, Snapshot.snap_ty (Seq.seq t_Item'0))) (result : t_B'0) + use prelude.prelude.Borrow + predicate resolve'0 (_1 : t_F'0) predicate postcondition_mut'0 (self : t_F'0) (args : (t_Item'0, Snapshot.snap_ty (Seq.seq t_Item'0))) (result_state : t_F'0) (result : t_B'0) @@ -3239,70 +2373,25 @@ module M_06_map_precond__qyi18374305379273630819__produces_refl__refines [#"06_m function fn_mut_once'0 (self : t_F'0) (args : (t_Item'0, Snapshot.snap_ty (Seq.seq t_Item'0))) (res : t_B'0) : () - axiom fn_mut_once'0_spec : forall self : t_F'0, args : (t_Item'0, Snapshot.snap_ty (Seq.seq t_Item'0)), res : t_B'0 . [%#sops17] postcondition_once'0 self args res + axiom fn_mut_once'0_spec : forall self : t_F'0, args : (t_Item'0, Snapshot.snap_ty (Seq.seq t_Item'0)), res : t_B'0 . [%#sops12] postcondition_once'0 self args res = (exists res_state : t_F'0 . postcondition_mut'0 self args res_state res /\ resolve'0 res_state) predicate unnest'0 (self : t_F'0) (_2 : t_F'0) function unnest_trans'0 (self : t_F'0) (b : t_F'0) (c : t_F'0) : () - axiom unnest_trans'0_spec : forall self : t_F'0, b : t_F'0, c : t_F'0 . ([%#sops14] unnest'0 self b) - -> ([%#sops15] unnest'0 b c) -> ([%#sops16] unnest'0 self c) + axiom unnest_trans'0_spec : forall self : t_F'0, b : t_F'0, c : t_F'0 . ([%#sops9] unnest'0 self b) + -> ([%#sops10] unnest'0 b c) -> ([%#sops11] unnest'0 self c) function unnest_refl'0 (self : t_F'0) : () - axiom unnest_refl'0_spec : forall self : t_F'0 . [%#sops13] unnest'0 self self + axiom unnest_refl'0_spec : forall self : t_F'0 . [%#sops8] unnest'0 self self function postcondition_mut_unnest'0 (self : t_F'0) (args : (t_Item'0, Snapshot.snap_ty (Seq.seq t_Item'0))) (res_state : t_F'0) (res : t_B'0) : () - axiom postcondition_mut_unnest'0_spec : forall self : t_F'0, args : (t_Item'0, Snapshot.snap_ty (Seq.seq t_Item'0)), res_state : t_F'0, res : t_B'0 . ([%#sops11] postcondition_mut'0 self args res_state res) - -> ([%#sops12] unnest'0 self res_state) - - use seq.Seq - - predicate preservation'0 [#"06_map_precond.rs" 116 4 116 45] (iter : t_I'0) (func : t_F'0) = - [%#s06_map_precond23] forall s : Seq.seq t_Item'0, e1 : t_Item'0, e2 : t_Item'0, f : borrowed t_F'0, b : t_B'0, i : t_I'0 . inv'2 s - /\ inv'6 e1 /\ inv'6 e2 /\ inv'7 f /\ inv'8 b /\ inv'3 i /\ unnest'0 func f.current - -> produces'1 iter (Seq.snoc (Seq.snoc s e1) e2) i - -> precondition'0 f.current (e1, Snapshot.new s) - -> postcondition_mut'0 f.current (e1, Snapshot.new s) f.final b - -> precondition'0 f.final (e2, Snapshot.new (Seq.snoc s e1)) - - predicate reinitialize'0 [#"06_map_precond.rs" 128 4 128 29] (_1 : ()) = - [%#s06_map_precond18] forall iter : borrowed t_I'0, func : t_F'0 . inv'5 iter /\ inv'4 func - -> completed'0 iter - -> next_precondition'0 iter.final func (Seq.empty : Seq.seq t_Item'0) /\ preservation'0 iter.final func - - use prelude.prelude.Snapshot - - predicate preservation_inv'0 [#"06_map_precond.rs" 103 4 103 73] (iter : t_I'0) (func : t_F'0) (produced : Seq.seq t_Item'0) - - = - [%#s06_map_precond20] forall s : Seq.seq t_Item'0, e1 : t_Item'0, e2 : t_Item'0, f : borrowed t_F'0, b : t_B'0, i : t_I'0 [produces'1 iter (Seq.snoc (Seq.snoc s e1) e2) i, postcondition_mut'0 f.current (e1, Snapshot.new (Seq.(++) produced s)) f.final b] . inv'2 s - /\ inv'6 e1 /\ inv'6 e2 /\ inv'7 f /\ inv'8 b /\ inv'3 i /\ unnest'0 func f.current - -> produces'1 iter (Seq.snoc (Seq.snoc s e1) e2) i - -> precondition'0 f.current (e1, Snapshot.new (Seq.(++) produced s)) - -> postcondition_mut'0 f.current (e1, Snapshot.new (Seq.(++) produced s)) f.final b - -> precondition'0 f.final (e2, Snapshot.new (Seq.snoc (Seq.(++) produced s) e1)) - - axiom preservation_inv'0_spec : forall iter : t_I'0, func : t_F'0, produced : Seq.seq t_Item'0 . [%#s06_map_precond19] produced - = (Seq.empty : Seq.seq t_Item'0) -> preservation_inv'0 iter func produced = preservation'0 iter func - - predicate invariant'0 [#"06_map_precond.rs" 176 4 176 30] (self : t_Map'0) = - [%#s06_map_precond10] reinitialize'0 () - /\ preservation_inv'0 self.t_Map__iter'0 self.t_Map__func'0 (Snapshot.inner self.t_Map__produced'0) - /\ next_precondition'0 self.t_Map__iter'0 self.t_Map__func'0 (Snapshot.inner self.t_Map__produced'0) - - predicate inv'0 (_1 : t_Map'0) - - axiom inv_axiom'0 [@rewrite] : forall x : t_Map'0 [inv'0 x] . inv'0 x - = (invariant'0 x - /\ match x with - | {t_Map__iter'0 = iter ; t_Map__func'0 = func ; t_Map__produced'0 = produced} -> inv'3 iter /\ inv'4 func - end) - - use seq.Seq + axiom postcondition_mut_unnest'0_spec : forall self : t_F'0, args : (t_Item'0, Snapshot.snap_ty (Seq.seq t_Item'0)), res_state : t_F'0, res : t_B'0 . ([%#sops6] postcondition_mut'0 self args res_state res) + -> ([%#sops7] unnest'0 self res_state) use seq.Seq @@ -3312,40 +2401,31 @@ module M_06_map_precond__qyi18374305379273630819__produces_refl__refines [#"06_m use seq.Seq - predicate invariant'5 (self : borrowed t_F'0) = - [%#sboxed25] inv'7 self - - predicate inv'9 (_1 : borrowed t_F'0) - - axiom inv_axiom'5 [@rewrite] : forall x : borrowed t_F'0 [inv'9 x] . inv'9 x = invariant'5 x - - predicate invariant'1 (self : Seq.seq (borrowed t_F'0)) = - [%#sseq22] forall i : int . 0 <= i /\ i < Seq.length self -> inv'9 (Seq.get self i) + use prelude.prelude.Snapshot - predicate inv'1 (_1 : Seq.seq (borrowed t_F'0)) + use prelude.prelude.Snapshot - axiom inv_axiom'1 [@rewrite] : forall x : Seq.seq (borrowed t_F'0) [inv'1 x] . inv'1 x = invariant'1 x + use prelude.prelude.Int use seq.Seq - use prelude.prelude.Snapshot - use seq.Seq use seq.Seq - use seq.Seq + use prelude.prelude.Snapshot + + predicate precondition'0 (self : t_F'0) (args : (t_Item'0, Snapshot.snap_ty (Seq.seq t_Item'0))) use seq.Seq - predicate produces'0 [@inline:trivial] [#"06_map_precond.rs" 50 4 50 67] (self : t_Map'0) (visited : Seq.seq t_B'0) (succ : t_Map'0) + predicate produces'0 [@inline:trivial] [#"06_map_precond.rs" 43 4 43 67] (self : t_Map'0) (visited : Seq.seq t_B'0) (succ : t_Map'0) = [%#s06_map_precond1] unnest'0 self.t_Map__func'0 succ.t_Map__func'0 - /\ (exists fs : Seq.seq (borrowed t_F'0) . inv'1 fs - /\ Seq.length fs = Seq.length visited - /\ (exists s : Seq.seq t_Item'0 [produces'1 self.t_Map__iter'0 s succ.t_Map__iter'0] . inv'2 s - /\ Seq.length s = Seq.length visited + /\ (exists fs : Seq.seq (borrowed t_F'0) . Seq.length fs = Seq.length visited + /\ (exists s : Seq.seq t_Item'0 [produces'1 self.t_Map__iter'0 s succ.t_Map__iter'0] . Seq.length s + = Seq.length visited /\ produces'1 self.t_Map__iter'0 s succ.t_Map__iter'0 /\ Snapshot.inner succ.t_Map__produced'0 = Seq.(++) (Snapshot.inner self.t_Map__produced'0) s /\ (forall i : int . 1 <= i /\ i < Seq.length fs -> (Seq.get fs (i - 1)).final = (Seq.get fs i).current) @@ -3359,45 +2439,28 @@ module M_06_map_precond__qyi18374305379273630819__produces_refl__refines [#"06_m /\ precondition'0 (Seq.get fs i).current (Seq.get s i, Snapshot.new (Seq.(++) (Snapshot.inner self.t_Map__produced'0) (Seq.([..]) s 0 i))) /\ postcondition_mut'0 (Seq.get fs i).current (Seq.get s i, Snapshot.new (Seq.(++) (Snapshot.inner self.t_Map__produced'0) (Seq.([..]) s 0 i))) (Seq.get fs i).final (Seq.get visited i)))) - goal refines : [%#s06_map_precond0] forall self : t_Map'0 . inv'0 self - -> inv'0 self - /\ (forall result : () . produces'0 self (Seq.empty : Seq.seq t_B'0) self - -> produces'0 self (Seq.empty : Seq.seq t_B'0) self) + goal refines : [%#s06_map_precond0] forall self : t_Map'0 . forall result : () . produces'0 self (Seq.empty : Seq.seq t_B'0) self + -> produces'0 self (Seq.empty : Seq.seq t_B'0) self end -module M_06_map_precond__qyi18374305379273630819__produces_trans__refines [#"06_map_precond.rs" 45 4 45 90] (* as common::Iterator> *) - let%span s06_map_precond0 = "06_map_precond.rs" 45 4 45 90 - let%span s06_map_precond1 = "06_map_precond.rs" 51 8 65 9 - let%span scommon2 = "common.rs" 14 15 14 24 - let%span scommon3 = "common.rs" 15 14 15 45 - let%span scommon4 = "common.rs" 19 15 19 21 - let%span scommon5 = "common.rs" 20 15 20 21 - let%span scommon6 = "common.rs" 21 15 21 21 - let%span scommon7 = "common.rs" 22 15 22 32 - let%span scommon8 = "common.rs" 23 15 23 32 - let%span scommon9 = "common.rs" 24 14 24 42 - let%span sops10 = "../../../../creusot-contracts/src/std/ops.rs" 109 15 109 59 - let%span sops11 = "../../../../creusot-contracts/src/std/ops.rs" 110 14 110 36 - let%span sops12 = "../../../../creusot-contracts/src/std/ops.rs" 115 14 115 31 - let%span sops13 = "../../../../creusot-contracts/src/std/ops.rs" 120 15 120 29 - let%span sops14 = "../../../../creusot-contracts/src/std/ops.rs" 121 15 121 26 - let%span sops15 = "../../../../creusot-contracts/src/std/ops.rs" 122 14 122 28 - let%span sops16 = "../../../../creusot-contracts/src/std/ops.rs" 127 14 128 105 - let%span s06_map_precond17 = "06_map_precond.rs" 178 12 180 73 - let%span sseq18 = "../../../../creusot-contracts/src/logic/seq.rs" 611 20 611 95 - let%span s06_map_precond19 = "06_map_precond.rs" 130 12 134 47 - let%span s06_map_precond20 = "06_map_precond.rs" 102 14 102 81 - let%span s06_map_precond21 = "06_map_precond.rs" 105 12 111 88 - let%span s06_map_precond22 = "06_map_precond.rs" 94 12 97 63 - let%span s06_map_precond23 = "06_map_precond.rs" 118 12 123 71 - let%span sboxed24 = "../../../../creusot-contracts/src/std/boxed.rs" 28 8 28 18 - let%span sinvariant25 = "../../../../creusot-contracts/src/invariant.rs" 34 20 34 44 +module M_06_map_precond__qyi18374305379273630819__produces_trans__refines [#"06_map_precond.rs" 38 4 38 90] (* as common::Iterator> *) + let%span s06_map_precond0 = "06_map_precond.rs" 38 4 38 90 + let%span s06_map_precond1 = "06_map_precond.rs" 44 8 58 9 + let%span scommon2 = "common.rs" 14 14 14 45 + let%span scommon3 = "common.rs" 18 15 18 32 + let%span scommon4 = "common.rs" 19 15 19 32 + let%span scommon5 = "common.rs" 20 14 20 42 + let%span sops6 = "../../../../creusot-contracts/src/std/ops.rs" 109 15 109 59 + let%span sops7 = "../../../../creusot-contracts/src/std/ops.rs" 110 14 110 36 + let%span sops8 = "../../../../creusot-contracts/src/std/ops.rs" 115 14 115 31 + let%span sops9 = "../../../../creusot-contracts/src/std/ops.rs" 120 15 120 29 + let%span sops10 = "../../../../creusot-contracts/src/std/ops.rs" 121 15 121 26 + let%span sops11 = "../../../../creusot-contracts/src/std/ops.rs" 122 14 122 28 + let%span sops12 = "../../../../creusot-contracts/src/std/ops.rs" 127 14 128 105 type t_I'0 type t_F'0 - predicate inv'3 (_1 : t_I'0) - use seq.Seq use seq.Seq @@ -3408,19 +2471,15 @@ module M_06_map_precond__qyi18374305379273630819__produces_trans__refines [#"06_ predicate produces'1 [#"common.rs" 8 4 8 65] (self : t_I'0) (visited : Seq.seq t_Item'0) (o : t_I'0) - function produces_trans'1 [#"common.rs" 25 4 25 91] (a : t_I'0) (ab : Seq.seq t_Item'0) (b : t_I'0) (bc : Seq.seq t_Item'0) (c : t_I'0) : () + function produces_trans'1 [#"common.rs" 21 4 21 91] (a : t_I'0) (ab : Seq.seq t_Item'0) (b : t_I'0) (bc : Seq.seq t_Item'0) (c : t_I'0) : () - axiom produces_trans'1_spec : forall a : t_I'0, ab : Seq.seq t_Item'0, b : t_I'0, bc : Seq.seq t_Item'0, c : t_I'0 . ([%#scommon4] inv'3 a) - -> ([%#scommon5] inv'3 b) - -> ([%#scommon6] inv'3 c) - -> ([%#scommon7] produces'1 a ab b) - -> ([%#scommon8] produces'1 b bc c) -> ([%#scommon9] produces'1 a (Seq.(++) ab bc) c) + axiom produces_trans'1_spec : forall a : t_I'0, ab : Seq.seq t_Item'0, b : t_I'0, bc : Seq.seq t_Item'0, c : t_I'0 . ([%#scommon3] produces'1 a ab b) + -> ([%#scommon4] produces'1 b bc c) -> ([%#scommon5] produces'1 a (Seq.(++) ab bc) c) - function produces_refl'0 [#"common.rs" 16 4 16 27] (self : t_I'0) : () + function produces_refl'0 [#"common.rs" 15 4 15 27] (self : t_I'0) : () - axiom produces_refl'0_spec : forall self : t_I'0 . ([%#scommon2] inv'3 self) - -> ([%#scommon3] produces'1 self (Seq.empty : Seq.seq t_Item'0) self) + axiom produces_refl'0_spec : forall self : t_I'0 . [%#scommon2] produces'1 self (Seq.empty : Seq.seq t_Item'0) self use prelude.prelude.Snapshot @@ -3443,83 +2502,40 @@ module M_06_map_precond__qyi18374305379273630819__produces_trans__refines [#"06_ function fn_mut_once'0 (self : t_F'0) (args : (t_Item'0, Snapshot.snap_ty (Seq.seq t_Item'0))) (res : t_B'0) : () - axiom fn_mut_once'0_spec : forall self : t_F'0, args : (t_Item'0, Snapshot.snap_ty (Seq.seq t_Item'0)), res : t_B'0 . [%#sops16] postcondition_once'0 self args res + axiom fn_mut_once'0_spec : forall self : t_F'0, args : (t_Item'0, Snapshot.snap_ty (Seq.seq t_Item'0)), res : t_B'0 . [%#sops12] postcondition_once'0 self args res = (exists res_state : t_F'0 . postcondition_mut'0 self args res_state res /\ resolve'0 res_state) predicate unnest'0 (self : t_F'0) (_2 : t_F'0) function unnest_trans'0 (self : t_F'0) (b : t_F'0) (c : t_F'0) : () - axiom unnest_trans'0_spec : forall self : t_F'0, b : t_F'0, c : t_F'0 . ([%#sops13] unnest'0 self b) - -> ([%#sops14] unnest'0 b c) -> ([%#sops15] unnest'0 self c) + axiom unnest_trans'0_spec : forall self : t_F'0, b : t_F'0, c : t_F'0 . ([%#sops9] unnest'0 self b) + -> ([%#sops10] unnest'0 b c) -> ([%#sops11] unnest'0 self c) function unnest_refl'0 (self : t_F'0) : () - axiom unnest_refl'0_spec : forall self : t_F'0 . [%#sops12] unnest'0 self self + axiom unnest_refl'0_spec : forall self : t_F'0 . [%#sops8] unnest'0 self self function postcondition_mut_unnest'0 (self : t_F'0) (args : (t_Item'0, Snapshot.snap_ty (Seq.seq t_Item'0))) (res_state : t_F'0) (res : t_B'0) : () - axiom postcondition_mut_unnest'0_spec : forall self : t_F'0, args : (t_Item'0, Snapshot.snap_ty (Seq.seq t_Item'0)), res_state : t_F'0, res : t_B'0 . ([%#sops10] postcondition_mut'0 self args res_state res) - -> ([%#sops11] unnest'0 self res_state) - - use seq.Seq - - use prelude.prelude.Int - - use seq.Seq + axiom postcondition_mut_unnest'0_spec : forall self : t_F'0, args : (t_Item'0, Snapshot.snap_ty (Seq.seq t_Item'0)), res_state : t_F'0, res : t_B'0 . ([%#sops6] postcondition_mut'0 self args res_state res) + -> ([%#sops7] unnest'0 self res_state) use seq.Seq - predicate inv'4 (_1 : t_F'0) - - predicate invariant'6 (self : borrowed t_F'0) = - [%#sinvariant25] inv'4 self.current /\ inv'4 self.final - - predicate inv'9 (_1 : borrowed t_F'0) - - axiom inv_axiom'6 [@rewrite] : forall x : borrowed t_F'0 [inv'9 x] . inv'9 x = invariant'6 x - - predicate invariant'3 (self : borrowed t_F'0) = - [%#sboxed24] inv'9 self - - predicate inv'5 (_1 : borrowed t_F'0) - - axiom inv_axiom'3 [@rewrite] : forall x : borrowed t_F'0 [inv'5 x] . inv'5 x = invariant'3 x - - predicate invariant'1 (self : Seq.seq (borrowed t_F'0)) = - [%#sseq18] forall i : int . 0 <= i /\ i < Seq.length self -> inv'5 (Seq.get self i) - - predicate inv'1 (_1 : Seq.seq (borrowed t_F'0)) - - axiom inv_axiom'1 [@rewrite] : forall x : Seq.seq (borrowed t_F'0) [inv'1 x] . inv'1 x = invariant'1 x - use seq.Seq use seq.Seq use seq.Seq - predicate inv'8 (_1 : t_Item'0) - - predicate invariant'4 (self : t_Item'0) = - [%#sboxed24] inv'8 self - - predicate inv'6 (_1 : t_Item'0) - - axiom inv_axiom'4 [@rewrite] : forall x : t_Item'0 [inv'6 x] . inv'6 x = invariant'4 x - - predicate invariant'2 (self : Seq.seq t_Item'0) = - [%#sseq18] forall i : int . 0 <= i /\ i < Seq.length self -> inv'6 (Seq.get self i) - - predicate inv'2 (_1 : Seq.seq t_Item'0) - - axiom inv_axiom'2 [@rewrite] : forall x : Seq.seq t_Item'0 [inv'2 x] . inv'2 x = invariant'2 x - use prelude.prelude.Snapshot use prelude.prelude.Snapshot + use prelude.prelude.Int + use seq.Seq use seq.Seq @@ -3532,14 +2548,13 @@ module M_06_map_precond__qyi18374305379273630819__produces_trans__refines [#"06_ use seq.Seq - predicate produces'0 [@inline:trivial] [#"06_map_precond.rs" 50 4 50 67] (self : t_Map'0) (visited : Seq.seq t_B'0) (succ : t_Map'0) + predicate produces'0 [@inline:trivial] [#"06_map_precond.rs" 43 4 43 67] (self : t_Map'0) (visited : Seq.seq t_B'0) (succ : t_Map'0) = [%#s06_map_precond1] unnest'0 self.t_Map__func'0 succ.t_Map__func'0 - /\ (exists fs : Seq.seq (borrowed t_F'0) . inv'1 fs - /\ Seq.length fs = Seq.length visited - /\ (exists s : Seq.seq t_Item'0 [produces'1 self.t_Map__iter'0 s succ.t_Map__iter'0] . inv'2 s - /\ Seq.length s = Seq.length visited + /\ (exists fs : Seq.seq (borrowed t_F'0) . Seq.length fs = Seq.length visited + /\ (exists s : Seq.seq t_Item'0 [produces'1 self.t_Map__iter'0 s succ.t_Map__iter'0] . Seq.length s + = Seq.length visited /\ produces'1 self.t_Map__iter'0 s succ.t_Map__iter'0 /\ Snapshot.inner succ.t_Map__produced'0 = Seq.(++) (Snapshot.inner self.t_Map__produced'0) s /\ (forall i : int . 1 <= i /\ i < Seq.length fs -> (Seq.get fs (i - 1)).final = (Seq.get fs i).current) @@ -3553,72 +2568,10 @@ module M_06_map_precond__qyi18374305379273630819__produces_trans__refines [#"06_ /\ precondition'0 (Seq.get fs i).current (Seq.get s i, Snapshot.new (Seq.(++) (Snapshot.inner self.t_Map__produced'0) (Seq.([..]) s 0 i))) /\ postcondition_mut'0 (Seq.get fs i).current (Seq.get s i, Snapshot.new (Seq.(++) (Snapshot.inner self.t_Map__produced'0) (Seq.([..]) s 0 i))) (Seq.get fs i).final (Seq.get visited i)))) - predicate invariant'5 (self : borrowed t_I'0) = - [%#sinvariant25] inv'3 self.current /\ inv'3 self.final - - predicate inv'7 (_1 : borrowed t_I'0) - - axiom inv_axiom'5 [@rewrite] : forall x : borrowed t_I'0 [inv'7 x] . inv'7 x = invariant'5 x - - predicate completed'0 [#"common.rs" 11 4 11 36] (self : borrowed t_I'0) - - use seq.Seq - - predicate next_precondition'0 [#"06_map_precond.rs" 92 4 92 74] (iter : t_I'0) (func : t_F'0) (produced : Seq.seq t_Item'0) - - = - [%#s06_map_precond22] forall e : t_Item'0, i : t_I'0 [produces'1 iter (Seq.singleton e) i] . inv'8 e - /\ inv'3 i /\ produces'1 iter (Seq.singleton e) i -> precondition'0 func (e, Snapshot.new produced) - - predicate inv'10 (_1 : t_B'0) - - use seq.Seq - - predicate preservation'0 [#"06_map_precond.rs" 116 4 116 45] (iter : t_I'0) (func : t_F'0) = - [%#s06_map_precond23] forall s : Seq.seq t_Item'0, e1 : t_Item'0, e2 : t_Item'0, f : borrowed t_F'0, b : t_B'0, i : t_I'0 . inv'2 s - /\ inv'8 e1 /\ inv'8 e2 /\ inv'9 f /\ inv'10 b /\ inv'3 i /\ unnest'0 func f.current - -> produces'1 iter (Seq.snoc (Seq.snoc s e1) e2) i - -> precondition'0 f.current (e1, Snapshot.new s) - -> postcondition_mut'0 f.current (e1, Snapshot.new s) f.final b - -> precondition'0 f.final (e2, Snapshot.new (Seq.snoc s e1)) - - predicate reinitialize'0 [#"06_map_precond.rs" 128 4 128 29] (_1 : ()) = - [%#s06_map_precond19] forall iter : borrowed t_I'0, func : t_F'0 . inv'7 iter /\ inv'4 func - -> completed'0 iter - -> next_precondition'0 iter.final func (Seq.empty : Seq.seq t_Item'0) /\ preservation'0 iter.final func - - predicate preservation_inv'0 [#"06_map_precond.rs" 103 4 103 73] (iter : t_I'0) (func : t_F'0) (produced : Seq.seq t_Item'0) - - = - [%#s06_map_precond21] forall s : Seq.seq t_Item'0, e1 : t_Item'0, e2 : t_Item'0, f : borrowed t_F'0, b : t_B'0, i : t_I'0 [produces'1 iter (Seq.snoc (Seq.snoc s e1) e2) i, postcondition_mut'0 f.current (e1, Snapshot.new (Seq.(++) produced s)) f.final b] . inv'2 s - /\ inv'8 e1 /\ inv'8 e2 /\ inv'9 f /\ inv'10 b /\ inv'3 i /\ unnest'0 func f.current - -> produces'1 iter (Seq.snoc (Seq.snoc s e1) e2) i - -> precondition'0 f.current (e1, Snapshot.new (Seq.(++) produced s)) - -> postcondition_mut'0 f.current (e1, Snapshot.new (Seq.(++) produced s)) f.final b - -> precondition'0 f.final (e2, Snapshot.new (Seq.snoc (Seq.(++) produced s) e1)) - - axiom preservation_inv'0_spec : forall iter : t_I'0, func : t_F'0, produced : Seq.seq t_Item'0 . [%#s06_map_precond20] produced - = (Seq.empty : Seq.seq t_Item'0) -> preservation_inv'0 iter func produced = preservation'0 iter func - - predicate invariant'0 [#"06_map_precond.rs" 176 4 176 30] (self : t_Map'0) = - [%#s06_map_precond17] reinitialize'0 () - /\ preservation_inv'0 self.t_Map__iter'0 self.t_Map__func'0 (Snapshot.inner self.t_Map__produced'0) - /\ next_precondition'0 self.t_Map__iter'0 self.t_Map__func'0 (Snapshot.inner self.t_Map__produced'0) - - predicate inv'0 (_1 : t_Map'0) - - axiom inv_axiom'0 [@rewrite] : forall x : t_Map'0 [inv'0 x] . inv'0 x - = (invariant'0 x - /\ match x with - | {t_Map__iter'0 = iter ; t_Map__func'0 = func ; t_Map__produced'0 = produced} -> inv'3 iter /\ inv'4 func - end) - use seq.Seq goal refines : [%#s06_map_precond0] forall a : t_Map'0 . forall ab : Seq.seq t_B'0 . forall b : t_Map'0 . forall bc : Seq.seq t_B'0 . forall c : t_Map'0 . produces'0 b bc c - /\ produces'0 a ab b /\ inv'0 c /\ inv'0 b /\ inv'0 a - -> produces'0 b bc c /\ produces'0 a ab b - /\ inv'0 c - /\ inv'0 b /\ inv'0 a /\ (forall result : () . produces'0 a (Seq.(++) ab bc) c -> produces'0 a (Seq.(++) ab bc) c) + -> produces'0 b bc c + /\ produces'0 a ab b /\ (forall result : () . produces'0 a (Seq.(++) ab bc) c -> produces'0 a (Seq.(++) ab bc) c) end diff --git a/creusot/tests/should_succeed/iterators/06_map_precond.rs b/creusot/tests/should_succeed/iterators/06_map_precond.rs index a7eeb215d..771b7776e 100644 --- a/creusot/tests/should_succeed/iterators/06_map_precond.rs +++ b/creusot/tests/should_succeed/iterators/06_map_precond.rs @@ -1,10 +1,7 @@ #![feature(unboxed_closures)] extern crate creusot_contracts; -use creusot_contracts::{ - invariant::{inv, Invariant}, - *, -}; +use creusot_contracts::{invariant::Invariant, *}; mod common; use common::Iterator; @@ -30,15 +27,11 @@ impl>) -> B> Iterator fo #[law] #[open] - #[requires(inv(self))] #[ensures(self.produces(Seq::EMPTY, self))] fn produces_refl(self) {} #[law] #[open] - #[requires(inv(a))] - #[requires(inv(b))] - #[requires(inv(c))] #[requires(a.produces(ab, b))] #[requires(b.produces(bc, c))] #[ensures(a.produces(ab.concat(bc), c))] @@ -50,10 +43,10 @@ impl>) -> B> Iterator fo fn produces(self, visited: Seq, succ: Self) -> bool { pearlite! { self.func.unnest(succ.func) - && exists> inv(fs) && fs.len() == visited.len() + && exists> fs.len() == visited.len() && exists> #![trigger self.iter.produces(s, succ.iter)] - inv(s) && s.len() == visited.len() && self.iter.produces(s, succ.iter) + s.len() == visited.len() && self.iter.produces(s, succ.iter) && succ.produced.inner() == self.produced.concat(s) && (forall 1 <= i && i < fs.len() ==> ^fs[i - 1] == * fs[i]) && if visited.len() == 0 { self.func == succ.func } @@ -93,7 +86,7 @@ impl>) -> B> Map #![trigger(iter.produces(Seq::singleton(e), i))] - inv(e) && inv(i) && iter.produces(Seq::singleton(e), i) ==> + iter.produces(Seq::singleton(e), i) ==> func.precondition((e, Snapshot::new(produced))) } } @@ -104,7 +97,7 @@ impl>) -> B> Map, e1: I::Item, e2: I::Item, f: &mut F, b: B, i: I> #![trigger iter.produces(s.push_back(e1).push_back(e2), i),(*f).postcondition_mut((e1, Snapshot::new(produced.concat(s))), ^f, b)] - inv(s) && inv(e1) && inv(e2) && inv(f) && inv(b) && inv(i) && func.unnest(*f) ==> + func.unnest(*f) ==> iter.produces(s.push_back(e1).push_back(e2), i) ==> (*f).precondition((e1, Snapshot::new(produced.concat(s)))) ==> (*f).postcondition_mut((e1, Snapshot::new(produced.concat(s))), ^f, b) ==> @@ -116,7 +109,7 @@ impl>) -> B> Map bool { pearlite! { forall, e1: I::Item, e2: I::Item, f: &mut F, b: B, i: I> - inv(s) && inv(e1) && inv(e2) && inv(f) && inv(b) && inv(i) && func.unnest(*f) ==> + func.unnest(*f) ==> iter.produces(s.push_back(e1).push_back(e2), i) ==> (*f).precondition((e1, Snapshot::new(s))) ==> (*f).postcondition_mut((e1, Snapshot::new(s)), ^f, b) ==> @@ -128,7 +121,6 @@ impl>) -> B> Map bool { pearlite! { forall - inv(iter) && inv(func) ==> iter.completed() ==> Self::next_precondition(^iter, func, Seq::EMPTY) && Self::preservation(^iter, func) @@ -136,11 +128,7 @@ impl>) -> B> Map>) -> B> Map, e1: I::Item, e2: I::Item, i: I> - inv(s) && inv(e1) && inv(e2) && inv(i) ==> iter.produces(s.push_back(e1).push_back(e2), i) ==> self.iter.produces(Seq::singleton(e).concat(s).push_back(e1).push_back(e2), i) } @@ -161,7 +148,7 @@ impl>) -> B> Map #![trigger (*f).postcondition_mut((e, self.produced), ^f, visited)] - inv(f) && inv(e) && *f == self.func && ^f == succ.func + *f == self.func && ^f == succ.func && self.iter.produces(Seq::singleton(e), succ.iter) && succ.produced.inner() == self.produced.push_back(e) && (*f).precondition((e, self.produced)) @@ -182,7 +169,7 @@ impl>) -> B> Invariant f } } -#[requires(forall inv(e) && inv(i2) ==> +#[requires(forall iter.produces(Seq::singleton(e), i2) ==> func.precondition((e, Snapshot::new(Seq::EMPTY))))] #[requires(Map::::reinitialize())] @@ -199,8 +186,8 @@ pub fn identity(iter: I) { map(iter, |x, _| x); } -#[requires(forall inv(done) && done.completed() ==> forall> (^done).produces(steps, next) ==> steps == Seq::EMPTY && ^done == next)] -#[requires(forall inv(prod) && inv(fin) && iter.produces(prod, fin) ==> +#[requires(forall done.completed() ==> forall> (^done).produces(steps, next) ==> steps == Seq::EMPTY && ^done == next)] +#[requires(forall iter.produces(prod, fin) ==> forall 0 <= x && x < prod.len() ==> prod[x] <= 10u32 )] pub fn increment>(iter: U) { @@ -212,13 +199,13 @@ pub fn increment>(iter: U) { ); proof_assert! { - forall> inv(prod) && inv(fin) && i.produces(prod, fin) ==> + forall> i.produces(prod, fin) ==> forall 0 <= x && x < prod.len() ==> prod[x] <= 11u32 }; } -#[requires(forall inv(done) && done.completed() ==> forall> (^done).produces(steps, next) ==> steps == Seq::EMPTY && ^done == next)] -#[requires(forall inv(prod) && inv(fin) && iter.produces(prod, fin) ==> prod.len() <= usize::MAX@)] +#[requires(forall done.completed() ==> forall> (^done).produces(steps, next) ==> steps == Seq::EMPTY && ^done == next)] +#[requires(forall iter.produces(prod, fin) ==> prod.len() <= usize::MAX@)] pub fn counter>(iter: I) { let mut cnt = 0; map( diff --git a/creusot/tests/should_succeed/iterators/06_map_precond/why3session.xml b/creusot/tests/should_succeed/iterators/06_map_precond/why3session.xml index 7a071c785..17247e21c 100644 --- a/creusot/tests/should_succeed/iterators/06_map_precond/why3session.xml +++ b/creusot/tests/should_succeed/iterators/06_map_precond/why3session.xml @@ -2,7 +2,6 @@ - @@ -19,11 +18,7 @@ - - - - - + @@ -41,68 +36,62 @@ - + - + - - - - + - + - - + + - - + + - - + + - - + + - - + + - - + + - - + + - - + + - - - - - - - - - + + + + + + - - - - - - + + + + + + @@ -125,19 +114,19 @@ - + - + - + @@ -148,101 +137,13 @@ - + - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - + - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - + @@ -259,60 +160,54 @@ - + - + - - - - + - - - - - + + - - + + - - + + - - + + - - + + - - + + - - + + - - + + - + - - + + - + - - + + @@ -333,7 +228,7 @@ - + @@ -342,7 +237,7 @@ - + @@ -350,7 +245,7 @@ - + @@ -360,25 +255,25 @@ - + - + - + - + - + - + @@ -388,7 +283,7 @@ - + diff --git a/creusot/tests/should_succeed/iterators/06_map_precond/why3shapes.gz b/creusot/tests/should_succeed/iterators/06_map_precond/why3shapes.gz index 8c45af5aa2faac612b3c684a3a588c5b6aa05cff..e9bbcd3a8604efcb173990c014fe0e107d5652b3 100644 GIT binary patch literal 5369 zcmV@XpH`3BNUX z&JR@)&VG72zWArdaCkX9JwAN=^74+=vR1XJ_0OLtPoExrY#;0W&VG4(jK|y`SPghT zxQEGoZW;}s8fetOYmoPglgW=n4YCF`ToS86w`&4@f2MuE-<8XUBHP^(ee1tGKgY)x z`)houLD$Iazkm7kA!5^Da>HZ%o4viYhsVeGY+oM!Y(G6bv<$;LW{>ehvNagba_4k- zv>yi4evL2fe30GQPtUQRz}qvw>m}OtOkW;-*K5Y?-u{?5e29;~zWmlq^3MMFzL47A z9qjwjV(bs2o*ou>+}ZaNHhys`@0S`E`;Az#yV;y-1P`;NL0KBKqifJ*T~H(JGl^AU zUJ!N-S!;UD>Utes;`6D;LhD_>nEZUWte>wXr^n>hQ7~^BYE{#x(3w5UjIsqXHA0Oz zRl32W{oVLk1LaX8vPCK@J@@&~?%dkkejMy1xxZk{oV7>Ka>wEF@_oK?zSX^RCiF_CXZ6O-nUvizCy}&v6U=#p+9}l$ zLOWY!NA2V0vlz9x;{>*AAa!f<$i${7g=}cq45l!1BIyX7sbzDZ!U?I?&5-KmNQD_x z?F_0jxt_#l-8QIZ$1s9TX}Ex!BB<;uVZ6rNkT0#P5iY>>O2%gqYZv&8T%yg=Zd^TV zhwRXL-rklCJ=xaVTWj6e!rtCyU@r7nL2@_dt!!>jaaV9@4?Fv#JyTIhm9Dw zhl%|-w5nwfmo)1Np4-*R9`1)??38MoSTeRwBS*8HJlf>JCSxW6!thb!OvjBE#Q9C< zy4mrLhh@=^c~9K&_~~wKg#$zn7uOl1E!b)MZrlC0<+o@H4&8mx>{m^yMqHRxZhghH za`%OK<>ukUYQ$CSz4@dzYWI+Dah*6dmYoB|$-DCF?C~_{S+V+;9m|qixjQ$v8tI&C ztC7l@Y33)p=#Exjq_=tGmG|hgalqY{=wdt0X?Wm*m>VvlsYcA(PRr<~3A$-3y04ka z>oGmw-w~$ie=Vl@c}(-NW_}ja{0dCBX6ziCv-voSpSMZWB&ge=I=JW zi(WeN&!FQY6jE;3fI`Zc;e+GohSXRS`0A1WwamAvK*MH+gAw-m^t>PO4}iX?<~Kll znN5via?+pICCa+Q2~{1i#Z|zjbzsvPuxAEl9oVb1=1TIdvRHOKg>{1Tx5#4I%PA~7 zXEQ!}oI-jvg|!{h3n{EOf%KavuP#7(HEm_*NhZITu-XLaby|8xYh}+TVqHuTe|vkL zk8=NUEcqy3XHReV{(k%*w~m^cUgaF*7@xn|W*tq|?enPh;qdr%kdM2!@3W$nwBUaC zlg&>>F_QU;_s;npd-w6LbzPUE>BHk!`+TsEFS$kmK9{bPLEK;M27OqKqUn>b_Wji; z0g2Kc50Afoh%Zl%HL4o*=l=1-(_<`Mng{#cPcQbThhIu-p@uav`_sc;o<8P&HJXMU z)M)no)vmoFy!*-er;ndL#FxBPHNlD6K&0*FNn?oVZ8 z);&ExKm9F+cOU;cgc|2HZ?f-e8#rXib!C(8%DhP(&QCQ%xGB1NCH^;%oVpa7&6UjqK2Js2 zFz-tex)-;iT(`HKtq7g_TeG<*BBu(R!T6q4TLQKeSYM(sGR0+4Wup0?K5{Kiw-2rJ zq6gIX+X%efI^Xw?`mI@cok`vML|g!HsncuTRg!%kmJVDj@f*LJ6+*p7v9SnZ6q(N{ zjAdnyHiC^l8XV*{}7d>K* z{;fgXs0Q}q}M_yr58D-h2$ z@$Y+HlU022YlTxYsZ1W1(JPhDU%cN2)H8=57e)A1w(jfUczB87Y^Bmtk#oEFuBft? zQkpmQQ%SAe8rm*-8 zz}j-oa+!T|POWvmb{^ODow|PIi1g zI`$YB4@wuNJ36bKGFqJQg)`i5JlW0P=1k@>&fCovbuNK-jYdsV*_Tv#s|8uLA9v?x zKg;}$MKn$U4xeqy1-{lmU-UOCxuQSvYW-<#@7iZ>$XB&x%?Mulf^L!Ycg^~)S>HA5 zTWHpzi(7lwx|r1GS&BoD=iJvukPBZD$Ai3np>{^?lsWR6Z)wH^cm*nP;Il0*bwbL8*26`hd>W#RdH|LGtMZLL1dPOC_>&th2 z`K~Y9_2pH+hcG^6oxRa@XCD^>$kPeJVD5`&nz?6>&U2Zt%fv43@5R&I%R4-*zB;!d z{hC%aW}!p;kbZu1iEiD?X)VzAz5EB<%dWPmD?DVE3J+Odc!+)BA$Em_??z)!j;Z8g z?icH@a+d$_cz8M34~PHEss1KaHceokd|tN2BbukAkC>J+?zd8nLX@7njfm##Dk`qCuO^J3DR-&!svZPMvb>eXOcuhx~ppLP-_ zJBfXHDE8%{*z6=5?PM!_HkAC9UU#!SmwhgDao=Yu-cr1{_p>tAeOFJ?5gsF0UTW+Mn}@B`DpFJN+f+_91st9ACaj6> z?E75%IE5k%`tV$zct0*n&S2>!SAt9uxiYhpa`^&-`f!s(8(x#zkGSL+m7#LK`)EJi zyeod@=H>67;!UsPol$O7py^lq$*kXm@;LK_v((*4D{UN9Mr9t)@$;9%b3ESs6I&ly zlU~&4=_G2(MV&=m7i`9aCoETIE%se7cEjF-b)6O1<*}u2hDG~3A;0JJ>hE1}ogYph z(G2*##{}%`@fe@;YG&Y}n#8GN0Z;$sRt9MU96s$a5mqj{ey)#`P5 zm1usGb6Bo)&I7U~56BihAe(r=r9kZLzU7me?DH-~a<3q;6y#kTzE$rp&!Ysd}3M;7CP9k?q+W=Mui&}!Pzzt8%X-bmJjjGIb1IQyW zvPmGhD1}lXfQUk%LMJ8i8&&Di0K;OkjG@)2yhcGuDnucJcR}i;Zd3(qG{SmeIJZhh zE+{47!aIwRTR;w$*o~?Ljz&0RNpq(aTGGs-W6F7Blo29I6LlT|V;({!p-CmH1d~>B z=bbVvphRy7@kUjsDwGw93VDT8Ayx<#vI!tUy%2E1(Lnf-#50BI!gHWE6rz z;)XF4j2oLGK;aRs6|-=uZSwbtM~wm%6R}SJTpX05JhGTnq(4y$QF%cMdCX15v@kU zkn!NM$TS4v6p>7{0wIHnbVb+UN+!#NPDw|{c$5;IP|P~7wbm3}*%Nau6E3YpZyj*V zAPz}zrxJORGI>{+aI82~{5pUI#k3=D6dI4wMLT0U>FBpbQq$_B%=#2|GvI(U|} z(~grh(6V|X0oouCqR?8nL?$v+QgIZZeH1?Mj6k6)p(-IOAu7QuL1POhRZK}G2uetq z6bm+y7Rh@jm6vp*DkUn#D@B#UNM5B}FB9C8?5FNvI^NgxNV8yopQ& zBfPdr8iT=ln`{b(Ih8WiQyAHd;YL_+Xq{m`NdO-LDjA{x0D|C`#$eRJX^<{(hLSs> zgBFy?l3-fu?4`6EF1Z<|Ad&Y;ISq_^P8vWaDN~3{Nv`S4Fw&O1vP`L{yo>0a(9&~l zv;koYiZoUlD$OcoDy1u>=2RFD6f~M>$tl!QN0+!o@R0?XnmO}I(>fK;Lui5v#hqm) zO2MQw-Z>_NE7HFgZ6M4||uLD0ct4#xpxrFEs%Sa*R#3JExo(9Sy< zNiqnD67$-W2mydshAM-Vfy%H-msxyMQqH1I${3I=XhSN*pj=8U84XfViT!~#kpiz2 zXVGQ-mC2jvJdp925M&UTt*+TNsR$IUWu8l+O>j!0*DSc?2$S*!H~_e9eGZLIilLXp z0f=eoC`tibb7mYbq+k;%MI?v^&q(={v@|4mVi{I4g;0#I5t}G6k5T~(EUz*Ksh#5> z$;L>6D<8|G*fvom5LU~mT|}ddCoPzF*5$|(yex2JW)mr|xd4;E1ymwN`e=pK@efcW8$ekCSbBn3G>HwMwP*;HYT2_E!$ACEzbYRK`nS*^$!GNT|l~w|C1O!4>KsoND z(+nv8g$jtxNJecW#k?3pMmxiTQ3`{JHVQ_>Z-8_KBq|_P0m=4yJA-^ws1wu5P)tUG zOip_YPHMxL2fP8!Dj;(e6B~t*)~UpqPs${UDtKeiLm-_L+yJKvI99;nYG#mB#Jm$O zhm#-`>OjV6$D~OR)eUf20ngz-znU2a#y$B6jyV&Z6EYv^Cjn|~JCS9x)Yb XDcNZT!c-vi;tc)^p62Srer^B&``T_( literal 7864 zcmV;p9!KFHiwFP!00000|LuL*jvP6X;Cp_BfPK*J2o2DTW;_!rKmEPq={fIiYRNzB{r%HN*{NUq2i&RMRG2qVogNy1==83Y=1s6OLlf-GZYs=M z?LOv16WrbSANTk9vF}D5sJq#3Uj3#Hc+o+3pcfUULvgo_lj*>AC_03m()lqz{N`(e zkD^2DQ2x58{Zi*UKIxF|{O1m7Sd`t(pL%Lghx&F}N9CWs{G0#&QGER6Kf12#kZ)(C z6dm$F%UasC(wyAf;Ye@W;YjdWnzw;Yig8^#DR!+i;~mjS7@0@H-HH0$?TA8cGL?2W z{o^k^&)*Ey{xN?oH(M0-@yEkMzJKz6$xoexPD=m3e|-O%aj3vrai9OwfBNM2_xJf> zpwE{tBSL9}?K_E4)W&6h@4wEV{Utw5_*Oo9$PIzlAN;oQ(A2X0xQ|n-qrvX{AL|HT z^Zj3*{yHFe>;L$<2erH1`_GHX_&+RKM%WnR)_-0N6E{)$yj8i`ZZV{|J;JGz6ya!U z)K87Z-kpSgUiHDQf;dae3&idu-p*9q)N22f9}X=xYH!hmSd2dyRXUtbCsHUL8> z;a|^l#&OkL5{EWD#EZ}F7V>t`v36UY?1V(y`5;UZ-!_jQXTQ)!PhpWHW5D8D?!W^vY)FW;1lN8G5bjKYi*I z9(9t}>VEcUrtw=zwi4eidk!jeSt+M6UI)&u{&#aqy29#r9PAPJ@_2JlZsl<*g|Pwp z`SZo&lNuuU$5ls(0 zWIy7{c=+;oWIV!=@urtQed-r_p`Kga ztip$xuKx6?a`384tvT*+MhK=pucgEN0k6u^et+Zt==VpHS_;cyu7B|RmBbvL?Uz&S z=T>?35_89!KcDKjInc5EoW^zy^~k*RWDv(>7+2;hUR;pi3d!{QrF{7PmEz&|E7h|f zrPA*&3FQmMyj~*x{%%gjNgl5wOXaOY&jq%tM^{LhPqRcoJtR&Bn4 zSFN5SHf}R6ugq&9b)|IA$L*~yua)IwdwF$8^gMmM_Lt6R{mX`B%dFggTME?BwJasR=wwYb6m|b1V z>@Pv(`7D0C+zS?0|FkTwPqVo0=d4e%xPAePFAqdcfkI5nC0o`n$6GN0Y8Jyf94qU8a99J+uuuUe(v7a zAK%T!%^Tk%Ha~aidkHF>Wb-pOzDJ~co|d$ zQ&1I7K~>n<@p9Om;`*CvH(rd^45I?Vo)7_RIIL`KhvJW#9&F##>xQqr#7Iudk*kn zKC=Nj65C)8_wKsgoa^0!aGU%tj`&^7`CUx>E)F$f33kQrV#V(;@jFfIPMtbh7Z9D9 z%|}nnttaMQg%sK;2E$Gv7!z~%5hkPJ>ADWY6lDQo*Gh-T7wkZth%S^vEJ_D_GP+Q1 z2MgMH#EV(|)-^_D)}h7Z37Ia1{YFi7Ch?r+sl1yP}$6LA5&+kE2d> zhh{tKq(14;_E9Hx8Fd1^4W8mQR*FT6xnhw`A=su5>`EPoUbaUwOuJUP@%Q;}PhXbS zXC`pQKi+?fr;N<7X}{f?+w(x2wY?R@$b<(^cmbge)r;)sdB=tQU&Y%j-Hi%orgKy$ zZ4>{oq?*z(O*vG}tL`SE^IT8D*py(BN9Z~l*GhIYu2n59%^Hm{Pe2`wK~H^gX$D9( z>ql~TC@xGW(QH!09jPM~Pc%H(-Tb*;SvJ+d(2?EEf8U;o;kV=JfHG|CsYNnT`kF{~W(8hQv0c-={V(zTpVljJk3%TmOk|87~YYdlC)Y z!qszMxq~kpVDwO))mj}>aRY%$(Ea^i^TYn>%RW`_wElCF{--B$4x!Z=M4Svi%iVOc za|-Zllk#pMAy_4(s&BHhTCuxbxFd6k7!<=*;&2+(%ECh&>NENO3Xm`Mb7=B&=umUs z&!Lr{gO^ezMAyPBTa=|TY>zd66#=t3Nsl%D#`}ApAj5N4G=gsd7NQ>K>^>0IU*jv}F zee5L|3#;5uszFh})6?n;wo-GhYUJ@%gTEe)KDS4c z$ju!~HEj~rv`19S?W&&Ka6Nh9+etzf_p@?x`DJtYRol=D0XoWsT#d_sVc6M&lB9=@8fJoqNB5hVbN^#Jle{TXlrDr zHIio6G=BeS^5N}~Q|c9hiSs7+dzhvbd7(PLZZ zR<8o~gvp+{PS0AC+vA=;yGjSkgJ)gtd9!hqE?K|otzE6Gu9oBc>kt2R|Md3{fBpOS zZ%=>CkNd~xO5SxC@!xbvf4*R`=J@_ zwWS81CzE}2vU6T*3};Ju#OsuCKJ4VKv7r+R*X<3jhB)6YZtI1Wt-s13j|4cEk91A` z{DJP*B6fj?uC^HeH7w>?x=rDtSI})kl`SrM+L6ap>SNz8b-IY(6?Y9+;3u0_q=koc z7C(9FZto}b)@wl7jjQdw6vPpr&I`I~{}Cc_*O>tDLVi8BAgQ_Y`)*=+;mQka`Zl_e*HJ; zbrma+XY*F`#j5XyJef6C3a@U$u)denk(NIs4HKYQ$l7=37NTG$X`7bR}_MAxBo<#PHNZA*Q)ToZnNK(~%=LG1yUK~$L^~Dz^ZVmFgjQuWSzsuO$ z%GjnQJiSZ1-P-3}Og+<;#B&L#!4FqTfQg5A{28s80Q$XkzVM`E4dS#y-?^hq4JcoZrUuOL+BqEML&LUm3vjzVQF3e}}SE=g{^ zRlFwE`F9!mU50*_p))e{tT$&bPkWE{jMM4LMKAPlMlqYk=Gkg(*^oXJ?{FE|#WlZp z%6xg%=XY_ZmZr_=tQ2iDm|}v4)YtLqqIX_inabC$?>bfD_x1f}S>O2`)rAW+c`j49 z-Is~$(*_RdwJp2$qn!8c!_W?yNq0w?wL{?gX7Io|AgV%I#>O|8?dA*Zd|40CZ=zlL z*3P?@b}m{zw|#kfI81k@vzqg1Q_$a;9+)bja&;Y}9MERx7qvEgMF)Y#24&o6h=9oVZ}^Yg*l|=hE7oh@d&rq9eph zf*{4VAiz=(rZe4Xu%%e^pSzj!=ZQ}biC$7pes-uAk$J8hb@ML_@#5EzN!WhY6sg%y z)4_>P4VjI!zJnl4Nx(H}@UwsV_GMpd$$x5P8R72Kqp=hRdVLAse%zUCo*#Qb|3hq_BK7UB?N zfn$Q&!GY+#fX{UUw-!~HwXyXS@^1AWl*7^1?&iQx{m!T+&S2xcVUIMux~Wf}>Gy<$ zyTy1Fw;|_dQUvpyo88SX{`-fIy(9GD>F?k3hqfeB=G++D*SG5(p3QbV<>8^<ev^l_x zC*Q;nzkYlC@sRN&)L*kF)tHWvUK;@YK5f@Gy!NTL?OV>mSya!v5!ZFCFVnxiz5ngY zzuo?ykK!!7XT3)4&~L1VFOkhG-boikY`Gv}<$^$SL111-t1;Ft2%L67u(=>Ob3tTt zLFDuyvLmnjBxl6Y7r5lsKLfy)$A7W=wYums9?L-XOZ$W&*J*#8$TO*_D==>xhhBvp zUU9nQ$Q2UPYpBM~O{qwpsi|{rl(^1~>UGn6b8};@l2I{fDGMhg>oHPhAygz!-hTjg zKn|n>bN~*7v(7l}lw(IuI&|Q~O-@lK#Zn<>hteTB z1czck46@D90CEzMLFSwpqKd^w?K5KqXXHh!I4e#PB$BjIgO1jO2%!K3Pbf|@53AIY5SS`62EjgOpc{vbPSG#BkRaG(vFlPc0`V(BXk6ggp<}u zHf;UzxpzLF|$pnoaY=L5W zT+I9660=6oOjbfR3fO3{A>|mNG|Etqi?;8Bi_M07;24w#t0Q2H9Fi%;lo*TXc~`#^ zT>^?Ij9`ZNSqL*p)PBI;1G`C617)3hC;7%0vXS2EY&l91 zJ!ddLB_}Oa(YDt$;@!~EOvYxFHK73?q|F*aA|VtY*fgLcokpkMNw~c9MTwkCT{q*C zR7U1#6{AI=tnM*V?}-sc6SEO1dC)OMOVw>JNomc+s$eFJ=sl5&hO;tKD4)DiAgMYx zl8jBEXdfF={LXkGd!2JIsj?G#h(2opx*qNpiLrP7wSG^GlIQx)k>qtsrbt01`si7g zBw`LZPZ+%`nT#}%wGv!Jk&%V9bi)BC=E2;Q2$|W(VyzDWttps2iR67o4aGkP zmbW1!!O56vpRH!k)?1}R3MLvqoFSOH&Bi%ZL4pG*9H4c8rhy9x-dah5sv9kWR*JPK z)}vvL#y=BW7NC7LWUUq^2*VJgiYkyc$RgVEPIYGc2`+XUxe*|U*qb%N_%~D%12?DS{qlC@%gh4$YGjgExYoI0tmLQ5( zQV_>bID#o&DjQ7*Ui}2oDr%L*UrC}2Q1SuU7a_GOl#((!XTt0y{v_opdi)ybDaGnq47CGR|7bjYFwE6Ddx@H(hZw9Zq(oxjlPM#f z<{ynG`phEQEDV9oRk*W{F~}H7vZX&4uXx&jG@hk|tSxv>guyB$jl!ggk18OeAMsS; zAB|@Oqf%idf(?X#vSH!vk3mVh3$DMCjD25n)>)+YkS!C%n!z0fH>1w@WP`rx&JXsx!2z#yx{ z!AV5<>D+DnIq3pnV;?34RNkyUkM>q;;foZQLi7-1VQGt`NSIkAvPIn*n(W9eQv1Y<#k%IH+RdR;eCLXhQ9w|r(eB0z}_<>G1?>vpI{`Jz2s%z7`4%BJLc z6E8&!kW4+GP9lhqh7ekmY8D7AYekI=mNy=wBvm*hK`LqMW6Bb>#29L!k9$BOha?>m zIwWvN!lASdrEw_rHee}aje0Je5hN-Q-ewAsBaz1v26u|ALoyCYJ0#_h_(oK57doY^ zl&^lUNm^J#DaLHexc@QiPzi@@9kOxAdO(hA&@($^a>&vl*E(>>;%FSwHWnGO(jZIH zDgcxO9EyyVqDmi7kwXOztI1P1mR~k#D#e2m;8V$2fsw@*ki;Si(j4RmRLY^^S0C7@ zl#9^b7b;LlrvxVFQlu1$!NLcu603znWgRNxQ0X^8Bm}S`Vhj=kqDqn_B$ZJqQ{&?4 z1J;9s+F0Y8AV5??GAhXoQYk?;S`yY@4hbzx$~kGuC6Lu1kYZHe zm5fHJP(Gm64z(KoUX%Pl(ppW{B$is%T#0Nl>cU1OCiwvkIW*FtL5Bt$8sSh|huXXe zLI#qpPFK=N81yWo1!Zk4rNmNrF!M$o_tWfA1S^$BQ({U~k6IC+6t*S|TV)GNy=8?% WQxhbNL!(dP^#1@E!Ua7{sQ>_yzg(OE diff --git a/creusot/tests/should_succeed/iterators/07_fuse.coma b/creusot/tests/should_succeed/iterators/07_fuse.coma index 2f152f7c6..f7f90637d 100644 --- a/creusot/tests/should_succeed/iterators/07_fuse.coma +++ b/creusot/tests/should_succeed/iterators/07_fuse.coma @@ -2,22 +2,18 @@ module M_07_fuse__qyi2452592938496686347__next [#"07_fuse.rs" 39 4 39 44] (* ([%#scommon11] inv'1 b) - -> ([%#scommon12] inv'1 c) - -> ([%#scommon13] produces'1 a ab b) - -> ([%#scommon14] produces'1 b bc c) -> ([%#scommon15] produces'1 a (Seq.(++) ab bc) c) + axiom produces_trans'0_spec : forall a : t_I'0, ab : Seq.seq t_Item'0, b : t_I'0, bc : Seq.seq t_Item'0, c : t_I'0 . ([%#scommon9] produces'1 a ab b) + -> ([%#scommon10] produces'1 b bc c) -> ([%#scommon11] produces'1 a (Seq.(++) ab bc) c) - function produces_refl'0 [#"common.rs" 16 4 16 27] (self : t_I'0) : () + function produces_refl'0 [#"common.rs" 15 4 15 27] (self : t_I'0) : () - axiom produces_refl'0_spec : forall self : t_I'0 . ([%#scommon8] inv'1 self) - -> ([%#scommon9] produces'1 self (Seq.empty : Seq.seq t_Item'0) self) + axiom produces_refl'0_spec : forall self : t_I'0 . [%#scommon8] produces'1 self (Seq.empty : Seq.seq t_Item'0) self predicate invariant'0 (self : borrowed t_I'0) = - [%#sinvariant18] inv'1 self.current /\ inv'1 self.final + [%#sinvariant14] inv'1 self.current /\ inv'1 self.final predicate inv'2 (_1 : borrowed t_I'0) @@ -105,20 +97,20 @@ module M_07_fuse__qyi2452592938496686347__next [#"07_fuse.rs" 39 4 39 44] (* resolve'10 x | C_None'1 -> true end @@ -157,7 +149,7 @@ module M_07_fuse__qyi2452592938496686347__next [#"07_fuse.rs" 39 4 39 44] (* resolve'11 x | C_None'0 -> true end @@ -169,8 +161,7 @@ module M_07_fuse__qyi2452592938496686347__next [#"07_fuse.rs" 39 4 39 44] (* as common::Iterator> *) - let%span s07_fuse0 = "07_fuse.rs" 54 15 54 24 - let%span s07_fuse1 = "07_fuse.rs" 55 14 55 45 - let%span s07_fuse2 = "07_fuse.rs" 52 4 52 10 - let%span s07_fuse3 = "07_fuse.rs" 26 8 32 9 - let%span scommon4 = "common.rs" 14 15 14 24 - let%span scommon5 = "common.rs" 15 14 15 45 - let%span scommon6 = "common.rs" 19 15 19 21 - let%span scommon7 = "common.rs" 20 15 20 21 - let%span scommon8 = "common.rs" 21 15 21 21 - let%span scommon9 = "common.rs" 22 15 22 32 - let%span scommon10 = "common.rs" 23 15 23 32 - let%span scommon11 = "common.rs" 24 14 24 42 - - type t_I'0 - - type t_Option'0 = - | C_None'0 - | C_Some'0 t_I'0 - - type t_Fuse'0 = - { t_Fuse__iter'0: t_Option'0 } - - predicate inv'2 (_1 : t_I'0) - - predicate inv'1 (_1 : t_Option'0) - - axiom inv_axiom'1 [@rewrite] : forall x : t_Option'0 [inv'1 x] . inv'1 x - = match x with - | C_None'0 -> true - | C_Some'0 a_0 -> inv'2 a_0 - end - - predicate inv'0 (_1 : t_Fuse'0) - - axiom inv_axiom'0 [@rewrite] : forall x : t_Fuse'0 [inv'0 x] . inv'0 x - = match x with - | {t_Fuse__iter'0 = iter} -> inv'1 iter - end +module M_07_fuse__qyi2452592938496686347__produces_refl [#"07_fuse.rs" 55 4 55 26] (* as common::Iterator> *) + let%span s07_fuse0 = "07_fuse.rs" 54 14 54 45 + let%span s07_fuse1 = "07_fuse.rs" 52 4 52 10 + let%span s07_fuse2 = "07_fuse.rs" 26 8 32 9 + let%span scommon3 = "common.rs" 14 14 14 45 + let%span scommon4 = "common.rs" 18 15 18 32 + let%span scommon5 = "common.rs" 19 15 19 32 + let%span scommon6 = "common.rs" 20 14 20 42 use seq.Seq + type t_I'0 + use seq.Seq type t_Item'0 @@ -328,22 +290,25 @@ module M_07_fuse__qyi2452592938496686347__produces_refl [#"07_fuse.rs" 56 4 56 2 predicate produces'1 [#"common.rs" 8 4 8 65] (self : t_I'0) (visited : Seq.seq t_Item'0) (o : t_I'0) - function produces_trans'0 [#"common.rs" 25 4 25 91] (a : t_I'0) (ab : Seq.seq t_Item'0) (b : t_I'0) (bc : Seq.seq t_Item'0) (c : t_I'0) : () + function produces_trans'0 [#"common.rs" 21 4 21 91] (a : t_I'0) (ab : Seq.seq t_Item'0) (b : t_I'0) (bc : Seq.seq t_Item'0) (c : t_I'0) : () - axiom produces_trans'0_spec : forall a : t_I'0, ab : Seq.seq t_Item'0, b : t_I'0, bc : Seq.seq t_Item'0, c : t_I'0 . ([%#scommon6] inv'2 a) - -> ([%#scommon7] inv'2 b) - -> ([%#scommon8] inv'2 c) - -> ([%#scommon9] produces'1 a ab b) - -> ([%#scommon10] produces'1 b bc c) -> ([%#scommon11] produces'1 a (Seq.(++) ab bc) c) + axiom produces_trans'0_spec : forall a : t_I'0, ab : Seq.seq t_Item'0, b : t_I'0, bc : Seq.seq t_Item'0, c : t_I'0 . ([%#scommon4] produces'1 a ab b) + -> ([%#scommon5] produces'1 b bc c) -> ([%#scommon6] produces'1 a (Seq.(++) ab bc) c) - function produces_refl'1 [#"common.rs" 16 4 16 27] (self : t_I'0) : () + function produces_refl'1 [#"common.rs" 15 4 15 27] (self : t_I'0) : () - axiom produces_refl'1_spec : forall self : t_I'0 . ([%#scommon4] inv'2 self) - -> ([%#scommon5] produces'1 self (Seq.empty : Seq.seq t_Item'0) self) + axiom produces_refl'1_spec : forall self : t_I'0 . [%#scommon3] produces'1 self (Seq.empty : Seq.seq t_Item'0) self + + type t_Option'0 = + | C_None'0 + | C_Some'0 t_I'0 + + type t_Fuse'0 = + { t_Fuse__iter'0: t_Option'0 } predicate produces'0 [#"07_fuse.rs" 25 4 25 65] (self : t_Fuse'0) (prod : Seq.seq t_Item'0) (other : t_Fuse'0) = - [%#s07_fuse3] match self.t_Fuse__iter'0 with + [%#s07_fuse2] match self.t_Fuse__iter'0 with | C_None'0 -> prod = (Seq.empty : Seq.seq t_Item'0) /\ other.t_Fuse__iter'0 = self.t_Fuse__iter'0 | C_Some'0 i -> match other.t_Fuse__iter'0 with | C_Some'0 i2 -> produces'1 i prod i2 @@ -353,28 +318,20 @@ module M_07_fuse__qyi2452592938496686347__produces_refl [#"07_fuse.rs" 56 4 56 2 constant self : t_Fuse'0 - function produces_refl'0 [#"07_fuse.rs" 56 4 56 26] (self : t_Fuse'0) : () + function produces_refl'0 [#"07_fuse.rs" 55 4 55 26] (self : t_Fuse'0) : () - goal vc_produces_refl'0 : ([%#s07_fuse0] inv'0 self) - -> ([%#s07_fuse1] produces'0 self (Seq.empty : Seq.seq t_Item'0) self) + goal vc_produces_refl'0 : [%#s07_fuse0] produces'0 self (Seq.empty : Seq.seq t_Item'0) self end -module M_07_fuse__qyi2452592938496686347__produces_trans [#"07_fuse.rs" 66 4 66 90] (* as common::Iterator> *) - let%span s07_fuse0 = "07_fuse.rs" 60 15 60 21 - let%span s07_fuse1 = "07_fuse.rs" 61 15 61 21 - let%span s07_fuse2 = "07_fuse.rs" 62 15 62 21 - let%span s07_fuse3 = "07_fuse.rs" 63 15 63 32 - let%span s07_fuse4 = "07_fuse.rs" 64 15 64 32 - let%span s07_fuse5 = "07_fuse.rs" 65 14 65 42 - let%span s07_fuse6 = "07_fuse.rs" 58 4 58 10 - let%span s07_fuse7 = "07_fuse.rs" 26 8 32 9 - let%span scommon8 = "common.rs" 14 15 14 24 - let%span scommon9 = "common.rs" 15 14 15 45 - let%span scommon10 = "common.rs" 19 15 19 21 - let%span scommon11 = "common.rs" 20 15 20 21 - let%span scommon12 = "common.rs" 21 15 21 21 - let%span scommon13 = "common.rs" 22 15 22 32 - let%span scommon14 = "common.rs" 23 15 23 32 - let%span scommon15 = "common.rs" 24 14 24 42 +module M_07_fuse__qyi2452592938496686347__produces_trans [#"07_fuse.rs" 62 4 62 90] (* as common::Iterator> *) + let%span s07_fuse0 = "07_fuse.rs" 59 15 59 32 + let%span s07_fuse1 = "07_fuse.rs" 60 15 60 32 + let%span s07_fuse2 = "07_fuse.rs" 61 14 61 42 + let%span s07_fuse3 = "07_fuse.rs" 57 4 57 10 + let%span s07_fuse4 = "07_fuse.rs" 26 8 32 9 + let%span scommon5 = "common.rs" 14 14 14 45 + let%span scommon6 = "common.rs" 18 15 18 32 + let%span scommon7 = "common.rs" 19 15 19 32 + let%span scommon8 = "common.rs" 20 14 20 42 type t_I'0 @@ -385,23 +342,6 @@ module M_07_fuse__qyi2452592938496686347__produces_trans [#"07_fuse.rs" 66 4 66 type t_Fuse'0 = { t_Fuse__iter'0: t_Option'0 } - predicate inv'2 (_1 : t_I'0) - - predicate inv'1 (_1 : t_Option'0) - - axiom inv_axiom'1 [@rewrite] : forall x : t_Option'0 [inv'1 x] . inv'1 x - = match x with - | C_None'0 -> true - | C_Some'0 a_0 -> inv'2 a_0 - end - - predicate inv'0 (_1 : t_Fuse'0) - - axiom inv_axiom'0 [@rewrite] : forall x : t_Fuse'0 [inv'0 x] . inv'0 x - = match x with - | {t_Fuse__iter'0 = iter} -> inv'1 iter - end - use seq.Seq use seq.Seq @@ -412,22 +352,18 @@ module M_07_fuse__qyi2452592938496686347__produces_trans [#"07_fuse.rs" 66 4 66 predicate produces'1 [#"common.rs" 8 4 8 65] (self : t_I'0) (visited : Seq.seq t_Item'0) (o : t_I'0) - function produces_trans'1 [#"common.rs" 25 4 25 91] (a : t_I'0) (ab : Seq.seq t_Item'0) (b : t_I'0) (bc : Seq.seq t_Item'0) (c : t_I'0) : () + function produces_trans'1 [#"common.rs" 21 4 21 91] (a : t_I'0) (ab : Seq.seq t_Item'0) (b : t_I'0) (bc : Seq.seq t_Item'0) (c : t_I'0) : () - axiom produces_trans'1_spec : forall a : t_I'0, ab : Seq.seq t_Item'0, b : t_I'0, bc : Seq.seq t_Item'0, c : t_I'0 . ([%#scommon10] inv'2 a) - -> ([%#scommon11] inv'2 b) - -> ([%#scommon12] inv'2 c) - -> ([%#scommon13] produces'1 a ab b) - -> ([%#scommon14] produces'1 b bc c) -> ([%#scommon15] produces'1 a (Seq.(++) ab bc) c) + axiom produces_trans'1_spec : forall a : t_I'0, ab : Seq.seq t_Item'0, b : t_I'0, bc : Seq.seq t_Item'0, c : t_I'0 . ([%#scommon6] produces'1 a ab b) + -> ([%#scommon7] produces'1 b bc c) -> ([%#scommon8] produces'1 a (Seq.(++) ab bc) c) - function produces_refl'0 [#"common.rs" 16 4 16 27] (self : t_I'0) : () + function produces_refl'0 [#"common.rs" 15 4 15 27] (self : t_I'0) : () - axiom produces_refl'0_spec : forall self : t_I'0 . ([%#scommon8] inv'2 self) - -> ([%#scommon9] produces'1 self (Seq.empty : Seq.seq t_Item'0) self) + axiom produces_refl'0_spec : forall self : t_I'0 . [%#scommon5] produces'1 self (Seq.empty : Seq.seq t_Item'0) self predicate produces'0 [#"07_fuse.rs" 25 4 25 65] (self : t_Fuse'0) (prod : Seq.seq t_Item'0) (other : t_Fuse'0) = - [%#s07_fuse7] match self.t_Fuse__iter'0 with + [%#s07_fuse4] match self.t_Fuse__iter'0 with | C_None'0 -> prod = (Seq.empty : Seq.seq t_Item'0) /\ other.t_Fuse__iter'0 = self.t_Fuse__iter'0 | C_Some'0 i -> match other.t_Fuse__iter'0 with | C_Some'0 i2 -> produces'1 i prod i2 @@ -445,47 +381,29 @@ module M_07_fuse__qyi2452592938496686347__produces_trans [#"07_fuse.rs" 66 4 66 constant c : t_Fuse'0 - function produces_trans'0 [#"07_fuse.rs" 66 4 66 90] (a : t_Fuse'0) (ab : Seq.seq t_Item'0) (b : t_Fuse'0) (bc : Seq.seq t_Item'0) (c : t_Fuse'0) : () + function produces_trans'0 [#"07_fuse.rs" 62 4 62 90] (a : t_Fuse'0) (ab : Seq.seq t_Item'0) (b : t_Fuse'0) (bc : Seq.seq t_Item'0) (c : t_Fuse'0) : () - goal vc_produces_trans'0 : ([%#s07_fuse4] produces'0 b bc c) - -> ([%#s07_fuse3] produces'0 a ab b) - -> ([%#s07_fuse2] inv'0 c) - -> ([%#s07_fuse1] inv'0 b) -> ([%#s07_fuse0] inv'0 a) -> ([%#s07_fuse5] produces'0 a (Seq.(++) ab bc) c) + goal vc_produces_trans'0 : ([%#s07_fuse1] produces'0 b bc c) + -> ([%#s07_fuse0] produces'0 a ab b) -> ([%#s07_fuse2] produces'0 a (Seq.(++) ab bc) c) end -module M_07_fuse__qyi3347558734837599430__is_fused [#"07_fuse.rs" 91 4 91 62] (* as FusedIterator> *) - let%span s07_fuse0 = "07_fuse.rs" 85 15 85 24 - let%span s07_fuse1 = "07_fuse.rs" 86 15 86 24 - let%span s07_fuse2 = "07_fuse.rs" 87 15 87 25 - let%span s07_fuse3 = "07_fuse.rs" 88 15 88 31 - let%span s07_fuse4 = "07_fuse.rs" 89 15 89 44 - let%span s07_fuse5 = "07_fuse.rs" 90 14 90 50 - let%span s07_fuse6 = "07_fuse.rs" 83 4 83 10 - let%span s07_fuse7 = "07_fuse.rs" 18 12 19 32 - let%span s07_fuse8 = "07_fuse.rs" 26 8 32 9 - let%span s07_fuse9 = "07_fuse.rs" 54 15 54 24 - let%span s07_fuse10 = "07_fuse.rs" 55 14 55 45 - let%span s07_fuse11 = "07_fuse.rs" 52 4 52 10 - let%span s07_fuse12 = "07_fuse.rs" 60 15 60 21 - let%span s07_fuse13 = "07_fuse.rs" 61 15 61 21 - let%span s07_fuse14 = "07_fuse.rs" 62 15 62 21 - let%span s07_fuse15 = "07_fuse.rs" 63 15 63 32 - let%span s07_fuse16 = "07_fuse.rs" 64 15 64 32 - let%span s07_fuse17 = "07_fuse.rs" 65 14 65 42 - let%span s07_fuse18 = "07_fuse.rs" 58 4 58 10 - let%span scommon19 = "common.rs" 14 15 14 24 - let%span scommon20 = "common.rs" 15 14 15 45 - let%span scommon21 = "common.rs" 19 15 19 21 - let%span scommon22 = "common.rs" 20 15 20 21 - let%span scommon23 = "common.rs" 21 15 21 21 - let%span scommon24 = "common.rs" 22 15 22 32 - let%span scommon25 = "common.rs" 23 15 23 32 - let%span scommon26 = "common.rs" 24 14 24 42 - let%span sinvariant27 = "../../../../creusot-contracts/src/invariant.rs" 34 20 34 44 - let%span sseq28 = "../../../../creusot-contracts/src/logic/seq.rs" 611 20 611 95 - let%span sboxed29 = "../../../../creusot-contracts/src/std/boxed.rs" 28 8 28 18 - - use prelude.prelude.Borrow +module M_07_fuse__qyi3347558734837599430__is_fused [#"07_fuse.rs" 81 4 81 62] (* as FusedIterator> *) + let%span s07_fuse0 = "07_fuse.rs" 78 15 78 31 + let%span s07_fuse1 = "07_fuse.rs" 79 15 79 44 + let%span s07_fuse2 = "07_fuse.rs" 80 14 80 50 + let%span s07_fuse3 = "07_fuse.rs" 76 4 76 10 + let%span s07_fuse4 = "07_fuse.rs" 18 12 19 35 + let%span s07_fuse5 = "07_fuse.rs" 26 8 32 9 + let%span s07_fuse6 = "07_fuse.rs" 54 14 54 45 + let%span s07_fuse7 = "07_fuse.rs" 52 4 52 10 + let%span s07_fuse8 = "07_fuse.rs" 59 15 59 32 + let%span s07_fuse9 = "07_fuse.rs" 60 15 60 32 + let%span s07_fuse10 = "07_fuse.rs" 61 14 61 42 + let%span s07_fuse11 = "07_fuse.rs" 57 4 57 10 + let%span scommon12 = "common.rs" 14 14 14 45 + let%span scommon13 = "common.rs" 18 15 18 32 + let%span scommon14 = "common.rs" 19 15 19 32 + let%span scommon15 = "common.rs" 20 14 20 42 type t_I'0 @@ -496,30 +414,6 @@ module M_07_fuse__qyi3347558734837599430__is_fused [#"07_fuse.rs" 91 4 91 62] (* type t_Fuse'0 = { t_Fuse__iter'0: t_Option'0 } - predicate inv'5 (_1 : t_I'0) - - predicate inv'4 (_1 : t_Option'0) - - axiom inv_axiom'4 [@rewrite] : forall x : t_Option'0 [inv'4 x] . inv'4 x - = match x with - | C_None'0 -> true - | C_Some'0 a_0 -> inv'5 a_0 - end - - predicate inv'1 (_1 : t_Fuse'0) - - axiom inv_axiom'1 [@rewrite] : forall x : t_Fuse'0 [inv'1 x] . inv'1 x - = match x with - | {t_Fuse__iter'0 = iter} -> inv'4 iter - end - - predicate invariant'0 (self : borrowed (t_Fuse'0)) = - [%#sinvariant27] inv'1 self.current /\ inv'1 self.final - - predicate inv'0 (_1 : borrowed (t_Fuse'0)) - - axiom inv_axiom'0 [@rewrite] : forall x : borrowed (t_Fuse'0) [inv'0 x] . inv'0 x = invariant'0 x - use seq.Seq use seq.Seq @@ -530,44 +424,18 @@ module M_07_fuse__qyi3347558734837599430__is_fused [#"07_fuse.rs" 91 4 91 62] (* predicate produces'1 [#"common.rs" 8 4 8 65] (self : t_I'0) (visited : Seq.seq t_Item'0) (o : t_I'0) - function produces_trans'1 [#"common.rs" 25 4 25 91] (a : t_I'0) (ab : Seq.seq t_Item'0) (b : t_I'0) (bc : Seq.seq t_Item'0) (c : t_I'0) : () + function produces_trans'1 [#"common.rs" 21 4 21 91] (a : t_I'0) (ab : Seq.seq t_Item'0) (b : t_I'0) (bc : Seq.seq t_Item'0) (c : t_I'0) : () - axiom produces_trans'1_spec : forall a : t_I'0, ab : Seq.seq t_Item'0, b : t_I'0, bc : Seq.seq t_Item'0, c : t_I'0 . ([%#scommon21] inv'5 a) - -> ([%#scommon22] inv'5 b) - -> ([%#scommon23] inv'5 c) - -> ([%#scommon24] produces'1 a ab b) - -> ([%#scommon25] produces'1 b bc c) -> ([%#scommon26] produces'1 a (Seq.(++) ab bc) c) - - function produces_refl'1 [#"common.rs" 16 4 16 27] (self : t_I'0) : () - - axiom produces_refl'1_spec : forall self : t_I'0 . ([%#scommon19] inv'5 self) - -> ([%#scommon20] produces'1 self (Seq.empty : Seq.seq t_Item'0) self) - - use prelude.prelude.Int - - use seq.Seq - - use seq.Seq - - predicate inv'7 (_1 : t_Item'0) - - predicate invariant'3 (self : t_Item'0) = - [%#sboxed29] inv'7 self - - predicate inv'6 (_1 : t_Item'0) - - axiom inv_axiom'5 [@rewrite] : forall x : t_Item'0 [inv'6 x] . inv'6 x = invariant'3 x - - predicate invariant'1 (self : Seq.seq t_Item'0) = - [%#sseq28] forall i : int . 0 <= i /\ i < Seq.length self -> inv'6 (Seq.get self i) + axiom produces_trans'1_spec : forall a : t_I'0, ab : Seq.seq t_Item'0, b : t_I'0, bc : Seq.seq t_Item'0, c : t_I'0 . ([%#scommon13] produces'1 a ab b) + -> ([%#scommon14] produces'1 b bc c) -> ([%#scommon15] produces'1 a (Seq.(++) ab bc) c) - predicate inv'2 (_1 : Seq.seq t_Item'0) + function produces_refl'1 [#"common.rs" 15 4 15 27] (self : t_I'0) : () - axiom inv_axiom'2 [@rewrite] : forall x : Seq.seq t_Item'0 [inv'2 x] . inv'2 x = invariant'1 x + axiom produces_refl'1_spec : forall self : t_I'0 . [%#scommon12] produces'1 self (Seq.empty : Seq.seq t_Item'0) self predicate produces'0 [#"07_fuse.rs" 25 4 25 65] (self : t_Fuse'0) (prod : Seq.seq t_Item'0) (other : t_Fuse'0) = - [%#s07_fuse8] match self.t_Fuse__iter'0 with + [%#s07_fuse5] match self.t_Fuse__iter'0 with | C_None'0 -> prod = (Seq.empty : Seq.seq t_Item'0) /\ other.t_Fuse__iter'0 = self.t_Fuse__iter'0 | C_Some'0 i -> match other.t_Fuse__iter'0 with | C_Some'0 i2 -> produces'1 i prod i2 @@ -575,36 +443,26 @@ module M_07_fuse__qyi3347558734837599430__is_fused [#"07_fuse.rs" 91 4 91 62] (* end end - function produces_trans'0 [#"07_fuse.rs" 66 4 66 90] (a : t_Fuse'0) (ab : Seq.seq t_Item'0) (b : t_Fuse'0) (bc : Seq.seq t_Item'0) (c : t_Fuse'0) : () + function produces_trans'0 [#"07_fuse.rs" 62 4 62 90] (a : t_Fuse'0) (ab : Seq.seq t_Item'0) (b : t_Fuse'0) (bc : Seq.seq t_Item'0) (c : t_Fuse'0) : () = - [%#s07_fuse18] () - - axiom produces_trans'0_spec : forall a : t_Fuse'0, ab : Seq.seq t_Item'0, b : t_Fuse'0, bc : Seq.seq t_Item'0, c : t_Fuse'0 . ([%#s07_fuse12] inv'1 a) - -> ([%#s07_fuse13] inv'1 b) - -> ([%#s07_fuse14] inv'1 c) - -> ([%#s07_fuse15] produces'0 a ab b) - -> ([%#s07_fuse16] produces'0 b bc c) -> ([%#s07_fuse17] produces'0 a (Seq.(++) ab bc) c) - - function produces_refl'0 [#"07_fuse.rs" 56 4 56 26] (self : t_Fuse'0) : () = [%#s07_fuse11] () - axiom produces_refl'0_spec : forall self : t_Fuse'0 . ([%#s07_fuse9] inv'1 self) - -> ([%#s07_fuse10] produces'0 self (Seq.empty : Seq.seq t_Item'0) self) + axiom produces_trans'0_spec : forall a : t_Fuse'0, ab : Seq.seq t_Item'0, b : t_Fuse'0, bc : Seq.seq t_Item'0, c : t_Fuse'0 . ([%#s07_fuse8] produces'0 a ab b) + -> ([%#s07_fuse9] produces'0 b bc c) -> ([%#s07_fuse10] produces'0 a (Seq.(++) ab bc) c) - predicate invariant'2 (self : borrowed t_I'0) = - [%#sinvariant27] inv'5 self.current /\ inv'5 self.final + function produces_refl'0 [#"07_fuse.rs" 55 4 55 26] (self : t_Fuse'0) : () = + [%#s07_fuse7] () - predicate inv'3 (_1 : borrowed t_I'0) + axiom produces_refl'0_spec : forall self : t_Fuse'0 . [%#s07_fuse6] produces'0 self (Seq.empty : Seq.seq t_Item'0) self - axiom inv_axiom'3 [@rewrite] : forall x : borrowed t_I'0 [inv'3 x] . inv'3 x = invariant'2 x + use prelude.prelude.Borrow predicate completed'1 [#"common.rs" 11 4 11 36] (self : borrowed t_I'0) predicate completed'0 [#"07_fuse.rs" 16 4 16 35] (self : borrowed (t_Fuse'0)) = - [%#s07_fuse7] ((self.current).t_Fuse__iter'0 = C_None'0 - \/ (exists it : borrowed t_I'0 . inv'3 it - /\ completed'1 it /\ (self.current).t_Fuse__iter'0 = C_Some'0 (it.current))) + [%#s07_fuse4] ((self.current).t_Fuse__iter'0 = C_None'0 + \/ (exists it : borrowed t_I'0 . completed'1 it /\ (self.current).t_Fuse__iter'0 = C_Some'0 (it.current))) /\ (self.final).t_Fuse__iter'0 = C_None'0 constant self : borrowed (t_Fuse'0) @@ -613,26 +471,19 @@ module M_07_fuse__qyi3347558734837599430__is_fused [#"07_fuse.rs" 91 4 91 62] (* constant next : t_Fuse'0 - function is_fused'0 [#"07_fuse.rs" 91 4 91 62] (self : borrowed (t_Fuse'0)) (steps : Seq.seq t_Item'0) (next : t_Fuse'0) : () + function is_fused'0 [#"07_fuse.rs" 81 4 81 62] (self : borrowed (t_Fuse'0)) (steps : Seq.seq t_Item'0) (next : t_Fuse'0) : () - goal vc_is_fused'0 : ([%#s07_fuse4] produces'0 self.final steps next) - -> ([%#s07_fuse3] completed'0 self) - -> ([%#s07_fuse2] inv'2 steps) - -> ([%#s07_fuse1] inv'1 next) - -> ([%#s07_fuse0] inv'0 self) -> ([%#s07_fuse5] steps = (Seq.empty : Seq.seq t_Item'0) /\ self.final = next) + goal vc_is_fused'0 : ([%#s07_fuse1] produces'0 self.final steps next) + -> ([%#s07_fuse0] completed'0 self) -> ([%#s07_fuse2] steps = (Seq.empty : Seq.seq t_Item'0) /\ self.final = next) end -module M_07_fuse__qyi2452592938496686347__produces_trans__refines [#"07_fuse.rs" 66 4 66 90] (* as common::Iterator> *) - let%span s07_fuse0 = "07_fuse.rs" 66 4 66 90 +module M_07_fuse__qyi2452592938496686347__produces_trans__refines [#"07_fuse.rs" 62 4 62 90] (* as common::Iterator> *) + let%span s07_fuse0 = "07_fuse.rs" 62 4 62 90 let%span s07_fuse1 = "07_fuse.rs" 26 8 32 9 - let%span scommon2 = "common.rs" 14 15 14 24 - let%span scommon3 = "common.rs" 15 14 15 45 - let%span scommon4 = "common.rs" 19 15 19 21 - let%span scommon5 = "common.rs" 20 15 20 21 - let%span scommon6 = "common.rs" 21 15 21 21 - let%span scommon7 = "common.rs" 22 15 22 32 - let%span scommon8 = "common.rs" 23 15 23 32 - let%span scommon9 = "common.rs" 24 14 24 42 + let%span scommon2 = "common.rs" 14 14 14 45 + let%span scommon3 = "common.rs" 18 15 18 32 + let%span scommon4 = "common.rs" 19 15 19 32 + let%span scommon5 = "common.rs" 20 14 20 42 type t_I'0 @@ -643,8 +494,6 @@ module M_07_fuse__qyi2452592938496686347__produces_trans__refines [#"07_fuse.rs" type t_Fuse'0 = { t_Fuse__iter'0: t_Option'0 } - predicate inv'1 (_1 : t_I'0) - use seq.Seq use seq.Seq @@ -655,19 +504,15 @@ module M_07_fuse__qyi2452592938496686347__produces_trans__refines [#"07_fuse.rs" predicate produces'1 [#"common.rs" 8 4 8 65] (self : t_I'0) (visited : Seq.seq t_Item'0) (o : t_I'0) - function produces_trans'1 [#"common.rs" 25 4 25 91] (a : t_I'0) (ab : Seq.seq t_Item'0) (b : t_I'0) (bc : Seq.seq t_Item'0) (c : t_I'0) : () + function produces_trans'1 [#"common.rs" 21 4 21 91] (a : t_I'0) (ab : Seq.seq t_Item'0) (b : t_I'0) (bc : Seq.seq t_Item'0) (c : t_I'0) : () - axiom produces_trans'1_spec : forall a : t_I'0, ab : Seq.seq t_Item'0, b : t_I'0, bc : Seq.seq t_Item'0, c : t_I'0 . ([%#scommon4] inv'1 a) - -> ([%#scommon5] inv'1 b) - -> ([%#scommon6] inv'1 c) - -> ([%#scommon7] produces'1 a ab b) - -> ([%#scommon8] produces'1 b bc c) -> ([%#scommon9] produces'1 a (Seq.(++) ab bc) c) + axiom produces_trans'1_spec : forall a : t_I'0, ab : Seq.seq t_Item'0, b : t_I'0, bc : Seq.seq t_Item'0, c : t_I'0 . ([%#scommon3] produces'1 a ab b) + -> ([%#scommon4] produces'1 b bc c) -> ([%#scommon5] produces'1 a (Seq.(++) ab bc) c) - function produces_refl'0 [#"common.rs" 16 4 16 27] (self : t_I'0) : () + function produces_refl'0 [#"common.rs" 15 4 15 27] (self : t_I'0) : () - axiom produces_refl'0_spec : forall self : t_I'0 . ([%#scommon2] inv'1 self) - -> ([%#scommon3] produces'1 self (Seq.empty : Seq.seq t_Item'0) self) + axiom produces_refl'0_spec : forall self : t_I'0 . [%#scommon2] produces'1 self (Seq.empty : Seq.seq t_Item'0) self predicate produces'0 [#"07_fuse.rs" 25 4 25 65] (self : t_Fuse'0) (prod : Seq.seq t_Item'0) (other : t_Fuse'0) = [%#s07_fuse1] match self.t_Fuse__iter'0 with @@ -678,39 +523,18 @@ module M_07_fuse__qyi2452592938496686347__produces_trans__refines [#"07_fuse.rs" end end - predicate inv'2 (_1 : t_Option'0) - - axiom inv_axiom'1 [@rewrite] : forall x : t_Option'0 [inv'2 x] . inv'2 x - = match x with - | C_None'0 -> true - | C_Some'0 a_0 -> inv'1 a_0 - end - - predicate inv'0 (_1 : t_Fuse'0) - - axiom inv_axiom'0 [@rewrite] : forall x : t_Fuse'0 [inv'0 x] . inv'0 x - = match x with - | {t_Fuse__iter'0 = iter} -> inv'2 iter - end - goal refines : [%#s07_fuse0] forall a : t_Fuse'0 . forall ab : Seq.seq t_Item'0 . forall b : t_Fuse'0 . forall bc : Seq.seq t_Item'0 . forall c : t_Fuse'0 . produces'0 b bc c - /\ produces'0 a ab b /\ inv'0 c /\ inv'0 b /\ inv'0 a - -> produces'0 b bc c /\ produces'0 a ab b - /\ inv'0 c - /\ inv'0 b /\ inv'0 a /\ (forall result : () . produces'0 a (Seq.(++) ab bc) c -> produces'0 a (Seq.(++) ab bc) c) + -> produces'0 b bc c + /\ produces'0 a ab b /\ (forall result : () . produces'0 a (Seq.(++) ab bc) c -> produces'0 a (Seq.(++) ab bc) c) end -module M_07_fuse__qyi2452592938496686347__produces_refl__refines [#"07_fuse.rs" 56 4 56 26] (* as common::Iterator> *) - let%span s07_fuse0 = "07_fuse.rs" 56 4 56 26 +module M_07_fuse__qyi2452592938496686347__produces_refl__refines [#"07_fuse.rs" 55 4 55 26] (* as common::Iterator> *) + let%span s07_fuse0 = "07_fuse.rs" 55 4 55 26 let%span s07_fuse1 = "07_fuse.rs" 26 8 32 9 - let%span scommon2 = "common.rs" 14 15 14 24 - let%span scommon3 = "common.rs" 15 14 15 45 - let%span scommon4 = "common.rs" 19 15 19 21 - let%span scommon5 = "common.rs" 20 15 20 21 - let%span scommon6 = "common.rs" 21 15 21 21 - let%span scommon7 = "common.rs" 22 15 22 32 - let%span scommon8 = "common.rs" 23 15 23 32 - let%span scommon9 = "common.rs" 24 14 24 42 + let%span scommon2 = "common.rs" 14 14 14 45 + let%span scommon3 = "common.rs" 18 15 18 32 + let%span scommon4 = "common.rs" 19 15 19 32 + let%span scommon5 = "common.rs" 20 14 20 42 type t_I'0 @@ -721,23 +545,6 @@ module M_07_fuse__qyi2452592938496686347__produces_refl__refines [#"07_fuse.rs" type t_Fuse'0 = { t_Fuse__iter'0: t_Option'0 } - predicate inv'2 (_1 : t_I'0) - - predicate inv'1 (_1 : t_Option'0) - - axiom inv_axiom'1 [@rewrite] : forall x : t_Option'0 [inv'1 x] . inv'1 x - = match x with - | C_None'0 -> true - | C_Some'0 a_0 -> inv'2 a_0 - end - - predicate inv'0 (_1 : t_Fuse'0) - - axiom inv_axiom'0 [@rewrite] : forall x : t_Fuse'0 [inv'0 x] . inv'0 x - = match x with - | {t_Fuse__iter'0 = iter} -> inv'1 iter - end - use seq.Seq use seq.Seq @@ -748,19 +555,15 @@ module M_07_fuse__qyi2452592938496686347__produces_refl__refines [#"07_fuse.rs" predicate produces'1 [#"common.rs" 8 4 8 65] (self : t_I'0) (visited : Seq.seq t_Item'0) (o : t_I'0) - function produces_trans'0 [#"common.rs" 25 4 25 91] (a : t_I'0) (ab : Seq.seq t_Item'0) (b : t_I'0) (bc : Seq.seq t_Item'0) (c : t_I'0) : () + function produces_trans'0 [#"common.rs" 21 4 21 91] (a : t_I'0) (ab : Seq.seq t_Item'0) (b : t_I'0) (bc : Seq.seq t_Item'0) (c : t_I'0) : () - axiom produces_trans'0_spec : forall a : t_I'0, ab : Seq.seq t_Item'0, b : t_I'0, bc : Seq.seq t_Item'0, c : t_I'0 . ([%#scommon4] inv'2 a) - -> ([%#scommon5] inv'2 b) - -> ([%#scommon6] inv'2 c) - -> ([%#scommon7] produces'1 a ab b) - -> ([%#scommon8] produces'1 b bc c) -> ([%#scommon9] produces'1 a (Seq.(++) ab bc) c) + axiom produces_trans'0_spec : forall a : t_I'0, ab : Seq.seq t_Item'0, b : t_I'0, bc : Seq.seq t_Item'0, c : t_I'0 . ([%#scommon3] produces'1 a ab b) + -> ([%#scommon4] produces'1 b bc c) -> ([%#scommon5] produces'1 a (Seq.(++) ab bc) c) - function produces_refl'1 [#"common.rs" 16 4 16 27] (self : t_I'0) : () + function produces_refl'1 [#"common.rs" 15 4 15 27] (self : t_I'0) : () - axiom produces_refl'1_spec : forall self : t_I'0 . ([%#scommon2] inv'2 self) - -> ([%#scommon3] produces'1 self (Seq.empty : Seq.seq t_Item'0) self) + axiom produces_refl'1_spec : forall self : t_I'0 . [%#scommon2] produces'1 self (Seq.empty : Seq.seq t_Item'0) self predicate produces'0 [#"07_fuse.rs" 25 4 25 65] (self : t_Fuse'0) (prod : Seq.seq t_Item'0) (other : t_Fuse'0) = [%#s07_fuse1] match self.t_Fuse__iter'0 with @@ -771,24 +574,18 @@ module M_07_fuse__qyi2452592938496686347__produces_refl__refines [#"07_fuse.rs" end end - goal refines : [%#s07_fuse0] forall self : t_Fuse'0 . inv'0 self - -> inv'0 self - /\ (forall result : () . produces'0 self (Seq.empty : Seq.seq t_Item'0) self - -> produces'0 self (Seq.empty : Seq.seq t_Item'0) self) + goal refines : [%#s07_fuse0] forall self : t_Fuse'0 . forall result : () . produces'0 self (Seq.empty : Seq.seq t_Item'0) self + -> produces'0 self (Seq.empty : Seq.seq t_Item'0) self end module M_07_fuse__qyi2452592938496686347__next__refines [#"07_fuse.rs" 39 4 39 44] (* as common::Iterator> *) let%span s07_fuse0 = "07_fuse.rs" 39 4 39 44 - let%span s07_fuse1 = "07_fuse.rs" 18 12 19 32 + let%span s07_fuse1 = "07_fuse.rs" 18 12 19 35 let%span s07_fuse2 = "07_fuse.rs" 26 8 32 9 let%span sinvariant3 = "../../../../creusot-contracts/src/invariant.rs" 34 20 34 44 - let%span scommon4 = "common.rs" 14 15 14 24 - let%span scommon5 = "common.rs" 15 14 15 45 - let%span scommon6 = "common.rs" 19 15 19 21 - let%span scommon7 = "common.rs" 20 15 20 21 - let%span scommon8 = "common.rs" 21 15 21 21 - let%span scommon9 = "common.rs" 22 15 22 32 - let%span scommon10 = "common.rs" 23 15 23 32 - let%span scommon11 = "common.rs" 24 14 24 42 + let%span scommon4 = "common.rs" 14 14 14 45 + let%span scommon5 = "common.rs" 18 15 18 32 + let%span scommon6 = "common.rs" 19 15 19 32 + let%span scommon7 = "common.rs" 20 14 20 42 use prelude.prelude.Borrow @@ -803,23 +600,23 @@ module M_07_fuse__qyi2452592938496686347__next__refines [#"07_fuse.rs" 39 4 39 4 predicate inv'5 (_1 : t_I'0) - predicate inv'6 (_1 : t_Option'1) + predicate inv'4 (_1 : t_Option'1) - axiom inv_axiom'4 [@rewrite] : forall x : t_Option'1 [inv'6 x] . inv'6 x + axiom inv_axiom'3 [@rewrite] : forall x : t_Option'1 [inv'4 x] . inv'4 x = match x with | C_None'1 -> true | C_Some'1 a_0 -> inv'5 a_0 end - predicate inv'4 (_1 : t_Fuse'0) + predicate inv'3 (_1 : t_Fuse'0) - axiom inv_axiom'3 [@rewrite] : forall x : t_Fuse'0 [inv'4 x] . inv'4 x + axiom inv_axiom'2 [@rewrite] : forall x : t_Fuse'0 [inv'3 x] . inv'3 x = match x with - | {t_Fuse__iter'0 = iter} -> inv'6 iter + | {t_Fuse__iter'0 = iter} -> inv'4 iter end predicate invariant'0 (self : borrowed (t_Fuse'0)) = - [%#sinvariant3] inv'4 self.current /\ inv'4 self.final + [%#sinvariant3] inv'3 self.current /\ inv'3 self.final predicate inv'0 (_1 : borrowed (t_Fuse'0)) @@ -835,37 +632,25 @@ module M_07_fuse__qyi2452592938496686347__next__refines [#"07_fuse.rs" 39 4 39 4 predicate produces'1 [#"common.rs" 8 4 8 65] (self : t_I'0) (visited : Seq.seq t_Item'0) (o : t_I'0) - function produces_trans'0 [#"common.rs" 25 4 25 91] (a : t_I'0) (ab : Seq.seq t_Item'0) (b : t_I'0) (bc : Seq.seq t_Item'0) (c : t_I'0) : () + function produces_trans'0 [#"common.rs" 21 4 21 91] (a : t_I'0) (ab : Seq.seq t_Item'0) (b : t_I'0) (bc : Seq.seq t_Item'0) (c : t_I'0) : () - axiom produces_trans'0_spec : forall a : t_I'0, ab : Seq.seq t_Item'0, b : t_I'0, bc : Seq.seq t_Item'0, c : t_I'0 . ([%#scommon6] inv'5 a) - -> ([%#scommon7] inv'5 b) - -> ([%#scommon8] inv'5 c) - -> ([%#scommon9] produces'1 a ab b) - -> ([%#scommon10] produces'1 b bc c) -> ([%#scommon11] produces'1 a (Seq.(++) ab bc) c) + axiom produces_trans'0_spec : forall a : t_I'0, ab : Seq.seq t_Item'0, b : t_I'0, bc : Seq.seq t_Item'0, c : t_I'0 . ([%#scommon5] produces'1 a ab b) + -> ([%#scommon6] produces'1 b bc c) -> ([%#scommon7] produces'1 a (Seq.(++) ab bc) c) - function produces_refl'0 [#"common.rs" 16 4 16 27] (self : t_I'0) : () + function produces_refl'0 [#"common.rs" 15 4 15 27] (self : t_I'0) : () - axiom produces_refl'0_spec : forall self : t_I'0 . ([%#scommon4] inv'5 self) - -> ([%#scommon5] produces'1 self (Seq.empty : Seq.seq t_Item'0) self) + axiom produces_refl'0_spec : forall self : t_I'0 . [%#scommon4] produces'1 self (Seq.empty : Seq.seq t_Item'0) self type t_Option'0 = | C_None'0 | C_Some'0 t_Item'0 - predicate invariant'1 (self : borrowed t_I'0) = - [%#sinvariant3] inv'5 self.current /\ inv'5 self.final - - predicate inv'2 (_1 : borrowed t_I'0) - - axiom inv_axiom'2 [@rewrite] : forall x : borrowed t_I'0 [inv'2 x] . inv'2 x = invariant'1 x - predicate completed'1 [#"common.rs" 11 4 11 36] (self : borrowed t_I'0) predicate completed'0 [#"07_fuse.rs" 16 4 16 35] (self : borrowed (t_Fuse'0)) = [%#s07_fuse1] ((self.current).t_Fuse__iter'0 = C_None'1 - \/ (exists it : borrowed t_I'0 . inv'2 it - /\ completed'1 it /\ (self.current).t_Fuse__iter'0 = C_Some'1 (it.current))) + \/ (exists it : borrowed t_I'0 . completed'1 it /\ (self.current).t_Fuse__iter'0 = C_Some'1 (it.current))) /\ (self.final).t_Fuse__iter'0 = C_None'1 use seq.Seq @@ -879,14 +664,14 @@ module M_07_fuse__qyi2452592938496686347__next__refines [#"07_fuse.rs" 39 4 39 4 end end - predicate inv'3 (_1 : t_Item'0) + predicate inv'2 (_1 : t_Item'0) predicate inv'1 (_1 : t_Option'0) axiom inv_axiom'1 [@rewrite] : forall x : t_Option'0 [inv'1 x] . inv'1 x = match x with | C_None'0 -> true - | C_Some'0 a_0 -> inv'3 a_0 + | C_Some'0 a_0 -> inv'2 a_0 end goal refines : [%#s07_fuse0] forall self : borrowed (t_Fuse'0) . inv'0 self @@ -902,31 +687,20 @@ module M_07_fuse__qyi2452592938496686347__next__refines [#"07_fuse.rs" 39 4 39 4 end /\ inv'1 result) end -module M_07_fuse__qyi3347558734837599430__is_fused__refines [#"07_fuse.rs" 91 4 91 62] (* as FusedIterator> *) - let%span s07_fuse0 = "07_fuse.rs" 91 4 91 62 +module M_07_fuse__qyi3347558734837599430__is_fused__refines [#"07_fuse.rs" 81 4 81 62] (* as FusedIterator> *) + let%span s07_fuse0 = "07_fuse.rs" 81 4 81 62 let%span s07_fuse1 = "07_fuse.rs" 26 8 32 9 - let%span s07_fuse2 = "07_fuse.rs" 18 12 19 32 - let%span scommon3 = "common.rs" 14 15 14 24 - let%span scommon4 = "common.rs" 15 14 15 45 - let%span scommon5 = "common.rs" 19 15 19 21 - let%span scommon6 = "common.rs" 20 15 20 21 - let%span scommon7 = "common.rs" 21 15 21 21 - let%span scommon8 = "common.rs" 22 15 22 32 - let%span scommon9 = "common.rs" 23 15 23 32 - let%span scommon10 = "common.rs" 24 14 24 42 - let%span s07_fuse11 = "07_fuse.rs" 54 15 54 24 - let%span s07_fuse12 = "07_fuse.rs" 55 14 55 45 - let%span s07_fuse13 = "07_fuse.rs" 52 4 52 10 - let%span s07_fuse14 = "07_fuse.rs" 60 15 60 21 - let%span s07_fuse15 = "07_fuse.rs" 61 15 61 21 - let%span s07_fuse16 = "07_fuse.rs" 62 15 62 21 - let%span s07_fuse17 = "07_fuse.rs" 63 15 63 32 - let%span s07_fuse18 = "07_fuse.rs" 64 15 64 32 - let%span s07_fuse19 = "07_fuse.rs" 65 14 65 42 - let%span s07_fuse20 = "07_fuse.rs" 58 4 58 10 - let%span sseq21 = "../../../../creusot-contracts/src/logic/seq.rs" 611 20 611 95 - let%span sinvariant22 = "../../../../creusot-contracts/src/invariant.rs" 34 20 34 44 - let%span sboxed23 = "../../../../creusot-contracts/src/std/boxed.rs" 28 8 28 18 + let%span s07_fuse2 = "07_fuse.rs" 18 12 19 35 + let%span scommon3 = "common.rs" 14 14 14 45 + let%span scommon4 = "common.rs" 18 15 18 32 + let%span scommon5 = "common.rs" 19 15 19 32 + let%span scommon6 = "common.rs" 20 14 20 42 + let%span s07_fuse7 = "07_fuse.rs" 54 14 54 45 + let%span s07_fuse8 = "07_fuse.rs" 52 4 52 10 + let%span s07_fuse9 = "07_fuse.rs" 59 15 59 32 + let%span s07_fuse10 = "07_fuse.rs" 60 15 60 32 + let%span s07_fuse11 = "07_fuse.rs" 61 14 61 42 + let%span s07_fuse12 = "07_fuse.rs" 57 4 57 10 use prelude.prelude.Borrow @@ -939,8 +713,6 @@ module M_07_fuse__qyi3347558734837599430__is_fused__refines [#"07_fuse.rs" 91 4 type t_Fuse'0 = { t_Fuse__iter'0: t_Option'0 } - predicate inv'4 (_1 : t_I'0) - use seq.Seq use seq.Seq @@ -951,34 +723,15 @@ module M_07_fuse__qyi3347558734837599430__is_fused__refines [#"07_fuse.rs" 91 4 predicate produces'1 [#"common.rs" 8 4 8 65] (self : t_I'0) (visited : Seq.seq t_Item'0) (o : t_I'0) - function produces_trans'0 [#"common.rs" 25 4 25 91] (a : t_I'0) (ab : Seq.seq t_Item'0) (b : t_I'0) (bc : Seq.seq t_Item'0) (c : t_I'0) : () + function produces_trans'0 [#"common.rs" 21 4 21 91] (a : t_I'0) (ab : Seq.seq t_Item'0) (b : t_I'0) (bc : Seq.seq t_Item'0) (c : t_I'0) : () - axiom produces_trans'0_spec : forall a : t_I'0, ab : Seq.seq t_Item'0, b : t_I'0, bc : Seq.seq t_Item'0, c : t_I'0 . ([%#scommon5] inv'4 a) - -> ([%#scommon6] inv'4 b) - -> ([%#scommon7] inv'4 c) - -> ([%#scommon8] produces'1 a ab b) - -> ([%#scommon9] produces'1 b bc c) -> ([%#scommon10] produces'1 a (Seq.(++) ab bc) c) - - function produces_refl'0 [#"common.rs" 16 4 16 27] (self : t_I'0) : () + axiom produces_trans'0_spec : forall a : t_I'0, ab : Seq.seq t_Item'0, b : t_I'0, bc : Seq.seq t_Item'0, c : t_I'0 . ([%#scommon4] produces'1 a ab b) + -> ([%#scommon5] produces'1 b bc c) -> ([%#scommon6] produces'1 a (Seq.(++) ab bc) c) - axiom produces_refl'0_spec : forall self : t_I'0 . ([%#scommon3] inv'4 self) - -> ([%#scommon4] produces'1 self (Seq.empty : Seq.seq t_Item'0) self) + function produces_refl'0 [#"common.rs" 15 4 15 27] (self : t_I'0) : () - predicate inv'5 (_1 : t_Option'0) - - axiom inv_axiom'4 [@rewrite] : forall x : t_Option'0 [inv'5 x] . inv'5 x - = match x with - | C_None'0 -> true - | C_Some'0 a_0 -> inv'4 a_0 - end - - predicate inv'1 (_1 : t_Fuse'0) - - axiom inv_axiom'1 [@rewrite] : forall x : t_Fuse'0 [inv'1 x] . inv'1 x - = match x with - | {t_Fuse__iter'0 = iter} -> inv'5 iter - end + axiom produces_refl'0_spec : forall self : t_I'0 . [%#scommon3] produces'1 self (Seq.empty : Seq.seq t_Item'0) self predicate produces'0 [#"07_fuse.rs" 25 4 25 65] (self : t_Fuse'0) (prod : Seq.seq t_Item'0) (other : t_Fuse'0) = [%#s07_fuse1] match self.t_Fuse__iter'0 with @@ -989,74 +742,30 @@ module M_07_fuse__qyi3347558734837599430__is_fused__refines [#"07_fuse.rs" 91 4 end end - function produces_trans'1 [#"07_fuse.rs" 66 4 66 90] (a : t_Fuse'0) (ab : Seq.seq t_Item'0) (b : t_Fuse'0) (bc : Seq.seq t_Item'0) (c : t_Fuse'0) : () + function produces_trans'1 [#"07_fuse.rs" 62 4 62 90] (a : t_Fuse'0) (ab : Seq.seq t_Item'0) (b : t_Fuse'0) (bc : Seq.seq t_Item'0) (c : t_Fuse'0) : () = - [%#s07_fuse20] () - - axiom produces_trans'1_spec : forall a : t_Fuse'0, ab : Seq.seq t_Item'0, b : t_Fuse'0, bc : Seq.seq t_Item'0, c : t_Fuse'0 . ([%#s07_fuse14] inv'1 a) - -> ([%#s07_fuse15] inv'1 b) - -> ([%#s07_fuse16] inv'1 c) - -> ([%#s07_fuse17] produces'0 a ab b) - -> ([%#s07_fuse18] produces'0 b bc c) -> ([%#s07_fuse19] produces'0 a (Seq.(++) ab bc) c) + [%#s07_fuse12] () - function produces_refl'1 [#"07_fuse.rs" 56 4 56 26] (self : t_Fuse'0) : () = - [%#s07_fuse13] () + axiom produces_trans'1_spec : forall a : t_Fuse'0, ab : Seq.seq t_Item'0, b : t_Fuse'0, bc : Seq.seq t_Item'0, c : t_Fuse'0 . ([%#s07_fuse9] produces'0 a ab b) + -> ([%#s07_fuse10] produces'0 b bc c) -> ([%#s07_fuse11] produces'0 a (Seq.(++) ab bc) c) - axiom produces_refl'1_spec : forall self : t_Fuse'0 . ([%#s07_fuse11] inv'1 self) - -> ([%#s07_fuse12] produces'0 self (Seq.empty : Seq.seq t_Item'0) self) + function produces_refl'1 [#"07_fuse.rs" 55 4 55 26] (self : t_Fuse'0) : () = + [%#s07_fuse8] () - predicate invariant'2 (self : borrowed t_I'0) = - [%#sinvariant22] inv'4 self.current /\ inv'4 self.final - - predicate inv'3 (_1 : borrowed t_I'0) - - axiom inv_axiom'3 [@rewrite] : forall x : borrowed t_I'0 [inv'3 x] . inv'3 x = invariant'2 x + axiom produces_refl'1_spec : forall self : t_Fuse'0 . [%#s07_fuse7] produces'0 self (Seq.empty : Seq.seq t_Item'0) self predicate completed'1 [#"common.rs" 11 4 11 36] (self : borrowed t_I'0) predicate completed'0 [#"07_fuse.rs" 16 4 16 35] (self : borrowed (t_Fuse'0)) = [%#s07_fuse2] ((self.current).t_Fuse__iter'0 = C_None'0 - \/ (exists it : borrowed t_I'0 . inv'3 it - /\ completed'1 it /\ (self.current).t_Fuse__iter'0 = C_Some'0 (it.current))) + \/ (exists it : borrowed t_I'0 . completed'1 it /\ (self.current).t_Fuse__iter'0 = C_Some'0 (it.current))) /\ (self.final).t_Fuse__iter'0 = C_None'0 - use prelude.prelude.Int - - use seq.Seq - - use seq.Seq - - predicate inv'7 (_1 : t_Item'0) - - predicate invariant'3 (self : t_Item'0) = - [%#sboxed23] inv'7 self - - predicate inv'6 (_1 : t_Item'0) - - axiom inv_axiom'5 [@rewrite] : forall x : t_Item'0 [inv'6 x] . inv'6 x = invariant'3 x - - predicate invariant'0 (self : Seq.seq t_Item'0) = - [%#sseq21] forall i : int . 0 <= i /\ i < Seq.length self -> inv'6 (Seq.get self i) - - predicate inv'0 (_1 : Seq.seq t_Item'0) - - axiom inv_axiom'0 [@rewrite] : forall x : Seq.seq t_Item'0 [inv'0 x] . inv'0 x = invariant'0 x - - predicate invariant'1 (self : borrowed (t_Fuse'0)) = - [%#sinvariant22] inv'1 self.current /\ inv'1 self.final - - predicate inv'2 (_1 : borrowed (t_Fuse'0)) - - axiom inv_axiom'2 [@rewrite] : forall x : borrowed (t_Fuse'0) [inv'2 x] . inv'2 x = invariant'1 x - goal refines : [%#s07_fuse0] forall self : borrowed (t_Fuse'0) . forall steps : Seq.seq t_Item'0 . forall next : t_Fuse'0 . produces'0 self.final steps next - /\ completed'0 self /\ inv'0 steps /\ inv'1 next /\ inv'2 self + /\ completed'0 self -> produces'0 self.final steps next /\ completed'0 self - /\ inv'0 steps - /\ inv'1 next - /\ inv'2 self /\ (forall result : () . steps = (Seq.empty : Seq.seq t_Item'0) /\ self.final = next -> steps = (Seq.empty : Seq.seq t_Item'0) /\ self.final = next) end diff --git a/creusot/tests/should_succeed/iterators/07_fuse.rs b/creusot/tests/should_succeed/iterators/07_fuse.rs index ccd8da63c..6c983c2f4 100644 --- a/creusot/tests/should_succeed/iterators/07_fuse.rs +++ b/creusot/tests/should_succeed/iterators/07_fuse.rs @@ -1,5 +1,5 @@ extern crate creusot_contracts; -use creusot_contracts::{invariant::inv, logic::Seq, *}; +use creusot_contracts::{logic::Seq, *}; mod common; use common::Iterator; @@ -15,8 +15,8 @@ impl Iterator for Fuse { #[predicate(prophetic)] fn completed(&mut self) -> bool { pearlite! { - (self.iter == None || exists inv(it) && it.completed() && self.iter == Some(*it)) && - (^self).iter == None + (self.iter == None || exists it.completed() && self.iter == Some(*it)) + && (^self).iter == None } } @@ -51,15 +51,11 @@ impl Iterator for Fuse { #[law] #[open] - #[requires(inv(self))] #[ensures(self.produces(Seq::EMPTY, self))] fn produces_refl(self) {} #[law] #[open] - #[requires(inv(a))] - #[requires(inv(b))] - #[requires(inv(c))] #[requires(a.produces(ab, b))] #[requires(b.produces(bc, c))] #[ensures(a.produces(ab.concat(bc), c))] @@ -70,9 +66,6 @@ impl Iterator for Fuse { // extern_spec! version should be though. pub trait FusedIterator: Iterator { #[law] - #[requires(inv(self))] - #[requires(inv(next))] - #[requires(inv(steps))] #[requires(self.completed())] #[requires((^self).produces(steps, next))] #[ensures(steps == Seq::EMPTY && ^self == next)] @@ -82,9 +75,6 @@ pub trait FusedIterator: Iterator { impl FusedIterator for Fuse { #[law] #[open] - #[requires(inv(self))] - #[requires(inv(next))] - #[requires(inv(steps))] #[requires(self.completed())] #[requires((^self).produces(steps, next))] #[ensures(steps == Seq::EMPTY && ^self == next)] diff --git a/creusot/tests/should_succeed/iterators/07_fuse/why3session.xml b/creusot/tests/should_succeed/iterators/07_fuse/why3session.xml index 35eaf1217..e648cf1d6 100644 --- a/creusot/tests/should_succeed/iterators/07_fuse/why3session.xml +++ b/creusot/tests/should_succeed/iterators/07_fuse/why3session.xml @@ -14,29 +14,29 @@ - + - + - + - + - + @@ -48,7 +48,7 @@ - + diff --git a/creusot/tests/should_succeed/iterators/07_fuse/why3shapes.gz b/creusot/tests/should_succeed/iterators/07_fuse/why3shapes.gz index 707f26b48b037d094da4addf382d46f72b03a499..73a702c40375795a842a06d3c393c2013d752739 100644 GIT binary patch literal 965 zcmV;$13LU4iwFP!00000|E*R{ZzDGhz0a@k&F$twQr`t~Faiw5ms|?yYH&2tuCa-o z*iPF1`$F^O8QWQ;XmSZbJwB0q6vw}PTO5DzOFS;#=q)kqtg2=9^O^3n0_R`pLFs?>XXIam)=wAB)b>(18IdK$LjKXHCpVzk6vw_8aVvWasWV1D; zB#&}<04U4RDjpyC{@g%xJ@IC-M9Xy20z-J>9PpZ#hHrF+Qd4s5LK`?(V$t&LgZp@RzIE zLH^>-JoZNP2cR zzX+7N2ztg_Zjv06gV2n50y8FT{_R7%Ql(Bv9Q8LKLi n6^TBA8U`05Hjxw9sAX-4RiY#@M4j3S^(^9FG%1memJ0v?u!-Op literal 1303 zcmV+y1?c)8iwFP!00000|E*U`kJ~s5zWZ0?mfg-pq^Q>da|i}7luIuQ=o-kj+y`F$dlKR#@(pZ#mNZoY@h^>{x0wUL_-e-=+S|8)3x zK7}p#TunH6aL}BNvECJPu1#9Bb;<1L$Kz2T*2dQXAGOxdWbx!<>U5WpFU$9Hk;jV)x|h^ULdVxP@lR9MI@3 z$H#pA?Q#jHTU@>#PoJK{?R;_|eS19l=YCT@Q0(8uxmtH#?gm_d_E{>6u6l=#Ja-j= zku5BV!*YorDuti^;FPHN_q1nECndLlkSomWT zDck4t^Bea5(IFp0Kq_~Oq=t}kZa)#&$lzZJ@2zd)iR3`$DXo zIFJrh?}7i=X!ORWh7QqT6(-N$Y01&gLU}T|dqymS+>2dGXiq-1hdJIGAdORZNs?|(;4sMr;MK&j@~~!cwhOd_H_c$C!tD0y`S%i8)mBB z!EYl^33(bdKSrL`kf$}|MM7R=YGp%p+G~>E$5miutT*MuG zw!@H;OtLC4t%a#Qwo1ouEy*a^!~juSR2HR0VUdcaVU1{8O+heC&_b(FDkgnx1g|v2 z9cFfhstl8%R;?oKYpEJ9Ow%;23JjR6 {[@expl:extend ensures] [%#s08_collect_extend9] exists done' : borrowed t_I'0, prod : Seq.seq t_T'0 . inv'3 done' - /\ inv'2 prod - /\ completed'0 done' /\ produces'0 iter prod done'.current /\ view'2 vec.final = Seq.(++) (view'0 vec) prod} + [ return' (result:())-> {[@expl:extend ensures] [%#s08_collect_extend9] exists done' : borrowed t_I'0, prod : Seq.seq t_T'0 . completed'0 done' + /\ produces'0 iter prod done'.current /\ view'2 vec.final = Seq.(++) (view'0 vec) prod} (! return' {result}) ] end -module M_08_collect_extend__collect [#"08_collect_extend.rs" 46 0 46 52] - let%span s08_collect_extend0 = "08_collect_extend.rs" 47 18 47 28 - let%span s08_collect_extend1 = "08_collect_extend.rs" 51 4 51 7 - let%span s08_collect_extend2 = "08_collect_extend.rs" 51 4 51 7 - let%span s08_collect_extend3 = "08_collect_extend.rs" 50 16 50 38 - let%span s08_collect_extend4 = "08_collect_extend.rs" 49 16 49 24 - let%span s08_collect_extend5 = "08_collect_extend.rs" 51 4 51 7 - let%span s08_collect_extend6 = "08_collect_extend.rs" 51 4 51 7 - let%span s08_collect_extend7 = "08_collect_extend.rs" 46 28 46 32 - let%span s08_collect_extend8 = "08_collect_extend.rs" 46 40 46 52 - let%span s08_collect_extend9 = "08_collect_extend.rs" 42 2 44 49 +module M_08_collect_extend__collect [#"08_collect_extend.rs" 44 0 44 52] + let%span s08_collect_extend0 = "08_collect_extend.rs" 45 18 45 28 + let%span s08_collect_extend1 = "08_collect_extend.rs" 49 4 49 7 + let%span s08_collect_extend2 = "08_collect_extend.rs" 49 4 49 7 + let%span s08_collect_extend3 = "08_collect_extend.rs" 48 16 48 38 + let%span s08_collect_extend4 = "08_collect_extend.rs" 47 16 47 24 + let%span s08_collect_extend5 = "08_collect_extend.rs" 49 4 49 7 + let%span s08_collect_extend6 = "08_collect_extend.rs" 49 4 49 7 + let%span s08_collect_extend7 = "08_collect_extend.rs" 44 28 44 32 + let%span s08_collect_extend8 = "08_collect_extend.rs" 44 40 44 52 + let%span s08_collect_extend9 = "08_collect_extend.rs" 41 2 42 69 let%span svec10 = "../../../../creusot-contracts/src/std/vec.rs" 74 26 74 44 let%span siter11 = "../../../../creusot-contracts/src/std/iter.rs" 101 0 213 1 let%span svec12 = "../../../../creusot-contracts/src/std/vec.rs" 18 14 18 41 @@ -629,19 +628,19 @@ module M_08_collect_extend__collect [#"08_collect_extend.rs" 46 0 46 52] | & _27 : borrowed (t_Vec'0) = any_l () ] [ return' (result:t_Vec'0)-> {[@expl:collect result type invariant] [%#s08_collect_extend8] inv'0 result} - {[@expl:collect ensures] [%#s08_collect_extend9] exists done' : borrowed t_I'0, prod : Seq.seq t_Item'0 . inv'3 done' - /\ inv'2 prod /\ completed'0 done' /\ produces'0 iter prod done'.current /\ view'0 result = prod} + {[@expl:collect ensures] [%#s08_collect_extend9] exists done' : borrowed t_I'0, prod : Seq.seq t_Item'0 . completed'0 done' + /\ produces'0 iter prod done'.current /\ view'0 result = prod} (! return' {result}) ] end -module M_08_collect_extend__extend_index [#"08_collect_extend.rs" 57 0 57 51] - let%span s08_collect_extend0 = "08_collect_extend.rs" 58 16 58 32 - let%span s08_collect_extend1 = "08_collect_extend.rs" 59 16 59 32 - let%span s08_collect_extend2 = "08_collect_extend.rs" 62 20 62 53 +module M_08_collect_extend__extend_index [#"08_collect_extend.rs" 55 0 55 51] + let%span s08_collect_extend0 = "08_collect_extend.rs" 56 16 56 32 + let%span s08_collect_extend1 = "08_collect_extend.rs" 57 16 57 32 + let%span s08_collect_extend2 = "08_collect_extend.rs" 60 20 60 53 let%span siter3 = "../../../../creusot-contracts/src/std/iter.rs" 101 0 213 1 - let%span s08_collect_extend4 = "08_collect_extend.rs" 27 40 27 43 - let%span s08_collect_extend5 = "08_collect_extend.rs" 27 58 27 62 - let%span s08_collect_extend6 = "08_collect_extend.rs" 23 2 25 62 + let%span s08_collect_extend4 = "08_collect_extend.rs" 26 40 26 43 + let%span s08_collect_extend5 = "08_collect_extend.rs" 26 58 26 62 + let%span s08_collect_extend6 = "08_collect_extend.rs" 23 2 24 82 let%span svec7 = "../../../../creusot-contracts/src/std/vec.rs" 18 14 18 41 let%span ssnapshot8 = "../../../../creusot-contracts/src/snapshot.rs" 52 20 52 39 let%span svec9 = "../../../../creusot-contracts/src/std/vec.rs" 191 20 191 24 @@ -734,14 +733,6 @@ module M_08_collect_extend__extend_index [#"08_collect_extend.rs" 57 0 57 51] axiom inv_axiom'2 [@rewrite] : forall x : borrowed (t_Vec'0) [inv'2 x] . inv'2 x = true - predicate inv'3 (_1 : borrowed (t_IntoIter'0)) - - axiom inv_axiom'3 [@rewrite] : forall x : borrowed (t_IntoIter'0) [inv'3 x] . inv'3 x = true - - predicate inv'4 (_1 : Seq.seq uint32) - - axiom inv_axiom'4 [@rewrite] : forall x : Seq.seq uint32 [inv'4 x] . inv'4 x = true - use seq.Seq use seq.Seq @@ -777,9 +768,8 @@ module M_08_collect_extend__extend_index [#"08_collect_extend.rs" 57 0 57 51] let rec extend'0 (vec:borrowed (t_Vec'0)) (iter:t_IntoIter'0) (return' (ret:()))= {[@expl:extend 'vec' type invariant] [%#s08_collect_extend4] inv'2 vec} {[@expl:extend 'iter' type invariant] [%#s08_collect_extend5] inv'1 iter} any - [ return' (result:())-> {[%#s08_collect_extend6] exists done' : borrowed (t_IntoIter'0), prod : Seq.seq uint32 . inv'3 done' - /\ inv'4 prod - /\ completed'0 done' /\ produces'0 iter prod done'.current /\ view'0 vec.final = Seq.(++) (view'2 vec) prod} + [ return' (result:())-> {[%#s08_collect_extend6] exists done' : borrowed (t_IntoIter'0), prod : Seq.seq uint32 . completed'0 done' + /\ produces'0 iter prod done'.current /\ view'0 vec.final = Seq.(++) (view'2 vec) prod} (! return' {result}) ] @@ -838,13 +828,13 @@ module M_08_collect_extend__extend_index [#"08_collect_extend.rs" 57 0 57 51] | & _10 : t_IntoIter'0 = any_l () ] [ return' (result:())-> (! return' {result}) ] end -module M_08_collect_extend__collect_example [#"08_collect_extend.rs" 67 0 67 56] - let%span s08_collect_extend0 = "08_collect_extend.rs" 70 20 70 73 - let%span s08_collect_extend1 = "08_collect_extend.rs" 67 48 67 52 - let%span s08_collect_extend2 = "08_collect_extend.rs" 65 11 66 68 - let%span s08_collect_extend3 = "08_collect_extend.rs" 46 28 46 32 - let%span s08_collect_extend4 = "08_collect_extend.rs" 46 40 46 52 - let%span s08_collect_extend5 = "08_collect_extend.rs" 42 2 44 49 +module M_08_collect_extend__collect_example [#"08_collect_extend.rs" 65 0 65 56] + let%span s08_collect_extend0 = "08_collect_extend.rs" 68 20 68 73 + let%span s08_collect_extend1 = "08_collect_extend.rs" 65 48 65 52 + let%span s08_collect_extend2 = "08_collect_extend.rs" 63 11 64 68 + let%span s08_collect_extend3 = "08_collect_extend.rs" 44 28 44 32 + let%span s08_collect_extend4 = "08_collect_extend.rs" 44 40 44 52 + let%span s08_collect_extend5 = "08_collect_extend.rs" 41 2 42 69 let%span svec6 = "../../../../creusot-contracts/src/std/vec.rs" 18 14 18 41 let%span sindex7 = "../../../../creusot-contracts/src/logic/ops/index.rs" 23 8 23 31 let%span siter8 = "../../../../creusot-contracts/src/std/iter.rs" 38 15 38 24 @@ -855,7 +845,6 @@ module M_08_collect_extend__collect_example [#"08_collect_extend.rs" 67 0 67 56] let%span siter13 = "../../../../creusot-contracts/src/std/iter.rs" 46 15 46 32 let%span siter14 = "../../../../creusot-contracts/src/std/iter.rs" 47 15 47 32 let%span siter15 = "../../../../creusot-contracts/src/std/iter.rs" 48 14 48 42 - let%span sinvariant16 = "../../../../creusot-contracts/src/invariant.rs" 34 20 34 44 type t_I'0 @@ -890,17 +879,6 @@ module M_08_collect_extend__collect_example [#"08_collect_extend.rs" 67 0 67 56] use seq.Seq - predicate invariant'0 (self : borrowed t_I'0) = - [%#sinvariant16] inv'0 self.current /\ inv'0 self.final - - predicate inv'2 (_1 : borrowed t_I'0) - - axiom inv_axiom'1 [@rewrite] : forall x : borrowed t_I'0 [inv'2 x] . inv'2 x = invariant'0 x - - predicate inv'3 (_1 : Seq.seq uint32) - - axiom inv_axiom'2 [@rewrite] : forall x : Seq.seq uint32 [inv'3 x] . inv'3 x = true - use seq.Seq use seq.Seq @@ -937,8 +915,8 @@ module M_08_collect_extend__collect_example [#"08_collect_extend.rs" 67 0 67 56] let rec collect'0 (iter:t_I'0) (return' (ret:t_Vec'0))= {[@expl:collect 'iter' type invariant] [%#s08_collect_extend3] inv'0 iter} any [ return' (result:t_Vec'0)-> {[%#s08_collect_extend4] inv'1 result} - {[%#s08_collect_extend5] exists done' : borrowed t_I'0, prod : Seq.seq uint32 . inv'2 done' - /\ inv'3 prod /\ completed'0 done' /\ produces'0 iter prod done'.current /\ view'0 result = prod} + {[%#s08_collect_extend5] exists done' : borrowed t_I'0, prod : Seq.seq uint32 . completed'0 done' + /\ produces'0 iter prod done'.current /\ view'0 result = prod} (! return' {result}) ] @@ -954,8 +932,7 @@ module M_08_collect_extend__collect_example [#"08_collect_extend.rs" 67 0 67 56] meta "compute_max_steps" 1000000 let rec collect_example'0 (iter:t_I'0) (return' (ret:()))= {[@expl:collect_example 'iter' type invariant] [%#s08_collect_extend1] inv'0 iter} - {[@expl:collect_example requires] [%#s08_collect_extend2] forall prod : Seq.seq uint32, fin : t_I'0 . inv'0 fin - /\ produces'0 iter prod fin + {[@expl:collect_example requires] [%#s08_collect_extend2] forall prod : Seq.seq uint32, fin : t_I'0 . produces'0 iter prod fin -> (forall i : int . 0 <= i /\ i < Seq.length prod -> UInt32.to_int (Seq.get prod i) = i)} (! bb0 [ bb0 = bb1 diff --git a/creusot/tests/should_succeed/iterators/08_collect_extend.rs b/creusot/tests/should_succeed/iterators/08_collect_extend.rs index c85b38525..04a146197 100644 --- a/creusot/tests/should_succeed/iterators/08_collect_extend.rs +++ b/creusot/tests/should_succeed/iterators/08_collect_extend.rs @@ -21,8 +21,7 @@ use creusot_contracts::{ // Here we prove the specific instance of `extend` for `Vec`. #[ensures( exists> - inv(done) && inv(prod) && done.completed() && - iter.produces(prod, *done) && (^vec)@ == vec@.concat(prod) + done.completed() && iter.produces(prod, *done) && (^vec)@ == vec@.concat(prod) )] pub fn extend>(vec: &mut Vec, iter: I) { let old_vec = snapshot! { vec }; @@ -40,8 +39,7 @@ pub fn extend>(vec: &mut Vec, iter: I) { // We prove the specific instance for vector #[ensures( exists> - inv(done) && inv(prod) && done.completed() && - iter.produces(prod, *done) && result@ == prod + done.completed() && iter.produces(prod, *done) && result@ == prod )] pub fn collect(iter: I) -> Vec { let mut res = Vec::new(); @@ -62,7 +60,7 @@ pub fn extend_index(mut v1: Vec, v2: Vec) { proof_assert! { v1@.ext_eq(oldv1@.concat(oldv2@)) }; } -#[requires(forall, fin: I> inv(fin) && iter.produces(prod, fin) ==> +#[requires(forall, fin: I> iter.produces(prod, fin) ==> forall 0 <= i && i < prod.len() ==> prod[i]@ == i)] pub fn collect_example>(iter: I) { let v: Vec = collect(iter); diff --git a/creusot/tests/should_succeed/iterators/08_collect_extend/why3session.xml b/creusot/tests/should_succeed/iterators/08_collect_extend/why3session.xml index c7555af89..c71b6ba1f 100644 --- a/creusot/tests/should_succeed/iterators/08_collect_extend/why3session.xml +++ b/creusot/tests/should_succeed/iterators/08_collect_extend/why3session.xml @@ -7,12 +7,12 @@ - + - + @@ -22,7 +22,7 @@ - + diff --git a/creusot/tests/should_succeed/iterators/08_collect_extend/why3shapes.gz b/creusot/tests/should_succeed/iterators/08_collect_extend/why3shapes.gz index 31b3b1f6aa25838e2e8c784119021f5f32d7c00b..2b2d4a82c69d99793ca9fc13cbbe54ee1b565b39 100644 GIT binary patch literal 1108 zcmV-a1grZWiwFP!00000|J{~NZ{s!)hVS|nxw+k3IKvM~MSL)V2=t+QDKO~Gpd>0Q z)R9tKo3#JFpd`|i?PRlP(E_~~^l(TH=bd@PA3oh2znEuxym_&QW7~H>-Kd*SKPKjG zZT7Z%9KM*B*1oQgm>K$A+YRPr_w(l06)O_cb}#18nr>JLg5TZWRZ39!LF@p8lLHbK zeh@ow;**0QUid-mz(`CEj6~rFiFrQs_1DTCSB#{&y(L8%<=fbtURWe4O1I-4;HIWQ zu*hPuEihxBo`*jPnD>C??U7)0d;dpr4o>Fg_k zFm2b_gZtyA#y<>#~~f%?D!glsdX(U0&$ajmBy;`2m^ zYiriNP%$;fuCK0S$W&hs2ipw5Ph(SB`Nb6lmV&vIVM@aBny~i*Dx9D?%^r| zT-|8-@cw((nrl5EA!|CH){+V5y^;byR-d>3mUJ>E$PU zJ)6L^U2Xr^?fb{Ja)mLbg>B896Mwl)zA<;}%1sxGkh9=$QVGsff``+G+GoyTC4}*4 zhfxkO_SK!!Y&x9){kh`o+)2N}-#sgmq&6(Aq?Jn4JkL#|gu=AUWu9eaBlG44n9g;k zQ?0brLUWB8G)pkg8>VtA1jo{vvMhO1nu=vvCepml+&aiKq#Be4sX=Jq8gN_=kbnSL zrDd55X7XA!tZH&>YAywrQdX5)k5Z%1$Tgxy(8x68Nm-jFt17fAg;HgzmbSDOOP-0w a%Eq{boN3H8W*SqCD)|e9b*&~z4*&qH`7>q! literal 1176 zcmV;J1ZVpniwFP!00000|J|2OZ{s!)hVS|nxw+k3IKwZghz~{(fjV?A1qQttw8dnF zCQ@o^llI>ilth}coNN|Yv_LNgH5yXGnRg!2KYhA7ezDK)c=h5A$EIt4xl&i3e$MR8 z+CIAWq5ooE8uz+FVz%$LP21a-?XR2PSFFrz)4te4W7~cu2>$esD@{;_LFxd6qXQC_ zVURj-;-iBgUWP&Hz(|Y^j6@j*nSDNV_1C>St{6#seNBpTDyr117Zyp1bTzC2{?#~$ z7Fo`g1!mpTbN@F13m!1vJrYdY=LFOK{V2Qb?d|q+*SZxOjEaEU+wE`NlUp$&m~tWs zrlj~$_W842pS(~K@-lti*!6m>3bVWJaOhrLy?XkCP}}>awT}eaHnsn~z8?L+w(gZc z*rsjW!9Vy{!vjHKk4^jV==!cDRGTri?=QSb@^e~~Kz-l?glsdVF^up-ajnN7((j2F zS7p~hsHp9+?e-TkWcObW2iNulnotwwalh*F&KDD^Ntvk2(Oo1i)vRpFm#wmE!ldLV z%1w+k1TSKp7=a+pHZ%E2;w*jzi;dlPPtT98ceP)zm{K@Q8-<6(U1bmM*gd{DuT4Ge zYzQ&fVOED2=P1^b+nErMkP*W4rHk*X+cdzL3*>}oA6&m}>ctB`_tY(E0`f!%9Q+ce z7D8T4jf1?r6xKJt8G0JA4EcaO8rjSk`|j=LBA9?Oru*GKAt;h>g%M^0ZnguL7a(Tu zgO~-3vVc+MF`A^)tBs_m;*5!EVG*8_A-EW2w1_z+iwTkur^PuUSwtj@h-8-#nbtRe zRYb7*(fr^59x=)zM)~(()HCD5Xe9hE_!j}k=758_sNV*gyy#fPJ(VdXJ_fS1Nk!5b z--Ol4H(}QQiBjw`rNqBasUHQU__9p<24o`L0RXXz@*_<$U940LUoAUg@bOW2?Dg)j zeeRC^cvM295vU;r(dFP)Eb9XbSwLa5LAa-azo#x3iwnl~;rhzM^_2%34;NBSBG?4U zfGauUr1JRHR1CMt#GWrr1Cr0~q7YIBWtP@KoF7Lxd*W~P3aBBEGQkU|xE9WR(Z9PS zQXCf{DCSVmo?`KWl+S74pC_Of0RxcVMJebYh3|^tl2G`d`mpR$C;4f*K&G0ZwYbpaz`Pj{C}s@vq17&q(U%kKWL)It-$P&n1yhiijxpl3574SY8^| zlL>6o*6y$EWB1VP2aOHM#LC`y8O_%L*w~x(p80<))!DzK=yEDKKPx#8@Jp7P^2hID ziQse=dFIDBA6!3n{m}R~UI}A#1R{i`&chmIal%p=Nyy49Ly#bM*6nI60CLA_>jW3~ z&N^F2&{x1rVREC5GSUdc4H_^ktD%4pO4z0GAIoSgWMn*1cS^#k#UfU?RT~i q_jxT{?LgtKK($k-twZOhb743)91RD as common::Iterator> *) - let%span s09_empty0 = "09_empty.rs" 32 15 32 21 - let%span s09_empty1 = "09_empty.rs" 33 15 33 21 - let%span s09_empty2 = "09_empty.rs" 34 15 34 21 - let%span s09_empty3 = "09_empty.rs" 35 15 35 32 - let%span s09_empty4 = "09_empty.rs" 36 15 36 32 - let%span s09_empty5 = "09_empty.rs" 37 14 37 42 - let%span s09_empty6 = "09_empty.rs" 30 4 30 10 - let%span s09_empty7 = "09_empty.rs" 22 20 22 54 +module M_09_empty__qyi9513254493468142860__produces_trans [#"09_empty.rs" 35 4 35 90] (* as common::Iterator> *) + let%span s09_empty0 = "09_empty.rs" 32 15 32 32 + let%span s09_empty1 = "09_empty.rs" 33 15 33 32 + let%span s09_empty2 = "09_empty.rs" 34 14 34 42 + let%span s09_empty3 = "09_empty.rs" 30 4 30 10 + let%span s09_empty4 = "09_empty.rs" 22 20 22 54 type t_Empty'0 = { t_Empty__0'0: () } - predicate inv'0 (_1 : t_Empty'0) - - axiom inv_axiom'0 [@rewrite] : forall x : t_Empty'0 [inv'0 x] . inv'0 x = true - type t_T'0 use seq.Seq @@ -45,7 +38,7 @@ module M_09_empty__qyi9513254493468142860__produces_trans [#"09_empty.rs" 38 4 3 use seq.Seq predicate produces'0 [#"09_empty.rs" 21 4 21 64] (self : t_Empty'0) (visited : Seq.seq t_T'0) (o : t_Empty'0) = - [%#s09_empty7] visited = (Seq.empty : Seq.seq t_T'0) /\ self = o + [%#s09_empty4] visited = (Seq.empty : Seq.seq t_T'0) /\ self = o use seq.Seq @@ -59,17 +52,15 @@ module M_09_empty__qyi9513254493468142860__produces_trans [#"09_empty.rs" 38 4 3 constant c : t_Empty'0 - function produces_trans'0 [#"09_empty.rs" 38 4 38 90] (a : t_Empty'0) (ab : Seq.seq t_T'0) (b : t_Empty'0) (bc : Seq.seq t_T'0) (c : t_Empty'0) : () + function produces_trans'0 [#"09_empty.rs" 35 4 35 90] (a : t_Empty'0) (ab : Seq.seq t_T'0) (b : t_Empty'0) (bc : Seq.seq t_T'0) (c : t_Empty'0) : () - goal vc_produces_trans'0 : ([%#s09_empty4] produces'0 b bc c) - -> ([%#s09_empty3] produces'0 a ab b) - -> ([%#s09_empty2] inv'0 c) - -> ([%#s09_empty1] inv'0 b) -> ([%#s09_empty0] inv'0 a) -> ([%#s09_empty5] produces'0 a (Seq.(++) ab bc) c) + goal vc_produces_trans'0 : ([%#s09_empty1] produces'0 b bc c) + -> ([%#s09_empty0] produces'0 a ab b) -> ([%#s09_empty2] produces'0 a (Seq.(++) ab bc) c) end -module M_09_empty__qyi9513254493468142860__next [#"09_empty.rs" 44 4 44 35] (* as common::Iterator> *) - let%span s09_empty0 = "09_empty.rs" 44 26 44 35 - let%span s09_empty1 = "09_empty.rs" 40 14 43 5 +module M_09_empty__qyi9513254493468142860__next [#"09_empty.rs" 41 4 41 35] (* as common::Iterator> *) + let%span s09_empty0 = "09_empty.rs" 41 26 41 35 + let%span s09_empty1 = "09_empty.rs" 37 14 40 5 let%span s09_empty2 = "09_empty.rs" 16 20 16 34 let%span s09_empty3 = "09_empty.rs" 22 20 22 54 let%span sresolve4 = "../../../../creusot-contracts/src/resolve.rs" 54 20 54 34 @@ -135,10 +126,6 @@ module M_09_empty__qyi9513254493468142860__produces_refl__refines [#"09_empty.rs type t_Empty'0 = { t_Empty__0'0: () } - predicate inv'0 (_1 : t_Empty'0) - - axiom inv_axiom'0 [@rewrite] : forall x : t_Empty'0 [inv'0 x] . inv'0 x = true - use seq.Seq type t_T'0 @@ -148,12 +135,11 @@ module M_09_empty__qyi9513254493468142860__produces_refl__refines [#"09_empty.rs predicate produces'0 [#"09_empty.rs" 21 4 21 64] (self : t_Empty'0) (visited : Seq.seq t_T'0) (o : t_Empty'0) = [%#s09_empty1] visited = (Seq.empty : Seq.seq t_T'0) /\ self = o - goal refines : [%#s09_empty0] forall self : t_Empty'0 . inv'0 self - -> (forall result : () . produces'0 self (Seq.empty : Seq.seq t_T'0) self - -> produces'0 self (Seq.empty : Seq.seq t_T'0) self) + goal refines : [%#s09_empty0] forall self : t_Empty'0 . forall result : () . produces'0 self (Seq.empty : Seq.seq t_T'0) self + -> produces'0 self (Seq.empty : Seq.seq t_T'0) self end -module M_09_empty__qyi9513254493468142860__produces_trans__refines [#"09_empty.rs" 38 4 38 90] (* as common::Iterator> *) - let%span s09_empty0 = "09_empty.rs" 38 4 38 90 +module M_09_empty__qyi9513254493468142860__produces_trans__refines [#"09_empty.rs" 35 4 35 90] (* as common::Iterator> *) + let%span s09_empty0 = "09_empty.rs" 35 4 35 90 let%span s09_empty1 = "09_empty.rs" 22 20 22 54 type t_Empty'0 = @@ -168,21 +154,15 @@ module M_09_empty__qyi9513254493468142860__produces_trans__refines [#"09_empty.r predicate produces'0 [#"09_empty.rs" 21 4 21 64] (self : t_Empty'0) (visited : Seq.seq t_T'0) (o : t_Empty'0) = [%#s09_empty1] visited = (Seq.empty : Seq.seq t_T'0) /\ self = o - predicate inv'0 (_1 : t_Empty'0) - - axiom inv_axiom'0 [@rewrite] : forall x : t_Empty'0 [inv'0 x] . inv'0 x = true - use seq.Seq goal refines : [%#s09_empty0] forall a : t_Empty'0 . forall ab : Seq.seq t_T'0 . forall b : t_Empty'0 . forall bc : Seq.seq t_T'0 . forall c : t_Empty'0 . produces'0 b bc c - /\ produces'0 a ab b /\ inv'0 c /\ inv'0 b /\ inv'0 a - -> produces'0 b bc c /\ produces'0 a ab b - /\ inv'0 c - /\ inv'0 b /\ inv'0 a /\ (forall result : () . produces'0 a (Seq.(++) ab bc) c -> produces'0 a (Seq.(++) ab bc) c) + -> produces'0 b bc c + /\ produces'0 a ab b /\ (forall result : () . produces'0 a (Seq.(++) ab bc) c -> produces'0 a (Seq.(++) ab bc) c) end -module M_09_empty__qyi9513254493468142860__next__refines [#"09_empty.rs" 44 4 44 35] (* as common::Iterator> *) - let%span s09_empty0 = "09_empty.rs" 44 4 44 35 +module M_09_empty__qyi9513254493468142860__next__refines [#"09_empty.rs" 41 4 41 35] (* as common::Iterator> *) + let%span s09_empty0 = "09_empty.rs" 41 4 41 35 let%span s09_empty1 = "09_empty.rs" 16 20 16 34 let%span s09_empty2 = "09_empty.rs" 22 20 22 54 let%span sresolve3 = "../../../../creusot-contracts/src/resolve.rs" 54 20 54 34 diff --git a/creusot/tests/should_succeed/iterators/09_empty.rs b/creusot/tests/should_succeed/iterators/09_empty.rs index eb12a3277..e0658ab9f 100644 --- a/creusot/tests/should_succeed/iterators/09_empty.rs +++ b/creusot/tests/should_succeed/iterators/09_empty.rs @@ -1,6 +1,6 @@ extern crate creusot_contracts; -use creusot_contracts::{invariant::inv, *}; +use creusot_contracts::*; mod common; use common::Iterator; @@ -29,9 +29,6 @@ impl Iterator for Empty { #[law] #[open] - #[requires(inv(a))] - #[requires(inv(b))] - #[requires(inv(c))] #[requires(a.produces(ab, b))] #[requires(b.produces(bc, c))] #[ensures(a.produces(ab.concat(bc), c))] diff --git a/creusot/tests/should_succeed/iterators/09_empty/why3session.xml b/creusot/tests/should_succeed/iterators/09_empty/why3session.xml index e81c7551a..5b23f805b 100644 --- a/creusot/tests/should_succeed/iterators/09_empty/why3session.xml +++ b/creusot/tests/should_succeed/iterators/09_empty/why3session.xml @@ -26,7 +26,7 @@ - + diff --git a/creusot/tests/should_succeed/iterators/09_empty/why3shapes.gz b/creusot/tests/should_succeed/iterators/09_empty/why3shapes.gz index 9f5f5f852d8c3382149870e29828af04858aa923..258dceddd373f5481dd0886c25424fc128b54761 100644 GIT binary patch literal 438 zcmV;n0ZINJiwFP!00000|D}+ltS)>W_e1}+veoO0pwoHC?}^711Ry@1re6WN zr?hFrtafwJW0FQbl$&jq|Fo{xK?W6c_Z&By1rIXdg5c-ub5C+q_B>2Z@8>i3Q&2SS`yU6MhCUc7`<@PS;yy@s|6OaJ)i&M7OI7pfsWQk1D?Is} z#U{A9@joRUop~G%munmwAzXCEN^+=V4KYW>>@e$C93m<-m25!}NK;41MLP$^>SB!d zC}XWMIV@bs7DZ0TJ{RI5bBeh@U23I#CZoW{jFoJa0E`kH8gN=EXO(o84M9=fCNwHl zveg20oxIYlEub@0r1Ul!SHKl*3)UDDK@&2t!r&-M6r>T g#G<_c8^JSpof2e*r0Y13^ldGE1AAnp?U4fj0IPV;Qvd(} literal 461 zcmV;;0W$s{iwFP!00000|D}>KkJ~T|g?If5Z)q#*^y+<7@({YJe3T%wB;;iKk96_{9uB0;Ns*Boa1d_Rk z8c-SxMKokHh$9p)DY=RO!7_R=1va(;Rk as common::Iterator> *) - let%span s10_once0 = "10_once.rs" 30 15 30 24 - let%span s10_once1 = "10_once.rs" 31 14 31 45 - let%span s10_once2 = "10_once.rs" 28 4 28 10 - let%span s10_once3 = "10_once.rs" 23 12 24 116 +module M_10_once__qyi9558967427796228243__produces_refl [#"10_once.rs" 31 4 31 26] (* as common::Iterator> *) + let%span s10_once0 = "10_once.rs" 30 14 30 45 + let%span s10_once1 = "10_once.rs" 28 4 28 10 + let%span s10_once2 = "10_once.rs" 23 12 24 106 + + use seq.Seq type t_T'0 + use seq.Seq + type t_Option'0 = | C_None'0 | C_Some'0 t_T'0 @@ -13,50 +16,25 @@ module M_10_once__qyi9558967427796228243__produces_refl [#"10_once.rs" 32 4 32 2 type t_Once'0 = { t_Once__0'0: t_Option'0 } - predicate inv'1 (_1 : t_T'0) - - predicate inv'2 (_1 : t_Option'0) - - axiom inv_axiom'1 [@rewrite] : forall x : t_Option'0 [inv'2 x] . inv'2 x - = match x with - | C_None'0 -> true - | C_Some'0 a_0 -> inv'1 a_0 - end - - predicate inv'0 (_1 : t_Once'0) - - axiom inv_axiom'0 [@rewrite] : forall x : t_Once'0 [inv'0 x] . inv'0 x - = match x with - | {t_Once__0'0 = a_0} -> inv'2 a_0 - end - - use seq.Seq - - use seq.Seq - use seq.Seq predicate produces'0 [#"10_once.rs" 21 4 21 64] (self : t_Once'0) (visited : Seq.seq t_T'0) (o : t_Once'0) = - [%#s10_once3] visited = (Seq.empty : Seq.seq t_T'0) /\ self = o - \/ (exists e : t_T'0 . inv'1 e - /\ self = { t_Once__0'0 = C_Some'0 e } /\ visited = Seq.singleton e /\ o = { t_Once__0'0 = C_None'0 }) + [%#s10_once2] visited = (Seq.empty : Seq.seq t_T'0) /\ self = o + \/ (exists e : t_T'0 . self = { t_Once__0'0 = C_Some'0 e } + /\ visited = Seq.singleton e /\ o = { t_Once__0'0 = C_None'0 }) constant self : t_Once'0 - function produces_refl'0 [#"10_once.rs" 32 4 32 26] (self : t_Once'0) : () + function produces_refl'0 [#"10_once.rs" 31 4 31 26] (self : t_Once'0) : () - goal vc_produces_refl'0 : ([%#s10_once0] inv'0 self) - -> ([%#s10_once1] produces'0 self (Seq.empty : Seq.seq t_T'0) self) + goal vc_produces_refl'0 : [%#s10_once0] produces'0 self (Seq.empty : Seq.seq t_T'0) self end -module M_10_once__qyi9558967427796228243__produces_trans [#"10_once.rs" 42 4 42 90] (* as common::Iterator> *) - let%span s10_once0 = "10_once.rs" 36 15 36 21 - let%span s10_once1 = "10_once.rs" 37 15 37 21 - let%span s10_once2 = "10_once.rs" 38 15 38 21 - let%span s10_once3 = "10_once.rs" 39 15 39 32 - let%span s10_once4 = "10_once.rs" 40 15 40 32 - let%span s10_once5 = "10_once.rs" 41 14 41 42 - let%span s10_once6 = "10_once.rs" 34 4 34 10 - let%span s10_once7 = "10_once.rs" 23 12 24 116 +module M_10_once__qyi9558967427796228243__produces_trans [#"10_once.rs" 38 4 38 90] (* as common::Iterator> *) + let%span s10_once0 = "10_once.rs" 35 15 35 32 + let%span s10_once1 = "10_once.rs" 36 15 36 32 + let%span s10_once2 = "10_once.rs" 37 14 37 42 + let%span s10_once3 = "10_once.rs" 33 4 33 10 + let%span s10_once4 = "10_once.rs" 23 12 24 106 type t_T'0 @@ -67,23 +45,6 @@ module M_10_once__qyi9558967427796228243__produces_trans [#"10_once.rs" 42 4 42 type t_Once'0 = { t_Once__0'0: t_Option'0 } - predicate inv'1 (_1 : t_T'0) - - predicate inv'2 (_1 : t_Option'0) - - axiom inv_axiom'1 [@rewrite] : forall x : t_Option'0 [inv'2 x] . inv'2 x - = match x with - | C_None'0 -> true - | C_Some'0 a_0 -> inv'1 a_0 - end - - predicate inv'0 (_1 : t_Once'0) - - axiom inv_axiom'0 [@rewrite] : forall x : t_Once'0 [inv'0 x] . inv'0 x - = match x with - | {t_Once__0'0 = a_0} -> inv'2 a_0 - end - use seq.Seq use seq.Seq @@ -91,9 +52,9 @@ module M_10_once__qyi9558967427796228243__produces_trans [#"10_once.rs" 42 4 42 use seq.Seq predicate produces'0 [#"10_once.rs" 21 4 21 64] (self : t_Once'0) (visited : Seq.seq t_T'0) (o : t_Once'0) = - [%#s10_once7] visited = (Seq.empty : Seq.seq t_T'0) /\ self = o - \/ (exists e : t_T'0 . inv'1 e - /\ self = { t_Once__0'0 = C_Some'0 e } /\ visited = Seq.singleton e /\ o = { t_Once__0'0 = C_None'0 }) + [%#s10_once4] visited = (Seq.empty : Seq.seq t_T'0) /\ self = o + \/ (exists e : t_T'0 . self = { t_Once__0'0 = C_Some'0 e } + /\ visited = Seq.singleton e /\ o = { t_Once__0'0 = C_None'0 }) use seq.Seq @@ -107,21 +68,19 @@ module M_10_once__qyi9558967427796228243__produces_trans [#"10_once.rs" 42 4 42 constant c : t_Once'0 - function produces_trans'0 [#"10_once.rs" 42 4 42 90] (a : t_Once'0) (ab : Seq.seq t_T'0) (b : t_Once'0) (bc : Seq.seq t_T'0) (c : t_Once'0) : () + function produces_trans'0 [#"10_once.rs" 38 4 38 90] (a : t_Once'0) (ab : Seq.seq t_T'0) (b : t_Once'0) (bc : Seq.seq t_T'0) (c : t_Once'0) : () - goal vc_produces_trans'0 : ([%#s10_once4] produces'0 b bc c) - -> ([%#s10_once3] produces'0 a ab b) - -> ([%#s10_once2] inv'0 c) - -> ([%#s10_once1] inv'0 b) -> ([%#s10_once0] inv'0 a) -> ([%#s10_once5] produces'0 a (Seq.(++) ab bc) c) + goal vc_produces_trans'0 : ([%#s10_once1] produces'0 b bc c) + -> ([%#s10_once0] produces'0 a ab b) -> ([%#s10_once2] produces'0 a (Seq.(++) ab bc) c) end -module M_10_once__qyi9558967427796228243__next [#"10_once.rs" 48 4 48 35] (* as common::Iterator> *) - let%span s10_once0 = "10_once.rs" 48 17 48 21 - let%span s10_once1 = "10_once.rs" 48 26 48 35 - let%span s10_once2 = "10_once.rs" 44 14 47 5 +module M_10_once__qyi9558967427796228243__next [#"10_once.rs" 44 4 44 35] (* as common::Iterator> *) + let%span s10_once0 = "10_once.rs" 44 17 44 21 + let%span s10_once1 = "10_once.rs" 44 26 44 35 + let%span s10_once2 = "10_once.rs" 40 14 43 5 let%span soption3 = "../../../../creusot-contracts/src/std/option.rs" 31 0 423 1 let%span s10_once4 = "10_once.rs" 16 20 16 57 - let%span s10_once5 = "10_once.rs" 23 12 24 116 + let%span s10_once5 = "10_once.rs" 23 12 24 106 let%span sresolve6 = "../../../../creusot-contracts/src/resolve.rs" 54 20 54 34 let%span sinvariant7 = "../../../../creusot-contracts/src/invariant.rs" 34 20 34 44 @@ -193,8 +152,8 @@ module M_10_once__qyi9558967427796228243__next [#"10_once.rs" 48 4 48 35] (* as common::Iterator> *) - let%span s10_once0 = "10_once.rs" 48 4 48 35 +module M_10_once__qyi9558967427796228243__next__refines [#"10_once.rs" 44 4 44 35] (* as common::Iterator> *) + let%span s10_once0 = "10_once.rs" 44 4 44 35 let%span s10_once1 = "10_once.rs" 16 20 16 57 - let%span s10_once2 = "10_once.rs" 23 12 24 116 + let%span s10_once2 = "10_once.rs" 23 12 24 106 let%span sresolve3 = "../../../../creusot-contracts/src/resolve.rs" 54 20 54 34 let%span sinvariant4 = "../../../../creusot-contracts/src/invariant.rs" 34 20 34 44 @@ -277,8 +236,8 @@ module M_10_once__qyi9558967427796228243__next__refines [#"10_once.rs" 48 4 48 3 predicate produces'0 [#"10_once.rs" 21 4 21 64] (self : t_Once'0) (visited : Seq.seq t_T'0) (o : t_Once'0) = [%#s10_once2] visited = (Seq.empty : Seq.seq t_T'0) /\ self = o - \/ (exists e : t_T'0 . inv'2 e - /\ self = { t_Once__0'0 = C_Some'0 e } /\ visited = Seq.singleton e /\ o = { t_Once__0'0 = C_None'0 }) + \/ (exists e : t_T'0 . self = { t_Once__0'0 = C_Some'0 e } + /\ visited = Seq.singleton e /\ o = { t_Once__0'0 = C_None'0 }) goal refines : [%#s10_once0] forall self : borrowed (t_Once'0) . inv'0 self -> inv'0 self @@ -293,9 +252,9 @@ module M_10_once__qyi9558967427796228243__next__refines [#"10_once.rs" 48 4 48 3 end /\ inv'1 result) end -module M_10_once__qyi9558967427796228243__produces_refl__refines [#"10_once.rs" 32 4 32 26] (* as common::Iterator> *) - let%span s10_once0 = "10_once.rs" 32 4 32 26 - let%span s10_once1 = "10_once.rs" 23 12 24 116 +module M_10_once__qyi9558967427796228243__produces_refl__refines [#"10_once.rs" 31 4 31 26] (* as common::Iterator> *) + let%span s10_once0 = "10_once.rs" 31 4 31 26 + let%span s10_once1 = "10_once.rs" 23 12 24 106 type t_T'0 @@ -306,23 +265,6 @@ module M_10_once__qyi9558967427796228243__produces_refl__refines [#"10_once.rs" type t_Once'0 = { t_Once__0'0: t_Option'0 } - predicate inv'1 (_1 : t_T'0) - - predicate inv'2 (_1 : t_Option'0) - - axiom inv_axiom'1 [@rewrite] : forall x : t_Option'0 [inv'2 x] . inv'2 x - = match x with - | C_None'0 -> true - | C_Some'0 a_0 -> inv'1 a_0 - end - - predicate inv'0 (_1 : t_Once'0) - - axiom inv_axiom'0 [@rewrite] : forall x : t_Once'0 [inv'0 x] . inv'0 x - = match x with - | {t_Once__0'0 = a_0} -> inv'2 a_0 - end - use seq.Seq use seq.Seq @@ -331,17 +273,15 @@ module M_10_once__qyi9558967427796228243__produces_refl__refines [#"10_once.rs" predicate produces'0 [#"10_once.rs" 21 4 21 64] (self : t_Once'0) (visited : Seq.seq t_T'0) (o : t_Once'0) = [%#s10_once1] visited = (Seq.empty : Seq.seq t_T'0) /\ self = o - \/ (exists e : t_T'0 . inv'1 e - /\ self = { t_Once__0'0 = C_Some'0 e } /\ visited = Seq.singleton e /\ o = { t_Once__0'0 = C_None'0 }) + \/ (exists e : t_T'0 . self = { t_Once__0'0 = C_Some'0 e } + /\ visited = Seq.singleton e /\ o = { t_Once__0'0 = C_None'0 }) - goal refines : [%#s10_once0] forall self : t_Once'0 . inv'0 self - -> inv'0 self - /\ (forall result : () . produces'0 self (Seq.empty : Seq.seq t_T'0) self - -> produces'0 self (Seq.empty : Seq.seq t_T'0) self) + goal refines : [%#s10_once0] forall self : t_Once'0 . forall result : () . produces'0 self (Seq.empty : Seq.seq t_T'0) self + -> produces'0 self (Seq.empty : Seq.seq t_T'0) self end -module M_10_once__qyi9558967427796228243__produces_trans__refines [#"10_once.rs" 42 4 42 90] (* as common::Iterator> *) - let%span s10_once0 = "10_once.rs" 42 4 42 90 - let%span s10_once1 = "10_once.rs" 23 12 24 116 +module M_10_once__qyi9558967427796228243__produces_trans__refines [#"10_once.rs" 38 4 38 90] (* as common::Iterator> *) + let%span s10_once0 = "10_once.rs" 38 4 38 90 + let%span s10_once1 = "10_once.rs" 23 12 24 106 type t_T'0 @@ -356,36 +296,17 @@ module M_10_once__qyi9558967427796228243__produces_trans__refines [#"10_once.rs" use seq.Seq - predicate inv'1 (_1 : t_T'0) - use seq.Seq predicate produces'0 [#"10_once.rs" 21 4 21 64] (self : t_Once'0) (visited : Seq.seq t_T'0) (o : t_Once'0) = [%#s10_once1] visited = (Seq.empty : Seq.seq t_T'0) /\ self = o - \/ (exists e : t_T'0 . inv'1 e - /\ self = { t_Once__0'0 = C_Some'0 e } /\ visited = Seq.singleton e /\ o = { t_Once__0'0 = C_None'0 }) - - predicate inv'2 (_1 : t_Option'0) - - axiom inv_axiom'1 [@rewrite] : forall x : t_Option'0 [inv'2 x] . inv'2 x - = match x with - | C_None'0 -> true - | C_Some'0 a_0 -> inv'1 a_0 - end - - predicate inv'0 (_1 : t_Once'0) - - axiom inv_axiom'0 [@rewrite] : forall x : t_Once'0 [inv'0 x] . inv'0 x - = match x with - | {t_Once__0'0 = a_0} -> inv'2 a_0 - end + \/ (exists e : t_T'0 . self = { t_Once__0'0 = C_Some'0 e } + /\ visited = Seq.singleton e /\ o = { t_Once__0'0 = C_None'0 }) use seq.Seq goal refines : [%#s10_once0] forall a : t_Once'0 . forall ab : Seq.seq t_T'0 . forall b : t_Once'0 . forall bc : Seq.seq t_T'0 . forall c : t_Once'0 . produces'0 b bc c - /\ produces'0 a ab b /\ inv'0 c /\ inv'0 b /\ inv'0 a - -> produces'0 b bc c /\ produces'0 a ab b - /\ inv'0 c - /\ inv'0 b /\ inv'0 a /\ (forall result : () . produces'0 a (Seq.(++) ab bc) c -> produces'0 a (Seq.(++) ab bc) c) + -> produces'0 b bc c + /\ produces'0 a ab b /\ (forall result : () . produces'0 a (Seq.(++) ab bc) c -> produces'0 a (Seq.(++) ab bc) c) end diff --git a/creusot/tests/should_succeed/iterators/10_once.rs b/creusot/tests/should_succeed/iterators/10_once.rs index f63ab4b9c..347ccca86 100644 --- a/creusot/tests/should_succeed/iterators/10_once.rs +++ b/creusot/tests/should_succeed/iterators/10_once.rs @@ -1,6 +1,6 @@ extern crate creusot_contracts; -use creusot_contracts::{invariant::inv, *}; +use creusot_contracts::*; mod common; use common::Iterator; @@ -21,21 +21,17 @@ impl Iterator for Once { fn produces(self, visited: Seq, o: Self) -> bool { pearlite! { visited == Seq::EMPTY && self == o || - exists inv(e) && self == Once(Some(e)) && visited == Seq::singleton(e) && o == Once(None) + exists self == Once(Some(e)) && visited == Seq::singleton(e) && o == Once(None) } } #[law] #[open] - #[requires(inv(self))] #[ensures(self.produces(Seq::EMPTY, self))] fn produces_refl(self) {} #[law] #[open] - #[requires(inv(a))] - #[requires(inv(b))] - #[requires(inv(c))] #[requires(a.produces(ab, b))] #[requires(b.produces(bc, c))] #[ensures(a.produces(ab.concat(bc), c))] diff --git a/creusot/tests/should_succeed/iterators/10_once/why3session.xml b/creusot/tests/should_succeed/iterators/10_once/why3session.xml index 168d31cfe..e970dfc32 100644 --- a/creusot/tests/should_succeed/iterators/10_once/why3session.xml +++ b/creusot/tests/should_succeed/iterators/10_once/why3session.xml @@ -9,7 +9,7 @@ - + @@ -17,12 +17,12 @@ - + - + @@ -33,12 +33,12 @@ - + - + @@ -56,7 +56,7 @@ - + diff --git a/creusot/tests/should_succeed/iterators/10_once/why3shapes.gz b/creusot/tests/should_succeed/iterators/10_once/why3shapes.gz index b7d3d71a1e3d51f550a5b24060980abd2fb7102e..58e97fa4fe214d84991d71f5d0e7c57ae87f937e 100644 GIT binary patch literal 810 zcmV+_1J(Q=iwFP!00000|Fu$0Ya>Sxz0a?ho02tws;>SFF+`XQBM8~ULSIF7ceO1d zj~q$skbfUW(%6zMyn!ThnWFmD>-S#ucc0qb13$^GeU|NRwHbbFZTso_hM%^Z@-@qD z1`${upZ0%6SX}LPU2~|G2cq*y-pRTiVTbY!>&;EXNKr4Yx4Zd8KVnoD9rb?pI;I=H z3tfp*=6um&9=i?Sa_0T=^N?i*v&Y~0Zu#40kQvPRmTzwOIJ#R6_iNd2hIr`nn~5)* zM;Yb(^7(w|ki*9p-1q;+I=>R?#Ufu0-){KzVDWzSiz^T0ZvUc~SHts6MSK+$;g3TT zBXm>I+?^^qHxZ*cLMf_lDw?t2?TUx}45B^)AnI-^niG|s-*MhNKCNXhWd_l_YC2P# zziziO?4vo0({Wu5ygp1!qV3{e)B0<)-Tb86ET*D+mmgir52pMe!g(k-rKYCTR8*&c zA?nM3=?K-4x~aGf*i6eZ)3Qu+8G!vT0DC0>`)cN-X1Rp(nNud$4;Q?Z-DdqfUYIu9 z?dDG@NP4#al8u+v-%Qr356KNM#j#)e6#h7d6hYk}L|mCefzq z;8SKFk|smd z1CRhJWhfOXYvU;(1<2LsYI9*dT5(5>s4DAJf+1^yP7+L^3`zqd=`sd`rbpc)^{ASn oB&bxxGy33)2N_+fFnY@xM)L}K3_bcDU5~c;8|@$5Dqsiz0ND?UN&o-= literal 965 zcmV;$13LU4iwFP!00000|Fu=iZeuqL-QTb9F6{&bM7>osKn)`oxoe?`Auk&3|35 z=#JrH^>zmVa5n#K{X%yv1op??$ph<~(alCn;BNkTmFSM$z5E^mKcuq2`(||bx>@Hh ziMDqvNTiq7-CsctSH1moM9HBUeYcOz_jR9h;g*)=0Nk4+VsF1Y^Zq`lV1ga4yHBS! zLpQ@tFCanH(3wXcXuk>G*H71UAMhctllagNAH^RHUUT{J=31P$xEMxKImL${PNed& z<%*W8E0?;sOx?G}RJ%;ojfQDe*-C9LaQ3mKn~VF37!#%o7h?5}q&0Rhjvnmr0n<7A zvD+y=;Qc)wShtJS(~@@URdCgh?+|0#ZaV7W9zUO>_iyO-Nohm4BfJm5a7nAD-805S z_<%nLfB<}fmFR~6yk;QA033fh{Oo^e5R4;Hf)OhM$l&^~FB+>#|DPuRg8L=5@`1rhrE06H~!sFK#9<-T*JTZ%VOqbuE@?-(PS>fXvx?J~&4yOHpw1*WSQaZ>?h&nMJ$y5*y+(W7 zj_R}yKIkW|>BpLWY}{F+D9}{nO|`nTW=)<;fyE(J2GKX;Qef3COSQ{V-K7BfrU3ei z0Q%I-Sj~LS&M~7V*MkFYXuDp%)dS;tvswR1xlYA-U*>qyA~!nt%Ismka$8Tstx^ue z{0i~A#9(l-dZx`{H(z9YqWTqdf_CSo|Cg4>x7T-Fu@PJni~&y(WsDe$Mdvsw9ks!U z@Z5uEoid6fY0zXO2{fc+)G`_*hF}_rz$2T z?s7~~D3A;#fz`2)1hge{HxXX#6Kzp4Ym-ZnHc2Lvq#{f#Xc-6=ODzr#lsfTfnJy(O z2I#OjM~bt^AS#EcW-<@TgY+Oga1RGyR*)4iw9GL9%9O&vFb-5SW<)U&9^5rxQcw^K zNMWQEk}Fi2n3XmkefsXqeR^k(EvxKvk^NN^_A7RpG(j!q@*N zL{wQ9#iLSGSjx(AVn$>}6>o0fdDck8buoq)EG9y6ft~{5X3(t8cgv*&} n&_!o5s0(0phNL57tdnvgykMR?&#mXibKU(7szFb}zX|{VWoXvl diff --git a/creusot/tests/should_succeed/iterators/11_repeat.coma b/creusot/tests/should_succeed/iterators/11_repeat.coma index cc1b9f654..cc5ccd689 100644 --- a/creusot/tests/should_succeed/iterators/11_repeat.coma +++ b/creusot/tests/should_succeed/iterators/11_repeat.coma @@ -1,26 +1,16 @@ -module M_11_repeat__qyi12237267952628538149__produces_refl [#"11_repeat.rs" 34 4 34 26] (* as common::Iterator> *) - let%span s11_repeat0 = "11_repeat.rs" 32 15 32 24 - let%span s11_repeat1 = "11_repeat.rs" 33 14 33 45 - let%span s11_repeat2 = "11_repeat.rs" 30 4 30 10 - let%span s11_repeat3 = "11_repeat.rs" 25 12 26 85 - - type t_A'0 - - type t_Repeat'0 = - { t_Repeat__element'0: t_A'0 } - - predicate inv'1 (_1 : t_A'0) +module M_11_repeat__qyi12237267952628538149__produces_refl [#"11_repeat.rs" 33 4 33 26] (* as common::Iterator> *) + let%span s11_repeat0 = "11_repeat.rs" 32 14 32 45 + let%span s11_repeat1 = "11_repeat.rs" 30 4 30 10 + let%span s11_repeat2 = "11_repeat.rs" 25 12 26 85 - predicate inv'0 (_1 : t_Repeat'0) + use seq.Seq - axiom inv_axiom'0 [@rewrite] : forall x : t_Repeat'0 [inv'0 x] . inv'0 x - = match x with - | {t_Repeat__element'0 = element} -> inv'1 element - end + type t_A'0 use seq.Seq - use seq.Seq + type t_Repeat'0 = + { t_Repeat__element'0: t_A'0 } use prelude.prelude.Int @@ -29,40 +19,27 @@ module M_11_repeat__qyi12237267952628538149__produces_refl [#"11_repeat.rs" 34 4 use seq.Seq predicate produces'0 [#"11_repeat.rs" 23 4 23 64] (self : t_Repeat'0) (visited : Seq.seq t_A'0) (o : t_Repeat'0) = - [%#s11_repeat3] self = o + [%#s11_repeat2] self = o /\ (forall i : int . 0 <= i /\ i < Seq.length visited -> Seq.get visited i = self.t_Repeat__element'0) constant self : t_Repeat'0 - function produces_refl'0 [#"11_repeat.rs" 34 4 34 26] (self : t_Repeat'0) : () + function produces_refl'0 [#"11_repeat.rs" 33 4 33 26] (self : t_Repeat'0) : () - goal vc_produces_refl'0 : ([%#s11_repeat0] inv'0 self) - -> ([%#s11_repeat1] produces'0 self (Seq.empty : Seq.seq t_A'0) self) + goal vc_produces_refl'0 : [%#s11_repeat0] produces'0 self (Seq.empty : Seq.seq t_A'0) self end -module M_11_repeat__qyi12237267952628538149__produces_trans [#"11_repeat.rs" 44 4 44 90] (* as common::Iterator> *) - let%span s11_repeat0 = "11_repeat.rs" 38 15 38 21 - let%span s11_repeat1 = "11_repeat.rs" 39 15 39 21 - let%span s11_repeat2 = "11_repeat.rs" 40 15 40 21 - let%span s11_repeat3 = "11_repeat.rs" 41 15 41 32 - let%span s11_repeat4 = "11_repeat.rs" 42 15 42 32 - let%span s11_repeat5 = "11_repeat.rs" 43 14 43 42 - let%span s11_repeat6 = "11_repeat.rs" 36 4 36 10 - let%span s11_repeat7 = "11_repeat.rs" 25 12 26 85 +module M_11_repeat__qyi12237267952628538149__produces_trans [#"11_repeat.rs" 40 4 40 90] (* as common::Iterator> *) + let%span s11_repeat0 = "11_repeat.rs" 37 15 37 32 + let%span s11_repeat1 = "11_repeat.rs" 38 15 38 32 + let%span s11_repeat2 = "11_repeat.rs" 39 14 39 42 + let%span s11_repeat3 = "11_repeat.rs" 35 4 35 10 + let%span s11_repeat4 = "11_repeat.rs" 25 12 26 85 type t_A'0 type t_Repeat'0 = { t_Repeat__element'0: t_A'0 } - predicate inv'1 (_1 : t_A'0) - - predicate inv'0 (_1 : t_Repeat'0) - - axiom inv_axiom'0 [@rewrite] : forall x : t_Repeat'0 [inv'0 x] . inv'0 x - = match x with - | {t_Repeat__element'0 = element} -> inv'1 element - end - use seq.Seq use prelude.prelude.Int @@ -72,7 +49,7 @@ module M_11_repeat__qyi12237267952628538149__produces_trans [#"11_repeat.rs" 44 use seq.Seq predicate produces'0 [#"11_repeat.rs" 23 4 23 64] (self : t_Repeat'0) (visited : Seq.seq t_A'0) (o : t_Repeat'0) = - [%#s11_repeat7] self = o + [%#s11_repeat4] self = o /\ (forall i : int . 0 <= i /\ i < Seq.length visited -> Seq.get visited i = self.t_Repeat__element'0) use seq.Seq @@ -87,18 +64,16 @@ module M_11_repeat__qyi12237267952628538149__produces_trans [#"11_repeat.rs" 44 constant c : t_Repeat'0 - function produces_trans'0 [#"11_repeat.rs" 44 4 44 90] (a : t_Repeat'0) (ab : Seq.seq t_A'0) (b : t_Repeat'0) (bc : Seq.seq t_A'0) (c : t_Repeat'0) : () + function produces_trans'0 [#"11_repeat.rs" 40 4 40 90] (a : t_Repeat'0) (ab : Seq.seq t_A'0) (b : t_Repeat'0) (bc : Seq.seq t_A'0) (c : t_Repeat'0) : () - goal vc_produces_trans'0 : ([%#s11_repeat4] produces'0 b bc c) - -> ([%#s11_repeat3] produces'0 a ab b) - -> ([%#s11_repeat2] inv'0 c) - -> ([%#s11_repeat1] inv'0 b) -> ([%#s11_repeat0] inv'0 a) -> ([%#s11_repeat5] produces'0 a (Seq.(++) ab bc) c) + goal vc_produces_trans'0 : ([%#s11_repeat1] produces'0 b bc c) + -> ([%#s11_repeat0] produces'0 a ab b) -> ([%#s11_repeat2] produces'0 a (Seq.(++) ab bc) c) end -module M_11_repeat__qyi12237267952628538149__next [#"11_repeat.rs" 50 4 50 35] (* as common::Iterator> *) - let%span s11_repeat0 = "11_repeat.rs" 50 17 50 21 - let%span s11_repeat1 = "11_repeat.rs" 50 26 50 35 - let%span s11_repeat2 = "11_repeat.rs" 46 14 49 5 +module M_11_repeat__qyi12237267952628538149__next [#"11_repeat.rs" 46 4 46 35] (* as common::Iterator> *) + let%span s11_repeat0 = "11_repeat.rs" 46 17 46 21 + let%span s11_repeat1 = "11_repeat.rs" 46 26 46 35 + let%span s11_repeat2 = "11_repeat.rs" 42 14 45 5 let%span sclone3 = "../../../../creusot-contracts/src/std/clone.rs" 7 0 20 1 let%span s11_repeat4 = "11_repeat.rs" 18 20 18 25 let%span s11_repeat5 = "11_repeat.rs" 25 12 26 85 @@ -199,8 +174,8 @@ module M_11_repeat__qyi12237267952628538149__next [#"11_repeat.rs" 50 4 50 35] ( (! return' {result}) ] end -module M_11_repeat__qyi12237267952628538149__produces_refl__refines [#"11_repeat.rs" 34 4 34 26] (* as common::Iterator> *) - let%span s11_repeat0 = "11_repeat.rs" 34 4 34 26 +module M_11_repeat__qyi12237267952628538149__produces_refl__refines [#"11_repeat.rs" 33 4 33 26] (* as common::Iterator> *) + let%span s11_repeat0 = "11_repeat.rs" 33 4 33 26 let%span s11_repeat1 = "11_repeat.rs" 25 12 26 85 type t_A'0 @@ -208,15 +183,6 @@ module M_11_repeat__qyi12237267952628538149__produces_refl__refines [#"11_repeat type t_Repeat'0 = { t_Repeat__element'0: t_A'0 } - predicate inv'1 (_1 : t_A'0) - - predicate inv'0 (_1 : t_Repeat'0) - - axiom inv_axiom'0 [@rewrite] : forall x : t_Repeat'0 [inv'0 x] . inv'0 x - = match x with - | {t_Repeat__element'0 = element} -> inv'1 element - end - use seq.Seq use seq.Seq @@ -231,13 +197,11 @@ module M_11_repeat__qyi12237267952628538149__produces_refl__refines [#"11_repeat [%#s11_repeat1] self = o /\ (forall i : int . 0 <= i /\ i < Seq.length visited -> Seq.get visited i = self.t_Repeat__element'0) - goal refines : [%#s11_repeat0] forall self : t_Repeat'0 . inv'0 self - -> inv'0 self - /\ (forall result : () . produces'0 self (Seq.empty : Seq.seq t_A'0) self - -> produces'0 self (Seq.empty : Seq.seq t_A'0) self) + goal refines : [%#s11_repeat0] forall self : t_Repeat'0 . forall result : () . produces'0 self (Seq.empty : Seq.seq t_A'0) self + -> produces'0 self (Seq.empty : Seq.seq t_A'0) self end -module M_11_repeat__qyi12237267952628538149__next__refines [#"11_repeat.rs" 50 4 50 35] (* as common::Iterator> *) - let%span s11_repeat0 = "11_repeat.rs" 50 4 50 35 +module M_11_repeat__qyi12237267952628538149__next__refines [#"11_repeat.rs" 46 4 46 35] (* as common::Iterator> *) + let%span s11_repeat0 = "11_repeat.rs" 46 4 46 35 let%span s11_repeat1 = "11_repeat.rs" 18 20 18 25 let%span s11_repeat2 = "11_repeat.rs" 25 12 26 85 let%span sinvariant3 = "../../../../creusot-contracts/src/invariant.rs" 34 20 34 44 @@ -307,8 +271,8 @@ module M_11_repeat__qyi12237267952628538149__next__refines [#"11_repeat.rs" 50 4 end /\ inv'1 result) end -module M_11_repeat__qyi12237267952628538149__produces_trans__refines [#"11_repeat.rs" 44 4 44 90] (* as common::Iterator> *) - let%span s11_repeat0 = "11_repeat.rs" 44 4 44 90 +module M_11_repeat__qyi12237267952628538149__produces_trans__refines [#"11_repeat.rs" 40 4 40 90] (* as common::Iterator> *) + let%span s11_repeat0 = "11_repeat.rs" 40 4 40 90 let%span s11_repeat1 = "11_repeat.rs" 25 12 26 85 type t_A'0 @@ -328,21 +292,10 @@ module M_11_repeat__qyi12237267952628538149__produces_trans__refines [#"11_repea [%#s11_repeat1] self = o /\ (forall i : int . 0 <= i /\ i < Seq.length visited -> Seq.get visited i = self.t_Repeat__element'0) - predicate inv'1 (_1 : t_A'0) - - predicate inv'0 (_1 : t_Repeat'0) - - axiom inv_axiom'0 [@rewrite] : forall x : t_Repeat'0 [inv'0 x] . inv'0 x - = match x with - | {t_Repeat__element'0 = element} -> inv'1 element - end - use seq.Seq goal refines : [%#s11_repeat0] forall a : t_Repeat'0 . forall ab : Seq.seq t_A'0 . forall b : t_Repeat'0 . forall bc : Seq.seq t_A'0 . forall c : t_Repeat'0 . produces'0 b bc c - /\ produces'0 a ab b /\ inv'0 c /\ inv'0 b /\ inv'0 a - -> produces'0 b bc c /\ produces'0 a ab b - /\ inv'0 c - /\ inv'0 b /\ inv'0 a /\ (forall result : () . produces'0 a (Seq.(++) ab bc) c -> produces'0 a (Seq.(++) ab bc) c) + -> produces'0 b bc c + /\ produces'0 a ab b /\ (forall result : () . produces'0 a (Seq.(++) ab bc) c -> produces'0 a (Seq.(++) ab bc) c) end diff --git a/creusot/tests/should_succeed/iterators/11_repeat.rs b/creusot/tests/should_succeed/iterators/11_repeat.rs index fa9d86d3e..2d199f6ad 100644 --- a/creusot/tests/should_succeed/iterators/11_repeat.rs +++ b/creusot/tests/should_succeed/iterators/11_repeat.rs @@ -1,6 +1,6 @@ extern crate creusot_contracts; -use creusot_contracts::{invariant::inv, *}; +use creusot_contracts::*; mod common; use common::Iterator; @@ -29,15 +29,11 @@ impl Iterator for Repeat { #[law] #[open] - #[requires(inv(self))] #[ensures(self.produces(Seq::EMPTY, self))] fn produces_refl(self) {} #[law] #[open] - #[requires(inv(a))] - #[requires(inv(b))] - #[requires(inv(c))] #[requires(a.produces(ab, b))] #[requires(b.produces(bc, c))] #[ensures(a.produces(ab.concat(bc), c))] diff --git a/creusot/tests/should_succeed/iterators/11_repeat/why3session.xml b/creusot/tests/should_succeed/iterators/11_repeat/why3session.xml index c19851497..622af159d 100644 --- a/creusot/tests/should_succeed/iterators/11_repeat/why3session.xml +++ b/creusot/tests/should_succeed/iterators/11_repeat/why3session.xml @@ -17,7 +17,7 @@ - + @@ -27,7 +27,7 @@ - + diff --git a/creusot/tests/should_succeed/iterators/11_repeat/why3shapes.gz b/creusot/tests/should_succeed/iterators/11_repeat/why3shapes.gz index 415841d87857497d173ebaf25ceac2a0daf0f4bc..ac7b8bff00ca1d6b834881fda44e309072f02424 100644 GIT binary patch literal 544 zcmV+*0^j`~iwFP!00000|D};XkJ~T|#dm!QZ*DJ(sDGBb1py3a>CggN14^RWpoyKv zz5xC9h2!Whz6-8HJv~s5kL1svo{Hfoo@gj8bRPD7_oXn!(`SaKb041r4JCIR>3ACd zIKF*YZ5nn}yKB&WCk}K-v+XM1q^?#DoOEjYxZJE4bq7u?D&l?bV^1@Ei@gw6D@2bz zVAw7nrs|?JyVwTz-K7)`aNK>P6X96$^7zX+{`>kO9dEK=lfd&HyK&lKHgG4JEZAnm z&F*X8QOR$)3OBp&{gF!UoSZwr$tDYS6K1`^&>v3+8Y!0C>DQdQox}6_Ox@@-4*TxM zfyTab6{dZMhigY3WVZhuYahin>)WMzn?-XE1u`{}sR_q#h@}&65yNa&4w@{Mh-F4B zGh+D;v0SXEGGdhxEB5GA^LpybR=XV?=t$G#JKv1K%$LKMU?@w67SI|{64eGx>|E>% z(0^YzwsOfey$+}8fz*2>ANlF2>VLu!`|6CRe%G~MDqTH&CTrNW=LPc&hV3^zA`A<< zIQ;USK3_7_)209d$5WSHBK8aFIpEEl)ldfexUc!4wH zg5T6!F1_%|>&@fvYt;f|0eW>u@nTHfMC2s#bWW7#p13-SuB>tVo4s2s$WOF zcD3E&9uGKHzWF!Vpr^^%wbc8p4Vnc;EM53amO4bkwG+8WD&B~K{Co9)ma1Bh>QtU5zH|qO*KzCL<=k$9Sw)f zgVKUosJIi35)-U4xn=^A6*y{Pl-b%KAfZ&Y;!ZkBFsLj;RF+1SYa6qytyQL0nJSAa zRop2@iL4C^5p+liG$v+{S*9caDocYk6?fJdS36CZ0Sl~F2-0NC5_nD#p$-Ov5H%eK Wm5vF=xMR#QO8x-aTU)ZC1pokd5frrm diff --git a/creusot/tests/should_succeed/iterators/12_zip.coma b/creusot/tests/should_succeed/iterators/12_zip.coma index 4aa4566c4..0b5e34c81 100644 --- a/creusot/tests/should_succeed/iterators/12_zip.coma +++ b/creusot/tests/should_succeed/iterators/12_zip.coma @@ -1,39 +1,16 @@ -module M_12_zip__qyi1592645166739554830__produces_refl [#"12_zip.rs" 43 4 43 26] (* as common::Iterator> *) - let%span s12_zip0 = "12_zip.rs" 41 15 41 24 - let%span s12_zip1 = "12_zip.rs" 42 14 42 45 - let%span s12_zip2 = "12_zip.rs" 39 4 39 10 - let%span s12_zip3 = "12_zip.rs" 32 12 35 73 - let%span scommon4 = "common.rs" 14 15 14 24 - let%span scommon5 = "common.rs" 15 14 15 45 - let%span scommon6 = "common.rs" 19 15 19 21 - let%span scommon7 = "common.rs" 20 15 20 21 - let%span scommon8 = "common.rs" 21 15 21 21 - let%span scommon9 = "common.rs" 22 15 22 32 - let%span scommon10 = "common.rs" 23 15 23 32 - let%span scommon11 = "common.rs" 24 14 24 42 - let%span sseq12 = "../../../../creusot-contracts/src/logic/seq.rs" 611 20 611 95 - let%span sboxed13 = "../../../../creusot-contracts/src/std/boxed.rs" 28 8 28 18 - - type t_A'0 - - type t_B'0 - - type t_Zip'0 = - { t_Zip__a'0: t_A'0; t_Zip__b'0: t_B'0 } - - predicate inv'3 (_1 : t_A'0) - - predicate inv'4 (_1 : t_B'0) - - predicate inv'0 (_1 : t_Zip'0) - - axiom inv_axiom'0 [@rewrite] : forall x : t_Zip'0 [inv'0 x] . inv'0 x - = match x with - | {t_Zip__a'0 = a ; t_Zip__b'0 = b} -> inv'3 a /\ inv'4 b - end +module M_12_zip__qyi1592645166739554830__produces_refl [#"12_zip.rs" 42 4 42 26] (* as common::Iterator> *) + let%span s12_zip0 = "12_zip.rs" 41 14 41 45 + let%span s12_zip1 = "12_zip.rs" 39 4 39 10 + let%span s12_zip2 = "12_zip.rs" 32 12 35 73 + let%span scommon3 = "common.rs" 14 14 14 45 + let%span scommon4 = "common.rs" 18 15 18 32 + let%span scommon5 = "common.rs" 19 15 19 32 + let%span scommon6 = "common.rs" 20 14 20 42 use seq.Seq + type t_A'0 + use seq.Seq use seq.Seq @@ -44,19 +21,17 @@ module M_12_zip__qyi1592645166739554830__produces_refl [#"12_zip.rs" 43 4 43 26] predicate produces'1 [#"common.rs" 8 4 8 65] (self : t_A'0) (visited : Seq.seq t_Item'0) (o : t_A'0) - function produces_trans'0 [#"common.rs" 25 4 25 91] (a : t_A'0) (ab : Seq.seq t_Item'0) (b : t_A'0) (bc : Seq.seq t_Item'0) (c : t_A'0) : () + function produces_trans'0 [#"common.rs" 21 4 21 91] (a : t_A'0) (ab : Seq.seq t_Item'0) (b : t_A'0) (bc : Seq.seq t_Item'0) (c : t_A'0) : () - axiom produces_trans'0_spec : forall a : t_A'0, ab : Seq.seq t_Item'0, b : t_A'0, bc : Seq.seq t_Item'0, c : t_A'0 . ([%#scommon6] inv'3 a) - -> ([%#scommon7] inv'3 b) - -> ([%#scommon8] inv'3 c) - -> ([%#scommon9] produces'1 a ab b) - -> ([%#scommon10] produces'1 b bc c) -> ([%#scommon11] produces'1 a (Seq.(++) ab bc) c) + axiom produces_trans'0_spec : forall a : t_A'0, ab : Seq.seq t_Item'0, b : t_A'0, bc : Seq.seq t_Item'0, c : t_A'0 . ([%#scommon4] produces'1 a ab b) + -> ([%#scommon5] produces'1 b bc c) -> ([%#scommon6] produces'1 a (Seq.(++) ab bc) c) - function produces_refl'1 [#"common.rs" 16 4 16 27] (self : t_A'0) : () + function produces_refl'1 [#"common.rs" 15 4 15 27] (self : t_A'0) : () - axiom produces_refl'1_spec : forall self : t_A'0 . ([%#scommon4] inv'3 self) - -> ([%#scommon5] produces'1 self (Seq.empty : Seq.seq t_Item'0) self) + axiom produces_refl'1_spec : forall self : t_A'0 . [%#scommon3] produces'1 self (Seq.empty : Seq.seq t_Item'0) self + + type t_B'0 use seq.Seq @@ -68,65 +43,28 @@ module M_12_zip__qyi1592645166739554830__produces_refl [#"12_zip.rs" 43 4 43 26] predicate produces'2 [#"common.rs" 8 4 8 65] (self : t_B'0) (visited : Seq.seq t_Item'1) (o : t_B'0) - function produces_trans'1 [#"common.rs" 25 4 25 91] (a : t_B'0) (ab : Seq.seq t_Item'1) (b : t_B'0) (bc : Seq.seq t_Item'1) (c : t_B'0) : () + function produces_trans'1 [#"common.rs" 21 4 21 91] (a : t_B'0) (ab : Seq.seq t_Item'1) (b : t_B'0) (bc : Seq.seq t_Item'1) (c : t_B'0) : () - axiom produces_trans'1_spec : forall a : t_B'0, ab : Seq.seq t_Item'1, b : t_B'0, bc : Seq.seq t_Item'1, c : t_B'0 . ([%#scommon6] inv'4 a) - -> ([%#scommon7] inv'4 b) - -> ([%#scommon8] inv'4 c) - -> ([%#scommon9] produces'2 a ab b) - -> ([%#scommon10] produces'2 b bc c) -> ([%#scommon11] produces'2 a (Seq.(++) ab bc) c) + axiom produces_trans'1_spec : forall a : t_B'0, ab : Seq.seq t_Item'1, b : t_B'0, bc : Seq.seq t_Item'1, c : t_B'0 . ([%#scommon4] produces'2 a ab b) + -> ([%#scommon5] produces'2 b bc c) -> ([%#scommon6] produces'2 a (Seq.(++) ab bc) c) - function produces_refl'2 [#"common.rs" 16 4 16 27] (self : t_B'0) : () + function produces_refl'2 [#"common.rs" 15 4 15 27] (self : t_B'0) : () - axiom produces_refl'2_spec : forall self : t_B'0 . ([%#scommon4] inv'4 self) - -> ([%#scommon5] produces'2 self (Seq.empty : Seq.seq t_Item'1) self) + axiom produces_refl'2_spec : forall self : t_B'0 . [%#scommon3] produces'2 self (Seq.empty : Seq.seq t_Item'1) self use seq.Seq - use prelude.prelude.Int - - use seq.Seq + type t_Zip'0 = + { t_Zip__a'0: t_A'0; t_Zip__b'0: t_B'0 } use seq.Seq - predicate inv'7 (_1 : t_Item'0) - - predicate invariant'2 (self : t_Item'0) = - [%#sboxed13] inv'7 self - - predicate inv'5 (_1 : t_Item'0) - - axiom inv_axiom'3 [@rewrite] : forall x : t_Item'0 [inv'5 x] . inv'5 x = invariant'2 x - - predicate invariant'0 (self : Seq.seq t_Item'0) = - [%#sseq12] forall i : int . 0 <= i /\ i < Seq.length self -> inv'5 (Seq.get self i) - - predicate inv'1 (_1 : Seq.seq t_Item'0) - - axiom inv_axiom'1 [@rewrite] : forall x : Seq.seq t_Item'0 [inv'1 x] . inv'1 x = invariant'0 x - use seq.Seq use seq.Seq - predicate inv'8 (_1 : t_Item'1) - - predicate invariant'3 (self : t_Item'1) = - [%#sboxed13] inv'8 self - - predicate inv'6 (_1 : t_Item'1) - - axiom inv_axiom'4 [@rewrite] : forall x : t_Item'1 [inv'6 x] . inv'6 x = invariant'3 x - - predicate invariant'1 (self : Seq.seq t_Item'1) = - [%#sseq12] forall i : int . 0 <= i /\ i < Seq.length self -> inv'6 (Seq.get self i) - - predicate inv'2 (_1 : Seq.seq t_Item'1) - - axiom inv_axiom'2 [@rewrite] : forall x : Seq.seq t_Item'1 [inv'2 x] . inv'2 x = invariant'1 x - - use seq.Seq + use prelude.prelude.Int use seq.Seq @@ -137,39 +75,27 @@ module M_12_zip__qyi1592645166739554830__produces_refl [#"12_zip.rs" 43 4 43 26] predicate produces'0 [#"12_zip.rs" 29 4 29 65] (self : t_Zip'0) (visited : Seq.seq (t_Item'0, t_Item'1)) (tl : t_Zip'0) = - [%#s12_zip3] exists p1 : Seq.seq t_Item'0, p2 : Seq.seq t_Item'1 . inv'1 p1 - /\ inv'2 p2 - /\ Seq.length p1 = Seq.length p2 + [%#s12_zip2] exists p1 : Seq.seq t_Item'0, p2 : Seq.seq t_Item'1 . Seq.length p1 = Seq.length p2 /\ Seq.length p2 = Seq.length visited /\ (forall i : int . 0 <= i /\ i < Seq.length visited -> Seq.get visited i = (Seq.get p1 i, Seq.get p2 i)) /\ produces'1 self.t_Zip__a'0 p1 tl.t_Zip__a'0 /\ produces'2 self.t_Zip__b'0 p2 tl.t_Zip__b'0 constant self : t_Zip'0 - function produces_refl'0 [#"12_zip.rs" 43 4 43 26] (self : t_Zip'0) : () + function produces_refl'0 [#"12_zip.rs" 42 4 42 26] (self : t_Zip'0) : () - goal vc_produces_refl'0 : ([%#s12_zip0] inv'0 self) - -> ([%#s12_zip1] produces'0 self (Seq.empty : Seq.seq (t_Item'0, t_Item'1)) self) + goal vc_produces_refl'0 : [%#s12_zip0] produces'0 self (Seq.empty : Seq.seq (t_Item'0, t_Item'1)) self end -module M_12_zip__qyi1592645166739554830__produces_trans [#"12_zip.rs" 53 4 53 90] (* as common::Iterator> *) - let%span s12_zip0 = "12_zip.rs" 47 15 47 21 - let%span s12_zip1 = "12_zip.rs" 48 15 48 21 - let%span s12_zip2 = "12_zip.rs" 49 15 49 21 - let%span s12_zip3 = "12_zip.rs" 50 15 50 32 - let%span s12_zip4 = "12_zip.rs" 51 15 51 32 - let%span s12_zip5 = "12_zip.rs" 52 14 52 42 - let%span s12_zip6 = "12_zip.rs" 45 4 45 10 - let%span s12_zip7 = "12_zip.rs" 32 12 35 73 - let%span scommon8 = "common.rs" 14 15 14 24 - let%span scommon9 = "common.rs" 15 14 15 45 - let%span scommon10 = "common.rs" 19 15 19 21 - let%span scommon11 = "common.rs" 20 15 20 21 - let%span scommon12 = "common.rs" 21 15 21 21 - let%span scommon13 = "common.rs" 22 15 22 32 - let%span scommon14 = "common.rs" 23 15 23 32 - let%span scommon15 = "common.rs" 24 14 24 42 - let%span sseq16 = "../../../../creusot-contracts/src/logic/seq.rs" 611 20 611 95 - let%span sboxed17 = "../../../../creusot-contracts/src/std/boxed.rs" 28 8 28 18 +module M_12_zip__qyi1592645166739554830__produces_trans [#"12_zip.rs" 49 4 49 90] (* as common::Iterator> *) + let%span s12_zip0 = "12_zip.rs" 46 15 46 32 + let%span s12_zip1 = "12_zip.rs" 47 15 47 32 + let%span s12_zip2 = "12_zip.rs" 48 14 48 42 + let%span s12_zip3 = "12_zip.rs" 44 4 44 10 + let%span s12_zip4 = "12_zip.rs" 32 12 35 73 + let%span scommon5 = "common.rs" 14 14 14 45 + let%span scommon6 = "common.rs" 18 15 18 32 + let%span scommon7 = "common.rs" 19 15 19 32 + let%span scommon8 = "common.rs" 20 14 20 42 type t_A'0 @@ -178,17 +104,6 @@ module M_12_zip__qyi1592645166739554830__produces_trans [#"12_zip.rs" 53 4 53 90 type t_Zip'0 = { t_Zip__a'0: t_A'0; t_Zip__b'0: t_B'0 } - predicate inv'3 (_1 : t_A'0) - - predicate inv'4 (_1 : t_B'0) - - predicate inv'0 (_1 : t_Zip'0) - - axiom inv_axiom'0 [@rewrite] : forall x : t_Zip'0 [inv'0 x] . inv'0 x - = match x with - | {t_Zip__a'0 = a ; t_Zip__b'0 = b} -> inv'3 a /\ inv'4 b - end - use seq.Seq use seq.Seq @@ -199,19 +114,15 @@ module M_12_zip__qyi1592645166739554830__produces_trans [#"12_zip.rs" 53 4 53 90 predicate produces'1 [#"common.rs" 8 4 8 65] (self : t_A'0) (visited : Seq.seq t_Item'0) (o : t_A'0) - function produces_trans'1 [#"common.rs" 25 4 25 91] (a : t_A'0) (ab : Seq.seq t_Item'0) (b : t_A'0) (bc : Seq.seq t_Item'0) (c : t_A'0) : () + function produces_trans'1 [#"common.rs" 21 4 21 91] (a : t_A'0) (ab : Seq.seq t_Item'0) (b : t_A'0) (bc : Seq.seq t_Item'0) (c : t_A'0) : () - axiom produces_trans'1_spec : forall a : t_A'0, ab : Seq.seq t_Item'0, b : t_A'0, bc : Seq.seq t_Item'0, c : t_A'0 . ([%#scommon10] inv'3 a) - -> ([%#scommon11] inv'3 b) - -> ([%#scommon12] inv'3 c) - -> ([%#scommon13] produces'1 a ab b) - -> ([%#scommon14] produces'1 b bc c) -> ([%#scommon15] produces'1 a (Seq.(++) ab bc) c) + axiom produces_trans'1_spec : forall a : t_A'0, ab : Seq.seq t_Item'0, b : t_A'0, bc : Seq.seq t_Item'0, c : t_A'0 . ([%#scommon6] produces'1 a ab b) + -> ([%#scommon7] produces'1 b bc c) -> ([%#scommon8] produces'1 a (Seq.(++) ab bc) c) - function produces_refl'0 [#"common.rs" 16 4 16 27] (self : t_A'0) : () + function produces_refl'0 [#"common.rs" 15 4 15 27] (self : t_A'0) : () - axiom produces_refl'0_spec : forall self : t_A'0 . ([%#scommon8] inv'3 self) - -> ([%#scommon9] produces'1 self (Seq.empty : Seq.seq t_Item'0) self) + axiom produces_refl'0_spec : forall self : t_A'0 . [%#scommon5] produces'1 self (Seq.empty : Seq.seq t_Item'0) self use seq.Seq @@ -223,65 +134,25 @@ module M_12_zip__qyi1592645166739554830__produces_trans [#"12_zip.rs" 53 4 53 90 predicate produces'2 [#"common.rs" 8 4 8 65] (self : t_B'0) (visited : Seq.seq t_Item'1) (o : t_B'0) - function produces_trans'2 [#"common.rs" 25 4 25 91] (a : t_B'0) (ab : Seq.seq t_Item'1) (b : t_B'0) (bc : Seq.seq t_Item'1) (c : t_B'0) : () + function produces_trans'2 [#"common.rs" 21 4 21 91] (a : t_B'0) (ab : Seq.seq t_Item'1) (b : t_B'0) (bc : Seq.seq t_Item'1) (c : t_B'0) : () - axiom produces_trans'2_spec : forall a : t_B'0, ab : Seq.seq t_Item'1, b : t_B'0, bc : Seq.seq t_Item'1, c : t_B'0 . ([%#scommon10] inv'4 a) - -> ([%#scommon11] inv'4 b) - -> ([%#scommon12] inv'4 c) - -> ([%#scommon13] produces'2 a ab b) - -> ([%#scommon14] produces'2 b bc c) -> ([%#scommon15] produces'2 a (Seq.(++) ab bc) c) + axiom produces_trans'2_spec : forall a : t_B'0, ab : Seq.seq t_Item'1, b : t_B'0, bc : Seq.seq t_Item'1, c : t_B'0 . ([%#scommon6] produces'2 a ab b) + -> ([%#scommon7] produces'2 b bc c) -> ([%#scommon8] produces'2 a (Seq.(++) ab bc) c) - function produces_refl'1 [#"common.rs" 16 4 16 27] (self : t_B'0) : () + function produces_refl'1 [#"common.rs" 15 4 15 27] (self : t_B'0) : () - axiom produces_refl'1_spec : forall self : t_B'0 . ([%#scommon8] inv'4 self) - -> ([%#scommon9] produces'2 self (Seq.empty : Seq.seq t_Item'1) self) + axiom produces_refl'1_spec : forall self : t_B'0 . [%#scommon5] produces'2 self (Seq.empty : Seq.seq t_Item'1) self use seq.Seq - use prelude.prelude.Int - use seq.Seq use seq.Seq - predicate inv'7 (_1 : t_Item'0) - - predicate invariant'2 (self : t_Item'0) = - [%#sboxed17] inv'7 self - - predicate inv'5 (_1 : t_Item'0) - - axiom inv_axiom'3 [@rewrite] : forall x : t_Item'0 [inv'5 x] . inv'5 x = invariant'2 x - - predicate invariant'0 (self : Seq.seq t_Item'0) = - [%#sseq16] forall i : int . 0 <= i /\ i < Seq.length self -> inv'5 (Seq.get self i) - - predicate inv'1 (_1 : Seq.seq t_Item'0) - - axiom inv_axiom'1 [@rewrite] : forall x : Seq.seq t_Item'0 [inv'1 x] . inv'1 x = invariant'0 x - - use seq.Seq - use seq.Seq - predicate inv'8 (_1 : t_Item'1) - - predicate invariant'3 (self : t_Item'1) = - [%#sboxed17] inv'8 self - - predicate inv'6 (_1 : t_Item'1) - - axiom inv_axiom'4 [@rewrite] : forall x : t_Item'1 [inv'6 x] . inv'6 x = invariant'3 x - - predicate invariant'1 (self : Seq.seq t_Item'1) = - [%#sseq16] forall i : int . 0 <= i /\ i < Seq.length self -> inv'6 (Seq.get self i) - - predicate inv'2 (_1 : Seq.seq t_Item'1) - - axiom inv_axiom'2 [@rewrite] : forall x : Seq.seq t_Item'1 [inv'2 x] . inv'2 x = invariant'1 x - - use seq.Seq + use prelude.prelude.Int use seq.Seq @@ -292,9 +163,7 @@ module M_12_zip__qyi1592645166739554830__produces_trans [#"12_zip.rs" 53 4 53 90 predicate produces'0 [#"12_zip.rs" 29 4 29 65] (self : t_Zip'0) (visited : Seq.seq (t_Item'0, t_Item'1)) (tl : t_Zip'0) = - [%#s12_zip7] exists p1 : Seq.seq t_Item'0, p2 : Seq.seq t_Item'1 . inv'1 p1 - /\ inv'2 p2 - /\ Seq.length p1 = Seq.length p2 + [%#s12_zip4] exists p1 : Seq.seq t_Item'0, p2 : Seq.seq t_Item'1 . Seq.length p1 = Seq.length p2 /\ Seq.length p2 = Seq.length visited /\ (forall i : int . 0 <= i /\ i < Seq.length visited -> Seq.get visited i = (Seq.get p1 i, Seq.get p2 i)) /\ produces'1 self.t_Zip__a'0 p1 tl.t_Zip__a'0 /\ produces'2 self.t_Zip__b'0 p2 tl.t_Zip__b'0 @@ -311,35 +180,27 @@ module M_12_zip__qyi1592645166739554830__produces_trans [#"12_zip.rs" 53 4 53 90 constant c : t_Zip'0 - function produces_trans'0 [#"12_zip.rs" 53 4 53 90] (a : t_Zip'0) (ab : Seq.seq (t_Item'0, t_Item'1)) (b : t_Zip'0) (bc : Seq.seq (t_Item'0, t_Item'1)) (c : t_Zip'0) : () + function produces_trans'0 [#"12_zip.rs" 49 4 49 90] (a : t_Zip'0) (ab : Seq.seq (t_Item'0, t_Item'1)) (b : t_Zip'0) (bc : Seq.seq (t_Item'0, t_Item'1)) (c : t_Zip'0) : () - goal vc_produces_trans'0 : ([%#s12_zip4] produces'0 b bc c) - -> ([%#s12_zip3] produces'0 a ab b) - -> ([%#s12_zip2] inv'0 c) - -> ([%#s12_zip1] inv'0 b) -> ([%#s12_zip0] inv'0 a) -> ([%#s12_zip5] produces'0 a (Seq.(++) ab bc) c) + goal vc_produces_trans'0 : ([%#s12_zip1] produces'0 b bc c) + -> ([%#s12_zip0] produces'0 a ab b) -> ([%#s12_zip2] produces'0 a (Seq.(++) ab bc) c) end -module M_12_zip__qyi1592645166739554830__next [#"12_zip.rs" 59 4 59 44] (* as common::Iterator> *) - let%span s12_zip0 = "12_zip.rs" 59 17 59 21 - let%span s12_zip1 = "12_zip.rs" 59 26 59 44 - let%span s12_zip2 = "12_zip.rs" 55 14 58 5 - let%span scommon3 = "common.rs" 31 17 31 21 - let%span scommon4 = "common.rs" 31 26 31 44 - let%span scommon5 = "common.rs" 27 14 30 5 +module M_12_zip__qyi1592645166739554830__next [#"12_zip.rs" 55 4 55 44] (* as common::Iterator> *) + let%span s12_zip0 = "12_zip.rs" 55 17 55 21 + let%span s12_zip1 = "12_zip.rs" 55 26 55 44 + let%span s12_zip2 = "12_zip.rs" 51 14 54 5 + let%span scommon3 = "common.rs" 27 17 27 21 + let%span scommon4 = "common.rs" 27 26 27 44 + let%span scommon5 = "common.rs" 23 14 26 5 let%span s12_zip6 = "12_zip.rs" 21 13 23 67 let%span s12_zip7 = "12_zip.rs" 32 12 35 73 - let%span scommon8 = "common.rs" 14 15 14 24 - let%span scommon9 = "common.rs" 15 14 15 45 - let%span scommon10 = "common.rs" 19 15 19 21 - let%span scommon11 = "common.rs" 20 15 20 21 - let%span scommon12 = "common.rs" 21 15 21 21 - let%span scommon13 = "common.rs" 22 15 22 32 - let%span scommon14 = "common.rs" 23 15 23 32 - let%span scommon15 = "common.rs" 24 14 24 42 - let%span sresolve16 = "../../../../creusot-contracts/src/resolve.rs" 54 20 54 34 - let%span sinvariant17 = "../../../../creusot-contracts/src/invariant.rs" 34 20 34 44 - let%span sseq18 = "../../../../creusot-contracts/src/logic/seq.rs" 611 20 611 95 - let%span sboxed19 = "../../../../creusot-contracts/src/std/boxed.rs" 28 8 28 18 + let%span scommon8 = "common.rs" 14 14 14 45 + let%span scommon9 = "common.rs" 18 15 18 32 + let%span scommon10 = "common.rs" 19 15 19 32 + let%span scommon11 = "common.rs" 20 14 20 42 + let%span sresolve12 = "../../../../creusot-contracts/src/resolve.rs" 54 20 54 34 + let%span sinvariant13 = "../../../../creusot-contracts/src/invariant.rs" 34 20 34 44 use prelude.prelude.Borrow @@ -362,22 +223,18 @@ module M_12_zip__qyi1592645166739554830__next [#"12_zip.rs" 59 4 59 44] (* ([%#scommon11] inv'0 b) - -> ([%#scommon12] inv'0 c) - -> ([%#scommon13] produces'1 a ab b) - -> ([%#scommon14] produces'1 b bc c) -> ([%#scommon15] produces'1 a (Seq.(++) ab bc) c) + axiom produces_trans'0_spec : forall a : t_A'0, ab : Seq.seq t_Item'0, b : t_A'0, bc : Seq.seq t_Item'0, c : t_A'0 . ([%#scommon9] produces'1 a ab b) + -> ([%#scommon10] produces'1 b bc c) -> ([%#scommon11] produces'1 a (Seq.(++) ab bc) c) - function produces_refl'0 [#"common.rs" 16 4 16 27] (self : t_A'0) : () + function produces_refl'0 [#"common.rs" 15 4 15 27] (self : t_A'0) : () - axiom produces_refl'0_spec : forall self : t_A'0 . ([%#scommon8] inv'0 self) - -> ([%#scommon9] produces'1 self (Seq.empty : Seq.seq t_Item'0) self) + axiom produces_refl'0_spec : forall self : t_A'0 . [%#scommon8] produces'1 self (Seq.empty : Seq.seq t_Item'0) self predicate invariant'1 (self : borrowed t_A'0) = - [%#sinvariant17] inv'0 self.current /\ inv'0 self.final + [%#sinvariant13] inv'0 self.current /\ inv'0 self.final predicate inv'5 (_1 : borrowed t_A'0) @@ -428,22 +285,18 @@ module M_12_zip__qyi1592645166739554830__next [#"12_zip.rs" 59 4 59 44] (* ([%#scommon11] inv'1 b) - -> ([%#scommon12] inv'1 c) - -> ([%#scommon13] produces'2 a ab b) - -> ([%#scommon14] produces'2 b bc c) -> ([%#scommon15] produces'2 a (Seq.(++) ab bc) c) + axiom produces_trans'1_spec : forall a : t_B'0, ab : Seq.seq t_Item'1, b : t_B'0, bc : Seq.seq t_Item'1, c : t_B'0 . ([%#scommon9] produces'2 a ab b) + -> ([%#scommon10] produces'2 b bc c) -> ([%#scommon11] produces'2 a (Seq.(++) ab bc) c) - function produces_refl'1 [#"common.rs" 16 4 16 27] (self : t_B'0) : () + function produces_refl'1 [#"common.rs" 15 4 15 27] (self : t_B'0) : () - axiom produces_refl'1_spec : forall self : t_B'0 . ([%#scommon8] inv'1 self) - -> ([%#scommon9] produces'2 self (Seq.empty : Seq.seq t_Item'1) self) + axiom produces_refl'1_spec : forall self : t_B'0 . [%#scommon8] produces'2 self (Seq.empty : Seq.seq t_Item'1) self predicate invariant'2 (self : borrowed t_B'0) = - [%#sinvariant17] inv'1 self.current /\ inv'1 self.final + [%#sinvariant13] inv'1 self.current /\ inv'1 self.final predicate inv'7 (_1 : borrowed t_B'0) @@ -453,14 +306,14 @@ module M_12_zip__qyi1592645166739554830__next [#"12_zip.rs" 59 4 59 44] (* true - | C_Some'1 a_0 -> inv'12 a_0 + | C_Some'1 a_0 -> inv'10 a_0 end predicate completed'2 [#"common.rs" 11 4 11 36] (self : borrowed t_B'0) @@ -477,22 +330,22 @@ module M_12_zip__qyi1592645166739554830__next [#"12_zip.rs" 59 4 59 44] (* inv'0 a /\ inv'1 b end predicate invariant'0 (self : borrowed (t_Zip'0)) = - [%#sinvariant17] inv'13 self.current /\ inv'13 self.final + [%#sinvariant13] inv'11 self.current /\ inv'11 self.final predicate inv'2 (_1 : borrowed (t_Zip'0)) axiom inv_axiom'0 [@rewrite] : forall x : borrowed (t_Zip'0) [inv'2 x] . inv'2 x = invariant'0 x predicate resolve'2 (self : borrowed (t_Zip'0)) = - [%#sresolve16] self.final = self.current + [%#sresolve12] self.final = self.current predicate resolve'0 (_1 : borrowed (t_Zip'0)) = resolve'2 _1 @@ -510,24 +363,23 @@ module M_12_zip__qyi1592645166739554830__next [#"12_zip.rs" 59 4 59 44] (* true - | C_Some'2 a_0 -> inv'11 a_0 + | C_Some'2 a_0 -> inv'9 a_0 end predicate completed'0 [#"12_zip.rs" 19 4 19 35] (self : borrowed (t_Zip'0)) = [%#s12_zip6] completed'1 (Borrow.borrow_logic (self.current).t_Zip__a'0 (self.final).t_Zip__a'0 (Borrow.inherit_id (Borrow.get_id self) 1)) /\ (self.current).t_Zip__b'0 = (self.final).t_Zip__b'0 - \/ (exists x : t_Item'0 . inv'3 x - /\ produces'1 (self.current).t_Zip__a'0 (Seq.singleton x) (self.final).t_Zip__a'0 + \/ (exists x : t_Item'0 . produces'1 (self.current).t_Zip__a'0 (Seq.singleton x) (self.final).t_Zip__a'0 /\ resolve'1 x /\ completed'2 (Borrow.borrow_logic (self.current).t_Zip__b'0 (self.final).t_Zip__b'0 (Borrow.inherit_id (Borrow.get_id self) 2))) @@ -535,45 +387,13 @@ module M_12_zip__qyi1592645166739554830__next [#"12_zip.rs" 59 4 59 44] (* inv'14 (Seq.get self i) - - predicate inv'9 (_1 : Seq.seq t_Item'0) - - axiom inv_axiom'6 [@rewrite] : forall x : Seq.seq t_Item'0 [inv'9 x] . inv'9 x = invariant'3 x - - use seq.Seq - use seq.Seq - predicate invariant'6 (self : t_Item'1) = - [%#sboxed19] inv'12 self - - predicate inv'15 (_1 : t_Item'1) - - axiom inv_axiom'11 [@rewrite] : forall x : t_Item'1 [inv'15 x] . inv'15 x = invariant'6 x - - predicate invariant'4 (self : Seq.seq t_Item'1) = - [%#sseq18] forall i : int . 0 <= i /\ i < Seq.length self -> inv'15 (Seq.get self i) - - predicate inv'10 (_1 : Seq.seq t_Item'1) - - axiom inv_axiom'7 [@rewrite] : forall x : Seq.seq t_Item'1 [inv'10 x] . inv'10 x = invariant'4 x - - use seq.Seq + use prelude.prelude.Int use seq.Seq @@ -584,9 +404,7 @@ module M_12_zip__qyi1592645166739554830__next [#"12_zip.rs" 59 4 59 44] (* Seq.get visited i = (Seq.get p1 i, Seq.get p2 i)) /\ produces'1 self.t_Zip__a'0 p1 tl.t_Zip__a'0 /\ produces'2 self.t_Zip__b'0 p2 tl.t_Zip__b'0 @@ -664,21 +482,15 @@ module M_12_zip__qyi1592645166739554830__next [#"12_zip.rs" 59 4 59 44] (* as common::Iterator> *) - let%span s12_zip0 = "12_zip.rs" 59 4 59 44 +module M_12_zip__qyi1592645166739554830__next__refines [#"12_zip.rs" 55 4 55 44] (* as common::Iterator> *) + let%span s12_zip0 = "12_zip.rs" 55 4 55 44 let%span s12_zip1 = "12_zip.rs" 21 13 23 67 let%span s12_zip2 = "12_zip.rs" 32 12 35 73 let%span sinvariant3 = "../../../../creusot-contracts/src/invariant.rs" 34 20 34 44 - let%span scommon4 = "common.rs" 14 15 14 24 - let%span scommon5 = "common.rs" 15 14 15 45 - let%span scommon6 = "common.rs" 19 15 19 21 - let%span scommon7 = "common.rs" 20 15 20 21 - let%span scommon8 = "common.rs" 21 15 21 21 - let%span scommon9 = "common.rs" 22 15 22 32 - let%span scommon10 = "common.rs" 23 15 23 32 - let%span scommon11 = "common.rs" 24 14 24 42 - let%span sseq12 = "../../../../creusot-contracts/src/logic/seq.rs" 611 20 611 95 - let%span sboxed13 = "../../../../creusot-contracts/src/std/boxed.rs" 28 8 28 18 + let%span scommon4 = "common.rs" 14 14 14 45 + let%span scommon5 = "common.rs" 18 15 18 32 + let%span scommon6 = "common.rs" 19 15 19 32 + let%span scommon7 = "common.rs" 20 14 20 42 use prelude.prelude.Borrow @@ -689,19 +501,19 @@ module M_12_zip__qyi1592645166739554830__next__refines [#"12_zip.rs" 59 4 59 44] type t_Zip'0 = { t_Zip__a'0: t_A'0; t_Zip__b'0: t_B'0 } - predicate inv'7 (_1 : t_A'0) + predicate inv'6 (_1 : t_A'0) - predicate inv'8 (_1 : t_B'0) + predicate inv'7 (_1 : t_B'0) - predicate inv'6 (_1 : t_Zip'0) + predicate inv'3 (_1 : t_Zip'0) - axiom inv_axiom'5 [@rewrite] : forall x : t_Zip'0 [inv'6 x] . inv'6 x + axiom inv_axiom'3 [@rewrite] : forall x : t_Zip'0 [inv'3 x] . inv'3 x = match x with - | {t_Zip__a'0 = a ; t_Zip__b'0 = b} -> inv'7 a /\ inv'8 b + | {t_Zip__a'0 = a ; t_Zip__b'0 = b} -> inv'6 a /\ inv'7 b end predicate invariant'0 (self : borrowed (t_Zip'0)) = - [%#sinvariant3] inv'6 self.current /\ inv'6 self.final + [%#sinvariant3] inv'3 self.current /\ inv'3 self.final predicate inv'0 (_1 : borrowed (t_Zip'0)) @@ -717,19 +529,15 @@ module M_12_zip__qyi1592645166739554830__next__refines [#"12_zip.rs" 59 4 59 44] predicate produces'1 [#"common.rs" 8 4 8 65] (self : t_A'0) (visited : Seq.seq t_Item'0) (o : t_A'0) - function produces_trans'0 [#"common.rs" 25 4 25 91] (a : t_A'0) (ab : Seq.seq t_Item'0) (b : t_A'0) (bc : Seq.seq t_Item'0) (c : t_A'0) : () + function produces_trans'0 [#"common.rs" 21 4 21 91] (a : t_A'0) (ab : Seq.seq t_Item'0) (b : t_A'0) (bc : Seq.seq t_Item'0) (c : t_A'0) : () - axiom produces_trans'0_spec : forall a : t_A'0, ab : Seq.seq t_Item'0, b : t_A'0, bc : Seq.seq t_Item'0, c : t_A'0 . ([%#scommon6] inv'7 a) - -> ([%#scommon7] inv'7 b) - -> ([%#scommon8] inv'7 c) - -> ([%#scommon9] produces'1 a ab b) - -> ([%#scommon10] produces'1 b bc c) -> ([%#scommon11] produces'1 a (Seq.(++) ab bc) c) + axiom produces_trans'0_spec : forall a : t_A'0, ab : Seq.seq t_Item'0, b : t_A'0, bc : Seq.seq t_Item'0, c : t_A'0 . ([%#scommon5] produces'1 a ab b) + -> ([%#scommon6] produces'1 b bc c) -> ([%#scommon7] produces'1 a (Seq.(++) ab bc) c) - function produces_refl'0 [#"common.rs" 16 4 16 27] (self : t_A'0) : () + function produces_refl'0 [#"common.rs" 15 4 15 27] (self : t_A'0) : () - axiom produces_refl'0_spec : forall self : t_A'0 . ([%#scommon4] inv'7 self) - -> ([%#scommon5] produces'1 self (Seq.empty : Seq.seq t_Item'0) self) + axiom produces_refl'0_spec : forall self : t_A'0 . [%#scommon4] produces'1 self (Seq.empty : Seq.seq t_Item'0) self use seq.Seq @@ -741,19 +549,15 @@ module M_12_zip__qyi1592645166739554830__next__refines [#"12_zip.rs" 59 4 59 44] predicate produces'2 [#"common.rs" 8 4 8 65] (self : t_B'0) (visited : Seq.seq t_Item'1) (o : t_B'0) - function produces_trans'1 [#"common.rs" 25 4 25 91] (a : t_B'0) (ab : Seq.seq t_Item'1) (b : t_B'0) (bc : Seq.seq t_Item'1) (c : t_B'0) : () + function produces_trans'1 [#"common.rs" 21 4 21 91] (a : t_B'0) (ab : Seq.seq t_Item'1) (b : t_B'0) (bc : Seq.seq t_Item'1) (c : t_B'0) : () - axiom produces_trans'1_spec : forall a : t_B'0, ab : Seq.seq t_Item'1, b : t_B'0, bc : Seq.seq t_Item'1, c : t_B'0 . ([%#scommon6] inv'8 a) - -> ([%#scommon7] inv'8 b) - -> ([%#scommon8] inv'8 c) - -> ([%#scommon9] produces'2 a ab b) - -> ([%#scommon10] produces'2 b bc c) -> ([%#scommon11] produces'2 a (Seq.(++) ab bc) c) + axiom produces_trans'1_spec : forall a : t_B'0, ab : Seq.seq t_Item'1, b : t_B'0, bc : Seq.seq t_Item'1, c : t_B'0 . ([%#scommon5] produces'2 a ab b) + -> ([%#scommon6] produces'2 b bc c) -> ([%#scommon7] produces'2 a (Seq.(++) ab bc) c) - function produces_refl'1 [#"common.rs" 16 4 16 27] (self : t_B'0) : () + function produces_refl'1 [#"common.rs" 15 4 15 27] (self : t_B'0) : () - axiom produces_refl'1_spec : forall self : t_B'0 . ([%#scommon4] inv'8 self) - -> ([%#scommon5] produces'2 self (Seq.empty : Seq.seq t_Item'1) self) + axiom produces_refl'1_spec : forall self : t_B'0 . [%#scommon4] produces'2 self (Seq.empty : Seq.seq t_Item'1) self type t_Option'0 = | C_None'0 @@ -761,8 +565,6 @@ module M_12_zip__qyi1592645166739554830__next__refines [#"12_zip.rs" 59 4 59 44] predicate completed'1 [#"common.rs" 11 4 11 36] (self : borrowed t_A'0) - predicate inv'2 (_1 : t_Item'0) - use seq.Seq predicate resolve'0 (_1 : t_Item'0) @@ -772,8 +574,7 @@ module M_12_zip__qyi1592645166739554830__next__refines [#"12_zip.rs" 59 4 59 44] predicate completed'0 [#"12_zip.rs" 19 4 19 35] (self : borrowed (t_Zip'0)) = [%#s12_zip1] completed'1 (Borrow.borrow_logic (self.current).t_Zip__a'0 (self.final).t_Zip__a'0 (Borrow.inherit_id (Borrow.get_id self) 1)) /\ (self.current).t_Zip__b'0 = (self.final).t_Zip__b'0 - \/ (exists x : t_Item'0 . inv'2 x - /\ produces'1 (self.current).t_Zip__a'0 (Seq.singleton x) (self.final).t_Zip__a'0 + \/ (exists x : t_Item'0 . produces'1 (self.current).t_Zip__a'0 (Seq.singleton x) (self.final).t_Zip__a'0 /\ resolve'0 x /\ completed'2 (Borrow.borrow_logic (self.current).t_Zip__b'0 (self.final).t_Zip__b'0 (Borrow.inherit_id (Borrow.get_id self) 2))) @@ -781,47 +582,13 @@ module M_12_zip__qyi1592645166739554830__next__refines [#"12_zip.rs" 59 4 59 44] use seq.Seq - use prelude.prelude.Int - use seq.Seq use seq.Seq - predicate invariant'3 (self : t_Item'0) = - [%#sboxed13] inv'2 self - - predicate inv'9 (_1 : t_Item'0) - - axiom inv_axiom'6 [@rewrite] : forall x : t_Item'0 [inv'9 x] . inv'9 x = invariant'3 x - - predicate invariant'1 (self : Seq.seq t_Item'0) = - [%#sseq12] forall i : int . 0 <= i /\ i < Seq.length self -> inv'9 (Seq.get self i) - - predicate inv'3 (_1 : Seq.seq t_Item'0) - - axiom inv_axiom'2 [@rewrite] : forall x : Seq.seq t_Item'0 [inv'3 x] . inv'3 x = invariant'1 x - - use seq.Seq - use seq.Seq - predicate inv'11 (_1 : t_Item'1) - - predicate invariant'4 (self : t_Item'1) = - [%#sboxed13] inv'11 self - - predicate inv'10 (_1 : t_Item'1) - - axiom inv_axiom'7 [@rewrite] : forall x : t_Item'1 [inv'10 x] . inv'10 x = invariant'4 x - - predicate invariant'2 (self : Seq.seq t_Item'1) = - [%#sseq12] forall i : int . 0 <= i /\ i < Seq.length self -> inv'10 (Seq.get self i) - - predicate inv'4 (_1 : Seq.seq t_Item'1) - - axiom inv_axiom'3 [@rewrite] : forall x : Seq.seq t_Item'1 [inv'4 x] . inv'4 x = invariant'2 x - - use seq.Seq + use prelude.prelude.Int use seq.Seq @@ -832,24 +599,26 @@ module M_12_zip__qyi1592645166739554830__next__refines [#"12_zip.rs" 59 4 59 44] predicate produces'0 [#"12_zip.rs" 29 4 29 65] (self : t_Zip'0) (visited : Seq.seq (t_Item'0, t_Item'1)) (tl : t_Zip'0) = - [%#s12_zip2] exists p1 : Seq.seq t_Item'0, p2 : Seq.seq t_Item'1 . inv'3 p1 - /\ inv'4 p2 - /\ Seq.length p1 = Seq.length p2 + [%#s12_zip2] exists p1 : Seq.seq t_Item'0, p2 : Seq.seq t_Item'1 . Seq.length p1 = Seq.length p2 /\ Seq.length p2 = Seq.length visited /\ (forall i : int . 0 <= i /\ i < Seq.length visited -> Seq.get visited i = (Seq.get p1 i, Seq.get p2 i)) /\ produces'1 self.t_Zip__a'0 p1 tl.t_Zip__a'0 /\ produces'2 self.t_Zip__b'0 p2 tl.t_Zip__b'0 - predicate inv'5 (_1 : (t_Item'0, t_Item'1)) + predicate inv'4 (_1 : t_Item'0) - axiom inv_axiom'4 [@rewrite] : forall x : (t_Item'0, t_Item'1) [inv'5 x] . inv'5 x - = (let (x0, x1) = x in inv'2 x0 /\ inv'11 x1) + predicate inv'5 (_1 : t_Item'1) + + predicate inv'2 (_1 : (t_Item'0, t_Item'1)) + + axiom inv_axiom'2 [@rewrite] : forall x : (t_Item'0, t_Item'1) [inv'2 x] . inv'2 x + = (let (x0, x1) = x in inv'4 x0 /\ inv'5 x1) predicate inv'1 (_1 : t_Option'0) axiom inv_axiom'1 [@rewrite] : forall x : t_Option'0 [inv'1 x] . inv'1 x = match x with | C_None'0 -> true - | C_Some'0 a_0 -> inv'5 a_0 + | C_Some'0 a_0 -> inv'2 a_0 end goal refines : [%#s12_zip0] forall self : borrowed (t_Zip'0) . inv'0 self @@ -865,19 +634,13 @@ module M_12_zip__qyi1592645166739554830__next__refines [#"12_zip.rs" 59 4 59 44] end /\ inv'1 result) end -module M_12_zip__qyi1592645166739554830__produces_trans__refines [#"12_zip.rs" 53 4 53 90] (* as common::Iterator> *) - let%span s12_zip0 = "12_zip.rs" 53 4 53 90 +module M_12_zip__qyi1592645166739554830__produces_trans__refines [#"12_zip.rs" 49 4 49 90] (* as common::Iterator> *) + let%span s12_zip0 = "12_zip.rs" 49 4 49 90 let%span s12_zip1 = "12_zip.rs" 32 12 35 73 - let%span scommon2 = "common.rs" 14 15 14 24 - let%span scommon3 = "common.rs" 15 14 15 45 - let%span scommon4 = "common.rs" 19 15 19 21 - let%span scommon5 = "common.rs" 20 15 20 21 - let%span scommon6 = "common.rs" 21 15 21 21 - let%span scommon7 = "common.rs" 22 15 22 32 - let%span scommon8 = "common.rs" 23 15 23 32 - let%span scommon9 = "common.rs" 24 14 24 42 - let%span sseq10 = "../../../../creusot-contracts/src/logic/seq.rs" 611 20 611 95 - let%span sboxed11 = "../../../../creusot-contracts/src/std/boxed.rs" 28 8 28 18 + let%span scommon2 = "common.rs" 14 14 14 45 + let%span scommon3 = "common.rs" 18 15 18 32 + let%span scommon4 = "common.rs" 19 15 19 32 + let%span scommon5 = "common.rs" 20 14 20 42 type t_A'0 @@ -886,8 +649,6 @@ module M_12_zip__qyi1592645166739554830__produces_trans__refines [#"12_zip.rs" 5 type t_Zip'0 = { t_Zip__a'0: t_A'0; t_Zip__b'0: t_B'0 } - predicate inv'3 (_1 : t_A'0) - use seq.Seq use seq.Seq @@ -898,21 +659,15 @@ module M_12_zip__qyi1592645166739554830__produces_trans__refines [#"12_zip.rs" 5 predicate produces'1 [#"common.rs" 8 4 8 65] (self : t_A'0) (visited : Seq.seq t_Item'0) (o : t_A'0) - function produces_trans'1 [#"common.rs" 25 4 25 91] (a : t_A'0) (ab : Seq.seq t_Item'0) (b : t_A'0) (bc : Seq.seq t_Item'0) (c : t_A'0) : () + function produces_trans'1 [#"common.rs" 21 4 21 91] (a : t_A'0) (ab : Seq.seq t_Item'0) (b : t_A'0) (bc : Seq.seq t_Item'0) (c : t_A'0) : () - axiom produces_trans'1_spec : forall a : t_A'0, ab : Seq.seq t_Item'0, b : t_A'0, bc : Seq.seq t_Item'0, c : t_A'0 . ([%#scommon4] inv'3 a) - -> ([%#scommon5] inv'3 b) - -> ([%#scommon6] inv'3 c) - -> ([%#scommon7] produces'1 a ab b) - -> ([%#scommon8] produces'1 b bc c) -> ([%#scommon9] produces'1 a (Seq.(++) ab bc) c) + axiom produces_trans'1_spec : forall a : t_A'0, ab : Seq.seq t_Item'0, b : t_A'0, bc : Seq.seq t_Item'0, c : t_A'0 . ([%#scommon3] produces'1 a ab b) + -> ([%#scommon4] produces'1 b bc c) -> ([%#scommon5] produces'1 a (Seq.(++) ab bc) c) - function produces_refl'0 [#"common.rs" 16 4 16 27] (self : t_A'0) : () + function produces_refl'0 [#"common.rs" 15 4 15 27] (self : t_A'0) : () - axiom produces_refl'0_spec : forall self : t_A'0 . ([%#scommon2] inv'3 self) - -> ([%#scommon3] produces'1 self (Seq.empty : Seq.seq t_Item'0) self) - - predicate inv'4 (_1 : t_B'0) + axiom produces_refl'0_spec : forall self : t_A'0 . [%#scommon2] produces'1 self (Seq.empty : Seq.seq t_Item'0) self use seq.Seq @@ -924,65 +679,25 @@ module M_12_zip__qyi1592645166739554830__produces_trans__refines [#"12_zip.rs" 5 predicate produces'2 [#"common.rs" 8 4 8 65] (self : t_B'0) (visited : Seq.seq t_Item'1) (o : t_B'0) - function produces_trans'2 [#"common.rs" 25 4 25 91] (a : t_B'0) (ab : Seq.seq t_Item'1) (b : t_B'0) (bc : Seq.seq t_Item'1) (c : t_B'0) : () + function produces_trans'2 [#"common.rs" 21 4 21 91] (a : t_B'0) (ab : Seq.seq t_Item'1) (b : t_B'0) (bc : Seq.seq t_Item'1) (c : t_B'0) : () - axiom produces_trans'2_spec : forall a : t_B'0, ab : Seq.seq t_Item'1, b : t_B'0, bc : Seq.seq t_Item'1, c : t_B'0 . ([%#scommon4] inv'4 a) - -> ([%#scommon5] inv'4 b) - -> ([%#scommon6] inv'4 c) - -> ([%#scommon7] produces'2 a ab b) - -> ([%#scommon8] produces'2 b bc c) -> ([%#scommon9] produces'2 a (Seq.(++) ab bc) c) + axiom produces_trans'2_spec : forall a : t_B'0, ab : Seq.seq t_Item'1, b : t_B'0, bc : Seq.seq t_Item'1, c : t_B'0 . ([%#scommon3] produces'2 a ab b) + -> ([%#scommon4] produces'2 b bc c) -> ([%#scommon5] produces'2 a (Seq.(++) ab bc) c) - function produces_refl'1 [#"common.rs" 16 4 16 27] (self : t_B'0) : () + function produces_refl'1 [#"common.rs" 15 4 15 27] (self : t_B'0) : () - axiom produces_refl'1_spec : forall self : t_B'0 . ([%#scommon2] inv'4 self) - -> ([%#scommon3] produces'2 self (Seq.empty : Seq.seq t_Item'1) self) - - use seq.Seq - - use prelude.prelude.Int + axiom produces_refl'1_spec : forall self : t_B'0 . [%#scommon2] produces'2 self (Seq.empty : Seq.seq t_Item'1) self use seq.Seq use seq.Seq - predicate inv'7 (_1 : t_Item'0) - - predicate invariant'2 (self : t_Item'0) = - [%#sboxed11] inv'7 self - - predicate inv'5 (_1 : t_Item'0) - - axiom inv_axiom'3 [@rewrite] : forall x : t_Item'0 [inv'5 x] . inv'5 x = invariant'2 x - - predicate invariant'0 (self : Seq.seq t_Item'0) = - [%#sseq10] forall i : int . 0 <= i /\ i < Seq.length self -> inv'5 (Seq.get self i) - - predicate inv'1 (_1 : Seq.seq t_Item'0) - - axiom inv_axiom'1 [@rewrite] : forall x : Seq.seq t_Item'0 [inv'1 x] . inv'1 x = invariant'0 x - use seq.Seq use seq.Seq - predicate inv'8 (_1 : t_Item'1) - - predicate invariant'3 (self : t_Item'1) = - [%#sboxed11] inv'8 self - - predicate inv'6 (_1 : t_Item'1) - - axiom inv_axiom'4 [@rewrite] : forall x : t_Item'1 [inv'6 x] . inv'6 x = invariant'3 x - - predicate invariant'1 (self : Seq.seq t_Item'1) = - [%#sseq10] forall i : int . 0 <= i /\ i < Seq.length self -> inv'6 (Seq.get self i) - - predicate inv'2 (_1 : Seq.seq t_Item'1) - - axiom inv_axiom'2 [@rewrite] : forall x : Seq.seq t_Item'1 [inv'2 x] . inv'2 x = invariant'1 x - - use seq.Seq + use prelude.prelude.Int use seq.Seq @@ -993,42 +708,25 @@ module M_12_zip__qyi1592645166739554830__produces_trans__refines [#"12_zip.rs" 5 predicate produces'0 [#"12_zip.rs" 29 4 29 65] (self : t_Zip'0) (visited : Seq.seq (t_Item'0, t_Item'1)) (tl : t_Zip'0) = - [%#s12_zip1] exists p1 : Seq.seq t_Item'0, p2 : Seq.seq t_Item'1 . inv'1 p1 - /\ inv'2 p2 - /\ Seq.length p1 = Seq.length p2 + [%#s12_zip1] exists p1 : Seq.seq t_Item'0, p2 : Seq.seq t_Item'1 . Seq.length p1 = Seq.length p2 /\ Seq.length p2 = Seq.length visited /\ (forall i : int . 0 <= i /\ i < Seq.length visited -> Seq.get visited i = (Seq.get p1 i, Seq.get p2 i)) /\ produces'1 self.t_Zip__a'0 p1 tl.t_Zip__a'0 /\ produces'2 self.t_Zip__b'0 p2 tl.t_Zip__b'0 - predicate inv'0 (_1 : t_Zip'0) - - axiom inv_axiom'0 [@rewrite] : forall x : t_Zip'0 [inv'0 x] . inv'0 x - = match x with - | {t_Zip__a'0 = a ; t_Zip__b'0 = b} -> inv'3 a /\ inv'4 b - end - use seq.Seq goal refines : [%#s12_zip0] forall a : t_Zip'0 . forall ab : Seq.seq (t_Item'0, t_Item'1) . forall b : t_Zip'0 . forall bc : Seq.seq (t_Item'0, t_Item'1) . forall c : t_Zip'0 . produces'0 b bc c - /\ produces'0 a ab b /\ inv'0 c /\ inv'0 b /\ inv'0 a - -> produces'0 b bc c /\ produces'0 a ab b - /\ inv'0 c - /\ inv'0 b /\ inv'0 a /\ (forall result : () . produces'0 a (Seq.(++) ab bc) c -> produces'0 a (Seq.(++) ab bc) c) + -> produces'0 b bc c + /\ produces'0 a ab b /\ (forall result : () . produces'0 a (Seq.(++) ab bc) c -> produces'0 a (Seq.(++) ab bc) c) end -module M_12_zip__qyi1592645166739554830__produces_refl__refines [#"12_zip.rs" 43 4 43 26] (* as common::Iterator> *) - let%span s12_zip0 = "12_zip.rs" 43 4 43 26 +module M_12_zip__qyi1592645166739554830__produces_refl__refines [#"12_zip.rs" 42 4 42 26] (* as common::Iterator> *) + let%span s12_zip0 = "12_zip.rs" 42 4 42 26 let%span s12_zip1 = "12_zip.rs" 32 12 35 73 - let%span scommon2 = "common.rs" 14 15 14 24 - let%span scommon3 = "common.rs" 15 14 15 45 - let%span scommon4 = "common.rs" 19 15 19 21 - let%span scommon5 = "common.rs" 20 15 20 21 - let%span scommon6 = "common.rs" 21 15 21 21 - let%span scommon7 = "common.rs" 22 15 22 32 - let%span scommon8 = "common.rs" 23 15 23 32 - let%span scommon9 = "common.rs" 24 14 24 42 - let%span sseq10 = "../../../../creusot-contracts/src/logic/seq.rs" 611 20 611 95 - let%span sboxed11 = "../../../../creusot-contracts/src/std/boxed.rs" 28 8 28 18 + let%span scommon2 = "common.rs" 14 14 14 45 + let%span scommon3 = "common.rs" 18 15 18 32 + let%span scommon4 = "common.rs" 19 15 19 32 + let%span scommon5 = "common.rs" 20 14 20 42 type t_A'0 @@ -1037,17 +735,6 @@ module M_12_zip__qyi1592645166739554830__produces_refl__refines [#"12_zip.rs" 43 type t_Zip'0 = { t_Zip__a'0: t_A'0; t_Zip__b'0: t_B'0 } - predicate inv'3 (_1 : t_A'0) - - predicate inv'4 (_1 : t_B'0) - - predicate inv'0 (_1 : t_Zip'0) - - axiom inv_axiom'0 [@rewrite] : forall x : t_Zip'0 [inv'0 x] . inv'0 x - = match x with - | {t_Zip__a'0 = a ; t_Zip__b'0 = b} -> inv'3 a /\ inv'4 b - end - use seq.Seq use seq.Seq @@ -1060,19 +747,15 @@ module M_12_zip__qyi1592645166739554830__produces_refl__refines [#"12_zip.rs" 43 predicate produces'1 [#"common.rs" 8 4 8 65] (self : t_A'0) (visited : Seq.seq t_Item'0) (o : t_A'0) - function produces_trans'0 [#"common.rs" 25 4 25 91] (a : t_A'0) (ab : Seq.seq t_Item'0) (b : t_A'0) (bc : Seq.seq t_Item'0) (c : t_A'0) : () + function produces_trans'0 [#"common.rs" 21 4 21 91] (a : t_A'0) (ab : Seq.seq t_Item'0) (b : t_A'0) (bc : Seq.seq t_Item'0) (c : t_A'0) : () - axiom produces_trans'0_spec : forall a : t_A'0, ab : Seq.seq t_Item'0, b : t_A'0, bc : Seq.seq t_Item'0, c : t_A'0 . ([%#scommon4] inv'3 a) - -> ([%#scommon5] inv'3 b) - -> ([%#scommon6] inv'3 c) - -> ([%#scommon7] produces'1 a ab b) - -> ([%#scommon8] produces'1 b bc c) -> ([%#scommon9] produces'1 a (Seq.(++) ab bc) c) + axiom produces_trans'0_spec : forall a : t_A'0, ab : Seq.seq t_Item'0, b : t_A'0, bc : Seq.seq t_Item'0, c : t_A'0 . ([%#scommon3] produces'1 a ab b) + -> ([%#scommon4] produces'1 b bc c) -> ([%#scommon5] produces'1 a (Seq.(++) ab bc) c) - function produces_refl'1 [#"common.rs" 16 4 16 27] (self : t_A'0) : () + function produces_refl'1 [#"common.rs" 15 4 15 27] (self : t_A'0) : () - axiom produces_refl'1_spec : forall self : t_A'0 . ([%#scommon2] inv'3 self) - -> ([%#scommon3] produces'1 self (Seq.empty : Seq.seq t_Item'0) self) + axiom produces_refl'1_spec : forall self : t_A'0 . [%#scommon2] produces'1 self (Seq.empty : Seq.seq t_Item'0) self use seq.Seq @@ -1084,65 +767,25 @@ module M_12_zip__qyi1592645166739554830__produces_refl__refines [#"12_zip.rs" 43 predicate produces'2 [#"common.rs" 8 4 8 65] (self : t_B'0) (visited : Seq.seq t_Item'1) (o : t_B'0) - function produces_trans'1 [#"common.rs" 25 4 25 91] (a : t_B'0) (ab : Seq.seq t_Item'1) (b : t_B'0) (bc : Seq.seq t_Item'1) (c : t_B'0) : () + function produces_trans'1 [#"common.rs" 21 4 21 91] (a : t_B'0) (ab : Seq.seq t_Item'1) (b : t_B'0) (bc : Seq.seq t_Item'1) (c : t_B'0) : () - axiom produces_trans'1_spec : forall a : t_B'0, ab : Seq.seq t_Item'1, b : t_B'0, bc : Seq.seq t_Item'1, c : t_B'0 . ([%#scommon4] inv'4 a) - -> ([%#scommon5] inv'4 b) - -> ([%#scommon6] inv'4 c) - -> ([%#scommon7] produces'2 a ab b) - -> ([%#scommon8] produces'2 b bc c) -> ([%#scommon9] produces'2 a (Seq.(++) ab bc) c) + axiom produces_trans'1_spec : forall a : t_B'0, ab : Seq.seq t_Item'1, b : t_B'0, bc : Seq.seq t_Item'1, c : t_B'0 . ([%#scommon3] produces'2 a ab b) + -> ([%#scommon4] produces'2 b bc c) -> ([%#scommon5] produces'2 a (Seq.(++) ab bc) c) - function produces_refl'2 [#"common.rs" 16 4 16 27] (self : t_B'0) : () + function produces_refl'2 [#"common.rs" 15 4 15 27] (self : t_B'0) : () - axiom produces_refl'2_spec : forall self : t_B'0 . ([%#scommon2] inv'4 self) - -> ([%#scommon3] produces'2 self (Seq.empty : Seq.seq t_Item'1) self) - - use seq.Seq - - use prelude.prelude.Int + axiom produces_refl'2_spec : forall self : t_B'0 . [%#scommon2] produces'2 self (Seq.empty : Seq.seq t_Item'1) self use seq.Seq use seq.Seq - predicate inv'7 (_1 : t_Item'0) - - predicate invariant'2 (self : t_Item'0) = - [%#sboxed11] inv'7 self - - predicate inv'5 (_1 : t_Item'0) - - axiom inv_axiom'3 [@rewrite] : forall x : t_Item'0 [inv'5 x] . inv'5 x = invariant'2 x - - predicate invariant'0 (self : Seq.seq t_Item'0) = - [%#sseq10] forall i : int . 0 <= i /\ i < Seq.length self -> inv'5 (Seq.get self i) - - predicate inv'1 (_1 : Seq.seq t_Item'0) - - axiom inv_axiom'1 [@rewrite] : forall x : Seq.seq t_Item'0 [inv'1 x] . inv'1 x = invariant'0 x - use seq.Seq use seq.Seq - predicate inv'8 (_1 : t_Item'1) - - predicate invariant'3 (self : t_Item'1) = - [%#sboxed11] inv'8 self - - predicate inv'6 (_1 : t_Item'1) - - axiom inv_axiom'4 [@rewrite] : forall x : t_Item'1 [inv'6 x] . inv'6 x = invariant'3 x - - predicate invariant'1 (self : Seq.seq t_Item'1) = - [%#sseq10] forall i : int . 0 <= i /\ i < Seq.length self -> inv'6 (Seq.get self i) - - predicate inv'2 (_1 : Seq.seq t_Item'1) - - axiom inv_axiom'2 [@rewrite] : forall x : Seq.seq t_Item'1 [inv'2 x] . inv'2 x = invariant'1 x - - use seq.Seq + use prelude.prelude.Int use seq.Seq @@ -1153,15 +796,11 @@ module M_12_zip__qyi1592645166739554830__produces_refl__refines [#"12_zip.rs" 43 predicate produces'0 [#"12_zip.rs" 29 4 29 65] (self : t_Zip'0) (visited : Seq.seq (t_Item'0, t_Item'1)) (tl : t_Zip'0) = - [%#s12_zip1] exists p1 : Seq.seq t_Item'0, p2 : Seq.seq t_Item'1 . inv'1 p1 - /\ inv'2 p2 - /\ Seq.length p1 = Seq.length p2 + [%#s12_zip1] exists p1 : Seq.seq t_Item'0, p2 : Seq.seq t_Item'1 . Seq.length p1 = Seq.length p2 /\ Seq.length p2 = Seq.length visited /\ (forall i : int . 0 <= i /\ i < Seq.length visited -> Seq.get visited i = (Seq.get p1 i, Seq.get p2 i)) /\ produces'1 self.t_Zip__a'0 p1 tl.t_Zip__a'0 /\ produces'2 self.t_Zip__b'0 p2 tl.t_Zip__b'0 - goal refines : [%#s12_zip0] forall self : t_Zip'0 . inv'0 self - -> inv'0 self - /\ (forall result : () . produces'0 self (Seq.empty : Seq.seq (t_Item'0, t_Item'1)) self - -> produces'0 self (Seq.empty : Seq.seq (t_Item'0, t_Item'1)) self) + goal refines : [%#s12_zip0] forall self : t_Zip'0 . forall result : () . produces'0 self (Seq.empty : Seq.seq (t_Item'0, t_Item'1)) self + -> produces'0 self (Seq.empty : Seq.seq (t_Item'0, t_Item'1)) self end diff --git a/creusot/tests/should_succeed/iterators/12_zip.rs b/creusot/tests/should_succeed/iterators/12_zip.rs index ca921067a..c1e25dea1 100644 --- a/creusot/tests/should_succeed/iterators/12_zip.rs +++ b/creusot/tests/should_succeed/iterators/12_zip.rs @@ -1,6 +1,6 @@ extern crate creusot_contracts; -use creusot_contracts::{invariant::inv, logic::Seq, *}; +use creusot_contracts::{logic::Seq, *}; mod common; use common::Iterator; @@ -19,7 +19,7 @@ impl Iterator for Zip { fn completed(&mut self) -> bool { pearlite! { (self.a.completed() && (*self).b == (^self).b) - || (exists inv(x) && self.a.produces(Seq::singleton(x), (^self).a) && + || (exists self.a.produces(Seq::singleton(x), (^self).a) && resolve(&x) && self.b.completed()) } } @@ -29,8 +29,8 @@ impl Iterator for Zip { fn produces(self, visited: Seq, tl: Self) -> bool { pearlite! { // Using an `unzip` definition doesn't work well because of issues related to datatypes and `match` - exists, p2 : Seq<_>> inv(p1) && inv(p2) - && p1.len() == p2.len() && p2.len() == visited.len() + exists, p2 : Seq<_>> + p1.len() == p2.len() && p2.len() == visited.len() && (forall 0 <= i && i < visited.len() ==> visited[i] == (p1[i], p2[i])) && self.a.produces(p1, tl.a) && self.b.produces(p2, tl.b) } @@ -38,15 +38,11 @@ impl Iterator for Zip { #[law] #[open] - #[requires(inv(self))] #[ensures(self.produces(Seq::EMPTY, self))] fn produces_refl(self) {} #[law] #[open] - #[requires(inv(a))] - #[requires(inv(b))] - #[requires(inv(c))] #[requires(a.produces(ab, b))] #[requires(b.produces(bc, c))] #[ensures(a.produces(ab.concat(bc), c))] diff --git a/creusot/tests/should_succeed/iterators/12_zip/why3session.xml b/creusot/tests/should_succeed/iterators/12_zip/why3session.xml index 5643e5d69..17c1ce224 100644 --- a/creusot/tests/should_succeed/iterators/12_zip/why3session.xml +++ b/creusot/tests/should_succeed/iterators/12_zip/why3session.xml @@ -11,17 +11,10 @@ - - - - - - - - + @@ -39,7 +32,7 @@ - + @@ -59,49 +52,49 @@ - + - + - + - + - + - + - + - + - + - + - + - + - + - + - + diff --git a/creusot/tests/should_succeed/iterators/12_zip/why3shapes.gz b/creusot/tests/should_succeed/iterators/12_zip/why3shapes.gz index 44f171d3cea6c2f05ace2e7eeda1be476503cc4f..b1e8c7c01ceecdff2050e0577b2adadc1c457b44 100644 GIT binary patch literal 2065 zcmV+s2=4bEiwFP!00000|GigBa~nAhzUx=$rrq&{0Qj6r4ysgC)FqeQ;$bf?J`>eA zvLh?m%)j4aztk283| zE5LYxIlz7aw^#I=&7u+S8`$IB{y9IC)~*rHJ=Y?T1K~iPJ0C4=*3-3Sflrlu*2@np zH}!Af-};BV|9Jf5pJ0%1tj1mnv8q4jqYtqr`0uYz4;dT96I4YbVN<6!^?TU2_HW+C zn$Dz;{&@eN-P8TOUojtQ_|bP9_oiP6t>NT5P7sVBzy!mv;6o3>2M06-0aeqYsA2^M0I9eQ>8K=EAj%QM29a!~_M&)Gzpr4E6KpdjxCHJ%{0J1?3JPDq+UADitwb;4 z>F8k3fx?s7`|Wj5a&m%y07^_Qh4ttPQWH3$DjG>TPz@Y)c>$>j5IHuuY?=dk6+&=e zZt6>LplACMqC+-;psS*hj6+r-AiH=9kWC<%vB62LPX_NNuc{xK=Hqs{P_+|PYqfai zcl&QE<#62y(slS&Z1wpM=N$Xe=*h87FD$Cy4?DjYyxV_#$j8UML-J*}_Ydu+J|N=uRh;vA=bLrcV1(@;ZN_W>*A=REvKKDO zL{5+VsxKY!)TS3EZ8A--yP<8`R+v$mw%cc|=6$RAB;QJcFWmtEu^FUM%FtG{-Y$L8 za3X{r2%#H7^yO!Lsrq}QKTe=KPJjcwIf>IVh0ya2VKYd*d*+a@yGkORSc=&0GPPHO zG{SC%+1C*X5B>9tGjzP4F|T%g?bvD z0>DW%-qk|!-x-WpIM~7zA|I~HexmEy+S@N?9@VotUfVhXxcKm4l#D~ur?D9;CswSs zr?uLQb!SFYH*Ut?>uD^Kj`(K$y`G&D)CC|%=t%VwgIdp5thL%sLaG{a>)$%!BW?Zp zIGJ2VF57!(dupyD>|a8{!BtC%?N3SOP&*nXDdl%*h<1(Dvs<<=Iq42n^>FJcul=2M za+br*$9vL4M-80QU_*S{jWfi%dGBXe>)!^bA7+WVOy=H$TK);su`<0<0nJFuUcjm! z(B-Dgf6AbnybKW9$zl7FNynjDEV3c(DFNd-QB>YXowW(chr$6oUkb}DS+ro;LKjg; zg(5;Uj7SkGD8d^rvWSt(rLb}^CU0bIhl7?yxgEcc=MbgF#nHd=_p+rE* zqgN)fAgVR9pe#rW!UDHI7SIA%VAfbYc;Y2$8B&OvX`VyYKC4)y=TUm1rdVKZ@{|P& ziA5o`(J>+klu;lHlw*|0V)dkN@}x@vE(|DzOmnVs)-foi4M~BT<)yF$mY79jQCn0N zrA1+pTckx11f_UQu@KKfCE_W>0w(C9lB~OxupBIBmW(BBNm-JXge7i?EVWsf#AO!6 zBMM;x8dJbWm01W;M=HM3h%Cn&Tm@1>DwA|pEJhBQxGvrpjXFT~u;kKmVL89qV^$K2 zfyh!;A{b#La3J70cuJY8r2s3K<;HStxq6A~q*&3x#{^yp02Or+3`^i%MZvOI3T_2i zfqyjs)5c4aQ6)^Zrwn6}1tJSnJOEn?X@&T;7?F&CP{<@1F{eVxC&O}zCTgCr9uQ%y z&{n9IJI^ALN{PHj<&#fFa8wXDC8?z-thQ5vmFyQ{c+WtIR7{B_GVVj*MVo}lKrUSB z+F;48BrEaPB5{_J28@#D07)fQOu?9x)>M>=4V9#_Qd%iqDI~JOloDEcRqq=vxG|;H zv9Rca&>h93e(k^+eaKNHf_lMd2}N?LL8;)uXPHjad;Qqxy(X#WX3SK?3jc<{pkh!;2|$)}Hdq2f$%6*W vP&}!64b!VelqyD^L|{;I$SEnAe5r3^3F`0LwUORy*xhM-tYf)p)P*-=jMI5 z-T!_mJYA0jdkoJv|Gj;~ z+o^@i;L$dh?d}YJdp#GiiZp7w8JBNHd~7Cmcq(_pQv1l5^n7t`cUlK}7^_yHu!07? z;DAR@t@NT1odavI$T_|aCb_Pqs%G^Ff)y&vOP2DwVNQ%|6V+Mj2qoB3d%zYRql7w2 zsH23AP{JK0+)=_uC=necqN79{p+t6+$c_@(4>_8C%Juq~H<&_)DU2{(!|3YD6L=y| ze2lQg(gI|SBJ31juXm2yaK$8SHr__hw*F1P#_)g>Md5)q;a#{Z`=6hG2@lw*6`L9r zQ)T~LoL2cPB^dR>T1+;l&R~p?p1lj;}TrYDY?1|A=a7`E)&x?ReocPRz2aEq@LcU zp`{A9*M~A3oP8m^l9?Pl-gG_J{D^^vEoal@*QtJk{Lq>FjEw0pj)^%D>XaB-B<5uP z&Ss=v4AiMb4nBM)39kgnB3oyo=SB2musl)IMfPL;eI{&Ph5Z>I9CG4`dc3XXo<18W zyfRRb|;O z+>T;ZW~z*lVozd>Uc9^;#VT%I3cRfQ__ECrb1yA@I2Ts*q+V6p=t-U|Z7r%^g(WLv zq?9K;hNWM;XQWqQsinYyEe`@cEY-u3A69*2=vb&_d`*Sxp1NVhniR}kk7=WgJ~P^= zHrl8<+AO;=ZaopVmWWqI?zoI1t@TfN|jIuGq;FH9pkN37e~)~?&Oemt5?ZFKDr z$LVCbM5mZA4Mn>-A8n#BOCB8AXgxK`E+V%_4e8u7+TJtTqtOQYXv2N9;iJ(;^wFmJ zInOpDdDKSR-&z-Ix1E}cT)ULRjo5A|?>#|lz6rLS+Pr@b?{9v(-q4r^IJPZ zd^kgVbcX5++{Qz~ZKs<0`k1x(u(vby49x@Vc*wQ~auE%6u4>Vc_axhqCAsa?(xv*) z%*sW5P!8n!sv*;^8Zz5XEoGFa`GP>{X}%#wa(&q_^vi}}dm!8NG<~y}9-8H2IUTpv z@^HJKNEzb&$zRy$-LeFQXX%gZ*FsaUhBWQlyI{ze>`7Y)*qJ_&woCY zi|+GeLWRfj^y%(-v%DPeo9&*sTJWr*!#%?|YVBvTITzl|RM*?m`ohr>xTBV3?{e(- z-9*m*ZjLkaSf1|hey{Gojs6Lv9n@1*rifltWpPJOn@8cYfBN)To>rNdk`(@c%I!ag z+j5t0pr>w{S3EwLcXjo+$pCWGhYIurAFU0_D#F)m7;>1Q2T2ToSLoiwnL1UB&3QMDN zRC4rLuoK|eIyR2AW93*n7LM65IY!6e$T~8Pv?Jw6Iyz;G18Xq|5lN$^z%gm73jk=O zL}e_uptrFFnT<5E@KB^KrKoJ6$YKST9MIU&7QT(GtV4kz$AES~8bC!3CWHY}Fv_Y> zZAs&#c2YShofJ;8ljI~i2~Joij1$@kwP9eJl{LZ)5h0_=O3TC{rDC!Sa)cikr-jq( zG&zk% zL(ZTx@YfAtggB&ZRmd@jR76HFdB}!ULaEb*(atDmS-8q%of0ktcD@wpkma)$Qif@_?;aI7^Aibg9z4; zOlBBT$tY1+#bH=L`uqEm2TDYQssN(OnN#4BbjV0dqS%@ggjyPQ2=u+&7%WAyNvM#m zF^RJk9JNiw1VxFsrUXI$9j+*wMbM&{0#Yg@PBM!WV$daOq3!gvsPE~5NKp+k7#<2$ dgvtyS$*M8{iI{P6LBD~e{{!TaiiJHV008P``j!9y diff --git a/creusot/tests/should_succeed/iterators/13_cloned.coma b/creusot/tests/should_succeed/iterators/13_cloned.coma index f67d15371..6ea890dff 100644 --- a/creusot/tests/should_succeed/iterators/13_cloned.coma +++ b/creusot/tests/should_succeed/iterators/13_cloned.coma @@ -1,33 +1,11 @@ -module M_13_cloned__qyi7043136317404314719__produces_refl [#"13_cloned.rs" 41 4 41 26] (* as common::Iterator> *) - let%span s13_cloned0 = "13_cloned.rs" 39 15 39 24 - let%span s13_cloned1 = "13_cloned.rs" 40 14 40 45 - let%span s13_cloned2 = "13_cloned.rs" 37 4 37 10 - let%span s13_cloned3 = "13_cloned.rs" 30 12 33 79 - let%span scommon4 = "common.rs" 14 15 14 24 - let%span scommon5 = "common.rs" 15 14 15 45 - let%span scommon6 = "common.rs" 19 15 19 21 - let%span scommon7 = "common.rs" 20 15 20 21 - let%span scommon8 = "common.rs" 21 15 21 21 - let%span scommon9 = "common.rs" 22 15 22 32 - let%span scommon10 = "common.rs" 23 15 23 32 - let%span scommon11 = "common.rs" 24 14 24 42 - let%span sseq12 = "../../../../creusot-contracts/src/logic/seq.rs" 611 20 611 95 - let%span sboxed13 = "../../../../creusot-contracts/src/std/boxed.rs" 28 8 28 18 - let%span sinvariant14 = "../../../../creusot-contracts/src/invariant.rs" 24 8 24 18 - - type t_I'0 - - type t_Cloned'0 = - { t_Cloned__iter'0: t_I'0 } - - predicate inv'2 (_1 : t_I'0) - - predicate inv'0 (_1 : t_Cloned'0) - - axiom inv_axiom'0 [@rewrite] : forall x : t_Cloned'0 [inv'0 x] . inv'0 x - = match x with - | {t_Cloned__iter'0 = iter} -> inv'2 iter - end +module M_13_cloned__qyi7043136317404314719__produces_refl [#"13_cloned.rs" 40 4 40 26] (* as common::Iterator> *) + let%span s13_cloned0 = "13_cloned.rs" 39 14 39 45 + let%span s13_cloned1 = "13_cloned.rs" 37 4 37 10 + let%span s13_cloned2 = "13_cloned.rs" 30 12 33 79 + let%span scommon3 = "common.rs" 14 14 14 45 + let%span scommon4 = "common.rs" 18 15 18 32 + let%span scommon5 = "common.rs" 19 15 19 32 + let%span scommon6 = "common.rs" 20 14 20 42 use seq.Seq @@ -35,113 +13,68 @@ module M_13_cloned__qyi7043136317404314719__produces_refl [#"13_cloned.rs" 41 4 use seq.Seq - use prelude.prelude.Borrow - - use seq.Seq + type t_I'0 - use prelude.prelude.Int + type t_Cloned'0 = + { t_Cloned__iter'0: t_I'0 } - use seq.Seq + use prelude.prelude.Borrow use seq.Seq - predicate inv'5 (_1 : t_T'0) - - predicate invariant'2 (self : t_T'0) = - [%#sinvariant14] inv'5 self - - predicate inv'4 (_1 : t_T'0) - - axiom inv_axiom'3 [@rewrite] : forall x : t_T'0 [inv'4 x] . inv'4 x = invariant'2 x - - predicate invariant'1 (self : t_T'0) = - [%#sboxed13] inv'4 self - - predicate inv'3 (_1 : t_T'0) - - axiom inv_axiom'2 [@rewrite] : forall x : t_T'0 [inv'3 x] . inv'3 x = invariant'1 x - - predicate invariant'0 (self : Seq.seq t_T'0) = - [%#sseq12] forall i : int . 0 <= i /\ i < Seq.length self -> inv'3 (Seq.get self i) - - predicate inv'1 (_1 : Seq.seq t_T'0) - - axiom inv_axiom'1 [@rewrite] : forall x : Seq.seq t_T'0 [inv'1 x] . inv'1 x = invariant'0 x - use seq.Seq use seq.Seq predicate produces'1 [#"common.rs" 8 4 8 65] (self : t_I'0) (visited : Seq.seq t_T'0) (o : t_I'0) - function produces_trans'0 [#"common.rs" 25 4 25 91] (a : t_I'0) (ab : Seq.seq t_T'0) (b : t_I'0) (bc : Seq.seq t_T'0) (c : t_I'0) : () + function produces_trans'0 [#"common.rs" 21 4 21 91] (a : t_I'0) (ab : Seq.seq t_T'0) (b : t_I'0) (bc : Seq.seq t_T'0) (c : t_I'0) : () - axiom produces_trans'0_spec : forall a : t_I'0, ab : Seq.seq t_T'0, b : t_I'0, bc : Seq.seq t_T'0, c : t_I'0 . ([%#scommon6] inv'2 a) - -> ([%#scommon7] inv'2 b) - -> ([%#scommon8] inv'2 c) - -> ([%#scommon9] produces'1 a ab b) - -> ([%#scommon10] produces'1 b bc c) -> ([%#scommon11] produces'1 a (Seq.(++) ab bc) c) + axiom produces_trans'0_spec : forall a : t_I'0, ab : Seq.seq t_T'0, b : t_I'0, bc : Seq.seq t_T'0, c : t_I'0 . ([%#scommon4] produces'1 a ab b) + -> ([%#scommon5] produces'1 b bc c) -> ([%#scommon6] produces'1 a (Seq.(++) ab bc) c) - function produces_refl'1 [#"common.rs" 16 4 16 27] (self : t_I'0) : () + function produces_refl'1 [#"common.rs" 15 4 15 27] (self : t_I'0) : () - axiom produces_refl'1_spec : forall self : t_I'0 . ([%#scommon4] inv'2 self) - -> ([%#scommon5] produces'1 self (Seq.empty : Seq.seq t_T'0) self) + axiom produces_refl'1_spec : forall self : t_I'0 . [%#scommon3] produces'1 self (Seq.empty : Seq.seq t_T'0) self use seq.Seq use seq.Seq + use prelude.prelude.Int + + use seq.Seq + use seq.Seq predicate produces'0 [#"13_cloned.rs" 28 4 28 64] (self : t_Cloned'0) (visited : Seq.seq t_T'0) (o : t_Cloned'0) = - [%#s13_cloned3] exists s : Seq.seq t_T'0 . inv'1 s - /\ produces'1 self.t_Cloned__iter'0 s o.t_Cloned__iter'0 + [%#s13_cloned2] exists s : Seq.seq t_T'0 . produces'1 self.t_Cloned__iter'0 s o.t_Cloned__iter'0 /\ Seq.length visited = Seq.length s /\ (forall i : int . 0 <= i /\ i < Seq.length s -> Seq.get visited i = Seq.get s i) constant self : t_Cloned'0 - function produces_refl'0 [#"13_cloned.rs" 41 4 41 26] (self : t_Cloned'0) : () + function produces_refl'0 [#"13_cloned.rs" 40 4 40 26] (self : t_Cloned'0) : () - goal vc_produces_refl'0 : ([%#s13_cloned0] inv'0 self) - -> ([%#s13_cloned1] produces'0 self (Seq.empty : Seq.seq t_T'0) self) + goal vc_produces_refl'0 : [%#s13_cloned0] produces'0 self (Seq.empty : Seq.seq t_T'0) self end -module M_13_cloned__qyi7043136317404314719__produces_trans [#"13_cloned.rs" 51 4 51 90] (* as common::Iterator> *) - let%span s13_cloned0 = "13_cloned.rs" 45 15 45 21 - let%span s13_cloned1 = "13_cloned.rs" 46 15 46 21 - let%span s13_cloned2 = "13_cloned.rs" 47 15 47 21 - let%span s13_cloned3 = "13_cloned.rs" 48 15 48 32 - let%span s13_cloned4 = "13_cloned.rs" 49 15 49 32 - let%span s13_cloned5 = "13_cloned.rs" 50 14 50 42 - let%span s13_cloned6 = "13_cloned.rs" 43 4 43 10 - let%span s13_cloned7 = "13_cloned.rs" 30 12 33 79 - let%span scommon8 = "common.rs" 14 15 14 24 - let%span scommon9 = "common.rs" 15 14 15 45 - let%span scommon10 = "common.rs" 19 15 19 21 - let%span scommon11 = "common.rs" 20 15 20 21 - let%span scommon12 = "common.rs" 21 15 21 21 - let%span scommon13 = "common.rs" 22 15 22 32 - let%span scommon14 = "common.rs" 23 15 23 32 - let%span scommon15 = "common.rs" 24 14 24 42 - let%span sseq16 = "../../../../creusot-contracts/src/logic/seq.rs" 611 20 611 95 - let%span sboxed17 = "../../../../creusot-contracts/src/std/boxed.rs" 28 8 28 18 - let%span sinvariant18 = "../../../../creusot-contracts/src/invariant.rs" 24 8 24 18 +module M_13_cloned__qyi7043136317404314719__produces_trans [#"13_cloned.rs" 47 4 47 90] (* as common::Iterator> *) + let%span s13_cloned0 = "13_cloned.rs" 44 15 44 32 + let%span s13_cloned1 = "13_cloned.rs" 45 15 45 32 + let%span s13_cloned2 = "13_cloned.rs" 46 14 46 42 + let%span s13_cloned3 = "13_cloned.rs" 42 4 42 10 + let%span s13_cloned4 = "13_cloned.rs" 30 12 33 79 + let%span scommon5 = "common.rs" 14 14 14 45 + let%span scommon6 = "common.rs" 18 15 18 32 + let%span scommon7 = "common.rs" 19 15 19 32 + let%span scommon8 = "common.rs" 20 14 20 42 type t_I'0 type t_Cloned'0 = { t_Cloned__iter'0: t_I'0 } - predicate inv'2 (_1 : t_I'0) - - predicate inv'0 (_1 : t_Cloned'0) - - axiom inv_axiom'0 [@rewrite] : forall x : t_Cloned'0 [inv'0 x] . inv'0 x - = match x with - | {t_Cloned__iter'0 = iter} -> inv'2 iter - end - type t_T'0 use seq.Seq @@ -150,64 +83,34 @@ module M_13_cloned__qyi7043136317404314719__produces_trans [#"13_cloned.rs" 51 4 use seq.Seq - use prelude.prelude.Int - use seq.Seq use seq.Seq - predicate inv'5 (_1 : t_T'0) - - predicate invariant'2 (self : t_T'0) = - [%#sinvariant18] inv'5 self - - predicate inv'4 (_1 : t_T'0) - - axiom inv_axiom'3 [@rewrite] : forall x : t_T'0 [inv'4 x] . inv'4 x = invariant'2 x - - predicate invariant'1 (self : t_T'0) = - [%#sboxed17] inv'4 self - - predicate inv'3 (_1 : t_T'0) + predicate produces'1 [#"common.rs" 8 4 8 65] (self : t_I'0) (visited : Seq.seq t_T'0) (o : t_I'0) - axiom inv_axiom'2 [@rewrite] : forall x : t_T'0 [inv'3 x] . inv'3 x = invariant'1 x + function produces_trans'1 [#"common.rs" 21 4 21 91] (a : t_I'0) (ab : Seq.seq t_T'0) (b : t_I'0) (bc : Seq.seq t_T'0) (c : t_I'0) : () + - predicate invariant'0 (self : Seq.seq t_T'0) = - [%#sseq16] forall i : int . 0 <= i /\ i < Seq.length self -> inv'3 (Seq.get self i) + axiom produces_trans'1_spec : forall a : t_I'0, ab : Seq.seq t_T'0, b : t_I'0, bc : Seq.seq t_T'0, c : t_I'0 . ([%#scommon6] produces'1 a ab b) + -> ([%#scommon7] produces'1 b bc c) -> ([%#scommon8] produces'1 a (Seq.(++) ab bc) c) - predicate inv'1 (_1 : Seq.seq t_T'0) + function produces_refl'0 [#"common.rs" 15 4 15 27] (self : t_I'0) : () - axiom inv_axiom'1 [@rewrite] : forall x : Seq.seq t_T'0 [inv'1 x] . inv'1 x = invariant'0 x + axiom produces_refl'0_spec : forall self : t_I'0 . [%#scommon5] produces'1 self (Seq.empty : Seq.seq t_T'0) self use seq.Seq use seq.Seq - predicate produces'1 [#"common.rs" 8 4 8 65] (self : t_I'0) (visited : Seq.seq t_T'0) (o : t_I'0) - - function produces_trans'1 [#"common.rs" 25 4 25 91] (a : t_I'0) (ab : Seq.seq t_T'0) (b : t_I'0) (bc : Seq.seq t_T'0) (c : t_I'0) : () - - - axiom produces_trans'1_spec : forall a : t_I'0, ab : Seq.seq t_T'0, b : t_I'0, bc : Seq.seq t_T'0, c : t_I'0 . ([%#scommon10] inv'2 a) - -> ([%#scommon11] inv'2 b) - -> ([%#scommon12] inv'2 c) - -> ([%#scommon13] produces'1 a ab b) - -> ([%#scommon14] produces'1 b bc c) -> ([%#scommon15] produces'1 a (Seq.(++) ab bc) c) - - function produces_refl'0 [#"common.rs" 16 4 16 27] (self : t_I'0) : () - - axiom produces_refl'0_spec : forall self : t_I'0 . ([%#scommon8] inv'2 self) - -> ([%#scommon9] produces'1 self (Seq.empty : Seq.seq t_T'0) self) - - use seq.Seq + use prelude.prelude.Int use seq.Seq use seq.Seq predicate produces'0 [#"13_cloned.rs" 28 4 28 64] (self : t_Cloned'0) (visited : Seq.seq t_T'0) (o : t_Cloned'0) = - [%#s13_cloned7] exists s : Seq.seq t_T'0 . inv'1 s - /\ produces'1 self.t_Cloned__iter'0 s o.t_Cloned__iter'0 + [%#s13_cloned4] exists s : Seq.seq t_T'0 . produces'1 self.t_Cloned__iter'0 s o.t_Cloned__iter'0 /\ Seq.length visited = Seq.length s /\ (forall i : int . 0 <= i /\ i < Seq.length s -> Seq.get visited i = Seq.get s i) @@ -223,37 +126,29 @@ module M_13_cloned__qyi7043136317404314719__produces_trans [#"13_cloned.rs" 51 4 constant c : t_Cloned'0 - function produces_trans'0 [#"13_cloned.rs" 51 4 51 90] (a : t_Cloned'0) (ab : Seq.seq t_T'0) (b : t_Cloned'0) (bc : Seq.seq t_T'0) (c : t_Cloned'0) : () + function produces_trans'0 [#"13_cloned.rs" 47 4 47 90] (a : t_Cloned'0) (ab : Seq.seq t_T'0) (b : t_Cloned'0) (bc : Seq.seq t_T'0) (c : t_Cloned'0) : () - goal vc_produces_trans'0 : ([%#s13_cloned4] produces'0 b bc c) - -> ([%#s13_cloned3] produces'0 a ab b) - -> ([%#s13_cloned2] inv'0 c) - -> ([%#s13_cloned1] inv'0 b) -> ([%#s13_cloned0] inv'0 a) -> ([%#s13_cloned5] produces'0 a (Seq.(++) ab bc) c) + goal vc_produces_trans'0 : ([%#s13_cloned1] produces'0 b bc c) + -> ([%#s13_cloned0] produces'0 a ab b) -> ([%#s13_cloned2] produces'0 a (Seq.(++) ab bc) c) end -module M_13_cloned__qyi7043136317404314719__next [#"13_cloned.rs" 57 4 57 35] (* as common::Iterator> *) - let%span s13_cloned0 = "13_cloned.rs" 57 17 57 21 - let%span s13_cloned1 = "13_cloned.rs" 57 26 57 35 - let%span s13_cloned2 = "13_cloned.rs" 53 14 56 5 - let%span scommon3 = "common.rs" 31 17 31 21 - let%span scommon4 = "common.rs" 31 26 31 44 - let%span scommon5 = "common.rs" 27 14 30 5 +module M_13_cloned__qyi7043136317404314719__next [#"13_cloned.rs" 53 4 53 35] (* as common::Iterator> *) + let%span s13_cloned0 = "13_cloned.rs" 53 17 53 21 + let%span s13_cloned1 = "13_cloned.rs" 53 26 53 35 + let%span s13_cloned2 = "13_cloned.rs" 49 14 52 5 + let%span scommon3 = "common.rs" 27 17 27 21 + let%span scommon4 = "common.rs" 27 26 27 44 + let%span scommon5 = "common.rs" 23 14 26 5 let%span soption6 = "../../../../creusot-contracts/src/std/option.rs" 31 0 423 1 let%span s13_cloned7 = "13_cloned.rs" 23 8 23 43 let%span s13_cloned8 = "13_cloned.rs" 30 12 33 79 - let%span scommon9 = "common.rs" 14 15 14 24 - let%span scommon10 = "common.rs" 15 14 15 45 - let%span scommon11 = "common.rs" 19 15 19 21 - let%span scommon12 = "common.rs" 20 15 20 21 - let%span scommon13 = "common.rs" 21 15 21 21 - let%span scommon14 = "common.rs" 22 15 22 32 - let%span scommon15 = "common.rs" 23 15 23 32 - let%span scommon16 = "common.rs" 24 14 24 42 - let%span sresolve17 = "../../../../creusot-contracts/src/resolve.rs" 54 20 54 34 - let%span sinvariant18 = "../../../../creusot-contracts/src/invariant.rs" 34 20 34 44 - let%span sseq19 = "../../../../creusot-contracts/src/logic/seq.rs" 611 20 611 95 - let%span sinvariant20 = "../../../../creusot-contracts/src/invariant.rs" 24 8 24 18 - let%span sboxed21 = "../../../../creusot-contracts/src/std/boxed.rs" 28 8 28 18 + let%span scommon9 = "common.rs" 14 14 14 45 + let%span scommon10 = "common.rs" 18 15 18 32 + let%span scommon11 = "common.rs" 19 15 19 32 + let%span scommon12 = "common.rs" 20 14 20 42 + let%span sresolve13 = "../../../../creusot-contracts/src/resolve.rs" 54 20 54 34 + let%span sinvariant14 = "../../../../creusot-contracts/src/invariant.rs" 34 20 34 44 + let%span sinvariant15 = "../../../../creusot-contracts/src/invariant.rs" 24 8 24 18 use prelude.prelude.Borrow @@ -274,22 +169,18 @@ module M_13_cloned__qyi7043136317404314719__next [#"13_cloned.rs" 57 4 57 35] (* predicate produces'1 [#"common.rs" 8 4 8 65] (self : t_I'0) (visited : Seq.seq t_T'0) (o : t_I'0) - function produces_trans'0 [#"common.rs" 25 4 25 91] (a : t_I'0) (ab : Seq.seq t_T'0) (b : t_I'0) (bc : Seq.seq t_T'0) (c : t_I'0) : () + function produces_trans'0 [#"common.rs" 21 4 21 91] (a : t_I'0) (ab : Seq.seq t_T'0) (b : t_I'0) (bc : Seq.seq t_T'0) (c : t_I'0) : () - axiom produces_trans'0_spec : forall a : t_I'0, ab : Seq.seq t_T'0, b : t_I'0, bc : Seq.seq t_T'0, c : t_I'0 . ([%#scommon11] inv'0 a) - -> ([%#scommon12] inv'0 b) - -> ([%#scommon13] inv'0 c) - -> ([%#scommon14] produces'1 a ab b) - -> ([%#scommon15] produces'1 b bc c) -> ([%#scommon16] produces'1 a (Seq.(++) ab bc) c) + axiom produces_trans'0_spec : forall a : t_I'0, ab : Seq.seq t_T'0, b : t_I'0, bc : Seq.seq t_T'0, c : t_I'0 . ([%#scommon10] produces'1 a ab b) + -> ([%#scommon11] produces'1 b bc c) -> ([%#scommon12] produces'1 a (Seq.(++) ab bc) c) - function produces_refl'0 [#"common.rs" 16 4 16 27] (self : t_I'0) : () + function produces_refl'0 [#"common.rs" 15 4 15 27] (self : t_I'0) : () - axiom produces_refl'0_spec : forall self : t_I'0 . ([%#scommon9] inv'0 self) - -> ([%#scommon10] produces'1 self (Seq.empty : Seq.seq t_T'0) self) + axiom produces_refl'0_spec : forall self : t_I'0 . [%#scommon9] produces'1 self (Seq.empty : Seq.seq t_T'0) self predicate invariant'1 (self : borrowed t_I'0) = - [%#sinvariant18] inv'0 self.current /\ inv'0 self.final + [%#sinvariant14] inv'0 self.current /\ inv'0 self.final predicate inv'3 (_1 : borrowed t_I'0) @@ -299,21 +190,21 @@ module M_13_cloned__qyi7043136317404314719__next [#"13_cloned.rs" 57 4 57 35] (* | C_None'1 | C_Some'1 t_T'0 - predicate inv'6 (_1 : t_T'0) + predicate inv'5 (_1 : t_T'0) - predicate invariant'3 (self : t_T'0) = - [%#sinvariant20] inv'6 self + predicate invariant'2 (self : t_T'0) = + [%#sinvariant15] inv'5 self - predicate inv'7 (_1 : t_T'0) + predicate inv'6 (_1 : t_T'0) - axiom inv_axiom'5 [@rewrite] : forall x : t_T'0 [inv'7 x] . inv'7 x = invariant'3 x + axiom inv_axiom'4 [@rewrite] : forall x : t_T'0 [inv'6 x] . inv'6 x = invariant'2 x predicate inv'4 (_1 : t_Option'0) axiom inv_axiom'3 [@rewrite] : forall x : t_Option'0 [inv'4 x] . inv'4 x = match x with | C_None'1 -> true - | C_Some'1 a_0 -> inv'7 a_0 + | C_Some'1 a_0 -> inv'6 a_0 end predicate completed'1 [#"common.rs" 11 4 11 36] (self : borrowed t_I'0) @@ -330,22 +221,22 @@ module M_13_cloned__qyi7043136317404314719__next [#"13_cloned.rs" 57 4 57 35] (* (! return' {result}) ] - predicate inv'8 (_1 : t_Cloned'0) + predicate inv'7 (_1 : t_Cloned'0) - axiom inv_axiom'6 [@rewrite] : forall x : t_Cloned'0 [inv'8 x] . inv'8 x + axiom inv_axiom'5 [@rewrite] : forall x : t_Cloned'0 [inv'7 x] . inv'7 x = match x with | {t_Cloned__iter'0 = iter} -> inv'0 iter end predicate invariant'0 (self : borrowed (t_Cloned'0)) = - [%#sinvariant18] inv'8 self.current /\ inv'8 self.final + [%#sinvariant14] inv'7 self.current /\ inv'7 self.final predicate inv'1 (_1 : borrowed (t_Cloned'0)) axiom inv_axiom'0 [@rewrite] : forall x : borrowed (t_Cloned'0) [inv'1 x] . inv'1 x = invariant'0 x predicate resolve'1 (self : borrowed (t_Cloned'0)) = - [%#sresolve17] self.final = self.current + [%#sresolve13] self.final = self.current predicate resolve'0 (_1 : borrowed (t_Cloned'0)) = resolve'1 _1 @@ -359,7 +250,7 @@ module M_13_cloned__qyi7043136317404314719__next [#"13_cloned.rs" 57 4 57 35] (* axiom inv_axiom'1 [@rewrite] : forall x : t_Option'1 [inv'2 x] . inv'2 x = match x with | C_None'0 -> true - | C_Some'0 a_0 -> inv'6 a_0 + | C_Some'0 a_0 -> inv'5 a_0 end let rec cloned'0 (self:t_Option'0) (return' (ret:t_Option'1))= {[@expl:cloned 'self' type invariant] inv'4 self} @@ -379,35 +270,18 @@ module M_13_cloned__qyi7043136317404314719__next [#"13_cloned.rs" 57 4 57 35] (* use seq.Seq - use prelude.prelude.Int - use seq.Seq use seq.Seq - predicate invariant'4 (self : t_T'0) = - [%#sboxed21] inv'7 self - - predicate inv'9 (_1 : t_T'0) - - axiom inv_axiom'7 [@rewrite] : forall x : t_T'0 [inv'9 x] . inv'9 x = invariant'4 x - - predicate invariant'2 (self : Seq.seq t_T'0) = - [%#sseq19] forall i : int . 0 <= i /\ i < Seq.length self -> inv'9 (Seq.get self i) - - predicate inv'5 (_1 : Seq.seq t_T'0) - - axiom inv_axiom'4 [@rewrite] : forall x : Seq.seq t_T'0 [inv'5 x] . inv'5 x = invariant'2 x - - use seq.Seq + use prelude.prelude.Int use seq.Seq use seq.Seq predicate produces'0 [#"13_cloned.rs" 28 4 28 64] (self : t_Cloned'0) (visited : Seq.seq t_T'0) (o : t_Cloned'0) = - [%#s13_cloned8] exists s : Seq.seq t_T'0 . inv'5 s - /\ produces'1 self.t_Cloned__iter'0 s o.t_Cloned__iter'0 + [%#s13_cloned8] exists s : Seq.seq t_T'0 . produces'1 self.t_Cloned__iter'0 s o.t_Cloned__iter'0 /\ Seq.length visited = Seq.length s /\ (forall i : int . 0 <= i /\ i < Seq.length s -> Seq.get visited i = Seq.get s i) @@ -447,20 +321,13 @@ module M_13_cloned__qyi7043136317404314719__next [#"13_cloned.rs" 57 4 57 35] (* (! return' {result}) ] end -module M_13_cloned__qyi7043136317404314719__produces_trans__refines [#"13_cloned.rs" 51 4 51 90] (* as common::Iterator> *) - let%span s13_cloned0 = "13_cloned.rs" 51 4 51 90 +module M_13_cloned__qyi7043136317404314719__produces_trans__refines [#"13_cloned.rs" 47 4 47 90] (* as common::Iterator> *) + let%span s13_cloned0 = "13_cloned.rs" 47 4 47 90 let%span s13_cloned1 = "13_cloned.rs" 30 12 33 79 - let%span scommon2 = "common.rs" 14 15 14 24 - let%span scommon3 = "common.rs" 15 14 15 45 - let%span scommon4 = "common.rs" 19 15 19 21 - let%span scommon5 = "common.rs" 20 15 20 21 - let%span scommon6 = "common.rs" 21 15 21 21 - let%span scommon7 = "common.rs" 22 15 22 32 - let%span scommon8 = "common.rs" 23 15 23 32 - let%span scommon9 = "common.rs" 24 14 24 42 - let%span sseq10 = "../../../../creusot-contracts/src/logic/seq.rs" 611 20 611 95 - let%span sboxed11 = "../../../../creusot-contracts/src/std/boxed.rs" 28 8 28 18 - let%span sinvariant12 = "../../../../creusot-contracts/src/invariant.rs" 24 8 24 18 + let%span scommon2 = "common.rs" 14 14 14 45 + let%span scommon3 = "common.rs" 18 15 18 32 + let%span scommon4 = "common.rs" 19 15 19 32 + let%span scommon5 = "common.rs" 20 14 20 42 type t_I'0 @@ -475,114 +342,57 @@ module M_13_cloned__qyi7043136317404314719__produces_trans__refines [#"13_cloned use seq.Seq - use prelude.prelude.Int - use seq.Seq use seq.Seq - predicate inv'5 (_1 : t_T'0) - - predicate invariant'2 (self : t_T'0) = - [%#sinvariant12] inv'5 self - - predicate inv'4 (_1 : t_T'0) - - axiom inv_axiom'3 [@rewrite] : forall x : t_T'0 [inv'4 x] . inv'4 x = invariant'2 x - - predicate invariant'1 (self : t_T'0) = - [%#sboxed11] inv'4 self - - predicate inv'3 (_1 : t_T'0) - - axiom inv_axiom'2 [@rewrite] : forall x : t_T'0 [inv'3 x] . inv'3 x = invariant'1 x + predicate produces'1 [#"common.rs" 8 4 8 65] (self : t_I'0) (visited : Seq.seq t_T'0) (o : t_I'0) - predicate invariant'0 (self : Seq.seq t_T'0) = - [%#sseq10] forall i : int . 0 <= i /\ i < Seq.length self -> inv'3 (Seq.get self i) + function produces_trans'1 [#"common.rs" 21 4 21 91] (a : t_I'0) (ab : Seq.seq t_T'0) (b : t_I'0) (bc : Seq.seq t_T'0) (c : t_I'0) : () + - predicate inv'1 (_1 : Seq.seq t_T'0) + axiom produces_trans'1_spec : forall a : t_I'0, ab : Seq.seq t_T'0, b : t_I'0, bc : Seq.seq t_T'0, c : t_I'0 . ([%#scommon3] produces'1 a ab b) + -> ([%#scommon4] produces'1 b bc c) -> ([%#scommon5] produces'1 a (Seq.(++) ab bc) c) - axiom inv_axiom'1 [@rewrite] : forall x : Seq.seq t_T'0 [inv'1 x] . inv'1 x = invariant'0 x + function produces_refl'0 [#"common.rs" 15 4 15 27] (self : t_I'0) : () - predicate inv'2 (_1 : t_I'0) + axiom produces_refl'0_spec : forall self : t_I'0 . [%#scommon2] produces'1 self (Seq.empty : Seq.seq t_T'0) self use seq.Seq use seq.Seq - predicate produces'1 [#"common.rs" 8 4 8 65] (self : t_I'0) (visited : Seq.seq t_T'0) (o : t_I'0) - - function produces_trans'1 [#"common.rs" 25 4 25 91] (a : t_I'0) (ab : Seq.seq t_T'0) (b : t_I'0) (bc : Seq.seq t_T'0) (c : t_I'0) : () - - - axiom produces_trans'1_spec : forall a : t_I'0, ab : Seq.seq t_T'0, b : t_I'0, bc : Seq.seq t_T'0, c : t_I'0 . ([%#scommon4] inv'2 a) - -> ([%#scommon5] inv'2 b) - -> ([%#scommon6] inv'2 c) - -> ([%#scommon7] produces'1 a ab b) - -> ([%#scommon8] produces'1 b bc c) -> ([%#scommon9] produces'1 a (Seq.(++) ab bc) c) - - function produces_refl'0 [#"common.rs" 16 4 16 27] (self : t_I'0) : () - - axiom produces_refl'0_spec : forall self : t_I'0 . ([%#scommon2] inv'2 self) - -> ([%#scommon3] produces'1 self (Seq.empty : Seq.seq t_T'0) self) - - use seq.Seq + use prelude.prelude.Int use seq.Seq use seq.Seq predicate produces'0 [#"13_cloned.rs" 28 4 28 64] (self : t_Cloned'0) (visited : Seq.seq t_T'0) (o : t_Cloned'0) = - [%#s13_cloned1] exists s : Seq.seq t_T'0 . inv'1 s - /\ produces'1 self.t_Cloned__iter'0 s o.t_Cloned__iter'0 + [%#s13_cloned1] exists s : Seq.seq t_T'0 . produces'1 self.t_Cloned__iter'0 s o.t_Cloned__iter'0 /\ Seq.length visited = Seq.length s /\ (forall i : int . 0 <= i /\ i < Seq.length s -> Seq.get visited i = Seq.get s i) - predicate inv'0 (_1 : t_Cloned'0) - - axiom inv_axiom'0 [@rewrite] : forall x : t_Cloned'0 [inv'0 x] . inv'0 x - = match x with - | {t_Cloned__iter'0 = iter} -> inv'2 iter - end - use seq.Seq goal refines : [%#s13_cloned0] forall a : t_Cloned'0 . forall ab : Seq.seq t_T'0 . forall b : t_Cloned'0 . forall bc : Seq.seq t_T'0 . forall c : t_Cloned'0 . produces'0 b bc c - /\ produces'0 a ab b /\ inv'0 c /\ inv'0 b /\ inv'0 a - -> produces'0 b bc c /\ produces'0 a ab b - /\ inv'0 c - /\ inv'0 b /\ inv'0 a /\ (forall result : () . produces'0 a (Seq.(++) ab bc) c -> produces'0 a (Seq.(++) ab bc) c) + -> produces'0 b bc c + /\ produces'0 a ab b /\ (forall result : () . produces'0 a (Seq.(++) ab bc) c -> produces'0 a (Seq.(++) ab bc) c) end -module M_13_cloned__qyi7043136317404314719__produces_refl__refines [#"13_cloned.rs" 41 4 41 26] (* as common::Iterator> *) - let%span s13_cloned0 = "13_cloned.rs" 41 4 41 26 +module M_13_cloned__qyi7043136317404314719__produces_refl__refines [#"13_cloned.rs" 40 4 40 26] (* as common::Iterator> *) + let%span s13_cloned0 = "13_cloned.rs" 40 4 40 26 let%span s13_cloned1 = "13_cloned.rs" 30 12 33 79 - let%span scommon2 = "common.rs" 14 15 14 24 - let%span scommon3 = "common.rs" 15 14 15 45 - let%span scommon4 = "common.rs" 19 15 19 21 - let%span scommon5 = "common.rs" 20 15 20 21 - let%span scommon6 = "common.rs" 21 15 21 21 - let%span scommon7 = "common.rs" 22 15 22 32 - let%span scommon8 = "common.rs" 23 15 23 32 - let%span scommon9 = "common.rs" 24 14 24 42 - let%span sseq10 = "../../../../creusot-contracts/src/logic/seq.rs" 611 20 611 95 - let%span sboxed11 = "../../../../creusot-contracts/src/std/boxed.rs" 28 8 28 18 - let%span sinvariant12 = "../../../../creusot-contracts/src/invariant.rs" 24 8 24 18 + let%span scommon2 = "common.rs" 14 14 14 45 + let%span scommon3 = "common.rs" 18 15 18 32 + let%span scommon4 = "common.rs" 19 15 19 32 + let%span scommon5 = "common.rs" 20 14 20 42 type t_I'0 type t_Cloned'0 = { t_Cloned__iter'0: t_I'0 } - predicate inv'2 (_1 : t_I'0) - - predicate inv'0 (_1 : t_Cloned'0) - - axiom inv_axiom'0 [@rewrite] : forall x : t_Cloned'0 [inv'0 x] . inv'0 x - = match x with - | {t_Cloned__iter'0 = iter} -> inv'2 iter - end - use seq.Seq type t_T'0 @@ -593,88 +403,49 @@ module M_13_cloned__qyi7043136317404314719__produces_refl__refines [#"13_cloned. use seq.Seq - use prelude.prelude.Int - use seq.Seq use seq.Seq - predicate inv'5 (_1 : t_T'0) - - predicate invariant'2 (self : t_T'0) = - [%#sinvariant12] inv'5 self - - predicate inv'4 (_1 : t_T'0) - - axiom inv_axiom'3 [@rewrite] : forall x : t_T'0 [inv'4 x] . inv'4 x = invariant'2 x - - predicate invariant'1 (self : t_T'0) = - [%#sboxed11] inv'4 self - - predicate inv'3 (_1 : t_T'0) + predicate produces'1 [#"common.rs" 8 4 8 65] (self : t_I'0) (visited : Seq.seq t_T'0) (o : t_I'0) - axiom inv_axiom'2 [@rewrite] : forall x : t_T'0 [inv'3 x] . inv'3 x = invariant'1 x + function produces_trans'0 [#"common.rs" 21 4 21 91] (a : t_I'0) (ab : Seq.seq t_T'0) (b : t_I'0) (bc : Seq.seq t_T'0) (c : t_I'0) : () + - predicate invariant'0 (self : Seq.seq t_T'0) = - [%#sseq10] forall i : int . 0 <= i /\ i < Seq.length self -> inv'3 (Seq.get self i) + axiom produces_trans'0_spec : forall a : t_I'0, ab : Seq.seq t_T'0, b : t_I'0, bc : Seq.seq t_T'0, c : t_I'0 . ([%#scommon3] produces'1 a ab b) + -> ([%#scommon4] produces'1 b bc c) -> ([%#scommon5] produces'1 a (Seq.(++) ab bc) c) - predicate inv'1 (_1 : Seq.seq t_T'0) + function produces_refl'1 [#"common.rs" 15 4 15 27] (self : t_I'0) : () - axiom inv_axiom'1 [@rewrite] : forall x : Seq.seq t_T'0 [inv'1 x] . inv'1 x = invariant'0 x + axiom produces_refl'1_spec : forall self : t_I'0 . [%#scommon2] produces'1 self (Seq.empty : Seq.seq t_T'0) self use seq.Seq use seq.Seq - predicate produces'1 [#"common.rs" 8 4 8 65] (self : t_I'0) (visited : Seq.seq t_T'0) (o : t_I'0) - - function produces_trans'0 [#"common.rs" 25 4 25 91] (a : t_I'0) (ab : Seq.seq t_T'0) (b : t_I'0) (bc : Seq.seq t_T'0) (c : t_I'0) : () - - - axiom produces_trans'0_spec : forall a : t_I'0, ab : Seq.seq t_T'0, b : t_I'0, bc : Seq.seq t_T'0, c : t_I'0 . ([%#scommon4] inv'2 a) - -> ([%#scommon5] inv'2 b) - -> ([%#scommon6] inv'2 c) - -> ([%#scommon7] produces'1 a ab b) - -> ([%#scommon8] produces'1 b bc c) -> ([%#scommon9] produces'1 a (Seq.(++) ab bc) c) - - function produces_refl'1 [#"common.rs" 16 4 16 27] (self : t_I'0) : () - - axiom produces_refl'1_spec : forall self : t_I'0 . ([%#scommon2] inv'2 self) - -> ([%#scommon3] produces'1 self (Seq.empty : Seq.seq t_T'0) self) - - use seq.Seq + use prelude.prelude.Int use seq.Seq use seq.Seq predicate produces'0 [#"13_cloned.rs" 28 4 28 64] (self : t_Cloned'0) (visited : Seq.seq t_T'0) (o : t_Cloned'0) = - [%#s13_cloned1] exists s : Seq.seq t_T'0 . inv'1 s - /\ produces'1 self.t_Cloned__iter'0 s o.t_Cloned__iter'0 + [%#s13_cloned1] exists s : Seq.seq t_T'0 . produces'1 self.t_Cloned__iter'0 s o.t_Cloned__iter'0 /\ Seq.length visited = Seq.length s /\ (forall i : int . 0 <= i /\ i < Seq.length s -> Seq.get visited i = Seq.get s i) - goal refines : [%#s13_cloned0] forall self : t_Cloned'0 . inv'0 self - -> inv'0 self - /\ (forall result : () . produces'0 self (Seq.empty : Seq.seq t_T'0) self - -> produces'0 self (Seq.empty : Seq.seq t_T'0) self) + goal refines : [%#s13_cloned0] forall self : t_Cloned'0 . forall result : () . produces'0 self (Seq.empty : Seq.seq t_T'0) self + -> produces'0 self (Seq.empty : Seq.seq t_T'0) self end -module M_13_cloned__qyi7043136317404314719__next__refines [#"13_cloned.rs" 57 4 57 35] (* as common::Iterator> *) - let%span s13_cloned0 = "13_cloned.rs" 57 4 57 35 +module M_13_cloned__qyi7043136317404314719__next__refines [#"13_cloned.rs" 53 4 53 35] (* as common::Iterator> *) + let%span s13_cloned0 = "13_cloned.rs" 53 4 53 35 let%span s13_cloned1 = "13_cloned.rs" 23 8 23 43 let%span s13_cloned2 = "13_cloned.rs" 30 12 33 79 let%span sinvariant3 = "../../../../creusot-contracts/src/invariant.rs" 34 20 34 44 - let%span scommon4 = "common.rs" 14 15 14 24 - let%span scommon5 = "common.rs" 15 14 15 45 - let%span scommon6 = "common.rs" 19 15 19 21 - let%span scommon7 = "common.rs" 20 15 20 21 - let%span scommon8 = "common.rs" 21 15 21 21 - let%span scommon9 = "common.rs" 22 15 22 32 - let%span scommon10 = "common.rs" 23 15 23 32 - let%span scommon11 = "common.rs" 24 14 24 42 - let%span sseq12 = "../../../../creusot-contracts/src/logic/seq.rs" 611 20 611 95 - let%span sboxed13 = "../../../../creusot-contracts/src/std/boxed.rs" 28 8 28 18 - let%span sinvariant14 = "../../../../creusot-contracts/src/invariant.rs" 24 8 24 18 + let%span scommon4 = "common.rs" 14 14 14 45 + let%span scommon5 = "common.rs" 18 15 18 32 + let%span scommon6 = "common.rs" 19 15 19 32 + let%span scommon7 = "common.rs" 20 14 20 42 use prelude.prelude.Borrow @@ -683,17 +454,17 @@ module M_13_cloned__qyi7043136317404314719__next__refines [#"13_cloned.rs" 57 4 type t_Cloned'0 = { t_Cloned__iter'0: t_I'0 } - predicate inv'5 (_1 : t_I'0) + predicate inv'4 (_1 : t_I'0) - predicate inv'4 (_1 : t_Cloned'0) + predicate inv'3 (_1 : t_Cloned'0) - axiom inv_axiom'3 [@rewrite] : forall x : t_Cloned'0 [inv'4 x] . inv'4 x + axiom inv_axiom'2 [@rewrite] : forall x : t_Cloned'0 [inv'3 x] . inv'3 x = match x with - | {t_Cloned__iter'0 = iter} -> inv'5 iter + | {t_Cloned__iter'0 = iter} -> inv'4 iter end predicate invariant'0 (self : borrowed (t_Cloned'0)) = - [%#sinvariant3] inv'4 self.current /\ inv'4 self.final + [%#sinvariant3] inv'3 self.current /\ inv'3 self.final predicate inv'0 (_1 : borrowed (t_Cloned'0)) @@ -713,19 +484,15 @@ module M_13_cloned__qyi7043136317404314719__next__refines [#"13_cloned.rs" 57 4 predicate produces'1 [#"common.rs" 8 4 8 65] (self : t_I'0) (visited : Seq.seq t_T'0) (o : t_I'0) - function produces_trans'0 [#"common.rs" 25 4 25 91] (a : t_I'0) (ab : Seq.seq t_T'0) (b : t_I'0) (bc : Seq.seq t_T'0) (c : t_I'0) : () + function produces_trans'0 [#"common.rs" 21 4 21 91] (a : t_I'0) (ab : Seq.seq t_T'0) (b : t_I'0) (bc : Seq.seq t_T'0) (c : t_I'0) : () - axiom produces_trans'0_spec : forall a : t_I'0, ab : Seq.seq t_T'0, b : t_I'0, bc : Seq.seq t_T'0, c : t_I'0 . ([%#scommon6] inv'5 a) - -> ([%#scommon7] inv'5 b) - -> ([%#scommon8] inv'5 c) - -> ([%#scommon9] produces'1 a ab b) - -> ([%#scommon10] produces'1 b bc c) -> ([%#scommon11] produces'1 a (Seq.(++) ab bc) c) + axiom produces_trans'0_spec : forall a : t_I'0, ab : Seq.seq t_T'0, b : t_I'0, bc : Seq.seq t_T'0, c : t_I'0 . ([%#scommon5] produces'1 a ab b) + -> ([%#scommon6] produces'1 b bc c) -> ([%#scommon7] produces'1 a (Seq.(++) ab bc) c) - function produces_refl'0 [#"common.rs" 16 4 16 27] (self : t_I'0) : () + function produces_refl'0 [#"common.rs" 15 4 15 27] (self : t_I'0) : () - axiom produces_refl'0_spec : forall self : t_I'0 . ([%#scommon4] inv'5 self) - -> ([%#scommon5] produces'1 self (Seq.empty : Seq.seq t_T'0) self) + axiom produces_refl'0_spec : forall self : t_I'0 . [%#scommon4] produces'1 self (Seq.empty : Seq.seq t_T'0) self predicate completed'1 [#"common.rs" 11 4 11 36] (self : borrowed t_I'0) @@ -736,53 +503,29 @@ module M_13_cloned__qyi7043136317404314719__next__refines [#"13_cloned.rs" 57 4 use seq.Seq - use prelude.prelude.Int - use seq.Seq use seq.Seq - predicate inv'3 (_1 : t_T'0) - - predicate invariant'3 (self : t_T'0) = - [%#sinvariant14] inv'3 self - - predicate inv'7 (_1 : t_T'0) - - axiom inv_axiom'5 [@rewrite] : forall x : t_T'0 [inv'7 x] . inv'7 x = invariant'3 x - - predicate invariant'2 (self : t_T'0) = - [%#sboxed13] inv'7 self - - predicate inv'6 (_1 : t_T'0) - - axiom inv_axiom'4 [@rewrite] : forall x : t_T'0 [inv'6 x] . inv'6 x = invariant'2 x - - predicate invariant'1 (self : Seq.seq t_T'0) = - [%#sseq12] forall i : int . 0 <= i /\ i < Seq.length self -> inv'6 (Seq.get self i) - - predicate inv'2 (_1 : Seq.seq t_T'0) - - axiom inv_axiom'2 [@rewrite] : forall x : Seq.seq t_T'0 [inv'2 x] . inv'2 x = invariant'1 x - - use seq.Seq + use prelude.prelude.Int use seq.Seq use seq.Seq predicate produces'0 [#"13_cloned.rs" 28 4 28 64] (self : t_Cloned'0) (visited : Seq.seq t_T'0) (o : t_Cloned'0) = - [%#s13_cloned2] exists s : Seq.seq t_T'0 . inv'2 s - /\ produces'1 self.t_Cloned__iter'0 s o.t_Cloned__iter'0 + [%#s13_cloned2] exists s : Seq.seq t_T'0 . produces'1 self.t_Cloned__iter'0 s o.t_Cloned__iter'0 /\ Seq.length visited = Seq.length s /\ (forall i : int . 0 <= i /\ i < Seq.length s -> Seq.get visited i = Seq.get s i) + predicate inv'2 (_1 : t_T'0) + predicate inv'1 (_1 : t_Option'0) axiom inv_axiom'1 [@rewrite] : forall x : t_Option'0 [inv'1 x] . inv'1 x = match x with | C_None'0 -> true - | C_Some'0 a_0 -> inv'3 a_0 + | C_Some'0 a_0 -> inv'2 a_0 end goal refines : [%#s13_cloned0] forall self : borrowed (t_Cloned'0) . inv'0 self diff --git a/creusot/tests/should_succeed/iterators/13_cloned.rs b/creusot/tests/should_succeed/iterators/13_cloned.rs index 5991ecc0a..ee25f6951 100644 --- a/creusot/tests/should_succeed/iterators/13_cloned.rs +++ b/creusot/tests/should_succeed/iterators/13_cloned.rs @@ -1,7 +1,7 @@ #![feature(slice_take)] extern crate creusot_contracts; -use creusot_contracts::{invariant::inv, *}; +use creusot_contracts::*; mod common; use common::Iterator; @@ -27,8 +27,8 @@ where #[predicate(prophetic)] fn produces(self, visited: Seq, o: Self) -> bool { pearlite! { - exists> inv(s) - && self.iter.produces(s, o.iter) + exists> + self.iter.produces(s, o.iter) && visited.len() == s.len() && forall 0 <= i && i < s.len() ==> visited[i] == *s[i] } @@ -36,15 +36,11 @@ where #[law] #[open] - #[requires(inv(self))] #[ensures(self.produces(Seq::EMPTY, self))] fn produces_refl(self) {} #[law] #[open] - #[requires(inv(a))] - #[requires(inv(b))] - #[requires(inv(c))] #[requires(a.produces(ab, b))] #[requires(b.produces(bc, c))] #[ensures(a.produces(ab.concat(bc), c))] diff --git a/creusot/tests/should_succeed/iterators/13_cloned/why3session.xml b/creusot/tests/should_succeed/iterators/13_cloned/why3session.xml index 2d9bcfe65..bc7a331e5 100644 --- a/creusot/tests/should_succeed/iterators/13_cloned/why3session.xml +++ b/creusot/tests/should_succeed/iterators/13_cloned/why3session.xml @@ -13,7 +13,7 @@ - + @@ -23,7 +23,7 @@ - + @@ -33,7 +33,7 @@ - + diff --git a/creusot/tests/should_succeed/iterators/13_cloned/why3shapes.gz b/creusot/tests/should_succeed/iterators/13_cloned/why3shapes.gz index b2338d316de2c499bfd6657d45c0331ea9ff740d..26dc45149d804dd6feb76dd3b729e183580b7c8f 100644 GIT binary patch literal 720 zcmV;>0x$g^iwFP!00000|E*I^kJB&^z2{f-R-hM;zm3G9s)&*c9FXQ(O=1Tk+GIBk zi}?4*`Dl~wvJ!$^^7LlrdHiPl=H2GgH)H5vV^NPHhwXmTk}9 z5!vGq5y;XRBoRKP+YuEzstr$N{>IrMZmerlVr zWy3KXfzjdkr9Fo&Lv&*ofG(XuG6CTG1C{Oh;S~CKEd;npEu1KSbX{or7{1ia*Hh@* z20>6&H*^|{=F@=Z|3zHBES~NsCjs&+N|&|+>Ul1Do{L^4a5Q6rMw8B9VIoYNn-2y= z`#3FuO=mFe#c-{=#eiuuOkBY$TJHw%$E#226+N4!icTyH5RdbSMS4ZaozLoZpViW5 zH~XxX$JqTWZgcv8U~fUr_K`6+cR2g_d8S4OuQg*A`F(WOo~9`gOio?6w5O-obkTNQ z`!o3M`TL!+85NX!E;awfP1jytt4Pk5qJiW z0n1!wGn16o8D|_RiammIm1fFt9+Y|2LJ%o CI9uib literal 947 zcmV;k15ErMiwFP!00000|E-oykJ~m7hVS|nzPX7noZ)wY91NoZeQ6H`cr_@AN`!c& zjqPmFe_znj(2_R0K#}<37v#*CeCHYN{`PTm{Suzzb@LK0*KX*4->A*U55*yL{mT|T zgxl$G9{Sj9+4kwH_w3t!hj~_#D3S=5F7&r8dK?3U$CAW606ZT9xaTE_c>wcb3;-`m z5=D5v49)jCUbo<7*zLUX#@pk3S-)D5UU_|-ZemH~6UcPpd1Yg=}CTk4soAN;yTjOO3FH3mYbq97k59mR7kn1MQwq||E zif1MF%glQkUoLX`jbBrzOrJ&XL)h&?s6thTni?NSR3z%-GAAW0mc{~;r}E8-eT$q7 z1|u-oF91Ul81k|5J{U5AF*_G07BsP-6ASa1faz)~4Qf`av6$up(->w|9B$!o`g7>x zmeI8Ea5()vJjE^Z9`dk2o)#G2v83ew5bELS`5bS_W)I>~ZPuCk`{fe*TiU*M{pWMM z4ZQ~y+O7}hF)9DxC&|$8d?);rx;gT@9DZ@K0>EPhVFp0`oX- z*Lcul0r)>D$GKZS&ODvETf8hhOLe;bOT2WqQ`dygF@1T^H9Yux!2VvPx%)hoec%ey zzb46$$s7Lj2h4MBX!zf&lV2ZQ7DX*}gV01>RYBSqr8G?iV63jSuAq;5MWGfIz6-x?rNNTOQk%H!Y|-+RA8z7(~;6;1%0w$CcyKap5?3932P8 VnM3Q)IMfbR@gE}(n($%^008q3(GCCr diff --git a/creusot/tests/should_succeed/iterators/14_copied.coma b/creusot/tests/should_succeed/iterators/14_copied.coma index 2b3e716a5..944e824a2 100644 --- a/creusot/tests/should_succeed/iterators/14_copied.coma +++ b/creusot/tests/should_succeed/iterators/14_copied.coma @@ -1,33 +1,11 @@ -module M_14_copied__qyi6387100604932246480__produces_refl [#"14_copied.rs" 41 4 41 26] (* as common::Iterator> *) - let%span s14_copied0 = "14_copied.rs" 39 15 39 24 - let%span s14_copied1 = "14_copied.rs" 40 14 40 45 - let%span s14_copied2 = "14_copied.rs" 37 4 37 10 - let%span s14_copied3 = "14_copied.rs" 30 12 33 79 - let%span scommon4 = "common.rs" 14 15 14 24 - let%span scommon5 = "common.rs" 15 14 15 45 - let%span scommon6 = "common.rs" 19 15 19 21 - let%span scommon7 = "common.rs" 20 15 20 21 - let%span scommon8 = "common.rs" 21 15 21 21 - let%span scommon9 = "common.rs" 22 15 22 32 - let%span scommon10 = "common.rs" 23 15 23 32 - let%span scommon11 = "common.rs" 24 14 24 42 - let%span sseq12 = "../../../../creusot-contracts/src/logic/seq.rs" 611 20 611 95 - let%span sboxed13 = "../../../../creusot-contracts/src/std/boxed.rs" 28 8 28 18 - let%span sinvariant14 = "../../../../creusot-contracts/src/invariant.rs" 24 8 24 18 - - type t_I'0 - - type t_Copied'0 = - { t_Copied__iter'0: t_I'0 } - - predicate inv'2 (_1 : t_I'0) - - predicate inv'0 (_1 : t_Copied'0) - - axiom inv_axiom'0 [@rewrite] : forall x : t_Copied'0 [inv'0 x] . inv'0 x - = match x with - | {t_Copied__iter'0 = iter} -> inv'2 iter - end +module M_14_copied__qyi6387100604932246480__produces_refl [#"14_copied.rs" 40 4 40 26] (* as common::Iterator> *) + let%span s14_copied0 = "14_copied.rs" 39 14 39 45 + let%span s14_copied1 = "14_copied.rs" 37 4 37 10 + let%span s14_copied2 = "14_copied.rs" 30 12 33 79 + let%span scommon3 = "common.rs" 14 14 14 45 + let%span scommon4 = "common.rs" 18 15 18 32 + let%span scommon5 = "common.rs" 19 15 19 32 + let%span scommon6 = "common.rs" 20 14 20 42 use seq.Seq @@ -35,113 +13,68 @@ module M_14_copied__qyi6387100604932246480__produces_refl [#"14_copied.rs" 41 4 use seq.Seq - use prelude.prelude.Borrow - - use seq.Seq + type t_I'0 - use prelude.prelude.Int + type t_Copied'0 = + { t_Copied__iter'0: t_I'0 } - use seq.Seq + use prelude.prelude.Borrow use seq.Seq - predicate inv'5 (_1 : t_T'0) - - predicate invariant'2 (self : t_T'0) = - [%#sinvariant14] inv'5 self - - predicate inv'4 (_1 : t_T'0) - - axiom inv_axiom'3 [@rewrite] : forall x : t_T'0 [inv'4 x] . inv'4 x = invariant'2 x - - predicate invariant'1 (self : t_T'0) = - [%#sboxed13] inv'4 self - - predicate inv'3 (_1 : t_T'0) - - axiom inv_axiom'2 [@rewrite] : forall x : t_T'0 [inv'3 x] . inv'3 x = invariant'1 x - - predicate invariant'0 (self : Seq.seq t_T'0) = - [%#sseq12] forall i : int . 0 <= i /\ i < Seq.length self -> inv'3 (Seq.get self i) - - predicate inv'1 (_1 : Seq.seq t_T'0) - - axiom inv_axiom'1 [@rewrite] : forall x : Seq.seq t_T'0 [inv'1 x] . inv'1 x = invariant'0 x - use seq.Seq use seq.Seq predicate produces'1 [#"common.rs" 8 4 8 65] (self : t_I'0) (visited : Seq.seq t_T'0) (o : t_I'0) - function produces_trans'0 [#"common.rs" 25 4 25 91] (a : t_I'0) (ab : Seq.seq t_T'0) (b : t_I'0) (bc : Seq.seq t_T'0) (c : t_I'0) : () + function produces_trans'0 [#"common.rs" 21 4 21 91] (a : t_I'0) (ab : Seq.seq t_T'0) (b : t_I'0) (bc : Seq.seq t_T'0) (c : t_I'0) : () - axiom produces_trans'0_spec : forall a : t_I'0, ab : Seq.seq t_T'0, b : t_I'0, bc : Seq.seq t_T'0, c : t_I'0 . ([%#scommon6] inv'2 a) - -> ([%#scommon7] inv'2 b) - -> ([%#scommon8] inv'2 c) - -> ([%#scommon9] produces'1 a ab b) - -> ([%#scommon10] produces'1 b bc c) -> ([%#scommon11] produces'1 a (Seq.(++) ab bc) c) + axiom produces_trans'0_spec : forall a : t_I'0, ab : Seq.seq t_T'0, b : t_I'0, bc : Seq.seq t_T'0, c : t_I'0 . ([%#scommon4] produces'1 a ab b) + -> ([%#scommon5] produces'1 b bc c) -> ([%#scommon6] produces'1 a (Seq.(++) ab bc) c) - function produces_refl'1 [#"common.rs" 16 4 16 27] (self : t_I'0) : () + function produces_refl'1 [#"common.rs" 15 4 15 27] (self : t_I'0) : () - axiom produces_refl'1_spec : forall self : t_I'0 . ([%#scommon4] inv'2 self) - -> ([%#scommon5] produces'1 self (Seq.empty : Seq.seq t_T'0) self) + axiom produces_refl'1_spec : forall self : t_I'0 . [%#scommon3] produces'1 self (Seq.empty : Seq.seq t_T'0) self use seq.Seq use seq.Seq + use prelude.prelude.Int + + use seq.Seq + use seq.Seq predicate produces'0 [#"14_copied.rs" 28 4 28 64] (self : t_Copied'0) (visited : Seq.seq t_T'0) (o : t_Copied'0) = - [%#s14_copied3] exists s : Seq.seq t_T'0 . inv'1 s - /\ produces'1 self.t_Copied__iter'0 s o.t_Copied__iter'0 + [%#s14_copied2] exists s : Seq.seq t_T'0 . produces'1 self.t_Copied__iter'0 s o.t_Copied__iter'0 /\ Seq.length visited = Seq.length s /\ (forall i : int . 0 <= i /\ i < Seq.length s -> Seq.get visited i = Seq.get s i) constant self : t_Copied'0 - function produces_refl'0 [#"14_copied.rs" 41 4 41 26] (self : t_Copied'0) : () + function produces_refl'0 [#"14_copied.rs" 40 4 40 26] (self : t_Copied'0) : () - goal vc_produces_refl'0 : ([%#s14_copied0] inv'0 self) - -> ([%#s14_copied1] produces'0 self (Seq.empty : Seq.seq t_T'0) self) + goal vc_produces_refl'0 : [%#s14_copied0] produces'0 self (Seq.empty : Seq.seq t_T'0) self end -module M_14_copied__qyi6387100604932246480__produces_trans [#"14_copied.rs" 51 4 51 90] (* as common::Iterator> *) - let%span s14_copied0 = "14_copied.rs" 45 15 45 21 - let%span s14_copied1 = "14_copied.rs" 46 15 46 21 - let%span s14_copied2 = "14_copied.rs" 47 15 47 21 - let%span s14_copied3 = "14_copied.rs" 48 15 48 32 - let%span s14_copied4 = "14_copied.rs" 49 15 49 32 - let%span s14_copied5 = "14_copied.rs" 50 14 50 42 - let%span s14_copied6 = "14_copied.rs" 43 4 43 10 - let%span s14_copied7 = "14_copied.rs" 30 12 33 79 - let%span scommon8 = "common.rs" 14 15 14 24 - let%span scommon9 = "common.rs" 15 14 15 45 - let%span scommon10 = "common.rs" 19 15 19 21 - let%span scommon11 = "common.rs" 20 15 20 21 - let%span scommon12 = "common.rs" 21 15 21 21 - let%span scommon13 = "common.rs" 22 15 22 32 - let%span scommon14 = "common.rs" 23 15 23 32 - let%span scommon15 = "common.rs" 24 14 24 42 - let%span sseq16 = "../../../../creusot-contracts/src/logic/seq.rs" 611 20 611 95 - let%span sboxed17 = "../../../../creusot-contracts/src/std/boxed.rs" 28 8 28 18 - let%span sinvariant18 = "../../../../creusot-contracts/src/invariant.rs" 24 8 24 18 +module M_14_copied__qyi6387100604932246480__produces_trans [#"14_copied.rs" 47 4 47 90] (* as common::Iterator> *) + let%span s14_copied0 = "14_copied.rs" 44 15 44 32 + let%span s14_copied1 = "14_copied.rs" 45 15 45 32 + let%span s14_copied2 = "14_copied.rs" 46 14 46 42 + let%span s14_copied3 = "14_copied.rs" 42 4 42 10 + let%span s14_copied4 = "14_copied.rs" 30 12 33 79 + let%span scommon5 = "common.rs" 14 14 14 45 + let%span scommon6 = "common.rs" 18 15 18 32 + let%span scommon7 = "common.rs" 19 15 19 32 + let%span scommon8 = "common.rs" 20 14 20 42 type t_I'0 type t_Copied'0 = { t_Copied__iter'0: t_I'0 } - predicate inv'2 (_1 : t_I'0) - - predicate inv'0 (_1 : t_Copied'0) - - axiom inv_axiom'0 [@rewrite] : forall x : t_Copied'0 [inv'0 x] . inv'0 x - = match x with - | {t_Copied__iter'0 = iter} -> inv'2 iter - end - type t_T'0 use seq.Seq @@ -150,64 +83,34 @@ module M_14_copied__qyi6387100604932246480__produces_trans [#"14_copied.rs" 51 4 use seq.Seq - use prelude.prelude.Int - use seq.Seq use seq.Seq - predicate inv'5 (_1 : t_T'0) - - predicate invariant'2 (self : t_T'0) = - [%#sinvariant18] inv'5 self - - predicate inv'4 (_1 : t_T'0) - - axiom inv_axiom'3 [@rewrite] : forall x : t_T'0 [inv'4 x] . inv'4 x = invariant'2 x - - predicate invariant'1 (self : t_T'0) = - [%#sboxed17] inv'4 self - - predicate inv'3 (_1 : t_T'0) + predicate produces'1 [#"common.rs" 8 4 8 65] (self : t_I'0) (visited : Seq.seq t_T'0) (o : t_I'0) - axiom inv_axiom'2 [@rewrite] : forall x : t_T'0 [inv'3 x] . inv'3 x = invariant'1 x + function produces_trans'1 [#"common.rs" 21 4 21 91] (a : t_I'0) (ab : Seq.seq t_T'0) (b : t_I'0) (bc : Seq.seq t_T'0) (c : t_I'0) : () + - predicate invariant'0 (self : Seq.seq t_T'0) = - [%#sseq16] forall i : int . 0 <= i /\ i < Seq.length self -> inv'3 (Seq.get self i) + axiom produces_trans'1_spec : forall a : t_I'0, ab : Seq.seq t_T'0, b : t_I'0, bc : Seq.seq t_T'0, c : t_I'0 . ([%#scommon6] produces'1 a ab b) + -> ([%#scommon7] produces'1 b bc c) -> ([%#scommon8] produces'1 a (Seq.(++) ab bc) c) - predicate inv'1 (_1 : Seq.seq t_T'0) + function produces_refl'0 [#"common.rs" 15 4 15 27] (self : t_I'0) : () - axiom inv_axiom'1 [@rewrite] : forall x : Seq.seq t_T'0 [inv'1 x] . inv'1 x = invariant'0 x + axiom produces_refl'0_spec : forall self : t_I'0 . [%#scommon5] produces'1 self (Seq.empty : Seq.seq t_T'0) self use seq.Seq use seq.Seq - predicate produces'1 [#"common.rs" 8 4 8 65] (self : t_I'0) (visited : Seq.seq t_T'0) (o : t_I'0) - - function produces_trans'1 [#"common.rs" 25 4 25 91] (a : t_I'0) (ab : Seq.seq t_T'0) (b : t_I'0) (bc : Seq.seq t_T'0) (c : t_I'0) : () - - - axiom produces_trans'1_spec : forall a : t_I'0, ab : Seq.seq t_T'0, b : t_I'0, bc : Seq.seq t_T'0, c : t_I'0 . ([%#scommon10] inv'2 a) - -> ([%#scommon11] inv'2 b) - -> ([%#scommon12] inv'2 c) - -> ([%#scommon13] produces'1 a ab b) - -> ([%#scommon14] produces'1 b bc c) -> ([%#scommon15] produces'1 a (Seq.(++) ab bc) c) - - function produces_refl'0 [#"common.rs" 16 4 16 27] (self : t_I'0) : () - - axiom produces_refl'0_spec : forall self : t_I'0 . ([%#scommon8] inv'2 self) - -> ([%#scommon9] produces'1 self (Seq.empty : Seq.seq t_T'0) self) - - use seq.Seq + use prelude.prelude.Int use seq.Seq use seq.Seq predicate produces'0 [#"14_copied.rs" 28 4 28 64] (self : t_Copied'0) (visited : Seq.seq t_T'0) (o : t_Copied'0) = - [%#s14_copied7] exists s : Seq.seq t_T'0 . inv'1 s - /\ produces'1 self.t_Copied__iter'0 s o.t_Copied__iter'0 + [%#s14_copied4] exists s : Seq.seq t_T'0 . produces'1 self.t_Copied__iter'0 s o.t_Copied__iter'0 /\ Seq.length visited = Seq.length s /\ (forall i : int . 0 <= i /\ i < Seq.length s -> Seq.get visited i = Seq.get s i) @@ -223,37 +126,29 @@ module M_14_copied__qyi6387100604932246480__produces_trans [#"14_copied.rs" 51 4 constant c : t_Copied'0 - function produces_trans'0 [#"14_copied.rs" 51 4 51 90] (a : t_Copied'0) (ab : Seq.seq t_T'0) (b : t_Copied'0) (bc : Seq.seq t_T'0) (c : t_Copied'0) : () + function produces_trans'0 [#"14_copied.rs" 47 4 47 90] (a : t_Copied'0) (ab : Seq.seq t_T'0) (b : t_Copied'0) (bc : Seq.seq t_T'0) (c : t_Copied'0) : () - goal vc_produces_trans'0 : ([%#s14_copied4] produces'0 b bc c) - -> ([%#s14_copied3] produces'0 a ab b) - -> ([%#s14_copied2] inv'0 c) - -> ([%#s14_copied1] inv'0 b) -> ([%#s14_copied0] inv'0 a) -> ([%#s14_copied5] produces'0 a (Seq.(++) ab bc) c) + goal vc_produces_trans'0 : ([%#s14_copied1] produces'0 b bc c) + -> ([%#s14_copied0] produces'0 a ab b) -> ([%#s14_copied2] produces'0 a (Seq.(++) ab bc) c) end -module M_14_copied__qyi6387100604932246480__next [#"14_copied.rs" 57 4 57 35] (* as common::Iterator> *) - let%span s14_copied0 = "14_copied.rs" 57 17 57 21 - let%span s14_copied1 = "14_copied.rs" 57 26 57 35 - let%span s14_copied2 = "14_copied.rs" 53 14 56 5 - let%span scommon3 = "common.rs" 31 17 31 21 - let%span scommon4 = "common.rs" 31 26 31 44 - let%span scommon5 = "common.rs" 27 14 30 5 +module M_14_copied__qyi6387100604932246480__next [#"14_copied.rs" 53 4 53 35] (* as common::Iterator> *) + let%span s14_copied0 = "14_copied.rs" 53 17 53 21 + let%span s14_copied1 = "14_copied.rs" 53 26 53 35 + let%span s14_copied2 = "14_copied.rs" 49 14 52 5 + let%span scommon3 = "common.rs" 27 17 27 21 + let%span scommon4 = "common.rs" 27 26 27 44 + let%span scommon5 = "common.rs" 23 14 26 5 let%span soption6 = "../../../../creusot-contracts/src/std/option.rs" 31 0 423 1 let%span s14_copied7 = "14_copied.rs" 23 8 23 43 let%span s14_copied8 = "14_copied.rs" 30 12 33 79 - let%span scommon9 = "common.rs" 14 15 14 24 - let%span scommon10 = "common.rs" 15 14 15 45 - let%span scommon11 = "common.rs" 19 15 19 21 - let%span scommon12 = "common.rs" 20 15 20 21 - let%span scommon13 = "common.rs" 21 15 21 21 - let%span scommon14 = "common.rs" 22 15 22 32 - let%span scommon15 = "common.rs" 23 15 23 32 - let%span scommon16 = "common.rs" 24 14 24 42 - let%span sresolve17 = "../../../../creusot-contracts/src/resolve.rs" 54 20 54 34 - let%span sinvariant18 = "../../../../creusot-contracts/src/invariant.rs" 34 20 34 44 - let%span sseq19 = "../../../../creusot-contracts/src/logic/seq.rs" 611 20 611 95 - let%span sinvariant20 = "../../../../creusot-contracts/src/invariant.rs" 24 8 24 18 - let%span sboxed21 = "../../../../creusot-contracts/src/std/boxed.rs" 28 8 28 18 + let%span scommon9 = "common.rs" 14 14 14 45 + let%span scommon10 = "common.rs" 18 15 18 32 + let%span scommon11 = "common.rs" 19 15 19 32 + let%span scommon12 = "common.rs" 20 14 20 42 + let%span sresolve13 = "../../../../creusot-contracts/src/resolve.rs" 54 20 54 34 + let%span sinvariant14 = "../../../../creusot-contracts/src/invariant.rs" 34 20 34 44 + let%span sinvariant15 = "../../../../creusot-contracts/src/invariant.rs" 24 8 24 18 use prelude.prelude.Borrow @@ -274,22 +169,18 @@ module M_14_copied__qyi6387100604932246480__next [#"14_copied.rs" 57 4 57 35] (* predicate produces'1 [#"common.rs" 8 4 8 65] (self : t_I'0) (visited : Seq.seq t_T'0) (o : t_I'0) - function produces_trans'0 [#"common.rs" 25 4 25 91] (a : t_I'0) (ab : Seq.seq t_T'0) (b : t_I'0) (bc : Seq.seq t_T'0) (c : t_I'0) : () + function produces_trans'0 [#"common.rs" 21 4 21 91] (a : t_I'0) (ab : Seq.seq t_T'0) (b : t_I'0) (bc : Seq.seq t_T'0) (c : t_I'0) : () - axiom produces_trans'0_spec : forall a : t_I'0, ab : Seq.seq t_T'0, b : t_I'0, bc : Seq.seq t_T'0, c : t_I'0 . ([%#scommon11] inv'0 a) - -> ([%#scommon12] inv'0 b) - -> ([%#scommon13] inv'0 c) - -> ([%#scommon14] produces'1 a ab b) - -> ([%#scommon15] produces'1 b bc c) -> ([%#scommon16] produces'1 a (Seq.(++) ab bc) c) + axiom produces_trans'0_spec : forall a : t_I'0, ab : Seq.seq t_T'0, b : t_I'0, bc : Seq.seq t_T'0, c : t_I'0 . ([%#scommon10] produces'1 a ab b) + -> ([%#scommon11] produces'1 b bc c) -> ([%#scommon12] produces'1 a (Seq.(++) ab bc) c) - function produces_refl'0 [#"common.rs" 16 4 16 27] (self : t_I'0) : () + function produces_refl'0 [#"common.rs" 15 4 15 27] (self : t_I'0) : () - axiom produces_refl'0_spec : forall self : t_I'0 . ([%#scommon9] inv'0 self) - -> ([%#scommon10] produces'1 self (Seq.empty : Seq.seq t_T'0) self) + axiom produces_refl'0_spec : forall self : t_I'0 . [%#scommon9] produces'1 self (Seq.empty : Seq.seq t_T'0) self predicate invariant'1 (self : borrowed t_I'0) = - [%#sinvariant18] inv'0 self.current /\ inv'0 self.final + [%#sinvariant14] inv'0 self.current /\ inv'0 self.final predicate inv'3 (_1 : borrowed t_I'0) @@ -299,21 +190,21 @@ module M_14_copied__qyi6387100604932246480__next [#"14_copied.rs" 57 4 57 35] (* | C_None'1 | C_Some'1 t_T'0 - predicate inv'6 (_1 : t_T'0) + predicate inv'5 (_1 : t_T'0) - predicate invariant'3 (self : t_T'0) = - [%#sinvariant20] inv'6 self + predicate invariant'2 (self : t_T'0) = + [%#sinvariant15] inv'5 self - predicate inv'7 (_1 : t_T'0) + predicate inv'6 (_1 : t_T'0) - axiom inv_axiom'5 [@rewrite] : forall x : t_T'0 [inv'7 x] . inv'7 x = invariant'3 x + axiom inv_axiom'4 [@rewrite] : forall x : t_T'0 [inv'6 x] . inv'6 x = invariant'2 x predicate inv'4 (_1 : t_Option'0) axiom inv_axiom'3 [@rewrite] : forall x : t_Option'0 [inv'4 x] . inv'4 x = match x with | C_None'1 -> true - | C_Some'1 a_0 -> inv'7 a_0 + | C_Some'1 a_0 -> inv'6 a_0 end predicate completed'1 [#"common.rs" 11 4 11 36] (self : borrowed t_I'0) @@ -330,22 +221,22 @@ module M_14_copied__qyi6387100604932246480__next [#"14_copied.rs" 57 4 57 35] (* (! return' {result}) ] - predicate inv'8 (_1 : t_Copied'0) + predicate inv'7 (_1 : t_Copied'0) - axiom inv_axiom'6 [@rewrite] : forall x : t_Copied'0 [inv'8 x] . inv'8 x + axiom inv_axiom'5 [@rewrite] : forall x : t_Copied'0 [inv'7 x] . inv'7 x = match x with | {t_Copied__iter'0 = iter} -> inv'0 iter end predicate invariant'0 (self : borrowed (t_Copied'0)) = - [%#sinvariant18] inv'8 self.current /\ inv'8 self.final + [%#sinvariant14] inv'7 self.current /\ inv'7 self.final predicate inv'1 (_1 : borrowed (t_Copied'0)) axiom inv_axiom'0 [@rewrite] : forall x : borrowed (t_Copied'0) [inv'1 x] . inv'1 x = invariant'0 x predicate resolve'1 (self : borrowed (t_Copied'0)) = - [%#sresolve17] self.final = self.current + [%#sresolve13] self.final = self.current predicate resolve'0 (_1 : borrowed (t_Copied'0)) = resolve'1 _1 @@ -359,7 +250,7 @@ module M_14_copied__qyi6387100604932246480__next [#"14_copied.rs" 57 4 57 35] (* axiom inv_axiom'1 [@rewrite] : forall x : t_Option'1 [inv'2 x] . inv'2 x = match x with | C_None'0 -> true - | C_Some'0 a_0 -> inv'6 a_0 + | C_Some'0 a_0 -> inv'5 a_0 end let rec copied'0 (self:t_Option'0) (return' (ret:t_Option'1))= {[@expl:copied 'self' type invariant] inv'4 self} @@ -379,35 +270,18 @@ module M_14_copied__qyi6387100604932246480__next [#"14_copied.rs" 57 4 57 35] (* use seq.Seq - use prelude.prelude.Int - use seq.Seq use seq.Seq - predicate invariant'4 (self : t_T'0) = - [%#sboxed21] inv'7 self - - predicate inv'9 (_1 : t_T'0) - - axiom inv_axiom'7 [@rewrite] : forall x : t_T'0 [inv'9 x] . inv'9 x = invariant'4 x - - predicate invariant'2 (self : Seq.seq t_T'0) = - [%#sseq19] forall i : int . 0 <= i /\ i < Seq.length self -> inv'9 (Seq.get self i) - - predicate inv'5 (_1 : Seq.seq t_T'0) - - axiom inv_axiom'4 [@rewrite] : forall x : Seq.seq t_T'0 [inv'5 x] . inv'5 x = invariant'2 x - - use seq.Seq + use prelude.prelude.Int use seq.Seq use seq.Seq predicate produces'0 [#"14_copied.rs" 28 4 28 64] (self : t_Copied'0) (visited : Seq.seq t_T'0) (o : t_Copied'0) = - [%#s14_copied8] exists s : Seq.seq t_T'0 . inv'5 s - /\ produces'1 self.t_Copied__iter'0 s o.t_Copied__iter'0 + [%#s14_copied8] exists s : Seq.seq t_T'0 . produces'1 self.t_Copied__iter'0 s o.t_Copied__iter'0 /\ Seq.length visited = Seq.length s /\ (forall i : int . 0 <= i /\ i < Seq.length s -> Seq.get visited i = Seq.get s i) @@ -447,20 +321,13 @@ module M_14_copied__qyi6387100604932246480__next [#"14_copied.rs" 57 4 57 35] (* (! return' {result}) ] end -module M_14_copied__qyi6387100604932246480__produces_trans__refines [#"14_copied.rs" 51 4 51 90] (* as common::Iterator> *) - let%span s14_copied0 = "14_copied.rs" 51 4 51 90 +module M_14_copied__qyi6387100604932246480__produces_trans__refines [#"14_copied.rs" 47 4 47 90] (* as common::Iterator> *) + let%span s14_copied0 = "14_copied.rs" 47 4 47 90 let%span s14_copied1 = "14_copied.rs" 30 12 33 79 - let%span scommon2 = "common.rs" 14 15 14 24 - let%span scommon3 = "common.rs" 15 14 15 45 - let%span scommon4 = "common.rs" 19 15 19 21 - let%span scommon5 = "common.rs" 20 15 20 21 - let%span scommon6 = "common.rs" 21 15 21 21 - let%span scommon7 = "common.rs" 22 15 22 32 - let%span scommon8 = "common.rs" 23 15 23 32 - let%span scommon9 = "common.rs" 24 14 24 42 - let%span sseq10 = "../../../../creusot-contracts/src/logic/seq.rs" 611 20 611 95 - let%span sboxed11 = "../../../../creusot-contracts/src/std/boxed.rs" 28 8 28 18 - let%span sinvariant12 = "../../../../creusot-contracts/src/invariant.rs" 24 8 24 18 + let%span scommon2 = "common.rs" 14 14 14 45 + let%span scommon3 = "common.rs" 18 15 18 32 + let%span scommon4 = "common.rs" 19 15 19 32 + let%span scommon5 = "common.rs" 20 14 20 42 type t_I'0 @@ -475,101 +342,53 @@ module M_14_copied__qyi6387100604932246480__produces_trans__refines [#"14_copied use seq.Seq - use prelude.prelude.Int - use seq.Seq use seq.Seq - predicate inv'5 (_1 : t_T'0) - - predicate invariant'2 (self : t_T'0) = - [%#sinvariant12] inv'5 self - - predicate inv'4 (_1 : t_T'0) - - axiom inv_axiom'3 [@rewrite] : forall x : t_T'0 [inv'4 x] . inv'4 x = invariant'2 x - - predicate invariant'1 (self : t_T'0) = - [%#sboxed11] inv'4 self - - predicate inv'3 (_1 : t_T'0) - - axiom inv_axiom'2 [@rewrite] : forall x : t_T'0 [inv'3 x] . inv'3 x = invariant'1 x + predicate produces'1 [#"common.rs" 8 4 8 65] (self : t_I'0) (visited : Seq.seq t_T'0) (o : t_I'0) - predicate invariant'0 (self : Seq.seq t_T'0) = - [%#sseq10] forall i : int . 0 <= i /\ i < Seq.length self -> inv'3 (Seq.get self i) + function produces_trans'1 [#"common.rs" 21 4 21 91] (a : t_I'0) (ab : Seq.seq t_T'0) (b : t_I'0) (bc : Seq.seq t_T'0) (c : t_I'0) : () + - predicate inv'1 (_1 : Seq.seq t_T'0) + axiom produces_trans'1_spec : forall a : t_I'0, ab : Seq.seq t_T'0, b : t_I'0, bc : Seq.seq t_T'0, c : t_I'0 . ([%#scommon3] produces'1 a ab b) + -> ([%#scommon4] produces'1 b bc c) -> ([%#scommon5] produces'1 a (Seq.(++) ab bc) c) - axiom inv_axiom'1 [@rewrite] : forall x : Seq.seq t_T'0 [inv'1 x] . inv'1 x = invariant'0 x + function produces_refl'0 [#"common.rs" 15 4 15 27] (self : t_I'0) : () - predicate inv'2 (_1 : t_I'0) + axiom produces_refl'0_spec : forall self : t_I'0 . [%#scommon2] produces'1 self (Seq.empty : Seq.seq t_T'0) self use seq.Seq use seq.Seq - predicate produces'1 [#"common.rs" 8 4 8 65] (self : t_I'0) (visited : Seq.seq t_T'0) (o : t_I'0) - - function produces_trans'1 [#"common.rs" 25 4 25 91] (a : t_I'0) (ab : Seq.seq t_T'0) (b : t_I'0) (bc : Seq.seq t_T'0) (c : t_I'0) : () - - - axiom produces_trans'1_spec : forall a : t_I'0, ab : Seq.seq t_T'0, b : t_I'0, bc : Seq.seq t_T'0, c : t_I'0 . ([%#scommon4] inv'2 a) - -> ([%#scommon5] inv'2 b) - -> ([%#scommon6] inv'2 c) - -> ([%#scommon7] produces'1 a ab b) - -> ([%#scommon8] produces'1 b bc c) -> ([%#scommon9] produces'1 a (Seq.(++) ab bc) c) - - function produces_refl'0 [#"common.rs" 16 4 16 27] (self : t_I'0) : () - - axiom produces_refl'0_spec : forall self : t_I'0 . ([%#scommon2] inv'2 self) - -> ([%#scommon3] produces'1 self (Seq.empty : Seq.seq t_T'0) self) - - use seq.Seq + use prelude.prelude.Int use seq.Seq use seq.Seq predicate produces'0 [#"14_copied.rs" 28 4 28 64] (self : t_Copied'0) (visited : Seq.seq t_T'0) (o : t_Copied'0) = - [%#s14_copied1] exists s : Seq.seq t_T'0 . inv'1 s - /\ produces'1 self.t_Copied__iter'0 s o.t_Copied__iter'0 + [%#s14_copied1] exists s : Seq.seq t_T'0 . produces'1 self.t_Copied__iter'0 s o.t_Copied__iter'0 /\ Seq.length visited = Seq.length s /\ (forall i : int . 0 <= i /\ i < Seq.length s -> Seq.get visited i = Seq.get s i) - predicate inv'0 (_1 : t_Copied'0) - - axiom inv_axiom'0 [@rewrite] : forall x : t_Copied'0 [inv'0 x] . inv'0 x - = match x with - | {t_Copied__iter'0 = iter} -> inv'2 iter - end - use seq.Seq goal refines : [%#s14_copied0] forall a : t_Copied'0 . forall ab : Seq.seq t_T'0 . forall b : t_Copied'0 . forall bc : Seq.seq t_T'0 . forall c : t_Copied'0 . produces'0 b bc c - /\ produces'0 a ab b /\ inv'0 c /\ inv'0 b /\ inv'0 a - -> produces'0 b bc c /\ produces'0 a ab b - /\ inv'0 c - /\ inv'0 b /\ inv'0 a /\ (forall result : () . produces'0 a (Seq.(++) ab bc) c -> produces'0 a (Seq.(++) ab bc) c) + -> produces'0 b bc c + /\ produces'0 a ab b /\ (forall result : () . produces'0 a (Seq.(++) ab bc) c -> produces'0 a (Seq.(++) ab bc) c) end -module M_14_copied__qyi6387100604932246480__next__refines [#"14_copied.rs" 57 4 57 35] (* as common::Iterator> *) - let%span s14_copied0 = "14_copied.rs" 57 4 57 35 +module M_14_copied__qyi6387100604932246480__next__refines [#"14_copied.rs" 53 4 53 35] (* as common::Iterator> *) + let%span s14_copied0 = "14_copied.rs" 53 4 53 35 let%span s14_copied1 = "14_copied.rs" 23 8 23 43 let%span s14_copied2 = "14_copied.rs" 30 12 33 79 let%span sinvariant3 = "../../../../creusot-contracts/src/invariant.rs" 34 20 34 44 - let%span scommon4 = "common.rs" 14 15 14 24 - let%span scommon5 = "common.rs" 15 14 15 45 - let%span scommon6 = "common.rs" 19 15 19 21 - let%span scommon7 = "common.rs" 20 15 20 21 - let%span scommon8 = "common.rs" 21 15 21 21 - let%span scommon9 = "common.rs" 22 15 22 32 - let%span scommon10 = "common.rs" 23 15 23 32 - let%span scommon11 = "common.rs" 24 14 24 42 - let%span sseq12 = "../../../../creusot-contracts/src/logic/seq.rs" 611 20 611 95 - let%span sboxed13 = "../../../../creusot-contracts/src/std/boxed.rs" 28 8 28 18 - let%span sinvariant14 = "../../../../creusot-contracts/src/invariant.rs" 24 8 24 18 + let%span scommon4 = "common.rs" 14 14 14 45 + let%span scommon5 = "common.rs" 18 15 18 32 + let%span scommon6 = "common.rs" 19 15 19 32 + let%span scommon7 = "common.rs" 20 14 20 42 use prelude.prelude.Borrow @@ -578,17 +397,17 @@ module M_14_copied__qyi6387100604932246480__next__refines [#"14_copied.rs" 57 4 type t_Copied'0 = { t_Copied__iter'0: t_I'0 } - predicate inv'5 (_1 : t_I'0) + predicate inv'4 (_1 : t_I'0) - predicate inv'4 (_1 : t_Copied'0) + predicate inv'3 (_1 : t_Copied'0) - axiom inv_axiom'3 [@rewrite] : forall x : t_Copied'0 [inv'4 x] . inv'4 x + axiom inv_axiom'2 [@rewrite] : forall x : t_Copied'0 [inv'3 x] . inv'3 x = match x with - | {t_Copied__iter'0 = iter} -> inv'5 iter + | {t_Copied__iter'0 = iter} -> inv'4 iter end predicate invariant'0 (self : borrowed (t_Copied'0)) = - [%#sinvariant3] inv'4 self.current /\ inv'4 self.final + [%#sinvariant3] inv'3 self.current /\ inv'3 self.final predicate inv'0 (_1 : borrowed (t_Copied'0)) @@ -608,19 +427,15 @@ module M_14_copied__qyi6387100604932246480__next__refines [#"14_copied.rs" 57 4 predicate produces'1 [#"common.rs" 8 4 8 65] (self : t_I'0) (visited : Seq.seq t_T'0) (o : t_I'0) - function produces_trans'0 [#"common.rs" 25 4 25 91] (a : t_I'0) (ab : Seq.seq t_T'0) (b : t_I'0) (bc : Seq.seq t_T'0) (c : t_I'0) : () + function produces_trans'0 [#"common.rs" 21 4 21 91] (a : t_I'0) (ab : Seq.seq t_T'0) (b : t_I'0) (bc : Seq.seq t_T'0) (c : t_I'0) : () - axiom produces_trans'0_spec : forall a : t_I'0, ab : Seq.seq t_T'0, b : t_I'0, bc : Seq.seq t_T'0, c : t_I'0 . ([%#scommon6] inv'5 a) - -> ([%#scommon7] inv'5 b) - -> ([%#scommon8] inv'5 c) - -> ([%#scommon9] produces'1 a ab b) - -> ([%#scommon10] produces'1 b bc c) -> ([%#scommon11] produces'1 a (Seq.(++) ab bc) c) + axiom produces_trans'0_spec : forall a : t_I'0, ab : Seq.seq t_T'0, b : t_I'0, bc : Seq.seq t_T'0, c : t_I'0 . ([%#scommon5] produces'1 a ab b) + -> ([%#scommon6] produces'1 b bc c) -> ([%#scommon7] produces'1 a (Seq.(++) ab bc) c) - function produces_refl'0 [#"common.rs" 16 4 16 27] (self : t_I'0) : () + function produces_refl'0 [#"common.rs" 15 4 15 27] (self : t_I'0) : () - axiom produces_refl'0_spec : forall self : t_I'0 . ([%#scommon4] inv'5 self) - -> ([%#scommon5] produces'1 self (Seq.empty : Seq.seq t_T'0) self) + axiom produces_refl'0_spec : forall self : t_I'0 . [%#scommon4] produces'1 self (Seq.empty : Seq.seq t_T'0) self predicate completed'1 [#"common.rs" 11 4 11 36] (self : borrowed t_I'0) @@ -631,53 +446,29 @@ module M_14_copied__qyi6387100604932246480__next__refines [#"14_copied.rs" 57 4 use seq.Seq - use prelude.prelude.Int - use seq.Seq use seq.Seq - predicate inv'3 (_1 : t_T'0) - - predicate invariant'3 (self : t_T'0) = - [%#sinvariant14] inv'3 self - - predicate inv'7 (_1 : t_T'0) - - axiom inv_axiom'5 [@rewrite] : forall x : t_T'0 [inv'7 x] . inv'7 x = invariant'3 x - - predicate invariant'2 (self : t_T'0) = - [%#sboxed13] inv'7 self - - predicate inv'6 (_1 : t_T'0) - - axiom inv_axiom'4 [@rewrite] : forall x : t_T'0 [inv'6 x] . inv'6 x = invariant'2 x - - predicate invariant'1 (self : Seq.seq t_T'0) = - [%#sseq12] forall i : int . 0 <= i /\ i < Seq.length self -> inv'6 (Seq.get self i) - - predicate inv'2 (_1 : Seq.seq t_T'0) - - axiom inv_axiom'2 [@rewrite] : forall x : Seq.seq t_T'0 [inv'2 x] . inv'2 x = invariant'1 x - - use seq.Seq + use prelude.prelude.Int use seq.Seq use seq.Seq predicate produces'0 [#"14_copied.rs" 28 4 28 64] (self : t_Copied'0) (visited : Seq.seq t_T'0) (o : t_Copied'0) = - [%#s14_copied2] exists s : Seq.seq t_T'0 . inv'2 s - /\ produces'1 self.t_Copied__iter'0 s o.t_Copied__iter'0 + [%#s14_copied2] exists s : Seq.seq t_T'0 . produces'1 self.t_Copied__iter'0 s o.t_Copied__iter'0 /\ Seq.length visited = Seq.length s /\ (forall i : int . 0 <= i /\ i < Seq.length s -> Seq.get visited i = Seq.get s i) + predicate inv'2 (_1 : t_T'0) + predicate inv'1 (_1 : t_Option'0) axiom inv_axiom'1 [@rewrite] : forall x : t_Option'0 [inv'1 x] . inv'1 x = match x with | C_None'0 -> true - | C_Some'0 a_0 -> inv'3 a_0 + | C_Some'0 a_0 -> inv'2 a_0 end goal refines : [%#s14_copied0] forall self : borrowed (t_Copied'0) . inv'0 self @@ -693,35 +484,19 @@ module M_14_copied__qyi6387100604932246480__next__refines [#"14_copied.rs" 57 4 end /\ inv'1 result) end -module M_14_copied__qyi6387100604932246480__produces_refl__refines [#"14_copied.rs" 41 4 41 26] (* as common::Iterator> *) - let%span s14_copied0 = "14_copied.rs" 41 4 41 26 +module M_14_copied__qyi6387100604932246480__produces_refl__refines [#"14_copied.rs" 40 4 40 26] (* as common::Iterator> *) + let%span s14_copied0 = "14_copied.rs" 40 4 40 26 let%span s14_copied1 = "14_copied.rs" 30 12 33 79 - let%span scommon2 = "common.rs" 14 15 14 24 - let%span scommon3 = "common.rs" 15 14 15 45 - let%span scommon4 = "common.rs" 19 15 19 21 - let%span scommon5 = "common.rs" 20 15 20 21 - let%span scommon6 = "common.rs" 21 15 21 21 - let%span scommon7 = "common.rs" 22 15 22 32 - let%span scommon8 = "common.rs" 23 15 23 32 - let%span scommon9 = "common.rs" 24 14 24 42 - let%span sseq10 = "../../../../creusot-contracts/src/logic/seq.rs" 611 20 611 95 - let%span sboxed11 = "../../../../creusot-contracts/src/std/boxed.rs" 28 8 28 18 - let%span sinvariant12 = "../../../../creusot-contracts/src/invariant.rs" 24 8 24 18 + let%span scommon2 = "common.rs" 14 14 14 45 + let%span scommon3 = "common.rs" 18 15 18 32 + let%span scommon4 = "common.rs" 19 15 19 32 + let%span scommon5 = "common.rs" 20 14 20 42 type t_I'0 type t_Copied'0 = { t_Copied__iter'0: t_I'0 } - predicate inv'2 (_1 : t_I'0) - - predicate inv'0 (_1 : t_Copied'0) - - axiom inv_axiom'0 [@rewrite] : forall x : t_Copied'0 [inv'0 x] . inv'0 x - = match x with - | {t_Copied__iter'0 = iter} -> inv'2 iter - end - use seq.Seq type t_T'0 @@ -732,69 +507,37 @@ module M_14_copied__qyi6387100604932246480__produces_refl__refines [#"14_copied. use seq.Seq - use prelude.prelude.Int - use seq.Seq use seq.Seq - predicate inv'5 (_1 : t_T'0) - - predicate invariant'2 (self : t_T'0) = - [%#sinvariant12] inv'5 self - - predicate inv'4 (_1 : t_T'0) - - axiom inv_axiom'3 [@rewrite] : forall x : t_T'0 [inv'4 x] . inv'4 x = invariant'2 x - - predicate invariant'1 (self : t_T'0) = - [%#sboxed11] inv'4 self - - predicate inv'3 (_1 : t_T'0) + predicate produces'1 [#"common.rs" 8 4 8 65] (self : t_I'0) (visited : Seq.seq t_T'0) (o : t_I'0) - axiom inv_axiom'2 [@rewrite] : forall x : t_T'0 [inv'3 x] . inv'3 x = invariant'1 x + function produces_trans'0 [#"common.rs" 21 4 21 91] (a : t_I'0) (ab : Seq.seq t_T'0) (b : t_I'0) (bc : Seq.seq t_T'0) (c : t_I'0) : () + - predicate invariant'0 (self : Seq.seq t_T'0) = - [%#sseq10] forall i : int . 0 <= i /\ i < Seq.length self -> inv'3 (Seq.get self i) + axiom produces_trans'0_spec : forall a : t_I'0, ab : Seq.seq t_T'0, b : t_I'0, bc : Seq.seq t_T'0, c : t_I'0 . ([%#scommon3] produces'1 a ab b) + -> ([%#scommon4] produces'1 b bc c) -> ([%#scommon5] produces'1 a (Seq.(++) ab bc) c) - predicate inv'1 (_1 : Seq.seq t_T'0) + function produces_refl'1 [#"common.rs" 15 4 15 27] (self : t_I'0) : () - axiom inv_axiom'1 [@rewrite] : forall x : Seq.seq t_T'0 [inv'1 x] . inv'1 x = invariant'0 x + axiom produces_refl'1_spec : forall self : t_I'0 . [%#scommon2] produces'1 self (Seq.empty : Seq.seq t_T'0) self use seq.Seq use seq.Seq - predicate produces'1 [#"common.rs" 8 4 8 65] (self : t_I'0) (visited : Seq.seq t_T'0) (o : t_I'0) - - function produces_trans'0 [#"common.rs" 25 4 25 91] (a : t_I'0) (ab : Seq.seq t_T'0) (b : t_I'0) (bc : Seq.seq t_T'0) (c : t_I'0) : () - - - axiom produces_trans'0_spec : forall a : t_I'0, ab : Seq.seq t_T'0, b : t_I'0, bc : Seq.seq t_T'0, c : t_I'0 . ([%#scommon4] inv'2 a) - -> ([%#scommon5] inv'2 b) - -> ([%#scommon6] inv'2 c) - -> ([%#scommon7] produces'1 a ab b) - -> ([%#scommon8] produces'1 b bc c) -> ([%#scommon9] produces'1 a (Seq.(++) ab bc) c) - - function produces_refl'1 [#"common.rs" 16 4 16 27] (self : t_I'0) : () - - axiom produces_refl'1_spec : forall self : t_I'0 . ([%#scommon2] inv'2 self) - -> ([%#scommon3] produces'1 self (Seq.empty : Seq.seq t_T'0) self) - - use seq.Seq + use prelude.prelude.Int use seq.Seq use seq.Seq predicate produces'0 [#"14_copied.rs" 28 4 28 64] (self : t_Copied'0) (visited : Seq.seq t_T'0) (o : t_Copied'0) = - [%#s14_copied1] exists s : Seq.seq t_T'0 . inv'1 s - /\ produces'1 self.t_Copied__iter'0 s o.t_Copied__iter'0 + [%#s14_copied1] exists s : Seq.seq t_T'0 . produces'1 self.t_Copied__iter'0 s o.t_Copied__iter'0 /\ Seq.length visited = Seq.length s /\ (forall i : int . 0 <= i /\ i < Seq.length s -> Seq.get visited i = Seq.get s i) - goal refines : [%#s14_copied0] forall self : t_Copied'0 . inv'0 self - -> inv'0 self - /\ (forall result : () . produces'0 self (Seq.empty : Seq.seq t_T'0) self - -> produces'0 self (Seq.empty : Seq.seq t_T'0) self) + goal refines : [%#s14_copied0] forall self : t_Copied'0 . forall result : () . produces'0 self (Seq.empty : Seq.seq t_T'0) self + -> produces'0 self (Seq.empty : Seq.seq t_T'0) self end diff --git a/creusot/tests/should_succeed/iterators/14_copied.rs b/creusot/tests/should_succeed/iterators/14_copied.rs index 282e7c52f..e574b13bf 100644 --- a/creusot/tests/should_succeed/iterators/14_copied.rs +++ b/creusot/tests/should_succeed/iterators/14_copied.rs @@ -1,7 +1,7 @@ #![feature(slice_take)] extern crate creusot_contracts; -use creusot_contracts::{invariant::inv, *}; +use creusot_contracts::*; mod common; use common::Iterator; @@ -27,8 +27,8 @@ where #[predicate(prophetic)] fn produces(self, visited: Seq, o: Self) -> bool { pearlite! { - exists> inv(s) - && self.iter.produces(s, o.iter) + exists> + self.iter.produces(s, o.iter) && visited.len() == s.len() && forall 0 <= i && i < s.len() ==> visited[i] == *s[i] } @@ -36,15 +36,11 @@ where #[law] #[open] - #[requires(inv(self))] #[ensures(self.produces(Seq::EMPTY, self))] fn produces_refl(self) {} #[law] #[open] - #[requires(inv(a))] - #[requires(inv(b))] - #[requires(inv(c))] #[requires(a.produces(ab, b))] #[requires(b.produces(bc, c))] #[ensures(a.produces(ab.concat(bc), c))] diff --git a/creusot/tests/should_succeed/iterators/14_copied/why3session.xml b/creusot/tests/should_succeed/iterators/14_copied/why3session.xml index 385654b0b..74a342a80 100644 --- a/creusot/tests/should_succeed/iterators/14_copied/why3session.xml +++ b/creusot/tests/should_succeed/iterators/14_copied/why3session.xml @@ -13,7 +13,7 @@ - + @@ -23,7 +23,7 @@ - + @@ -33,7 +33,7 @@ - + diff --git a/creusot/tests/should_succeed/iterators/14_copied/why3shapes.gz b/creusot/tests/should_succeed/iterators/14_copied/why3shapes.gz index bc5af80efcf65354e69266fd2a7f53ea1cbad389..5c966b1d6ea8245abae1ba5223478bc343807d7d 100644 GIT binary patch literal 722 zcmV;@0xkU?iwFP!00000|E*I^kJ~s5z57?>mTq$q^{oYZ2!b{2OZTt~>t3D?bQ=&p6!{JGJa&wnIz>01B24A(6n zqumYx1fpC* zdwxb_FGEBiOJ|ToKwV8uzh%hB1cp4F!OD3NFD+yDs~M>`j6k^_51^d}VbkQ$)8Y8F zZNiof$8ZEjhvPr(IcyoC8@m8>=?szy0N)>|Y|ocd=;O5z;4ZarqWs=G=mK~>$*X)Kyg1D^jc;_`j*bU!%>kl#?cv>i~-bJ6o$^fG~?851;`bOs9(VdC6; zFd*8OX$fpPgJ~~@YdtImOq*fi3f|CqH-Nv~d`fTV%`8=PVqt)InMW+r8%iF0Rv-JU zmOi`LXSF=W?q_kE(-#DL4|2ATjJdnR*w?P4hk~rqL_$`k5{7$U zIlU2?8WOA0YVA#F3>Q*MUMOprD@c2-f)%t8nI00Q0nHV&rt%s*2c-bG2TR^c0u~j4 zX8;+n%w;w+Nok#N#*w1fBPdsCrYyKpy3*MyN`uS5W?(YV8K?|o24Xnv2PG{TevStK E0MrCo<^TWy literal 947 zcmV;k15ErMiwFP!00000|E-oykJ~m7hVS|nzPX7noZ)wY91NoZeQ6H`cr_@AN`%;! zV>?^)-xstrw4}{0P$a(i1vxV&-+6|+zkOWYzJyD>tzP2w*7fJ#S8Da~L$M3p`DKkB z!u_!8FI{ZbY<>FbJ^S|9VV;#FiX_6d3+MY9Jq`iFV@YBf0G5YfHXE^BvV@mic3`vdfF6VgxopB@Yto0T zcvf;d&wQlu`68#^_%(IP^qKWOgv};|DpYl-squkCMWWu%b5g==X(%vyD&L&gx5&w0 zFam@90x%?jA)hPngCP?blXG!mK@$r)u`rzp7_X+%pk}ogi*YV6jbT>B?jClBKl^iB zGny72c890 zfA*k4+nvL4NXkDry7aTf^^c1`r$J<%#k?KtF+Hh=v!3Fs73RSsRmtV@3M&_n_0Z)! zN3xtZNYT5c=-pCt3^ZY&2?IT89}pUJU+~@#@rH;u<9Iw?iN$;nMJ7{Z78J3!cvw=T z7QXY$9?$H}{@A65VTiG*OIa;AA3c&DMw5~%7MSSwG0_uD5C{`JIWDs8ct~XX@W~^4 zZX#~OCl3>s5&!s$mWEE`oZ%GvFc6JV4lbA z8V`CX0RJatKXvQJnTJDnkJp)JsZMwP60hC;&^6(6OkW;!4Nv}_u)kMn>ON0ppSZ&K zuSqgw^oIZZ0rQ+28vgg{ANQ*$MnK@lEjKc#wpwXtW(hR{YieyPUfHUFP(_15HjRkNqP20Q9Y_bl z0e657zyWi%uv}HlG<9f0&8&^46-wx!WW|i(6{NJ~$wUP$Xak{cO&g+aA;{LC#?U~W zu7c8`aL65^LvY9(SO>;|E|{q6mdCc`O$(}ywlW$a2GKMic*R!QapkylTsY1hN5{c& V=FmDc4z)v7{0IDqYZGD%000M~&XWKD diff --git a/creusot/tests/should_succeed/iterators/15_enumerate.coma b/creusot/tests/should_succeed/iterators/15_enumerate.coma index 2f165de4c..bf6cf12cc 100644 --- a/creusot/tests/should_succeed/iterators/15_enumerate.coma +++ b/creusot/tests/should_succeed/iterators/15_enumerate.coma @@ -1,29 +1,17 @@ -module M_15_enumerate__qyi17057287782225696128__produces_refl [#"15_enumerate.rs" 45 4 45 26] (* as common::Iterator> *) - let%span s15_enumerate0 = "15_enumerate.rs" 43 15 43 24 - let%span s15_enumerate1 = "15_enumerate.rs" 44 14 44 45 - let%span s15_enumerate2 = "15_enumerate.rs" 41 4 41 10 - let%span s15_enumerate3 = "15_enumerate.rs" 33 12 37 116 - let%span scommon4 = "common.rs" 14 15 14 24 - let%span scommon5 = "common.rs" 15 14 15 45 - let%span scommon6 = "common.rs" 19 15 19 21 - let%span scommon7 = "common.rs" 20 15 20 21 - let%span scommon8 = "common.rs" 21 15 21 21 - let%span scommon9 = "common.rs" 22 15 22 32 - let%span scommon10 = "common.rs" 23 15 23 32 - let%span scommon11 = "common.rs" 24 14 24 42 - let%span s15_enumerate12 = "15_enumerate.rs" 81 12 86 43 - let%span sseq13 = "../../../../creusot-contracts/src/logic/seq.rs" 611 20 611 95 - let%span sinvariant14 = "../../../../creusot-contracts/src/invariant.rs" 34 20 34 44 - let%span sboxed15 = "../../../../creusot-contracts/src/std/boxed.rs" 28 8 28 18 +module M_15_enumerate__qyi17057287782225696128__produces_refl [#"15_enumerate.rs" 41 4 41 26] (* as common::Iterator> *) + let%span s15_enumerate0 = "15_enumerate.rs" 40 14 40 45 + let%span s15_enumerate1 = "15_enumerate.rs" 38 4 38 10 + let%span s15_enumerate2 = "15_enumerate.rs" 30 12 34 116 + let%span scommon3 = "common.rs" 14 14 14 45 + let%span scommon4 = "common.rs" 18 15 18 32 + let%span scommon5 = "common.rs" 19 15 19 32 + let%span scommon6 = "common.rs" 20 14 20 42 - type t_I'0 + use seq.Seq use prelude.prelude.UIntSize - type t_Enumerate'0 = - { t_Enumerate__iter'0: t_I'0; t_Enumerate__count'0: usize } - - predicate inv'2 (_1 : t_I'0) + type t_I'0 use seq.Seq @@ -35,75 +23,26 @@ module M_15_enumerate__qyi17057287782225696128__produces_refl [#"15_enumerate.rs predicate produces'1 [#"common.rs" 8 4 8 65] (self : t_I'0) (visited : Seq.seq t_Item'0) (o : t_I'0) - function produces_trans'0 [#"common.rs" 25 4 25 91] (a : t_I'0) (ab : Seq.seq t_Item'0) (b : t_I'0) (bc : Seq.seq t_Item'0) (c : t_I'0) : () + function produces_trans'0 [#"common.rs" 21 4 21 91] (a : t_I'0) (ab : Seq.seq t_Item'0) (b : t_I'0) (bc : Seq.seq t_Item'0) (c : t_I'0) : () - axiom produces_trans'0_spec : forall a : t_I'0, ab : Seq.seq t_Item'0, b : t_I'0, bc : Seq.seq t_Item'0, c : t_I'0 . ([%#scommon6] inv'2 a) - -> ([%#scommon7] inv'2 b) - -> ([%#scommon8] inv'2 c) - -> ([%#scommon9] produces'1 a ab b) - -> ([%#scommon10] produces'1 b bc c) -> ([%#scommon11] produces'1 a (Seq.(++) ab bc) c) + axiom produces_trans'0_spec : forall a : t_I'0, ab : Seq.seq t_Item'0, b : t_I'0, bc : Seq.seq t_Item'0, c : t_I'0 . ([%#scommon4] produces'1 a ab b) + -> ([%#scommon5] produces'1 b bc c) -> ([%#scommon6] produces'1 a (Seq.(++) ab bc) c) - function produces_refl'1 [#"common.rs" 16 4 16 27] (self : t_I'0) : () + function produces_refl'1 [#"common.rs" 15 4 15 27] (self : t_I'0) : () - axiom produces_refl'1_spec : forall self : t_I'0 . ([%#scommon4] inv'2 self) - -> ([%#scommon5] produces'1 self (Seq.empty : Seq.seq t_Item'0) self) - - use prelude.prelude.Int - - use seq.Seq + axiom produces_refl'1_spec : forall self : t_I'0 . [%#scommon3] produces'1 self (Seq.empty : Seq.seq t_Item'0) self use seq.Seq - predicate inv'5 (_1 : t_Item'0) - - predicate invariant'3 (self : t_Item'0) = - [%#sboxed15] inv'5 self - - predicate inv'4 (_1 : t_Item'0) - - axiom inv_axiom'3 [@rewrite] : forall x : t_Item'0 [inv'4 x] . inv'4 x = invariant'3 x - - predicate invariant'1 (self : Seq.seq t_Item'0) = - [%#sseq13] forall i : int . 0 <= i /\ i < Seq.length self -> inv'4 (Seq.get self i) - - predicate inv'1 (_1 : Seq.seq t_Item'0) + type t_Enumerate'0 = + { t_Enumerate__iter'0: t_I'0; t_Enumerate__count'0: usize } - axiom inv_axiom'1 [@rewrite] : forall x : Seq.seq t_Item'0 [inv'1 x] . inv'1 x = invariant'1 x + use seq.Seq use prelude.prelude.UIntSize - constant v_MAX'0 : usize = (18446744073709551615 : usize) - - use prelude.prelude.Borrow - - predicate invariant'2 (self : borrowed t_I'0) = - [%#sinvariant14] inv'2 self.current /\ inv'2 self.final - - predicate inv'3 (_1 : borrowed t_I'0) - - axiom inv_axiom'2 [@rewrite] : forall x : borrowed t_I'0 [inv'3 x] . inv'3 x = invariant'2 x - - predicate completed'0 [#"common.rs" 11 4 11 36] (self : borrowed t_I'0) - - predicate invariant'0 [#"15_enumerate.rs" 79 4 79 30] (self : t_Enumerate'0) = - [%#s15_enumerate12] (forall s : Seq.seq t_Item'0, i : t_I'0 [produces'1 self.t_Enumerate__iter'0 s i] . inv'1 s - /\ inv'2 i /\ produces'1 self.t_Enumerate__iter'0 s i - -> UIntSize.to_int self.t_Enumerate__count'0 + Seq.length s < UIntSize.to_int v_MAX'0) - /\ (forall i : borrowed t_I'0 . inv'3 i /\ completed'0 i - -> produces'1 i.current (Seq.empty : Seq.seq t_Item'0) i.final) - - predicate inv'0 (_1 : t_Enumerate'0) - - axiom inv_axiom'0 [@rewrite] : forall x : t_Enumerate'0 [inv'0 x] . inv'0 x - = (invariant'0 x - /\ match x with - | {t_Enumerate__iter'0 = iter ; t_Enumerate__count'0 = count} -> inv'2 iter - end) - - use seq.Seq - - use seq.Seq + use prelude.prelude.Int use seq.Seq @@ -111,13 +50,12 @@ module M_15_enumerate__qyi17057287782225696128__produces_refl [#"15_enumerate.rs use seq.Seq - predicate produces'0 [#"15_enumerate.rs" 31 4 31 64] (self : t_Enumerate'0) (visited : Seq.seq (usize, t_Item'0)) (o : t_Enumerate'0) + predicate produces'0 [#"15_enumerate.rs" 28 4 28 64] (self : t_Enumerate'0) (visited : Seq.seq (usize, t_Item'0)) (o : t_Enumerate'0) = - [%#s15_enumerate3] Seq.length visited + [%#s15_enumerate2] Seq.length visited = UIntSize.to_int o.t_Enumerate__count'0 - UIntSize.to_int self.t_Enumerate__count'0 - /\ (exists s : Seq.seq t_Item'0 . inv'1 s - /\ produces'1 self.t_Enumerate__iter'0 s o.t_Enumerate__iter'0 + /\ (exists s : Seq.seq t_Item'0 . produces'1 self.t_Enumerate__iter'0 s o.t_Enumerate__iter'0 /\ Seq.length visited = Seq.length s /\ (forall i : int . 0 <= i /\ i < Seq.length s -> UIntSize.to_int (let (a, _) = Seq.get visited i in a) = UIntSize.to_int self.t_Enumerate__count'0 + i @@ -125,32 +63,20 @@ module M_15_enumerate__qyi17057287782225696128__produces_refl [#"15_enumerate.rs constant self : t_Enumerate'0 - function produces_refl'0 [#"15_enumerate.rs" 45 4 45 26] (self : t_Enumerate'0) : () + function produces_refl'0 [#"15_enumerate.rs" 41 4 41 26] (self : t_Enumerate'0) : () - goal vc_produces_refl'0 : ([%#s15_enumerate0] inv'0 self) - -> ([%#s15_enumerate1] produces'0 self (Seq.empty : Seq.seq (usize, t_Item'0)) self) + goal vc_produces_refl'0 : [%#s15_enumerate0] produces'0 self (Seq.empty : Seq.seq (usize, t_Item'0)) self end -module M_15_enumerate__qyi17057287782225696128__produces_trans [#"15_enumerate.rs" 55 4 55 90] (* as common::Iterator> *) - let%span s15_enumerate0 = "15_enumerate.rs" 49 15 49 21 - let%span s15_enumerate1 = "15_enumerate.rs" 50 15 50 21 - let%span s15_enumerate2 = "15_enumerate.rs" 51 15 51 21 - let%span s15_enumerate3 = "15_enumerate.rs" 52 15 52 32 - let%span s15_enumerate4 = "15_enumerate.rs" 53 15 53 32 - let%span s15_enumerate5 = "15_enumerate.rs" 54 14 54 42 - let%span s15_enumerate6 = "15_enumerate.rs" 47 4 47 10 - let%span s15_enumerate7 = "15_enumerate.rs" 33 12 37 116 - let%span scommon8 = "common.rs" 14 15 14 24 - let%span scommon9 = "common.rs" 15 14 15 45 - let%span scommon10 = "common.rs" 19 15 19 21 - let%span scommon11 = "common.rs" 20 15 20 21 - let%span scommon12 = "common.rs" 21 15 21 21 - let%span scommon13 = "common.rs" 22 15 22 32 - let%span scommon14 = "common.rs" 23 15 23 32 - let%span scommon15 = "common.rs" 24 14 24 42 - let%span s15_enumerate16 = "15_enumerate.rs" 81 12 86 43 - let%span sseq17 = "../../../../creusot-contracts/src/logic/seq.rs" 611 20 611 95 - let%span sinvariant18 = "../../../../creusot-contracts/src/invariant.rs" 34 20 34 44 - let%span sboxed19 = "../../../../creusot-contracts/src/std/boxed.rs" 28 8 28 18 +module M_15_enumerate__qyi17057287782225696128__produces_trans [#"15_enumerate.rs" 48 4 48 90] (* as common::Iterator> *) + let%span s15_enumerate0 = "15_enumerate.rs" 45 15 45 32 + let%span s15_enumerate1 = "15_enumerate.rs" 46 15 46 32 + let%span s15_enumerate2 = "15_enumerate.rs" 47 14 47 42 + let%span s15_enumerate3 = "15_enumerate.rs" 43 4 43 10 + let%span s15_enumerate4 = "15_enumerate.rs" 30 12 34 116 + let%span scommon5 = "common.rs" 14 14 14 45 + let%span scommon6 = "common.rs" 18 15 18 32 + let%span scommon7 = "common.rs" 19 15 19 32 + let%span scommon8 = "common.rs" 20 14 20 42 type t_I'0 @@ -159,8 +85,6 @@ module M_15_enumerate__qyi17057287782225696128__produces_trans [#"15_enumerate.r type t_Enumerate'0 = { t_Enumerate__iter'0: t_I'0; t_Enumerate__count'0: usize } - predicate inv'2 (_1 : t_I'0) - use seq.Seq use seq.Seq @@ -171,73 +95,23 @@ module M_15_enumerate__qyi17057287782225696128__produces_trans [#"15_enumerate.r predicate produces'1 [#"common.rs" 8 4 8 65] (self : t_I'0) (visited : Seq.seq t_Item'0) (o : t_I'0) - function produces_trans'1 [#"common.rs" 25 4 25 91] (a : t_I'0) (ab : Seq.seq t_Item'0) (b : t_I'0) (bc : Seq.seq t_Item'0) (c : t_I'0) : () + function produces_trans'1 [#"common.rs" 21 4 21 91] (a : t_I'0) (ab : Seq.seq t_Item'0) (b : t_I'0) (bc : Seq.seq t_Item'0) (c : t_I'0) : () - axiom produces_trans'1_spec : forall a : t_I'0, ab : Seq.seq t_Item'0, b : t_I'0, bc : Seq.seq t_Item'0, c : t_I'0 . ([%#scommon10] inv'2 a) - -> ([%#scommon11] inv'2 b) - -> ([%#scommon12] inv'2 c) - -> ([%#scommon13] produces'1 a ab b) - -> ([%#scommon14] produces'1 b bc c) -> ([%#scommon15] produces'1 a (Seq.(++) ab bc) c) - - function produces_refl'0 [#"common.rs" 16 4 16 27] (self : t_I'0) : () + axiom produces_trans'1_spec : forall a : t_I'0, ab : Seq.seq t_Item'0, b : t_I'0, bc : Seq.seq t_Item'0, c : t_I'0 . ([%#scommon6] produces'1 a ab b) + -> ([%#scommon7] produces'1 b bc c) -> ([%#scommon8] produces'1 a (Seq.(++) ab bc) c) - axiom produces_refl'0_spec : forall self : t_I'0 . ([%#scommon8] inv'2 self) - -> ([%#scommon9] produces'1 self (Seq.empty : Seq.seq t_Item'0) self) + function produces_refl'0 [#"common.rs" 15 4 15 27] (self : t_I'0) : () - use prelude.prelude.Int + axiom produces_refl'0_spec : forall self : t_I'0 . [%#scommon5] produces'1 self (Seq.empty : Seq.seq t_Item'0) self use seq.Seq use seq.Seq - predicate inv'5 (_1 : t_Item'0) - - predicate invariant'3 (self : t_Item'0) = - [%#sboxed19] inv'5 self - - predicate inv'4 (_1 : t_Item'0) - - axiom inv_axiom'3 [@rewrite] : forall x : t_Item'0 [inv'4 x] . inv'4 x = invariant'3 x - - predicate invariant'1 (self : Seq.seq t_Item'0) = - [%#sseq17] forall i : int . 0 <= i /\ i < Seq.length self -> inv'4 (Seq.get self i) - - predicate inv'1 (_1 : Seq.seq t_Item'0) - - axiom inv_axiom'1 [@rewrite] : forall x : Seq.seq t_Item'0 [inv'1 x] . inv'1 x = invariant'1 x - use prelude.prelude.UIntSize - constant v_MAX'0 : usize = (18446744073709551615 : usize) - - use prelude.prelude.Borrow - - predicate invariant'2 (self : borrowed t_I'0) = - [%#sinvariant18] inv'2 self.current /\ inv'2 self.final - - predicate inv'3 (_1 : borrowed t_I'0) - - axiom inv_axiom'2 [@rewrite] : forall x : borrowed t_I'0 [inv'3 x] . inv'3 x = invariant'2 x - - predicate completed'0 [#"common.rs" 11 4 11 36] (self : borrowed t_I'0) - - predicate invariant'0 [#"15_enumerate.rs" 79 4 79 30] (self : t_Enumerate'0) = - [%#s15_enumerate16] (forall s : Seq.seq t_Item'0, i : t_I'0 [produces'1 self.t_Enumerate__iter'0 s i] . inv'1 s - /\ inv'2 i /\ produces'1 self.t_Enumerate__iter'0 s i - -> UIntSize.to_int self.t_Enumerate__count'0 + Seq.length s < UIntSize.to_int v_MAX'0) - /\ (forall i : borrowed t_I'0 . inv'3 i /\ completed'0 i - -> produces'1 i.current (Seq.empty : Seq.seq t_Item'0) i.final) - - predicate inv'0 (_1 : t_Enumerate'0) - - axiom inv_axiom'0 [@rewrite] : forall x : t_Enumerate'0 [inv'0 x] . inv'0 x - = (invariant'0 x - /\ match x with - | {t_Enumerate__iter'0 = iter ; t_Enumerate__count'0 = count} -> inv'2 iter - end) - - use seq.Seq + use prelude.prelude.Int use seq.Seq @@ -245,13 +119,12 @@ module M_15_enumerate__qyi17057287782225696128__produces_trans [#"15_enumerate.r use seq.Seq - predicate produces'0 [#"15_enumerate.rs" 31 4 31 64] (self : t_Enumerate'0) (visited : Seq.seq (usize, t_Item'0)) (o : t_Enumerate'0) + predicate produces'0 [#"15_enumerate.rs" 28 4 28 64] (self : t_Enumerate'0) (visited : Seq.seq (usize, t_Item'0)) (o : t_Enumerate'0) = - [%#s15_enumerate7] Seq.length visited + [%#s15_enumerate4] Seq.length visited = UIntSize.to_int o.t_Enumerate__count'0 - UIntSize.to_int self.t_Enumerate__count'0 - /\ (exists s : Seq.seq t_Item'0 . inv'1 s - /\ produces'1 self.t_Enumerate__iter'0 s o.t_Enumerate__iter'0 + /\ (exists s : Seq.seq t_Item'0 . produces'1 self.t_Enumerate__iter'0 s o.t_Enumerate__iter'0 /\ Seq.length visited = Seq.length s /\ (forall i : int . 0 <= i /\ i < Seq.length s -> UIntSize.to_int (let (a, _) = Seq.get visited i in a) = UIntSize.to_int self.t_Enumerate__count'0 + i @@ -269,38 +142,29 @@ module M_15_enumerate__qyi17057287782225696128__produces_trans [#"15_enumerate.r constant c : t_Enumerate'0 - function produces_trans'0 [#"15_enumerate.rs" 55 4 55 90] (a : t_Enumerate'0) (ab : Seq.seq (usize, t_Item'0)) (b : t_Enumerate'0) (bc : Seq.seq (usize, t_Item'0)) (c : t_Enumerate'0) : () + function produces_trans'0 [#"15_enumerate.rs" 48 4 48 90] (a : t_Enumerate'0) (ab : Seq.seq (usize, t_Item'0)) (b : t_Enumerate'0) (bc : Seq.seq (usize, t_Item'0)) (c : t_Enumerate'0) : () - goal vc_produces_trans'0 : ([%#s15_enumerate4] produces'0 b bc c) - -> ([%#s15_enumerate3] produces'0 a ab b) - -> ([%#s15_enumerate2] inv'0 c) - -> ([%#s15_enumerate1] inv'0 b) - -> ([%#s15_enumerate0] inv'0 a) -> ([%#s15_enumerate5] produces'0 a (Seq.(++) ab bc) c) + goal vc_produces_trans'0 : ([%#s15_enumerate1] produces'0 b bc c) + -> ([%#s15_enumerate0] produces'0 a ab b) -> ([%#s15_enumerate2] produces'0 a (Seq.(++) ab bc) c) end -module M_15_enumerate__qyi17057287782225696128__next [#"15_enumerate.rs" 61 4 61 44] (* as common::Iterator> *) - let%span s15_enumerate0 = "15_enumerate.rs" 66 30 66 31 - let%span s15_enumerate1 = "15_enumerate.rs" 61 17 61 21 - let%span s15_enumerate2 = "15_enumerate.rs" 61 26 61 44 - let%span s15_enumerate3 = "15_enumerate.rs" 57 14 60 5 - let%span scommon4 = "common.rs" 31 17 31 21 - let%span scommon5 = "common.rs" 31 26 31 44 - let%span scommon6 = "common.rs" 27 14 30 5 - let%span s15_enumerate7 = "15_enumerate.rs" 26 8 26 74 - let%span s15_enumerate8 = "15_enumerate.rs" 33 12 37 116 - let%span scommon9 = "common.rs" 14 15 14 24 - let%span scommon10 = "common.rs" 15 14 15 45 - let%span scommon11 = "common.rs" 19 15 19 21 - let%span scommon12 = "common.rs" 20 15 20 21 - let%span scommon13 = "common.rs" 21 15 21 21 - let%span scommon14 = "common.rs" 22 15 22 32 - let%span scommon15 = "common.rs" 23 15 23 32 - let%span scommon16 = "common.rs" 24 14 24 42 - let%span sresolve17 = "../../../../creusot-contracts/src/resolve.rs" 54 20 54 34 - let%span sinvariant18 = "../../../../creusot-contracts/src/invariant.rs" 34 20 34 44 - let%span sseq19 = "../../../../creusot-contracts/src/logic/seq.rs" 611 20 611 95 - let%span s15_enumerate20 = "15_enumerate.rs" 81 12 86 43 - let%span sboxed21 = "../../../../creusot-contracts/src/std/boxed.rs" 28 8 28 18 +module M_15_enumerate__qyi17057287782225696128__next [#"15_enumerate.rs" 54 4 54 44] (* as common::Iterator> *) + let%span s15_enumerate0 = "15_enumerate.rs" 59 30 59 31 + let%span s15_enumerate1 = "15_enumerate.rs" 54 17 54 21 + let%span s15_enumerate2 = "15_enumerate.rs" 54 26 54 44 + let%span s15_enumerate3 = "15_enumerate.rs" 50 14 53 5 + let%span scommon4 = "common.rs" 27 17 27 21 + let%span scommon5 = "common.rs" 27 26 27 44 + let%span scommon6 = "common.rs" 23 14 26 5 + let%span s15_enumerate7 = "15_enumerate.rs" 23 8 23 74 + let%span s15_enumerate8 = "15_enumerate.rs" 30 12 34 116 + let%span scommon9 = "common.rs" 14 14 14 45 + let%span scommon10 = "common.rs" 18 15 18 32 + let%span scommon11 = "common.rs" 19 15 19 32 + let%span scommon12 = "common.rs" 20 14 20 42 + let%span sresolve13 = "../../../../creusot-contracts/src/resolve.rs" 54 20 54 34 + let%span sinvariant14 = "../../../../creusot-contracts/src/invariant.rs" 34 20 34 44 + let%span s15_enumerate15 = "15_enumerate.rs" 74 12 78 79 use prelude.prelude.Borrow @@ -323,22 +187,18 @@ module M_15_enumerate__qyi17057287782225696128__next [#"15_enumerate.rs" 61 4 61 predicate produces'1 [#"common.rs" 8 4 8 65] (self : t_I'0) (visited : Seq.seq t_Item'0) (o : t_I'0) - function produces_trans'0 [#"common.rs" 25 4 25 91] (a : t_I'0) (ab : Seq.seq t_Item'0) (b : t_I'0) (bc : Seq.seq t_Item'0) (c : t_I'0) : () + function produces_trans'0 [#"common.rs" 21 4 21 91] (a : t_I'0) (ab : Seq.seq t_Item'0) (b : t_I'0) (bc : Seq.seq t_Item'0) (c : t_I'0) : () - axiom produces_trans'0_spec : forall a : t_I'0, ab : Seq.seq t_Item'0, b : t_I'0, bc : Seq.seq t_Item'0, c : t_I'0 . ([%#scommon11] inv'0 a) - -> ([%#scommon12] inv'0 b) - -> ([%#scommon13] inv'0 c) - -> ([%#scommon14] produces'1 a ab b) - -> ([%#scommon15] produces'1 b bc c) -> ([%#scommon16] produces'1 a (Seq.(++) ab bc) c) + axiom produces_trans'0_spec : forall a : t_I'0, ab : Seq.seq t_Item'0, b : t_I'0, bc : Seq.seq t_Item'0, c : t_I'0 . ([%#scommon10] produces'1 a ab b) + -> ([%#scommon11] produces'1 b bc c) -> ([%#scommon12] produces'1 a (Seq.(++) ab bc) c) - function produces_refl'0 [#"common.rs" 16 4 16 27] (self : t_I'0) : () + function produces_refl'0 [#"common.rs" 15 4 15 27] (self : t_I'0) : () - axiom produces_refl'0_spec : forall self : t_I'0 . ([%#scommon9] inv'0 self) - -> ([%#scommon10] produces'1 self (Seq.empty : Seq.seq t_Item'0) self) + axiom produces_refl'0_spec : forall self : t_I'0 . [%#scommon9] produces'1 self (Seq.empty : Seq.seq t_Item'0) self predicate invariant'1 (self : borrowed t_I'0) = - [%#sinvariant18] inv'0 self.current /\ inv'0 self.final + [%#sinvariant14] inv'0 self.current /\ inv'0 self.final predicate inv'3 (_1 : borrowed t_I'0) @@ -348,14 +208,14 @@ module M_15_enumerate__qyi17057287782225696128__next [#"15_enumerate.rs" 61 4 61 | C_None'0 | C_Some'0 t_Item'0 - predicate inv'7 (_1 : t_Item'0) + predicate inv'6 (_1 : t_Item'0) predicate inv'4 (_1 : t_Option'0) axiom inv_axiom'3 [@rewrite] : forall x : t_Option'0 [inv'4 x] . inv'4 x = match x with | C_None'0 -> true - | C_Some'0 a_0 -> inv'7 a_0 + | C_Some'0 a_0 -> inv'6 a_0 end predicate completed'1 [#"common.rs" 11 4 11 36] (self : borrowed t_I'0) @@ -377,54 +237,36 @@ module M_15_enumerate__qyi17057287782225696128__next [#"15_enumerate.rs" 61 4 61 | bad -> {forall field_0 : t_Item'0 [C_Some'0 field_0 : t_Option'0] . C_Some'0 field_0 <> input} (! {false} any) ] - use prelude.prelude.Int - - use seq.Seq + use prelude.prelude.UIntSize use seq.Seq - predicate invariant'4 (self : t_Item'0) = - [%#sboxed21] inv'7 self - - predicate inv'9 (_1 : t_Item'0) - - axiom inv_axiom'7 [@rewrite] : forall x : t_Item'0 [inv'9 x] . inv'9 x = invariant'4 x - - predicate invariant'2 (self : Seq.seq t_Item'0) = - [%#sseq19] forall i : int . 0 <= i /\ i < Seq.length self -> inv'9 (Seq.get self i) - - predicate inv'5 (_1 : Seq.seq t_Item'0) - - axiom inv_axiom'4 [@rewrite] : forall x : Seq.seq t_Item'0 [inv'5 x] . inv'5 x = invariant'2 x - - use prelude.prelude.UIntSize + use prelude.prelude.Int constant v_MAX'0 : usize = (18446744073709551615 : usize) - predicate invariant'3 [#"15_enumerate.rs" 79 4 79 30] (self : t_Enumerate'0) = - [%#s15_enumerate20] (forall s : Seq.seq t_Item'0, i : t_I'0 [produces'1 self.t_Enumerate__iter'0 s i] . inv'5 s - /\ inv'0 i /\ produces'1 self.t_Enumerate__iter'0 s i + predicate invariant'2 [#"15_enumerate.rs" 72 4 72 30] (self : t_Enumerate'0) = + [%#s15_enumerate15] (forall s : Seq.seq t_Item'0, i : t_I'0 [produces'1 self.t_Enumerate__iter'0 s i] . produces'1 self.t_Enumerate__iter'0 s i -> UIntSize.to_int self.t_Enumerate__count'0 + Seq.length s < UIntSize.to_int v_MAX'0) - /\ (forall i : borrowed t_I'0 . inv'3 i /\ completed'1 i - -> produces'1 i.current (Seq.empty : Seq.seq t_Item'0) i.final) + /\ (forall i : borrowed t_I'0 . completed'1 i -> produces'1 i.current (Seq.empty : Seq.seq t_Item'0) i.final) - predicate inv'8 (_1 : t_Enumerate'0) + predicate inv'7 (_1 : t_Enumerate'0) - axiom inv_axiom'6 [@rewrite] : forall x : t_Enumerate'0 [inv'8 x] . inv'8 x - = (invariant'3 x + axiom inv_axiom'5 [@rewrite] : forall x : t_Enumerate'0 [inv'7 x] . inv'7 x + = (invariant'2 x /\ match x with | {t_Enumerate__iter'0 = iter ; t_Enumerate__count'0 = count} -> inv'0 iter end) predicate invariant'0 (self : borrowed (t_Enumerate'0)) = - [%#sinvariant18] inv'8 self.current /\ inv'8 self.final + [%#sinvariant14] inv'7 self.current /\ inv'7 self.final predicate inv'1 (_1 : borrowed (t_Enumerate'0)) axiom inv_axiom'0 [@rewrite] : forall x : borrowed (t_Enumerate'0) [inv'1 x] . inv'1 x = invariant'0 x predicate resolve'1 (self : borrowed (t_Enumerate'0)) = - [%#sresolve17] self.final = self.current + [%#sresolve13] self.final = self.current predicate resolve'0 (_1 : borrowed (t_Enumerate'0)) = resolve'1 _1 @@ -435,22 +277,22 @@ module M_15_enumerate__qyi17057287782225696128__next [#"15_enumerate.rs" 61 4 61 use prelude.prelude.Intrinsic - predicate inv'6 (_1 : (usize, t_Item'0)) + predicate inv'5 (_1 : (usize, t_Item'0)) - axiom inv_axiom'5 [@rewrite] : forall x : (usize, t_Item'0) [inv'6 x] . inv'6 x = (let (x0, x1) = x in inv'7 x1) + axiom inv_axiom'4 [@rewrite] : forall x : (usize, t_Item'0) [inv'5 x] . inv'5 x = (let (x0, x1) = x in inv'6 x1) predicate inv'2 (_1 : t_Option'1) axiom inv_axiom'1 [@rewrite] : forall x : t_Option'1 [inv'2 x] . inv'2 x = match x with | C_None'1 -> true - | C_Some'1 a_0 -> inv'6 a_0 + | C_Some'1 a_0 -> inv'5 a_0 end predicate resolve'2 (self : borrowed usize) = - [%#sresolve17] self.final = self.current + [%#sresolve13] self.final = self.current - predicate completed'0 [#"15_enumerate.rs" 25 4 25 35] (self : borrowed (t_Enumerate'0)) = + predicate completed'0 [#"15_enumerate.rs" 22 4 22 35] (self : borrowed (t_Enumerate'0)) = [%#s15_enumerate7] completed'1 (Borrow.borrow_logic (self.current).t_Enumerate__iter'0 (self.final).t_Enumerate__iter'0 (Borrow.inherit_id (Borrow.get_id self) 1)) /\ resolve'2 (Borrow.borrow_logic (self.current).t_Enumerate__count'0 (self.final).t_Enumerate__count'0 (Borrow.inherit_id (Borrow.get_id self) 2)) @@ -464,13 +306,12 @@ module M_15_enumerate__qyi17057287782225696128__next [#"15_enumerate.rs" 61 4 61 use seq.Seq - predicate produces'0 [#"15_enumerate.rs" 31 4 31 64] (self : t_Enumerate'0) (visited : Seq.seq (usize, t_Item'0)) (o : t_Enumerate'0) + predicate produces'0 [#"15_enumerate.rs" 28 4 28 64] (self : t_Enumerate'0) (visited : Seq.seq (usize, t_Item'0)) (o : t_Enumerate'0) = [%#s15_enumerate8] Seq.length visited = UIntSize.to_int o.t_Enumerate__count'0 - UIntSize.to_int self.t_Enumerate__count'0 - /\ (exists s : Seq.seq t_Item'0 . inv'5 s - /\ produces'1 self.t_Enumerate__iter'0 s o.t_Enumerate__iter'0 + /\ (exists s : Seq.seq t_Item'0 . produces'1 self.t_Enumerate__iter'0 s o.t_Enumerate__iter'0 /\ Seq.length visited = Seq.length s /\ (forall i : int . 0 <= i /\ i < Seq.length s -> UIntSize.to_int (let (a, _) = Seq.get visited i in a) = UIntSize.to_int self.t_Enumerate__count'0 + i @@ -528,25 +369,18 @@ module M_15_enumerate__qyi17057287782225696128__next [#"15_enumerate.rs" 61 4 61 (! return' {result}) ] end -module M_15_enumerate__enumerate [#"15_enumerate.rs" 96 0 96 54] - let%span s15_enumerate0 = "15_enumerate.rs" 97 29 97 30 - let%span s15_enumerate1 = "15_enumerate.rs" 96 30 96 34 - let%span s15_enumerate2 = "15_enumerate.rs" 92 11 92 83 - let%span s15_enumerate3 = "15_enumerate.rs" 93 11 94 38 - let%span s15_enumerate4 = "15_enumerate.rs" 96 42 96 54 - let%span s15_enumerate5 = "15_enumerate.rs" 95 10 95 51 - let%span scommon6 = "common.rs" 14 15 14 24 - let%span scommon7 = "common.rs" 15 14 15 45 - let%span scommon8 = "common.rs" 19 15 19 21 - let%span scommon9 = "common.rs" 20 15 20 21 - let%span scommon10 = "common.rs" 21 15 21 21 - let%span scommon11 = "common.rs" 22 15 22 32 - let%span scommon12 = "common.rs" 23 15 23 32 - let%span scommon13 = "common.rs" 24 14 24 42 - let%span sinvariant14 = "../../../../creusot-contracts/src/invariant.rs" 34 20 34 44 - let%span sseq15 = "../../../../creusot-contracts/src/logic/seq.rs" 611 20 611 95 - let%span s15_enumerate16 = "15_enumerate.rs" 81 12 86 43 - let%span sboxed17 = "../../../../creusot-contracts/src/std/boxed.rs" 28 8 28 18 +module M_15_enumerate__enumerate [#"15_enumerate.rs" 87 0 87 54] + let%span s15_enumerate0 = "15_enumerate.rs" 88 29 88 30 + let%span s15_enumerate1 = "15_enumerate.rs" 87 30 87 34 + let%span s15_enumerate2 = "15_enumerate.rs" 84 11 84 73 + let%span s15_enumerate3 = "15_enumerate.rs" 85 11 85 91 + let%span s15_enumerate4 = "15_enumerate.rs" 87 42 87 54 + let%span s15_enumerate5 = "15_enumerate.rs" 86 10 86 51 + let%span scommon6 = "common.rs" 14 14 14 45 + let%span scommon7 = "common.rs" 18 15 18 32 + let%span scommon8 = "common.rs" 19 15 19 32 + let%span scommon9 = "common.rs" 20 14 20 42 + let%span s15_enumerate10 = "15_enumerate.rs" 74 12 78 79 use prelude.prelude.UIntSize @@ -561,13 +395,6 @@ module M_15_enumerate__enumerate [#"15_enumerate.rs" 96 0 96 54] use prelude.prelude.Borrow - predicate invariant'0 (self : borrowed t_I'0) = - [%#sinvariant14] inv'0 self.current /\ inv'0 self.final - - predicate inv'1 (_1 : borrowed t_I'0) - - axiom inv_axiom'0 [@rewrite] : forall x : borrowed t_I'0 [inv'1 x] . inv'1 x = invariant'0 x - use seq.Seq use seq.Seq @@ -578,59 +405,35 @@ module M_15_enumerate__enumerate [#"15_enumerate.rs" 96 0 96 54] predicate produces'0 [#"common.rs" 8 4 8 65] (self : t_I'0) (visited : Seq.seq t_Item'0) (o : t_I'0) - function produces_trans'0 [#"common.rs" 25 4 25 91] (a : t_I'0) (ab : Seq.seq t_Item'0) (b : t_I'0) (bc : Seq.seq t_Item'0) (c : t_I'0) : () + function produces_trans'0 [#"common.rs" 21 4 21 91] (a : t_I'0) (ab : Seq.seq t_Item'0) (b : t_I'0) (bc : Seq.seq t_Item'0) (c : t_I'0) : () - axiom produces_trans'0_spec : forall a : t_I'0, ab : Seq.seq t_Item'0, b : t_I'0, bc : Seq.seq t_Item'0, c : t_I'0 . ([%#scommon8] inv'0 a) - -> ([%#scommon9] inv'0 b) - -> ([%#scommon10] inv'0 c) - -> ([%#scommon11] produces'0 a ab b) - -> ([%#scommon12] produces'0 b bc c) -> ([%#scommon13] produces'0 a (Seq.(++) ab bc) c) + axiom produces_trans'0_spec : forall a : t_I'0, ab : Seq.seq t_Item'0, b : t_I'0, bc : Seq.seq t_Item'0, c : t_I'0 . ([%#scommon7] produces'0 a ab b) + -> ([%#scommon8] produces'0 b bc c) -> ([%#scommon9] produces'0 a (Seq.(++) ab bc) c) - function produces_refl'0 [#"common.rs" 16 4 16 27] (self : t_I'0) : () + function produces_refl'0 [#"common.rs" 15 4 15 27] (self : t_I'0) : () - axiom produces_refl'0_spec : forall self : t_I'0 . ([%#scommon6] inv'0 self) - -> ([%#scommon7] produces'0 self (Seq.empty : Seq.seq t_Item'0) self) + axiom produces_refl'0_spec : forall self : t_I'0 . [%#scommon6] produces'0 self (Seq.empty : Seq.seq t_Item'0) self predicate completed'0 [#"common.rs" 11 4 11 36] (self : borrowed t_I'0) - use prelude.prelude.Int - - use seq.Seq - use seq.Seq - predicate inv'5 (_1 : t_Item'0) - - predicate invariant'3 (self : t_Item'0) = - [%#sboxed17] inv'5 self - - predicate inv'4 (_1 : t_Item'0) - - axiom inv_axiom'3 [@rewrite] : forall x : t_Item'0 [inv'4 x] . inv'4 x = invariant'3 x - - predicate invariant'1 (self : Seq.seq t_Item'0) = - [%#sseq15] forall i : int . 0 <= i /\ i < Seq.length self -> inv'4 (Seq.get self i) - - predicate inv'2 (_1 : Seq.seq t_Item'0) - - axiom inv_axiom'1 [@rewrite] : forall x : Seq.seq t_Item'0 [inv'2 x] . inv'2 x = invariant'1 x - constant v_MAX'0 : usize = (18446744073709551615 : usize) use prelude.prelude.UIntSize - predicate invariant'2 [#"15_enumerate.rs" 79 4 79 30] (self : t_Enumerate'0) = - [%#s15_enumerate16] (forall s : Seq.seq t_Item'0, i : t_I'0 [produces'0 self.t_Enumerate__iter'0 s i] . inv'2 s - /\ inv'0 i /\ produces'0 self.t_Enumerate__iter'0 s i + use prelude.prelude.Int + + predicate invariant'0 [#"15_enumerate.rs" 72 4 72 30] (self : t_Enumerate'0) = + [%#s15_enumerate10] (forall s : Seq.seq t_Item'0, i : t_I'0 [produces'0 self.t_Enumerate__iter'0 s i] . produces'0 self.t_Enumerate__iter'0 s i -> UIntSize.to_int self.t_Enumerate__count'0 + Seq.length s < UIntSize.to_int v_MAX'0) - /\ (forall i : borrowed t_I'0 . inv'1 i /\ completed'0 i - -> produces'0 i.current (Seq.empty : Seq.seq t_Item'0) i.final) + /\ (forall i : borrowed t_I'0 . completed'0 i -> produces'0 i.current (Seq.empty : Seq.seq t_Item'0) i.final) - predicate inv'3 (_1 : t_Enumerate'0) + predicate inv'1 (_1 : t_Enumerate'0) - axiom inv_axiom'2 [@rewrite] : forall x : t_Enumerate'0 [inv'3 x] . inv'3 x - = (invariant'2 x + axiom inv_axiom'0 [@rewrite] : forall x : t_Enumerate'0 [inv'1 x] . inv'1 x + = (invariant'0 x /\ match x with | {t_Enumerate__iter'0 = iter ; t_Enumerate__count'0 = count} -> inv'0 iter end) @@ -638,10 +441,10 @@ module M_15_enumerate__enumerate [#"15_enumerate.rs" 96 0 96 54] meta "compute_max_steps" 1000000 let rec enumerate'0 (iter:t_I'0) (return' (ret:t_Enumerate'0))= {[@expl:enumerate 'iter' type invariant] [%#s15_enumerate1] inv'0 iter} - {[@expl:enumerate requires #0] [%#s15_enumerate2] forall i : borrowed t_I'0 . inv'1 i /\ completed'0 i + {[@expl:enumerate requires #0] [%#s15_enumerate2] forall i : borrowed t_I'0 . completed'0 i -> produces'0 i.current (Seq.empty : Seq.seq t_Item'0) i.final} - {[@expl:enumerate requires #1] [%#s15_enumerate3] forall s : Seq.seq t_Item'0, i : t_I'0 . inv'2 s - /\ inv'0 i /\ produces'0 iter s i -> Seq.length s < UIntSize.to_int v_MAX'0} + {[@expl:enumerate requires #1] [%#s15_enumerate3] forall s : Seq.seq t_Item'0, i : t_I'0 . produces'0 iter s i + -> Seq.length s < UIntSize.to_int v_MAX'0} (! bb0 [ bb0 = bb1 | bb1 = bb2 @@ -652,29 +455,23 @@ module M_15_enumerate__enumerate [#"15_enumerate.rs" 96 0 96 54] | bb3 = bb4 | bb4 = return' {_0} ] ) [ & _0 : t_Enumerate'0 = any_l () | & iter : t_I'0 = iter ] - [ return' (result:t_Enumerate'0)-> {[@expl:enumerate result type invariant] [%#s15_enumerate4] inv'3 result} + [ return' (result:t_Enumerate'0)-> {[@expl:enumerate result type invariant] [%#s15_enumerate4] inv'1 result} {[@expl:enumerate ensures] [%#s15_enumerate5] result.t_Enumerate__iter'0 = iter /\ UIntSize.to_int result.t_Enumerate__count'0 = 0} (! return' {result}) ] end -module M_15_enumerate__qyi17057287782225696128__next__refines [#"15_enumerate.rs" 61 4 61 44] (* as common::Iterator> *) - let%span s15_enumerate0 = "15_enumerate.rs" 61 4 61 44 - let%span s15_enumerate1 = "15_enumerate.rs" 26 8 26 74 - let%span s15_enumerate2 = "15_enumerate.rs" 33 12 37 116 +module M_15_enumerate__qyi17057287782225696128__next__refines [#"15_enumerate.rs" 54 4 54 44] (* as common::Iterator> *) + let%span s15_enumerate0 = "15_enumerate.rs" 54 4 54 44 + let%span s15_enumerate1 = "15_enumerate.rs" 23 8 23 74 + let%span s15_enumerate2 = "15_enumerate.rs" 30 12 34 116 let%span sresolve3 = "../../../../creusot-contracts/src/resolve.rs" 54 20 54 34 let%span sinvariant4 = "../../../../creusot-contracts/src/invariant.rs" 34 20 34 44 - let%span scommon5 = "common.rs" 14 15 14 24 - let%span scommon6 = "common.rs" 15 14 15 45 - let%span scommon7 = "common.rs" 19 15 19 21 - let%span scommon8 = "common.rs" 20 15 20 21 - let%span scommon9 = "common.rs" 21 15 21 21 - let%span scommon10 = "common.rs" 22 15 22 32 - let%span scommon11 = "common.rs" 23 15 23 32 - let%span scommon12 = "common.rs" 24 14 24 42 - let%span sseq13 = "../../../../creusot-contracts/src/logic/seq.rs" 611 20 611 95 - let%span s15_enumerate14 = "15_enumerate.rs" 81 12 86 43 - let%span sboxed15 = "../../../../creusot-contracts/src/std/boxed.rs" 28 8 28 18 + let%span scommon5 = "common.rs" 14 14 14 45 + let%span scommon6 = "common.rs" 18 15 18 32 + let%span scommon7 = "common.rs" 19 15 19 32 + let%span scommon8 = "common.rs" 20 14 20 42 + let%span s15_enumerate9 = "15_enumerate.rs" 74 12 78 79 use prelude.prelude.Borrow @@ -685,8 +482,6 @@ module M_15_enumerate__qyi17057287782225696128__next__refines [#"15_enumerate.rs type t_Enumerate'0 = { t_Enumerate__iter'0: t_I'0; t_Enumerate__count'0: usize } - predicate inv'5 (_1 : t_I'0) - use seq.Seq use seq.Seq @@ -697,72 +492,43 @@ module M_15_enumerate__qyi17057287782225696128__next__refines [#"15_enumerate.rs predicate produces'1 [#"common.rs" 8 4 8 65] (self : t_I'0) (visited : Seq.seq t_Item'0) (o : t_I'0) - function produces_trans'0 [#"common.rs" 25 4 25 91] (a : t_I'0) (ab : Seq.seq t_Item'0) (b : t_I'0) (bc : Seq.seq t_Item'0) (c : t_I'0) : () + function produces_trans'0 [#"common.rs" 21 4 21 91] (a : t_I'0) (ab : Seq.seq t_Item'0) (b : t_I'0) (bc : Seq.seq t_Item'0) (c : t_I'0) : () - axiom produces_trans'0_spec : forall a : t_I'0, ab : Seq.seq t_Item'0, b : t_I'0, bc : Seq.seq t_Item'0, c : t_I'0 . ([%#scommon7] inv'5 a) - -> ([%#scommon8] inv'5 b) - -> ([%#scommon9] inv'5 c) - -> ([%#scommon10] produces'1 a ab b) - -> ([%#scommon11] produces'1 b bc c) -> ([%#scommon12] produces'1 a (Seq.(++) ab bc) c) - - function produces_refl'0 [#"common.rs" 16 4 16 27] (self : t_I'0) : () + axiom produces_trans'0_spec : forall a : t_I'0, ab : Seq.seq t_Item'0, b : t_I'0, bc : Seq.seq t_Item'0, c : t_I'0 . ([%#scommon6] produces'1 a ab b) + -> ([%#scommon7] produces'1 b bc c) -> ([%#scommon8] produces'1 a (Seq.(++) ab bc) c) - axiom produces_refl'0_spec : forall self : t_I'0 . ([%#scommon5] inv'5 self) - -> ([%#scommon6] produces'1 self (Seq.empty : Seq.seq t_Item'0) self) + function produces_refl'0 [#"common.rs" 15 4 15 27] (self : t_I'0) : () - use prelude.prelude.Int + axiom produces_refl'0_spec : forall self : t_I'0 . [%#scommon5] produces'1 self (Seq.empty : Seq.seq t_Item'0) self - use seq.Seq + use prelude.prelude.UIntSize use seq.Seq - predicate inv'7 (_1 : t_Item'0) - - predicate invariant'3 (self : t_Item'0) = - [%#sboxed15] inv'7 self - - predicate inv'6 (_1 : t_Item'0) - - axiom inv_axiom'5 [@rewrite] : forall x : t_Item'0 [inv'6 x] . inv'6 x = invariant'3 x - - predicate invariant'1 (self : Seq.seq t_Item'0) = - [%#sseq13] forall i : int . 0 <= i /\ i < Seq.length self -> inv'6 (Seq.get self i) - - predicate inv'2 (_1 : Seq.seq t_Item'0) - - axiom inv_axiom'2 [@rewrite] : forall x : Seq.seq t_Item'0 [inv'2 x] . inv'2 x = invariant'1 x - - use prelude.prelude.UIntSize + use prelude.prelude.Int constant v_MAX'0 : usize = (18446744073709551615 : usize) - predicate invariant'4 (self : borrowed t_I'0) = - [%#sinvariant4] inv'5 self.current /\ inv'5 self.final - - predicate inv'8 (_1 : borrowed t_I'0) - - axiom inv_axiom'6 [@rewrite] : forall x : borrowed t_I'0 [inv'8 x] . inv'8 x = invariant'4 x - predicate completed'1 [#"common.rs" 11 4 11 36] (self : borrowed t_I'0) - predicate invariant'2 [#"15_enumerate.rs" 79 4 79 30] (self : t_Enumerate'0) = - [%#s15_enumerate14] (forall s : Seq.seq t_Item'0, i : t_I'0 [produces'1 self.t_Enumerate__iter'0 s i] . inv'2 s - /\ inv'5 i /\ produces'1 self.t_Enumerate__iter'0 s i + predicate invariant'1 [#"15_enumerate.rs" 72 4 72 30] (self : t_Enumerate'0) = + [%#s15_enumerate9] (forall s : Seq.seq t_Item'0, i : t_I'0 [produces'1 self.t_Enumerate__iter'0 s i] . produces'1 self.t_Enumerate__iter'0 s i -> UIntSize.to_int self.t_Enumerate__count'0 + Seq.length s < UIntSize.to_int v_MAX'0) - /\ (forall i : borrowed t_I'0 . inv'8 i /\ completed'1 i - -> produces'1 i.current (Seq.empty : Seq.seq t_Item'0) i.final) + /\ (forall i : borrowed t_I'0 . completed'1 i -> produces'1 i.current (Seq.empty : Seq.seq t_Item'0) i.final) - predicate inv'4 (_1 : t_Enumerate'0) + predicate inv'5 (_1 : t_I'0) - axiom inv_axiom'4 [@rewrite] : forall x : t_Enumerate'0 [inv'4 x] . inv'4 x - = (invariant'2 x + predicate inv'3 (_1 : t_Enumerate'0) + + axiom inv_axiom'3 [@rewrite] : forall x : t_Enumerate'0 [inv'3 x] . inv'3 x + = (invariant'1 x /\ match x with | {t_Enumerate__iter'0 = iter ; t_Enumerate__count'0 = count} -> inv'5 iter end) predicate invariant'0 (self : borrowed (t_Enumerate'0)) = - [%#sinvariant4] inv'4 self.current /\ inv'4 self.final + [%#sinvariant4] inv'3 self.current /\ inv'3 self.final predicate inv'0 (_1 : borrowed (t_Enumerate'0)) @@ -775,7 +541,7 @@ module M_15_enumerate__qyi17057287782225696128__next__refines [#"15_enumerate.rs predicate resolve'0 (self : borrowed usize) = [%#sresolve3] self.final = self.current - predicate completed'0 [#"15_enumerate.rs" 25 4 25 35] (self : borrowed (t_Enumerate'0)) = + predicate completed'0 [#"15_enumerate.rs" 22 4 22 35] (self : borrowed (t_Enumerate'0)) = [%#s15_enumerate1] completed'1 (Borrow.borrow_logic (self.current).t_Enumerate__iter'0 (self.final).t_Enumerate__iter'0 (Borrow.inherit_id (Borrow.get_id self) 1)) /\ resolve'0 (Borrow.borrow_logic (self.current).t_Enumerate__count'0 (self.final).t_Enumerate__count'0 (Borrow.inherit_id (Borrow.get_id self) 2)) @@ -789,28 +555,29 @@ module M_15_enumerate__qyi17057287782225696128__next__refines [#"15_enumerate.rs use seq.Seq - predicate produces'0 [#"15_enumerate.rs" 31 4 31 64] (self : t_Enumerate'0) (visited : Seq.seq (usize, t_Item'0)) (o : t_Enumerate'0) + predicate produces'0 [#"15_enumerate.rs" 28 4 28 64] (self : t_Enumerate'0) (visited : Seq.seq (usize, t_Item'0)) (o : t_Enumerate'0) = [%#s15_enumerate2] Seq.length visited = UIntSize.to_int o.t_Enumerate__count'0 - UIntSize.to_int self.t_Enumerate__count'0 - /\ (exists s : Seq.seq t_Item'0 . inv'2 s - /\ produces'1 self.t_Enumerate__iter'0 s o.t_Enumerate__iter'0 + /\ (exists s : Seq.seq t_Item'0 . produces'1 self.t_Enumerate__iter'0 s o.t_Enumerate__iter'0 /\ Seq.length visited = Seq.length s /\ (forall i : int . 0 <= i /\ i < Seq.length s -> UIntSize.to_int (let (a, _) = Seq.get visited i in a) = UIntSize.to_int self.t_Enumerate__count'0 + i /\ (let (_, a) = Seq.get visited i in a) = Seq.get s i)) - predicate inv'3 (_1 : (usize, t_Item'0)) + predicate inv'4 (_1 : t_Item'0) + + predicate inv'2 (_1 : (usize, t_Item'0)) - axiom inv_axiom'3 [@rewrite] : forall x : (usize, t_Item'0) [inv'3 x] . inv'3 x = (let (x0, x1) = x in inv'7 x1) + axiom inv_axiom'2 [@rewrite] : forall x : (usize, t_Item'0) [inv'2 x] . inv'2 x = (let (x0, x1) = x in inv'4 x1) predicate inv'1 (_1 : t_Option'0) axiom inv_axiom'1 [@rewrite] : forall x : t_Option'0 [inv'1 x] . inv'1 x = match x with | C_None'0 -> true - | C_Some'0 a_0 -> inv'3 a_0 + | C_Some'0 a_0 -> inv'2 a_0 end goal refines : [%#s15_enumerate0] forall self : borrowed (t_Enumerate'0) . inv'0 self @@ -826,21 +593,13 @@ module M_15_enumerate__qyi17057287782225696128__next__refines [#"15_enumerate.rs end /\ inv'1 result) end -module M_15_enumerate__qyi17057287782225696128__produces_trans__refines [#"15_enumerate.rs" 55 4 55 90] (* as common::Iterator> *) - let%span s15_enumerate0 = "15_enumerate.rs" 55 4 55 90 - let%span s15_enumerate1 = "15_enumerate.rs" 33 12 37 116 - let%span scommon2 = "common.rs" 14 15 14 24 - let%span scommon3 = "common.rs" 15 14 15 45 - let%span scommon4 = "common.rs" 19 15 19 21 - let%span scommon5 = "common.rs" 20 15 20 21 - let%span scommon6 = "common.rs" 21 15 21 21 - let%span scommon7 = "common.rs" 22 15 22 32 - let%span scommon8 = "common.rs" 23 15 23 32 - let%span scommon9 = "common.rs" 24 14 24 42 - let%span s15_enumerate10 = "15_enumerate.rs" 81 12 86 43 - let%span sseq11 = "../../../../creusot-contracts/src/logic/seq.rs" 611 20 611 95 - let%span sinvariant12 = "../../../../creusot-contracts/src/invariant.rs" 34 20 34 44 - let%span sboxed13 = "../../../../creusot-contracts/src/std/boxed.rs" 28 8 28 18 +module M_15_enumerate__qyi17057287782225696128__produces_trans__refines [#"15_enumerate.rs" 48 4 48 90] (* as common::Iterator> *) + let%span s15_enumerate0 = "15_enumerate.rs" 48 4 48 90 + let%span s15_enumerate1 = "15_enumerate.rs" 30 12 34 116 + let%span scommon2 = "common.rs" 14 14 14 45 + let%span scommon3 = "common.rs" 18 15 18 32 + let%span scommon4 = "common.rs" 19 15 19 32 + let%span scommon5 = "common.rs" 20 14 20 42 type t_I'0 @@ -849,8 +608,6 @@ module M_15_enumerate__qyi17057287782225696128__produces_trans__refines [#"15_en type t_Enumerate'0 = { t_Enumerate__iter'0: t_I'0; t_Enumerate__count'0: usize } - predicate inv'2 (_1 : t_I'0) - use seq.Seq use seq.Seq @@ -861,19 +618,15 @@ module M_15_enumerate__qyi17057287782225696128__produces_trans__refines [#"15_en predicate produces'1 [#"common.rs" 8 4 8 65] (self : t_I'0) (visited : Seq.seq t_Item'0) (o : t_I'0) - function produces_trans'1 [#"common.rs" 25 4 25 91] (a : t_I'0) (ab : Seq.seq t_Item'0) (b : t_I'0) (bc : Seq.seq t_Item'0) (c : t_I'0) : () + function produces_trans'1 [#"common.rs" 21 4 21 91] (a : t_I'0) (ab : Seq.seq t_Item'0) (b : t_I'0) (bc : Seq.seq t_Item'0) (c : t_I'0) : () - axiom produces_trans'1_spec : forall a : t_I'0, ab : Seq.seq t_Item'0, b : t_I'0, bc : Seq.seq t_Item'0, c : t_I'0 . ([%#scommon4] inv'2 a) - -> ([%#scommon5] inv'2 b) - -> ([%#scommon6] inv'2 c) - -> ([%#scommon7] produces'1 a ab b) - -> ([%#scommon8] produces'1 b bc c) -> ([%#scommon9] produces'1 a (Seq.(++) ab bc) c) + axiom produces_trans'1_spec : forall a : t_I'0, ab : Seq.seq t_Item'0, b : t_I'0, bc : Seq.seq t_Item'0, c : t_I'0 . ([%#scommon3] produces'1 a ab b) + -> ([%#scommon4] produces'1 b bc c) -> ([%#scommon5] produces'1 a (Seq.(++) ab bc) c) - function produces_refl'0 [#"common.rs" 16 4 16 27] (self : t_I'0) : () + function produces_refl'0 [#"common.rs" 15 4 15 27] (self : t_I'0) : () - axiom produces_refl'0_spec : forall self : t_I'0 . ([%#scommon2] inv'2 self) - -> ([%#scommon3] produces'1 self (Seq.empty : Seq.seq t_Item'0) self) + axiom produces_refl'0_spec : forall self : t_I'0 . [%#scommon2] produces'1 self (Seq.empty : Seq.seq t_Item'0) self use seq.Seq @@ -887,90 +640,33 @@ module M_15_enumerate__qyi17057287782225696128__produces_trans__refines [#"15_en use seq.Seq - predicate inv'5 (_1 : t_Item'0) - - predicate invariant'3 (self : t_Item'0) = - [%#sboxed13] inv'5 self - - predicate inv'4 (_1 : t_Item'0) - - axiom inv_axiom'3 [@rewrite] : forall x : t_Item'0 [inv'4 x] . inv'4 x = invariant'3 x - - predicate invariant'1 (self : Seq.seq t_Item'0) = - [%#sseq11] forall i : int . 0 <= i /\ i < Seq.length self -> inv'4 (Seq.get self i) - - predicate inv'1 (_1 : Seq.seq t_Item'0) - - axiom inv_axiom'1 [@rewrite] : forall x : Seq.seq t_Item'0 [inv'1 x] . inv'1 x = invariant'1 x - - use seq.Seq - use seq.Seq - predicate produces'0 [#"15_enumerate.rs" 31 4 31 64] (self : t_Enumerate'0) (visited : Seq.seq (usize, t_Item'0)) (o : t_Enumerate'0) + predicate produces'0 [#"15_enumerate.rs" 28 4 28 64] (self : t_Enumerate'0) (visited : Seq.seq (usize, t_Item'0)) (o : t_Enumerate'0) = [%#s15_enumerate1] Seq.length visited = UIntSize.to_int o.t_Enumerate__count'0 - UIntSize.to_int self.t_Enumerate__count'0 - /\ (exists s : Seq.seq t_Item'0 . inv'1 s - /\ produces'1 self.t_Enumerate__iter'0 s o.t_Enumerate__iter'0 + /\ (exists s : Seq.seq t_Item'0 . produces'1 self.t_Enumerate__iter'0 s o.t_Enumerate__iter'0 /\ Seq.length visited = Seq.length s /\ (forall i : int . 0 <= i /\ i < Seq.length s -> UIntSize.to_int (let (a, _) = Seq.get visited i in a) = UIntSize.to_int self.t_Enumerate__count'0 + i /\ (let (_, a) = Seq.get visited i in a) = Seq.get s i)) - constant v_MAX'0 : usize = (18446744073709551615 : usize) - - use prelude.prelude.Borrow - - predicate invariant'2 (self : borrowed t_I'0) = - [%#sinvariant12] inv'2 self.current /\ inv'2 self.final - - predicate inv'3 (_1 : borrowed t_I'0) - - axiom inv_axiom'2 [@rewrite] : forall x : borrowed t_I'0 [inv'3 x] . inv'3 x = invariant'2 x - - predicate completed'0 [#"common.rs" 11 4 11 36] (self : borrowed t_I'0) - - predicate invariant'0 [#"15_enumerate.rs" 79 4 79 30] (self : t_Enumerate'0) = - [%#s15_enumerate10] (forall s : Seq.seq t_Item'0, i : t_I'0 [produces'1 self.t_Enumerate__iter'0 s i] . inv'1 s - /\ inv'2 i /\ produces'1 self.t_Enumerate__iter'0 s i - -> UIntSize.to_int self.t_Enumerate__count'0 + Seq.length s < UIntSize.to_int v_MAX'0) - /\ (forall i : borrowed t_I'0 . inv'3 i /\ completed'0 i - -> produces'1 i.current (Seq.empty : Seq.seq t_Item'0) i.final) - - predicate inv'0 (_1 : t_Enumerate'0) - - axiom inv_axiom'0 [@rewrite] : forall x : t_Enumerate'0 [inv'0 x] . inv'0 x - = (invariant'0 x - /\ match x with - | {t_Enumerate__iter'0 = iter ; t_Enumerate__count'0 = count} -> inv'2 iter - end) - use seq.Seq goal refines : [%#s15_enumerate0] forall a : t_Enumerate'0 . forall ab : Seq.seq (usize, t_Item'0) . forall b : t_Enumerate'0 . forall bc : Seq.seq (usize, t_Item'0) . forall c : t_Enumerate'0 . produces'0 b bc c - /\ produces'0 a ab b /\ inv'0 c /\ inv'0 b /\ inv'0 a - -> produces'0 b bc c /\ produces'0 a ab b - /\ inv'0 c - /\ inv'0 b /\ inv'0 a /\ (forall result : () . produces'0 a (Seq.(++) ab bc) c -> produces'0 a (Seq.(++) ab bc) c) + -> produces'0 b bc c + /\ produces'0 a ab b /\ (forall result : () . produces'0 a (Seq.(++) ab bc) c -> produces'0 a (Seq.(++) ab bc) c) end -module M_15_enumerate__qyi17057287782225696128__produces_refl__refines [#"15_enumerate.rs" 45 4 45 26] (* as common::Iterator> *) - let%span s15_enumerate0 = "15_enumerate.rs" 45 4 45 26 - let%span s15_enumerate1 = "15_enumerate.rs" 33 12 37 116 - let%span scommon2 = "common.rs" 14 15 14 24 - let%span scommon3 = "common.rs" 15 14 15 45 - let%span scommon4 = "common.rs" 19 15 19 21 - let%span scommon5 = "common.rs" 20 15 20 21 - let%span scommon6 = "common.rs" 21 15 21 21 - let%span scommon7 = "common.rs" 22 15 22 32 - let%span scommon8 = "common.rs" 23 15 23 32 - let%span scommon9 = "common.rs" 24 14 24 42 - let%span s15_enumerate10 = "15_enumerate.rs" 81 12 86 43 - let%span sseq11 = "../../../../creusot-contracts/src/logic/seq.rs" 611 20 611 95 - let%span sinvariant12 = "../../../../creusot-contracts/src/invariant.rs" 34 20 34 44 - let%span sboxed13 = "../../../../creusot-contracts/src/std/boxed.rs" 28 8 28 18 +module M_15_enumerate__qyi17057287782225696128__produces_refl__refines [#"15_enumerate.rs" 41 4 41 26] (* as common::Iterator> *) + let%span s15_enumerate0 = "15_enumerate.rs" 41 4 41 26 + let%span s15_enumerate1 = "15_enumerate.rs" 30 12 34 116 + let%span scommon2 = "common.rs" 14 14 14 45 + let%span scommon3 = "common.rs" 18 15 18 32 + let%span scommon4 = "common.rs" 19 15 19 32 + let%span scommon5 = "common.rs" 20 14 20 42 type t_I'0 @@ -979,7 +675,7 @@ module M_15_enumerate__qyi17057287782225696128__produces_refl__refines [#"15_enu type t_Enumerate'0 = { t_Enumerate__iter'0: t_I'0; t_Enumerate__count'0: usize } - predicate inv'2 (_1 : t_I'0) + use seq.Seq use seq.Seq @@ -991,75 +687,23 @@ module M_15_enumerate__qyi17057287782225696128__produces_refl__refines [#"15_enu predicate produces'1 [#"common.rs" 8 4 8 65] (self : t_I'0) (visited : Seq.seq t_Item'0) (o : t_I'0) - function produces_trans'0 [#"common.rs" 25 4 25 91] (a : t_I'0) (ab : Seq.seq t_Item'0) (b : t_I'0) (bc : Seq.seq t_Item'0) (c : t_I'0) : () + function produces_trans'0 [#"common.rs" 21 4 21 91] (a : t_I'0) (ab : Seq.seq t_Item'0) (b : t_I'0) (bc : Seq.seq t_Item'0) (c : t_I'0) : () - axiom produces_trans'0_spec : forall a : t_I'0, ab : Seq.seq t_Item'0, b : t_I'0, bc : Seq.seq t_Item'0, c : t_I'0 . ([%#scommon4] inv'2 a) - -> ([%#scommon5] inv'2 b) - -> ([%#scommon6] inv'2 c) - -> ([%#scommon7] produces'1 a ab b) - -> ([%#scommon8] produces'1 b bc c) -> ([%#scommon9] produces'1 a (Seq.(++) ab bc) c) - - function produces_refl'1 [#"common.rs" 16 4 16 27] (self : t_I'0) : () + axiom produces_trans'0_spec : forall a : t_I'0, ab : Seq.seq t_Item'0, b : t_I'0, bc : Seq.seq t_Item'0, c : t_I'0 . ([%#scommon3] produces'1 a ab b) + -> ([%#scommon4] produces'1 b bc c) -> ([%#scommon5] produces'1 a (Seq.(++) ab bc) c) - axiom produces_refl'1_spec : forall self : t_I'0 . ([%#scommon2] inv'2 self) - -> ([%#scommon3] produces'1 self (Seq.empty : Seq.seq t_Item'0) self) + function produces_refl'1 [#"common.rs" 15 4 15 27] (self : t_I'0) : () - use prelude.prelude.Int + axiom produces_refl'1_spec : forall self : t_I'0 . [%#scommon2] produces'1 self (Seq.empty : Seq.seq t_Item'0) self use seq.Seq use seq.Seq - predicate inv'5 (_1 : t_Item'0) - - predicate invariant'3 (self : t_Item'0) = - [%#sboxed13] inv'5 self - - predicate inv'4 (_1 : t_Item'0) - - axiom inv_axiom'3 [@rewrite] : forall x : t_Item'0 [inv'4 x] . inv'4 x = invariant'3 x - - predicate invariant'1 (self : Seq.seq t_Item'0) = - [%#sseq11] forall i : int . 0 <= i /\ i < Seq.length self -> inv'4 (Seq.get self i) - - predicate inv'1 (_1 : Seq.seq t_Item'0) - - axiom inv_axiom'1 [@rewrite] : forall x : Seq.seq t_Item'0 [inv'1 x] . inv'1 x = invariant'1 x - use prelude.prelude.UIntSize - constant v_MAX'0 : usize = (18446744073709551615 : usize) - - use prelude.prelude.Borrow - - predicate invariant'2 (self : borrowed t_I'0) = - [%#sinvariant12] inv'2 self.current /\ inv'2 self.final - - predicate inv'3 (_1 : borrowed t_I'0) - - axiom inv_axiom'2 [@rewrite] : forall x : borrowed t_I'0 [inv'3 x] . inv'3 x = invariant'2 x - - predicate completed'0 [#"common.rs" 11 4 11 36] (self : borrowed t_I'0) - - predicate invariant'0 [#"15_enumerate.rs" 79 4 79 30] (self : t_Enumerate'0) = - [%#s15_enumerate10] (forall s : Seq.seq t_Item'0, i : t_I'0 [produces'1 self.t_Enumerate__iter'0 s i] . inv'1 s - /\ inv'2 i /\ produces'1 self.t_Enumerate__iter'0 s i - -> UIntSize.to_int self.t_Enumerate__count'0 + Seq.length s < UIntSize.to_int v_MAX'0) - /\ (forall i : borrowed t_I'0 . inv'3 i /\ completed'0 i - -> produces'1 i.current (Seq.empty : Seq.seq t_Item'0) i.final) - - predicate inv'0 (_1 : t_Enumerate'0) - - axiom inv_axiom'0 [@rewrite] : forall x : t_Enumerate'0 [inv'0 x] . inv'0 x - = (invariant'0 x - /\ match x with - | {t_Enumerate__iter'0 = iter ; t_Enumerate__count'0 = count} -> inv'2 iter - end) - - use seq.Seq - - use seq.Seq + use prelude.prelude.Int use seq.Seq @@ -1067,20 +711,17 @@ module M_15_enumerate__qyi17057287782225696128__produces_refl__refines [#"15_enu use seq.Seq - predicate produces'0 [#"15_enumerate.rs" 31 4 31 64] (self : t_Enumerate'0) (visited : Seq.seq (usize, t_Item'0)) (o : t_Enumerate'0) + predicate produces'0 [#"15_enumerate.rs" 28 4 28 64] (self : t_Enumerate'0) (visited : Seq.seq (usize, t_Item'0)) (o : t_Enumerate'0) = [%#s15_enumerate1] Seq.length visited = UIntSize.to_int o.t_Enumerate__count'0 - UIntSize.to_int self.t_Enumerate__count'0 - /\ (exists s : Seq.seq t_Item'0 . inv'1 s - /\ produces'1 self.t_Enumerate__iter'0 s o.t_Enumerate__iter'0 + /\ (exists s : Seq.seq t_Item'0 . produces'1 self.t_Enumerate__iter'0 s o.t_Enumerate__iter'0 /\ Seq.length visited = Seq.length s /\ (forall i : int . 0 <= i /\ i < Seq.length s -> UIntSize.to_int (let (a, _) = Seq.get visited i in a) = UIntSize.to_int self.t_Enumerate__count'0 + i /\ (let (_, a) = Seq.get visited i in a) = Seq.get s i)) - goal refines : [%#s15_enumerate0] forall self : t_Enumerate'0 . inv'0 self - -> inv'0 self - /\ (forall result : () . produces'0 self (Seq.empty : Seq.seq (usize, t_Item'0)) self - -> produces'0 self (Seq.empty : Seq.seq (usize, t_Item'0)) self) + goal refines : [%#s15_enumerate0] forall self : t_Enumerate'0 . forall result : () . produces'0 self (Seq.empty : Seq.seq (usize, t_Item'0)) self + -> produces'0 self (Seq.empty : Seq.seq (usize, t_Item'0)) self end diff --git a/creusot/tests/should_succeed/iterators/15_enumerate.rs b/creusot/tests/should_succeed/iterators/15_enumerate.rs index f2056fa7f..f92e16a24 100644 --- a/creusot/tests/should_succeed/iterators/15_enumerate.rs +++ b/creusot/tests/should_succeed/iterators/15_enumerate.rs @@ -1,10 +1,7 @@ #![feature(slice_take)] extern crate creusot_contracts; -use creusot_contracts::{ - invariant::{inv, Invariant}, - *, -}; +use creusot_contracts::{invariant::Invariant, *}; mod common; use common::Iterator; @@ -31,8 +28,8 @@ where fn produces(self, visited: Seq, o: Self) -> bool { pearlite! { visited.len() == o.count@ - self.count@ - && exists> inv(s) - && self.iter.produces(s, o.iter) + && exists> + self.iter.produces(s, o.iter) && visited.len() == s.len() && forall 0 <= i && i < s.len() ==> visited[i].0@ == self.count@ + i && visited[i].1 == s[i] } @@ -40,15 +37,11 @@ where #[law] #[open] - #[requires(inv(self))] #[ensures(self.produces(Seq::EMPTY, self))] fn produces_refl(self) {} #[law] #[open] - #[requires(inv(a))] - #[requires(inv(b))] - #[requires(inv(c))] #[requires(a.produces(ab, b))] #[requires(b.produces(bc, c))] #[ensures(a.produces(ab.concat(bc), c))] @@ -80,18 +73,16 @@ where pearlite! { (forall, i: I> #![trigger self.iter.produces(s, i)] - inv(s) && inv(i) && self.iter.produces(s, i) ==> + self.iter.produces(s, i) ==> self.count@ + s.len() < std::usize::MAX@) - && (forall inv(i) && i.completed() ==> - i.produces(Seq::EMPTY, ^i)) + && (forall i.completed() ==> i.produces(Seq::EMPTY, ^i)) } } } // These two requirements are here only to prove the absence of overflow. -#[requires(forall inv(i) && i.completed() ==> i.produces(Seq::EMPTY, ^i))] -#[requires(forall, i: I> inv(s) && inv(i) && iter.produces(s, i) ==> - s.len() < std::usize::MAX@)] +#[requires(forall i.completed() ==> i.produces(Seq::EMPTY, ^i))] +#[requires(forall, i: I> iter.produces(s, i) ==> s.len() < std::usize::MAX@)] #[ensures(result.iter == iter && result.count@ == 0)] pub fn enumerate(iter: I) -> Enumerate { Enumerate { iter, count: 0 } diff --git a/creusot/tests/should_succeed/iterators/15_enumerate/why3session.xml b/creusot/tests/should_succeed/iterators/15_enumerate/why3session.xml index f36d866a1..1622bf62c 100644 --- a/creusot/tests/should_succeed/iterators/15_enumerate/why3session.xml +++ b/creusot/tests/should_succeed/iterators/15_enumerate/why3session.xml @@ -15,53 +15,53 @@ - + - + - + - + - + - + - + - + - + - + - + - + @@ -71,7 +71,7 @@ - + diff --git a/creusot/tests/should_succeed/iterators/15_enumerate/why3shapes.gz b/creusot/tests/should_succeed/iterators/15_enumerate/why3shapes.gz index beaf7d3dfc17b220739dc0448fcfcce554ed2c4e..63e484f10a2c3ecfaa9211d20c4d462c67eda3b6 100644 GIT binary patch literal 1383 zcmV-t1(^CDiwFP!00000|Fu_3bK^D)zUx=$=5})-z;~y6$YiRa58X>UoZdVjMeTal zk+Zg(-TwQItVg8SN$kuvm%tG4fxrin;4dHY{TF&j`}{HO_Umo^TdwjCzh?BX+m?rz z_6zWgZf-ny?!|Jd#uE+m;IWwbN=o++&A(nw)y%72t(IrCMUfq))p2c8PuizV)tMc| zXQ($fUVH0-Enm)=6b=!WW-J0rV0bYGO8gs9TLC7Ws%-ha@d0PxZA3%6O`up&( zN$9-?))``(#VBQW4c)CiZR@mPgHq7l>aXp6S}^Z{cV6Iu7o(I7lDfU4xV?Yaq$ZUM z=0QH8P4bS1-7eKl`+2{vKW|dAtvzU})-`Q9r!k;f{uFR?9=y2iiv)5xN=5c&$)A@= zc{9P)-}-{>DD`kapc+D{R(I{j$!Mf+osH~&7Qd@NEIOVBRu51S^NwhsKf1)S+XcpLGgFUQsy zmP;RdX$&xw{)MF<8|jEOiypU!wqH&Y+H_){NcOyTyR_eK9^1VBpLktIjUCwW*kyde z<7Cfw&PU@^?+?4QpH-?WBK=^kcKlhb)23Xpv9#-Y6}E@E+|vy;+ts>mF36!XjF7GC zCVfu3eEXPo)n@y>4b`J`0pMM*m$Ey=I9JmvNP7)tpr$(t`h(;mnvZqP&K$2o=K2e1*7P1_i~KamAY1kW46=Syy7=~fb(!O^Wrqpu z4XAMnH1kKq*>?#$d6%%$cL|%mONQy}?Gc;}^B@fKAhaX+u$3Zz<5ey2^U zKQ~{FlVG=L9#?il43WxkHxMU;+Bcct!tDvN`6(?>JiL$an@tiY<)}gruw34M@ zNv0@687WqkRw78y%yKOl@|>gNa6K-WDgXyl39FTrN~MzNU=p)Rl`^oLE61hd!f}4# zN@FOK1TK@PEMSyeK~$E4iLAmD+G=v+xV{EdL=m~t6g5?>WF=rQ0hJV%0YXV_O$Bq@ zUJos`6qeBNQmCj)fhFfQXk`UAz)7@~74U9!z!XDD6i8L9?P_AAnW(DD7+u+RbKu2j ptP%{-MvgWqX-bV+=!8OPqXYl| literal 1601 zcmV-H2EO?piwFP!00000|FxG-bK|xS!0-MPy7|54LVyG*c3uyj%+t_^?&ZDV^ycB; zT~8f3YddNC?K`qWSxT}=oZaRU7$N`?_>lzv^;32H;_lP2dQ6AocHjP7$?B(nFWmiM zA0I+GF2OQ)b7R4BE7nsrKGQG@7T0duJ}$BQ)C;4AH8Z#5(%t>(FH7Y+HH%JihplT* zOK#=Y^9NyNQ-tXNu&N&bRy9SK4nSM?1Guf5A}nr)Xu#ZQ^WXO2E*;z{E!pz!cWbR) zO&l<*dk4(wrU;WYFbg;=0&x8eeX|-YVMs(LHH-7-%{li|kM5Xuxwk!wgUMNb8o8?q zw?G!;)8La&llY?~MoF&bmS;0DSBetj$M|WwzuB6dySZ`BJ0Dyq3wA~DMF{J;O=mDu z^$xxpT`K6(Me{nk^euE{L05hQT`cJ099>b+tqZ#Kh%UVcT`cH|g0AS$ow5!1^}^#Q z4MCIza{qt0-zBux0xug0cr!|i+mpN9eA>5Z$%<0B+s*&>cWKG21zGkd$YzulMbfKV z7xs7eyL3vii(Oy5O{y9m4u{m9y3faL`+1j6`_>|JdE2^OZ!`wf>mTAAUUq)jN%goF z>gKz7V}&<%(Y($Zd%_zO-gx1STluUy%1)P~3LdK9@dUtuA6@v-bAGx5^y|oDGfD$L z=TqnfNCBplatly62WUp=38-S^NQ@kb3#e)WDwT}~)Qr+36;PDAZTlr1wx`WDy3gtSulp2W z(WXC7)w27stWJO3r)o@6A4|AHIzH@9iz)i><0kOJ4uZEmKHIb-gJrtzmq8i>l+=G? z>SvhFzGl(G{-NXL`GR)6I4orGG6zw%Pr8NCfFdQWBD)Twdix)1FC)i)@b287xr%#jO zb{A8>mS(DZI!IW=>3~@mHr{y1uA8DoW|4-A5!vbknd@Dw-&s0~U{Q_%-8PP4Uq|Of z!}UmR_w8NKcD4oC^VNUVPMTV;XZ4}3K5O@jMVx4Pvzj$5(-imT#ubTsb7mjP>Xlx{ zCH80f`a`$UnHhL~C0S(GUr00PEvnA*r6a#S< zLaa1Gtn@)_{wVC)Pqd*=JD5VIMGJ0kZxra;& zVh%w_%&AsLO2-(vjzO?W8DKLD=DDVvW7at^(n33)y@IG}fXp4QltE@d8>kH^1JVE) z5C*sbGyn@JrO4>H2F3$RDLEk+Pk@nSu5+rCA!#@>s14Qzl|gBc3<`tXAR2^)3<(tq zor12t2Q3Mb*PLr7vZSOdWjGoRZ@AIKNs;4HIqfs~oP&}|id?JYQ=KYKh6}^_ySycp zF=Odd0>84(iW7%IUG*M`@IE5qe`-7?52ZqLvsS?}> zGy*>2+>uJP@F0On?p);FIY+{AnHX}^l^`R;$NdM%NoGnI0!hIc)tMBbjG75lOjkl1 zQ5&I*kXO!Jp+sMMPYyv!j|>$0EF#G|W^i4$2@J6hIS<)U1PZCv4hhh4m3$!X30bXV zmviEV@Z%vs1nsz&j#9`jdamji(K+ymqGX}VJc;j(64B|LqYsXVJOFU2bEpwn3Q@~$ ze-mBpH383&0p{9e^4?1dA_I>s2dSCr&Lzo>L?gjSW=I>V4XMT7a6JA2dlmoyt`i*Z diff --git a/creusot/tests/should_succeed/iterators/16_take.coma b/creusot/tests/should_succeed/iterators/16_take.coma index 5bb5ad77e..e1f074ef2 100644 --- a/creusot/tests/should_succeed/iterators/16_take.coma +++ b/creusot/tests/should_succeed/iterators/16_take.coma @@ -1,35 +1,16 @@ -module M_16_take__qyi16574350389265959367__produces_refl [#"16_take.rs" 41 4 41 26] (* as common::Iterator> *) - let%span s16_take0 = "16_take.rs" 39 15 39 24 - let%span s16_take1 = "16_take.rs" 40 14 40 45 - let%span s16_take2 = "16_take.rs" 37 4 37 10 - let%span s16_take3 = "16_take.rs" 32 8 34 9 - let%span scommon4 = "common.rs" 14 15 14 24 - let%span scommon5 = "common.rs" 15 14 15 45 - let%span scommon6 = "common.rs" 19 15 19 21 - let%span scommon7 = "common.rs" 20 15 20 21 - let%span scommon8 = "common.rs" 21 15 21 21 - let%span scommon9 = "common.rs" 22 15 22 32 - let%span scommon10 = "common.rs" 23 15 23 32 - let%span scommon11 = "common.rs" 24 14 24 42 - - type t_I'0 - - use prelude.prelude.UIntSize - - type t_Take'0 = - { t_Take__iter'0: t_I'0; t_Take__n'0: usize } - - predicate inv'1 (_1 : t_I'0) - - predicate inv'0 (_1 : t_Take'0) - - axiom inv_axiom'0 [@rewrite] : forall x : t_Take'0 [inv'0 x] . inv'0 x - = match x with - | {t_Take__iter'0 = iter ; t_Take__n'0 = n} -> inv'1 iter - end +module M_16_take__qyi16574350389265959367__produces_refl [#"16_take.rs" 40 4 40 26] (* as common::Iterator> *) + let%span s16_take0 = "16_take.rs" 39 14 39 45 + let%span s16_take1 = "16_take.rs" 37 4 37 10 + let%span s16_take2 = "16_take.rs" 32 8 34 9 + let%span scommon3 = "common.rs" 14 14 14 45 + let%span scommon4 = "common.rs" 18 15 18 32 + let%span scommon5 = "common.rs" 19 15 19 32 + let%span scommon6 = "common.rs" 20 14 20 42 use seq.Seq + type t_I'0 + use seq.Seq type t_Item'0 @@ -38,19 +19,20 @@ module M_16_take__qyi16574350389265959367__produces_refl [#"16_take.rs" 41 4 41 predicate produces'1 [#"common.rs" 8 4 8 65] (self : t_I'0) (visited : Seq.seq t_Item'0) (o : t_I'0) - function produces_trans'0 [#"common.rs" 25 4 25 91] (a : t_I'0) (ab : Seq.seq t_Item'0) (b : t_I'0) (bc : Seq.seq t_Item'0) (c : t_I'0) : () + function produces_trans'0 [#"common.rs" 21 4 21 91] (a : t_I'0) (ab : Seq.seq t_Item'0) (b : t_I'0) (bc : Seq.seq t_Item'0) (c : t_I'0) : () - axiom produces_trans'0_spec : forall a : t_I'0, ab : Seq.seq t_Item'0, b : t_I'0, bc : Seq.seq t_Item'0, c : t_I'0 . ([%#scommon6] inv'1 a) - -> ([%#scommon7] inv'1 b) - -> ([%#scommon8] inv'1 c) - -> ([%#scommon9] produces'1 a ab b) - -> ([%#scommon10] produces'1 b bc c) -> ([%#scommon11] produces'1 a (Seq.(++) ab bc) c) + axiom produces_trans'0_spec : forall a : t_I'0, ab : Seq.seq t_Item'0, b : t_I'0, bc : Seq.seq t_Item'0, c : t_I'0 . ([%#scommon4] produces'1 a ab b) + -> ([%#scommon5] produces'1 b bc c) -> ([%#scommon6] produces'1 a (Seq.(++) ab bc) c) - function produces_refl'1 [#"common.rs" 16 4 16 27] (self : t_I'0) : () + function produces_refl'1 [#"common.rs" 15 4 15 27] (self : t_I'0) : () - axiom produces_refl'1_spec : forall self : t_I'0 . ([%#scommon4] inv'1 self) - -> ([%#scommon5] produces'1 self (Seq.empty : Seq.seq t_Item'0) self) + axiom produces_refl'1_spec : forall self : t_I'0 . [%#scommon3] produces'1 self (Seq.empty : Seq.seq t_Item'0) self + + use prelude.prelude.UIntSize + + type t_Take'0 = + { t_Take__iter'0: t_I'0; t_Take__n'0: usize } use prelude.prelude.UIntSize @@ -59,33 +41,25 @@ module M_16_take__qyi16574350389265959367__produces_refl [#"16_take.rs" 41 4 41 use prelude.prelude.Int predicate produces'0 [#"16_take.rs" 31 4 31 64] (self : t_Take'0) (visited : Seq.seq t_Item'0) (o : t_Take'0) = - [%#s16_take3] UIntSize.to_int self.t_Take__n'0 = UIntSize.to_int o.t_Take__n'0 + Seq.length visited + [%#s16_take2] UIntSize.to_int self.t_Take__n'0 = UIntSize.to_int o.t_Take__n'0 + Seq.length visited /\ produces'1 self.t_Take__iter'0 visited o.t_Take__iter'0 constant self : t_Take'0 - function produces_refl'0 [#"16_take.rs" 41 4 41 26] (self : t_Take'0) : () + function produces_refl'0 [#"16_take.rs" 40 4 40 26] (self : t_Take'0) : () - goal vc_produces_refl'0 : ([%#s16_take0] inv'0 self) - -> ([%#s16_take1] produces'0 self (Seq.empty : Seq.seq t_Item'0) self) + goal vc_produces_refl'0 : [%#s16_take0] produces'0 self (Seq.empty : Seq.seq t_Item'0) self end -module M_16_take__qyi16574350389265959367__produces_trans [#"16_take.rs" 51 4 51 90] (* as common::Iterator> *) - let%span s16_take0 = "16_take.rs" 45 15 45 21 - let%span s16_take1 = "16_take.rs" 46 15 46 21 - let%span s16_take2 = "16_take.rs" 47 15 47 21 - let%span s16_take3 = "16_take.rs" 48 15 48 32 - let%span s16_take4 = "16_take.rs" 49 15 49 32 - let%span s16_take5 = "16_take.rs" 50 14 50 42 - let%span s16_take6 = "16_take.rs" 43 4 43 10 - let%span s16_take7 = "16_take.rs" 32 8 34 9 - let%span scommon8 = "common.rs" 14 15 14 24 - let%span scommon9 = "common.rs" 15 14 15 45 - let%span scommon10 = "common.rs" 19 15 19 21 - let%span scommon11 = "common.rs" 20 15 20 21 - let%span scommon12 = "common.rs" 21 15 21 21 - let%span scommon13 = "common.rs" 22 15 22 32 - let%span scommon14 = "common.rs" 23 15 23 32 - let%span scommon15 = "common.rs" 24 14 24 42 +module M_16_take__qyi16574350389265959367__produces_trans [#"16_take.rs" 47 4 47 90] (* as common::Iterator> *) + let%span s16_take0 = "16_take.rs" 44 15 44 32 + let%span s16_take1 = "16_take.rs" 45 15 45 32 + let%span s16_take2 = "16_take.rs" 46 14 46 42 + let%span s16_take3 = "16_take.rs" 42 4 42 10 + let%span s16_take4 = "16_take.rs" 32 8 34 9 + let%span scommon5 = "common.rs" 14 14 14 45 + let%span scommon6 = "common.rs" 18 15 18 32 + let%span scommon7 = "common.rs" 19 15 19 32 + let%span scommon8 = "common.rs" 20 14 20 42 type t_I'0 @@ -94,15 +68,6 @@ module M_16_take__qyi16574350389265959367__produces_trans [#"16_take.rs" 51 4 51 type t_Take'0 = { t_Take__iter'0: t_I'0; t_Take__n'0: usize } - predicate inv'1 (_1 : t_I'0) - - predicate inv'0 (_1 : t_Take'0) - - axiom inv_axiom'0 [@rewrite] : forall x : t_Take'0 [inv'0 x] . inv'0 x - = match x with - | {t_Take__iter'0 = iter ; t_Take__n'0 = n} -> inv'1 iter - end - use seq.Seq use seq.Seq @@ -113,19 +78,15 @@ module M_16_take__qyi16574350389265959367__produces_trans [#"16_take.rs" 51 4 51 predicate produces'1 [#"common.rs" 8 4 8 65] (self : t_I'0) (visited : Seq.seq t_Item'0) (o : t_I'0) - function produces_trans'1 [#"common.rs" 25 4 25 91] (a : t_I'0) (ab : Seq.seq t_Item'0) (b : t_I'0) (bc : Seq.seq t_Item'0) (c : t_I'0) : () + function produces_trans'1 [#"common.rs" 21 4 21 91] (a : t_I'0) (ab : Seq.seq t_Item'0) (b : t_I'0) (bc : Seq.seq t_Item'0) (c : t_I'0) : () - axiom produces_trans'1_spec : forall a : t_I'0, ab : Seq.seq t_Item'0, b : t_I'0, bc : Seq.seq t_Item'0, c : t_I'0 . ([%#scommon10] inv'1 a) - -> ([%#scommon11] inv'1 b) - -> ([%#scommon12] inv'1 c) - -> ([%#scommon13] produces'1 a ab b) - -> ([%#scommon14] produces'1 b bc c) -> ([%#scommon15] produces'1 a (Seq.(++) ab bc) c) + axiom produces_trans'1_spec : forall a : t_I'0, ab : Seq.seq t_Item'0, b : t_I'0, bc : Seq.seq t_Item'0, c : t_I'0 . ([%#scommon6] produces'1 a ab b) + -> ([%#scommon7] produces'1 b bc c) -> ([%#scommon8] produces'1 a (Seq.(++) ab bc) c) - function produces_refl'0 [#"common.rs" 16 4 16 27] (self : t_I'0) : () + function produces_refl'0 [#"common.rs" 15 4 15 27] (self : t_I'0) : () - axiom produces_refl'0_spec : forall self : t_I'0 . ([%#scommon8] inv'1 self) - -> ([%#scommon9] produces'1 self (Seq.empty : Seq.seq t_Item'0) self) + axiom produces_refl'0_spec : forall self : t_I'0 . [%#scommon5] produces'1 self (Seq.empty : Seq.seq t_Item'0) self use prelude.prelude.UIntSize @@ -134,7 +95,7 @@ module M_16_take__qyi16574350389265959367__produces_trans [#"16_take.rs" 51 4 51 use prelude.prelude.Int predicate produces'0 [#"16_take.rs" 31 4 31 64] (self : t_Take'0) (visited : Seq.seq t_Item'0) (o : t_Take'0) = - [%#s16_take7] UIntSize.to_int self.t_Take__n'0 = UIntSize.to_int o.t_Take__n'0 + Seq.length visited + [%#s16_take4] UIntSize.to_int self.t_Take__n'0 = UIntSize.to_int o.t_Take__n'0 + Seq.length visited /\ produces'1 self.t_Take__iter'0 visited o.t_Take__iter'0 constant a : t_Take'0 @@ -147,35 +108,29 @@ module M_16_take__qyi16574350389265959367__produces_trans [#"16_take.rs" 51 4 51 constant c : t_Take'0 - function produces_trans'0 [#"16_take.rs" 51 4 51 90] (a : t_Take'0) (ab : Seq.seq t_Item'0) (b : t_Take'0) (bc : Seq.seq t_Item'0) (c : t_Take'0) : () + function produces_trans'0 [#"16_take.rs" 47 4 47 90] (a : t_Take'0) (ab : Seq.seq t_Item'0) (b : t_Take'0) (bc : Seq.seq t_Item'0) (c : t_Take'0) : () - goal vc_produces_trans'0 : ([%#s16_take4] produces'0 b bc c) - -> ([%#s16_take3] produces'0 a ab b) - -> ([%#s16_take2] inv'0 c) - -> ([%#s16_take1] inv'0 b) -> ([%#s16_take0] inv'0 a) -> ([%#s16_take5] produces'0 a (Seq.(++) ab bc) c) + goal vc_produces_trans'0 : ([%#s16_take1] produces'0 b bc c) + -> ([%#s16_take0] produces'0 a ab b) -> ([%#s16_take2] produces'0 a (Seq.(++) ab bc) c) end -module M_16_take__qyi16574350389265959367__next [#"16_take.rs" 57 4 57 41] (* as common::Iterator> *) - let%span s16_take0 = "16_take.rs" 58 21 58 22 - let%span s16_take1 = "16_take.rs" 59 22 59 23 - let%span s16_take2 = "16_take.rs" 57 17 57 21 - let%span s16_take3 = "16_take.rs" 57 26 57 41 - let%span s16_take4 = "16_take.rs" 53 14 56 5 - let%span scommon5 = "common.rs" 31 17 31 21 - let%span scommon6 = "common.rs" 31 26 31 44 - let%span scommon7 = "common.rs" 27 14 30 5 +module M_16_take__qyi16574350389265959367__next [#"16_take.rs" 53 4 53 41] (* as common::Iterator> *) + let%span s16_take0 = "16_take.rs" 54 21 54 22 + let%span s16_take1 = "16_take.rs" 55 22 55 23 + let%span s16_take2 = "16_take.rs" 53 17 53 21 + let%span s16_take3 = "16_take.rs" 53 26 53 41 + let%span s16_take4 = "16_take.rs" 49 14 52 5 + let%span scommon5 = "common.rs" 27 17 27 21 + let%span scommon6 = "common.rs" 27 26 27 44 + let%span scommon7 = "common.rs" 23 14 26 5 let%span s16_take8 = "16_take.rs" 23 8 26 9 let%span s16_take9 = "16_take.rs" 32 8 34 9 - let%span scommon10 = "common.rs" 14 15 14 24 - let%span scommon11 = "common.rs" 15 14 15 45 - let%span scommon12 = "common.rs" 19 15 19 21 - let%span scommon13 = "common.rs" 20 15 20 21 - let%span scommon14 = "common.rs" 21 15 21 21 - let%span scommon15 = "common.rs" 22 15 22 32 - let%span scommon16 = "common.rs" 23 15 23 32 - let%span scommon17 = "common.rs" 24 14 24 42 - let%span sresolve18 = "../../../../creusot-contracts/src/resolve.rs" 54 20 54 34 - let%span sinvariant19 = "../../../../creusot-contracts/src/invariant.rs" 34 20 34 44 + let%span scommon10 = "common.rs" 14 14 14 45 + let%span scommon11 = "common.rs" 18 15 18 32 + let%span scommon12 = "common.rs" 19 15 19 32 + let%span scommon13 = "common.rs" 20 14 20 42 + let%span sresolve14 = "../../../../creusot-contracts/src/resolve.rs" 54 20 54 34 + let%span sinvariant15 = "../../../../creusot-contracts/src/invariant.rs" 34 20 34 44 use prelude.prelude.UIntSize @@ -198,22 +153,18 @@ module M_16_take__qyi16574350389265959367__next [#"16_take.rs" 57 4 57 41] (* ([%#scommon13] inv'0 b) - -> ([%#scommon14] inv'0 c) - -> ([%#scommon15] produces'1 a ab b) - -> ([%#scommon16] produces'1 b bc c) -> ([%#scommon17] produces'1 a (Seq.(++) ab bc) c) + axiom produces_trans'0_spec : forall a : t_I'0, ab : Seq.seq t_Item'0, b : t_I'0, bc : Seq.seq t_Item'0, c : t_I'0 . ([%#scommon11] produces'1 a ab b) + -> ([%#scommon12] produces'1 b bc c) -> ([%#scommon13] produces'1 a (Seq.(++) ab bc) c) - function produces_refl'0 [#"common.rs" 16 4 16 27] (self : t_I'0) : () + function produces_refl'0 [#"common.rs" 15 4 15 27] (self : t_I'0) : () - axiom produces_refl'0_spec : forall self : t_I'0 . ([%#scommon10] inv'0 self) - -> ([%#scommon11] produces'1 self (Seq.empty : Seq.seq t_Item'0) self) + axiom produces_refl'0_spec : forall self : t_I'0 . [%#scommon10] produces'1 self (Seq.empty : Seq.seq t_Item'0) self predicate invariant'1 (self : borrowed t_I'0) = - [%#sinvariant19] inv'0 self.current /\ inv'0 self.final + [%#sinvariant15] inv'0 self.current /\ inv'0 self.final predicate inv'3 (_1 : borrowed t_I'0) @@ -255,14 +206,14 @@ module M_16_take__qyi16574350389265959367__next [#"16_take.rs" 57 4 57 41] (* as common::Iterator> *) - let%span s16_take0 = "16_take.rs" 57 4 57 41 +module M_16_take__qyi16574350389265959367__next__refines [#"16_take.rs" 53 4 53 41] (* as common::Iterator> *) + let%span s16_take0 = "16_take.rs" 53 4 53 41 let%span s16_take1 = "16_take.rs" 23 8 26 9 let%span s16_take2 = "16_take.rs" 32 8 34 9 let%span sresolve3 = "../../../../creusot-contracts/src/resolve.rs" 54 20 54 34 let%span sinvariant4 = "../../../../creusot-contracts/src/invariant.rs" 34 20 34 44 - let%span scommon5 = "common.rs" 14 15 14 24 - let%span scommon6 = "common.rs" 15 14 15 45 - let%span scommon7 = "common.rs" 19 15 19 21 - let%span scommon8 = "common.rs" 20 15 20 21 - let%span scommon9 = "common.rs" 21 15 21 21 - let%span scommon10 = "common.rs" 22 15 22 32 - let%span scommon11 = "common.rs" 23 15 23 32 - let%span scommon12 = "common.rs" 24 14 24 42 + let%span scommon5 = "common.rs" 14 14 14 45 + let%span scommon6 = "common.rs" 18 15 18 32 + let%span scommon7 = "common.rs" 19 15 19 32 + let%span scommon8 = "common.rs" 20 14 20 42 use prelude.prelude.Borrow @@ -379,19 +326,15 @@ module M_16_take__qyi16574350389265959367__next__refines [#"16_take.rs" 57 4 57 predicate produces'1 [#"common.rs" 8 4 8 65] (self : t_I'0) (visited : Seq.seq t_Item'0) (o : t_I'0) - function produces_trans'0 [#"common.rs" 25 4 25 91] (a : t_I'0) (ab : Seq.seq t_Item'0) (b : t_I'0) (bc : Seq.seq t_Item'0) (c : t_I'0) : () + function produces_trans'0 [#"common.rs" 21 4 21 91] (a : t_I'0) (ab : Seq.seq t_Item'0) (b : t_I'0) (bc : Seq.seq t_Item'0) (c : t_I'0) : () - axiom produces_trans'0_spec : forall a : t_I'0, ab : Seq.seq t_Item'0, b : t_I'0, bc : Seq.seq t_Item'0, c : t_I'0 . ([%#scommon7] inv'4 a) - -> ([%#scommon8] inv'4 b) - -> ([%#scommon9] inv'4 c) - -> ([%#scommon10] produces'1 a ab b) - -> ([%#scommon11] produces'1 b bc c) -> ([%#scommon12] produces'1 a (Seq.(++) ab bc) c) + axiom produces_trans'0_spec : forall a : t_I'0, ab : Seq.seq t_Item'0, b : t_I'0, bc : Seq.seq t_Item'0, c : t_I'0 . ([%#scommon6] produces'1 a ab b) + -> ([%#scommon7] produces'1 b bc c) -> ([%#scommon8] produces'1 a (Seq.(++) ab bc) c) - function produces_refl'0 [#"common.rs" 16 4 16 27] (self : t_I'0) : () + function produces_refl'0 [#"common.rs" 15 4 15 27] (self : t_I'0) : () - axiom produces_refl'0_spec : forall self : t_I'0 . ([%#scommon5] inv'4 self) - -> ([%#scommon6] produces'1 self (Seq.empty : Seq.seq t_Item'0) self) + axiom produces_refl'0_spec : forall self : t_I'0 . [%#scommon5] produces'1 self (Seq.empty : Seq.seq t_Item'0) self type t_Option'0 = | C_None'0 @@ -443,17 +386,13 @@ module M_16_take__qyi16574350389265959367__next__refines [#"16_take.rs" 57 4 57 end /\ inv'1 result) end -module M_16_take__qyi16574350389265959367__produces_refl__refines [#"16_take.rs" 41 4 41 26] (* as common::Iterator> *) - let%span s16_take0 = "16_take.rs" 41 4 41 26 +module M_16_take__qyi16574350389265959367__produces_refl__refines [#"16_take.rs" 40 4 40 26] (* as common::Iterator> *) + let%span s16_take0 = "16_take.rs" 40 4 40 26 let%span s16_take1 = "16_take.rs" 32 8 34 9 - let%span scommon2 = "common.rs" 14 15 14 24 - let%span scommon3 = "common.rs" 15 14 15 45 - let%span scommon4 = "common.rs" 19 15 19 21 - let%span scommon5 = "common.rs" 20 15 20 21 - let%span scommon6 = "common.rs" 21 15 21 21 - let%span scommon7 = "common.rs" 22 15 22 32 - let%span scommon8 = "common.rs" 23 15 23 32 - let%span scommon9 = "common.rs" 24 14 24 42 + let%span scommon2 = "common.rs" 14 14 14 45 + let%span scommon3 = "common.rs" 18 15 18 32 + let%span scommon4 = "common.rs" 19 15 19 32 + let%span scommon5 = "common.rs" 20 14 20 42 type t_I'0 @@ -462,15 +401,6 @@ module M_16_take__qyi16574350389265959367__produces_refl__refines [#"16_take.rs" type t_Take'0 = { t_Take__iter'0: t_I'0; t_Take__n'0: usize } - predicate inv'1 (_1 : t_I'0) - - predicate inv'0 (_1 : t_Take'0) - - axiom inv_axiom'0 [@rewrite] : forall x : t_Take'0 [inv'0 x] . inv'0 x - = match x with - | {t_Take__iter'0 = iter ; t_Take__n'0 = n} -> inv'1 iter - end - use seq.Seq use seq.Seq @@ -481,19 +411,15 @@ module M_16_take__qyi16574350389265959367__produces_refl__refines [#"16_take.rs" predicate produces'1 [#"common.rs" 8 4 8 65] (self : t_I'0) (visited : Seq.seq t_Item'0) (o : t_I'0) - function produces_trans'0 [#"common.rs" 25 4 25 91] (a : t_I'0) (ab : Seq.seq t_Item'0) (b : t_I'0) (bc : Seq.seq t_Item'0) (c : t_I'0) : () + function produces_trans'0 [#"common.rs" 21 4 21 91] (a : t_I'0) (ab : Seq.seq t_Item'0) (b : t_I'0) (bc : Seq.seq t_Item'0) (c : t_I'0) : () - axiom produces_trans'0_spec : forall a : t_I'0, ab : Seq.seq t_Item'0, b : t_I'0, bc : Seq.seq t_Item'0, c : t_I'0 . ([%#scommon4] inv'1 a) - -> ([%#scommon5] inv'1 b) - -> ([%#scommon6] inv'1 c) - -> ([%#scommon7] produces'1 a ab b) - -> ([%#scommon8] produces'1 b bc c) -> ([%#scommon9] produces'1 a (Seq.(++) ab bc) c) + axiom produces_trans'0_spec : forall a : t_I'0, ab : Seq.seq t_Item'0, b : t_I'0, bc : Seq.seq t_Item'0, c : t_I'0 . ([%#scommon3] produces'1 a ab b) + -> ([%#scommon4] produces'1 b bc c) -> ([%#scommon5] produces'1 a (Seq.(++) ab bc) c) - function produces_refl'1 [#"common.rs" 16 4 16 27] (self : t_I'0) : () + function produces_refl'1 [#"common.rs" 15 4 15 27] (self : t_I'0) : () - axiom produces_refl'1_spec : forall self : t_I'0 . ([%#scommon2] inv'1 self) - -> ([%#scommon3] produces'1 self (Seq.empty : Seq.seq t_Item'0) self) + axiom produces_refl'1_spec : forall self : t_I'0 . [%#scommon2] produces'1 self (Seq.empty : Seq.seq t_Item'0) self use prelude.prelude.UIntSize @@ -505,22 +431,16 @@ module M_16_take__qyi16574350389265959367__produces_refl__refines [#"16_take.rs" [%#s16_take1] UIntSize.to_int self.t_Take__n'0 = UIntSize.to_int o.t_Take__n'0 + Seq.length visited /\ produces'1 self.t_Take__iter'0 visited o.t_Take__iter'0 - goal refines : [%#s16_take0] forall self : t_Take'0 . inv'0 self - -> inv'0 self - /\ (forall result : () . produces'0 self (Seq.empty : Seq.seq t_Item'0) self - -> produces'0 self (Seq.empty : Seq.seq t_Item'0) self) + goal refines : [%#s16_take0] forall self : t_Take'0 . forall result : () . produces'0 self (Seq.empty : Seq.seq t_Item'0) self + -> produces'0 self (Seq.empty : Seq.seq t_Item'0) self end -module M_16_take__qyi16574350389265959367__produces_trans__refines [#"16_take.rs" 51 4 51 90] (* as common::Iterator> *) - let%span s16_take0 = "16_take.rs" 51 4 51 90 +module M_16_take__qyi16574350389265959367__produces_trans__refines [#"16_take.rs" 47 4 47 90] (* as common::Iterator> *) + let%span s16_take0 = "16_take.rs" 47 4 47 90 let%span s16_take1 = "16_take.rs" 32 8 34 9 - let%span scommon2 = "common.rs" 14 15 14 24 - let%span scommon3 = "common.rs" 15 14 15 45 - let%span scommon4 = "common.rs" 19 15 19 21 - let%span scommon5 = "common.rs" 20 15 20 21 - let%span scommon6 = "common.rs" 21 15 21 21 - let%span scommon7 = "common.rs" 22 15 22 32 - let%span scommon8 = "common.rs" 23 15 23 32 - let%span scommon9 = "common.rs" 24 14 24 42 + let%span scommon2 = "common.rs" 14 14 14 45 + let%span scommon3 = "common.rs" 18 15 18 32 + let%span scommon4 = "common.rs" 19 15 19 32 + let%span scommon5 = "common.rs" 20 14 20 42 type t_I'0 @@ -529,8 +449,6 @@ module M_16_take__qyi16574350389265959367__produces_trans__refines [#"16_take.rs type t_Take'0 = { t_Take__iter'0: t_I'0; t_Take__n'0: usize } - predicate inv'1 (_1 : t_I'0) - use seq.Seq use seq.Seq @@ -541,19 +459,15 @@ module M_16_take__qyi16574350389265959367__produces_trans__refines [#"16_take.rs predicate produces'1 [#"common.rs" 8 4 8 65] (self : t_I'0) (visited : Seq.seq t_Item'0) (o : t_I'0) - function produces_trans'1 [#"common.rs" 25 4 25 91] (a : t_I'0) (ab : Seq.seq t_Item'0) (b : t_I'0) (bc : Seq.seq t_Item'0) (c : t_I'0) : () + function produces_trans'1 [#"common.rs" 21 4 21 91] (a : t_I'0) (ab : Seq.seq t_Item'0) (b : t_I'0) (bc : Seq.seq t_Item'0) (c : t_I'0) : () - axiom produces_trans'1_spec : forall a : t_I'0, ab : Seq.seq t_Item'0, b : t_I'0, bc : Seq.seq t_Item'0, c : t_I'0 . ([%#scommon4] inv'1 a) - -> ([%#scommon5] inv'1 b) - -> ([%#scommon6] inv'1 c) - -> ([%#scommon7] produces'1 a ab b) - -> ([%#scommon8] produces'1 b bc c) -> ([%#scommon9] produces'1 a (Seq.(++) ab bc) c) + axiom produces_trans'1_spec : forall a : t_I'0, ab : Seq.seq t_Item'0, b : t_I'0, bc : Seq.seq t_Item'0, c : t_I'0 . ([%#scommon3] produces'1 a ab b) + -> ([%#scommon4] produces'1 b bc c) -> ([%#scommon5] produces'1 a (Seq.(++) ab bc) c) - function produces_refl'0 [#"common.rs" 16 4 16 27] (self : t_I'0) : () + function produces_refl'0 [#"common.rs" 15 4 15 27] (self : t_I'0) : () - axiom produces_refl'0_spec : forall self : t_I'0 . ([%#scommon2] inv'1 self) - -> ([%#scommon3] produces'1 self (Seq.empty : Seq.seq t_Item'0) self) + axiom produces_refl'0_spec : forall self : t_I'0 . [%#scommon2] produces'1 self (Seq.empty : Seq.seq t_Item'0) self use prelude.prelude.UIntSize @@ -565,17 +479,8 @@ module M_16_take__qyi16574350389265959367__produces_trans__refines [#"16_take.rs [%#s16_take1] UIntSize.to_int self.t_Take__n'0 = UIntSize.to_int o.t_Take__n'0 + Seq.length visited /\ produces'1 self.t_Take__iter'0 visited o.t_Take__iter'0 - predicate inv'0 (_1 : t_Take'0) - - axiom inv_axiom'0 [@rewrite] : forall x : t_Take'0 [inv'0 x] . inv'0 x - = match x with - | {t_Take__iter'0 = iter ; t_Take__n'0 = n} -> inv'1 iter - end - goal refines : [%#s16_take0] forall a : t_Take'0 . forall ab : Seq.seq t_Item'0 . forall b : t_Take'0 . forall bc : Seq.seq t_Item'0 . forall c : t_Take'0 . produces'0 b bc c - /\ produces'0 a ab b /\ inv'0 c /\ inv'0 b /\ inv'0 a - -> produces'0 b bc c /\ produces'0 a ab b - /\ inv'0 c - /\ inv'0 b /\ inv'0 a /\ (forall result : () . produces'0 a (Seq.(++) ab bc) c -> produces'0 a (Seq.(++) ab bc) c) + -> produces'0 b bc c + /\ produces'0 a ab b /\ (forall result : () . produces'0 a (Seq.(++) ab bc) c -> produces'0 a (Seq.(++) ab bc) c) end diff --git a/creusot/tests/should_succeed/iterators/16_take.rs b/creusot/tests/should_succeed/iterators/16_take.rs index 60125c73f..7563da550 100644 --- a/creusot/tests/should_succeed/iterators/16_take.rs +++ b/creusot/tests/should_succeed/iterators/16_take.rs @@ -1,7 +1,7 @@ #![feature(slice_take)] extern crate creusot_contracts; -use creusot_contracts::{invariant::inv, *}; +use creusot_contracts::*; mod common; use common::Iterator; @@ -36,15 +36,11 @@ where #[law] #[open] - #[requires(inv(self))] #[ensures(self.produces(Seq::EMPTY, self))] fn produces_refl(self) {} #[law] #[open] - #[requires(inv(a))] - #[requires(inv(b))] - #[requires(inv(c))] #[requires(a.produces(ab, b))] #[requires(b.produces(bc, c))] #[ensures(a.produces(ab.concat(bc), c))] diff --git a/creusot/tests/should_succeed/iterators/16_take/why3session.xml b/creusot/tests/should_succeed/iterators/16_take/why3session.xml index 1a04c880e..de13e8706 100644 --- a/creusot/tests/should_succeed/iterators/16_take/why3session.xml +++ b/creusot/tests/should_succeed/iterators/16_take/why3session.xml @@ -17,7 +17,7 @@ - + @@ -27,17 +27,17 @@ - + - + - + diff --git a/creusot/tests/should_succeed/iterators/16_take/why3shapes.gz b/creusot/tests/should_succeed/iterators/16_take/why3shapes.gz index da89f1c93c513225ac3bfd4d001b42ac8e477393..296224f9e3177e3c99d92fa8c7536f14a348a8ac 100644 GIT binary patch literal 764 zcmVEVDe{mg$EIv0!Psn-v(Y&;4IkY|F&Txh(U$)ijMpbRM;BC$S5ca%vml4eQ}x zl{FSf{-B;7cL!Eky{qUu(+`@`;j`0*csL*ySU7a~{$Qx?N>f*K!m55txCQLbU-2m< zB)L9WYst%az${4@5Dfs^3hO>0mQ4-BvUCAE z^|wpto7w`$va0bi4Xqcl{68TV_sP@aY$nirMd{XguyTn;F44#jHgT&ryy|84PNfT& zgC`cqP4Z@H7S^N-*e4Hk^_;Gr)9A(w_G2^H)(pLv!M0|oP{TlMG4jx14W9LE^O%XFY7CQB7#hN(&i~3ZpgGA^4bOKr?_0NMoSFAVzkJG%-|;yf^S9U^o38ymm-(k(vqx;&w+%SJ z)9x!i#SPgUo}6>!Wjr8`6bWSb+;`#C$KwVZ!-ogQoph>PhQ+%GbKHq?dPOBLM_93< z)ff-Yr@x#|=X!ZgoSDu|c{5sUr(#W+K#`4SyRrKv7arrjJ|~WF${6vgCNi`-HnM7r zzKakCj;6wS0&|3{TNP8$^C(0ytD&yckVy@h)R0$W8A>D$r~_8sJ-Li00e~5??J93f zf>jJ4J@7MFis5f12;##7Vuh7QpVYtvsswzw&KVL`p)>F%P z8{$|RHcP{1E8+MsQsLBK(nVOli|}C`%Bc*Uz#QRgKP;?$J~u`7c*4ism#&Q)G6tyw zz{lMm-63v>b1?M+4yI-XlqJNrkLbI@^FE$p7$#3IY>RpM*S?SKX*fPM?YDhAb*%%A zb<^VhoHRek%AZ0mZj;ac1X|9h_|MBo(lU}uok-*xNKxe7xEH%xpG+-ZVz?K^5qybxMpti|qs>D7XyZzh1 zR&{;f{TajN@U*HNe62$SBkNiU9t97&0)vd^+%iioSdw`pF>p>egivY4WL+ys zwV;Nu;CY>Abq!wWz<~Pzo)7|&nMxBKO$|VG&aIfpD#}figjPYyn)yIUFqJk~83s`+ z%(*pITV-XYspb%wXWmd@0uhSpN*W&tavBhFZh=g+5OhsMje&UdBB-d17c#`UX2DPq zhr7~(u)r-a3)BK+B8IxgfYEqijHoz7P6Jcu1F5{Kb8acKlv)aw5(~zHwxF`V0fIeX I*P03d0HPDDsQ>@~ diff --git a/creusot/tests/should_succeed/iterators/17_filter.coma b/creusot/tests/should_succeed/iterators/17_filter.coma index eb47eefac..98f954427 100644 --- a/creusot/tests/should_succeed/iterators/17_filter.coma +++ b/creusot/tests/should_succeed/iterators/17_filter.coma @@ -1,38 +1,24 @@ -module M_17_filter__qyi17392541228996028033__produces_refl [#"17_filter.rs" 52 4 52 26] (* as common::Iterator> *) - let%span s17_filter0 = "17_filter.rs" 50 15 50 24 - let%span s17_filter1 = "17_filter.rs" 51 14 51 45 - let%span s17_filter2 = "17_filter.rs" 48 4 48 10 - let%span s17_filter3 = "17_filter.rs" 67 8 80 9 - let%span scommon4 = "common.rs" 14 15 14 24 - let%span scommon5 = "common.rs" 15 14 15 45 - let%span scommon6 = "common.rs" 19 15 19 21 - let%span scommon7 = "common.rs" 20 15 20 21 - let%span scommon8 = "common.rs" 21 15 21 21 - let%span scommon9 = "common.rs" 22 15 22 32 - let%span scommon10 = "common.rs" 23 15 23 32 - let%span scommon11 = "common.rs" 24 14 24 42 - let%span s17_filter12 = "17_filter.rs" 24 12 30 122 - let%span sops13 = "../../../../creusot-contracts/src/std/ops.rs" 109 15 109 59 - let%span sops14 = "../../../../creusot-contracts/src/std/ops.rs" 110 14 110 36 - let%span sops15 = "../../../../creusot-contracts/src/std/ops.rs" 115 14 115 31 - let%span sops16 = "../../../../creusot-contracts/src/std/ops.rs" 120 15 120 29 - let%span sops17 = "../../../../creusot-contracts/src/std/ops.rs" 121 15 121 26 - let%span sops18 = "../../../../creusot-contracts/src/std/ops.rs" 122 14 122 28 - let%span sops19 = "../../../../creusot-contracts/src/std/ops.rs" 127 14 128 105 - - type t_I'0 - - type t_F'0 - - type t_Filter'0 = - { t_Filter__iter'0: t_I'0; t_Filter__func'0: t_F'0 } - - use prelude.prelude.Borrow - - predicate inv'1 (_1 : t_I'0) +module M_17_filter__qyi17392541228996028033__produces_refl [#"17_filter.rs" 51 4 51 26] (* as common::Iterator> *) + let%span s17_filter0 = "17_filter.rs" 50 14 50 45 + let%span s17_filter1 = "17_filter.rs" 48 4 48 10 + let%span s17_filter2 = "17_filter.rs" 64 12 76 17 + let%span scommon3 = "common.rs" 14 14 14 45 + let%span scommon4 = "common.rs" 18 15 18 32 + let%span scommon5 = "common.rs" 19 15 19 32 + let%span scommon6 = "common.rs" 20 14 20 42 + let%span s17_filter7 = "17_filter.rs" 24 12 30 122 + let%span sops8 = "../../../../creusot-contracts/src/std/ops.rs" 109 15 109 59 + let%span sops9 = "../../../../creusot-contracts/src/std/ops.rs" 110 14 110 36 + let%span sops10 = "../../../../creusot-contracts/src/std/ops.rs" 115 14 115 31 + let%span sops11 = "../../../../creusot-contracts/src/std/ops.rs" 120 15 120 29 + let%span sops12 = "../../../../creusot-contracts/src/std/ops.rs" 121 15 121 26 + let%span sops13 = "../../../../creusot-contracts/src/std/ops.rs" 122 14 122 28 + let%span sops14 = "../../../../creusot-contracts/src/std/ops.rs" 127 14 128 105 use seq.Seq + type t_I'0 + use seq.Seq type t_Item'0 @@ -41,19 +27,22 @@ module M_17_filter__qyi17392541228996028033__produces_refl [#"17_filter.rs" 52 4 predicate produces'1 [#"common.rs" 8 4 8 65] (self : t_I'0) (visited : Seq.seq t_Item'0) (o : t_I'0) - function produces_trans'0 [#"common.rs" 25 4 25 91] (a : t_I'0) (ab : Seq.seq t_Item'0) (b : t_I'0) (bc : Seq.seq t_Item'0) (c : t_I'0) : () + function produces_trans'0 [#"common.rs" 21 4 21 91] (a : t_I'0) (ab : Seq.seq t_Item'0) (b : t_I'0) (bc : Seq.seq t_Item'0) (c : t_I'0) : () - axiom produces_trans'0_spec : forall a : t_I'0, ab : Seq.seq t_Item'0, b : t_I'0, bc : Seq.seq t_Item'0, c : t_I'0 . ([%#scommon6] inv'1 a) - -> ([%#scommon7] inv'1 b) - -> ([%#scommon8] inv'1 c) - -> ([%#scommon9] produces'1 a ab b) - -> ([%#scommon10] produces'1 b bc c) -> ([%#scommon11] produces'1 a (Seq.(++) ab bc) c) + axiom produces_trans'0_spec : forall a : t_I'0, ab : Seq.seq t_Item'0, b : t_I'0, bc : Seq.seq t_Item'0, c : t_I'0 . ([%#scommon4] produces'1 a ab b) + -> ([%#scommon5] produces'1 b bc c) -> ([%#scommon6] produces'1 a (Seq.(++) ab bc) c) + + function produces_refl'1 [#"common.rs" 15 4 15 27] (self : t_I'0) : () + + axiom produces_refl'1_spec : forall self : t_I'0 . [%#scommon3] produces'1 self (Seq.empty : Seq.seq t_Item'0) self + + type t_F'0 - function produces_refl'1 [#"common.rs" 16 4 16 27] (self : t_I'0) : () + type t_Filter'0 = + { t_Filter__iter'0: t_I'0; t_Filter__func'0: t_F'0 } - axiom produces_refl'1_spec : forall self : t_I'0 . ([%#scommon4] inv'1 self) - -> ([%#scommon5] produces'1 self (Seq.empty : Seq.seq t_Item'0) self) + use prelude.prelude.Borrow predicate precondition'0 (self : t_F'0) (args : t_Item'0) @@ -65,41 +54,31 @@ module M_17_filter__qyi17392541228996028033__produces_refl [#"17_filter.rs" 52 4 function fn_mut_once'0 (self : t_F'0) (args : t_Item'0) (res : bool) : () - axiom fn_mut_once'0_spec : forall self : t_F'0, args : t_Item'0, res : bool . [%#sops19] postcondition_once'0 self args res + axiom fn_mut_once'0_spec : forall self : t_F'0, args : t_Item'0, res : bool . [%#sops14] postcondition_once'0 self args res = (exists res_state : t_F'0 . postcondition_mut'0 self args res_state res /\ resolve'0 res_state) predicate unnest'0 (self : t_F'0) (_2 : t_F'0) function unnest_trans'0 (self : t_F'0) (b : t_F'0) (c : t_F'0) : () - axiom unnest_trans'0_spec : forall self : t_F'0, b : t_F'0, c : t_F'0 . ([%#sops16] unnest'0 self b) - -> ([%#sops17] unnest'0 b c) -> ([%#sops18] unnest'0 self c) + axiom unnest_trans'0_spec : forall self : t_F'0, b : t_F'0, c : t_F'0 . ([%#sops11] unnest'0 self b) + -> ([%#sops12] unnest'0 b c) -> ([%#sops13] unnest'0 self c) function unnest_refl'0 (self : t_F'0) : () - axiom unnest_refl'0_spec : forall self : t_F'0 . [%#sops15] unnest'0 self self + axiom unnest_refl'0_spec : forall self : t_F'0 . [%#sops10] unnest'0 self self function postcondition_mut_unnest'0 (self : t_F'0) (args : t_Item'0) (res_state : t_F'0) (res : bool) : () - axiom postcondition_mut_unnest'0_spec : forall self : t_F'0, args : t_Item'0, res_state : t_F'0, res : bool . ([%#sops13] postcondition_mut'0 self args res_state res) - -> ([%#sops14] unnest'0 self res_state) + axiom postcondition_mut_unnest'0_spec : forall self : t_F'0, args : t_Item'0, res_state : t_F'0, res : bool . ([%#sops8] postcondition_mut'0 self args res_state res) + -> ([%#sops9] unnest'0 self res_state) predicate invariant'0 [#"17_filter.rs" 21 4 21 30] (self : t_Filter'0) = - [%#s17_filter12] forall f : t_F'0, i : t_Item'0 . precondition'0 f (i) + [%#s17_filter7] forall f : t_F'0, i : t_Item'0 . precondition'0 f (i) /\ (forall f : t_F'0, g : t_F'0 . unnest'0 f g -> f = g) /\ (forall f1 : t_F'0, f2 : t_F'0, i : t_Item'0 . not (postcondition_mut'0 f1 (i) f2 true /\ postcondition_mut'0 f1 (i) f2 false)) - predicate inv'2 (_1 : t_F'0) - - predicate inv'0 (_1 : t_Filter'0) - - axiom inv_axiom'0 [@rewrite] : forall x : t_Filter'0 [inv'0 x] . inv'0 x - = (invariant'0 x - /\ match x with - | {t_Filter__iter'0 = iter ; t_Filter__func'0 = func} -> inv'1 iter /\ inv'2 func - end) - use prelude.prelude.Int use map.Map @@ -110,9 +89,10 @@ module M_17_filter__qyi17392541228996028033__produces_refl [#"17_filter.rs" 52 4 use seq.Seq - predicate produces'0 [#"17_filter.rs" 66 4 66 67] (self : t_Filter'0) (visited : Seq.seq t_Item'0) (succ : t_Filter'0) + predicate produces'0 [#"17_filter.rs" 62 4 62 67] (self : t_Filter'0) (visited : Seq.seq t_Item'0) (succ : t_Filter'0) = - [%#s17_filter3] unnest'0 self.t_Filter__func'0 succ.t_Filter__func'0 + [%#s17_filter2] invariant'0 self + -> unnest'0 self.t_Filter__func'0 succ.t_Filter__func'0 /\ (exists s : Seq.seq t_Item'0, f : Map.map int int . produces'1 self.t_Filter__iter'0 s succ.t_Filter__iter'0 /\ (forall i : int, j : int . 0 <= i /\ i <= j /\ j < Seq.length visited -> 0 <= Map.get f i /\ Map.get f i <= Map.get f j /\ Map.get f j < Seq.length s) @@ -123,36 +103,28 @@ module M_17_filter__qyi17392541228996028033__produces_refl [#"17_filter.rs" 52 4 constant self : t_Filter'0 - function produces_refl'0 [#"17_filter.rs" 52 4 52 26] (self : t_Filter'0) : () + function produces_refl'0 [#"17_filter.rs" 51 4 51 26] (self : t_Filter'0) : () - goal vc_produces_refl'0 : ([%#s17_filter0] inv'0 self) - -> ([%#s17_filter1] produces'0 self (Seq.empty : Seq.seq t_Item'0) self) + goal vc_produces_refl'0 : [%#s17_filter0] produces'0 self (Seq.empty : Seq.seq t_Item'0) self end -module M_17_filter__qyi17392541228996028033__produces_trans [#"17_filter.rs" 62 4 62 90] (* as common::Iterator> *) - let%span s17_filter0 = "17_filter.rs" 56 15 56 21 - let%span s17_filter1 = "17_filter.rs" 57 15 57 21 - let%span s17_filter2 = "17_filter.rs" 58 15 58 21 - let%span s17_filter3 = "17_filter.rs" 59 15 59 32 - let%span s17_filter4 = "17_filter.rs" 60 15 60 32 - let%span s17_filter5 = "17_filter.rs" 61 14 61 42 - let%span s17_filter6 = "17_filter.rs" 54 4 54 10 - let%span s17_filter7 = "17_filter.rs" 67 8 80 9 - let%span scommon8 = "common.rs" 14 15 14 24 - let%span scommon9 = "common.rs" 15 14 15 45 - let%span scommon10 = "common.rs" 19 15 19 21 - let%span scommon11 = "common.rs" 20 15 20 21 - let%span scommon12 = "common.rs" 21 15 21 21 - let%span scommon13 = "common.rs" 22 15 22 32 - let%span scommon14 = "common.rs" 23 15 23 32 - let%span scommon15 = "common.rs" 24 14 24 42 - let%span s17_filter16 = "17_filter.rs" 24 12 30 122 - let%span sops17 = "../../../../creusot-contracts/src/std/ops.rs" 109 15 109 59 - let%span sops18 = "../../../../creusot-contracts/src/std/ops.rs" 110 14 110 36 - let%span sops19 = "../../../../creusot-contracts/src/std/ops.rs" 115 14 115 31 - let%span sops20 = "../../../../creusot-contracts/src/std/ops.rs" 120 15 120 29 - let%span sops21 = "../../../../creusot-contracts/src/std/ops.rs" 121 15 121 26 - let%span sops22 = "../../../../creusot-contracts/src/std/ops.rs" 122 14 122 28 - let%span sops23 = "../../../../creusot-contracts/src/std/ops.rs" 127 14 128 105 +module M_17_filter__qyi17392541228996028033__produces_trans [#"17_filter.rs" 58 4 58 90] (* as common::Iterator> *) + let%span s17_filter0 = "17_filter.rs" 55 15 55 32 + let%span s17_filter1 = "17_filter.rs" 56 15 56 32 + let%span s17_filter2 = "17_filter.rs" 57 14 57 42 + let%span s17_filter3 = "17_filter.rs" 53 4 53 10 + let%span s17_filter4 = "17_filter.rs" 64 12 76 17 + let%span s17_filter5 = "17_filter.rs" 24 12 30 122 + let%span scommon6 = "common.rs" 14 14 14 45 + let%span scommon7 = "common.rs" 18 15 18 32 + let%span scommon8 = "common.rs" 19 15 19 32 + let%span scommon9 = "common.rs" 20 14 20 42 + let%span sops10 = "../../../../creusot-contracts/src/std/ops.rs" 109 15 109 59 + let%span sops11 = "../../../../creusot-contracts/src/std/ops.rs" 110 14 110 36 + let%span sops12 = "../../../../creusot-contracts/src/std/ops.rs" 115 14 115 31 + let%span sops13 = "../../../../creusot-contracts/src/std/ops.rs" 120 15 120 29 + let%span sops14 = "../../../../creusot-contracts/src/std/ops.rs" 121 15 121 26 + let%span sops15 = "../../../../creusot-contracts/src/std/ops.rs" 122 14 122 28 + let%span sops16 = "../../../../creusot-contracts/src/std/ops.rs" 127 14 128 105 type t_I'0 @@ -161,10 +133,6 @@ module M_17_filter__qyi17392541228996028033__produces_trans [#"17_filter.rs" 62 type t_Filter'0 = { t_Filter__iter'0: t_I'0; t_Filter__func'0: t_F'0 } - use prelude.prelude.Borrow - - predicate inv'1 (_1 : t_I'0) - use seq.Seq use seq.Seq @@ -175,19 +143,17 @@ module M_17_filter__qyi17392541228996028033__produces_trans [#"17_filter.rs" 62 predicate produces'1 [#"common.rs" 8 4 8 65] (self : t_I'0) (visited : Seq.seq t_Item'0) (o : t_I'0) - function produces_trans'1 [#"common.rs" 25 4 25 91] (a : t_I'0) (ab : Seq.seq t_Item'0) (b : t_I'0) (bc : Seq.seq t_Item'0) (c : t_I'0) : () + function produces_trans'1 [#"common.rs" 21 4 21 91] (a : t_I'0) (ab : Seq.seq t_Item'0) (b : t_I'0) (bc : Seq.seq t_Item'0) (c : t_I'0) : () - axiom produces_trans'1_spec : forall a : t_I'0, ab : Seq.seq t_Item'0, b : t_I'0, bc : Seq.seq t_Item'0, c : t_I'0 . ([%#scommon10] inv'1 a) - -> ([%#scommon11] inv'1 b) - -> ([%#scommon12] inv'1 c) - -> ([%#scommon13] produces'1 a ab b) - -> ([%#scommon14] produces'1 b bc c) -> ([%#scommon15] produces'1 a (Seq.(++) ab bc) c) + axiom produces_trans'1_spec : forall a : t_I'0, ab : Seq.seq t_Item'0, b : t_I'0, bc : Seq.seq t_Item'0, c : t_I'0 . ([%#scommon7] produces'1 a ab b) + -> ([%#scommon8] produces'1 b bc c) -> ([%#scommon9] produces'1 a (Seq.(++) ab bc) c) + + function produces_refl'0 [#"common.rs" 15 4 15 27] (self : t_I'0) : () - function produces_refl'0 [#"common.rs" 16 4 16 27] (self : t_I'0) : () + axiom produces_refl'0_spec : forall self : t_I'0 . [%#scommon6] produces'1 self (Seq.empty : Seq.seq t_Item'0) self - axiom produces_refl'0_spec : forall self : t_I'0 . ([%#scommon8] inv'1 self) - -> ([%#scommon9] produces'1 self (Seq.empty : Seq.seq t_Item'0) self) + use prelude.prelude.Borrow predicate precondition'0 (self : t_F'0) (args : t_Item'0) @@ -199,41 +165,31 @@ module M_17_filter__qyi17392541228996028033__produces_trans [#"17_filter.rs" 62 function fn_mut_once'0 (self : t_F'0) (args : t_Item'0) (res : bool) : () - axiom fn_mut_once'0_spec : forall self : t_F'0, args : t_Item'0, res : bool . [%#sops23] postcondition_once'0 self args res + axiom fn_mut_once'0_spec : forall self : t_F'0, args : t_Item'0, res : bool . [%#sops16] postcondition_once'0 self args res = (exists res_state : t_F'0 . postcondition_mut'0 self args res_state res /\ resolve'0 res_state) predicate unnest'0 (self : t_F'0) (_2 : t_F'0) function unnest_trans'0 (self : t_F'0) (b : t_F'0) (c : t_F'0) : () - axiom unnest_trans'0_spec : forall self : t_F'0, b : t_F'0, c : t_F'0 . ([%#sops20] unnest'0 self b) - -> ([%#sops21] unnest'0 b c) -> ([%#sops22] unnest'0 self c) + axiom unnest_trans'0_spec : forall self : t_F'0, b : t_F'0, c : t_F'0 . ([%#sops13] unnest'0 self b) + -> ([%#sops14] unnest'0 b c) -> ([%#sops15] unnest'0 self c) function unnest_refl'0 (self : t_F'0) : () - axiom unnest_refl'0_spec : forall self : t_F'0 . [%#sops19] unnest'0 self self + axiom unnest_refl'0_spec : forall self : t_F'0 . [%#sops12] unnest'0 self self function postcondition_mut_unnest'0 (self : t_F'0) (args : t_Item'0) (res_state : t_F'0) (res : bool) : () - axiom postcondition_mut_unnest'0_spec : forall self : t_F'0, args : t_Item'0, res_state : t_F'0, res : bool . ([%#sops17] postcondition_mut'0 self args res_state res) - -> ([%#sops18] unnest'0 self res_state) + axiom postcondition_mut_unnest'0_spec : forall self : t_F'0, args : t_Item'0, res_state : t_F'0, res : bool . ([%#sops10] postcondition_mut'0 self args res_state res) + -> ([%#sops11] unnest'0 self res_state) predicate invariant'0 [#"17_filter.rs" 21 4 21 30] (self : t_Filter'0) = - [%#s17_filter16] forall f : t_F'0, i : t_Item'0 . precondition'0 f (i) + [%#s17_filter5] forall f : t_F'0, i : t_Item'0 . precondition'0 f (i) /\ (forall f : t_F'0, g : t_F'0 . unnest'0 f g -> f = g) /\ (forall f1 : t_F'0, f2 : t_F'0, i : t_Item'0 . not (postcondition_mut'0 f1 (i) f2 true /\ postcondition_mut'0 f1 (i) f2 false)) - predicate inv'2 (_1 : t_F'0) - - predicate inv'0 (_1 : t_Filter'0) - - axiom inv_axiom'0 [@rewrite] : forall x : t_Filter'0 [inv'0 x] . inv'0 x - = (invariant'0 x - /\ match x with - | {t_Filter__iter'0 = iter ; t_Filter__func'0 = func} -> inv'1 iter /\ inv'2 func - end) - use prelude.prelude.Int use map.Map @@ -244,9 +200,10 @@ module M_17_filter__qyi17392541228996028033__produces_trans [#"17_filter.rs" 62 use seq.Seq - predicate produces'0 [#"17_filter.rs" 66 4 66 67] (self : t_Filter'0) (visited : Seq.seq t_Item'0) (succ : t_Filter'0) + predicate produces'0 [#"17_filter.rs" 62 4 62 67] (self : t_Filter'0) (visited : Seq.seq t_Item'0) (succ : t_Filter'0) = - [%#s17_filter7] unnest'0 self.t_Filter__func'0 succ.t_Filter__func'0 + [%#s17_filter4] invariant'0 self + -> unnest'0 self.t_Filter__func'0 succ.t_Filter__func'0 /\ (exists s : Seq.seq t_Item'0, f : Map.map int int . produces'1 self.t_Filter__iter'0 s succ.t_Filter__iter'0 /\ (forall i : int, j : int . 0 <= i /\ i <= j /\ j < Seq.length visited -> 0 <= Map.get f i /\ Map.get f i <= Map.get f j /\ Map.get f j < Seq.length s) @@ -265,54 +222,47 @@ module M_17_filter__qyi17392541228996028033__produces_trans [#"17_filter.rs" 62 constant c : t_Filter'0 - function produces_trans'0 [#"17_filter.rs" 62 4 62 90] (a : t_Filter'0) (ab : Seq.seq t_Item'0) (b : t_Filter'0) (bc : Seq.seq t_Item'0) (c : t_Filter'0) : () + function produces_trans'0 [#"17_filter.rs" 58 4 58 90] (a : t_Filter'0) (ab : Seq.seq t_Item'0) (b : t_Filter'0) (bc : Seq.seq t_Item'0) (c : t_Filter'0) : () - goal vc_produces_trans'0 : ([%#s17_filter4] produces'0 b bc c) - -> ([%#s17_filter3] produces'0 a ab b) - -> ([%#s17_filter2] inv'0 c) - -> ([%#s17_filter1] inv'0 b) -> ([%#s17_filter0] inv'0 a) -> ([%#s17_filter5] produces'0 a (Seq.(++) ab bc) c) + goal vc_produces_trans'0 : ([%#s17_filter1] produces'0 b bc c) + -> ([%#s17_filter0] produces'0 a ab b) -> ([%#s17_filter2] produces'0 a (Seq.(++) ab bc) c) end -module M_17_filter__qyi17392541228996028033__next [#"17_filter.rs" 88 4 88 41] (* as common::Iterator> *) - let%span s17_filter0 = "17_filter.rs" 89 23 89 40 - let%span s17_filter1 = "17_filter.rs" 90 27 90 51 - let%span s17_filter2 = "17_filter.rs" 92 8 92 31 - let%span s17_filter3 = "17_filter.rs" 94 20 94 129 - let%span s17_filter4 = "17_filter.rs" 93 20 93 46 - let%span s17_filter5 = "17_filter.rs" 92 20 92 29 - let%span s17_filter6 = "17_filter.rs" 98 23 98 58 - let%span s17_filter7 = "17_filter.rs" 99 12 99 71 - let%span s17_filter8 = "17_filter.rs" 88 17 88 21 - let%span s17_filter9 = "17_filter.rs" 83 15 83 24 - let%span s17_filter10 = "17_filter.rs" 88 26 88 41 - let%span s17_filter11 = "17_filter.rs" 84 14 87 5 - let%span sindex12 = "../../../../creusot-contracts/src/logic/ops/index.rs" 89 8 89 33 - let%span scommon13 = "common.rs" 31 17 31 21 - let%span scommon14 = "common.rs" 31 26 31 44 - let%span scommon15 = "common.rs" 27 14 30 5 - let%span sops16 = "../../../../creusot-contracts/src/std/ops.rs" 162 27 162 52 - let%span sops17 = "../../../../creusot-contracts/src/std/ops.rs" 163 26 163 71 - let%span s17_filter18 = "17_filter.rs" 42 12 44 43 - let%span s17_filter19 = "17_filter.rs" 67 8 80 9 - let%span scommon20 = "common.rs" 14 15 14 24 - let%span scommon21 = "common.rs" 15 14 15 45 - let%span scommon22 = "common.rs" 19 15 19 21 - let%span scommon23 = "common.rs" 20 15 20 21 - let%span scommon24 = "common.rs" 21 15 21 21 - let%span scommon25 = "common.rs" 22 15 22 32 - let%span scommon26 = "common.rs" 23 15 23 32 - let%span scommon27 = "common.rs" 24 14 24 42 - let%span sops28 = "../../../../creusot-contracts/src/std/ops.rs" 109 15 109 59 - let%span sops29 = "../../../../creusot-contracts/src/std/ops.rs" 110 14 110 36 - let%span sops30 = "../../../../creusot-contracts/src/std/ops.rs" 115 14 115 31 - let%span sops31 = "../../../../creusot-contracts/src/std/ops.rs" 120 15 120 29 - let%span sops32 = "../../../../creusot-contracts/src/std/ops.rs" 121 15 121 26 - let%span sops33 = "../../../../creusot-contracts/src/std/ops.rs" 122 14 122 28 - let%span sops34 = "../../../../creusot-contracts/src/std/ops.rs" 127 14 128 105 - let%span sresolve35 = "../../../../creusot-contracts/src/resolve.rs" 54 20 54 34 - let%span sinvariant36 = "../../../../creusot-contracts/src/invariant.rs" 34 20 34 44 - let%span s17_filter37 = "17_filter.rs" 24 12 30 122 - let%span sinvariant38 = "../../../../creusot-contracts/src/invariant.rs" 24 8 24 18 +module M_17_filter__qyi17392541228996028033__next [#"17_filter.rs" 84 4 84 41] (* as common::Iterator> *) + let%span s17_filter0 = "17_filter.rs" 85 23 85 40 + let%span s17_filter1 = "17_filter.rs" 86 27 86 51 + let%span s17_filter2 = "17_filter.rs" 88 8 88 31 + let%span s17_filter3 = "17_filter.rs" 90 20 90 129 + let%span s17_filter4 = "17_filter.rs" 89 20 89 46 + let%span s17_filter5 = "17_filter.rs" 88 20 88 29 + let%span s17_filter6 = "17_filter.rs" 94 23 94 58 + let%span s17_filter7 = "17_filter.rs" 95 12 95 71 + let%span s17_filter8 = "17_filter.rs" 84 17 84 21 + let%span s17_filter9 = "17_filter.rs" 84 26 84 41 + let%span s17_filter10 = "17_filter.rs" 80 14 83 5 + let%span sindex11 = "../../../../creusot-contracts/src/logic/ops/index.rs" 89 8 89 33 + let%span scommon12 = "common.rs" 27 17 27 21 + let%span scommon13 = "common.rs" 27 26 27 44 + let%span scommon14 = "common.rs" 23 14 26 5 + let%span sops15 = "../../../../creusot-contracts/src/std/ops.rs" 162 27 162 52 + let%span sops16 = "../../../../creusot-contracts/src/std/ops.rs" 163 26 163 71 + let%span s17_filter17 = "17_filter.rs" 42 12 44 43 + let%span s17_filter18 = "17_filter.rs" 64 12 76 17 + let%span scommon19 = "common.rs" 14 14 14 45 + let%span scommon20 = "common.rs" 18 15 18 32 + let%span scommon21 = "common.rs" 19 15 19 32 + let%span scommon22 = "common.rs" 20 14 20 42 + let%span sops23 = "../../../../creusot-contracts/src/std/ops.rs" 109 15 109 59 + let%span sops24 = "../../../../creusot-contracts/src/std/ops.rs" 110 14 110 36 + let%span sops25 = "../../../../creusot-contracts/src/std/ops.rs" 115 14 115 31 + let%span sops26 = "../../../../creusot-contracts/src/std/ops.rs" 120 15 120 29 + let%span sops27 = "../../../../creusot-contracts/src/std/ops.rs" 121 15 121 26 + let%span sops28 = "../../../../creusot-contracts/src/std/ops.rs" 122 14 122 28 + let%span sops29 = "../../../../creusot-contracts/src/std/ops.rs" 127 14 128 105 + let%span sresolve30 = "../../../../creusot-contracts/src/resolve.rs" 54 20 54 34 + let%span s17_filter31 = "17_filter.rs" 24 12 30 122 + let%span sinvariant32 = "../../../../creusot-contracts/src/invariant.rs" 34 20 34 44 + let%span sinvariant33 = "../../../../creusot-contracts/src/invariant.rs" 24 8 24 18 use prelude.prelude.Snapshot @@ -320,8 +270,6 @@ module M_17_filter__qyi17392541228996028033__next [#"17_filter.rs" 88 4 88 41] ( type t_I'0 - predicate inv'1 (_1 : t_I'0) - use seq.Seq type t_Item'0 @@ -330,19 +278,15 @@ module M_17_filter__qyi17392541228996028033__next [#"17_filter.rs" 88 4 88 41] ( predicate produces'0 [#"common.rs" 8 4 8 65] (self : t_I'0) (visited : Seq.seq t_Item'0) (o : t_I'0) - function produces_trans'0 [#"common.rs" 25 4 25 91] (a : t_I'0) (ab : Seq.seq t_Item'0) (b : t_I'0) (bc : Seq.seq t_Item'0) (c : t_I'0) : () + function produces_trans'0 [#"common.rs" 21 4 21 91] (a : t_I'0) (ab : Seq.seq t_Item'0) (b : t_I'0) (bc : Seq.seq t_Item'0) (c : t_I'0) : () - axiom produces_trans'0_spec : forall a : t_I'0, ab : Seq.seq t_Item'0, b : t_I'0, bc : Seq.seq t_Item'0, c : t_I'0 . ([%#scommon22] inv'1 a) - -> ([%#scommon23] inv'1 b) - -> ([%#scommon24] inv'1 c) - -> ([%#scommon25] produces'0 a ab b) - -> ([%#scommon26] produces'0 b bc c) -> ([%#scommon27] produces'0 a (Seq.(++) ab bc) c) + axiom produces_trans'0_spec : forall a : t_I'0, ab : Seq.seq t_Item'0, b : t_I'0, bc : Seq.seq t_Item'0, c : t_I'0 . ([%#scommon20] produces'0 a ab b) + -> ([%#scommon21] produces'0 b bc c) -> ([%#scommon22] produces'0 a (Seq.(++) ab bc) c) - function produces_refl'0 [#"common.rs" 16 4 16 27] (self : t_I'0) : () + function produces_refl'0 [#"common.rs" 15 4 15 27] (self : t_I'0) : () - axiom produces_refl'0_spec : forall self : t_I'0 . ([%#scommon20] inv'1 self) - -> ([%#scommon21] produces'0 self (Seq.empty : Seq.seq t_Item'0) self) + axiom produces_refl'0_spec : forall self : t_I'0 . [%#scommon19] produces'0 self (Seq.empty : Seq.seq t_Item'0) self use prelude.prelude.Snapshot @@ -363,24 +307,24 @@ module M_17_filter__qyi17392541228996028033__next [#"17_filter.rs" 88 4 88 41] ( function fn_mut_once'0 (self : t_F'0) (args : t_Item'0) (res : bool) : () - axiom fn_mut_once'0_spec : forall self : t_F'0, args : t_Item'0, res : bool . [%#sops34] postcondition_once'0 self args res + axiom fn_mut_once'0_spec : forall self : t_F'0, args : t_Item'0, res : bool . [%#sops29] postcondition_once'0 self args res = (exists res_state : t_F'0 . postcondition_mut'0 self args res_state res /\ resolve'3 res_state) predicate unnest'0 (self : t_F'0) (_2 : t_F'0) function unnest_trans'0 (self : t_F'0) (b : t_F'0) (c : t_F'0) : () - axiom unnest_trans'0_spec : forall self : t_F'0, b : t_F'0, c : t_F'0 . ([%#sops31] unnest'0 self b) - -> ([%#sops32] unnest'0 b c) -> ([%#sops33] unnest'0 self c) + axiom unnest_trans'0_spec : forall self : t_F'0, b : t_F'0, c : t_F'0 . ([%#sops26] unnest'0 self b) + -> ([%#sops27] unnest'0 b c) -> ([%#sops28] unnest'0 self c) function unnest_refl'0 (self : t_F'0) : () - axiom unnest_refl'0_spec : forall self : t_F'0 . [%#sops30] unnest'0 self self + axiom unnest_refl'0_spec : forall self : t_F'0 . [%#sops25] unnest'0 self self function postcondition_mut_unnest'0 (self : t_F'0) (args : t_Item'0) (res_state : t_F'0) (res : bool) : () - axiom postcondition_mut_unnest'0_spec : forall self : t_F'0, args : t_Item'0, res_state : t_F'0, res : bool . ([%#sops28] postcondition_mut'0 self args res_state res) - -> ([%#sops29] unnest'0 self res_state) + axiom postcondition_mut_unnest'0_spec : forall self : t_F'0, args : t_Item'0, res_state : t_F'0, res : bool . ([%#sops23] postcondition_mut'0 self args res_state res) + -> ([%#sops24] unnest'0 self res_state) use prelude.prelude.Snapshot @@ -393,39 +337,41 @@ module M_17_filter__qyi17392541228996028033__next [#"17_filter.rs" 88 4 88 41] ( use seq.Seq function index_logic'0 [@inline:trivial] (self : Snapshot.snap_ty (Seq.seq t_Item'0)) (ix : int) : t_Item'0 = - [%#sindex12] Seq.get (Snapshot.inner self) ix + [%#sindex11] Seq.get (Snapshot.inner self) ix predicate precondition'0 (self : t_F'0) (args : t_Item'0) - predicate invariant'3 [#"17_filter.rs" 21 4 21 30] (self : t_Filter'0) = - [%#s17_filter37] forall f : t_F'0, i : t_Item'0 . precondition'0 f (i) + predicate invariant'0 [#"17_filter.rs" 21 4 21 30] (self : t_Filter'0) = + [%#s17_filter31] forall f : t_F'0, i : t_Item'0 . precondition'0 f (i) /\ (forall f : t_F'0, g : t_F'0 . unnest'0 f g -> f = g) /\ (forall f1 : t_F'0, f2 : t_F'0, i : t_Item'0 . not (postcondition_mut'0 f1 (i) f2 true /\ postcondition_mut'0 f1 (i) f2 false)) + predicate inv'1 (_1 : t_I'0) + predicate inv'2 (_1 : t_F'0) predicate inv'9 (_1 : t_Filter'0) axiom inv_axiom'6 [@rewrite] : forall x : t_Filter'0 [inv'9 x] . inv'9 x - = (invariant'3 x + = (invariant'0 x /\ match x with | {t_Filter__iter'0 = iter ; t_Filter__func'0 = func} -> inv'1 iter /\ inv'2 func end) - predicate invariant'0 (self : borrowed (t_Filter'0)) = - [%#sinvariant36] inv'9 self.current /\ inv'9 self.final + predicate invariant'1 (self : borrowed (t_Filter'0)) = + [%#sinvariant32] inv'9 self.current /\ inv'9 self.final predicate inv'0 (_1 : borrowed (t_Filter'0)) - axiom inv_axiom'0 [@rewrite] : forall x : borrowed (t_Filter'0) [inv'0 x] . inv'0 x = invariant'0 x + axiom inv_axiom'0 [@rewrite] : forall x : borrowed (t_Filter'0) [inv'0 x] . inv'0 x = invariant'1 x - predicate invariant'1 (self : borrowed t_I'0) = - [%#sinvariant36] inv'1 self.current /\ inv'1 self.final + predicate invariant'2 (self : borrowed t_I'0) = + [%#sinvariant32] inv'1 self.current /\ inv'1 self.final predicate inv'5 (_1 : borrowed t_I'0) - axiom inv_axiom'2 [@rewrite] : forall x : borrowed t_I'0 [inv'5 x] . inv'5 x = invariant'1 x + axiom inv_axiom'2 [@rewrite] : forall x : borrowed t_I'0 [inv'5 x] . inv'5 x = invariant'2 x type t_Option'0 = | C_None'0 @@ -445,10 +391,10 @@ module M_17_filter__qyi17392541228996028033__next [#"17_filter.rs" 88 4 88 41] ( use seq.Seq - let rec next'1 (self:borrowed t_I'0) (return' (ret:t_Option'0))= {[@expl:next 'self' type invariant] [%#scommon13] inv'5 self} + let rec next'1 (self:borrowed t_I'0) (return' (ret:t_Option'0))= {[@expl:next 'self' type invariant] [%#scommon12] inv'5 self} any - [ return' (result:t_Option'0)-> {[%#scommon14] inv'4 result} - {[%#scommon15] match result with + [ return' (result:t_Option'0)-> {[%#scommon13] inv'4 result} + {[%#scommon14] match result with | C_None'0 -> completed'1 self | C_Some'0 v -> produces'0 self.current (Seq.singleton v) self.final end} @@ -462,15 +408,15 @@ module M_17_filter__qyi17392541228996028033__next [#"17_filter.rs" 88 4 88 41] ( use seq.Seq - predicate invariant'2 (self : borrowed t_F'0) = - [%#sinvariant36] inv'2 self.current /\ inv'2 self.final + predicate invariant'3 (self : borrowed t_F'0) = + [%#sinvariant32] inv'2 self.current /\ inv'2 self.final predicate inv'6 (_1 : borrowed t_F'0) - axiom inv_axiom'3 [@rewrite] : forall x : borrowed t_F'0 [inv'6 x] . inv'6 x = invariant'2 x + axiom inv_axiom'3 [@rewrite] : forall x : borrowed t_F'0 [inv'6 x] . inv'6 x = invariant'3 x predicate invariant'4 (self : t_Item'0) = - [%#sinvariant38] inv'3 self + [%#sinvariant33] inv'3 self predicate inv'10 (_1 : t_Item'0) @@ -486,17 +432,17 @@ module M_17_filter__qyi17392541228996028033__next [#"17_filter.rs" 88 4 88 41] ( let rec call_mut'0 (self:borrowed t_F'0) (args:t_Item'0) (return' (ret:bool))= {[@expl:call_mut 'self' type invariant] inv'6 self} {[@expl:call_mut 'args' type invariant] inv'7 args} - {[@expl:call_mut requires] [%#sops16] precondition'0 self.current args} + {[@expl:call_mut requires] [%#sops15] precondition'0 self.current args} any [ return' (result:bool)-> {inv'8 result} - {[%#sops17] postcondition_mut'0 self.current args self.final result} + {[%#sops16] postcondition_mut'0 self.current args self.final result} (! return' {result}) ] predicate resolve'0 (_1 : t_Item'0) predicate resolve'2 (self : borrowed (t_Filter'0)) = - [%#sresolve35] self.final = self.current + [%#sresolve30] self.final = self.current predicate resolve'1 (_1 : borrowed (t_Filter'0)) = resolve'2 _1 @@ -506,7 +452,7 @@ module M_17_filter__qyi17392541228996028033__next [#"17_filter.rs" 88 4 88 41] ( use prelude.prelude.Snapshot predicate completed'0 [#"17_filter.rs" 40 4 40 35] (self : borrowed (t_Filter'0)) = - [%#s17_filter18] (exists s : Seq.seq t_Item'0, e : borrowed t_I'0 . produces'0 (self.current).t_Filter__iter'0 s e.current + [%#s17_filter17] (exists s : Seq.seq t_Item'0, e : borrowed t_I'0 . produces'0 (self.current).t_Filter__iter'0 s e.current /\ completed'1 e /\ (forall i : int . 0 <= i /\ i < Seq.length s -> postcondition_mut'0 (self.current).t_Filter__func'0 (Seq.get s i) (self.final).t_Filter__func'0 false)) @@ -516,9 +462,10 @@ module M_17_filter__qyi17392541228996028033__next [#"17_filter.rs" 88 4 88 41] ( use map.Map - predicate produces'1 [#"17_filter.rs" 66 4 66 67] (self : t_Filter'0) (visited : Seq.seq t_Item'0) (succ : t_Filter'0) + predicate produces'1 [#"17_filter.rs" 62 4 62 67] (self : t_Filter'0) (visited : Seq.seq t_Item'0) (succ : t_Filter'0) = - [%#s17_filter19] unnest'0 self.t_Filter__func'0 succ.t_Filter__func'0 + [%#s17_filter18] invariant'0 self + -> unnest'0 self.t_Filter__func'0 succ.t_Filter__func'0 /\ (exists s : Seq.seq t_Item'0, f : Map.map int int . produces'0 self.t_Filter__iter'0 s succ.t_Filter__iter'0 /\ (forall i : int, j : int . 0 <= i /\ i <= j /\ j < Seq.length visited -> 0 <= Map.get f i /\ Map.get f i <= Map.get f j /\ Map.get f j < Seq.length s) @@ -530,7 +477,6 @@ module M_17_filter__qyi17392541228996028033__next [#"17_filter.rs" 88 4 88 41] ( meta "compute_max_steps" 1000000 let rec next'0 (self:borrowed (t_Filter'0)) (return' (ret:t_Option'0))= {[@expl:next 'self' type invariant] [%#s17_filter8] inv'0 self} - {[@expl:next requires] [%#s17_filter9] inv'0 self} (! bb0 [ bb0 = s0 [ s0 = [ &old_self <- [%#s17_filter0] Snapshot.new self ] s1 | s1 = bb1 ] | bb1 = s0 [ s0 = [ &produced <- [%#s17_filter1] Snapshot.new (Seq.empty : Seq.seq t_Item'0) ] s1 | s1 = bb2 ] @@ -549,49 +495,49 @@ module M_17_filter__qyi17392541228996028033__next [#"17_filter.rs" 88 4 88 41] ( [ s0 = {inv'1 (self.current).t_Filter__iter'0} Borrow.borrow_mut {(self.current).t_Filter__iter'0} (fun (_ret':borrowed t_I'0) -> - [ &_17 <- _ret' ] + [ &_16 <- _ret' ] -{inv'1 _ret'.final}- [ &self <- { self with current = { self.current with t_Filter__iter'0 = _ret'.final } } ] s1) - | s1 = next'1 {_17} (fun (_ret':t_Option'0) -> [ &_16 <- _ret' ] s2) + | s1 = next'1 {_16} (fun (_ret':t_Option'0) -> [ &_15 <- _ret' ] s2) | s2 = bb5 ] - | bb5 = any [ br0 -> {_16 = C_None'0 } (! bb13) | br1 (x0:t_Item'0)-> {_16 = C_Some'0 x0} (! bb6) ] + | bb5 = any [ br0 -> {_15 = C_None'0 } (! bb13) | br1 (x0:t_Item'0)-> {_15 = C_Some'0 x0} (! bb6) ] | bb6 = bb7 | bb7 = s0 - [ s0 = v_Some'0 {_16} (fun (r0'0:t_Item'0) -> [ &n <- r0'0 ] s1) - | s1 = [ &_20 <- [%#s17_filter6] Snapshot.new (Seq.snoc (Snapshot.inner produced) n) ] s2 + [ s0 = v_Some'0 {_15} (fun (r0'0:t_Item'0) -> [ &n <- r0'0 ] s1) + | s1 = [ &_19 <- [%#s17_filter6] Snapshot.new (Seq.snoc (Snapshot.inner produced) n) ] s2 | s2 = bb8 ] | bb8 = s0 - [ s0 = [ &produced <- _20 ] s1 + [ s0 = [ &produced <- _19 ] s1 | s1 = {[@expl:assertion] [%#s17_filter7] produces'0 ((Snapshot.inner old_self).current).t_Filter__iter'0 (Snapshot.inner produced) (self.current).t_Filter__iter'0} s2 | s2 = {inv'2 (self.current).t_Filter__func'0} Borrow.borrow_mut {(self.current).t_Filter__func'0} (fun (_ret':borrowed t_F'0) -> - [ &_25 <- _ret' ] + [ &_24 <- _ret' ] -{inv'2 _ret'.final}- [ &self <- { self with current = { self.current with t_Filter__func'0 = _ret'.final } } ] s3) - | s3 = [ &_28 <- n ] s4 - | s4 = [ &_26 <- (_28) ] s5 - | s5 = call_mut'0 {_25} {_26} (fun (_ret':bool) -> [ &_24 <- _ret' ] s6) + | s3 = [ &_27 <- n ] s4 + | s4 = [ &_25 <- (_27) ] s5 + | s5 = call_mut'0 {_24} {_25} (fun (_ret':bool) -> [ &_23 <- _ret' ] s6) | s6 = bb9 ] - | bb9 = any [ br0 -> {_24 = false} (! bb12) | br1 -> {_24} (! bb10) ] + | bb9 = any [ br0 -> {_23 = false} (! bb12) | br1 -> {_23} (! bb10) ] | bb12 = s0 [ s0 = {[@expl:type invariant] inv'3 n} s1 | s1 = -{resolve'0 n}- s2 | s2 = bb14 ] | bb14 = bb15 | bb15 = bb3 ] ] | bb13 = s0 - [ s0 = {[@expl:type invariant] match _16 with + [ s0 = {[@expl:type invariant] match _15 with | C_Some'0 x'0 -> inv'3 x'0 | _ -> true end} s1 - | s1 = -{match _16 with + | s1 = -{match _15 with | C_Some'0 x'1 -> resolve'0 x'1 | _ -> true end}- @@ -616,35 +562,35 @@ module M_17_filter__qyi17392541228996028033__next [#"17_filter.rs" 88 4 88 41] ( | & self : borrowed (t_Filter'0) = self | & old_self : Snapshot.snap_ty (borrowed (t_Filter'0)) = any_l () | & produced : Snapshot.snap_ty (Seq.seq t_Item'0) = any_l () - | & _16 : t_Option'0 = any_l () - | & _17 : borrowed t_I'0 = any_l () + | & _15 : t_Option'0 = any_l () + | & _16 : borrowed t_I'0 = any_l () | & n : t_Item'0 = any_l () - | & _20 : Snapshot.snap_ty (Seq.seq t_Item'0) = any_l () - | & _24 : bool = any_l () - | & _25 : borrowed t_F'0 = any_l () - | & _26 : t_Item'0 = any_l () - | & _28 : t_Item'0 = any_l () + | & _19 : Snapshot.snap_ty (Seq.seq t_Item'0) = any_l () + | & _23 : bool = any_l () + | & _24 : borrowed t_F'0 = any_l () + | & _25 : t_Item'0 = any_l () + | & _27 : t_Item'0 = any_l () | & old_3_0 : Snapshot.snap_ty (borrowed (t_Filter'0)) = any_l () ] - [ return' (result:t_Option'0)-> {[@expl:next result type invariant] [%#s17_filter10] inv'4 result} - {[@expl:next ensures] [%#s17_filter11] match result with + [ return' (result:t_Option'0)-> {[@expl:next result type invariant] [%#s17_filter9] inv'4 result} + {[@expl:next ensures] [%#s17_filter10] match result with | C_None'0 -> completed'0 self | C_Some'0 v -> produces'1 self.current (Seq.singleton v) self.final end} (! return' {result}) ] end -module M_17_filter__filter [#"17_filter.rs" 114 0 116 39] - let%span s17_filter0 = "17_filter.rs" 114 30 114 34 - let%span s17_filter1 = "17_filter.rs" 114 39 114 40 - let%span s17_filter2 = "17_filter.rs" 110 11 110 23 - let%span s17_filter3 = "17_filter.rs" 111 11 111 29 - let%span s17_filter4 = "17_filter.rs" 112 11 112 21 - let%span s17_filter5 = "17_filter.rs" 114 48 114 60 - let%span s17_filter6 = "17_filter.rs" 113 10 113 49 - let%span s17_filter7 = "17_filter.rs" 141 16 141 59 - let%span s17_filter8 = "17_filter.rs" 135 16 135 57 - let%span s17_filter9 = "17_filter.rs" 147 16 147 126 +module M_17_filter__filter [#"17_filter.rs" 110 0 112 39] + let%span s17_filter0 = "17_filter.rs" 110 30 110 34 + let%span s17_filter1 = "17_filter.rs" 110 39 110 40 + let%span s17_filter2 = "17_filter.rs" 106 11 106 23 + let%span s17_filter3 = "17_filter.rs" 107 11 107 29 + let%span s17_filter4 = "17_filter.rs" 108 11 108 21 + let%span s17_filter5 = "17_filter.rs" 110 48 110 60 + let%span s17_filter6 = "17_filter.rs" 109 10 109 49 + let%span s17_filter7 = "17_filter.rs" 137 16 137 59 + let%span s17_filter8 = "17_filter.rs" 131 16 131 57 + let%span s17_filter9 = "17_filter.rs" 143 16 143 126 let%span sops10 = "../../../../creusot-contracts/src/std/ops.rs" 109 15 109 59 let%span sops11 = "../../../../creusot-contracts/src/std/ops.rs" 110 14 110 36 let%span sops12 = "../../../../creusot-contracts/src/std/ops.rs" 115 14 115 31 @@ -652,15 +598,11 @@ module M_17_filter__filter [#"17_filter.rs" 114 0 116 39] let%span sops14 = "../../../../creusot-contracts/src/std/ops.rs" 121 15 121 26 let%span sops15 = "../../../../creusot-contracts/src/std/ops.rs" 122 14 122 28 let%span sops16 = "../../../../creusot-contracts/src/std/ops.rs" 127 14 128 105 - let%span scommon17 = "common.rs" 14 15 14 24 - let%span scommon18 = "common.rs" 15 14 15 45 - let%span scommon19 = "common.rs" 19 15 19 21 - let%span scommon20 = "common.rs" 20 15 20 21 - let%span scommon21 = "common.rs" 21 15 21 21 - let%span scommon22 = "common.rs" 22 15 22 32 - let%span scommon23 = "common.rs" 23 15 23 32 - let%span scommon24 = "common.rs" 24 14 24 42 - let%span s17_filter25 = "17_filter.rs" 24 12 30 122 + let%span scommon17 = "common.rs" 14 14 14 45 + let%span scommon18 = "common.rs" 18 15 18 32 + let%span scommon19 = "common.rs" 19 15 19 32 + let%span scommon20 = "common.rs" 20 14 20 42 + let%span s17_filter21 = "17_filter.rs" 24 12 30 122 type t_I'0 @@ -687,19 +629,15 @@ module M_17_filter__filter [#"17_filter.rs" 114 0 116 39] predicate produces'0 [#"common.rs" 8 4 8 65] (self : t_I'0) (visited : Seq.seq t_Item'0) (o : t_I'0) - function produces_trans'0 [#"common.rs" 25 4 25 91] (a : t_I'0) (ab : Seq.seq t_Item'0) (b : t_I'0) (bc : Seq.seq t_Item'0) (c : t_I'0) : () + function produces_trans'0 [#"common.rs" 21 4 21 91] (a : t_I'0) (ab : Seq.seq t_Item'0) (b : t_I'0) (bc : Seq.seq t_Item'0) (c : t_I'0) : () - axiom produces_trans'0_spec : forall a : t_I'0, ab : Seq.seq t_Item'0, b : t_I'0, bc : Seq.seq t_Item'0, c : t_I'0 . ([%#scommon19] inv'0 a) - -> ([%#scommon20] inv'0 b) - -> ([%#scommon21] inv'0 c) - -> ([%#scommon22] produces'0 a ab b) - -> ([%#scommon23] produces'0 b bc c) -> ([%#scommon24] produces'0 a (Seq.(++) ab bc) c) + axiom produces_trans'0_spec : forall a : t_I'0, ab : Seq.seq t_Item'0, b : t_I'0, bc : Seq.seq t_Item'0, c : t_I'0 . ([%#scommon18] produces'0 a ab b) + -> ([%#scommon19] produces'0 b bc c) -> ([%#scommon20] produces'0 a (Seq.(++) ab bc) c) - function produces_refl'0 [#"common.rs" 16 4 16 27] (self : t_I'0) : () + function produces_refl'0 [#"common.rs" 15 4 15 27] (self : t_I'0) : () - axiom produces_refl'0_spec : forall self : t_I'0 . ([%#scommon17] inv'0 self) - -> ([%#scommon18] produces'0 self (Seq.empty : Seq.seq t_Item'0) self) + axiom produces_refl'0_spec : forall self : t_I'0 . [%#scommon17] produces'0 self (Seq.empty : Seq.seq t_Item'0) self predicate postcondition_once'0 (self : t_P'0) (args : t_Item'0) (result : bool) @@ -728,20 +666,20 @@ module M_17_filter__filter [#"17_filter.rs" 114 0 116 39] axiom postcondition_mut_unnest'0_spec : forall self : t_P'0, args : t_Item'0, res_state : t_P'0, res : bool . ([%#sops10] postcondition_mut'0 self args res_state res) -> ([%#sops11] unnest'0 self res_state) - predicate immutable'0 [#"17_filter.rs" 140 0 140 54] (_1 : t_P'0) = + predicate immutable'0 [#"17_filter.rs" 136 0 136 54] (_1 : t_P'0) = [%#s17_filter7] forall f : t_P'0, g : t_P'0 . unnest'0 f g -> f = g predicate precondition'0 (self : t_P'0) (args : t_Item'0) - predicate no_precondition'0 [#"17_filter.rs" 134 0 134 60] (_1 : t_P'0) = + predicate no_precondition'0 [#"17_filter.rs" 130 0 130 60] (_1 : t_P'0) = [%#s17_filter8] forall f : t_P'0, i : t_Item'0 . precondition'0 f (i) - predicate precise'0 [#"17_filter.rs" 146 0 146 52] (_1 : t_P'0) = + predicate precise'0 [#"17_filter.rs" 142 0 142 52] (_1 : t_P'0) = [%#s17_filter9] forall f1 : t_P'0, f2 : t_P'0, i : t_Item'0 . not (postcondition_mut'0 f1 (i) f2 true /\ postcondition_mut'0 f1 (i) f2 false) predicate invariant'0 [#"17_filter.rs" 21 4 21 30] (self : t_Filter'0) = - [%#s17_filter25] forall f : t_P'0, i : t_Item'0 . precondition'0 f (i) + [%#s17_filter21] forall f : t_P'0, i : t_Item'0 . precondition'0 f (i) /\ (forall f : t_P'0, g : t_P'0 . unnest'0 f g -> f = g) /\ (forall f1 : t_P'0, f2 : t_P'0, i : t_Item'0 . not (postcondition_mut'0 f1 (i) f2 true /\ postcondition_mut'0 f1 (i) f2 false)) @@ -777,11 +715,11 @@ module M_17_filter__filter [#"17_filter.rs" 114 0 116 39] (! return' {result}) ] end -module M_17_filter__less_than [#"17_filter.rs" 123 0 123 49] - let%span s17_filter0 = "17_filter.rs" 121 10 121 70 - let%span s17_filter1 = "17_filter.rs" 122 10 122 79 +module M_17_filter__less_than [#"17_filter.rs" 119 0 119 49] + let%span s17_filter0 = "17_filter.rs" 117 10 117 70 + let%span s17_filter1 = "17_filter.rs" 118 10 118 79 let%span siter2 = "../../../../creusot-contracts/src/std/iter.rs" 101 0 213 1 - let%span s17_filter3 = "17_filter.rs" 126 22 126 40 + let%span s17_filter3 = "17_filter.rs" 122 22 122 40 let%span siter4 = "../../../../creusot-contracts/src/std/iter.rs" 144 27 144 47 let%span siter5 = "../../../../creusot-contracts/src/std/iter.rs" 145 27 145 53 let%span siter6 = "../../../../creusot-contracts/src/std/iter.rs" 146 27 146 45 @@ -1155,27 +1093,23 @@ module M_17_filter__less_than [#"17_filter.rs" 123 0 123 49] (! return' {result}) ] end -module M_17_filter__qyi17392541228996028033__next__refines [#"17_filter.rs" 88 4 88 41] (* as common::Iterator> *) - let%span s17_filter0 = "17_filter.rs" 88 4 88 41 +module M_17_filter__qyi17392541228996028033__next__refines [#"17_filter.rs" 84 4 84 41] (* as common::Iterator> *) + let%span s17_filter0 = "17_filter.rs" 84 4 84 41 let%span s17_filter1 = "17_filter.rs" 42 12 44 43 - let%span s17_filter2 = "17_filter.rs" 67 8 80 9 - let%span sinvariant3 = "../../../../creusot-contracts/src/invariant.rs" 34 20 34 44 - let%span scommon4 = "common.rs" 14 15 14 24 - let%span scommon5 = "common.rs" 15 14 15 45 - let%span scommon6 = "common.rs" 19 15 19 21 - let%span scommon7 = "common.rs" 20 15 20 21 - let%span scommon8 = "common.rs" 21 15 21 21 - let%span scommon9 = "common.rs" 22 15 22 32 - let%span scommon10 = "common.rs" 23 15 23 32 - let%span scommon11 = "common.rs" 24 14 24 42 - let%span sops12 = "../../../../creusot-contracts/src/std/ops.rs" 109 15 109 59 - let%span sops13 = "../../../../creusot-contracts/src/std/ops.rs" 110 14 110 36 - let%span sops14 = "../../../../creusot-contracts/src/std/ops.rs" 115 14 115 31 - let%span sops15 = "../../../../creusot-contracts/src/std/ops.rs" 120 15 120 29 - let%span sops16 = "../../../../creusot-contracts/src/std/ops.rs" 121 15 121 26 - let%span sops17 = "../../../../creusot-contracts/src/std/ops.rs" 122 14 122 28 - let%span sops18 = "../../../../creusot-contracts/src/std/ops.rs" 127 14 128 105 - let%span s17_filter19 = "17_filter.rs" 24 12 30 122 + let%span s17_filter2 = "17_filter.rs" 64 12 76 17 + let%span s17_filter3 = "17_filter.rs" 24 12 30 122 + let%span sinvariant4 = "../../../../creusot-contracts/src/invariant.rs" 34 20 34 44 + let%span scommon5 = "common.rs" 14 14 14 45 + let%span scommon6 = "common.rs" 18 15 18 32 + let%span scommon7 = "common.rs" 19 15 19 32 + let%span scommon8 = "common.rs" 20 14 20 42 + let%span sops9 = "../../../../creusot-contracts/src/std/ops.rs" 109 15 109 59 + let%span sops10 = "../../../../creusot-contracts/src/std/ops.rs" 110 14 110 36 + let%span sops11 = "../../../../creusot-contracts/src/std/ops.rs" 115 14 115 31 + let%span sops12 = "../../../../creusot-contracts/src/std/ops.rs" 120 15 120 29 + let%span sops13 = "../../../../creusot-contracts/src/std/ops.rs" 121 15 121 26 + let%span sops14 = "../../../../creusot-contracts/src/std/ops.rs" 122 14 122 28 + let%span sops15 = "../../../../creusot-contracts/src/std/ops.rs" 127 14 128 105 use prelude.prelude.Borrow @@ -1186,8 +1120,6 @@ module M_17_filter__qyi17392541228996028033__next__refines [#"17_filter.rs" 88 4 type t_Filter'0 = { t_Filter__iter'0: t_I'0; t_Filter__func'0: t_F'0 } - predicate inv'4 (_1 : t_I'0) - use seq.Seq use seq.Seq @@ -1198,19 +1130,15 @@ module M_17_filter__qyi17392541228996028033__next__refines [#"17_filter.rs" 88 4 predicate produces'1 [#"common.rs" 8 4 8 65] (self : t_I'0) (visited : Seq.seq t_Item'0) (o : t_I'0) - function produces_trans'0 [#"common.rs" 25 4 25 91] (a : t_I'0) (ab : Seq.seq t_Item'0) (b : t_I'0) (bc : Seq.seq t_Item'0) (c : t_I'0) : () + function produces_trans'0 [#"common.rs" 21 4 21 91] (a : t_I'0) (ab : Seq.seq t_Item'0) (b : t_I'0) (bc : Seq.seq t_Item'0) (c : t_I'0) : () - axiom produces_trans'0_spec : forall a : t_I'0, ab : Seq.seq t_Item'0, b : t_I'0, bc : Seq.seq t_Item'0, c : t_I'0 . ([%#scommon6] inv'4 a) - -> ([%#scommon7] inv'4 b) - -> ([%#scommon8] inv'4 c) - -> ([%#scommon9] produces'1 a ab b) - -> ([%#scommon10] produces'1 b bc c) -> ([%#scommon11] produces'1 a (Seq.(++) ab bc) c) + axiom produces_trans'0_spec : forall a : t_I'0, ab : Seq.seq t_Item'0, b : t_I'0, bc : Seq.seq t_Item'0, c : t_I'0 . ([%#scommon6] produces'1 a ab b) + -> ([%#scommon7] produces'1 b bc c) -> ([%#scommon8] produces'1 a (Seq.(++) ab bc) c) - function produces_refl'0 [#"common.rs" 16 4 16 27] (self : t_I'0) : () + function produces_refl'0 [#"common.rs" 15 4 15 27] (self : t_I'0) : () - axiom produces_refl'0_spec : forall self : t_I'0 . ([%#scommon4] inv'4 self) - -> ([%#scommon5] produces'1 self (Seq.empty : Seq.seq t_Item'0) self) + axiom produces_refl'0_spec : forall self : t_I'0 . [%#scommon5] produces'1 self (Seq.empty : Seq.seq t_Item'0) self predicate precondition'0 (self : t_F'0) (args : t_Item'0) @@ -1222,47 +1150,49 @@ module M_17_filter__qyi17392541228996028033__next__refines [#"17_filter.rs" 88 4 function fn_mut_once'0 (self : t_F'0) (args : t_Item'0) (res : bool) : () - axiom fn_mut_once'0_spec : forall self : t_F'0, args : t_Item'0, res : bool . [%#sops18] postcondition_once'0 self args res + axiom fn_mut_once'0_spec : forall self : t_F'0, args : t_Item'0, res : bool . [%#sops15] postcondition_once'0 self args res = (exists res_state : t_F'0 . postcondition_mut'0 self args res_state res /\ resolve'0 res_state) predicate unnest'0 (self : t_F'0) (_2 : t_F'0) function unnest_trans'0 (self : t_F'0) (b : t_F'0) (c : t_F'0) : () - axiom unnest_trans'0_spec : forall self : t_F'0, b : t_F'0, c : t_F'0 . ([%#sops15] unnest'0 self b) - -> ([%#sops16] unnest'0 b c) -> ([%#sops17] unnest'0 self c) + axiom unnest_trans'0_spec : forall self : t_F'0, b : t_F'0, c : t_F'0 . ([%#sops12] unnest'0 self b) + -> ([%#sops13] unnest'0 b c) -> ([%#sops14] unnest'0 self c) function unnest_refl'0 (self : t_F'0) : () - axiom unnest_refl'0_spec : forall self : t_F'0 . [%#sops14] unnest'0 self self + axiom unnest_refl'0_spec : forall self : t_F'0 . [%#sops11] unnest'0 self self function postcondition_mut_unnest'0 (self : t_F'0) (args : t_Item'0) (res_state : t_F'0) (res : bool) : () - axiom postcondition_mut_unnest'0_spec : forall self : t_F'0, args : t_Item'0, res_state : t_F'0, res : bool . ([%#sops12] postcondition_mut'0 self args res_state res) - -> ([%#sops13] unnest'0 self res_state) + axiom postcondition_mut_unnest'0_spec : forall self : t_F'0, args : t_Item'0, res_state : t_F'0, res : bool . ([%#sops9] postcondition_mut'0 self args res_state res) + -> ([%#sops10] unnest'0 self res_state) - predicate invariant'1 [#"17_filter.rs" 21 4 21 30] (self : t_Filter'0) = - [%#s17_filter19] forall f : t_F'0, i : t_Item'0 . precondition'0 f (i) + predicate invariant'0 [#"17_filter.rs" 21 4 21 30] (self : t_Filter'0) = + [%#s17_filter3] forall f : t_F'0, i : t_Item'0 . precondition'0 f (i) /\ (forall f : t_F'0, g : t_F'0 . unnest'0 f g -> f = g) /\ (forall f1 : t_F'0, f2 : t_F'0, i : t_Item'0 . not (postcondition_mut'0 f1 (i) f2 true /\ postcondition_mut'0 f1 (i) f2 false)) + predicate inv'4 (_1 : t_I'0) + predicate inv'5 (_1 : t_F'0) predicate inv'3 (_1 : t_Filter'0) axiom inv_axiom'2 [@rewrite] : forall x : t_Filter'0 [inv'3 x] . inv'3 x - = (invariant'1 x + = (invariant'0 x /\ match x with | {t_Filter__iter'0 = iter ; t_Filter__func'0 = func} -> inv'4 iter /\ inv'5 func end) - predicate invariant'0 (self : borrowed (t_Filter'0)) = - [%#sinvariant3] inv'3 self.current /\ inv'3 self.final + predicate invariant'1 (self : borrowed (t_Filter'0)) = + [%#sinvariant4] inv'3 self.current /\ inv'3 self.final predicate inv'0 (_1 : borrowed (t_Filter'0)) - axiom inv_axiom'0 [@rewrite] : forall x : borrowed (t_Filter'0) [inv'0 x] . inv'0 x = invariant'0 x + axiom inv_axiom'0 [@rewrite] : forall x : borrowed (t_Filter'0) [inv'0 x] . inv'0 x = invariant'1 x type t_Option'0 = | C_None'0 @@ -1289,9 +1219,10 @@ module M_17_filter__qyi17392541228996028033__next__refines [#"17_filter.rs" 88 4 use map.Map - predicate produces'0 [#"17_filter.rs" 66 4 66 67] (self : t_Filter'0) (visited : Seq.seq t_Item'0) (succ : t_Filter'0) + predicate produces'0 [#"17_filter.rs" 62 4 62 67] (self : t_Filter'0) (visited : Seq.seq t_Item'0) (succ : t_Filter'0) = - [%#s17_filter2] unnest'0 self.t_Filter__func'0 succ.t_Filter__func'0 + [%#s17_filter2] invariant'0 self + -> unnest'0 self.t_Filter__func'0 succ.t_Filter__func'0 /\ (exists s : Seq.seq t_Item'0, f : Map.map int int . produces'1 self.t_Filter__iter'0 s succ.t_Filter__iter'0 /\ (forall i : int, j : int . 0 <= i /\ i <= j /\ j < Seq.length visited -> 0 <= Map.get f i /\ Map.get f i <= Map.get f j /\ Map.get f j < Seq.length s) @@ -1312,7 +1243,6 @@ module M_17_filter__qyi17392541228996028033__next__refines [#"17_filter.rs" 88 4 goal refines : [%#s17_filter0] forall self : borrowed (t_Filter'0) . inv'0 self -> inv'0 self - /\ inv'0 self /\ (forall result : t_Option'0 . match result with | C_None'0 -> completed'0 self | C_Some'0 v -> produces'0 self.current (Seq.singleton v) self.final @@ -1324,25 +1254,21 @@ module M_17_filter__qyi17392541228996028033__next__refines [#"17_filter.rs" 88 4 end /\ inv'1 result) end -module M_17_filter__qyi17392541228996028033__produces_refl__refines [#"17_filter.rs" 52 4 52 26] (* as common::Iterator> *) - let%span s17_filter0 = "17_filter.rs" 52 4 52 26 - let%span s17_filter1 = "17_filter.rs" 67 8 80 9 - let%span scommon2 = "common.rs" 14 15 14 24 - let%span scommon3 = "common.rs" 15 14 15 45 - let%span scommon4 = "common.rs" 19 15 19 21 - let%span scommon5 = "common.rs" 20 15 20 21 - let%span scommon6 = "common.rs" 21 15 21 21 - let%span scommon7 = "common.rs" 22 15 22 32 - let%span scommon8 = "common.rs" 23 15 23 32 - let%span scommon9 = "common.rs" 24 14 24 42 - let%span s17_filter10 = "17_filter.rs" 24 12 30 122 - let%span sops11 = "../../../../creusot-contracts/src/std/ops.rs" 109 15 109 59 - let%span sops12 = "../../../../creusot-contracts/src/std/ops.rs" 110 14 110 36 - let%span sops13 = "../../../../creusot-contracts/src/std/ops.rs" 115 14 115 31 - let%span sops14 = "../../../../creusot-contracts/src/std/ops.rs" 120 15 120 29 - let%span sops15 = "../../../../creusot-contracts/src/std/ops.rs" 121 15 121 26 - let%span sops16 = "../../../../creusot-contracts/src/std/ops.rs" 122 14 122 28 - let%span sops17 = "../../../../creusot-contracts/src/std/ops.rs" 127 14 128 105 +module M_17_filter__qyi17392541228996028033__produces_refl__refines [#"17_filter.rs" 51 4 51 26] (* as common::Iterator> *) + let%span s17_filter0 = "17_filter.rs" 51 4 51 26 + let%span s17_filter1 = "17_filter.rs" 64 12 76 17 + let%span scommon2 = "common.rs" 14 14 14 45 + let%span scommon3 = "common.rs" 18 15 18 32 + let%span scommon4 = "common.rs" 19 15 19 32 + let%span scommon5 = "common.rs" 20 14 20 42 + let%span s17_filter6 = "17_filter.rs" 24 12 30 122 + let%span sops7 = "../../../../creusot-contracts/src/std/ops.rs" 109 15 109 59 + let%span sops8 = "../../../../creusot-contracts/src/std/ops.rs" 110 14 110 36 + let%span sops9 = "../../../../creusot-contracts/src/std/ops.rs" 115 14 115 31 + let%span sops10 = "../../../../creusot-contracts/src/std/ops.rs" 120 15 120 29 + let%span sops11 = "../../../../creusot-contracts/src/std/ops.rs" 121 15 121 26 + let%span sops12 = "../../../../creusot-contracts/src/std/ops.rs" 122 14 122 28 + let%span sops13 = "../../../../creusot-contracts/src/std/ops.rs" 127 14 128 105 type t_I'0 @@ -1351,10 +1277,6 @@ module M_17_filter__qyi17392541228996028033__produces_refl__refines [#"17_filter type t_Filter'0 = { t_Filter__iter'0: t_I'0; t_Filter__func'0: t_F'0 } - use prelude.prelude.Borrow - - predicate inv'1 (_1 : t_I'0) - use seq.Seq use seq.Seq @@ -1365,19 +1287,17 @@ module M_17_filter__qyi17392541228996028033__produces_refl__refines [#"17_filter predicate produces'1 [#"common.rs" 8 4 8 65] (self : t_I'0) (visited : Seq.seq t_Item'0) (o : t_I'0) - function produces_trans'0 [#"common.rs" 25 4 25 91] (a : t_I'0) (ab : Seq.seq t_Item'0) (b : t_I'0) (bc : Seq.seq t_Item'0) (c : t_I'0) : () + function produces_trans'0 [#"common.rs" 21 4 21 91] (a : t_I'0) (ab : Seq.seq t_Item'0) (b : t_I'0) (bc : Seq.seq t_Item'0) (c : t_I'0) : () - axiom produces_trans'0_spec : forall a : t_I'0, ab : Seq.seq t_Item'0, b : t_I'0, bc : Seq.seq t_Item'0, c : t_I'0 . ([%#scommon4] inv'1 a) - -> ([%#scommon5] inv'1 b) - -> ([%#scommon6] inv'1 c) - -> ([%#scommon7] produces'1 a ab b) - -> ([%#scommon8] produces'1 b bc c) -> ([%#scommon9] produces'1 a (Seq.(++) ab bc) c) + axiom produces_trans'0_spec : forall a : t_I'0, ab : Seq.seq t_Item'0, b : t_I'0, bc : Seq.seq t_Item'0, c : t_I'0 . ([%#scommon3] produces'1 a ab b) + -> ([%#scommon4] produces'1 b bc c) -> ([%#scommon5] produces'1 a (Seq.(++) ab bc) c) - function produces_refl'1 [#"common.rs" 16 4 16 27] (self : t_I'0) : () + function produces_refl'1 [#"common.rs" 15 4 15 27] (self : t_I'0) : () - axiom produces_refl'1_spec : forall self : t_I'0 . ([%#scommon2] inv'1 self) - -> ([%#scommon3] produces'1 self (Seq.empty : Seq.seq t_Item'0) self) + axiom produces_refl'1_spec : forall self : t_I'0 . [%#scommon2] produces'1 self (Seq.empty : Seq.seq t_Item'0) self + + use prelude.prelude.Borrow predicate precondition'0 (self : t_F'0) (args : t_Item'0) @@ -1389,41 +1309,31 @@ module M_17_filter__qyi17392541228996028033__produces_refl__refines [#"17_filter function fn_mut_once'0 (self : t_F'0) (args : t_Item'0) (res : bool) : () - axiom fn_mut_once'0_spec : forall self : t_F'0, args : t_Item'0, res : bool . [%#sops17] postcondition_once'0 self args res + axiom fn_mut_once'0_spec : forall self : t_F'0, args : t_Item'0, res : bool . [%#sops13] postcondition_once'0 self args res = (exists res_state : t_F'0 . postcondition_mut'0 self args res_state res /\ resolve'0 res_state) predicate unnest'0 (self : t_F'0) (_2 : t_F'0) function unnest_trans'0 (self : t_F'0) (b : t_F'0) (c : t_F'0) : () - axiom unnest_trans'0_spec : forall self : t_F'0, b : t_F'0, c : t_F'0 . ([%#sops14] unnest'0 self b) - -> ([%#sops15] unnest'0 b c) -> ([%#sops16] unnest'0 self c) + axiom unnest_trans'0_spec : forall self : t_F'0, b : t_F'0, c : t_F'0 . ([%#sops10] unnest'0 self b) + -> ([%#sops11] unnest'0 b c) -> ([%#sops12] unnest'0 self c) function unnest_refl'0 (self : t_F'0) : () - axiom unnest_refl'0_spec : forall self : t_F'0 . [%#sops13] unnest'0 self self + axiom unnest_refl'0_spec : forall self : t_F'0 . [%#sops9] unnest'0 self self function postcondition_mut_unnest'0 (self : t_F'0) (args : t_Item'0) (res_state : t_F'0) (res : bool) : () - axiom postcondition_mut_unnest'0_spec : forall self : t_F'0, args : t_Item'0, res_state : t_F'0, res : bool . ([%#sops11] postcondition_mut'0 self args res_state res) - -> ([%#sops12] unnest'0 self res_state) + axiom postcondition_mut_unnest'0_spec : forall self : t_F'0, args : t_Item'0, res_state : t_F'0, res : bool . ([%#sops7] postcondition_mut'0 self args res_state res) + -> ([%#sops8] unnest'0 self res_state) predicate invariant'0 [#"17_filter.rs" 21 4 21 30] (self : t_Filter'0) = - [%#s17_filter10] forall f : t_F'0, i : t_Item'0 . precondition'0 f (i) + [%#s17_filter6] forall f : t_F'0, i : t_Item'0 . precondition'0 f (i) /\ (forall f : t_F'0, g : t_F'0 . unnest'0 f g -> f = g) /\ (forall f1 : t_F'0, f2 : t_F'0, i : t_Item'0 . not (postcondition_mut'0 f1 (i) f2 true /\ postcondition_mut'0 f1 (i) f2 false)) - predicate inv'2 (_1 : t_F'0) - - predicate inv'0 (_1 : t_Filter'0) - - axiom inv_axiom'0 [@rewrite] : forall x : t_Filter'0 [inv'0 x] . inv'0 x - = (invariant'0 x - /\ match x with - | {t_Filter__iter'0 = iter ; t_Filter__func'0 = func} -> inv'1 iter /\ inv'2 func - end) - use prelude.prelude.Int use map.Map @@ -1434,9 +1344,10 @@ module M_17_filter__qyi17392541228996028033__produces_refl__refines [#"17_filter use seq.Seq - predicate produces'0 [#"17_filter.rs" 66 4 66 67] (self : t_Filter'0) (visited : Seq.seq t_Item'0) (succ : t_Filter'0) + predicate produces'0 [#"17_filter.rs" 62 4 62 67] (self : t_Filter'0) (visited : Seq.seq t_Item'0) (succ : t_Filter'0) = - [%#s17_filter1] unnest'0 self.t_Filter__func'0 succ.t_Filter__func'0 + [%#s17_filter1] invariant'0 self + -> unnest'0 self.t_Filter__func'0 succ.t_Filter__func'0 /\ (exists s : Seq.seq t_Item'0, f : Map.map int int . produces'1 self.t_Filter__iter'0 s succ.t_Filter__iter'0 /\ (forall i : int, j : int . 0 <= i /\ i <= j /\ j < Seq.length visited -> 0 <= Map.get f i /\ Map.get f i <= Map.get f j /\ Map.get f j < Seq.length s) @@ -1445,30 +1356,24 @@ module M_17_filter__qyi17392541228996028033__produces_refl__refines [#"17_filter -> (exists j : int . 0 <= j /\ j < Seq.length visited /\ Map.get f j = i) = postcondition_mut'0 self.t_Filter__func'0 (Seq.get s i) self.t_Filter__func'0 true)) - goal refines : [%#s17_filter0] forall self : t_Filter'0 . inv'0 self - -> inv'0 self - /\ (forall result : () . produces'0 self (Seq.empty : Seq.seq t_Item'0) self - -> produces'0 self (Seq.empty : Seq.seq t_Item'0) self) + goal refines : [%#s17_filter0] forall self : t_Filter'0 . forall result : () . produces'0 self (Seq.empty : Seq.seq t_Item'0) self + -> produces'0 self (Seq.empty : Seq.seq t_Item'0) self end -module M_17_filter__qyi17392541228996028033__produces_trans__refines [#"17_filter.rs" 62 4 62 90] (* as common::Iterator> *) - let%span s17_filter0 = "17_filter.rs" 62 4 62 90 - let%span s17_filter1 = "17_filter.rs" 67 8 80 9 - let%span scommon2 = "common.rs" 14 15 14 24 - let%span scommon3 = "common.rs" 15 14 15 45 - let%span scommon4 = "common.rs" 19 15 19 21 - let%span scommon5 = "common.rs" 20 15 20 21 - let%span scommon6 = "common.rs" 21 15 21 21 - let%span scommon7 = "common.rs" 22 15 22 32 - let%span scommon8 = "common.rs" 23 15 23 32 - let%span scommon9 = "common.rs" 24 14 24 42 - let%span sops10 = "../../../../creusot-contracts/src/std/ops.rs" 109 15 109 59 - let%span sops11 = "../../../../creusot-contracts/src/std/ops.rs" 110 14 110 36 - let%span sops12 = "../../../../creusot-contracts/src/std/ops.rs" 115 14 115 31 - let%span sops13 = "../../../../creusot-contracts/src/std/ops.rs" 120 15 120 29 - let%span sops14 = "../../../../creusot-contracts/src/std/ops.rs" 121 15 121 26 - let%span sops15 = "../../../../creusot-contracts/src/std/ops.rs" 122 14 122 28 - let%span sops16 = "../../../../creusot-contracts/src/std/ops.rs" 127 14 128 105 - let%span s17_filter17 = "17_filter.rs" 24 12 30 122 +module M_17_filter__qyi17392541228996028033__produces_trans__refines [#"17_filter.rs" 58 4 58 90] (* as common::Iterator> *) + let%span s17_filter0 = "17_filter.rs" 58 4 58 90 + let%span s17_filter1 = "17_filter.rs" 64 12 76 17 + let%span scommon2 = "common.rs" 14 14 14 45 + let%span scommon3 = "common.rs" 18 15 18 32 + let%span scommon4 = "common.rs" 19 15 19 32 + let%span scommon5 = "common.rs" 20 14 20 42 + let%span s17_filter6 = "17_filter.rs" 24 12 30 122 + let%span sops7 = "../../../../creusot-contracts/src/std/ops.rs" 109 15 109 59 + let%span sops8 = "../../../../creusot-contracts/src/std/ops.rs" 110 14 110 36 + let%span sops9 = "../../../../creusot-contracts/src/std/ops.rs" 115 14 115 31 + let%span sops10 = "../../../../creusot-contracts/src/std/ops.rs" 120 15 120 29 + let%span sops11 = "../../../../creusot-contracts/src/std/ops.rs" 121 15 121 26 + let%span sops12 = "../../../../creusot-contracts/src/std/ops.rs" 122 14 122 28 + let%span sops13 = "../../../../creusot-contracts/src/std/ops.rs" 127 14 128 105 type t_I'0 @@ -1477,8 +1382,6 @@ module M_17_filter__qyi17392541228996028033__produces_trans__refines [#"17_filte type t_Filter'0 = { t_Filter__iter'0: t_I'0; t_Filter__func'0: t_F'0 } - predicate inv'1 (_1 : t_I'0) - use seq.Seq use seq.Seq @@ -1489,22 +1392,20 @@ module M_17_filter__qyi17392541228996028033__produces_trans__refines [#"17_filte predicate produces'1 [#"common.rs" 8 4 8 65] (self : t_I'0) (visited : Seq.seq t_Item'0) (o : t_I'0) - function produces_trans'1 [#"common.rs" 25 4 25 91] (a : t_I'0) (ab : Seq.seq t_Item'0) (b : t_I'0) (bc : Seq.seq t_Item'0) (c : t_I'0) : () + function produces_trans'1 [#"common.rs" 21 4 21 91] (a : t_I'0) (ab : Seq.seq t_Item'0) (b : t_I'0) (bc : Seq.seq t_Item'0) (c : t_I'0) : () - axiom produces_trans'1_spec : forall a : t_I'0, ab : Seq.seq t_Item'0, b : t_I'0, bc : Seq.seq t_Item'0, c : t_I'0 . ([%#scommon4] inv'1 a) - -> ([%#scommon5] inv'1 b) - -> ([%#scommon6] inv'1 c) - -> ([%#scommon7] produces'1 a ab b) - -> ([%#scommon8] produces'1 b bc c) -> ([%#scommon9] produces'1 a (Seq.(++) ab bc) c) + axiom produces_trans'1_spec : forall a : t_I'0, ab : Seq.seq t_Item'0, b : t_I'0, bc : Seq.seq t_Item'0, c : t_I'0 . ([%#scommon3] produces'1 a ab b) + -> ([%#scommon4] produces'1 b bc c) -> ([%#scommon5] produces'1 a (Seq.(++) ab bc) c) - function produces_refl'0 [#"common.rs" 16 4 16 27] (self : t_I'0) : () + function produces_refl'0 [#"common.rs" 15 4 15 27] (self : t_I'0) : () - axiom produces_refl'0_spec : forall self : t_I'0 . ([%#scommon2] inv'1 self) - -> ([%#scommon3] produces'1 self (Seq.empty : Seq.seq t_Item'0) self) + axiom produces_refl'0_spec : forall self : t_I'0 . [%#scommon2] produces'1 self (Seq.empty : Seq.seq t_Item'0) self use prelude.prelude.Borrow + predicate precondition'0 (self : t_F'0) (args : t_Item'0) + predicate postcondition_once'0 (self : t_F'0) (args : t_Item'0) (result : bool) predicate resolve'0 (_1 : t_F'0) @@ -1513,24 +1414,30 @@ module M_17_filter__qyi17392541228996028033__produces_trans__refines [#"17_filte function fn_mut_once'0 (self : t_F'0) (args : t_Item'0) (res : bool) : () - axiom fn_mut_once'0_spec : forall self : t_F'0, args : t_Item'0, res : bool . [%#sops16] postcondition_once'0 self args res + axiom fn_mut_once'0_spec : forall self : t_F'0, args : t_Item'0, res : bool . [%#sops13] postcondition_once'0 self args res = (exists res_state : t_F'0 . postcondition_mut'0 self args res_state res /\ resolve'0 res_state) predicate unnest'0 (self : t_F'0) (_2 : t_F'0) function unnest_trans'0 (self : t_F'0) (b : t_F'0) (c : t_F'0) : () - axiom unnest_trans'0_spec : forall self : t_F'0, b : t_F'0, c : t_F'0 . ([%#sops13] unnest'0 self b) - -> ([%#sops14] unnest'0 b c) -> ([%#sops15] unnest'0 self c) + axiom unnest_trans'0_spec : forall self : t_F'0, b : t_F'0, c : t_F'0 . ([%#sops10] unnest'0 self b) + -> ([%#sops11] unnest'0 b c) -> ([%#sops12] unnest'0 self c) function unnest_refl'0 (self : t_F'0) : () - axiom unnest_refl'0_spec : forall self : t_F'0 . [%#sops12] unnest'0 self self + axiom unnest_refl'0_spec : forall self : t_F'0 . [%#sops9] unnest'0 self self function postcondition_mut_unnest'0 (self : t_F'0) (args : t_Item'0) (res_state : t_F'0) (res : bool) : () - axiom postcondition_mut_unnest'0_spec : forall self : t_F'0, args : t_Item'0, res_state : t_F'0, res : bool . ([%#sops10] postcondition_mut'0 self args res_state res) - -> ([%#sops11] unnest'0 self res_state) + axiom postcondition_mut_unnest'0_spec : forall self : t_F'0, args : t_Item'0, res_state : t_F'0, res : bool . ([%#sops7] postcondition_mut'0 self args res_state res) + -> ([%#sops8] unnest'0 self res_state) + + predicate invariant'0 [#"17_filter.rs" 21 4 21 30] (self : t_Filter'0) = + [%#s17_filter6] forall f : t_F'0, i : t_Item'0 . precondition'0 f (i) + /\ (forall f : t_F'0, g : t_F'0 . unnest'0 f g -> f = g) + /\ (forall f1 : t_F'0, f2 : t_F'0, i : t_Item'0 . not (postcondition_mut'0 f1 (i) f2 true + /\ postcondition_mut'0 f1 (i) f2 false)) use prelude.prelude.Int @@ -1542,9 +1449,10 @@ module M_17_filter__qyi17392541228996028033__produces_trans__refines [#"17_filte use seq.Seq - predicate produces'0 [#"17_filter.rs" 66 4 66 67] (self : t_Filter'0) (visited : Seq.seq t_Item'0) (succ : t_Filter'0) + predicate produces'0 [#"17_filter.rs" 62 4 62 67] (self : t_Filter'0) (visited : Seq.seq t_Item'0) (succ : t_Filter'0) = - [%#s17_filter1] unnest'0 self.t_Filter__func'0 succ.t_Filter__func'0 + [%#s17_filter1] invariant'0 self + -> unnest'0 self.t_Filter__func'0 succ.t_Filter__func'0 /\ (exists s : Seq.seq t_Item'0, f : Map.map int int . produces'1 self.t_Filter__iter'0 s succ.t_Filter__iter'0 /\ (forall i : int, j : int . 0 <= i /\ i <= j /\ j < Seq.length visited -> 0 <= Map.get f i /\ Map.get f i <= Map.get f j /\ Map.get f j < Seq.length s) @@ -1553,28 +1461,8 @@ module M_17_filter__qyi17392541228996028033__produces_trans__refines [#"17_filte -> (exists j : int . 0 <= j /\ j < Seq.length visited /\ Map.get f j = i) = postcondition_mut'0 self.t_Filter__func'0 (Seq.get s i) self.t_Filter__func'0 true)) - predicate precondition'0 (self : t_F'0) (args : t_Item'0) - - predicate invariant'0 [#"17_filter.rs" 21 4 21 30] (self : t_Filter'0) = - [%#s17_filter17] forall f : t_F'0, i : t_Item'0 . precondition'0 f (i) - /\ (forall f : t_F'0, g : t_F'0 . unnest'0 f g -> f = g) - /\ (forall f1 : t_F'0, f2 : t_F'0, i : t_Item'0 . not (postcondition_mut'0 f1 (i) f2 true - /\ postcondition_mut'0 f1 (i) f2 false)) - - predicate inv'2 (_1 : t_F'0) - - predicate inv'0 (_1 : t_Filter'0) - - axiom inv_axiom'0 [@rewrite] : forall x : t_Filter'0 [inv'0 x] . inv'0 x - = (invariant'0 x - /\ match x with - | {t_Filter__iter'0 = iter ; t_Filter__func'0 = func} -> inv'1 iter /\ inv'2 func - end) - goal refines : [%#s17_filter0] forall a : t_Filter'0 . forall ab : Seq.seq t_Item'0 . forall b : t_Filter'0 . forall bc : Seq.seq t_Item'0 . forall c : t_Filter'0 . produces'0 b bc c - /\ produces'0 a ab b /\ inv'0 c /\ inv'0 b /\ inv'0 a - -> produces'0 b bc c /\ produces'0 a ab b - /\ inv'0 c - /\ inv'0 b /\ inv'0 a /\ (forall result : () . produces'0 a (Seq.(++) ab bc) c -> produces'0 a (Seq.(++) ab bc) c) + -> produces'0 b bc c + /\ produces'0 a ab b /\ (forall result : () . produces'0 a (Seq.(++) ab bc) c -> produces'0 a (Seq.(++) ab bc) c) end diff --git a/creusot/tests/should_succeed/iterators/17_filter.rs b/creusot/tests/should_succeed/iterators/17_filter.rs index 432eae12d..4b972b94d 100644 --- a/creusot/tests/should_succeed/iterators/17_filter.rs +++ b/creusot/tests/should_succeed/iterators/17_filter.rs @@ -47,15 +47,11 @@ impl bool> Iterator for Filter { #[law] #[open] - #[requires(inv(self))] #[ensures(self.produces(Seq::EMPTY, self))] fn produces_refl(self) {} #[law] #[open] - #[requires(inv(a))] - #[requires(inv(b))] - #[requires(inv(c))] #[requires(a.produces(ab, b))] #[requires(b.produces(bc, c))] #[ensures(a.produces(ab.concat(bc), c))] @@ -65,6 +61,7 @@ impl bool> Iterator for Filter { #[predicate(prophetic)] fn produces(self, visited: Seq, succ: Self) -> bool { pearlite! { + self.invariant() ==> self.func.unnest(succ.func) && // f here is a mapping from indices of `visited` to those of `s`, where `s` is the whole sequence produced by the underlying iterator // Interestingly, Z3 guesses `f` quite readily but gives up *totally* on `s`. However, the addition of the final assertions on the correctness of the values @@ -80,7 +77,6 @@ impl bool> Iterator for Filter { } } - #[requires(inv(self))] #[ensures(match result { None => self.completed(), Some(v) => (*self).produces(Seq::singleton(v), ^self) diff --git a/creusot/tests/should_succeed/iterators/17_filter/why3session.xml b/creusot/tests/should_succeed/iterators/17_filter/why3session.xml index aef093e64..1aea4b2ef 100644 --- a/creusot/tests/should_succeed/iterators/17_filter/why3session.xml +++ b/creusot/tests/should_succeed/iterators/17_filter/why3session.xml @@ -10,31 +10,12 @@ - + - - - - - - - - - - - - - - - - - - - - + @@ -48,51 +29,58 @@ - + - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + - - - - - - - + + + + + + + + + + + @@ -115,100 +103,100 @@ - + - + - + - + - + - + - + - + - + - + - + - + - + - + - + - + - + - + - + - + - + - + - + - + - + - + - + - + @@ -217,27 +205,27 @@ - + - + - + - + - + - + - + @@ -252,14 +240,14 @@ - + - + @@ -293,39 +281,12 @@ - - - - - - - - - + - + - - - - - - - - - - - - - - - - - - - - + diff --git a/creusot/tests/should_succeed/iterators/17_filter/why3shapes.gz b/creusot/tests/should_succeed/iterators/17_filter/why3shapes.gz index 328a53236c40f4ccbf5c534dd91067010765a36b..ea9cc5ef88287aaad483652810348bbd479ff147 100644 GIT binary patch literal 5907 zcmV+u7wqUCiwFP!00000|Lr{4ZX8K+@BE4e{2<%H0vVAJc^D&LiGheBV9$$=}7(2i~S$RZ6#+8u~+5FdkUu}MKpVDUaH9cvpA6kx&&TS3n02C9gmPr&P5E!j8~60#W_|aR9zT4@U+%*j;rxDAxOMCM zukLZ}?#mK?wZzILNWZ41LJcks{?Fr=^x3^DlVI4hxOP9a2<|T3|N8Ws^Wob4^ez5b zHcyXV!qe*0WBRz>Or89aDZ9;rC0}*>ce#a8r8mRoORpJ+w;QkhW!u{|y>qGFz27#J zgR)~{^?n`C+@^V zWGhTmV*^{pLa$Waj45m3OqCjWTXdd#PQVC*D-7P(c|MoBZh+aMI$^vOqi#`MPo3%n zsqXlz=By|q>Li2TzAgJYpuB}`>+-K#yT28#|7}3=_N{Z?`C-zp=_$E)?yvP&uxt0$ z{ncgnmzgKuQdb6{jLlvBO^@rPfNcR)7rzBGJpy(CN!U3fZn~Yn5K&VG7QPqI>wTv7 z$~Sa$dx23{FUam0_MW05(ZBUXyv(N8ms!QI&-Ee8m=V5#Ijy#pVj^sDMA)JTdotms zgfr`TSThJ=8{AwyJ$^~6;5O;%mt8_GGJf}$>Ee@apb#}%F(-6N;;s8>2l(9g&If1w z`zB*4lJEFu5An~wzsl}z(=+h0v*;AV_Ku}jWY{^^CwG-Te{px~r$1J|{qgDH>9@35 zZ=Pifh3w<{@iNkD(VPzxysWJ?ns(-9t1;W5p5TqB*?=0_g4l1F^4#`3-Xy6AT(zC(8pGRR?i9Z7b1kq~egv62WnPr~l8D$oq># z(lPp^G;Ax&nR|VlM^zf5v^sw@-pvoVmg0{F6z6({I+^BZ#(ue-F=c-lxt%$pIs4@} zzm=!&rMQ^=xsda6o{?DQJk{h1U(c=y+Y5wxKfBMgD7W{S>*-BM4@gI_`u5PJWXosT z8dnc`>^IvPQ$ClGrA$y4h)&O%6C9Rj-TW_McsXG46vK<2%U0s`K~t?7@_weOooS3p zx~J+i5HO;k!@5|Y&?tg3Sf7jKo~y8(J1Z<(JHQ!! zKjT~{sgY-0^tffb>hW(esKcBoK-4z#Rc4zxn(cs|%$a7s>e%fp2AMNoj|*C_qMH8 zH(^T)=5w7aO9p#vO_T4?B6M?VhInjU{ru#9{_xAgeR?BmCl(w2`NMxdd@RM|7O`7Z zOPyouYH0EG&n`TC{B)O|QY-*z3vIHu@a6F_-Iox=ZPxd{-leC9`w}zd^}W067L5q` z_C8nxc_+&ORo@ci9*;>A?%Jq;3!%i zMO#{X3L$q`C_ndliSlM_O(B=qxtmj>RUa@LIecQYmo8~`T)ZHXq{NdQT zdg^*h)Os_vx`m>DAMmadzgyqmr$=|6e(#Ia(?34kJ^Z>ZLnElAMDJ|fO-UH;k%uox!s7jP zpN84pbeALB183%1_mBTY?(af7ylzoe@>r4i0LG&m-orp==qgNgdpS)y#j%jWJ)oMG zOB!}W-Ag2%lr$U`^#J2VBs~B-E@*gZx%MJj2!s}A<@J5nWal3qA0K{C@y*A-pIBTq zVjZvU(?6b8Z%Wsj)zcrJ(!`B*4!ImXU+$i+rpG5-j%e|;J+X3o0?Q7}cybIxxp#eQ z1m7QVU}uXzPhP}HxwN1+mZkmH^Rm))LRlxq=hhJh=?$otx%sWoJK>FN zsdDc2v?u3DT-2Fzot*ABUmnwD#^a7X?jQ9;8$a_p-Ng@LWZ5@)*3JDx*fqZaLDlrl zCOsAp(`|7f(X(JASeEu}bwGI!F}HH{D!9A5;?s`ViXI4^%yy5zZuVz?dQ79IJnbd- zpgyM0U)EJNHDKu(e{OAa5qP)L5zrv>-qUu7FF#LSlJM+bMbQ%E|`lV2Y)tv)|^u5IZ_m11ubJB5;iJJ?oCCa)k4LES!{II+^@HBeUp<_m;qsV<^H~~RsqCtte3C?-6#cN&_Ab!TxoF&by=)@9G1lyg^)vj?^vPt4FC0F72g9gK3MuaA>+j=@IOWQ|5233 z3YX_zb8e4Zq9(=Exfj_B(kCa*FTYHZI%Nmlb?|1|w>wD}uR8s{Ucg8ojS zs7g-Oo7;1)omGN%08=iUwU~S&1F^X3*1c<~yYZeQl=0$R3)uENjhHT4yv? z)%K)4noQ_d6PAf%{$MvaTUyhrHq}tGtUhbs&tvrUerckxW0-V1&BS&E$dbf0y?pv@ zUE%=i11VD@H@NL9dj!>p&q}^^>#zGt;m|rSdsx?&kny%JxYn5Qc)qgo=w;REc4n)l z*lOXY-vA+h*?2iEg5Ys`M0X&Lk0OV%+ue&>()+wH*aQN3qQISvkquME?Eb3Kgh4Y zx~FMoaL_s6-U6Y#=;^l!EvTV692CRR(*l2X?^@8+W!|1zv&A!6bu%?~;88MIKE~FR z$8g})L;c$Tu9%5x8R!IKH>R@x2Y2p}5!Cesz$&ODu%-HI3>&>U-*;=5;fFrz6J)7IJ)GA?3jD z664*Bt=S)qkX#|pJYl;OcW zk)9ud<$HVRb&jv}b+$rgcuq(9{VX@#oflh@M(?;2!1WVK+O{9Rzq(7C&4;Jo-2G5_ zt@1hnp(VQoQNupFOv@1J*_%@Dtx-hbML+55A^Mi6f&~aI={bm&q2>Axm~rPc<>B2Y zcMpLVH(1xp@o=H~V*{24LCKrjeFb2yGp29qO6Mqcrn%V5_paDWUnh3vLF`QLhroj2 zW(ZbU+>W~5@{Xxgr5W_RkU{o#T-OJs3l>(Fov_(X9}oF~QCsmqKlG%`9al}7+S_qP z-Q~<5js{U$H&<6q3Xw%lPAHZpCu4F3Vqt_(nMkg5qZ)3gkqtJ`h^wq9OUKr+$&B74 z_C}}Ryat(U3@hE3*#e@hz%y{voLGCZC~OuMytgQ=S?R{k7q}=T36s$U#2hq+AS_3t zt(VMY0qfZcFv@sKiJe4=g1kvFX%Rq%=sKEszKcjnMGD4Qp+)pb3r^a_pqxpZF|Bk1 z+yFHo8^8vj0Wkx>3Nmm62Bj%TCJk9xM;Jp;K@|Xe6o8N5y*Hqu6gjdms2Ei;nUs){ zc?G5cT_LCnVZPjC7g#4Htwuy^LB&WZvR0l9MJo8ItmcXzu|a51G+_63!cs;Q(x4Ck zMth-AFbRo7T7a&ER8S}2n3PfsQ3c9HkJyFetksS)FnLud!U6_WgWMoBc#5xsh}+V5ylQ7yz=~8(SPe&Fn0NX~ILbue7R2O5QL}0Ttl1(O~ z5e+lxWU>a6q$%Pgs7Nk{t(6N&r2+;NXz!y?-T+!sLP#T4gatT>XTlHB>lo3xXcAD& z;7Mp1oRh(61Xz)(@Z~e%Q^>+ehuVl#j}>yp85OM+NUXWS=Z5t2QA9S*P;fCi=|mtP z<6{!aXVfwW8c@*lQD~DmSkT#XvXMm2D7^qoN>k)SE3yrlZ`y^I4uZ5&u{Tjf6MYcD z#_XjF>{apj3K}IEwhhmZU@p@!ShVI=!gllLh?*2O^ud~#&ZF(v^h(InqxvmfZ!AbFQp*% zxmY$=XqUhgmPBG*A{p(`8%tzObd1i5?3G(--Dq_&SZ_%X=?IuC1R)tklpz_T7;PlC zGNRG8(WZ#^8St}L0&H+D6Q<-G831QU5|Ykj)5^%kU}NApz%@i^L=q&3Q?kZUHYq5r z9s8uET^Vi+Js*BBF$EX1M{TS(OiT__cE*qd4&@-U*jQ++XpC))X^d`+x&VWbNehTZ zN0%5Jvt$*3jZDH+S8chm)L8kgh`@5ngw9Y#gFy=lsDiK%I2kSF3WR8^ZLDdmZmfC% zl$J%#iIoo-EHWFBiUtJ3Dwngmq6ASQL3m-*DY1s&VlqP7XjG0QQWR`-EH5103IsPG zr~x5gi3F0UgHl#TBbB8DXuKnnL@-jjpjRMt146wr87Y95p*S7Oq?K19h-9IJchLzQ zS5P8(D1s;s`sEM{B+cL?Dv~A{R6aNsXxYS=lFqM&7-e=z=HyD;DpD50g7HXMxKOUc zmss0a zHr|&I&8?u^!pa@&l?h=%$!epraxMXZB4SsLZG}>T6)Pw)LAi{52V!Et4B9Dn9tAOT z)LNRTjN#I&J7-j57Hj~affBR4B0iV=ag-?-j}Wv~ful-Fmh5^Io-;>ZA|OEZqsSvK zFcU3kS5S7`fQNP`RAn|E14KW0tpCR03>At62B{9-Z^W%w$@os*%}kPjjWW?F`1%! zH7qJQz8^pw8;8a@6Lm5|NX@Q;;xLT?o zMxIp661+4*kxUpp3ncPJSj93$Rmn3ANIm3ge-xo6Ya1hw6J)cG0R;(80%RmK2`i!Y zPe7111@b>`v< zD#0b^t9~@4)Ndv4unM?qn1e$R=wl$|F)pqJN%M2(V^xGO|qoflRzONW-U{$ z4qtHts#J7k0}2~Z(0~#Rux)_NRTfM{8PSErfYu5{$U%EWj*TlSge3*0Z3DWLhjjzG zd~*Yu8ql%S5U54249T;@DZ{{7qg7z!jz%_BvC4vM9P;MxN5*q z1LYD`{(S`^$S^xANr$X_Fp^W2F=s>>LjWySU`zu>zd9i@3Q81Iic&iuVXe2w88V;~ zS>Xz-Xu#O-LX0!Xumu-M1#N+o(A*QEBZHu9bO52fLvKYi zKIfG63M@5X<@Y5jfr;8MqtwJ+dmUXi!8t1FOe!MN4Oni#s_x%cB*w^KDLMlJS-5hu zVFdzAvN5BQa)kmL6s687>gi%_1J-;O+CuWqM2aX?d8ne3LhnjlR3lk{v_ioR3L0p` pQfl~)^nnw)yuM;!p*3meqXw-ElvtwFLVqxQ{|9u(lqC3W000TZMt1-J literal 6554 zcmV;L8D-`liwFP!00000|Lr{6Zd^HX@A`@c^57)K0;~&f!5CO!VBrYZ%u9lUycxXC z^sFq|lI+>}`+z+6?$fQ-#g-H70<&h5#j0Z6NLKOaU;lk`_nZ5a?lxc3?cMg~`ad>m z^Y8z5=04rt#4jP;y@6J^w{Kf$spZRgH}3U_7FxV?+v~4ypbT}5u}54i&`Os+e!Bm& zmBYBaICHn@?&j)idLvqU?mpez-G`g&xV_)rTz~lZ<^GLmRjXUun)jb~MsKb|>W9t6 znfr2mo$d-eh!*g2_8WG7m#)PGYJnCV+=9AXWu^?t7E}xR;_TdO;yv9_YU~@23`!p>=Uqhd)&P zo^{>sE?wnmZ6kXhKIAXgp&wuGJzJB&0R+FM`++w+0P^3rU(#pyu7E;|&?2>n=kBK# z$z7%EU+;hGFr2%e-UZPjy}vAjxH^az=N+nnDo;Nq3S2SpDh9qdcRx*_Y7b}{lQXbx z`fRL{*q_~^9HCp37w0oamLr0`K+Rwl@-Jf*zh05Q8lhWMC&<6B{ZHZlaKb--QtY~1 zM87G9&OPlIT;b>K+d)BcHw@2)W|4So(b$sb%b9f=EjwwT@iKTW%Kwfux zySx3)aMsz6%d;STHyDr0y(QM+$#81_GO+v5*$j+;bua6k#Q9Lnzc%j%476~H9z*98 zCpxR|F&4jD8JxLkp(k79^Mx->B<1_%E^{~SFvqmuR>&ULf^&Ckx*62~GgrKWNfFRH zaR)J11?;)7^K1S)>caUJO)ohZahQt3EOC^X=2UIC0cVSLZFHdyXi2nai#|x~5hc;- z!!AWp*s&MGp(qRuKQ!DUb@hP9IQRB#5zzs^DH_<8f8EyoUKIHI!0p?&&UxntpkLE{ za_`()yJ*y6pba5>5-B7Fq@iT#?KS;G(DXQpjeAs3o2u;vODtAqrdk|yv(Avk8`kLo!diBwqX1Ymb_w1 zG~<ArpWI*O9Xru>Id~S+-Tm#C zaKHIX{U?ks)&;;y#$e{O#J^V7}!Z|QD(_rt8>@^J?F6fZ55kDK1hm{CjckR4s_ zI&R@_6vl87nc`|o@=#z^E$JDv`UtbSP}K`&>y3uwAx_6jO-GDH%PnM zXvwZDc!nHXo`pj`5)Qe9LtchMGsDC!%NZtl1d}Y7-fu zUmw(?t)3>9Cz0v43!U$XQM6{f2ag(bzJ$7t=7be5ckUDO==akE$4k`H0L@?)S}S9h zI|q%uhMr^PgR~ z`S|H7-KSU(@`PHeKJB;k)hiuUF~*=DI|$yuEf;-K3G=Smb;ja=ngx$~yDZ z8Z*dzvB+hws$J}3QYcCzMucG#@*fkKHjJ7!5&=hEQ62=0iIIr_X~A z(8buAV=kLv2cwF5#?~B$TU5On*8OT~o{dfOw-$8=q+8S%W9#g`>op~hIkw7Wx*CYv zUSFqMcb)#|N*rBhEo*%Ia=#gwIJ>&J`8569{EJwe|)&Q`E^@{MpSF*ti`;Gk_Fjg4_}al)vbJ=hs9pKE0JmAUTg>ZN0wFT z?_xVVZ&g=xEdPCg;?V`~QQ#A773QxN;6ck=$&VZ`&BtpRc2wPKBtEEVIIQXc$BSrs zKz3Zw@X~tiRkU`LUW3Zp>#ixCzq!4=`6ISBVBztER`=rvW=?xFb!f)jVqnU>>surGep@T~i3$Avk72^j5`Uh( zjUrl`Fq{cj)?4?;%GU$NI&(g^jWB3$AiXZl=VI@aH;Sd|xm(koo@Xbg&Xp^0y1x5z zo9-4e?!@E%QFpZQXWpi(_(6;!dsbw5+p3#-Na+QCY6^T6 zdAHIL(V+7_(sqPs)P zmwe8NGMaI4jMGy^d3y1FVJ}@_^JoM(j-d0OClP)Dy6;YuczGam?tTj5pw_#f62uNp znx!3gaITch4`8je^Ou*=YW-?YNS~JrI^t$)rLKc3+O2t=6tB+@xmI5J49bADL6VrX26I#YYSXrF7&^bbC`LOZWIize^9VR_XhxhQh<--E7MF4!<)LXJ6 z;+E_@dH&6|m~Y?!E0wE*4sf7+c+fs}>WHUUI32Tad6I>%RUi+tIID=wYmq0}=v1YI z-7+Pt)hQ2{(ZPb{H!`EA2GUOZk1`jk^_%)q_Y_^cUlggjNIDknkH@{fpw`iReEh1@ z%#!dlpl2`(9hb4oMa}7ej`cXRD>JzRxuoElxj^eXfzx*;w z&=fwqtKG%CZx=|H*g5}wzCybsTxWSX)7Q>us6o!=o6A$KkX281KvOP{_0`A&*@V?u zm+oD8UskOA6w!~D;PTkLJh^&Q-l_;u(l@kD%LLZB2l$#rub@+C&^iF37PXU_}nYIJn#XR ze0D8cv{Pw(XdJI)i|Gjij5TQSn9qB0tU=>YgPy6Rn_a(nx~yihy(=;*zpigSEbXTD zZa;qfa_{`r05!Z|n1B3x|9M>7&=~rlh2hl$)ND`hv0u08k22fc-+b6!-@C6L{`35Q z-iSpVU#-Q8s)1Iu@=zVW49odP)w;E_kFd?+*UA^%V$lID(3(?1_jPyugnRM1)nMu% zd&h_J1gBpnw4jFOus;p^S_|^Cd)I=lk^1tXITM}Ptc!V!0Xb?0%a5@&moXf8EKxr+ zZ=pP6SQj)5ATt3Li>;N;!hIa_1%eQh$Zh95wrS5jlU#yoWq4Ik= z`E=V*>FXjFo8bi|>-UQ?M7MiS1~Te)=M>)qlni}8etmY8?(RO^|K_fTQhN2Cqb9am zOk6H>w2<9_#pS-J00*nVeHG)0RzrJMQ=c8L8sgGwtJcfgP3ct1P?D%8$)F$^H{*B*V>Y2q264@$p$^}4*?^fQJ(Vld_B z=YPb2^*FrvBL-ZvH`AO#x7tI^^bhx4J$*V~00vtf|BwN9nSZ;BrOdSlKAzuqx$TDPE2;65lFERK^Z6qn_c6nGfxgX^Nr^Ea_;gw0c>>ti(&`${#i`2 z2l`sQd)9wfyt;pJlj0`d+WBrdDv$bsgB87>d2a|(A|pj@Dz25<&54|jEJ5lbfnFQJ8cW~O{IPIFlRN>Fj*ARef z4%ltQqdpI?SLf4sd}OnM`_ym8!)7CSx!IK8yPJ*VVY4Y4Z~w(f zsr~hto8gb6Q7gsecsef*xHy>CFg={iJ3qY~=k?jUl{-P5_P{Np+XWBZT*f^T5A;LN z%JQn!#hdZ#j4sc&xWSFvaA#*{kinDDK_v;qR#+(sgNF=`$b#RPMmMUF4L8(a1C2OK z!fQxM%4~chKnSFDf}C^)4mxd21H3cGVi3lV)&=w2rhWb3|izX36AbFccj^q@<7`q0GX)SqZdu=ul$xj5)bzjMAW#ltS2UO|U;JXBI$~Wgr&*B2p4E z#{^}T+?nIFax!ZfNF!P+AXsI5Fi0+HRVgX4Gl!FOA*&pnm6|CVEp-yvvaxJMDq51e zym_+GdW%LOT98&r6v+weLq_Ly;SFtrra|4HYEU-F4N`;HAT%f%unm|7bOUM!HFAtL zNU5_)s8|>>flM~SI}b+X!j5?w>WGoD^9CY=(ULU=kVb3m*bwEywbV~T?VaL;N{a+m z%j8``Cx~2(%2UXypjJ;qP2fN}kuo9ZoRv3Zv{oiYAAGWUV;T}qLv5ts9Fh($XOcNt zAEmO+Ij~-+Sj?HYA!-O4f~V2QL6OPM_#CoUK-L1w5L`?VgLIXKd?t+&jZwx7(o2~@ zDgoXTChxLWF&48Y^-LP*k}v-ysRSx^>^)MJMCe>X>k19ikbW`&$7r&0F@QwpON0eY z-g}!&uvrxAWNaA9I#@JhpG+wdOY1axqY{V69&{#fEZI5KQ5H&Eh&_Xb7cL7e9LWq6 zq7o*N7Lm2kY$^B+%SwcvNry!OPt2OKS17IW-XVZ=GJ<1cHxeox^;|ljQiw$-4uNAx zhLYAy3cLWXa-kzdBjxi+5xZzX-3dtG0)0lIP z(PK6yY$P|5USw4=*kmAU=Y;9xolZRw#?wz zM~S4e+i25h-Pp#Sijlx`a%=@lFAz`%08~Ech{(c(jjqTZg)>{3*=IC1n{1rdiKTN& zTQpiz2pa>95syZzQ72D^S&HCwlsUR&(0S!qCkT0CxG~h28vLJtU!V*rXsd+qhEcGM z3L{4mkaZ}bUpGcIMm`0(bY9vZy^&sI$PTRl=W<{|FE#MS*v6Qr>EHqX;hD0Q13@h>}8RJEe*$A}YT{bE^vKwm~YZ|Mc zP03((QtFsdMf5;cNKQaXC`j2U*nr>$1T`SA0RasN@e*`p)|q^w2<3tS36)5RRI;Re zwj%X(RRcnP3;H?aEInzFQw$n}&6a}jmJDYnyxM@U4Ty4Q(ch8}0B!)N0eDf`o?fmyP4K+=*;R!3zN*W0A}R@8Mg%1Sh#_V0fYw1_WkX7kyfZEd@Ngp zRN7bquM==UOCBw50I31Q@5N7cGUlX$bDq7-D1}6h2tHX82t^mIP&a_80hA3Oe{+2W zEp*+JZBhw6N>GtBBkLrb4&{JiMFVKQH)p5<1w)j)Ev}@3aKQ=7gdu3HeL3g=+E?Pv zd1Zw~3CSmon4}1i9VMBpbV|!|WC9Ye$f5CG8xYC_a#S~BnKiNnYqBBj%jpXU8z3m> zuh(Uk9iZ1*fUvA`7CB|oE?Wc@RF+VVa+NgED|0Gx&>rUXvi9!qzXw3Wo__5_93UREWZ~|$|=a~T@=LDNRcDRm}L3SMpCIe zG?8wA)c59%P&>m$WfSpW)7$uf-o*W1?VWBtw#oQqr4}TNgTL5k)UQ zel_`_wv5*4nzl&M3KYNqCT9~e#+rSgSL4o6$^^otfSH6wM0Sp}GuC13xx?4uE*pr} zMrQ>wXf04GAqAMAbr#uBEjPVdWKqT|?^t9-Nq8Z(P71j{bwxL5prnwo+mK&{ zPsl50%Er3I`B2gq#Dzhr-NgGNL#nrnjm;ZDXD2oPI zy&}KfK?uQmHf)@8CRy@Ur4XXc-sI{`vN)4{WkxX}8Zy=duPvb_^bCr1B2Q77T9}sN z2VfLLE|v0FQZ-VeqePh;3&oT}!fK{czj)R{OTjUfgtIe2a!x5Em$2kAbdZ&*!Uhyf z34SFSkoHVkFkXj@27^hKwJgadAtGi?sVn(w(SWiIsDh>x3RDA1HlVlxMQ2$^X3mH% zl)R0#LNUsqy<#U#wR$Y4_i|A()PTVT%C*jj2Fm4A7ZSPwts2m>0nH6)YCvNH8jg~N z;Oc7ul{t{hHVUmtu_Wyh3NJTcR0BqS6XKRjT?DO5ASH$1lTJh`M=I%JhZ``afpX*e zMht+DkUhGXDFy(Sq5xzeyjIN0>kZgK$Tm=JP37Njzyup9oh8;GD<2HWlqu$nNHGM^ zVgr^Mu=vdxp(r?UP$`mjz~$YFMVTQ3I*}D_z{&Qy^X;H;pO4M0j>gH_U?3_@xMa-Tob zAlL>=H6N%!C}n(T5X5)m+1U_;2knyg%0t!`w6Kz7cF}>MeV$d%vwSt4O%1>%Yj1>8 zr4g!#fi;6&!XcQioA=g%Nh#*{Az2k8CeAzl1FcB&LR>?@0ko}az<>hyy>Wq zI)2zSu+I@lp#q&SXK9m?Q5)lfQUS93zpw_)E<_na;uP6BM-WB5mqJ!XL6~gm$6m+( M0$IicI^BE#00Co|0RR91 diff --git a/creusot/tests/should_succeed/iterators/common.rs b/creusot/tests/should_succeed/iterators/common.rs index 9d037ba5c..17f5e5e25 100644 --- a/creusot/tests/should_succeed/iterators/common.rs +++ b/creusot/tests/should_succeed/iterators/common.rs @@ -1,5 +1,5 @@ // UISKIP WHY3SKIP -use creusot_contracts::{invariant::inv, logic::Seq, *}; +use creusot_contracts::{logic::Seq, *}; pub trait Iterator { type Item; @@ -11,14 +11,10 @@ pub trait Iterator { fn completed(&mut self) -> bool; #[law] - #[requires(inv(self))] #[ensures(self.produces(Seq::EMPTY, self))] fn produces_refl(self); #[law] - #[requires(inv(a))] - #[requires(inv(b))] - #[requires(inv(c))] #[requires(a.produces(ab, b))] #[requires(b.produces(bc, c))] #[ensures(a.produces(ab.concat(bc), c))] From 13fe73c95113735b189b45aa1193ac8ef3347da9 Mon Sep 17 00:00:00 2001 From: Jacques-Henri Jourdan Date: Thu, 5 Dec 2024 16:12:43 +0100 Subject: [PATCH 2/2] Update stdlib accordingly. --- creusot-contracts/src/std/iter.rs | 20 +- creusot-contracts/src/std/iter/cloned.rs | 13 +- creusot-contracts/src/std/iter/copied.rs | 13 +- creusot-contracts/src/std/iter/empty.rs | 6 +- creusot-contracts/src/std/iter/enumerate.rs | 14 +- creusot-contracts/src/std/iter/filter.rs | 5 +- creusot-contracts/src/std/iter/fuse.rs | 14 +- creusot-contracts/src/std/iter/map.rs | 20 +- creusot-contracts/src/std/iter/map_inv.rs | 28 +- creusot-contracts/src/std/iter/once.rs | 8 +- creusot-contracts/src/std/iter/range.rs | 5 - creusot-contracts/src/std/iter/repeat.rs | 6 +- creusot-contracts/src/std/iter/skip.rs | 14 +- creusot-contracts/src/std/iter/take.rs | 4 - creusot-contracts/src/std/iter/zip.rs | 12 +- creusot-contracts/src/std/slice.rs | 4 - .../creusot-contracts/creusot-contracts.coma | 6508 +++++------------ .../creusot-contracts/why3session.xml | 358 +- .../creusot-contracts/why3shapes.gz | Bin 25522 -> 23189 bytes creusot/tests/should_succeed/100doors.coma | 66 +- .../should_succeed/100doors/why3session.xml | 2 +- .../should_succeed/100doors/why3shapes.gz | Bin 571 -> 561 bytes creusot/tests/should_succeed/bug/164.coma | 44 +- .../should_succeed/bug/164/why3session.xml | 2 +- .../should_succeed/bug/164/why3shapes.gz | Bin 521 -> 514 bytes creusot/tests/should_succeed/hillel.coma | 142 +- .../should_succeed/hillel/why3session.xml | 108 +- .../tests/should_succeed/hillel/why3shapes.gz | Bin 7511 -> 7478 bytes .../tests/should_succeed/insertion_sort.coma | 46 +- .../insertion_sort/why3session.xml | 60 +- .../insertion_sort/why3shapes.gz | Bin 2746 -> 2740 bytes .../iterators/03_std_iterators.coma | 730 +- .../iterators/03_std_iterators.rs | 12 +- .../03_std_iterators/why3session.xml | 160 +- .../iterators/03_std_iterators/why3shapes.gz | Bin 6434 -> 6595 bytes .../iterators/08_collect_extend.coma | 148 +- .../iterators/08_collect_extend.rs | 2 +- .../08_collect_extend/why3session.xml | 4 +- .../iterators/08_collect_extend/why3shapes.gz | Bin 1108 -> 1076 bytes .../should_succeed/iterators/17_filter.coma | 87 +- .../iterators/17_filter/why3session.xml | 24 +- .../iterators/17_filter/why3shapes.gz | Bin 5907 -> 5856 bytes .../tests/should_succeed/knapsack_full.coma | 146 +- .../knapsack_full/why3session.xml | 234 +- .../knapsack_full/why3shapes.gz | Bin 8168 -> 8165 bytes .../rusthorn/inc_max_repeat.coma | 46 +- .../rusthorn/inc_max_repeat/why3session.xml | 2 +- .../rusthorn/inc_max_repeat/why3shapes.gz | Bin 630 -> 620 bytes .../selection_sort_generic.coma | 150 +- .../selection_sort_generic/why3session.xml | 94 +- .../selection_sort_generic/why3shapes.gz | Bin 3759 -> 3735 bytes creusot/tests/should_succeed/sum.coma | 28 +- creusot/tests/should_succeed/sum_of_odds.coma | 48 +- .../sum_of_odds/why3session.xml | 28 +- .../should_succeed/sum_of_odds/why3shapes.gz | Bin 1496 -> 1489 bytes creusot/tests/should_succeed/vector/01.coma | 60 +- .../should_succeed/vector/01/why3session.xml | 2 +- .../should_succeed/vector/01/why3shapes.gz | Bin 572 -> 563 bytes .../vector/03_knuth_shuffle.coma | 82 +- .../vector/03_knuth_shuffle/why3session.xml | 36 +- .../vector/03_knuth_shuffle/why3shapes.gz | Bin 1942 -> 1932 bytes .../vector/06_knights_tour.coma | 324 +- .../vector/06_knights_tour/why3session.xml | 94 +- .../vector/06_knights_tour/why3shapes.gz | Bin 7282 -> 7139 bytes .../should_succeed/vector/08_haystack.coma | 64 +- .../vector/08_haystack/why3session.xml | 52 +- .../vector/08_haystack/why3shapes.gz | Bin 2813 -> 2799 bytes 67 files changed, 3548 insertions(+), 6631 deletions(-) diff --git a/creusot-contracts/src/std/iter.rs b/creusot-contracts/src/std/iter.rs index bdbcfe30d..3c1388236 100644 --- a/creusot-contracts/src/std/iter.rs +++ b/creusot-contracts/src/std/iter.rs @@ -1,4 +1,4 @@ -use crate::{invariant::*, *}; +use crate::*; pub use ::std::iter::*; mod cloned; @@ -35,14 +35,10 @@ pub trait Iterator: ::std::iter::Iterator { fn completed(&mut self) -> bool; #[law] - #[requires(inv(self))] #[ensures(self.produces(Seq::EMPTY, self))] fn produces_refl(self); #[law] - #[requires(inv(a))] - #[requires(inv(b))] - #[requires(inv(c))] #[requires(a.produces(ab, b))] #[requires(b.produces(bc, c))] #[ensures(a.produces(ab.concat(bc), c))] @@ -50,7 +46,7 @@ pub trait Iterator: ::std::iter::Iterator { // FIXME: remove `trusted` #[trusted] - #[requires(forall inv(e) && inv(i2) ==> + #[requires(forall self.produces(Seq::singleton(e), i2) ==> func.precondition((e, Snapshot::new(Seq::EMPTY))))] #[requires(MapInv::::reinitialize())] @@ -131,7 +127,7 @@ extern_spec! { Self: Sized + Iterator; #[pure] - #[requires(forall inv(e) && inv(i2) ==> + #[requires(forall self.produces(Seq::singleton(e), i2) ==> f.precondition((e,)))] #[requires(map::reinitialize::())] @@ -151,10 +147,8 @@ extern_spec! { #[pure] // These two requirements are here only to prove the absence of overflows - #[requires(forall inv(i) && i.completed() ==> i.produces(Seq::EMPTY, ^i))] - #[requires(forall, i: Self_> - inv(s) && inv(i) && self.produces(s, i) ==> - s.len() < std::usize::MAX@)] + #[requires(forall i.completed() ==> i.produces(Seq::EMPTY, ^i))] + #[requires(forall, i: Self_> self.produces(s, i) ==> s.len() < std::usize::MAX@)] #[ensures(result.iter() == self && result.n() == 0)] fn enumerate(self) -> Enumerate; @@ -170,8 +164,7 @@ extern_spec! { // TODO: Investigate why Self_ needed #[ensures(exists> - inv(done) && inv(prod) && resolve(&^done) && done.completed() && - self.produces(prod, *done) && B::from_iter_post(prod, result))] + resolve(&^done) && done.completed() && self.produces(prod, *done) && B::from_iter_post(prod, result))] fn collect(self) -> B where B: FromIterator; } @@ -190,7 +183,6 @@ extern_spec! { #[requires(iter.into_iter_pre())] #[ensures(exists> - inv(into_iter) && inv(done) && inv(prod) && iter.into_iter_post(into_iter) && into_iter.produces(prod, *done) && done.completed() && resolve(&^done) && Self_::from_iter_post(prod, result))] diff --git a/creusot-contracts/src/std/iter/cloned.rs b/creusot-contracts/src/std/iter/cloned.rs index 388906e68..fa70c4fb6 100644 --- a/creusot-contracts/src/std/iter/cloned.rs +++ b/creusot-contracts/src/std/iter/cloned.rs @@ -37,10 +37,7 @@ where #[predicate(prophetic)] fn completed(&mut self) -> bool { pearlite! { - exists inv(inner) - && *inner == self.iter() - && ^inner == (^self).iter() - && inner.completed() + exists *inner == self.iter() && ^inner == (^self).iter() && inner.completed() } } @@ -48,8 +45,8 @@ where #[predicate(prophetic)] fn produces(self, visited: Seq, o: Self) -> bool { pearlite! { - exists> inv(s) - && self.iter().produces(s, o.iter()) + exists> + self.iter().produces(s, o.iter()) && visited.len() == s.len() && forall 0 <= i && i < s.len() ==> visited[i] == *s[i] } @@ -57,15 +54,11 @@ where #[law] #[open(self)] - #[requires(inv(self))] #[ensures(self.produces(Seq::EMPTY, self))] fn produces_refl(self) {} #[law] #[open(self)] - #[requires(inv(a))] - #[requires(inv(b))] - #[requires(inv(c))] #[requires(a.produces(ab, b))] #[requires(b.produces(bc, c))] #[ensures(a.produces(ab.concat(bc), c))] diff --git a/creusot-contracts/src/std/iter/copied.rs b/creusot-contracts/src/std/iter/copied.rs index 615ee8333..924bfa938 100644 --- a/creusot-contracts/src/std/iter/copied.rs +++ b/creusot-contracts/src/std/iter/copied.rs @@ -37,10 +37,7 @@ where #[predicate(prophetic)] fn completed(&mut self) -> bool { pearlite! { - exists inv(inner) - && *inner == self.iter() - && ^inner == (^self).iter() - && inner.completed() + exists *inner == self.iter() && ^inner == (^self).iter() && inner.completed() } } @@ -48,8 +45,8 @@ where #[predicate(prophetic)] fn produces(self, visited: Seq, o: Self) -> bool { pearlite! { - exists> inv(s) - && self.iter().produces(s, o.iter()) + exists> + self.iter().produces(s, o.iter()) && visited.len() == s.len() && forall 0 <= i && i < s.len() ==> visited[i] == *s[i] } @@ -57,15 +54,11 @@ where #[law] #[open(self)] - #[requires(inv(self))] #[ensures(self.produces(Seq::EMPTY, self))] fn produces_refl(self) {} #[law] #[open(self)] - #[requires(inv(a))] - #[requires(inv(b))] - #[requires(inv(c))] #[requires(a.produces(ab, b))] #[requires(b.produces(bc, c))] #[ensures(a.produces(ab.concat(bc), c))] diff --git a/creusot-contracts/src/std/iter/empty.rs b/creusot-contracts/src/std/iter/empty.rs index e0197424a..b270fe7f1 100644 --- a/creusot-contracts/src/std/iter/empty.rs +++ b/creusot-contracts/src/std/iter/empty.rs @@ -1,4 +1,4 @@ -use crate::{invariant::*, std::iter::Empty, *}; +use crate::{std::iter::Empty, *}; impl Iterator for Empty { #[open] @@ -15,15 +15,11 @@ impl Iterator for Empty { #[law] #[open(self)] - #[requires(inv(self))] #[ensures(self.produces(Seq::EMPTY, self))] fn produces_refl(self) {} #[law] #[open(self)] - #[requires(inv(a))] - #[requires(inv(b))] - #[requires(inv(c))] #[requires(a.produces(ab, b))] #[requires(b.produces(bc, c))] #[ensures(a.produces(ab.concat(bc), c))] diff --git a/creusot-contracts/src/std/iter/enumerate.rs b/creusot-contracts/src/std/iter/enumerate.rs index 7c7202fb0..dad51bd34 100644 --- a/creusot-contracts/src/std/iter/enumerate.rs +++ b/creusot-contracts/src/std/iter/enumerate.rs @@ -44,7 +44,7 @@ impl Invariant for Enumerate { pearlite! { (forall, i: I> #![trigger self.iter().produces(s, i)] - inv(s) && inv(i) && self.iter().produces(s, i) ==> + self.iter().produces(s, i) ==> self.n() + s.len() < std::usize::MAX@) && (forall i.completed() ==> i.produces(Seq::EMPTY, ^i)) } @@ -59,9 +59,7 @@ where #[predicate(prophetic)] fn completed(&mut self) -> bool { pearlite! { - exists inv(inner) - && *inner == self.iter() - && ^inner == (^self).iter() + exists *inner == self.iter() && ^inner == (^self).iter() && inner.completed() && self.n() == (^self).n() } @@ -72,8 +70,8 @@ where fn produces(self, visited: Seq, o: Self) -> bool { pearlite! { visited.len() == o.n() - self.n() - && exists> inv(s) - && self.iter().produces(s, o.iter()) + && exists> + self.iter().produces(s, o.iter()) && visited.len() == s.len() && forall 0 <= i && i < s.len() ==> visited[i].0@ == self.n() + i && visited[i].1 == s[i] } @@ -81,15 +79,11 @@ where #[law] #[open(self)] - #[requires(inv(self))] #[ensures(self.produces(Seq::EMPTY, self))] fn produces_refl(self) {} #[law] #[open(self)] - #[requires(inv(a))] - #[requires(inv(b))] - #[requires(inv(c))] #[requires(a.produces(ab, b))] #[requires(b.produces(bc, c))] #[ensures(a.produces(ab.concat(bc), c))] diff --git a/creusot-contracts/src/std/iter/filter.rs b/creusot-contracts/src/std/iter/filter.rs index bf89598d4..ebc8b229b 100644 --- a/creusot-contracts/src/std/iter/filter.rs +++ b/creusot-contracts/src/std/iter/filter.rs @@ -84,6 +84,7 @@ where #[predicate(prophetic)] fn produces(self, visited: Seq, succ: Self) -> bool { pearlite! { + self.invariant() ==> self.func().unnest(succ.func()) && // f here is a mapping from indices of `visited` to those of `s`, where `s` is the whole sequence produced by the underlying iterator // Interestingly, Z3 guesses `f` quite readily but gives up *totally* on `s`. However, the addition of the final assertions on the correctness of the values @@ -101,15 +102,11 @@ where #[law] #[open(self)] - #[requires(inv(self))] #[ensures(self.produces(Seq::EMPTY, self))] fn produces_refl(self) {} #[law] #[open(self)] - #[requires(inv(a))] - #[requires(inv(b))] - #[requires(inv(c))] #[requires(a.produces(ab, b))] #[requires(b.produces(bc, c))] #[ensures(a.produces(ab.concat(bc), c))] diff --git a/creusot-contracts/src/std/iter/fuse.rs b/creusot-contracts/src/std/iter/fuse.rs index f13e7d562..6ce1436a4 100644 --- a/creusot-contracts/src/std/iter/fuse.rs +++ b/creusot-contracts/src/std/iter/fuse.rs @@ -1,4 +1,4 @@ -use crate::{invariant::*, std::iter::Fuse, *}; +use crate::{std::iter::Fuse, *}; impl View for Fuse { type ViewTy = Option; @@ -17,7 +17,7 @@ impl Iterator for Fuse { #[predicate(prophetic)] fn completed(&mut self) -> bool { pearlite! { - (self@ == None || exists inv(it) && it.completed() && self@ == Some(*it)) && + (self@ == None || exists it.completed() && self@ == Some(*it)) && (^self)@ == None } } @@ -38,15 +38,11 @@ impl Iterator for Fuse { #[law] #[open] - #[requires(inv(self))] #[ensures(self.produces(Seq::EMPTY, self))] fn produces_refl(self) {} #[law] #[open] - #[requires(inv(a))] - #[requires(inv(b))] - #[requires(inv(c))] #[requires(a.produces(ab, b))] #[requires(b.produces(bc, c))] #[ensures(a.produces(ab.concat(bc), c))] @@ -55,9 +51,6 @@ impl Iterator for Fuse { pub trait FusedIterator: ::std::iter::FusedIterator + Iterator { #[law] - #[requires(inv(self))] - #[requires(inv(next))] - #[requires(inv(steps))] #[requires(self.completed())] #[requires((^self).produces(steps, next))] #[ensures(steps == Seq::EMPTY && ^self == next)] @@ -67,9 +60,6 @@ pub trait FusedIterator: ::std::iter::FusedIterator + Iterator { impl FusedIterator for Fuse { #[law] #[open] - #[requires(inv(self))] - #[requires(inv(next))] - #[requires(inv(steps))] #[requires(self.completed())] #[requires((^self).produces(steps, next))] #[ensures(steps == Seq::EMPTY && ^self == next)] diff --git a/creusot-contracts/src/std/iter/map.rs b/creusot-contracts/src/std/iter/map.rs index fc120b066..45078f427 100644 --- a/creusot-contracts/src/std/iter/map.rs +++ b/creusot-contracts/src/std/iter/map.rs @@ -50,8 +50,9 @@ where #[predicate(prophetic)] fn completed(&mut self) -> bool { pearlite! { - (exists inv(inner) && *inner == self.iter() && ^inner == (^self).iter() - && inner.completed()) && (*self).func() == (^self).func() } + (exists *inner == self.iter() && ^inner == (^self).iter() && inner.completed()) + && (*self).func() == (^self).func() + } } #[open] @@ -60,10 +61,10 @@ where fn produces(self, visited: Seq, succ: Self) -> bool { pearlite! { self.func().unnest(succ.func()) - && exists> inv(fs) && fs.len() == visited.len() + && exists> fs.len() == visited.len() && exists> #![trigger self.iter().produces(s, succ.iter())] - inv(s) && s.len() == visited.len() && self.iter().produces(s, succ.iter()) + s.len() == visited.len() && self.iter().produces(s, succ.iter()) && (forall 1 <= i && i < fs.len() ==> ^fs[i - 1] == *fs[i]) && if visited.len() == 0 { self.func() == succ.func() } else { *fs[0] == self.func() && ^fs[visited.len() - 1] == succ.func() } @@ -76,15 +77,11 @@ where #[law] #[open(self)] - #[requires(inv(self))] #[ensures(self.produces(Seq::EMPTY, self))] fn produces_refl(self) {} #[law] #[open(self)] - #[requires(inv(a))] - #[requires(inv(b))] - #[requires(inv(c))] #[requires(a.produces(ab, b))] #[requires(b.produces(bc, c))] #[ensures(a.produces(ab.concat(bc), c))] @@ -101,7 +98,6 @@ where pearlite! { forall #![trigger iter.produces(Seq::singleton(e), i)] - inv(e) && inv(i) ==> iter.produces(Seq::singleton(e), i) ==> func.precondition((e,)) } @@ -117,7 +113,7 @@ where pearlite! { forall, e1: I::Item, e2: I::Item, f: &mut F, b: B, i: I> #![trigger iter.produces(s.push_back(e1).push_back(e2), i), (*f).postcondition_mut((e1,), ^f, b)] - inv(s) && inv(e1) && inv(e2) && inv(f) && inv(i) && func.unnest(*f) ==> + func.unnest(*f) ==> iter.produces(s.push_back(e1).push_back(e2), i) ==> (*f).precondition((e1,)) ==> (*f).postcondition_mut((e1,), ^f, b) ==> @@ -134,8 +130,6 @@ where { pearlite! { forall - inv(iter) && inv(func) ==> - iter.completed() ==> - next_precondition(^iter, func) && preservation(^iter, func) + iter.completed() ==> next_precondition(^iter, func) && preservation(^iter, func) } } diff --git a/creusot-contracts/src/std/iter/map_inv.rs b/creusot-contracts/src/std/iter/map_inv.rs index 3fcda8392..a76942854 100644 --- a/creusot-contracts/src/std/iter/map_inv.rs +++ b/creusot-contracts/src/std/iter/map_inv.rs @@ -1,4 +1,4 @@ -use crate::{invariant::*, resolve::structural_resolve, *}; +use crate::{invariant::Invariant, resolve::structural_resolve, *}; pub struct MapInv { pub iter: I, @@ -20,15 +20,11 @@ impl>) -> B> Iterator #[law] #[open(self)] - #[requires(inv(self))] #[ensures(self.produces(Seq::EMPTY, self))] fn produces_refl(self) {} #[law] #[open(self)] - #[requires(inv(a))] - #[requires(inv(b))] - #[requires(inv(c))] #[requires(a.produces(ab, b))] #[requires(b.produces(bc, c))] #[ensures(a.produces(ab.concat(bc), c))] @@ -40,9 +36,8 @@ impl>) -> B> Iterator fn produces(self, visited: Seq, succ: Self) -> bool { pearlite! { self.func.unnest(succ.func) - && exists> inv(fs) && fs.len() == visited.len() - && exists> - inv(s) && s.len() == visited.len() && self.iter.produces(s, succ.iter) + && exists> fs.len() == visited.len() + && exists> s.len() == visited.len() && self.iter.produces(s, succ.iter) && succ.produced.inner() == self.produced.concat(s) && (forall 1 <= i && i < fs.len() ==> ^fs[i - 1] == * fs[i]) && if visited.len() == 0 { self.func == succ.func } @@ -72,7 +67,6 @@ impl Resolve for MapInv { impl>) -> B> Invariant for MapInv { - // Should not quantify over self or the `invariant` cannot be made into a type invariant #[open(self)] #[predicate(prophetic)] fn invariant(self) -> bool { @@ -121,7 +115,7 @@ impl>) -> B> MapInv) -> bool { pearlite! { forall - inv(e) && inv(i) && iter.produces(Seq::singleton(e), i) ==> + iter.produces(Seq::singleton(e), i) ==> func.precondition((e, Snapshot::new(produced))) } } @@ -131,7 +125,7 @@ impl>) -> B> MapInv) -> bool { pearlite! { forall, e1: I::Item, e2: I::Item, f: &mut F, b: B, i: I> - inv(s) && inv(e1) && inv(e2) && inv(f) && inv(b) && inv(i) && func.unnest(*f) ==> + func.unnest(*f) ==> iter.produces(s.push_back(e1).push_back(e2), i) ==> (*f).precondition((e1, Snapshot::new(produced.concat(s)))) ==> (*f).postcondition_mut((e1, Snapshot::new(produced.concat(s))), ^f, b) ==> @@ -144,7 +138,7 @@ impl>) -> B> MapInv bool { pearlite! { forall, e1: I::Item, e2: I::Item, f: &mut F, b: B, i: I> - inv(s) && inv(e1) && inv(e2) && inv(f) && inv(b) && inv(i) && func.unnest(*f) ==> + func.unnest(*f) ==> iter.produces(s.push_back(e1).push_back(e2), i) ==> (*f).precondition((e1, Snapshot::new(s))) ==> (*f).postcondition_mut((e1, Snapshot::new(s)), ^f, b) ==> @@ -157,7 +151,6 @@ impl>) -> B> MapInv bool { pearlite! { forall - inv(iter) && inv(func) ==> iter.completed() ==> Self::next_precondition(^iter, func, Seq::EMPTY) && Self::preservation(^iter, func) @@ -167,11 +160,7 @@ impl>) -> B> MapInv>) -> B> MapInv, e1: I::Item, e2: I::Item, i: I> - inv(s) && inv(e1) && inv(e2) && inv(i) ==> iter.produces(s.push_back(e1).push_back(e2), i) ==> self.iter.produces(s.push_front(e).push_back(e1).push_back(e2), i) } @@ -192,7 +180,7 @@ impl>) -> B> MapInv bool { pearlite! { exists - inv(f) && inv(e) && *f == self.func && ^f == succ.func + *f == self.func && ^f == succ.func && self.iter.produces(Seq::singleton(e), succ.iter) && succ.produced.inner() == self.produced.push_back(e) && (*f).precondition((e, self.produced)) diff --git a/creusot-contracts/src/std/iter/once.rs b/creusot-contracts/src/std/iter/once.rs index 4a1cb0c2a..7606fb958 100644 --- a/creusot-contracts/src/std/iter/once.rs +++ b/creusot-contracts/src/std/iter/once.rs @@ -1,4 +1,4 @@ -use crate::{invariant::*, std::iter::Once, *}; +use crate::{std::iter::Once, *}; impl View for Once { type ViewTy = Option; @@ -22,21 +22,17 @@ impl Iterator for Once { fn produces(self, visited: Seq, o: Self) -> bool { pearlite! { visited == Seq::EMPTY && self == o || - exists inv(e) && self@ == Some(e) && visited == Seq::singleton(e) && o@ == None + exists self@ == Some(e) && visited == Seq::singleton(e) && o@ == None } } #[law] #[open(self)] - #[requires(inv(self))] #[ensures(self.produces(Seq::EMPTY, self))] fn produces_refl(self) {} #[law] #[open(self)] - #[requires(inv(a))] - #[requires(inv(b))] - #[requires(inv(c))] #[requires(a.produces(ab, b))] #[requires(b.produces(bc, c))] #[ensures(a.produces(ab.concat(bc), c))] diff --git a/creusot-contracts/src/std/iter/range.rs b/creusot-contracts/src/std/iter/range.rs index b8d4eb3f1..2a21d42f9 100644 --- a/creusot-contracts/src/std/iter/range.rs +++ b/creusot-contracts/src/std/iter/range.rs @@ -1,5 +1,4 @@ use crate::{ - invariant::*, std::{ iter::Step, ops::{Range, RangeInclusive}, @@ -30,15 +29,11 @@ impl + Step> Iterator for Range { #[law] #[open(self)] - #[requires(inv(self))] #[ensures(self.produces(Seq::EMPTY, self))] fn produces_refl(self) {} #[law] #[open(self)] - #[requires(inv(a))] - #[requires(inv(b))] - #[requires(inv(c))] #[requires(a.produces(ab, b))] #[requires(b.produces(bc, c))] #[ensures(a.produces(ab.concat(bc), c))] diff --git a/creusot-contracts/src/std/iter/repeat.rs b/creusot-contracts/src/std/iter/repeat.rs index 10862c966..1fa176ef5 100644 --- a/creusot-contracts/src/std/iter/repeat.rs +++ b/creusot-contracts/src/std/iter/repeat.rs @@ -1,4 +1,4 @@ -use crate::{invariant::*, std::iter::Repeat, *}; +use crate::{std::iter::Repeat, *}; impl View for Repeat { type ViewTy = T; @@ -28,15 +28,11 @@ impl Iterator for Repeat { #[law] #[open(self)] - #[requires(inv(self))] #[ensures(self.produces(Seq::EMPTY, self))] fn produces_refl(self) {} #[law] #[open(self)] - #[requires(inv(a))] - #[requires(inv(b))] - #[requires(inv(c))] #[requires(a.produces(ab, b))] #[requires(b.produces(bc, c))] #[ensures(a.produces(ab.concat(bc), c))] diff --git a/creusot-contracts/src/std/iter/skip.rs b/creusot-contracts/src/std/iter/skip.rs index fb2a17482..702f07f32 100644 --- a/creusot-contracts/src/std/iter/skip.rs +++ b/creusot-contracts/src/std/iter/skip.rs @@ -1,4 +1,4 @@ -use crate::{invariant::*, resolve::structural_resolve, std::iter::Skip, *}; +use crate::{resolve::structural_resolve, std::iter::Skip, *}; pub trait SkipExt { #[logic] @@ -46,8 +46,8 @@ impl Iterator for Skip { fn completed(&mut self) -> bool { pearlite! { (^self).n() == 0 && - exists, i: &mut I> inv(s) && inv(i) - && s.len() <= (*self).n() + exists, i: &mut I> + s.len() <= (*self).n() && self.iter().produces(s, *i) && (forall 0 <= i && i < s.len() ==> resolve(&s[i])) && i.completed() @@ -61,8 +61,8 @@ impl Iterator for Skip { pearlite! { visited == Seq::EMPTY && self == o || o.n() == 0 && visited.len() > 0 && - exists> inv(s) - && s.len() == self.n() + exists> + s.len() == self.n() && self.iter().produces(s.concat(visited), o.iter()) && forall 0 <= i && i < s.len() ==> resolve(&s[i]) } @@ -70,15 +70,11 @@ impl Iterator for Skip { #[law] #[open(self)] - #[requires(inv(self))] #[ensures(self.produces(Seq::EMPTY, self))] fn produces_refl(self) {} #[law] #[open(self)] - #[requires(inv(a))] - #[requires(inv(b))] - #[requires(inv(c))] #[requires(a.produces(ab, b))] #[requires(b.produces(bc, c))] #[ensures(a.produces(ab.concat(bc), c))] diff --git a/creusot-contracts/src/std/iter/take.rs b/creusot-contracts/src/std/iter/take.rs index 7bd66effd..5d47f511a 100644 --- a/creusot-contracts/src/std/iter/take.rs +++ b/creusot-contracts/src/std/iter/take.rs @@ -68,15 +68,11 @@ impl Iterator for Take { #[law] #[open(self)] - #[requires(inv(self))] #[ensures(self.produces(Seq::EMPTY, self))] fn produces_refl(self) {} #[law] #[open(self)] - #[requires(inv(a))] - #[requires(inv(b))] - #[requires(inv(c))] #[requires(a.produces(ab, b))] #[requires(b.produces(bc, c))] #[ensures(a.produces(ab.concat(bc), c))] diff --git a/creusot-contracts/src/std/iter/zip.rs b/creusot-contracts/src/std/iter/zip.rs index fd196e938..cd9b1400f 100644 --- a/creusot-contracts/src/std/iter/zip.rs +++ b/creusot-contracts/src/std/iter/zip.rs @@ -29,8 +29,8 @@ impl Iterator for Zip { #[predicate(prophetic)] fn completed(&mut self) -> bool { pearlite! { - exists inv(a) && inv(b) - && *a == (*self).itera() && *b == (*self).iterb() + exists + *a == (*self).itera() && *b == (*self).iterb() && ^a == (^self).itera() && ^b == (^self).iterb() && (a.completed() && resolve(&b) || exists inv(x) && a.produces(Seq::singleton(x), ^a) && @@ -43,8 +43,8 @@ impl Iterator for Zip { fn produces(self, visited: Seq, o: Self) -> bool { pearlite! { // Using an `unzip` definition doesn't work well because of issues related to datatypes and `match` - exists, p2 : Seq<_>> inv(p1) && inv(p2) - && p1.len() == p2.len() && p2.len() == visited.len() + exists, p2 : Seq<_>> + p1.len() == p2.len() && p2.len() == visited.len() && (forall 0 <= i && i < visited.len() ==> visited[i] == (p1[i], p2[i])) && self.itera().produces(p1, o.itera()) && self.iterb().produces(p2, o.iterb()) } @@ -52,15 +52,11 @@ impl Iterator for Zip { #[law] #[open(self)] - #[requires(inv(self))] #[ensures(self.produces(Seq::EMPTY, self))] fn produces_refl(self) {} #[law] #[open(self)] - #[requires(inv(a))] - #[requires(inv(b))] - #[requires(inv(c))] #[requires(a.produces(ab, b))] #[requires(b.produces(bc, c))] #[ensures(a.produces(ab.concat(bc), c))] diff --git a/creusot-contracts/src/std/slice.rs b/creusot-contracts/src/std/slice.rs index b4a73bb24..81c4b9253 100644 --- a/creusot-contracts/src/std/slice.rs +++ b/creusot-contracts/src/std/slice.rs @@ -462,15 +462,11 @@ impl<'a, T> Iterator for IterMut<'a, T> { #[law] #[open] - #[requires(inv(self))] #[ensures(self.produces(Seq::EMPTY, self))] fn produces_refl(self) {} #[law] #[open] - #[requires(inv(a))] - #[requires(inv(b))] - #[requires(inv(c))] #[requires(a.produces(ab, b))] #[requires(b.produces(bc, c))] #[ensures(a.produces(ab.concat(bc), c))] diff --git a/creusot/tests/creusot-contracts/creusot-contracts.coma b/creusot/tests/creusot-contracts/creusot-contracts.coma index 6b872e7e4..342dc19e7 100644 --- a/creusot/tests/creusot-contracts/creusot-contracts.coma +++ b/creusot/tests/creusot-contracts/creusot-contracts.coma @@ -1085,37 +1085,15 @@ module M_creusot_contracts__stdqy35z1__deque__qyi3159098507555769709__produces_t goal vc_produces_trans'0 : ([%#sdeque1] produces'0 b bc c) -> ([%#sdeque0] produces'0 a ab b) -> ([%#sdeque2] produces'0 a (Seq.(++) ab bc) c) end -module M_creusot_contracts__stdqy35z1__iter__cloned__qyi10472681371035856984__produces_refl [#"../../../creusot-contracts/src/std/iter/cloned.rs" 62 4 62 26] (* as std::iter::Iterator> *) - let%span scloned0 = "../../../creusot-contracts/src/std/iter/cloned.rs" 60 15 60 24 - let%span scloned1 = "../../../creusot-contracts/src/std/iter/cloned.rs" 61 14 61 45 - let%span scloned2 = "../../../creusot-contracts/src/std/iter/cloned.rs" 58 4 58 10 - let%span scloned3 = "../../../creusot-contracts/src/std/iter/cloned.rs" 51 12 54 79 - let%span scloned4 = "../../../creusot-contracts/src/std/iter/cloned.rs" 11 14 11 39 - let%span siter5 = "../../../creusot-contracts/src/std/iter.rs" 38 15 38 24 - let%span siter6 = "../../../creusot-contracts/src/std/iter.rs" 39 14 39 45 - let%span siter7 = "../../../creusot-contracts/src/std/iter.rs" 43 15 43 21 - let%span siter8 = "../../../creusot-contracts/src/std/iter.rs" 44 15 44 21 - let%span siter9 = "../../../creusot-contracts/src/std/iter.rs" 45 15 45 21 - let%span siter10 = "../../../creusot-contracts/src/std/iter.rs" 46 15 46 32 - let%span siter11 = "../../../creusot-contracts/src/std/iter.rs" 47 15 47 32 - let%span siter12 = "../../../creusot-contracts/src/std/iter.rs" 48 14 48 42 - let%span sseq13 = "../../../creusot-contracts/src/logic/seq.rs" 611 20 611 95 - let%span sboxed14 = "../../../creusot-contracts/src/std/boxed.rs" 28 8 28 18 - let%span sinvariant15 = "../../../creusot-contracts/src/invariant.rs" 24 8 24 18 - - type t_I'0 - - type t_Cloned'0 = - { t_Cloned__it'0: t_I'0 } - - predicate inv'2 [#"../../../creusot-contracts/src/invariant.rs" 41 0 41 35] (_1 : t_I'0) - - predicate inv'0 [#"../../../creusot-contracts/src/invariant.rs" 41 0 41 35] (_1 : t_Cloned'0) - - axiom inv_axiom'0 [@rewrite] : forall x : t_Cloned'0 [inv'0 x] . inv'0 x - = match x with - | {t_Cloned__it'0 = it} -> inv'2 it - end +module M_creusot_contracts__stdqy35z1__iter__cloned__qyi10472681371035856984__produces_refl [#"../../../creusot-contracts/src/std/iter/cloned.rs" 58 4 58 26] (* as std::iter::Iterator> *) + let%span scloned0 = "../../../creusot-contracts/src/std/iter/cloned.rs" 57 14 57 45 + let%span scloned1 = "../../../creusot-contracts/src/std/iter/cloned.rs" 55 4 55 10 + let%span scloned2 = "../../../creusot-contracts/src/std/iter/cloned.rs" 48 12 51 79 + let%span scloned3 = "../../../creusot-contracts/src/std/iter/cloned.rs" 11 14 11 39 + let%span siter4 = "../../../creusot-contracts/src/std/iter.rs" 38 14 38 45 + let%span siter5 = "../../../creusot-contracts/src/std/iter.rs" 42 15 42 32 + let%span siter6 = "../../../creusot-contracts/src/std/iter.rs" 43 15 43 32 + let%span siter7 = "../../../creusot-contracts/src/std/iter.rs" 44 14 44 42 use seq.Seq @@ -1123,42 +1101,27 @@ module M_creusot_contracts__stdqy35z1__iter__cloned__qyi10472681371035856984__pr use seq.Seq - use prelude.prelude.Borrow - - use seq.Seq + type t_I'0 - use prelude.prelude.Int + type t_Cloned'0 = + { t_Cloned__it'0: t_I'0 } - use seq.Seq + use prelude.prelude.Borrow use seq.Seq - predicate inv'5 [#"../../../creusot-contracts/src/invariant.rs" 41 0 41 35] (_1 : t_T'0) - - predicate invariant'2 [#"../../../creusot-contracts/src/invariant.rs" 23 4 23 30] (self : t_T'0) = - [%#sinvariant15] inv'5 self - - predicate inv'4 [#"../../../creusot-contracts/src/invariant.rs" 41 0 41 35] (_1 : t_T'0) - - axiom inv_axiom'3 [@rewrite] : forall x : t_T'0 [inv'4 x] . inv'4 x = invariant'2 x - - predicate invariant'1 [#"../../../creusot-contracts/src/std/boxed.rs" 27 4 27 30] (self : t_T'0) = - [%#sboxed14] inv'4 self - - predicate inv'3 [#"../../../creusot-contracts/src/invariant.rs" 41 0 41 35] (_1 : t_T'0) - - axiom inv_axiom'2 [@rewrite] : forall x : t_T'0 [inv'3 x] . inv'3 x = invariant'1 x - - predicate invariant'0 [#"../../../creusot-contracts/src/logic/seq.rs" 610 4 610 30] (self : Seq.seq t_T'0) = - [%#sseq13] forall i : int . 0 <= i /\ i < Seq.length self -> inv'3 (Seq.get self i) + predicate inv'1 [#"../../../creusot-contracts/src/invariant.rs" 41 0 41 35] (_1 : t_I'0) - predicate inv'1 [#"../../../creusot-contracts/src/invariant.rs" 41 0 41 35] (_1 : Seq.seq t_T'0) + predicate inv'0 [#"../../../creusot-contracts/src/invariant.rs" 41 0 41 35] (_1 : t_Cloned'0) - axiom inv_axiom'1 [@rewrite] : forall x : Seq.seq t_T'0 [inv'1 x] . inv'1 x = invariant'0 x + axiom inv_axiom'0 [@rewrite] : forall x : t_Cloned'0 [inv'0 x] . inv'0 x + = match x with + | {t_Cloned__it'0 = it} -> inv'1 it + end function iter'0 [#"../../../creusot-contracts/src/std/iter/cloned.rs" 12 4 12 22] (self : t_Cloned'0) : t_I'0 - axiom iter'0_spec : forall self : t_Cloned'0 . [%#scloned4] inv'0 self -> inv'2 (iter'0 self) + axiom iter'0_spec : forall self : t_Cloned'0 . [%#scloned3] inv'0 self -> inv'1 (iter'0 self) use seq.Seq @@ -1167,77 +1130,56 @@ module M_creusot_contracts__stdqy35z1__iter__cloned__qyi10472681371035856984__pr predicate produces'1 [#"../../../creusot-contracts/src/std/iter.rs" 32 4 32 65] (self : t_I'0) (visited : Seq.seq t_T'0) (o : t_I'0) - function produces_trans'0 [#"../../../creusot-contracts/src/std/iter.rs" 49 4 49 91] (a : t_I'0) (ab : Seq.seq t_T'0) (b : t_I'0) (bc : Seq.seq t_T'0) (c : t_I'0) : () + function produces_trans'0 [#"../../../creusot-contracts/src/std/iter.rs" 45 4 45 91] (a : t_I'0) (ab : Seq.seq t_T'0) (b : t_I'0) (bc : Seq.seq t_T'0) (c : t_I'0) : () - axiom produces_trans'0_spec : forall a : t_I'0, ab : Seq.seq t_T'0, b : t_I'0, bc : Seq.seq t_T'0, c : t_I'0 . ([%#siter7] inv'2 a) - -> ([%#siter8] inv'2 b) - -> ([%#siter9] inv'2 c) - -> ([%#siter10] produces'1 a ab b) - -> ([%#siter11] produces'1 b bc c) -> ([%#siter12] produces'1 a (Seq.(++) ab bc) c) + axiom produces_trans'0_spec : forall a : t_I'0, ab : Seq.seq t_T'0, b : t_I'0, bc : Seq.seq t_T'0, c : t_I'0 . ([%#siter5] produces'1 a ab b) + -> ([%#siter6] produces'1 b bc c) -> ([%#siter7] produces'1 a (Seq.(++) ab bc) c) + + function produces_refl'1 [#"../../../creusot-contracts/src/std/iter.rs" 39 4 39 27] (self : t_I'0) : () - function produces_refl'1 [#"../../../creusot-contracts/src/std/iter.rs" 40 4 40 27] (self : t_I'0) : () + axiom produces_refl'1_spec : forall self : t_I'0 . [%#siter4] produces'1 self (Seq.empty : Seq.seq t_T'0) self - axiom produces_refl'1_spec : forall self : t_I'0 . ([%#siter5] inv'2 self) - -> ([%#siter6] produces'1 self (Seq.empty : Seq.seq t_T'0) self) + use seq.Seq use seq.Seq + use prelude.prelude.Int + use seq.Seq use seq.Seq - predicate produces'0 [#"../../../creusot-contracts/src/std/iter/cloned.rs" 49 4 49 64] (self : t_Cloned'0) (visited : Seq.seq t_T'0) (o : t_Cloned'0) + predicate produces'0 [#"../../../creusot-contracts/src/std/iter/cloned.rs" 46 4 46 64] (self : t_Cloned'0) (visited : Seq.seq t_T'0) (o : t_Cloned'0) = - [%#scloned3] exists s : Seq.seq t_T'0 . inv'1 s - /\ produces'1 (iter'0 self) s (iter'0 o) + [%#scloned2] exists s : Seq.seq t_T'0 . produces'1 (iter'0 self) s (iter'0 o) /\ Seq.length visited = Seq.length s /\ (forall i : int . 0 <= i /\ i < Seq.length s -> Seq.get visited i = Seq.get s i) constant self : t_Cloned'0 - function produces_refl'0 [#"../../../creusot-contracts/src/std/iter/cloned.rs" 62 4 62 26] (self : t_Cloned'0) : () - - goal vc_produces_refl'0 : ([%#scloned0] inv'0 self) - -> ([%#scloned1] produces'0 self (Seq.empty : Seq.seq t_T'0) self) -end -module M_creusot_contracts__stdqy35z1__iter__cloned__qyi10472681371035856984__produces_trans [#"../../../creusot-contracts/src/std/iter/cloned.rs" 72 4 72 90] (* as std::iter::Iterator> *) - let%span scloned0 = "../../../creusot-contracts/src/std/iter/cloned.rs" 66 15 66 21 - let%span scloned1 = "../../../creusot-contracts/src/std/iter/cloned.rs" 67 15 67 21 - let%span scloned2 = "../../../creusot-contracts/src/std/iter/cloned.rs" 68 15 68 21 - let%span scloned3 = "../../../creusot-contracts/src/std/iter/cloned.rs" 69 15 69 32 - let%span scloned4 = "../../../creusot-contracts/src/std/iter/cloned.rs" 70 15 70 32 - let%span scloned5 = "../../../creusot-contracts/src/std/iter/cloned.rs" 71 14 71 42 - let%span scloned6 = "../../../creusot-contracts/src/std/iter/cloned.rs" 64 4 64 10 - let%span scloned7 = "../../../creusot-contracts/src/std/iter/cloned.rs" 51 12 54 79 - let%span scloned8 = "../../../creusot-contracts/src/std/iter/cloned.rs" 11 14 11 39 - let%span siter9 = "../../../creusot-contracts/src/std/iter.rs" 38 15 38 24 - let%span siter10 = "../../../creusot-contracts/src/std/iter.rs" 39 14 39 45 - let%span siter11 = "../../../creusot-contracts/src/std/iter.rs" 43 15 43 21 - let%span siter12 = "../../../creusot-contracts/src/std/iter.rs" 44 15 44 21 - let%span siter13 = "../../../creusot-contracts/src/std/iter.rs" 45 15 45 21 - let%span siter14 = "../../../creusot-contracts/src/std/iter.rs" 46 15 46 32 - let%span siter15 = "../../../creusot-contracts/src/std/iter.rs" 47 15 47 32 - let%span siter16 = "../../../creusot-contracts/src/std/iter.rs" 48 14 48 42 - let%span sseq17 = "../../../creusot-contracts/src/logic/seq.rs" 611 20 611 95 - let%span sboxed18 = "../../../creusot-contracts/src/std/boxed.rs" 28 8 28 18 - let%span sinvariant19 = "../../../creusot-contracts/src/invariant.rs" 24 8 24 18 + function produces_refl'0 [#"../../../creusot-contracts/src/std/iter/cloned.rs" 58 4 58 26] (self : t_Cloned'0) : () + + goal vc_produces_refl'0 : [%#scloned0] produces'0 self (Seq.empty : Seq.seq t_T'0) self +end +module M_creusot_contracts__stdqy35z1__iter__cloned__qyi10472681371035856984__produces_trans [#"../../../creusot-contracts/src/std/iter/cloned.rs" 65 4 65 90] (* as std::iter::Iterator> *) + let%span scloned0 = "../../../creusot-contracts/src/std/iter/cloned.rs" 62 15 62 32 + let%span scloned1 = "../../../creusot-contracts/src/std/iter/cloned.rs" 63 15 63 32 + let%span scloned2 = "../../../creusot-contracts/src/std/iter/cloned.rs" 64 14 64 42 + let%span scloned3 = "../../../creusot-contracts/src/std/iter/cloned.rs" 60 4 60 10 + let%span scloned4 = "../../../creusot-contracts/src/std/iter/cloned.rs" 48 12 51 79 + let%span scloned5 = "../../../creusot-contracts/src/std/iter/cloned.rs" 11 14 11 39 + let%span siter6 = "../../../creusot-contracts/src/std/iter.rs" 38 14 38 45 + let%span siter7 = "../../../creusot-contracts/src/std/iter.rs" 42 15 42 32 + let%span siter8 = "../../../creusot-contracts/src/std/iter.rs" 43 15 43 32 + let%span siter9 = "../../../creusot-contracts/src/std/iter.rs" 44 14 44 42 type t_I'0 type t_Cloned'0 = { t_Cloned__it'0: t_I'0 } - predicate inv'2 [#"../../../creusot-contracts/src/invariant.rs" 41 0 41 35] (_1 : t_I'0) - - predicate inv'0 [#"../../../creusot-contracts/src/invariant.rs" 41 0 41 35] (_1 : t_Cloned'0) - - axiom inv_axiom'0 [@rewrite] : forall x : t_Cloned'0 [inv'0 x] . inv'0 x - = match x with - | {t_Cloned__it'0 = it} -> inv'2 it - end - type t_T'0 use seq.Seq @@ -1246,38 +1188,18 @@ module M_creusot_contracts__stdqy35z1__iter__cloned__qyi10472681371035856984__pr use seq.Seq - use prelude.prelude.Int - - use seq.Seq - - use seq.Seq - - predicate inv'5 [#"../../../creusot-contracts/src/invariant.rs" 41 0 41 35] (_1 : t_T'0) - - predicate invariant'2 [#"../../../creusot-contracts/src/invariant.rs" 23 4 23 30] (self : t_T'0) = - [%#sinvariant19] inv'5 self - - predicate inv'4 [#"../../../creusot-contracts/src/invariant.rs" 41 0 41 35] (_1 : t_T'0) - - axiom inv_axiom'3 [@rewrite] : forall x : t_T'0 [inv'4 x] . inv'4 x = invariant'2 x - - predicate invariant'1 [#"../../../creusot-contracts/src/std/boxed.rs" 27 4 27 30] (self : t_T'0) = - [%#sboxed18] inv'4 self - - predicate inv'3 [#"../../../creusot-contracts/src/invariant.rs" 41 0 41 35] (_1 : t_T'0) - - axiom inv_axiom'2 [@rewrite] : forall x : t_T'0 [inv'3 x] . inv'3 x = invariant'1 x - - predicate invariant'0 [#"../../../creusot-contracts/src/logic/seq.rs" 610 4 610 30] (self : Seq.seq t_T'0) = - [%#sseq17] forall i : int . 0 <= i /\ i < Seq.length self -> inv'3 (Seq.get self i) + predicate inv'1 [#"../../../creusot-contracts/src/invariant.rs" 41 0 41 35] (_1 : t_I'0) - predicate inv'1 [#"../../../creusot-contracts/src/invariant.rs" 41 0 41 35] (_1 : Seq.seq t_T'0) + predicate inv'0 [#"../../../creusot-contracts/src/invariant.rs" 41 0 41 35] (_1 : t_Cloned'0) - axiom inv_axiom'1 [@rewrite] : forall x : Seq.seq t_T'0 [inv'1 x] . inv'1 x = invariant'0 x + axiom inv_axiom'0 [@rewrite] : forall x : t_Cloned'0 [inv'0 x] . inv'0 x + = match x with + | {t_Cloned__it'0 = it} -> inv'1 it + end function iter'0 [#"../../../creusot-contracts/src/std/iter/cloned.rs" 12 4 12 22] (self : t_Cloned'0) : t_I'0 - axiom iter'0_spec : forall self : t_Cloned'0 . [%#scloned8] inv'0 self -> inv'2 (iter'0 self) + axiom iter'0_spec : forall self : t_Cloned'0 . [%#scloned5] inv'0 self -> inv'1 (iter'0 self) use seq.Seq @@ -1286,31 +1208,30 @@ module M_creusot_contracts__stdqy35z1__iter__cloned__qyi10472681371035856984__pr predicate produces'1 [#"../../../creusot-contracts/src/std/iter.rs" 32 4 32 65] (self : t_I'0) (visited : Seq.seq t_T'0) (o : t_I'0) - function produces_trans'1 [#"../../../creusot-contracts/src/std/iter.rs" 49 4 49 91] (a : t_I'0) (ab : Seq.seq t_T'0) (b : t_I'0) (bc : Seq.seq t_T'0) (c : t_I'0) : () + function produces_trans'1 [#"../../../creusot-contracts/src/std/iter.rs" 45 4 45 91] (a : t_I'0) (ab : Seq.seq t_T'0) (b : t_I'0) (bc : Seq.seq t_T'0) (c : t_I'0) : () - axiom produces_trans'1_spec : forall a : t_I'0, ab : Seq.seq t_T'0, b : t_I'0, bc : Seq.seq t_T'0, c : t_I'0 . ([%#siter11] inv'2 a) - -> ([%#siter12] inv'2 b) - -> ([%#siter13] inv'2 c) - -> ([%#siter14] produces'1 a ab b) - -> ([%#siter15] produces'1 b bc c) -> ([%#siter16] produces'1 a (Seq.(++) ab bc) c) + axiom produces_trans'1_spec : forall a : t_I'0, ab : Seq.seq t_T'0, b : t_I'0, bc : Seq.seq t_T'0, c : t_I'0 . ([%#siter7] produces'1 a ab b) + -> ([%#siter8] produces'1 b bc c) -> ([%#siter9] produces'1 a (Seq.(++) ab bc) c) - function produces_refl'0 [#"../../../creusot-contracts/src/std/iter.rs" 40 4 40 27] (self : t_I'0) : () + function produces_refl'0 [#"../../../creusot-contracts/src/std/iter.rs" 39 4 39 27] (self : t_I'0) : () - axiom produces_refl'0_spec : forall self : t_I'0 . ([%#siter9] inv'2 self) - -> ([%#siter10] produces'1 self (Seq.empty : Seq.seq t_T'0) self) + axiom produces_refl'0_spec : forall self : t_I'0 . [%#siter6] produces'1 self (Seq.empty : Seq.seq t_T'0) self use seq.Seq use seq.Seq + use prelude.prelude.Int + + use seq.Seq + use seq.Seq - predicate produces'0 [#"../../../creusot-contracts/src/std/iter/cloned.rs" 49 4 49 64] (self : t_Cloned'0) (visited : Seq.seq t_T'0) (o : t_Cloned'0) + predicate produces'0 [#"../../../creusot-contracts/src/std/iter/cloned.rs" 46 4 46 64] (self : t_Cloned'0) (visited : Seq.seq t_T'0) (o : t_Cloned'0) = - [%#scloned7] exists s : Seq.seq t_T'0 . inv'1 s - /\ produces'1 (iter'0 self) s (iter'0 o) + [%#scloned4] exists s : Seq.seq t_T'0 . produces'1 (iter'0 self) s (iter'0 o) /\ Seq.length visited = Seq.length s /\ (forall i : int . 0 <= i /\ i < Seq.length s -> Seq.get visited i = Seq.get s i) @@ -1326,45 +1247,21 @@ module M_creusot_contracts__stdqy35z1__iter__cloned__qyi10472681371035856984__pr constant c : t_Cloned'0 - function produces_trans'0 [#"../../../creusot-contracts/src/std/iter/cloned.rs" 72 4 72 90] (a : t_Cloned'0) (ab : Seq.seq t_T'0) (b : t_Cloned'0) (bc : Seq.seq t_T'0) (c : t_Cloned'0) : () - - - goal vc_produces_trans'0 : ([%#scloned4] produces'0 b bc c) - -> ([%#scloned3] produces'0 a ab b) - -> ([%#scloned2] inv'0 c) - -> ([%#scloned1] inv'0 b) -> ([%#scloned0] inv'0 a) -> ([%#scloned5] produces'0 a (Seq.(++) ab bc) c) -end -module M_creusot_contracts__stdqy35z1__iter__copied__qyi18224474876607687026__produces_refl [#"../../../creusot-contracts/src/std/iter/copied.rs" 62 4 62 26] (* as std::iter::Iterator> *) - let%span scopied0 = "../../../creusot-contracts/src/std/iter/copied.rs" 60 15 60 24 - let%span scopied1 = "../../../creusot-contracts/src/std/iter/copied.rs" 61 14 61 45 - let%span scopied2 = "../../../creusot-contracts/src/std/iter/copied.rs" 58 4 58 10 - let%span scopied3 = "../../../creusot-contracts/src/std/iter/copied.rs" 51 12 54 79 - let%span scopied4 = "../../../creusot-contracts/src/std/iter/copied.rs" 11 14 11 39 - let%span siter5 = "../../../creusot-contracts/src/std/iter.rs" 38 15 38 24 - let%span siter6 = "../../../creusot-contracts/src/std/iter.rs" 39 14 39 45 - let%span siter7 = "../../../creusot-contracts/src/std/iter.rs" 43 15 43 21 - let%span siter8 = "../../../creusot-contracts/src/std/iter.rs" 44 15 44 21 - let%span siter9 = "../../../creusot-contracts/src/std/iter.rs" 45 15 45 21 - let%span siter10 = "../../../creusot-contracts/src/std/iter.rs" 46 15 46 32 - let%span siter11 = "../../../creusot-contracts/src/std/iter.rs" 47 15 47 32 - let%span siter12 = "../../../creusot-contracts/src/std/iter.rs" 48 14 48 42 - let%span sseq13 = "../../../creusot-contracts/src/logic/seq.rs" 611 20 611 95 - let%span sboxed14 = "../../../creusot-contracts/src/std/boxed.rs" 28 8 28 18 - let%span sinvariant15 = "../../../creusot-contracts/src/invariant.rs" 24 8 24 18 - - type t_I'0 - - type t_Copied'0 = - { t_Copied__it'0: t_I'0 } - - predicate inv'2 [#"../../../creusot-contracts/src/invariant.rs" 41 0 41 35] (_1 : t_I'0) - - predicate inv'0 [#"../../../creusot-contracts/src/invariant.rs" 41 0 41 35] (_1 : t_Copied'0) + function produces_trans'0 [#"../../../creusot-contracts/src/std/iter/cloned.rs" 65 4 65 90] (a : t_Cloned'0) (ab : Seq.seq t_T'0) (b : t_Cloned'0) (bc : Seq.seq t_T'0) (c : t_Cloned'0) : () + - axiom inv_axiom'0 [@rewrite] : forall x : t_Copied'0 [inv'0 x] . inv'0 x - = match x with - | {t_Copied__it'0 = it} -> inv'2 it - end + goal vc_produces_trans'0 : ([%#scloned1] produces'0 b bc c) + -> ([%#scloned0] produces'0 a ab b) -> ([%#scloned2] produces'0 a (Seq.(++) ab bc) c) +end +module M_creusot_contracts__stdqy35z1__iter__copied__qyi18224474876607687026__produces_refl [#"../../../creusot-contracts/src/std/iter/copied.rs" 58 4 58 26] (* as std::iter::Iterator> *) + let%span scopied0 = "../../../creusot-contracts/src/std/iter/copied.rs" 57 14 57 45 + let%span scopied1 = "../../../creusot-contracts/src/std/iter/copied.rs" 55 4 55 10 + let%span scopied2 = "../../../creusot-contracts/src/std/iter/copied.rs" 48 12 51 79 + let%span scopied3 = "../../../creusot-contracts/src/std/iter/copied.rs" 11 14 11 39 + let%span siter4 = "../../../creusot-contracts/src/std/iter.rs" 38 14 38 45 + let%span siter5 = "../../../creusot-contracts/src/std/iter.rs" 42 15 42 32 + let%span siter6 = "../../../creusot-contracts/src/std/iter.rs" 43 15 43 32 + let%span siter7 = "../../../creusot-contracts/src/std/iter.rs" 44 14 44 42 use seq.Seq @@ -1372,42 +1269,27 @@ module M_creusot_contracts__stdqy35z1__iter__copied__qyi18224474876607687026__pr use seq.Seq - use prelude.prelude.Borrow - - use seq.Seq + type t_I'0 - use prelude.prelude.Int + type t_Copied'0 = + { t_Copied__it'0: t_I'0 } - use seq.Seq + use prelude.prelude.Borrow use seq.Seq - predicate inv'5 [#"../../../creusot-contracts/src/invariant.rs" 41 0 41 35] (_1 : t_T'0) - - predicate invariant'2 [#"../../../creusot-contracts/src/invariant.rs" 23 4 23 30] (self : t_T'0) = - [%#sinvariant15] inv'5 self - - predicate inv'4 [#"../../../creusot-contracts/src/invariant.rs" 41 0 41 35] (_1 : t_T'0) - - axiom inv_axiom'3 [@rewrite] : forall x : t_T'0 [inv'4 x] . inv'4 x = invariant'2 x - - predicate invariant'1 [#"../../../creusot-contracts/src/std/boxed.rs" 27 4 27 30] (self : t_T'0) = - [%#sboxed14] inv'4 self - - predicate inv'3 [#"../../../creusot-contracts/src/invariant.rs" 41 0 41 35] (_1 : t_T'0) - - axiom inv_axiom'2 [@rewrite] : forall x : t_T'0 [inv'3 x] . inv'3 x = invariant'1 x - - predicate invariant'0 [#"../../../creusot-contracts/src/logic/seq.rs" 610 4 610 30] (self : Seq.seq t_T'0) = - [%#sseq13] forall i : int . 0 <= i /\ i < Seq.length self -> inv'3 (Seq.get self i) + predicate inv'1 [#"../../../creusot-contracts/src/invariant.rs" 41 0 41 35] (_1 : t_I'0) - predicate inv'1 [#"../../../creusot-contracts/src/invariant.rs" 41 0 41 35] (_1 : Seq.seq t_T'0) + predicate inv'0 [#"../../../creusot-contracts/src/invariant.rs" 41 0 41 35] (_1 : t_Copied'0) - axiom inv_axiom'1 [@rewrite] : forall x : Seq.seq t_T'0 [inv'1 x] . inv'1 x = invariant'0 x + axiom inv_axiom'0 [@rewrite] : forall x : t_Copied'0 [inv'0 x] . inv'0 x + = match x with + | {t_Copied__it'0 = it} -> inv'1 it + end function iter'0 [#"../../../creusot-contracts/src/std/iter/copied.rs" 12 4 12 22] (self : t_Copied'0) : t_I'0 - axiom iter'0_spec : forall self : t_Copied'0 . [%#scopied4] inv'0 self -> inv'2 (iter'0 self) + axiom iter'0_spec : forall self : t_Copied'0 . [%#scopied3] inv'0 self -> inv'1 (iter'0 self) use seq.Seq @@ -1416,77 +1298,56 @@ module M_creusot_contracts__stdqy35z1__iter__copied__qyi18224474876607687026__pr predicate produces'1 [#"../../../creusot-contracts/src/std/iter.rs" 32 4 32 65] (self : t_I'0) (visited : Seq.seq t_T'0) (o : t_I'0) - function produces_trans'0 [#"../../../creusot-contracts/src/std/iter.rs" 49 4 49 91] (a : t_I'0) (ab : Seq.seq t_T'0) (b : t_I'0) (bc : Seq.seq t_T'0) (c : t_I'0) : () + function produces_trans'0 [#"../../../creusot-contracts/src/std/iter.rs" 45 4 45 91] (a : t_I'0) (ab : Seq.seq t_T'0) (b : t_I'0) (bc : Seq.seq t_T'0) (c : t_I'0) : () - axiom produces_trans'0_spec : forall a : t_I'0, ab : Seq.seq t_T'0, b : t_I'0, bc : Seq.seq t_T'0, c : t_I'0 . ([%#siter7] inv'2 a) - -> ([%#siter8] inv'2 b) - -> ([%#siter9] inv'2 c) - -> ([%#siter10] produces'1 a ab b) - -> ([%#siter11] produces'1 b bc c) -> ([%#siter12] produces'1 a (Seq.(++) ab bc) c) + axiom produces_trans'0_spec : forall a : t_I'0, ab : Seq.seq t_T'0, b : t_I'0, bc : Seq.seq t_T'0, c : t_I'0 . ([%#siter5] produces'1 a ab b) + -> ([%#siter6] produces'1 b bc c) -> ([%#siter7] produces'1 a (Seq.(++) ab bc) c) - function produces_refl'1 [#"../../../creusot-contracts/src/std/iter.rs" 40 4 40 27] (self : t_I'0) : () + function produces_refl'1 [#"../../../creusot-contracts/src/std/iter.rs" 39 4 39 27] (self : t_I'0) : () - axiom produces_refl'1_spec : forall self : t_I'0 . ([%#siter5] inv'2 self) - -> ([%#siter6] produces'1 self (Seq.empty : Seq.seq t_T'0) self) + axiom produces_refl'1_spec : forall self : t_I'0 . [%#siter4] produces'1 self (Seq.empty : Seq.seq t_T'0) self + + use seq.Seq use seq.Seq + use prelude.prelude.Int + use seq.Seq use seq.Seq - predicate produces'0 [#"../../../creusot-contracts/src/std/iter/copied.rs" 49 4 49 64] (self : t_Copied'0) (visited : Seq.seq t_T'0) (o : t_Copied'0) + predicate produces'0 [#"../../../creusot-contracts/src/std/iter/copied.rs" 46 4 46 64] (self : t_Copied'0) (visited : Seq.seq t_T'0) (o : t_Copied'0) = - [%#scopied3] exists s : Seq.seq t_T'0 . inv'1 s - /\ produces'1 (iter'0 self) s (iter'0 o) + [%#scopied2] exists s : Seq.seq t_T'0 . produces'1 (iter'0 self) s (iter'0 o) /\ Seq.length visited = Seq.length s /\ (forall i : int . 0 <= i /\ i < Seq.length s -> Seq.get visited i = Seq.get s i) constant self : t_Copied'0 - function produces_refl'0 [#"../../../creusot-contracts/src/std/iter/copied.rs" 62 4 62 26] (self : t_Copied'0) : () - - goal vc_produces_refl'0 : ([%#scopied0] inv'0 self) - -> ([%#scopied1] produces'0 self (Seq.empty : Seq.seq t_T'0) self) -end -module M_creusot_contracts__stdqy35z1__iter__copied__qyi18224474876607687026__produces_trans [#"../../../creusot-contracts/src/std/iter/copied.rs" 72 4 72 90] (* as std::iter::Iterator> *) - let%span scopied0 = "../../../creusot-contracts/src/std/iter/copied.rs" 66 15 66 21 - let%span scopied1 = "../../../creusot-contracts/src/std/iter/copied.rs" 67 15 67 21 - let%span scopied2 = "../../../creusot-contracts/src/std/iter/copied.rs" 68 15 68 21 - let%span scopied3 = "../../../creusot-contracts/src/std/iter/copied.rs" 69 15 69 32 - let%span scopied4 = "../../../creusot-contracts/src/std/iter/copied.rs" 70 15 70 32 - let%span scopied5 = "../../../creusot-contracts/src/std/iter/copied.rs" 71 14 71 42 - let%span scopied6 = "../../../creusot-contracts/src/std/iter/copied.rs" 64 4 64 10 - let%span scopied7 = "../../../creusot-contracts/src/std/iter/copied.rs" 51 12 54 79 - let%span scopied8 = "../../../creusot-contracts/src/std/iter/copied.rs" 11 14 11 39 - let%span siter9 = "../../../creusot-contracts/src/std/iter.rs" 38 15 38 24 - let%span siter10 = "../../../creusot-contracts/src/std/iter.rs" 39 14 39 45 - let%span siter11 = "../../../creusot-contracts/src/std/iter.rs" 43 15 43 21 - let%span siter12 = "../../../creusot-contracts/src/std/iter.rs" 44 15 44 21 - let%span siter13 = "../../../creusot-contracts/src/std/iter.rs" 45 15 45 21 - let%span siter14 = "../../../creusot-contracts/src/std/iter.rs" 46 15 46 32 - let%span siter15 = "../../../creusot-contracts/src/std/iter.rs" 47 15 47 32 - let%span siter16 = "../../../creusot-contracts/src/std/iter.rs" 48 14 48 42 - let%span sseq17 = "../../../creusot-contracts/src/logic/seq.rs" 611 20 611 95 - let%span sboxed18 = "../../../creusot-contracts/src/std/boxed.rs" 28 8 28 18 - let%span sinvariant19 = "../../../creusot-contracts/src/invariant.rs" 24 8 24 18 + function produces_refl'0 [#"../../../creusot-contracts/src/std/iter/copied.rs" 58 4 58 26] (self : t_Copied'0) : () + + goal vc_produces_refl'0 : [%#scopied0] produces'0 self (Seq.empty : Seq.seq t_T'0) self +end +module M_creusot_contracts__stdqy35z1__iter__copied__qyi18224474876607687026__produces_trans [#"../../../creusot-contracts/src/std/iter/copied.rs" 65 4 65 90] (* as std::iter::Iterator> *) + let%span scopied0 = "../../../creusot-contracts/src/std/iter/copied.rs" 62 15 62 32 + let%span scopied1 = "../../../creusot-contracts/src/std/iter/copied.rs" 63 15 63 32 + let%span scopied2 = "../../../creusot-contracts/src/std/iter/copied.rs" 64 14 64 42 + let%span scopied3 = "../../../creusot-contracts/src/std/iter/copied.rs" 60 4 60 10 + let%span scopied4 = "../../../creusot-contracts/src/std/iter/copied.rs" 48 12 51 79 + let%span scopied5 = "../../../creusot-contracts/src/std/iter/copied.rs" 11 14 11 39 + let%span siter6 = "../../../creusot-contracts/src/std/iter.rs" 38 14 38 45 + let%span siter7 = "../../../creusot-contracts/src/std/iter.rs" 42 15 42 32 + let%span siter8 = "../../../creusot-contracts/src/std/iter.rs" 43 15 43 32 + let%span siter9 = "../../../creusot-contracts/src/std/iter.rs" 44 14 44 42 type t_I'0 type t_Copied'0 = { t_Copied__it'0: t_I'0 } - predicate inv'2 [#"../../../creusot-contracts/src/invariant.rs" 41 0 41 35] (_1 : t_I'0) - - predicate inv'0 [#"../../../creusot-contracts/src/invariant.rs" 41 0 41 35] (_1 : t_Copied'0) - - axiom inv_axiom'0 [@rewrite] : forall x : t_Copied'0 [inv'0 x] . inv'0 x - = match x with - | {t_Copied__it'0 = it} -> inv'2 it - end - type t_T'0 use seq.Seq @@ -1495,38 +1356,18 @@ module M_creusot_contracts__stdqy35z1__iter__copied__qyi18224474876607687026__pr use seq.Seq - use prelude.prelude.Int - - use seq.Seq - - use seq.Seq - - predicate inv'5 [#"../../../creusot-contracts/src/invariant.rs" 41 0 41 35] (_1 : t_T'0) - - predicate invariant'2 [#"../../../creusot-contracts/src/invariant.rs" 23 4 23 30] (self : t_T'0) = - [%#sinvariant19] inv'5 self - - predicate inv'4 [#"../../../creusot-contracts/src/invariant.rs" 41 0 41 35] (_1 : t_T'0) - - axiom inv_axiom'3 [@rewrite] : forall x : t_T'0 [inv'4 x] . inv'4 x = invariant'2 x - - predicate invariant'1 [#"../../../creusot-contracts/src/std/boxed.rs" 27 4 27 30] (self : t_T'0) = - [%#sboxed18] inv'4 self - - predicate inv'3 [#"../../../creusot-contracts/src/invariant.rs" 41 0 41 35] (_1 : t_T'0) - - axiom inv_axiom'2 [@rewrite] : forall x : t_T'0 [inv'3 x] . inv'3 x = invariant'1 x - - predicate invariant'0 [#"../../../creusot-contracts/src/logic/seq.rs" 610 4 610 30] (self : Seq.seq t_T'0) = - [%#sseq17] forall i : int . 0 <= i /\ i < Seq.length self -> inv'3 (Seq.get self i) + predicate inv'1 [#"../../../creusot-contracts/src/invariant.rs" 41 0 41 35] (_1 : t_I'0) - predicate inv'1 [#"../../../creusot-contracts/src/invariant.rs" 41 0 41 35] (_1 : Seq.seq t_T'0) + predicate inv'0 [#"../../../creusot-contracts/src/invariant.rs" 41 0 41 35] (_1 : t_Copied'0) - axiom inv_axiom'1 [@rewrite] : forall x : Seq.seq t_T'0 [inv'1 x] . inv'1 x = invariant'0 x + axiom inv_axiom'0 [@rewrite] : forall x : t_Copied'0 [inv'0 x] . inv'0 x + = match x with + | {t_Copied__it'0 = it} -> inv'1 it + end function iter'0 [#"../../../creusot-contracts/src/std/iter/copied.rs" 12 4 12 22] (self : t_Copied'0) : t_I'0 - axiom iter'0_spec : forall self : t_Copied'0 . [%#scopied8] inv'0 self -> inv'2 (iter'0 self) + axiom iter'0_spec : forall self : t_Copied'0 . [%#scopied5] inv'0 self -> inv'1 (iter'0 self) use seq.Seq @@ -1535,31 +1376,30 @@ module M_creusot_contracts__stdqy35z1__iter__copied__qyi18224474876607687026__pr predicate produces'1 [#"../../../creusot-contracts/src/std/iter.rs" 32 4 32 65] (self : t_I'0) (visited : Seq.seq t_T'0) (o : t_I'0) - function produces_trans'1 [#"../../../creusot-contracts/src/std/iter.rs" 49 4 49 91] (a : t_I'0) (ab : Seq.seq t_T'0) (b : t_I'0) (bc : Seq.seq t_T'0) (c : t_I'0) : () + function produces_trans'1 [#"../../../creusot-contracts/src/std/iter.rs" 45 4 45 91] (a : t_I'0) (ab : Seq.seq t_T'0) (b : t_I'0) (bc : Seq.seq t_T'0) (c : t_I'0) : () - axiom produces_trans'1_spec : forall a : t_I'0, ab : Seq.seq t_T'0, b : t_I'0, bc : Seq.seq t_T'0, c : t_I'0 . ([%#siter11] inv'2 a) - -> ([%#siter12] inv'2 b) - -> ([%#siter13] inv'2 c) - -> ([%#siter14] produces'1 a ab b) - -> ([%#siter15] produces'1 b bc c) -> ([%#siter16] produces'1 a (Seq.(++) ab bc) c) + axiom produces_trans'1_spec : forall a : t_I'0, ab : Seq.seq t_T'0, b : t_I'0, bc : Seq.seq t_T'0, c : t_I'0 . ([%#siter7] produces'1 a ab b) + -> ([%#siter8] produces'1 b bc c) -> ([%#siter9] produces'1 a (Seq.(++) ab bc) c) + + function produces_refl'0 [#"../../../creusot-contracts/src/std/iter.rs" 39 4 39 27] (self : t_I'0) : () - function produces_refl'0 [#"../../../creusot-contracts/src/std/iter.rs" 40 4 40 27] (self : t_I'0) : () + axiom produces_refl'0_spec : forall self : t_I'0 . [%#siter6] produces'1 self (Seq.empty : Seq.seq t_T'0) self - axiom produces_refl'0_spec : forall self : t_I'0 . ([%#siter9] inv'2 self) - -> ([%#siter10] produces'1 self (Seq.empty : Seq.seq t_T'0) self) + use seq.Seq use seq.Seq + use prelude.prelude.Int + use seq.Seq use seq.Seq - predicate produces'0 [#"../../../creusot-contracts/src/std/iter/copied.rs" 49 4 49 64] (self : t_Copied'0) (visited : Seq.seq t_T'0) (o : t_Copied'0) + predicate produces'0 [#"../../../creusot-contracts/src/std/iter/copied.rs" 46 4 46 64] (self : t_Copied'0) (visited : Seq.seq t_T'0) (o : t_Copied'0) = - [%#scopied7] exists s : Seq.seq t_T'0 . inv'1 s - /\ produces'1 (iter'0 self) s (iter'0 o) + [%#scopied4] exists s : Seq.seq t_T'0 . produces'1 (iter'0 self) s (iter'0 o) /\ Seq.length visited = Seq.length s /\ (forall i : int . 0 <= i /\ i < Seq.length s -> Seq.get visited i = Seq.get s i) @@ -1575,26 +1415,16 @@ module M_creusot_contracts__stdqy35z1__iter__copied__qyi18224474876607687026__pr constant c : t_Copied'0 - function produces_trans'0 [#"../../../creusot-contracts/src/std/iter/copied.rs" 72 4 72 90] (a : t_Copied'0) (ab : Seq.seq t_T'0) (b : t_Copied'0) (bc : Seq.seq t_T'0) (c : t_Copied'0) : () + function produces_trans'0 [#"../../../creusot-contracts/src/std/iter/copied.rs" 65 4 65 90] (a : t_Copied'0) (ab : Seq.seq t_T'0) (b : t_Copied'0) (bc : Seq.seq t_T'0) (c : t_Copied'0) : () - goal vc_produces_trans'0 : ([%#scopied4] produces'0 b bc c) - -> ([%#scopied3] produces'0 a ab b) - -> ([%#scopied2] inv'0 c) - -> ([%#scopied1] inv'0 b) -> ([%#scopied0] inv'0 a) -> ([%#scopied5] produces'0 a (Seq.(++) ab bc) c) + goal vc_produces_trans'0 : ([%#scopied1] produces'0 b bc c) + -> ([%#scopied0] produces'0 a ab b) -> ([%#scopied2] produces'0 a (Seq.(++) ab bc) c) end -module M_creusot_contracts__stdqy35z1__iter__empty__qyi10605201058978801838__produces_refl [#"../../../creusot-contracts/src/std/iter/empty.rs" 20 4 20 26] (* as std::iter::Iterator> *) - let%span sempty0 = "../../../creusot-contracts/src/std/iter/empty.rs" 18 15 18 24 - let%span sempty1 = "../../../creusot-contracts/src/std/iter/empty.rs" 19 14 19 45 - let%span sempty2 = "../../../creusot-contracts/src/std/iter/empty.rs" 16 4 16 10 - let%span sempty3 = "../../../creusot-contracts/src/std/iter/empty.rs" 13 20 13 54 - - type t_Empty'0 = - { t_Empty__0'0: () } - - predicate inv'0 [#"../../../creusot-contracts/src/invariant.rs" 41 0 41 35] (_1 : t_Empty'0) - - axiom inv_axiom'0 [@rewrite] : forall x : t_Empty'0 [inv'0 x] . inv'0 x = true +module M_creusot_contracts__stdqy35z1__iter__empty__qyi10605201058978801838__produces_refl [#"../../../creusot-contracts/src/std/iter/empty.rs" 19 4 19 26] (* as std::iter::Iterator> *) + let%span sempty0 = "../../../creusot-contracts/src/std/iter/empty.rs" 18 14 18 45 + let%span sempty1 = "../../../creusot-contracts/src/std/iter/empty.rs" 16 4 16 10 + let%span sempty2 = "../../../creusot-contracts/src/std/iter/empty.rs" 13 20 13 54 use seq.Seq @@ -1602,34 +1432,30 @@ module M_creusot_contracts__stdqy35z1__iter__empty__qyi10605201058978801838__pro use seq.Seq + type t_Empty'0 = + { t_Empty__0'0: () } + predicate produces'0 [#"../../../creusot-contracts/src/std/iter/empty.rs" 12 4 12 64] (self : t_Empty'0) (visited : Seq.seq t_T'0) (o : t_Empty'0) = - [%#sempty3] visited = (Seq.empty : Seq.seq t_T'0) /\ self = o + [%#sempty2] visited = (Seq.empty : Seq.seq t_T'0) /\ self = o constant self : t_Empty'0 - function produces_refl'0 [#"../../../creusot-contracts/src/std/iter/empty.rs" 20 4 20 26] (self : t_Empty'0) : () + function produces_refl'0 [#"../../../creusot-contracts/src/std/iter/empty.rs" 19 4 19 26] (self : t_Empty'0) : () - goal vc_produces_refl'0 : ([%#sempty0] inv'0 self) -> ([%#sempty1] produces'0 self (Seq.empty : Seq.seq t_T'0) self) + goal vc_produces_refl'0 : [%#sempty0] produces'0 self (Seq.empty : Seq.seq t_T'0) self end -module M_creusot_contracts__stdqy35z1__iter__empty__qyi10605201058978801838__produces_trans [#"../../../creusot-contracts/src/std/iter/empty.rs" 30 4 30 90] (* as std::iter::Iterator> *) - let%span sempty0 = "../../../creusot-contracts/src/std/iter/empty.rs" 24 15 24 21 - let%span sempty1 = "../../../creusot-contracts/src/std/iter/empty.rs" 25 15 25 21 - let%span sempty2 = "../../../creusot-contracts/src/std/iter/empty.rs" 26 15 26 21 - let%span sempty3 = "../../../creusot-contracts/src/std/iter/empty.rs" 27 15 27 32 - let%span sempty4 = "../../../creusot-contracts/src/std/iter/empty.rs" 28 15 28 32 - let%span sempty5 = "../../../creusot-contracts/src/std/iter/empty.rs" 29 14 29 42 - let%span sempty6 = "../../../creusot-contracts/src/std/iter/empty.rs" 22 4 22 10 - let%span sempty7 = "../../../creusot-contracts/src/std/iter/empty.rs" 13 20 13 54 +module M_creusot_contracts__stdqy35z1__iter__empty__qyi10605201058978801838__produces_trans [#"../../../creusot-contracts/src/std/iter/empty.rs" 26 4 26 90] (* as std::iter::Iterator> *) + let%span sempty0 = "../../../creusot-contracts/src/std/iter/empty.rs" 23 15 23 32 + let%span sempty1 = "../../../creusot-contracts/src/std/iter/empty.rs" 24 15 24 32 + let%span sempty2 = "../../../creusot-contracts/src/std/iter/empty.rs" 25 14 25 42 + let%span sempty3 = "../../../creusot-contracts/src/std/iter/empty.rs" 21 4 21 10 + let%span sempty4 = "../../../creusot-contracts/src/std/iter/empty.rs" 13 20 13 54 type t_Empty'0 = { t_Empty__0'0: () } - predicate inv'0 [#"../../../creusot-contracts/src/invariant.rs" 41 0 41 35] (_1 : t_Empty'0) - - axiom inv_axiom'0 [@rewrite] : forall x : t_Empty'0 [inv'0 x] . inv'0 x = true - type t_T'0 use seq.Seq @@ -1639,7 +1465,7 @@ module M_creusot_contracts__stdqy35z1__iter__empty__qyi10605201058978801838__pro predicate produces'0 [#"../../../creusot-contracts/src/std/iter/empty.rs" 12 4 12 64] (self : t_Empty'0) (visited : Seq.seq t_T'0) (o : t_Empty'0) = - [%#sempty7] visited = (Seq.empty : Seq.seq t_T'0) /\ self = o + [%#sempty4] visited = (Seq.empty : Seq.seq t_T'0) /\ self = o use seq.Seq @@ -1653,66 +1479,43 @@ module M_creusot_contracts__stdqy35z1__iter__empty__qyi10605201058978801838__pro constant c : t_Empty'0 - function produces_trans'0 [#"../../../creusot-contracts/src/std/iter/empty.rs" 30 4 30 90] (a : t_Empty'0) (ab : Seq.seq t_T'0) (b : t_Empty'0) (bc : Seq.seq t_T'0) (c : t_Empty'0) : () - - - goal vc_produces_trans'0 : ([%#sempty4] produces'0 b bc c) - -> ([%#sempty3] produces'0 a ab b) - -> ([%#sempty2] inv'0 c) - -> ([%#sempty1] inv'0 b) -> ([%#sempty0] inv'0 a) -> ([%#sempty5] produces'0 a (Seq.(++) ab bc) c) -end -module M_creusot_contracts__stdqy35z1__iter__enumerate__qyi2718914205750388896__produces_refl [#"../../../creusot-contracts/src/std/iter/enumerate.rs" 86 4 86 26] (* as std::iter::Iterator> *) - let%span senumerate0 = "../../../creusot-contracts/src/std/iter/enumerate.rs" 84 15 84 24 - let%span senumerate1 = "../../../creusot-contracts/src/std/iter/enumerate.rs" 85 14 85 45 - let%span senumerate2 = "../../../creusot-contracts/src/std/iter/enumerate.rs" 82 4 82 10 - let%span senumerate3 = "../../../creusot-contracts/src/std/iter/enumerate.rs" 74 12 78 113 - let%span senumerate4 = "../../../creusot-contracts/src/std/iter/enumerate.rs" 14 14 14 39 - let%span senumerate5 = "../../../creusot-contracts/src/std/iter/enumerate.rs" 45 12 49 79 - let%span siter6 = "../../../creusot-contracts/src/std/iter.rs" 38 15 38 24 - let%span siter7 = "../../../creusot-contracts/src/std/iter.rs" 39 14 39 45 - let%span siter8 = "../../../creusot-contracts/src/std/iter.rs" 43 15 43 21 - let%span siter9 = "../../../creusot-contracts/src/std/iter.rs" 44 15 44 21 - let%span siter10 = "../../../creusot-contracts/src/std/iter.rs" 45 15 45 21 - let%span siter11 = "../../../creusot-contracts/src/std/iter.rs" 46 15 46 32 - let%span siter12 = "../../../creusot-contracts/src/std/iter.rs" 47 15 47 32 - let%span siter13 = "../../../creusot-contracts/src/std/iter.rs" 48 14 48 42 - let%span sseq14 = "../../../creusot-contracts/src/logic/seq.rs" 611 20 611 95 - let%span sboxed15 = "../../../creusot-contracts/src/std/boxed.rs" 28 8 28 18 + function produces_trans'0 [#"../../../creusot-contracts/src/std/iter/empty.rs" 26 4 26 90] (a : t_Empty'0) (ab : Seq.seq t_T'0) (b : t_Empty'0) (bc : Seq.seq t_T'0) (c : t_Empty'0) : () + - type t_I'0 + goal vc_produces_trans'0 : ([%#sempty1] produces'0 b bc c) + -> ([%#sempty0] produces'0 a ab b) -> ([%#sempty2] produces'0 a (Seq.(++) ab bc) c) +end +module M_creusot_contracts__stdqy35z1__iter__enumerate__qyi2718914205750388896__produces_refl [#"../../../creusot-contracts/src/std/iter/enumerate.rs" 83 4 83 26] (* as std::iter::Iterator> *) + let%span senumerate0 = "../../../creusot-contracts/src/std/iter/enumerate.rs" 82 14 82 45 + let%span senumerate1 = "../../../creusot-contracts/src/std/iter/enumerate.rs" 80 4 80 10 + let%span senumerate2 = "../../../creusot-contracts/src/std/iter/enumerate.rs" 72 12 76 113 + let%span senumerate3 = "../../../creusot-contracts/src/std/iter/enumerate.rs" 14 14 14 39 + let%span siter4 = "../../../creusot-contracts/src/std/iter.rs" 38 14 38 45 + let%span siter5 = "../../../creusot-contracts/src/std/iter.rs" 42 15 42 32 + let%span siter6 = "../../../creusot-contracts/src/std/iter.rs" 43 15 43 32 + let%span siter7 = "../../../creusot-contracts/src/std/iter.rs" 44 14 44 42 + let%span senumerate8 = "../../../creusot-contracts/src/std/iter/enumerate.rs" 45 12 49 79 - use prelude.prelude.UIntSize + use seq.Seq - type t_Enumerate'0 = - { t_Enumerate__iter'0: t_I'0; t_Enumerate__count'0: usize } + use prelude.prelude.UIntSize type t_Item'0 use seq.Seq - use prelude.prelude.Int + type t_I'0 - use seq.Seq + type t_Enumerate'0 = + { t_Enumerate__iter'0: t_I'0; t_Enumerate__count'0: usize } use seq.Seq - predicate inv'4 [#"../../../creusot-contracts/src/invariant.rs" 41 0 41 35] (_1 : t_Item'0) - - predicate invariant'2 [#"../../../creusot-contracts/src/std/boxed.rs" 27 4 27 30] (self : t_Item'0) = - [%#sboxed15] inv'4 self - - predicate inv'3 [#"../../../creusot-contracts/src/invariant.rs" 41 0 41 35] (_1 : t_Item'0) - - axiom inv_axiom'2 [@rewrite] : forall x : t_Item'0 [inv'3 x] . inv'3 x = invariant'2 x - - predicate invariant'1 [#"../../../creusot-contracts/src/logic/seq.rs" 610 4 610 30] (self : Seq.seq t_Item'0) = - [%#sseq14] forall i : int . 0 <= i /\ i < Seq.length self -> inv'3 (Seq.get self i) - - predicate inv'1 [#"../../../creusot-contracts/src/invariant.rs" 41 0 41 35] (_1 : Seq.seq t_Item'0) + use prelude.prelude.Int - axiom inv_axiom'1 [@rewrite] : forall x : Seq.seq t_Item'0 [inv'1 x] . inv'1 x = invariant'1 x + function n'0 [#"../../../creusot-contracts/src/std/iter/enumerate.rs" 21 4 21 21] (self : t_Enumerate'0) : int - predicate inv'2 [#"../../../creusot-contracts/src/invariant.rs" 41 0 41 35] (_1 : t_I'0) + use seq.Seq use seq.Seq @@ -1721,21 +1524,17 @@ module M_creusot_contracts__stdqy35z1__iter__enumerate__qyi2718914205750388896__ predicate produces'1 [#"../../../creusot-contracts/src/std/iter.rs" 32 4 32 65] (self : t_I'0) (visited : Seq.seq t_Item'0) (o : t_I'0) - function produces_trans'0 [#"../../../creusot-contracts/src/std/iter.rs" 49 4 49 91] (a : t_I'0) (ab : Seq.seq t_Item'0) (b : t_I'0) (bc : Seq.seq t_Item'0) (c : t_I'0) : () + function produces_trans'0 [#"../../../creusot-contracts/src/std/iter.rs" 45 4 45 91] (a : t_I'0) (ab : Seq.seq t_Item'0) (b : t_I'0) (bc : Seq.seq t_Item'0) (c : t_I'0) : () - axiom produces_trans'0_spec : forall a : t_I'0, ab : Seq.seq t_Item'0, b : t_I'0, bc : Seq.seq t_Item'0, c : t_I'0 . ([%#siter8] inv'2 a) - -> ([%#siter9] inv'2 b) - -> ([%#siter10] inv'2 c) - -> ([%#siter11] produces'1 a ab b) - -> ([%#siter12] produces'1 b bc c) -> ([%#siter13] produces'1 a (Seq.(++) ab bc) c) + axiom produces_trans'0_spec : forall a : t_I'0, ab : Seq.seq t_Item'0, b : t_I'0, bc : Seq.seq t_Item'0, c : t_I'0 . ([%#siter5] produces'1 a ab b) + -> ([%#siter6] produces'1 b bc c) -> ([%#siter7] produces'1 a (Seq.(++) ab bc) c) - function produces_refl'1 [#"../../../creusot-contracts/src/std/iter.rs" 40 4 40 27] (self : t_I'0) : () + function produces_refl'1 [#"../../../creusot-contracts/src/std/iter.rs" 39 4 39 27] (self : t_I'0) : () - axiom produces_refl'1_spec : forall self : t_I'0 . ([%#siter6] inv'2 self) - -> ([%#siter7] produces'1 self (Seq.empty : Seq.seq t_Item'0) self) + axiom produces_refl'1_spec : forall self : t_I'0 . [%#siter4] produces'1 self (Seq.empty : Seq.seq t_Item'0) self - function n'0 [#"../../../creusot-contracts/src/std/iter/enumerate.rs" 21 4 21 21] (self : t_Enumerate'0) : int + use seq.Seq constant v_MAX'0 : usize = (18446744073709551615 : usize) @@ -1745,39 +1544,34 @@ module M_creusot_contracts__stdqy35z1__iter__enumerate__qyi2718914205750388896__ predicate completed'0 [#"../../../creusot-contracts/src/std/iter.rs" 35 4 35 36] (self : borrowed t_I'0) + predicate inv'1 [#"../../../creusot-contracts/src/invariant.rs" 41 0 41 35] (_1 : t_I'0) + predicate inv'0 [#"../../../creusot-contracts/src/invariant.rs" 41 0 41 35] (_1 : t_Enumerate'0) function iter'0 [#"../../../creusot-contracts/src/std/iter/enumerate.rs" 15 4 15 22] (self : t_Enumerate'0) : t_I'0 - axiom iter'0_spec : forall self : t_Enumerate'0 . [%#senumerate4] inv'0 self -> inv'2 (iter'0 self) + axiom iter'0_spec : forall self : t_Enumerate'0 . [%#senumerate3] inv'0 self -> inv'1 (iter'0 self) predicate invariant'0 [#"../../../creusot-contracts/src/std/iter/enumerate.rs" 43 4 43 30] (self : t_Enumerate'0) = - [%#senumerate5] (forall s : Seq.seq t_Item'0, i : t_I'0 [produces'1 (iter'0 self) s i] . inv'1 s - /\ inv'2 i /\ produces'1 (iter'0 self) s i -> n'0 self + Seq.length s < UIntSize.to_int v_MAX'0) + [%#senumerate8] (forall s : Seq.seq t_Item'0, i : t_I'0 [produces'1 (iter'0 self) s i] . produces'1 (iter'0 self) s i + -> n'0 self + Seq.length s < UIntSize.to_int v_MAX'0) /\ (forall i : borrowed t_I'0 . completed'0 i -> produces'1 i.current (Seq.empty : Seq.seq t_Item'0) i.final) axiom inv_axiom'0 [@rewrite] : forall x : t_Enumerate'0 [inv'0 x] . inv'0 x = (invariant'0 x /\ match x with - | {t_Enumerate__iter'0 = iter ; t_Enumerate__count'0 = count} -> inv'2 iter + | {t_Enumerate__iter'0 = iter ; t_Enumerate__count'0 = count} -> inv'1 iter end) use seq.Seq use seq.Seq - use seq.Seq - - use seq.Seq - - use seq.Seq - - predicate produces'0 [#"../../../creusot-contracts/src/std/iter/enumerate.rs" 72 4 72 64] (self : t_Enumerate'0) (visited : Seq.seq (usize, t_Item'0)) (o : t_Enumerate'0) + predicate produces'0 [#"../../../creusot-contracts/src/std/iter/enumerate.rs" 70 4 70 64] (self : t_Enumerate'0) (visited : Seq.seq (usize, t_Item'0)) (o : t_Enumerate'0) = - [%#senumerate3] Seq.length visited = n'0 o - n'0 self - /\ (exists s : Seq.seq t_Item'0 . inv'1 s - /\ produces'1 (iter'0 self) s (iter'0 o) + [%#senumerate2] Seq.length visited = n'0 o - n'0 self + /\ (exists s : Seq.seq t_Item'0 . produces'1 (iter'0 self) s (iter'0 o) /\ Seq.length visited = Seq.length s /\ (forall i : int . 0 <= i /\ i < Seq.length s -> UIntSize.to_int (let (a, _) = Seq.get visited i in a) = n'0 self + i @@ -1785,33 +1579,23 @@ module M_creusot_contracts__stdqy35z1__iter__enumerate__qyi2718914205750388896__ constant self : t_Enumerate'0 - function produces_refl'0 [#"../../../creusot-contracts/src/std/iter/enumerate.rs" 86 4 86 26] (self : t_Enumerate'0) : () - - - goal vc_produces_refl'0 : ([%#senumerate0] inv'0 self) - -> ([%#senumerate1] produces'0 self (Seq.empty : Seq.seq (usize, t_Item'0)) self) -end -module M_creusot_contracts__stdqy35z1__iter__enumerate__qyi2718914205750388896__produces_trans [#"../../../creusot-contracts/src/std/iter/enumerate.rs" 96 4 96 90] (* as std::iter::Iterator> *) - let%span senumerate0 = "../../../creusot-contracts/src/std/iter/enumerate.rs" 90 15 90 21 - let%span senumerate1 = "../../../creusot-contracts/src/std/iter/enumerate.rs" 91 15 91 21 - let%span senumerate2 = "../../../creusot-contracts/src/std/iter/enumerate.rs" 92 15 92 21 - let%span senumerate3 = "../../../creusot-contracts/src/std/iter/enumerate.rs" 93 15 93 32 - let%span senumerate4 = "../../../creusot-contracts/src/std/iter/enumerate.rs" 94 15 94 32 - let%span senumerate5 = "../../../creusot-contracts/src/std/iter/enumerate.rs" 95 14 95 42 - let%span senumerate6 = "../../../creusot-contracts/src/std/iter/enumerate.rs" 88 4 88 10 - let%span senumerate7 = "../../../creusot-contracts/src/std/iter/enumerate.rs" 74 12 78 113 - let%span senumerate8 = "../../../creusot-contracts/src/std/iter/enumerate.rs" 14 14 14 39 - let%span senumerate9 = "../../../creusot-contracts/src/std/iter/enumerate.rs" 45 12 49 79 - let%span siter10 = "../../../creusot-contracts/src/std/iter.rs" 38 15 38 24 - let%span siter11 = "../../../creusot-contracts/src/std/iter.rs" 39 14 39 45 - let%span siter12 = "../../../creusot-contracts/src/std/iter.rs" 43 15 43 21 - let%span siter13 = "../../../creusot-contracts/src/std/iter.rs" 44 15 44 21 - let%span siter14 = "../../../creusot-contracts/src/std/iter.rs" 45 15 45 21 - let%span siter15 = "../../../creusot-contracts/src/std/iter.rs" 46 15 46 32 - let%span siter16 = "../../../creusot-contracts/src/std/iter.rs" 47 15 47 32 - let%span siter17 = "../../../creusot-contracts/src/std/iter.rs" 48 14 48 42 - let%span sseq18 = "../../../creusot-contracts/src/logic/seq.rs" 611 20 611 95 - let%span sboxed19 = "../../../creusot-contracts/src/std/boxed.rs" 28 8 28 18 + function produces_refl'0 [#"../../../creusot-contracts/src/std/iter/enumerate.rs" 83 4 83 26] (self : t_Enumerate'0) : () + + + goal vc_produces_refl'0 : [%#senumerate0] produces'0 self (Seq.empty : Seq.seq (usize, t_Item'0)) self +end +module M_creusot_contracts__stdqy35z1__iter__enumerate__qyi2718914205750388896__produces_trans [#"../../../creusot-contracts/src/std/iter/enumerate.rs" 90 4 90 90] (* as std::iter::Iterator> *) + let%span senumerate0 = "../../../creusot-contracts/src/std/iter/enumerate.rs" 87 15 87 32 + let%span senumerate1 = "../../../creusot-contracts/src/std/iter/enumerate.rs" 88 15 88 32 + let%span senumerate2 = "../../../creusot-contracts/src/std/iter/enumerate.rs" 89 14 89 42 + let%span senumerate3 = "../../../creusot-contracts/src/std/iter/enumerate.rs" 85 4 85 10 + let%span senumerate4 = "../../../creusot-contracts/src/std/iter/enumerate.rs" 72 12 76 113 + let%span senumerate5 = "../../../creusot-contracts/src/std/iter/enumerate.rs" 14 14 14 39 + let%span siter6 = "../../../creusot-contracts/src/std/iter.rs" 38 14 38 45 + let%span siter7 = "../../../creusot-contracts/src/std/iter.rs" 42 15 42 32 + let%span siter8 = "../../../creusot-contracts/src/std/iter.rs" 43 15 43 32 + let%span siter9 = "../../../creusot-contracts/src/std/iter.rs" 44 14 44 42 + let%span senumerate10 = "../../../creusot-contracts/src/std/iter/enumerate.rs" 45 12 49 79 type t_I'0 @@ -1824,29 +1608,13 @@ module M_creusot_contracts__stdqy35z1__iter__enumerate__qyi2718914205750388896__ use seq.Seq - use prelude.prelude.Int - - use seq.Seq - use seq.Seq - predicate inv'4 [#"../../../creusot-contracts/src/invariant.rs" 41 0 41 35] (_1 : t_Item'0) - - predicate invariant'2 [#"../../../creusot-contracts/src/std/boxed.rs" 27 4 27 30] (self : t_Item'0) = - [%#sboxed19] inv'4 self - - predicate inv'3 [#"../../../creusot-contracts/src/invariant.rs" 41 0 41 35] (_1 : t_Item'0) - - axiom inv_axiom'2 [@rewrite] : forall x : t_Item'0 [inv'3 x] . inv'3 x = invariant'2 x - - predicate invariant'1 [#"../../../creusot-contracts/src/logic/seq.rs" 610 4 610 30] (self : Seq.seq t_Item'0) = - [%#sseq18] forall i : int . 0 <= i /\ i < Seq.length self -> inv'3 (Seq.get self i) - - predicate inv'1 [#"../../../creusot-contracts/src/invariant.rs" 41 0 41 35] (_1 : Seq.seq t_Item'0) + use prelude.prelude.Int - axiom inv_axiom'1 [@rewrite] : forall x : Seq.seq t_Item'0 [inv'1 x] . inv'1 x = invariant'1 x + function n'0 [#"../../../creusot-contracts/src/std/iter/enumerate.rs" 21 4 21 21] (self : t_Enumerate'0) : int - predicate inv'2 [#"../../../creusot-contracts/src/invariant.rs" 41 0 41 35] (_1 : t_I'0) + use seq.Seq use seq.Seq @@ -1855,21 +1623,17 @@ module M_creusot_contracts__stdqy35z1__iter__enumerate__qyi2718914205750388896__ predicate produces'1 [#"../../../creusot-contracts/src/std/iter.rs" 32 4 32 65] (self : t_I'0) (visited : Seq.seq t_Item'0) (o : t_I'0) - function produces_trans'1 [#"../../../creusot-contracts/src/std/iter.rs" 49 4 49 91] (a : t_I'0) (ab : Seq.seq t_Item'0) (b : t_I'0) (bc : Seq.seq t_Item'0) (c : t_I'0) : () + function produces_trans'1 [#"../../../creusot-contracts/src/std/iter.rs" 45 4 45 91] (a : t_I'0) (ab : Seq.seq t_Item'0) (b : t_I'0) (bc : Seq.seq t_Item'0) (c : t_I'0) : () - axiom produces_trans'1_spec : forall a : t_I'0, ab : Seq.seq t_Item'0, b : t_I'0, bc : Seq.seq t_Item'0, c : t_I'0 . ([%#siter12] inv'2 a) - -> ([%#siter13] inv'2 b) - -> ([%#siter14] inv'2 c) - -> ([%#siter15] produces'1 a ab b) - -> ([%#siter16] produces'1 b bc c) -> ([%#siter17] produces'1 a (Seq.(++) ab bc) c) + axiom produces_trans'1_spec : forall a : t_I'0, ab : Seq.seq t_Item'0, b : t_I'0, bc : Seq.seq t_Item'0, c : t_I'0 . ([%#siter7] produces'1 a ab b) + -> ([%#siter8] produces'1 b bc c) -> ([%#siter9] produces'1 a (Seq.(++) ab bc) c) - function produces_refl'0 [#"../../../creusot-contracts/src/std/iter.rs" 40 4 40 27] (self : t_I'0) : () + function produces_refl'0 [#"../../../creusot-contracts/src/std/iter.rs" 39 4 39 27] (self : t_I'0) : () - axiom produces_refl'0_spec : forall self : t_I'0 . ([%#siter10] inv'2 self) - -> ([%#siter11] produces'1 self (Seq.empty : Seq.seq t_Item'0) self) + axiom produces_refl'0_spec : forall self : t_I'0 . [%#siter6] produces'1 self (Seq.empty : Seq.seq t_Item'0) self - function n'0 [#"../../../creusot-contracts/src/std/iter/enumerate.rs" 21 4 21 21] (self : t_Enumerate'0) : int + use seq.Seq constant v_MAX'0 : usize = (18446744073709551615 : usize) @@ -1879,37 +1643,34 @@ module M_creusot_contracts__stdqy35z1__iter__enumerate__qyi2718914205750388896__ predicate completed'0 [#"../../../creusot-contracts/src/std/iter.rs" 35 4 35 36] (self : borrowed t_I'0) + predicate inv'1 [#"../../../creusot-contracts/src/invariant.rs" 41 0 41 35] (_1 : t_I'0) + predicate inv'0 [#"../../../creusot-contracts/src/invariant.rs" 41 0 41 35] (_1 : t_Enumerate'0) function iter'0 [#"../../../creusot-contracts/src/std/iter/enumerate.rs" 15 4 15 22] (self : t_Enumerate'0) : t_I'0 - axiom iter'0_spec : forall self : t_Enumerate'0 . [%#senumerate8] inv'0 self -> inv'2 (iter'0 self) + axiom iter'0_spec : forall self : t_Enumerate'0 . [%#senumerate5] inv'0 self -> inv'1 (iter'0 self) predicate invariant'0 [#"../../../creusot-contracts/src/std/iter/enumerate.rs" 43 4 43 30] (self : t_Enumerate'0) = - [%#senumerate9] (forall s : Seq.seq t_Item'0, i : t_I'0 [produces'1 (iter'0 self) s i] . inv'1 s - /\ inv'2 i /\ produces'1 (iter'0 self) s i -> n'0 self + Seq.length s < UIntSize.to_int v_MAX'0) + [%#senumerate10] (forall s : Seq.seq t_Item'0, i : t_I'0 [produces'1 (iter'0 self) s i] . produces'1 (iter'0 self) s i + -> n'0 self + Seq.length s < UIntSize.to_int v_MAX'0) /\ (forall i : borrowed t_I'0 . completed'0 i -> produces'1 i.current (Seq.empty : Seq.seq t_Item'0) i.final) axiom inv_axiom'0 [@rewrite] : forall x : t_Enumerate'0 [inv'0 x] . inv'0 x = (invariant'0 x /\ match x with - | {t_Enumerate__iter'0 = iter ; t_Enumerate__count'0 = count} -> inv'2 iter + | {t_Enumerate__iter'0 = iter ; t_Enumerate__count'0 = count} -> inv'1 iter end) use seq.Seq use seq.Seq - use seq.Seq - - use seq.Seq - - predicate produces'0 [#"../../../creusot-contracts/src/std/iter/enumerate.rs" 72 4 72 64] (self : t_Enumerate'0) (visited : Seq.seq (usize, t_Item'0)) (o : t_Enumerate'0) + predicate produces'0 [#"../../../creusot-contracts/src/std/iter/enumerate.rs" 70 4 70 64] (self : t_Enumerate'0) (visited : Seq.seq (usize, t_Item'0)) (o : t_Enumerate'0) = - [%#senumerate7] Seq.length visited = n'0 o - n'0 self - /\ (exists s : Seq.seq t_Item'0 . inv'1 s - /\ produces'1 (iter'0 self) s (iter'0 o) + [%#senumerate4] Seq.length visited = n'0 o - n'0 self + /\ (exists s : Seq.seq t_Item'0 . produces'1 (iter'0 self) s (iter'0 o) /\ Seq.length visited = Seq.length s /\ (forall i : int . 0 <= i /\ i < Seq.length s -> UIntSize.to_int (let (a, _) = Seq.get visited i in a) = n'0 self + i @@ -1927,49 +1688,46 @@ module M_creusot_contracts__stdqy35z1__iter__enumerate__qyi2718914205750388896__ constant c : t_Enumerate'0 - function produces_trans'0 [#"../../../creusot-contracts/src/std/iter/enumerate.rs" 96 4 96 90] (a : t_Enumerate'0) (ab : Seq.seq (usize, t_Item'0)) (b : t_Enumerate'0) (bc : Seq.seq (usize, t_Item'0)) (c : t_Enumerate'0) : () + function produces_trans'0 [#"../../../creusot-contracts/src/std/iter/enumerate.rs" 90 4 90 90] (a : t_Enumerate'0) (ab : Seq.seq (usize, t_Item'0)) (b : t_Enumerate'0) (bc : Seq.seq (usize, t_Item'0)) (c : t_Enumerate'0) : () - goal vc_produces_trans'0 : ([%#senumerate4] produces'0 b bc c) - -> ([%#senumerate3] produces'0 a ab b) - -> ([%#senumerate2] inv'0 c) - -> ([%#senumerate1] inv'0 b) -> ([%#senumerate0] inv'0 a) -> ([%#senumerate5] produces'0 a (Seq.(++) ab bc) c) + goal vc_produces_trans'0 : ([%#senumerate1] produces'0 b bc c) + -> ([%#senumerate0] produces'0 a ab b) -> ([%#senumerate2] produces'0 a (Seq.(++) ab bc) c) end module M_creusot_contracts__stdqy35z1__iter__filter__qyi9573749579793237160__produces_refl [#"../../../creusot-contracts/src/std/iter/filter.rs" 106 4 106 26] (* as std::iter::Iterator> *) - let%span sfilter0 = "../../../creusot-contracts/src/std/iter/filter.rs" 104 15 104 24 - let%span sfilter1 = "../../../creusot-contracts/src/std/iter/filter.rs" 105 14 105 45 - let%span sfilter2 = "../../../creusot-contracts/src/std/iter/filter.rs" 102 4 102 10 - let%span sfilter3 = "../../../creusot-contracts/src/std/iter/filter.rs" 87 12 98 17 + let%span sfilter0 = "../../../creusot-contracts/src/std/iter/filter.rs" 105 14 105 45 + let%span sfilter1 = "../../../creusot-contracts/src/std/iter/filter.rs" 103 4 103 10 + let%span sfilter2 = "../../../creusot-contracts/src/std/iter/filter.rs" 87 12 99 17 + let%span sfilter3 = "../../../creusot-contracts/src/std/iter/filter.rs" 34 12 40 124 let%span sfilter4 = "../../../creusot-contracts/src/std/iter/filter.rs" 22 14 22 39 let%span sfilter5 = "../../../creusot-contracts/src/std/iter/filter.rs" 15 14 15 39 - let%span sfilter6 = "../../../creusot-contracts/src/std/iter/filter.rs" 34 12 40 124 - let%span sops7 = "../../../creusot-contracts/src/std/ops.rs" 109 15 109 59 - let%span sops8 = "../../../creusot-contracts/src/std/ops.rs" 110 14 110 36 - let%span sops9 = "../../../creusot-contracts/src/std/ops.rs" 115 14 115 31 - let%span sops10 = "../../../creusot-contracts/src/std/ops.rs" 120 15 120 29 - let%span sops11 = "../../../creusot-contracts/src/std/ops.rs" 121 15 121 26 - let%span sops12 = "../../../creusot-contracts/src/std/ops.rs" 122 14 122 28 - let%span sops13 = "../../../creusot-contracts/src/std/ops.rs" 127 14 128 105 - let%span siter14 = "../../../creusot-contracts/src/std/iter.rs" 38 15 38 24 - let%span siter15 = "../../../creusot-contracts/src/std/iter.rs" 39 14 39 45 - let%span siter16 = "../../../creusot-contracts/src/std/iter.rs" 43 15 43 21 - let%span siter17 = "../../../creusot-contracts/src/std/iter.rs" 44 15 44 21 - let%span siter18 = "../../../creusot-contracts/src/std/iter.rs" 45 15 45 21 - let%span siter19 = "../../../creusot-contracts/src/std/iter.rs" 46 15 46 32 - let%span siter20 = "../../../creusot-contracts/src/std/iter.rs" 47 15 47 32 - let%span siter21 = "../../../creusot-contracts/src/std/iter.rs" 48 14 48 42 + let%span sops6 = "../../../creusot-contracts/src/std/ops.rs" 109 15 109 59 + let%span sops7 = "../../../creusot-contracts/src/std/ops.rs" 110 14 110 36 + let%span sops8 = "../../../creusot-contracts/src/std/ops.rs" 115 14 115 31 + let%span sops9 = "../../../creusot-contracts/src/std/ops.rs" 120 15 120 29 + let%span sops10 = "../../../creusot-contracts/src/std/ops.rs" 121 15 121 26 + let%span sops11 = "../../../creusot-contracts/src/std/ops.rs" 122 14 122 28 + let%span sops12 = "../../../creusot-contracts/src/std/ops.rs" 127 14 128 105 + let%span siter13 = "../../../creusot-contracts/src/std/iter.rs" 38 14 38 45 + let%span siter14 = "../../../creusot-contracts/src/std/iter.rs" 42 15 42 32 + let%span siter15 = "../../../creusot-contracts/src/std/iter.rs" 43 15 43 32 + let%span siter16 = "../../../creusot-contracts/src/std/iter.rs" 44 14 44 42 - type t_I'0 + use seq.Seq - type t_F'0 + type t_Item'0 + + use seq.Seq + + type t_I'0 + + type t_F'0 type t_Filter'0 = { t_Filter__iter'0: t_I'0; t_Filter__predicate'0: t_F'0 } use prelude.prelude.Borrow - type t_Item'0 - predicate precondition'0 [#"../../../creusot-contracts/src/std/ops.rs" 77 4 77 45] (self : t_F'0) (args : t_Item'0) predicate postcondition_once'0 [#"../../../creusot-contracts/src/std/ops.rs" 85 4 85 73] (self : t_F'0) (args : t_Item'0) (result : bool) @@ -1983,7 +1741,7 @@ module M_creusot_contracts__stdqy35z1__iter__filter__qyi9573749579793237160__pro function fn_mut_once'0 [#"../../../creusot-contracts/src/std/ops.rs" 129 4 129 55] (self : t_F'0) (args : t_Item'0) (res : bool) : () - axiom fn_mut_once'0_spec : forall self : t_F'0, args : t_Item'0, res : bool . [%#sops13] postcondition_once'0 self args res + axiom fn_mut_once'0_spec : forall self : t_F'0, args : t_Item'0, res : bool . [%#sops12] postcondition_once'0 self args res = (exists res_state : t_F'0 . postcondition_mut'0 self args res_state res /\ resolve'0 res_state) predicate unnest'0 [#"../../../creusot-contracts/src/std/ops.rs" 103 4 103 36] (self : t_F'0) (_2 : t_F'0) @@ -1991,44 +1749,40 @@ module M_creusot_contracts__stdqy35z1__iter__filter__qyi9573749579793237160__pro function unnest_trans'0 [#"../../../creusot-contracts/src/std/ops.rs" 123 4 123 43] (self : t_F'0) (b : t_F'0) (c : t_F'0) : () - axiom unnest_trans'0_spec : forall self : t_F'0, b : t_F'0, c : t_F'0 . ([%#sops10] unnest'0 self b) - -> ([%#sops11] unnest'0 b c) -> ([%#sops12] unnest'0 self c) + axiom unnest_trans'0_spec : forall self : t_F'0, b : t_F'0, c : t_F'0 . ([%#sops9] unnest'0 self b) + -> ([%#sops10] unnest'0 b c) -> ([%#sops11] unnest'0 self c) function unnest_refl'0 [#"../../../creusot-contracts/src/std/ops.rs" 116 4 116 24] (self : t_F'0) : () - axiom unnest_refl'0_spec : forall self : t_F'0 . [%#sops9] unnest'0 self self + axiom unnest_refl'0_spec : forall self : t_F'0 . [%#sops8] unnest'0 self self function postcondition_mut_unnest'0 [#"../../../creusot-contracts/src/std/ops.rs" 111 4 111 85] (self : t_F'0) (args : t_Item'0) (res_state : t_F'0) (res : bool) : () - axiom postcondition_mut_unnest'0_spec : forall self : t_F'0, args : t_Item'0, res_state : t_F'0, res : bool . ([%#sops7] postcondition_mut'0 self args res_state res) - -> ([%#sops8] unnest'0 self res_state) + axiom postcondition_mut_unnest'0_spec : forall self : t_F'0, args : t_Item'0, res_state : t_F'0, res : bool . ([%#sops6] postcondition_mut'0 self args res_state res) + -> ([%#sops7] unnest'0 self res_state) predicate invariant'0 [#"../../../creusot-contracts/src/std/iter/filter.rs" 31 4 31 30] (self : t_Filter'0) = - [%#sfilter6] forall f : t_F'0, i : t_Item'0 . precondition'0 f (i) + [%#sfilter3] forall f : t_F'0, i : t_Item'0 . precondition'0 f (i) /\ (forall f : t_F'0, g : t_F'0 . unnest'0 f g -> f = g) /\ (forall f1 : t_F'0, f2 : t_F'0, i : t_Item'0 . not (postcondition_mut'0 f1 (i) f2 true /\ postcondition_mut'0 f1 (i) f2 false)) - predicate inv'1 [#"../../../creusot-contracts/src/invariant.rs" 41 0 41 35] (_1 : t_I'0) + predicate inv'2 [#"../../../creusot-contracts/src/invariant.rs" 41 0 41 35] (_1 : t_I'0) - predicate inv'2 [#"../../../creusot-contracts/src/invariant.rs" 41 0 41 35] (_1 : t_F'0) + predicate inv'1 [#"../../../creusot-contracts/src/invariant.rs" 41 0 41 35] (_1 : t_F'0) predicate inv'0 [#"../../../creusot-contracts/src/invariant.rs" 41 0 41 35] (_1 : t_Filter'0) axiom inv_axiom'0 [@rewrite] : forall x : t_Filter'0 [inv'0 x] . inv'0 x = (invariant'0 x /\ match x with - | {t_Filter__iter'0 = iter ; t_Filter__predicate'0 = predicate'} -> inv'1 iter /\ inv'2 predicate' + | {t_Filter__iter'0 = iter ; t_Filter__predicate'0 = predicate'} -> inv'2 iter /\ inv'1 predicate' end) - use seq.Seq - - use seq.Seq - function func'0 [#"../../../creusot-contracts/src/std/iter/filter.rs" 23 4 23 22] (self : t_Filter'0) : t_F'0 - axiom func'0_spec : forall self : t_Filter'0 . [%#sfilter4] inv'0 self -> inv'2 (func'0 self) + axiom func'0_spec : forall self : t_Filter'0 . [%#sfilter4] inv'0 self -> inv'1 (func'0 self) use prelude.prelude.Int @@ -2036,26 +1790,22 @@ module M_creusot_contracts__stdqy35z1__iter__filter__qyi9573749579793237160__pro function iter'0 [#"../../../creusot-contracts/src/std/iter/filter.rs" 16 4 16 22] (self : t_Filter'0) : t_I'0 - axiom iter'0_spec : forall self : t_Filter'0 . [%#sfilter5] inv'0 self -> inv'1 (iter'0 self) + axiom iter'0_spec : forall self : t_Filter'0 . [%#sfilter5] inv'0 self -> inv'2 (iter'0 self) use seq.Seq predicate produces'1 [#"../../../creusot-contracts/src/std/iter.rs" 32 4 32 65] (self : t_I'0) (visited : Seq.seq t_Item'0) (o : t_I'0) - function produces_trans'0 [#"../../../creusot-contracts/src/std/iter.rs" 49 4 49 91] (a : t_I'0) (ab : Seq.seq t_Item'0) (b : t_I'0) (bc : Seq.seq t_Item'0) (c : t_I'0) : () + function produces_trans'0 [#"../../../creusot-contracts/src/std/iter.rs" 45 4 45 91] (a : t_I'0) (ab : Seq.seq t_Item'0) (b : t_I'0) (bc : Seq.seq t_Item'0) (c : t_I'0) : () - axiom produces_trans'0_spec : forall a : t_I'0, ab : Seq.seq t_Item'0, b : t_I'0, bc : Seq.seq t_Item'0, c : t_I'0 . ([%#siter16] inv'1 a) - -> ([%#siter17] inv'1 b) - -> ([%#siter18] inv'1 c) - -> ([%#siter19] produces'1 a ab b) - -> ([%#siter20] produces'1 b bc c) -> ([%#siter21] produces'1 a (Seq.(++) ab bc) c) + axiom produces_trans'0_spec : forall a : t_I'0, ab : Seq.seq t_Item'0, b : t_I'0, bc : Seq.seq t_Item'0, c : t_I'0 . ([%#siter14] produces'1 a ab b) + -> ([%#siter15] produces'1 b bc c) -> ([%#siter16] produces'1 a (Seq.(++) ab bc) c) - function produces_refl'1 [#"../../../creusot-contracts/src/std/iter.rs" 40 4 40 27] (self : t_I'0) : () + function produces_refl'1 [#"../../../creusot-contracts/src/std/iter.rs" 39 4 39 27] (self : t_I'0) : () - axiom produces_refl'1_spec : forall self : t_I'0 . ([%#siter14] inv'1 self) - -> ([%#siter15] produces'1 self (Seq.empty : Seq.seq t_Item'0) self) + axiom produces_refl'1_spec : forall self : t_I'0 . [%#siter13] produces'1 self (Seq.empty : Seq.seq t_Item'0) self use seq.Seq @@ -2066,7 +1816,8 @@ module M_creusot_contracts__stdqy35z1__iter__filter__qyi9573749579793237160__pro predicate produces'0 [#"../../../creusot-contracts/src/std/iter/filter.rs" 85 4 85 67] (self : t_Filter'0) (visited : Seq.seq t_Item'0) (succ : t_Filter'0) = - [%#sfilter3] unnest'0 (func'0 self) (func'0 succ) + [%#sfilter2] invariant'0 self + -> unnest'0 (func'0 self) (func'0 succ) /\ (exists s : Seq.seq t_Item'0, f : Map.map int int . produces'1 (iter'0 self) s (iter'0 succ) /\ (forall i : int, j : int . 0 <= i /\ i <= j /\ j < Seq.length visited -> 0 <= Map.get f i /\ Map.get f i <= Map.get f j /\ Map.get f j < Seq.length s) @@ -2079,36 +1830,28 @@ module M_creusot_contracts__stdqy35z1__iter__filter__qyi9573749579793237160__pro function produces_refl'0 [#"../../../creusot-contracts/src/std/iter/filter.rs" 106 4 106 26] (self : t_Filter'0) : () - goal vc_produces_refl'0 : ([%#sfilter0] inv'0 self) - -> ([%#sfilter1] produces'0 self (Seq.empty : Seq.seq t_Item'0) self) -end -module M_creusot_contracts__stdqy35z1__iter__filter__qyi9573749579793237160__produces_trans [#"../../../creusot-contracts/src/std/iter/filter.rs" 116 4 116 90] (* as std::iter::Iterator> *) - let%span sfilter0 = "../../../creusot-contracts/src/std/iter/filter.rs" 110 15 110 21 - let%span sfilter1 = "../../../creusot-contracts/src/std/iter/filter.rs" 111 15 111 21 - let%span sfilter2 = "../../../creusot-contracts/src/std/iter/filter.rs" 112 15 112 21 - let%span sfilter3 = "../../../creusot-contracts/src/std/iter/filter.rs" 113 15 113 32 - let%span sfilter4 = "../../../creusot-contracts/src/std/iter/filter.rs" 114 15 114 32 - let%span sfilter5 = "../../../creusot-contracts/src/std/iter/filter.rs" 115 14 115 42 - let%span sfilter6 = "../../../creusot-contracts/src/std/iter/filter.rs" 108 4 108 10 - let%span sfilter7 = "../../../creusot-contracts/src/std/iter/filter.rs" 87 12 98 17 - let%span sfilter8 = "../../../creusot-contracts/src/std/iter/filter.rs" 22 14 22 39 - let%span sfilter9 = "../../../creusot-contracts/src/std/iter/filter.rs" 15 14 15 39 - let%span sfilter10 = "../../../creusot-contracts/src/std/iter/filter.rs" 34 12 40 124 - let%span sops11 = "../../../creusot-contracts/src/std/ops.rs" 109 15 109 59 - let%span sops12 = "../../../creusot-contracts/src/std/ops.rs" 110 14 110 36 - let%span sops13 = "../../../creusot-contracts/src/std/ops.rs" 115 14 115 31 - let%span sops14 = "../../../creusot-contracts/src/std/ops.rs" 120 15 120 29 - let%span sops15 = "../../../creusot-contracts/src/std/ops.rs" 121 15 121 26 - let%span sops16 = "../../../creusot-contracts/src/std/ops.rs" 122 14 122 28 - let%span sops17 = "../../../creusot-contracts/src/std/ops.rs" 127 14 128 105 - let%span siter18 = "../../../creusot-contracts/src/std/iter.rs" 38 15 38 24 - let%span siter19 = "../../../creusot-contracts/src/std/iter.rs" 39 14 39 45 - let%span siter20 = "../../../creusot-contracts/src/std/iter.rs" 43 15 43 21 - let%span siter21 = "../../../creusot-contracts/src/std/iter.rs" 44 15 44 21 - let%span siter22 = "../../../creusot-contracts/src/std/iter.rs" 45 15 45 21 - let%span siter23 = "../../../creusot-contracts/src/std/iter.rs" 46 15 46 32 - let%span siter24 = "../../../creusot-contracts/src/std/iter.rs" 47 15 47 32 - let%span siter25 = "../../../creusot-contracts/src/std/iter.rs" 48 14 48 42 + goal vc_produces_refl'0 : [%#sfilter0] produces'0 self (Seq.empty : Seq.seq t_Item'0) self +end +module M_creusot_contracts__stdqy35z1__iter__filter__qyi9573749579793237160__produces_trans [#"../../../creusot-contracts/src/std/iter/filter.rs" 113 4 113 90] (* as std::iter::Iterator> *) + let%span sfilter0 = "../../../creusot-contracts/src/std/iter/filter.rs" 110 15 110 32 + let%span sfilter1 = "../../../creusot-contracts/src/std/iter/filter.rs" 111 15 111 32 + let%span sfilter2 = "../../../creusot-contracts/src/std/iter/filter.rs" 112 14 112 42 + let%span sfilter3 = "../../../creusot-contracts/src/std/iter/filter.rs" 108 4 108 10 + let%span sfilter4 = "../../../creusot-contracts/src/std/iter/filter.rs" 87 12 99 17 + let%span sfilter5 = "../../../creusot-contracts/src/std/iter/filter.rs" 34 12 40 124 + let%span sfilter6 = "../../../creusot-contracts/src/std/iter/filter.rs" 22 14 22 39 + let%span sfilter7 = "../../../creusot-contracts/src/std/iter/filter.rs" 15 14 15 39 + let%span sops8 = "../../../creusot-contracts/src/std/ops.rs" 109 15 109 59 + let%span sops9 = "../../../creusot-contracts/src/std/ops.rs" 110 14 110 36 + let%span sops10 = "../../../creusot-contracts/src/std/ops.rs" 115 14 115 31 + let%span sops11 = "../../../creusot-contracts/src/std/ops.rs" 120 15 120 29 + let%span sops12 = "../../../creusot-contracts/src/std/ops.rs" 121 15 121 26 + let%span sops13 = "../../../creusot-contracts/src/std/ops.rs" 122 14 122 28 + let%span sops14 = "../../../creusot-contracts/src/std/ops.rs" 127 14 128 105 + let%span siter15 = "../../../creusot-contracts/src/std/iter.rs" 38 14 38 45 + let%span siter16 = "../../../creusot-contracts/src/std/iter.rs" 42 15 42 32 + let%span siter17 = "../../../creusot-contracts/src/std/iter.rs" 43 15 43 32 + let%span siter18 = "../../../creusot-contracts/src/std/iter.rs" 44 14 44 42 type t_I'0 @@ -2117,10 +1860,12 @@ module M_creusot_contracts__stdqy35z1__iter__filter__qyi9573749579793237160__pro type t_Filter'0 = { t_Filter__iter'0: t_I'0; t_Filter__predicate'0: t_F'0 } - use prelude.prelude.Borrow - type t_Item'0 + use seq.Seq + + use prelude.prelude.Borrow + predicate precondition'0 [#"../../../creusot-contracts/src/std/ops.rs" 77 4 77 45] (self : t_F'0) (args : t_Item'0) predicate postcondition_once'0 [#"../../../creusot-contracts/src/std/ops.rs" 85 4 85 73] (self : t_F'0) (args : t_Item'0) (result : bool) @@ -2134,7 +1879,7 @@ module M_creusot_contracts__stdqy35z1__iter__filter__qyi9573749579793237160__pro function fn_mut_once'0 [#"../../../creusot-contracts/src/std/ops.rs" 129 4 129 55] (self : t_F'0) (args : t_Item'0) (res : bool) : () - axiom fn_mut_once'0_spec : forall self : t_F'0, args : t_Item'0, res : bool . [%#sops17] postcondition_once'0 self args res + axiom fn_mut_once'0_spec : forall self : t_F'0, args : t_Item'0, res : bool . [%#sops14] postcondition_once'0 self args res = (exists res_state : t_F'0 . postcondition_mut'0 self args res_state res /\ resolve'0 res_state) predicate unnest'0 [#"../../../creusot-contracts/src/std/ops.rs" 103 4 103 36] (self : t_F'0) (_2 : t_F'0) @@ -2142,42 +1887,40 @@ module M_creusot_contracts__stdqy35z1__iter__filter__qyi9573749579793237160__pro function unnest_trans'0 [#"../../../creusot-contracts/src/std/ops.rs" 123 4 123 43] (self : t_F'0) (b : t_F'0) (c : t_F'0) : () - axiom unnest_trans'0_spec : forall self : t_F'0, b : t_F'0, c : t_F'0 . ([%#sops14] unnest'0 self b) - -> ([%#sops15] unnest'0 b c) -> ([%#sops16] unnest'0 self c) + axiom unnest_trans'0_spec : forall self : t_F'0, b : t_F'0, c : t_F'0 . ([%#sops11] unnest'0 self b) + -> ([%#sops12] unnest'0 b c) -> ([%#sops13] unnest'0 self c) function unnest_refl'0 [#"../../../creusot-contracts/src/std/ops.rs" 116 4 116 24] (self : t_F'0) : () - axiom unnest_refl'0_spec : forall self : t_F'0 . [%#sops13] unnest'0 self self + axiom unnest_refl'0_spec : forall self : t_F'0 . [%#sops10] unnest'0 self self function postcondition_mut_unnest'0 [#"../../../creusot-contracts/src/std/ops.rs" 111 4 111 85] (self : t_F'0) (args : t_Item'0) (res_state : t_F'0) (res : bool) : () - axiom postcondition_mut_unnest'0_spec : forall self : t_F'0, args : t_Item'0, res_state : t_F'0, res : bool . ([%#sops11] postcondition_mut'0 self args res_state res) - -> ([%#sops12] unnest'0 self res_state) + axiom postcondition_mut_unnest'0_spec : forall self : t_F'0, args : t_Item'0, res_state : t_F'0, res : bool . ([%#sops8] postcondition_mut'0 self args res_state res) + -> ([%#sops9] unnest'0 self res_state) predicate invariant'0 [#"../../../creusot-contracts/src/std/iter/filter.rs" 31 4 31 30] (self : t_Filter'0) = - [%#sfilter10] forall f : t_F'0, i : t_Item'0 . precondition'0 f (i) + [%#sfilter5] forall f : t_F'0, i : t_Item'0 . precondition'0 f (i) /\ (forall f : t_F'0, g : t_F'0 . unnest'0 f g -> f = g) /\ (forall f1 : t_F'0, f2 : t_F'0, i : t_Item'0 . not (postcondition_mut'0 f1 (i) f2 true /\ postcondition_mut'0 f1 (i) f2 false)) - predicate inv'1 [#"../../../creusot-contracts/src/invariant.rs" 41 0 41 35] (_1 : t_I'0) + predicate inv'2 [#"../../../creusot-contracts/src/invariant.rs" 41 0 41 35] (_1 : t_I'0) - predicate inv'2 [#"../../../creusot-contracts/src/invariant.rs" 41 0 41 35] (_1 : t_F'0) + predicate inv'1 [#"../../../creusot-contracts/src/invariant.rs" 41 0 41 35] (_1 : t_F'0) predicate inv'0 [#"../../../creusot-contracts/src/invariant.rs" 41 0 41 35] (_1 : t_Filter'0) axiom inv_axiom'0 [@rewrite] : forall x : t_Filter'0 [inv'0 x] . inv'0 x = (invariant'0 x /\ match x with - | {t_Filter__iter'0 = iter ; t_Filter__predicate'0 = predicate'} -> inv'1 iter /\ inv'2 predicate' + | {t_Filter__iter'0 = iter ; t_Filter__predicate'0 = predicate'} -> inv'2 iter /\ inv'1 predicate' end) - use seq.Seq - function func'0 [#"../../../creusot-contracts/src/std/iter/filter.rs" 23 4 23 22] (self : t_Filter'0) : t_F'0 - axiom func'0_spec : forall self : t_Filter'0 . [%#sfilter8] inv'0 self -> inv'2 (func'0 self) + axiom func'0_spec : forall self : t_Filter'0 . [%#sfilter6] inv'0 self -> inv'1 (func'0 self) use prelude.prelude.Int @@ -2185,7 +1928,7 @@ module M_creusot_contracts__stdqy35z1__iter__filter__qyi9573749579793237160__pro function iter'0 [#"../../../creusot-contracts/src/std/iter/filter.rs" 16 4 16 22] (self : t_Filter'0) : t_I'0 - axiom iter'0_spec : forall self : t_Filter'0 . [%#sfilter9] inv'0 self -> inv'1 (iter'0 self) + axiom iter'0_spec : forall self : t_Filter'0 . [%#sfilter7] inv'0 self -> inv'2 (iter'0 self) use seq.Seq @@ -2194,19 +1937,15 @@ module M_creusot_contracts__stdqy35z1__iter__filter__qyi9573749579793237160__pro predicate produces'1 [#"../../../creusot-contracts/src/std/iter.rs" 32 4 32 65] (self : t_I'0) (visited : Seq.seq t_Item'0) (o : t_I'0) - function produces_trans'1 [#"../../../creusot-contracts/src/std/iter.rs" 49 4 49 91] (a : t_I'0) (ab : Seq.seq t_Item'0) (b : t_I'0) (bc : Seq.seq t_Item'0) (c : t_I'0) : () + function produces_trans'1 [#"../../../creusot-contracts/src/std/iter.rs" 45 4 45 91] (a : t_I'0) (ab : Seq.seq t_Item'0) (b : t_I'0) (bc : Seq.seq t_Item'0) (c : t_I'0) : () - axiom produces_trans'1_spec : forall a : t_I'0, ab : Seq.seq t_Item'0, b : t_I'0, bc : Seq.seq t_Item'0, c : t_I'0 . ([%#siter20] inv'1 a) - -> ([%#siter21] inv'1 b) - -> ([%#siter22] inv'1 c) - -> ([%#siter23] produces'1 a ab b) - -> ([%#siter24] produces'1 b bc c) -> ([%#siter25] produces'1 a (Seq.(++) ab bc) c) + axiom produces_trans'1_spec : forall a : t_I'0, ab : Seq.seq t_Item'0, b : t_I'0, bc : Seq.seq t_Item'0, c : t_I'0 . ([%#siter16] produces'1 a ab b) + -> ([%#siter17] produces'1 b bc c) -> ([%#siter18] produces'1 a (Seq.(++) ab bc) c) - function produces_refl'0 [#"../../../creusot-contracts/src/std/iter.rs" 40 4 40 27] (self : t_I'0) : () + function produces_refl'0 [#"../../../creusot-contracts/src/std/iter.rs" 39 4 39 27] (self : t_I'0) : () - axiom produces_refl'0_spec : forall self : t_I'0 . ([%#siter18] inv'1 self) - -> ([%#siter19] produces'1 self (Seq.empty : Seq.seq t_Item'0) self) + axiom produces_refl'0_spec : forall self : t_I'0 . [%#siter15] produces'1 self (Seq.empty : Seq.seq t_Item'0) self use seq.Seq @@ -2217,7 +1956,8 @@ module M_creusot_contracts__stdqy35z1__iter__filter__qyi9573749579793237160__pro predicate produces'0 [#"../../../creusot-contracts/src/std/iter/filter.rs" 85 4 85 67] (self : t_Filter'0) (visited : Seq.seq t_Item'0) (succ : t_Filter'0) = - [%#sfilter7] unnest'0 (func'0 self) (func'0 succ) + [%#sfilter4] invariant'0 self + -> unnest'0 (func'0 self) (func'0 succ) /\ (exists s : Seq.seq t_Item'0, f : Map.map int int . produces'1 (iter'0 self) s (iter'0 succ) /\ (forall i : int, j : int . 0 <= i /\ i <= j /\ j < Seq.length visited -> 0 <= Map.get f i /\ Map.get f i <= Map.get f j /\ Map.get f j < Seq.length s) @@ -2236,29 +1976,28 @@ module M_creusot_contracts__stdqy35z1__iter__filter__qyi9573749579793237160__pro constant c : t_Filter'0 - function produces_trans'0 [#"../../../creusot-contracts/src/std/iter/filter.rs" 116 4 116 90] (a : t_Filter'0) (ab : Seq.seq t_Item'0) (b : t_Filter'0) (bc : Seq.seq t_Item'0) (c : t_Filter'0) : () - - - goal vc_produces_trans'0 : ([%#sfilter4] produces'0 b bc c) - -> ([%#sfilter3] produces'0 a ab b) - -> ([%#sfilter2] inv'0 c) - -> ([%#sfilter1] inv'0 b) -> ([%#sfilter0] inv'0 a) -> ([%#sfilter5] produces'0 a (Seq.(++) ab bc) c) -end -module M_creusot_contracts__stdqy35z1__iter__fuse__qyi10730559947553418603__produces_refl [#"../../../creusot-contracts/src/std/iter/fuse.rs" 43 4 43 26] (* as std::iter::Iterator> *) - let%span sfuse0 = "../../../creusot-contracts/src/std/iter/fuse.rs" 41 15 41 24 - let%span sfuse1 = "../../../creusot-contracts/src/std/iter/fuse.rs" 42 14 42 45 - let%span sfuse2 = "../../../creusot-contracts/src/std/iter/fuse.rs" 39 4 39 10 - let%span sfuse3 = "../../../creusot-contracts/src/std/iter/fuse.rs" 29 12 35 13 - let%span sfuse4 = "../../../creusot-contracts/src/std/iter/fuse.rs" 8 14 8 39 - let%span sfuse5 = "../../../creusot-contracts/src/std/iter/fuse.rs" 9 14 9 71 - let%span siter6 = "../../../creusot-contracts/src/std/iter.rs" 38 15 38 24 - let%span siter7 = "../../../creusot-contracts/src/std/iter.rs" 39 14 39 45 - let%span siter8 = "../../../creusot-contracts/src/std/iter.rs" 43 15 43 21 - let%span siter9 = "../../../creusot-contracts/src/std/iter.rs" 44 15 44 21 - let%span siter10 = "../../../creusot-contracts/src/std/iter.rs" 45 15 45 21 - let%span siter11 = "../../../creusot-contracts/src/std/iter.rs" 46 15 46 32 - let%span siter12 = "../../../creusot-contracts/src/std/iter.rs" 47 15 47 32 - let%span siter13 = "../../../creusot-contracts/src/std/iter.rs" 48 14 48 42 + function produces_trans'0 [#"../../../creusot-contracts/src/std/iter/filter.rs" 113 4 113 90] (a : t_Filter'0) (ab : Seq.seq t_Item'0) (b : t_Filter'0) (bc : Seq.seq t_Item'0) (c : t_Filter'0) : () + + + goal vc_produces_trans'0 : ([%#sfilter1] produces'0 b bc c) + -> ([%#sfilter0] produces'0 a ab b) -> ([%#sfilter2] produces'0 a (Seq.(++) ab bc) c) +end +module M_creusot_contracts__stdqy35z1__iter__fuse__qyi10730559947553418603__produces_refl [#"../../../creusot-contracts/src/std/iter/fuse.rs" 42 4 42 26] (* as std::iter::Iterator> *) + let%span sfuse0 = "../../../creusot-contracts/src/std/iter/fuse.rs" 41 14 41 45 + let%span sfuse1 = "../../../creusot-contracts/src/std/iter/fuse.rs" 39 4 39 10 + let%span sfuse2 = "../../../creusot-contracts/src/std/iter/fuse.rs" 29 12 35 13 + let%span sfuse3 = "../../../creusot-contracts/src/std/iter/fuse.rs" 8 14 8 39 + let%span sfuse4 = "../../../creusot-contracts/src/std/iter/fuse.rs" 9 14 9 71 + let%span siter5 = "../../../creusot-contracts/src/std/iter.rs" 38 14 38 45 + let%span siter6 = "../../../creusot-contracts/src/std/iter.rs" 42 15 42 32 + let%span siter7 = "../../../creusot-contracts/src/std/iter.rs" 43 15 43 32 + let%span siter8 = "../../../creusot-contracts/src/std/iter.rs" 44 14 44 42 + + use seq.Seq + + type t_Item'0 + + use seq.Seq type t_I'0 @@ -2286,40 +2025,30 @@ module M_creusot_contracts__stdqy35z1__iter__fuse__qyi10730559947553418603__prod | {t_Fuse__iter'0 = iter} -> inv'1 iter end - use seq.Seq - - type t_Item'0 - - use seq.Seq - function view'0 [#"../../../creusot-contracts/src/std/iter/fuse.rs" 10 4 10 30] (self : t_Fuse'0) : t_Option'0 - axiom view'0_spec : forall self : t_Fuse'0 . ([%#sfuse4] inv'0 self -> inv'1 (view'0 self)) - && ([%#sfuse5] forall other : t_Fuse'0 . view'0 self = view'0 other -> self = other) + axiom view'0_spec : forall self : t_Fuse'0 . ([%#sfuse3] inv'0 self -> inv'1 (view'0 self)) + && ([%#sfuse4] forall other : t_Fuse'0 . view'0 self = view'0 other -> self = other) use seq.Seq predicate produces'1 [#"../../../creusot-contracts/src/std/iter.rs" 32 4 32 65] (self : t_I'0) (visited : Seq.seq t_Item'0) (o : t_I'0) - function produces_trans'0 [#"../../../creusot-contracts/src/std/iter.rs" 49 4 49 91] (a : t_I'0) (ab : Seq.seq t_Item'0) (b : t_I'0) (bc : Seq.seq t_Item'0) (c : t_I'0) : () + function produces_trans'0 [#"../../../creusot-contracts/src/std/iter.rs" 45 4 45 91] (a : t_I'0) (ab : Seq.seq t_Item'0) (b : t_I'0) (bc : Seq.seq t_Item'0) (c : t_I'0) : () - axiom produces_trans'0_spec : forall a : t_I'0, ab : Seq.seq t_Item'0, b : t_I'0, bc : Seq.seq t_Item'0, c : t_I'0 . ([%#siter8] inv'2 a) - -> ([%#siter9] inv'2 b) - -> ([%#siter10] inv'2 c) - -> ([%#siter11] produces'1 a ab b) - -> ([%#siter12] produces'1 b bc c) -> ([%#siter13] produces'1 a (Seq.(++) ab bc) c) + axiom produces_trans'0_spec : forall a : t_I'0, ab : Seq.seq t_Item'0, b : t_I'0, bc : Seq.seq t_Item'0, c : t_I'0 . ([%#siter6] produces'1 a ab b) + -> ([%#siter7] produces'1 b bc c) -> ([%#siter8] produces'1 a (Seq.(++) ab bc) c) - function produces_refl'1 [#"../../../creusot-contracts/src/std/iter.rs" 40 4 40 27] (self : t_I'0) : () + function produces_refl'1 [#"../../../creusot-contracts/src/std/iter.rs" 39 4 39 27] (self : t_I'0) : () - axiom produces_refl'1_spec : forall self : t_I'0 . ([%#siter6] inv'2 self) - -> ([%#siter7] produces'1 self (Seq.empty : Seq.seq t_Item'0) self) + axiom produces_refl'1_spec : forall self : t_I'0 . [%#siter5] produces'1 self (Seq.empty : Seq.seq t_Item'0) self predicate produces'0 [#"../../../creusot-contracts/src/std/iter/fuse.rs" 27 4 27 65] (self : t_Fuse'0) (prod : Seq.seq t_Item'0) (other : t_Fuse'0) = - [%#sfuse3] match view'0 self with + [%#sfuse2] match view'0 self with | C_None'0 -> prod = (Seq.empty : Seq.seq t_Item'0) /\ view'0 other = view'0 self | C_Some'0 i -> match view'0 other with | C_Some'0 i2 -> produces'1 i prod i2 @@ -2329,30 +2058,22 @@ module M_creusot_contracts__stdqy35z1__iter__fuse__qyi10730559947553418603__prod constant self : t_Fuse'0 - function produces_refl'0 [#"../../../creusot-contracts/src/std/iter/fuse.rs" 43 4 43 26] (self : t_Fuse'0) : () - - goal vc_produces_refl'0 : ([%#sfuse0] inv'0 self) - -> ([%#sfuse1] produces'0 self (Seq.empty : Seq.seq t_Item'0) self) -end -module M_creusot_contracts__stdqy35z1__iter__fuse__qyi10730559947553418603__produces_trans [#"../../../creusot-contracts/src/std/iter/fuse.rs" 53 4 53 90] (* as std::iter::Iterator> *) - let%span sfuse0 = "../../../creusot-contracts/src/std/iter/fuse.rs" 47 15 47 21 - let%span sfuse1 = "../../../creusot-contracts/src/std/iter/fuse.rs" 48 15 48 21 - let%span sfuse2 = "../../../creusot-contracts/src/std/iter/fuse.rs" 49 15 49 21 - let%span sfuse3 = "../../../creusot-contracts/src/std/iter/fuse.rs" 50 15 50 32 - let%span sfuse4 = "../../../creusot-contracts/src/std/iter/fuse.rs" 51 15 51 32 - let%span sfuse5 = "../../../creusot-contracts/src/std/iter/fuse.rs" 52 14 52 42 - let%span sfuse6 = "../../../creusot-contracts/src/std/iter/fuse.rs" 45 4 45 10 - let%span sfuse7 = "../../../creusot-contracts/src/std/iter/fuse.rs" 29 12 35 13 - let%span sfuse8 = "../../../creusot-contracts/src/std/iter/fuse.rs" 8 14 8 39 - let%span sfuse9 = "../../../creusot-contracts/src/std/iter/fuse.rs" 9 14 9 71 - let%span siter10 = "../../../creusot-contracts/src/std/iter.rs" 38 15 38 24 - let%span siter11 = "../../../creusot-contracts/src/std/iter.rs" 39 14 39 45 - let%span siter12 = "../../../creusot-contracts/src/std/iter.rs" 43 15 43 21 - let%span siter13 = "../../../creusot-contracts/src/std/iter.rs" 44 15 44 21 - let%span siter14 = "../../../creusot-contracts/src/std/iter.rs" 45 15 45 21 - let%span siter15 = "../../../creusot-contracts/src/std/iter.rs" 46 15 46 32 - let%span siter16 = "../../../creusot-contracts/src/std/iter.rs" 47 15 47 32 - let%span siter17 = "../../../creusot-contracts/src/std/iter.rs" 48 14 48 42 + function produces_refl'0 [#"../../../creusot-contracts/src/std/iter/fuse.rs" 42 4 42 26] (self : t_Fuse'0) : () + + goal vc_produces_refl'0 : [%#sfuse0] produces'0 self (Seq.empty : Seq.seq t_Item'0) self +end +module M_creusot_contracts__stdqy35z1__iter__fuse__qyi10730559947553418603__produces_trans [#"../../../creusot-contracts/src/std/iter/fuse.rs" 49 4 49 90] (* as std::iter::Iterator> *) + let%span sfuse0 = "../../../creusot-contracts/src/std/iter/fuse.rs" 46 15 46 32 + let%span sfuse1 = "../../../creusot-contracts/src/std/iter/fuse.rs" 47 15 47 32 + let%span sfuse2 = "../../../creusot-contracts/src/std/iter/fuse.rs" 48 14 48 42 + let%span sfuse3 = "../../../creusot-contracts/src/std/iter/fuse.rs" 44 4 44 10 + let%span sfuse4 = "../../../creusot-contracts/src/std/iter/fuse.rs" 29 12 35 13 + let%span sfuse5 = "../../../creusot-contracts/src/std/iter/fuse.rs" 8 14 8 39 + let%span sfuse6 = "../../../creusot-contracts/src/std/iter/fuse.rs" 9 14 9 71 + let%span siter7 = "../../../creusot-contracts/src/std/iter.rs" 38 14 38 45 + let%span siter8 = "../../../creusot-contracts/src/std/iter.rs" 42 15 42 32 + let%span siter9 = "../../../creusot-contracts/src/std/iter.rs" 43 15 43 32 + let%span siter10 = "../../../creusot-contracts/src/std/iter.rs" 44 14 44 42 type t_I'0 @@ -2363,6 +2084,12 @@ module M_creusot_contracts__stdqy35z1__iter__fuse__qyi10730559947553418603__prod type t_Fuse'0 = { t_Fuse__iter'0: t_Option'0 } + type t_Item'0 + + use seq.Seq + + use seq.Seq + predicate inv'2 [#"../../../creusot-contracts/src/invariant.rs" 41 0 41 35] (_1 : t_I'0) predicate inv'1 [#"../../../creusot-contracts/src/invariant.rs" 41 0 41 35] (_1 : t_Option'0) @@ -2380,40 +2107,30 @@ module M_creusot_contracts__stdqy35z1__iter__fuse__qyi10730559947553418603__prod | {t_Fuse__iter'0 = iter} -> inv'1 iter end - type t_Item'0 - - use seq.Seq - - use seq.Seq - function view'0 [#"../../../creusot-contracts/src/std/iter/fuse.rs" 10 4 10 30] (self : t_Fuse'0) : t_Option'0 - axiom view'0_spec : forall self : t_Fuse'0 . ([%#sfuse8] inv'0 self -> inv'1 (view'0 self)) - && ([%#sfuse9] forall other : t_Fuse'0 . view'0 self = view'0 other -> self = other) + axiom view'0_spec : forall self : t_Fuse'0 . ([%#sfuse5] inv'0 self -> inv'1 (view'0 self)) + && ([%#sfuse6] forall other : t_Fuse'0 . view'0 self = view'0 other -> self = other) use seq.Seq predicate produces'1 [#"../../../creusot-contracts/src/std/iter.rs" 32 4 32 65] (self : t_I'0) (visited : Seq.seq t_Item'0) (o : t_I'0) - function produces_trans'1 [#"../../../creusot-contracts/src/std/iter.rs" 49 4 49 91] (a : t_I'0) (ab : Seq.seq t_Item'0) (b : t_I'0) (bc : Seq.seq t_Item'0) (c : t_I'0) : () + function produces_trans'1 [#"../../../creusot-contracts/src/std/iter.rs" 45 4 45 91] (a : t_I'0) (ab : Seq.seq t_Item'0) (b : t_I'0) (bc : Seq.seq t_Item'0) (c : t_I'0) : () - axiom produces_trans'1_spec : forall a : t_I'0, ab : Seq.seq t_Item'0, b : t_I'0, bc : Seq.seq t_Item'0, c : t_I'0 . ([%#siter12] inv'2 a) - -> ([%#siter13] inv'2 b) - -> ([%#siter14] inv'2 c) - -> ([%#siter15] produces'1 a ab b) - -> ([%#siter16] produces'1 b bc c) -> ([%#siter17] produces'1 a (Seq.(++) ab bc) c) + axiom produces_trans'1_spec : forall a : t_I'0, ab : Seq.seq t_Item'0, b : t_I'0, bc : Seq.seq t_Item'0, c : t_I'0 . ([%#siter8] produces'1 a ab b) + -> ([%#siter9] produces'1 b bc c) -> ([%#siter10] produces'1 a (Seq.(++) ab bc) c) - function produces_refl'0 [#"../../../creusot-contracts/src/std/iter.rs" 40 4 40 27] (self : t_I'0) : () + function produces_refl'0 [#"../../../creusot-contracts/src/std/iter.rs" 39 4 39 27] (self : t_I'0) : () - axiom produces_refl'0_spec : forall self : t_I'0 . ([%#siter10] inv'2 self) - -> ([%#siter11] produces'1 self (Seq.empty : Seq.seq t_Item'0) self) + axiom produces_refl'0_spec : forall self : t_I'0 . [%#siter7] produces'1 self (Seq.empty : Seq.seq t_Item'0) self predicate produces'0 [#"../../../creusot-contracts/src/std/iter/fuse.rs" 27 4 27 65] (self : t_Fuse'0) (prod : Seq.seq t_Item'0) (other : t_Fuse'0) = - [%#sfuse7] match view'0 self with + [%#sfuse4] match view'0 self with | C_None'0 -> prod = (Seq.empty : Seq.seq t_Item'0) /\ view'0 other = view'0 self | C_Some'0 i -> match view'0 other with | C_Some'0 i2 -> produces'1 i prod i2 @@ -2431,50 +2148,32 @@ module M_creusot_contracts__stdqy35z1__iter__fuse__qyi10730559947553418603__prod constant c : t_Fuse'0 - function produces_trans'0 [#"../../../creusot-contracts/src/std/iter/fuse.rs" 53 4 53 90] (a : t_Fuse'0) (ab : Seq.seq t_Item'0) (b : t_Fuse'0) (bc : Seq.seq t_Item'0) (c : t_Fuse'0) : () - - - goal vc_produces_trans'0 : ([%#sfuse4] produces'0 b bc c) - -> ([%#sfuse3] produces'0 a ab b) - -> ([%#sfuse2] inv'0 c) - -> ([%#sfuse1] inv'0 b) -> ([%#sfuse0] inv'0 a) -> ([%#sfuse5] produces'0 a (Seq.(++) ab bc) c) -end -module M_creusot_contracts__stdqy35z1__iter__fuse__qyi7691061398646472980__is_fused [#"../../../creusot-contracts/src/std/iter/fuse.rs" 76 4 76 62] (* as std::iter::fuse::FusedIterator> *) - let%span sfuse0 = "../../../creusot-contracts/src/std/iter/fuse.rs" 70 15 70 24 - let%span sfuse1 = "../../../creusot-contracts/src/std/iter/fuse.rs" 71 15 71 24 - let%span sfuse2 = "../../../creusot-contracts/src/std/iter/fuse.rs" 72 15 72 25 - let%span sfuse3 = "../../../creusot-contracts/src/std/iter/fuse.rs" 73 15 73 31 - let%span sfuse4 = "../../../creusot-contracts/src/std/iter/fuse.rs" 74 15 74 44 - let%span sfuse5 = "../../../creusot-contracts/src/std/iter/fuse.rs" 75 14 75 50 - let%span sfuse6 = "../../../creusot-contracts/src/std/iter/fuse.rs" 68 4 68 10 - let%span sfuse7 = "../../../creusot-contracts/src/std/iter/fuse.rs" 20 12 21 28 - let%span sfuse8 = "../../../creusot-contracts/src/std/iter/fuse.rs" 29 12 35 13 - let%span sfuse9 = "../../../creusot-contracts/src/std/iter/fuse.rs" 41 15 41 24 - let%span sfuse10 = "../../../creusot-contracts/src/std/iter/fuse.rs" 42 14 42 45 - let%span sfuse11 = "../../../creusot-contracts/src/std/iter/fuse.rs" 39 4 39 10 - let%span sfuse12 = "../../../creusot-contracts/src/std/iter/fuse.rs" 47 15 47 21 - let%span sfuse13 = "../../../creusot-contracts/src/std/iter/fuse.rs" 48 15 48 21 - let%span sfuse14 = "../../../creusot-contracts/src/std/iter/fuse.rs" 49 15 49 21 - let%span sfuse15 = "../../../creusot-contracts/src/std/iter/fuse.rs" 50 15 50 32 - let%span sfuse16 = "../../../creusot-contracts/src/std/iter/fuse.rs" 51 15 51 32 - let%span sfuse17 = "../../../creusot-contracts/src/std/iter/fuse.rs" 52 14 52 42 - let%span sfuse18 = "../../../creusot-contracts/src/std/iter/fuse.rs" 45 4 45 10 - let%span smodel19 = "../../../creusot-contracts/src/model.rs" 106 8 106 22 - let%span sfuse20 = "../../../creusot-contracts/src/std/iter/fuse.rs" 8 14 8 39 - let%span sfuse21 = "../../../creusot-contracts/src/std/iter/fuse.rs" 9 14 9 71 - let%span sinvariant22 = "../../../creusot-contracts/src/invariant.rs" 34 20 34 44 - let%span sseq23 = "../../../creusot-contracts/src/logic/seq.rs" 611 20 611 95 - let%span siter24 = "../../../creusot-contracts/src/std/iter.rs" 38 15 38 24 - let%span siter25 = "../../../creusot-contracts/src/std/iter.rs" 39 14 39 45 - let%span siter26 = "../../../creusot-contracts/src/std/iter.rs" 43 15 43 21 - let%span siter27 = "../../../creusot-contracts/src/std/iter.rs" 44 15 44 21 - let%span siter28 = "../../../creusot-contracts/src/std/iter.rs" 45 15 45 21 - let%span siter29 = "../../../creusot-contracts/src/std/iter.rs" 46 15 46 32 - let%span siter30 = "../../../creusot-contracts/src/std/iter.rs" 47 15 47 32 - let%span siter31 = "../../../creusot-contracts/src/std/iter.rs" 48 14 48 42 - let%span sboxed32 = "../../../creusot-contracts/src/std/boxed.rs" 28 8 28 18 - - use prelude.prelude.Borrow + function produces_trans'0 [#"../../../creusot-contracts/src/std/iter/fuse.rs" 49 4 49 90] (a : t_Fuse'0) (ab : Seq.seq t_Item'0) (b : t_Fuse'0) (bc : Seq.seq t_Item'0) (c : t_Fuse'0) : () + + + goal vc_produces_trans'0 : ([%#sfuse1] produces'0 b bc c) + -> ([%#sfuse0] produces'0 a ab b) -> ([%#sfuse2] produces'0 a (Seq.(++) ab bc) c) +end +module M_creusot_contracts__stdqy35z1__iter__fuse__qyi7691061398646472980__is_fused [#"../../../creusot-contracts/src/std/iter/fuse.rs" 66 4 66 62] (* as std::iter::fuse::FusedIterator> *) + let%span sfuse0 = "../../../creusot-contracts/src/std/iter/fuse.rs" 63 15 63 31 + let%span sfuse1 = "../../../creusot-contracts/src/std/iter/fuse.rs" 64 15 64 44 + let%span sfuse2 = "../../../creusot-contracts/src/std/iter/fuse.rs" 65 14 65 50 + let%span sfuse3 = "../../../creusot-contracts/src/std/iter/fuse.rs" 61 4 61 10 + let%span sfuse4 = "../../../creusot-contracts/src/std/iter/fuse.rs" 20 12 21 28 + let%span sfuse5 = "../../../creusot-contracts/src/std/iter/fuse.rs" 29 12 35 13 + let%span sfuse6 = "../../../creusot-contracts/src/std/iter/fuse.rs" 41 14 41 45 + let%span sfuse7 = "../../../creusot-contracts/src/std/iter/fuse.rs" 39 4 39 10 + let%span sfuse8 = "../../../creusot-contracts/src/std/iter/fuse.rs" 46 15 46 32 + let%span sfuse9 = "../../../creusot-contracts/src/std/iter/fuse.rs" 47 15 47 32 + let%span sfuse10 = "../../../creusot-contracts/src/std/iter/fuse.rs" 48 14 48 42 + let%span sfuse11 = "../../../creusot-contracts/src/std/iter/fuse.rs" 44 4 44 10 + let%span smodel12 = "../../../creusot-contracts/src/model.rs" 106 8 106 22 + let%span sfuse13 = "../../../creusot-contracts/src/std/iter/fuse.rs" 8 14 8 39 + let%span sfuse14 = "../../../creusot-contracts/src/std/iter/fuse.rs" 9 14 9 71 + let%span siter15 = "../../../creusot-contracts/src/std/iter.rs" 38 14 38 45 + let%span siter16 = "../../../creusot-contracts/src/std/iter.rs" 42 15 42 32 + let%span siter17 = "../../../creusot-contracts/src/std/iter.rs" 43 15 43 32 + let%span siter18 = "../../../creusot-contracts/src/std/iter.rs" 44 14 44 42 type t_I'0 @@ -2485,86 +2184,53 @@ module M_creusot_contracts__stdqy35z1__iter__fuse__qyi7691061398646472980__is_fu type t_Fuse'0 = { t_Fuse__iter'0: t_Option'0 } - predicate inv'6 [#"../../../creusot-contracts/src/invariant.rs" 41 0 41 35] (_1 : t_I'0) - - predicate inv'4 [#"../../../creusot-contracts/src/invariant.rs" 41 0 41 35] (_1 : t_Option'0) - - axiom inv_axiom'4 [@rewrite] : forall x : t_Option'0 [inv'4 x] . inv'4 x - = match x with - | C_None'0 -> true - | C_Some'0 a_0 -> inv'6 a_0 - end - - predicate inv'1 [#"../../../creusot-contracts/src/invariant.rs" 41 0 41 35] (_1 : t_Fuse'0) - - axiom inv_axiom'1 [@rewrite] : forall x : t_Fuse'0 [inv'1 x] . inv'1 x - = match x with - | {t_Fuse__iter'0 = iter} -> inv'4 iter - end - - predicate invariant'0 [#"../../../creusot-contracts/src/invariant.rs" 33 4 33 30] (self : borrowed (t_Fuse'0)) = - [%#sinvariant22] inv'1 self.current /\ inv'1 self.final - - predicate inv'0 [#"../../../creusot-contracts/src/invariant.rs" 41 0 41 35] (_1 : borrowed (t_Fuse'0)) - - axiom inv_axiom'0 [@rewrite] : forall x : borrowed (t_Fuse'0) [inv'0 x] . inv'0 x = invariant'0 x - type t_Item'0 use seq.Seq - use prelude.prelude.Int - - use seq.Seq - use seq.Seq - predicate inv'7 [#"../../../creusot-contracts/src/invariant.rs" 41 0 41 35] (_1 : t_Item'0) - - predicate invariant'3 [#"../../../creusot-contracts/src/std/boxed.rs" 27 4 27 30] (self : t_Item'0) = - [%#sboxed32] inv'7 self - - predicate inv'5 [#"../../../creusot-contracts/src/invariant.rs" 41 0 41 35] (_1 : t_Item'0) - - axiom inv_axiom'5 [@rewrite] : forall x : t_Item'0 [inv'5 x] . inv'5 x = invariant'3 x + predicate inv'2 [#"../../../creusot-contracts/src/invariant.rs" 41 0 41 35] (_1 : t_I'0) - predicate invariant'1 [#"../../../creusot-contracts/src/logic/seq.rs" 610 4 610 30] (self : Seq.seq t_Item'0) = - [%#sseq23] forall i : int . 0 <= i /\ i < Seq.length self -> inv'5 (Seq.get self i) + predicate inv'1 [#"../../../creusot-contracts/src/invariant.rs" 41 0 41 35] (_1 : t_Option'0) - predicate inv'2 [#"../../../creusot-contracts/src/invariant.rs" 41 0 41 35] (_1 : Seq.seq t_Item'0) + axiom inv_axiom'1 [@rewrite] : forall x : t_Option'0 [inv'1 x] . inv'1 x + = match x with + | C_None'0 -> true + | C_Some'0 a_0 -> inv'2 a_0 + end - axiom inv_axiom'2 [@rewrite] : forall x : Seq.seq t_Item'0 [inv'2 x] . inv'2 x = invariant'1 x + predicate inv'0 [#"../../../creusot-contracts/src/invariant.rs" 41 0 41 35] (_1 : t_Fuse'0) - use seq.Seq + axiom inv_axiom'0 [@rewrite] : forall x : t_Fuse'0 [inv'0 x] . inv'0 x + = match x with + | {t_Fuse__iter'0 = iter} -> inv'1 iter + end function view'1 [#"../../../creusot-contracts/src/std/iter/fuse.rs" 10 4 10 30] (self : t_Fuse'0) : t_Option'0 - axiom view'1_spec : forall self : t_Fuse'0 . ([%#sfuse20] inv'1 self -> inv'4 (view'1 self)) - && ([%#sfuse21] forall other : t_Fuse'0 . view'1 self = view'1 other -> self = other) + axiom view'1_spec : forall self : t_Fuse'0 . ([%#sfuse13] inv'0 self -> inv'1 (view'1 self)) + && ([%#sfuse14] forall other : t_Fuse'0 . view'1 self = view'1 other -> self = other) use seq.Seq predicate produces'1 [#"../../../creusot-contracts/src/std/iter.rs" 32 4 32 65] (self : t_I'0) (visited : Seq.seq t_Item'0) (o : t_I'0) - function produces_trans'1 [#"../../../creusot-contracts/src/std/iter.rs" 49 4 49 91] (a : t_I'0) (ab : Seq.seq t_Item'0) (b : t_I'0) (bc : Seq.seq t_Item'0) (c : t_I'0) : () + function produces_trans'1 [#"../../../creusot-contracts/src/std/iter.rs" 45 4 45 91] (a : t_I'0) (ab : Seq.seq t_Item'0) (b : t_I'0) (bc : Seq.seq t_Item'0) (c : t_I'0) : () - axiom produces_trans'1_spec : forall a : t_I'0, ab : Seq.seq t_Item'0, b : t_I'0, bc : Seq.seq t_Item'0, c : t_I'0 . ([%#siter26] inv'6 a) - -> ([%#siter27] inv'6 b) - -> ([%#siter28] inv'6 c) - -> ([%#siter29] produces'1 a ab b) - -> ([%#siter30] produces'1 b bc c) -> ([%#siter31] produces'1 a (Seq.(++) ab bc) c) + axiom produces_trans'1_spec : forall a : t_I'0, ab : Seq.seq t_Item'0, b : t_I'0, bc : Seq.seq t_Item'0, c : t_I'0 . ([%#siter16] produces'1 a ab b) + -> ([%#siter17] produces'1 b bc c) -> ([%#siter18] produces'1 a (Seq.(++) ab bc) c) - function produces_refl'1 [#"../../../creusot-contracts/src/std/iter.rs" 40 4 40 27] (self : t_I'0) : () + function produces_refl'1 [#"../../../creusot-contracts/src/std/iter.rs" 39 4 39 27] (self : t_I'0) : () - axiom produces_refl'1_spec : forall self : t_I'0 . ([%#siter24] inv'6 self) - -> ([%#siter25] produces'1 self (Seq.empty : Seq.seq t_Item'0) self) + axiom produces_refl'1_spec : forall self : t_I'0 . [%#siter15] produces'1 self (Seq.empty : Seq.seq t_Item'0) self predicate produces'0 [#"../../../creusot-contracts/src/std/iter/fuse.rs" 27 4 27 65] (self : t_Fuse'0) (prod : Seq.seq t_Item'0) (other : t_Fuse'0) = - [%#sfuse8] match view'1 self with + [%#sfuse5] match view'1 self with | C_None'0 -> prod = (Seq.empty : Seq.seq t_Item'0) /\ view'1 other = view'1 self | C_Some'0 i -> match view'1 other with | C_Some'0 i2 -> produces'1 i prod i2 @@ -2572,38 +2238,29 @@ module M_creusot_contracts__stdqy35z1__iter__fuse__qyi7691061398646472980__is_fu end end - function produces_trans'0 [#"../../../creusot-contracts/src/std/iter/fuse.rs" 53 4 53 90] (a : t_Fuse'0) (ab : Seq.seq t_Item'0) (b : t_Fuse'0) (bc : Seq.seq t_Item'0) (c : t_Fuse'0) : () + function produces_trans'0 [#"../../../creusot-contracts/src/std/iter/fuse.rs" 49 4 49 90] (a : t_Fuse'0) (ab : Seq.seq t_Item'0) (b : t_Fuse'0) (bc : Seq.seq t_Item'0) (c : t_Fuse'0) : () = - [%#sfuse18] () - - axiom produces_trans'0_spec : forall a : t_Fuse'0, ab : Seq.seq t_Item'0, b : t_Fuse'0, bc : Seq.seq t_Item'0, c : t_Fuse'0 . ([%#sfuse12] inv'1 a) - -> ([%#sfuse13] inv'1 b) - -> ([%#sfuse14] inv'1 c) - -> ([%#sfuse15] produces'0 a ab b) - -> ([%#sfuse16] produces'0 b bc c) -> ([%#sfuse17] produces'0 a (Seq.(++) ab bc) c) - - function produces_refl'0 [#"../../../creusot-contracts/src/std/iter/fuse.rs" 43 4 43 26] (self : t_Fuse'0) : () = [%#sfuse11] () - axiom produces_refl'0_spec : forall self : t_Fuse'0 . ([%#sfuse9] inv'1 self) - -> ([%#sfuse10] produces'0 self (Seq.empty : Seq.seq t_Item'0) self) + axiom produces_trans'0_spec : forall a : t_Fuse'0, ab : Seq.seq t_Item'0, b : t_Fuse'0, bc : Seq.seq t_Item'0, c : t_Fuse'0 . ([%#sfuse8] produces'0 a ab b) + -> ([%#sfuse9] produces'0 b bc c) -> ([%#sfuse10] produces'0 a (Seq.(++) ab bc) c) - function view'0 [#"../../../creusot-contracts/src/model.rs" 105 4 105 33] (self : borrowed (t_Fuse'0)) : t_Option'0 = - [%#smodel19] view'1 self.current + function produces_refl'0 [#"../../../creusot-contracts/src/std/iter/fuse.rs" 42 4 42 26] (self : t_Fuse'0) : () = + [%#sfuse7] () - predicate invariant'2 [#"../../../creusot-contracts/src/invariant.rs" 33 4 33 30] (self : borrowed t_I'0) = - [%#sinvariant22] inv'6 self.current /\ inv'6 self.final + axiom produces_refl'0_spec : forall self : t_Fuse'0 . [%#sfuse6] produces'0 self (Seq.empty : Seq.seq t_Item'0) self - predicate inv'3 [#"../../../creusot-contracts/src/invariant.rs" 41 0 41 35] (_1 : borrowed t_I'0) + use prelude.prelude.Borrow - axiom inv_axiom'3 [@rewrite] : forall x : borrowed t_I'0 [inv'3 x] . inv'3 x = invariant'2 x + function view'0 [#"../../../creusot-contracts/src/model.rs" 105 4 105 33] (self : borrowed (t_Fuse'0)) : t_Option'0 = + [%#smodel12] view'1 self.current predicate completed'1 [#"../../../creusot-contracts/src/std/iter.rs" 35 4 35 36] (self : borrowed t_I'0) predicate completed'0 [#"../../../creusot-contracts/src/std/iter/fuse.rs" 18 4 18 35] (self : borrowed (t_Fuse'0)) = - [%#sfuse7] (view'0 self = C_None'0 - \/ (exists it : borrowed t_I'0 . inv'3 it /\ completed'1 it /\ view'0 self = C_Some'0 (it.current))) + [%#sfuse4] (view'0 self = C_None'0 + \/ (exists it : borrowed t_I'0 . completed'1 it /\ view'0 self = C_Some'0 (it.current))) /\ view'1 self.final = C_None'0 constant self : borrowed (t_Fuse'0) @@ -2612,40 +2269,35 @@ module M_creusot_contracts__stdqy35z1__iter__fuse__qyi7691061398646472980__is_fu constant next : t_Fuse'0 - function is_fused'0 [#"../../../creusot-contracts/src/std/iter/fuse.rs" 76 4 76 62] (self : borrowed (t_Fuse'0)) (steps : Seq.seq t_Item'0) (next : t_Fuse'0) : () + function is_fused'0 [#"../../../creusot-contracts/src/std/iter/fuse.rs" 66 4 66 62] (self : borrowed (t_Fuse'0)) (steps : Seq.seq t_Item'0) (next : t_Fuse'0) : () - goal vc_is_fused'0 : ([%#sfuse4] produces'0 self.final steps next) - -> ([%#sfuse3] completed'0 self) - -> ([%#sfuse2] inv'2 steps) - -> ([%#sfuse1] inv'1 next) - -> ([%#sfuse0] inv'0 self) -> ([%#sfuse5] steps = (Seq.empty : Seq.seq t_Item'0) /\ self.final = next) + goal vc_is_fused'0 : ([%#sfuse1] produces'0 self.final steps next) + -> ([%#sfuse0] completed'0 self) -> ([%#sfuse2] steps = (Seq.empty : Seq.seq t_Item'0) /\ self.final = next) end module M_creusot_contracts__stdqy35z1__iter__map__qyi6597778842032428791__produces_refl [#"../../../creusot-contracts/src/std/iter/map.rs" 81 4 81 26] (* as std::iter::Iterator> *) - let%span smap0 = "../../../creusot-contracts/src/std/iter/map.rs" 79 15 79 24 - let%span smap1 = "../../../creusot-contracts/src/std/iter/map.rs" 80 14 80 45 - let%span smap2 = "../../../creusot-contracts/src/std/iter/map.rs" 77 4 77 10 - let%span smap3 = "../../../creusot-contracts/src/std/iter/map.rs" 62 12 73 75 - let%span smap4 = "../../../creusot-contracts/src/std/iter/map.rs" 22 14 22 39 - let%span smap5 = "../../../creusot-contracts/src/std/iter/map.rs" 15 14 15 39 - let%span sops6 = "../../../creusot-contracts/src/std/ops.rs" 109 15 109 59 - let%span sops7 = "../../../creusot-contracts/src/std/ops.rs" 110 14 110 36 - let%span sops8 = "../../../creusot-contracts/src/std/ops.rs" 115 14 115 31 - let%span sops9 = "../../../creusot-contracts/src/std/ops.rs" 120 15 120 29 - let%span sops10 = "../../../creusot-contracts/src/std/ops.rs" 121 15 121 26 - let%span sops11 = "../../../creusot-contracts/src/std/ops.rs" 122 14 122 28 - let%span sops12 = "../../../creusot-contracts/src/std/ops.rs" 127 14 128 105 - let%span siter13 = "../../../creusot-contracts/src/std/iter.rs" 38 15 38 24 - let%span siter14 = "../../../creusot-contracts/src/std/iter.rs" 39 14 39 45 - let%span siter15 = "../../../creusot-contracts/src/std/iter.rs" 43 15 43 21 - let%span siter16 = "../../../creusot-contracts/src/std/iter.rs" 44 15 44 21 - let%span siter17 = "../../../creusot-contracts/src/std/iter.rs" 45 15 45 21 - let%span siter18 = "../../../creusot-contracts/src/std/iter.rs" 46 15 46 32 - let%span siter19 = "../../../creusot-contracts/src/std/iter.rs" 47 15 47 32 - let%span siter20 = "../../../creusot-contracts/src/std/iter.rs" 48 14 48 42 - let%span sseq21 = "../../../creusot-contracts/src/logic/seq.rs" 611 20 611 95 - let%span sboxed22 = "../../../creusot-contracts/src/std/boxed.rs" 28 8 28 18 - let%span sinvariant23 = "../../../creusot-contracts/src/invariant.rs" 34 20 34 44 + let%span smap0 = "../../../creusot-contracts/src/std/iter/map.rs" 80 14 80 45 + let%span smap1 = "../../../creusot-contracts/src/std/iter/map.rs" 78 4 78 10 + let%span smap2 = "../../../creusot-contracts/src/std/iter/map.rs" 63 12 74 75 + let%span smap3 = "../../../creusot-contracts/src/std/iter/map.rs" 22 14 22 39 + let%span smap4 = "../../../creusot-contracts/src/std/iter/map.rs" 15 14 15 39 + let%span sops5 = "../../../creusot-contracts/src/std/ops.rs" 109 15 109 59 + let%span sops6 = "../../../creusot-contracts/src/std/ops.rs" 110 14 110 36 + let%span sops7 = "../../../creusot-contracts/src/std/ops.rs" 115 14 115 31 + let%span sops8 = "../../../creusot-contracts/src/std/ops.rs" 120 15 120 29 + let%span sops9 = "../../../creusot-contracts/src/std/ops.rs" 121 15 121 26 + let%span sops10 = "../../../creusot-contracts/src/std/ops.rs" 122 14 122 28 + let%span sops11 = "../../../creusot-contracts/src/std/ops.rs" 127 14 128 105 + let%span siter12 = "../../../creusot-contracts/src/std/iter.rs" 38 14 38 45 + let%span siter13 = "../../../creusot-contracts/src/std/iter.rs" 42 15 42 32 + let%span siter14 = "../../../creusot-contracts/src/std/iter.rs" 43 15 43 32 + let%span siter15 = "../../../creusot-contracts/src/std/iter.rs" 44 14 44 42 + + use seq.Seq + + type t_B'0 + + use seq.Seq type t_I'0 @@ -2654,26 +2306,20 @@ module M_creusot_contracts__stdqy35z1__iter__map__qyi6597778842032428791__produc type t_Map'0 = { t_Map__iter'0: t_I'0; t_Map__f'0: t_F'0 } - predicate inv'3 [#"../../../creusot-contracts/src/invariant.rs" 41 0 41 35] (_1 : t_I'0) + predicate inv'2 [#"../../../creusot-contracts/src/invariant.rs" 41 0 41 35] (_1 : t_I'0) - predicate inv'4 [#"../../../creusot-contracts/src/invariant.rs" 41 0 41 35] (_1 : t_F'0) + predicate inv'1 [#"../../../creusot-contracts/src/invariant.rs" 41 0 41 35] (_1 : t_F'0) predicate inv'0 [#"../../../creusot-contracts/src/invariant.rs" 41 0 41 35] (_1 : t_Map'0) axiom inv_axiom'0 [@rewrite] : forall x : t_Map'0 [inv'0 x] . inv'0 x = match x with - | {t_Map__iter'0 = iter ; t_Map__f'0 = f} -> inv'3 iter /\ inv'4 f + | {t_Map__iter'0 = iter ; t_Map__f'0 = f} -> inv'2 iter /\ inv'1 f end - use seq.Seq - - type t_B'0 - - use seq.Seq - function func'0 [#"../../../creusot-contracts/src/std/iter/map.rs" 23 4 23 22] (self : t_Map'0) : t_F'0 - axiom func'0_spec : forall self : t_Map'0 . [%#smap4] inv'0 self -> inv'4 (func'0 self) + axiom func'0_spec : forall self : t_Map'0 . [%#smap3] inv'0 self -> inv'1 (func'0 self) type t_Item'0 @@ -2690,7 +2336,7 @@ module M_creusot_contracts__stdqy35z1__iter__map__qyi6597778842032428791__produc function fn_mut_once'0 [#"../../../creusot-contracts/src/std/ops.rs" 129 4 129 55] (self : t_F'0) (args : t_Item'0) (res : t_B'0) : () - axiom fn_mut_once'0_spec : forall self : t_F'0, args : t_Item'0, res : t_B'0 . [%#sops12] postcondition_once'0 self args res + axiom fn_mut_once'0_spec : forall self : t_F'0, args : t_Item'0, res : t_B'0 . [%#sops11] postcondition_once'0 self args res = (exists res_state : t_F'0 . postcondition_mut'0 self args res_state res /\ resolve'0 res_state) predicate unnest'0 [#"../../../creusot-contracts/src/std/ops.rs" 103 4 103 36] (self : t_F'0) (_2 : t_F'0) @@ -2698,49 +2344,21 @@ module M_creusot_contracts__stdqy35z1__iter__map__qyi6597778842032428791__produc function unnest_trans'0 [#"../../../creusot-contracts/src/std/ops.rs" 123 4 123 43] (self : t_F'0) (b : t_F'0) (c : t_F'0) : () - axiom unnest_trans'0_spec : forall self : t_F'0, b : t_F'0, c : t_F'0 . ([%#sops9] unnest'0 self b) - -> ([%#sops10] unnest'0 b c) -> ([%#sops11] unnest'0 self c) + axiom unnest_trans'0_spec : forall self : t_F'0, b : t_F'0, c : t_F'0 . ([%#sops8] unnest'0 self b) + -> ([%#sops9] unnest'0 b c) -> ([%#sops10] unnest'0 self c) function unnest_refl'0 [#"../../../creusot-contracts/src/std/ops.rs" 116 4 116 24] (self : t_F'0) : () - axiom unnest_refl'0_spec : forall self : t_F'0 . [%#sops8] unnest'0 self self + axiom unnest_refl'0_spec : forall self : t_F'0 . [%#sops7] unnest'0 self self function postcondition_mut_unnest'0 [#"../../../creusot-contracts/src/std/ops.rs" 111 4 111 85] (self : t_F'0) (args : t_Item'0) (res_state : t_F'0) (res : t_B'0) : () - axiom postcondition_mut_unnest'0_spec : forall self : t_F'0, args : t_Item'0, res_state : t_F'0, res : t_B'0 . ([%#sops6] postcondition_mut'0 self args res_state res) - -> ([%#sops7] unnest'0 self res_state) - - use seq.Seq - - use prelude.prelude.Int - - use seq.Seq + axiom postcondition_mut_unnest'0_spec : forall self : t_F'0, args : t_Item'0, res_state : t_F'0, res : t_B'0 . ([%#sops5] postcondition_mut'0 self args res_state res) + -> ([%#sops6] unnest'0 self res_state) use seq.Seq - predicate invariant'4 [#"../../../creusot-contracts/src/invariant.rs" 33 4 33 30] (self : borrowed t_F'0) = - [%#sinvariant23] inv'4 self.current /\ inv'4 self.final - - predicate inv'7 [#"../../../creusot-contracts/src/invariant.rs" 41 0 41 35] (_1 : borrowed t_F'0) - - axiom inv_axiom'5 [@rewrite] : forall x : borrowed t_F'0 [inv'7 x] . inv'7 x = invariant'4 x - - predicate invariant'2 [#"../../../creusot-contracts/src/std/boxed.rs" 27 4 27 30] (self : borrowed t_F'0) = - [%#sboxed22] inv'7 self - - predicate inv'5 [#"../../../creusot-contracts/src/invariant.rs" 41 0 41 35] (_1 : borrowed t_F'0) - - axiom inv_axiom'3 [@rewrite] : forall x : borrowed t_F'0 [inv'5 x] . inv'5 x = invariant'2 x - - predicate invariant'0 [#"../../../creusot-contracts/src/logic/seq.rs" 610 4 610 30] (self : Seq.seq (borrowed t_F'0)) - = - [%#sseq21] forall i : int . 0 <= i /\ i < Seq.length self -> inv'5 (Seq.get self i) - - predicate inv'1 [#"../../../creusot-contracts/src/invariant.rs" 41 0 41 35] (_1 : Seq.seq (borrowed t_F'0)) - - axiom inv_axiom'1 [@rewrite] : forall x : Seq.seq (borrowed t_F'0) [inv'1 x] . inv'1 x = invariant'0 x - use seq.Seq use seq.Seq @@ -2749,25 +2367,9 @@ module M_creusot_contracts__stdqy35z1__iter__map__qyi6597778842032428791__produc use seq.Seq - predicate inv'8 [#"../../../creusot-contracts/src/invariant.rs" 41 0 41 35] (_1 : t_Item'0) - - predicate invariant'3 [#"../../../creusot-contracts/src/std/boxed.rs" 27 4 27 30] (self : t_Item'0) = - [%#sboxed22] inv'8 self - - predicate inv'6 [#"../../../creusot-contracts/src/invariant.rs" 41 0 41 35] (_1 : t_Item'0) - - axiom inv_axiom'4 [@rewrite] : forall x : t_Item'0 [inv'6 x] . inv'6 x = invariant'3 x - - predicate invariant'1 [#"../../../creusot-contracts/src/logic/seq.rs" 610 4 610 30] (self : Seq.seq t_Item'0) = - [%#sseq21] forall i : int . 0 <= i /\ i < Seq.length self -> inv'6 (Seq.get self i) - - predicate inv'2 [#"../../../creusot-contracts/src/invariant.rs" 41 0 41 35] (_1 : Seq.seq t_Item'0) - - axiom inv_axiom'2 [@rewrite] : forall x : Seq.seq t_Item'0 [inv'2 x] . inv'2 x = invariant'1 x - function iter'0 [#"../../../creusot-contracts/src/std/iter/map.rs" 16 4 16 22] (self : t_Map'0) : t_I'0 - axiom iter'0_spec : forall self : t_Map'0 . [%#smap5] inv'0 self -> inv'3 (iter'0 self) + axiom iter'0_spec : forall self : t_Map'0 . [%#smap4] inv'0 self -> inv'2 (iter'0 self) use seq.Seq @@ -2776,19 +2378,17 @@ module M_creusot_contracts__stdqy35z1__iter__map__qyi6597778842032428791__produc predicate produces'1 [#"../../../creusot-contracts/src/std/iter.rs" 32 4 32 65] (self : t_I'0) (visited : Seq.seq t_Item'0) (o : t_I'0) - function produces_trans'0 [#"../../../creusot-contracts/src/std/iter.rs" 49 4 49 91] (a : t_I'0) (ab : Seq.seq t_Item'0) (b : t_I'0) (bc : Seq.seq t_Item'0) (c : t_I'0) : () + function produces_trans'0 [#"../../../creusot-contracts/src/std/iter.rs" 45 4 45 91] (a : t_I'0) (ab : Seq.seq t_Item'0) (b : t_I'0) (bc : Seq.seq t_Item'0) (c : t_I'0) : () - axiom produces_trans'0_spec : forall a : t_I'0, ab : Seq.seq t_Item'0, b : t_I'0, bc : Seq.seq t_Item'0, c : t_I'0 . ([%#siter15] inv'3 a) - -> ([%#siter16] inv'3 b) - -> ([%#siter17] inv'3 c) - -> ([%#siter18] produces'1 a ab b) - -> ([%#siter19] produces'1 b bc c) -> ([%#siter20] produces'1 a (Seq.(++) ab bc) c) + axiom produces_trans'0_spec : forall a : t_I'0, ab : Seq.seq t_Item'0, b : t_I'0, bc : Seq.seq t_Item'0, c : t_I'0 . ([%#siter13] produces'1 a ab b) + -> ([%#siter14] produces'1 b bc c) -> ([%#siter15] produces'1 a (Seq.(++) ab bc) c) - function produces_refl'1 [#"../../../creusot-contracts/src/std/iter.rs" 40 4 40 27] (self : t_I'0) : () + function produces_refl'1 [#"../../../creusot-contracts/src/std/iter.rs" 39 4 39 27] (self : t_I'0) : () - axiom produces_refl'1_spec : forall self : t_I'0 . ([%#siter13] inv'3 self) - -> ([%#siter14] produces'1 self (Seq.empty : Seq.seq t_Item'0) self) + axiom produces_refl'1_spec : forall self : t_I'0 . [%#siter12] produces'1 self (Seq.empty : Seq.seq t_Item'0) self + + use prelude.prelude.Int use seq.Seq @@ -2798,14 +2398,12 @@ module M_creusot_contracts__stdqy35z1__iter__map__qyi6597778842032428791__produc use seq.Seq - predicate produces'0 [@inline:trivial] [#"../../../creusot-contracts/src/std/iter/map.rs" 60 4 60 67] (self : t_Map'0) (visited : Seq.seq t_B'0) (succ : t_Map'0) + predicate produces'0 [@inline:trivial] [#"../../../creusot-contracts/src/std/iter/map.rs" 61 4 61 67] (self : t_Map'0) (visited : Seq.seq t_B'0) (succ : t_Map'0) = - [%#smap3] unnest'0 (func'0 self) (func'0 succ) - /\ (exists fs : Seq.seq (borrowed t_F'0) . inv'1 fs - /\ Seq.length fs = Seq.length visited - /\ (exists s : Seq.seq t_Item'0 [produces'1 (iter'0 self) s (iter'0 succ)] . inv'2 s - /\ Seq.length s = Seq.length visited + [%#smap2] unnest'0 (func'0 self) (func'0 succ) + /\ (exists fs : Seq.seq (borrowed t_F'0) . Seq.length fs = Seq.length visited + /\ (exists s : Seq.seq t_Item'0 [produces'1 (iter'0 self) s (iter'0 succ)] . Seq.length s = Seq.length visited /\ produces'1 (iter'0 self) s (iter'0 succ) /\ (forall i : int . 1 <= i /\ i < Seq.length fs -> (Seq.get fs (i - 1)).final = (Seq.get fs i).current) /\ (if Seq.length visited = 0 then @@ -2822,37 +2420,27 @@ module M_creusot_contracts__stdqy35z1__iter__map__qyi6597778842032428791__produc function produces_refl'0 [#"../../../creusot-contracts/src/std/iter/map.rs" 81 4 81 26] (self : t_Map'0) : () - goal vc_produces_refl'0 : ([%#smap0] inv'0 self) -> ([%#smap1] produces'0 self (Seq.empty : Seq.seq t_B'0) self) -end -module M_creusot_contracts__stdqy35z1__iter__map__qyi6597778842032428791__produces_trans [#"../../../creusot-contracts/src/std/iter/map.rs" 91 4 91 90] (* as std::iter::Iterator> *) - let%span smap0 = "../../../creusot-contracts/src/std/iter/map.rs" 85 15 85 21 - let%span smap1 = "../../../creusot-contracts/src/std/iter/map.rs" 86 15 86 21 - let%span smap2 = "../../../creusot-contracts/src/std/iter/map.rs" 87 15 87 21 - let%span smap3 = "../../../creusot-contracts/src/std/iter/map.rs" 88 15 88 32 - let%span smap4 = "../../../creusot-contracts/src/std/iter/map.rs" 89 15 89 32 - let%span smap5 = "../../../creusot-contracts/src/std/iter/map.rs" 90 14 90 42 - let%span smap6 = "../../../creusot-contracts/src/std/iter/map.rs" 83 4 83 10 - let%span smap7 = "../../../creusot-contracts/src/std/iter/map.rs" 62 12 73 75 - let%span smap8 = "../../../creusot-contracts/src/std/iter/map.rs" 22 14 22 39 - let%span smap9 = "../../../creusot-contracts/src/std/iter/map.rs" 15 14 15 39 - let%span sops10 = "../../../creusot-contracts/src/std/ops.rs" 109 15 109 59 - let%span sops11 = "../../../creusot-contracts/src/std/ops.rs" 110 14 110 36 - let%span sops12 = "../../../creusot-contracts/src/std/ops.rs" 115 14 115 31 - let%span sops13 = "../../../creusot-contracts/src/std/ops.rs" 120 15 120 29 - let%span sops14 = "../../../creusot-contracts/src/std/ops.rs" 121 15 121 26 - let%span sops15 = "../../../creusot-contracts/src/std/ops.rs" 122 14 122 28 - let%span sops16 = "../../../creusot-contracts/src/std/ops.rs" 127 14 128 105 - let%span siter17 = "../../../creusot-contracts/src/std/iter.rs" 38 15 38 24 - let%span siter18 = "../../../creusot-contracts/src/std/iter.rs" 39 14 39 45 - let%span siter19 = "../../../creusot-contracts/src/std/iter.rs" 43 15 43 21 - let%span siter20 = "../../../creusot-contracts/src/std/iter.rs" 44 15 44 21 - let%span siter21 = "../../../creusot-contracts/src/std/iter.rs" 45 15 45 21 - let%span siter22 = "../../../creusot-contracts/src/std/iter.rs" 46 15 46 32 - let%span siter23 = "../../../creusot-contracts/src/std/iter.rs" 47 15 47 32 - let%span siter24 = "../../../creusot-contracts/src/std/iter.rs" 48 14 48 42 - let%span sseq25 = "../../../creusot-contracts/src/logic/seq.rs" 611 20 611 95 - let%span sboxed26 = "../../../creusot-contracts/src/std/boxed.rs" 28 8 28 18 - let%span sinvariant27 = "../../../creusot-contracts/src/invariant.rs" 34 20 34 44 + goal vc_produces_refl'0 : [%#smap0] produces'0 self (Seq.empty : Seq.seq t_B'0) self +end +module M_creusot_contracts__stdqy35z1__iter__map__qyi6597778842032428791__produces_trans [#"../../../creusot-contracts/src/std/iter/map.rs" 88 4 88 90] (* as std::iter::Iterator> *) + let%span smap0 = "../../../creusot-contracts/src/std/iter/map.rs" 85 15 85 32 + let%span smap1 = "../../../creusot-contracts/src/std/iter/map.rs" 86 15 86 32 + let%span smap2 = "../../../creusot-contracts/src/std/iter/map.rs" 87 14 87 42 + let%span smap3 = "../../../creusot-contracts/src/std/iter/map.rs" 83 4 83 10 + let%span smap4 = "../../../creusot-contracts/src/std/iter/map.rs" 63 12 74 75 + let%span smap5 = "../../../creusot-contracts/src/std/iter/map.rs" 22 14 22 39 + let%span smap6 = "../../../creusot-contracts/src/std/iter/map.rs" 15 14 15 39 + let%span sops7 = "../../../creusot-contracts/src/std/ops.rs" 109 15 109 59 + let%span sops8 = "../../../creusot-contracts/src/std/ops.rs" 110 14 110 36 + let%span sops9 = "../../../creusot-contracts/src/std/ops.rs" 115 14 115 31 + let%span sops10 = "../../../creusot-contracts/src/std/ops.rs" 120 15 120 29 + let%span sops11 = "../../../creusot-contracts/src/std/ops.rs" 121 15 121 26 + let%span sops12 = "../../../creusot-contracts/src/std/ops.rs" 122 14 122 28 + let%span sops13 = "../../../creusot-contracts/src/std/ops.rs" 127 14 128 105 + let%span siter14 = "../../../creusot-contracts/src/std/iter.rs" 38 14 38 45 + let%span siter15 = "../../../creusot-contracts/src/std/iter.rs" 42 15 42 32 + let%span siter16 = "../../../creusot-contracts/src/std/iter.rs" 43 15 43 32 + let%span siter17 = "../../../creusot-contracts/src/std/iter.rs" 44 14 44 42 type t_I'0 @@ -2861,24 +2449,24 @@ module M_creusot_contracts__stdqy35z1__iter__map__qyi6597778842032428791__produc type t_Map'0 = { t_Map__iter'0: t_I'0; t_Map__f'0: t_F'0 } - predicate inv'3 [#"../../../creusot-contracts/src/invariant.rs" 41 0 41 35] (_1 : t_I'0) + type t_B'0 + + use seq.Seq - predicate inv'4 [#"../../../creusot-contracts/src/invariant.rs" 41 0 41 35] (_1 : t_F'0) + predicate inv'2 [#"../../../creusot-contracts/src/invariant.rs" 41 0 41 35] (_1 : t_I'0) + + predicate inv'1 [#"../../../creusot-contracts/src/invariant.rs" 41 0 41 35] (_1 : t_F'0) predicate inv'0 [#"../../../creusot-contracts/src/invariant.rs" 41 0 41 35] (_1 : t_Map'0) axiom inv_axiom'0 [@rewrite] : forall x : t_Map'0 [inv'0 x] . inv'0 x = match x with - | {t_Map__iter'0 = iter ; t_Map__f'0 = f} -> inv'3 iter /\ inv'4 f + | {t_Map__iter'0 = iter ; t_Map__f'0 = f} -> inv'2 iter /\ inv'1 f end - type t_B'0 - - use seq.Seq - function func'0 [#"../../../creusot-contracts/src/std/iter/map.rs" 23 4 23 22] (self : t_Map'0) : t_F'0 - axiom func'0_spec : forall self : t_Map'0 . [%#smap8] inv'0 self -> inv'4 (func'0 self) + axiom func'0_spec : forall self : t_Map'0 . [%#smap5] inv'0 self -> inv'1 (func'0 self) type t_Item'0 @@ -2895,7 +2483,7 @@ module M_creusot_contracts__stdqy35z1__iter__map__qyi6597778842032428791__produc function fn_mut_once'0 [#"../../../creusot-contracts/src/std/ops.rs" 129 4 129 55] (self : t_F'0) (args : t_Item'0) (res : t_B'0) : () - axiom fn_mut_once'0_spec : forall self : t_F'0, args : t_Item'0, res : t_B'0 . [%#sops16] postcondition_once'0 self args res + axiom fn_mut_once'0_spec : forall self : t_F'0, args : t_Item'0, res : t_B'0 . [%#sops13] postcondition_once'0 self args res = (exists res_state : t_F'0 . postcondition_mut'0 self args res_state res /\ resolve'0 res_state) predicate unnest'0 [#"../../../creusot-contracts/src/std/ops.rs" 103 4 103 36] (self : t_F'0) (_2 : t_F'0) @@ -2903,76 +2491,32 @@ module M_creusot_contracts__stdqy35z1__iter__map__qyi6597778842032428791__produc function unnest_trans'0 [#"../../../creusot-contracts/src/std/ops.rs" 123 4 123 43] (self : t_F'0) (b : t_F'0) (c : t_F'0) : () - axiom unnest_trans'0_spec : forall self : t_F'0, b : t_F'0, c : t_F'0 . ([%#sops13] unnest'0 self b) - -> ([%#sops14] unnest'0 b c) -> ([%#sops15] unnest'0 self c) + axiom unnest_trans'0_spec : forall self : t_F'0, b : t_F'0, c : t_F'0 . ([%#sops10] unnest'0 self b) + -> ([%#sops11] unnest'0 b c) -> ([%#sops12] unnest'0 self c) function unnest_refl'0 [#"../../../creusot-contracts/src/std/ops.rs" 116 4 116 24] (self : t_F'0) : () - axiom unnest_refl'0_spec : forall self : t_F'0 . [%#sops12] unnest'0 self self + axiom unnest_refl'0_spec : forall self : t_F'0 . [%#sops9] unnest'0 self self function postcondition_mut_unnest'0 [#"../../../creusot-contracts/src/std/ops.rs" 111 4 111 85] (self : t_F'0) (args : t_Item'0) (res_state : t_F'0) (res : t_B'0) : () - axiom postcondition_mut_unnest'0_spec : forall self : t_F'0, args : t_Item'0, res_state : t_F'0, res : t_B'0 . ([%#sops10] postcondition_mut'0 self args res_state res) - -> ([%#sops11] unnest'0 self res_state) + axiom postcondition_mut_unnest'0_spec : forall self : t_F'0, args : t_Item'0, res_state : t_F'0, res : t_B'0 . ([%#sops7] postcondition_mut'0 self args res_state res) + -> ([%#sops8] unnest'0 self res_state) use seq.Seq - use prelude.prelude.Int - use seq.Seq use seq.Seq - predicate invariant'4 [#"../../../creusot-contracts/src/invariant.rs" 33 4 33 30] (self : borrowed t_F'0) = - [%#sinvariant27] inv'4 self.current /\ inv'4 self.final - - predicate inv'7 [#"../../../creusot-contracts/src/invariant.rs" 41 0 41 35] (_1 : borrowed t_F'0) - - axiom inv_axiom'5 [@rewrite] : forall x : borrowed t_F'0 [inv'7 x] . inv'7 x = invariant'4 x - - predicate invariant'2 [#"../../../creusot-contracts/src/std/boxed.rs" 27 4 27 30] (self : borrowed t_F'0) = - [%#sboxed26] inv'7 self - - predicate inv'5 [#"../../../creusot-contracts/src/invariant.rs" 41 0 41 35] (_1 : borrowed t_F'0) - - axiom inv_axiom'3 [@rewrite] : forall x : borrowed t_F'0 [inv'5 x] . inv'5 x = invariant'2 x - - predicate invariant'0 [#"../../../creusot-contracts/src/logic/seq.rs" 610 4 610 30] (self : Seq.seq (borrowed t_F'0)) - = - [%#sseq25] forall i : int . 0 <= i /\ i < Seq.length self -> inv'5 (Seq.get self i) - - predicate inv'1 [#"../../../creusot-contracts/src/invariant.rs" 41 0 41 35] (_1 : Seq.seq (borrowed t_F'0)) - - axiom inv_axiom'1 [@rewrite] : forall x : Seq.seq (borrowed t_F'0) [inv'1 x] . inv'1 x = invariant'0 x - use seq.Seq use seq.Seq - use seq.Seq - - use seq.Seq - - predicate inv'8 [#"../../../creusot-contracts/src/invariant.rs" 41 0 41 35] (_1 : t_Item'0) - - predicate invariant'3 [#"../../../creusot-contracts/src/std/boxed.rs" 27 4 27 30] (self : t_Item'0) = - [%#sboxed26] inv'8 self - - predicate inv'6 [#"../../../creusot-contracts/src/invariant.rs" 41 0 41 35] (_1 : t_Item'0) - - axiom inv_axiom'4 [@rewrite] : forall x : t_Item'0 [inv'6 x] . inv'6 x = invariant'3 x - - predicate invariant'1 [#"../../../creusot-contracts/src/logic/seq.rs" 610 4 610 30] (self : Seq.seq t_Item'0) = - [%#sseq25] forall i : int . 0 <= i /\ i < Seq.length self -> inv'6 (Seq.get self i) - - predicate inv'2 [#"../../../creusot-contracts/src/invariant.rs" 41 0 41 35] (_1 : Seq.seq t_Item'0) - - axiom inv_axiom'2 [@rewrite] : forall x : Seq.seq t_Item'0 [inv'2 x] . inv'2 x = invariant'1 x - function iter'0 [#"../../../creusot-contracts/src/std/iter/map.rs" 16 4 16 22] (self : t_Map'0) : t_I'0 - axiom iter'0_spec : forall self : t_Map'0 . [%#smap9] inv'0 self -> inv'3 (iter'0 self) + axiom iter'0_spec : forall self : t_Map'0 . [%#smap6] inv'0 self -> inv'2 (iter'0 self) use seq.Seq @@ -2981,19 +2525,17 @@ module M_creusot_contracts__stdqy35z1__iter__map__qyi6597778842032428791__produc predicate produces'1 [#"../../../creusot-contracts/src/std/iter.rs" 32 4 32 65] (self : t_I'0) (visited : Seq.seq t_Item'0) (o : t_I'0) - function produces_trans'1 [#"../../../creusot-contracts/src/std/iter.rs" 49 4 49 91] (a : t_I'0) (ab : Seq.seq t_Item'0) (b : t_I'0) (bc : Seq.seq t_Item'0) (c : t_I'0) : () + function produces_trans'1 [#"../../../creusot-contracts/src/std/iter.rs" 45 4 45 91] (a : t_I'0) (ab : Seq.seq t_Item'0) (b : t_I'0) (bc : Seq.seq t_Item'0) (c : t_I'0) : () - axiom produces_trans'1_spec : forall a : t_I'0, ab : Seq.seq t_Item'0, b : t_I'0, bc : Seq.seq t_Item'0, c : t_I'0 . ([%#siter19] inv'3 a) - -> ([%#siter20] inv'3 b) - -> ([%#siter21] inv'3 c) - -> ([%#siter22] produces'1 a ab b) - -> ([%#siter23] produces'1 b bc c) -> ([%#siter24] produces'1 a (Seq.(++) ab bc) c) + axiom produces_trans'1_spec : forall a : t_I'0, ab : Seq.seq t_Item'0, b : t_I'0, bc : Seq.seq t_Item'0, c : t_I'0 . ([%#siter15] produces'1 a ab b) + -> ([%#siter16] produces'1 b bc c) -> ([%#siter17] produces'1 a (Seq.(++) ab bc) c) - function produces_refl'0 [#"../../../creusot-contracts/src/std/iter.rs" 40 4 40 27] (self : t_I'0) : () + function produces_refl'0 [#"../../../creusot-contracts/src/std/iter.rs" 39 4 39 27] (self : t_I'0) : () - axiom produces_refl'0_spec : forall self : t_I'0 . ([%#siter17] inv'3 self) - -> ([%#siter18] produces'1 self (Seq.empty : Seq.seq t_Item'0) self) + axiom produces_refl'0_spec : forall self : t_I'0 . [%#siter14] produces'1 self (Seq.empty : Seq.seq t_Item'0) self + + use prelude.prelude.Int use seq.Seq @@ -3003,14 +2545,12 @@ module M_creusot_contracts__stdqy35z1__iter__map__qyi6597778842032428791__produc use seq.Seq - predicate produces'0 [@inline:trivial] [#"../../../creusot-contracts/src/std/iter/map.rs" 60 4 60 67] (self : t_Map'0) (visited : Seq.seq t_B'0) (succ : t_Map'0) + predicate produces'0 [@inline:trivial] [#"../../../creusot-contracts/src/std/iter/map.rs" 61 4 61 67] (self : t_Map'0) (visited : Seq.seq t_B'0) (succ : t_Map'0) = - [%#smap7] unnest'0 (func'0 self) (func'0 succ) - /\ (exists fs : Seq.seq (borrowed t_F'0) . inv'1 fs - /\ Seq.length fs = Seq.length visited - /\ (exists s : Seq.seq t_Item'0 [produces'1 (iter'0 self) s (iter'0 succ)] . inv'2 s - /\ Seq.length s = Seq.length visited + [%#smap4] unnest'0 (func'0 self) (func'0 succ) + /\ (exists fs : Seq.seq (borrowed t_F'0) . Seq.length fs = Seq.length visited + /\ (exists s : Seq.seq t_Item'0 [produces'1 (iter'0 self) s (iter'0 succ)] . Seq.length s = Seq.length visited /\ produces'1 (iter'0 self) s (iter'0 succ) /\ (forall i : int . 1 <= i /\ i < Seq.length fs -> (Seq.get fs (i - 1)).final = (Seq.get fs i).current) /\ (if Seq.length visited = 0 then @@ -3035,142 +2575,52 @@ module M_creusot_contracts__stdqy35z1__iter__map__qyi6597778842032428791__produc constant c : t_Map'0 - function produces_trans'0 [#"../../../creusot-contracts/src/std/iter/map.rs" 91 4 91 90] (a : t_Map'0) (ab : Seq.seq t_B'0) (b : t_Map'0) (bc : Seq.seq t_B'0) (c : t_Map'0) : () + function produces_trans'0 [#"../../../creusot-contracts/src/std/iter/map.rs" 88 4 88 90] (a : t_Map'0) (ab : Seq.seq t_B'0) (b : t_Map'0) (bc : Seq.seq t_B'0) (c : t_Map'0) : () - goal vc_produces_trans'0 : ([%#smap4] produces'0 b bc c) - -> ([%#smap3] produces'0 a ab b) - -> ([%#smap2] inv'0 c) - -> ([%#smap1] inv'0 b) -> ([%#smap0] inv'0 a) -> ([%#smap5] produces'0 a (Seq.(++) ab bc) c) + goal vc_produces_trans'0 : ([%#smap1] produces'0 b bc c) + -> ([%#smap0] produces'0 a ab b) -> ([%#smap2] produces'0 a (Seq.(++) ab bc) c) end -module M_creusot_contracts__stdqy35z1__iter__map_inv__qyi9026772487048432788__produces_refl [#"../../../creusot-contracts/src/std/iter/map_inv.rs" 25 4 25 26] (* ::Item, F> as std::iter::Iterator> *) - let%span smap_inv0 = "../../../creusot-contracts/src/std/iter/map_inv.rs" 23 15 23 24 - let%span smap_inv1 = "../../../creusot-contracts/src/std/iter/map_inv.rs" 24 14 24 45 - let%span smap_inv2 = "../../../creusot-contracts/src/std/iter/map_inv.rs" 21 4 21 10 - let%span smap_inv3 = "../../../creusot-contracts/src/std/iter/map_inv.rs" 41 8 54 9 - let%span smap_inv4 = "../../../creusot-contracts/src/std/iter/map_inv.rs" 80 12 82 73 - let%span sops5 = "../../../creusot-contracts/src/std/ops.rs" 109 15 109 59 - let%span sops6 = "../../../creusot-contracts/src/std/ops.rs" 110 14 110 36 - let%span sops7 = "../../../creusot-contracts/src/std/ops.rs" 115 14 115 31 - let%span sops8 = "../../../creusot-contracts/src/std/ops.rs" 120 15 120 29 - let%span sops9 = "../../../creusot-contracts/src/std/ops.rs" 121 15 121 26 - let%span sops10 = "../../../creusot-contracts/src/std/ops.rs" 122 14 122 28 - let%span sops11 = "../../../creusot-contracts/src/std/ops.rs" 127 14 128 105 - let%span siter12 = "../../../creusot-contracts/src/std/iter.rs" 38 15 38 24 - let%span siter13 = "../../../creusot-contracts/src/std/iter.rs" 39 14 39 45 - let%span siter14 = "../../../creusot-contracts/src/std/iter.rs" 43 15 43 21 - let%span siter15 = "../../../creusot-contracts/src/std/iter.rs" 44 15 44 21 - let%span siter16 = "../../../creusot-contracts/src/std/iter.rs" 45 15 45 21 - let%span siter17 = "../../../creusot-contracts/src/std/iter.rs" 46 15 46 32 - let%span siter18 = "../../../creusot-contracts/src/std/iter.rs" 47 15 47 32 - let%span siter19 = "../../../creusot-contracts/src/std/iter.rs" 48 14 48 42 - let%span smap_inv20 = "../../../creusot-contracts/src/std/iter/map_inv.rs" 159 12 163 47 - let%span smap_inv21 = "../../../creusot-contracts/src/std/iter/map_inv.rs" 130 14 130 81 - let%span smap_inv22 = "../../../creusot-contracts/src/std/iter/map_inv.rs" 133 12 138 88 - let%span smap_inv23 = "../../../creusot-contracts/src/std/iter/map_inv.rs" 123 12 125 63 - let%span sseq24 = "../../../creusot-contracts/src/logic/seq.rs" 611 20 611 95 - let%span smap_inv25 = "../../../creusot-contracts/src/std/iter/map_inv.rs" 146 12 151 71 - let%span sinvariant26 = "../../../creusot-contracts/src/invariant.rs" 34 20 34 44 - let%span sboxed27 = "../../../creusot-contracts/src/std/boxed.rs" 28 8 28 18 - - type t_I'0 - - type t_F'0 - - type t_Item'0 +module M_creusot_contracts__stdqy35z1__iter__map_inv__qyi9026772487048432788__produces_refl [#"../../../creusot-contracts/src/std/iter/map_inv.rs" 24 4 24 26] (* ::Item, F> as std::iter::Iterator> *) + let%span smap_inv0 = "../../../creusot-contracts/src/std/iter/map_inv.rs" 23 14 23 45 + let%span smap_inv1 = "../../../creusot-contracts/src/std/iter/map_inv.rs" 21 4 21 10 + let%span smap_inv2 = "../../../creusot-contracts/src/std/iter/map_inv.rs" 37 8 49 9 + let%span sops3 = "../../../creusot-contracts/src/std/ops.rs" 109 15 109 59 + let%span sops4 = "../../../creusot-contracts/src/std/ops.rs" 110 14 110 36 + let%span sops5 = "../../../creusot-contracts/src/std/ops.rs" 115 14 115 31 + let%span sops6 = "../../../creusot-contracts/src/std/ops.rs" 120 15 120 29 + let%span sops7 = "../../../creusot-contracts/src/std/ops.rs" 121 15 121 26 + let%span sops8 = "../../../creusot-contracts/src/std/ops.rs" 122 14 122 28 + let%span sops9 = "../../../creusot-contracts/src/std/ops.rs" 127 14 128 105 + let%span siter10 = "../../../creusot-contracts/src/std/iter.rs" 38 14 38 45 + let%span siter11 = "../../../creusot-contracts/src/std/iter.rs" 42 15 42 32 + let%span siter12 = "../../../creusot-contracts/src/std/iter.rs" 43 15 43 32 + let%span siter13 = "../../../creusot-contracts/src/std/iter.rs" 44 14 44 42 use seq.Seq - use prelude.prelude.Snapshot - - type t_MapInv'0 = - { t_MapInv__iter'0: t_I'0; t_MapInv__func'0: t_F'0; t_MapInv__produced'0: Snapshot.snap_ty (Seq.seq t_Item'0) } - - use prelude.prelude.Borrow - - predicate inv'3 [#"../../../creusot-contracts/src/invariant.rs" 41 0 41 35] (_1 : t_I'0) - - predicate invariant'3 [#"../../../creusot-contracts/src/invariant.rs" 33 4 33 30] (self : borrowed t_I'0) = - [%#sinvariant26] inv'3 self.current /\ inv'3 self.final - - predicate inv'5 [#"../../../creusot-contracts/src/invariant.rs" 41 0 41 35] (_1 : borrowed t_I'0) - - axiom inv_axiom'3 [@rewrite] : forall x : borrowed t_I'0 [inv'5 x] . inv'5 x = invariant'3 x - - predicate inv'4 [#"../../../creusot-contracts/src/invariant.rs" 41 0 41 35] (_1 : t_F'0) - - use seq.Seq + type t_B'0 use seq.Seq - predicate produces'1 [#"../../../creusot-contracts/src/std/iter.rs" 32 4 32 65] (self : t_I'0) (visited : Seq.seq t_Item'0) (o : t_I'0) - - - function produces_trans'0 [#"../../../creusot-contracts/src/std/iter.rs" 49 4 49 91] (a : t_I'0) (ab : Seq.seq t_Item'0) (b : t_I'0) (bc : Seq.seq t_Item'0) (c : t_I'0) : () - - - axiom produces_trans'0_spec : forall a : t_I'0, ab : Seq.seq t_Item'0, b : t_I'0, bc : Seq.seq t_Item'0, c : t_I'0 . ([%#siter14] inv'3 a) - -> ([%#siter15] inv'3 b) - -> ([%#siter16] inv'3 c) - -> ([%#siter17] produces'1 a ab b) - -> ([%#siter18] produces'1 b bc c) -> ([%#siter19] produces'1 a (Seq.(++) ab bc) c) - - function produces_refl'1 [#"../../../creusot-contracts/src/std/iter.rs" 40 4 40 27] (self : t_I'0) : () - - axiom produces_refl'1_spec : forall self : t_I'0 . ([%#siter12] inv'3 self) - -> ([%#siter13] produces'1 self (Seq.empty : Seq.seq t_Item'0) self) + type t_I'0 - predicate completed'0 [#"../../../creusot-contracts/src/std/iter.rs" 35 4 35 36] (self : borrowed t_I'0) + type t_F'0 - predicate inv'6 [#"../../../creusot-contracts/src/invariant.rs" 41 0 41 35] (_1 : t_Item'0) + type t_Item'0 use seq.Seq use prelude.prelude.Snapshot - predicate precondition'0 [#"../../../creusot-contracts/src/std/ops.rs" 77 4 77 45] (self : t_F'0) (args : (t_Item'0, Snapshot.snap_ty (Seq.seq t_Item'0))) - - - predicate next_precondition'0 [#"../../../creusot-contracts/src/std/iter/map_inv.rs" 121 4 121 78] (iter : t_I'0) (func : t_F'0) (produced : Seq.seq t_Item'0) - - = - [%#smap_inv23] forall e : t_Item'0, i : t_I'0 . inv'6 e /\ inv'3 i /\ produces'1 iter (Seq.singleton e) i - -> precondition'0 func (e, Snapshot.new produced) - - type t_B'0 - - use prelude.prelude.Int - - use seq.Seq - - use seq.Seq - - predicate invariant'6 [#"../../../creusot-contracts/src/std/boxed.rs" 27 4 27 30] (self : t_Item'0) = - [%#sboxed27] inv'6 self - - predicate inv'10 [#"../../../creusot-contracts/src/invariant.rs" 41 0 41 35] (_1 : t_Item'0) - - axiom inv_axiom'6 [@rewrite] : forall x : t_Item'0 [inv'10 x] . inv'10 x = invariant'6 x - - predicate invariant'2 [#"../../../creusot-contracts/src/logic/seq.rs" 610 4 610 30] (self : Seq.seq t_Item'0) = - [%#sseq24] forall i : int . 0 <= i /\ i < Seq.length self -> inv'10 (Seq.get self i) - - predicate inv'2 [#"../../../creusot-contracts/src/invariant.rs" 41 0 41 35] (_1 : Seq.seq t_Item'0) - - axiom inv_axiom'2 [@rewrite] : forall x : Seq.seq t_Item'0 [inv'2 x] . inv'2 x = invariant'2 x - - predicate invariant'4 [#"../../../creusot-contracts/src/invariant.rs" 33 4 33 30] (self : borrowed t_F'0) = - [%#sinvariant26] inv'4 self.current /\ inv'4 self.final - - predicate inv'7 [#"../../../creusot-contracts/src/invariant.rs" 41 0 41 35] (_1 : borrowed t_F'0) - - axiom inv_axiom'4 [@rewrite] : forall x : borrowed t_F'0 [inv'7 x] . inv'7 x = invariant'4 x - - predicate inv'8 [#"../../../creusot-contracts/src/invariant.rs" 41 0 41 35] (_1 : t_B'0) + type t_MapInv'0 = + { t_MapInv__iter'0: t_I'0; t_MapInv__func'0: t_F'0; t_MapInv__produced'0: Snapshot.snap_ty (Seq.seq t_Item'0) } predicate postcondition_once'0 [#"../../../creusot-contracts/src/std/ops.rs" 85 4 85 73] (self : t_F'0) (args : (t_Item'0, Snapshot.snap_ty (Seq.seq t_Item'0))) (result : t_B'0) + use prelude.prelude.Borrow + predicate resolve'0 [#"../../../creusot-contracts/src/resolve.rs" 19 0 19 40] (_1 : t_F'0) predicate postcondition_mut'0 [#"../../../creusot-contracts/src/std/ops.rs" 95 4 95 92] (self : t_F'0) (args : (t_Item'0, Snapshot.snap_ty (Seq.seq t_Item'0))) (result_state : t_F'0) (result : t_B'0) @@ -3179,7 +2629,7 @@ module M_creusot_contracts__stdqy35z1__iter__map_inv__qyi9026772487048432788__pr function fn_mut_once'0 [#"../../../creusot-contracts/src/std/ops.rs" 129 4 129 55] (self : t_F'0) (args : (t_Item'0, Snapshot.snap_ty (Seq.seq t_Item'0))) (res : t_B'0) : () - axiom fn_mut_once'0_spec : forall self : t_F'0, args : (t_Item'0, Snapshot.snap_ty (Seq.seq t_Item'0)), res : t_B'0 . [%#sops11] postcondition_once'0 self args res + axiom fn_mut_once'0_spec : forall self : t_F'0, args : (t_Item'0, Snapshot.snap_ty (Seq.seq t_Item'0)), res : t_B'0 . [%#sops9] postcondition_once'0 self args res = (exists res_state : t_F'0 . postcondition_mut'0 self args res_state res /\ resolve'0 res_state) predicate unnest'0 [#"../../../creusot-contracts/src/std/ops.rs" 103 4 103 36] (self : t_F'0) (_2 : t_F'0) @@ -3187,64 +2637,21 @@ module M_creusot_contracts__stdqy35z1__iter__map_inv__qyi9026772487048432788__pr function unnest_trans'0 [#"../../../creusot-contracts/src/std/ops.rs" 123 4 123 43] (self : t_F'0) (b : t_F'0) (c : t_F'0) : () - axiom unnest_trans'0_spec : forall self : t_F'0, b : t_F'0, c : t_F'0 . ([%#sops8] unnest'0 self b) - -> ([%#sops9] unnest'0 b c) -> ([%#sops10] unnest'0 self c) + axiom unnest_trans'0_spec : forall self : t_F'0, b : t_F'0, c : t_F'0 . ([%#sops6] unnest'0 self b) + -> ([%#sops7] unnest'0 b c) -> ([%#sops8] unnest'0 self c) function unnest_refl'0 [#"../../../creusot-contracts/src/std/ops.rs" 116 4 116 24] (self : t_F'0) : () - axiom unnest_refl'0_spec : forall self : t_F'0 . [%#sops7] unnest'0 self self + axiom unnest_refl'0_spec : forall self : t_F'0 . [%#sops5] unnest'0 self self function postcondition_mut_unnest'0 [#"../../../creusot-contracts/src/std/ops.rs" 111 4 111 85] (self : t_F'0) (args : (t_Item'0, Snapshot.snap_ty (Seq.seq t_Item'0))) (res_state : t_F'0) (res : t_B'0) : () - axiom postcondition_mut_unnest'0_spec : forall self : t_F'0, args : (t_Item'0, Snapshot.snap_ty (Seq.seq t_Item'0)), res_state : t_F'0, res : t_B'0 . ([%#sops5] postcondition_mut'0 self args res_state res) - -> ([%#sops6] unnest'0 self res_state) + axiom postcondition_mut_unnest'0_spec : forall self : t_F'0, args : (t_Item'0, Snapshot.snap_ty (Seq.seq t_Item'0)), res_state : t_F'0, res : t_B'0 . ([%#sops3] postcondition_mut'0 self args res_state res) + -> ([%#sops4] unnest'0 self res_state) use seq.Seq - predicate preservation'0 [#"../../../creusot-contracts/src/std/iter/map_inv.rs" 144 4 144 49] (iter : t_I'0) (func : t_F'0) - - = - [%#smap_inv25] forall s : Seq.seq t_Item'0, e1 : t_Item'0, e2 : t_Item'0, f : borrowed t_F'0, b : t_B'0, i : t_I'0 . inv'2 s - /\ inv'6 e1 /\ inv'6 e2 /\ inv'7 f /\ inv'8 b /\ inv'3 i /\ unnest'0 func f.current - -> produces'1 iter (Seq.snoc (Seq.snoc s e1) e2) i - -> precondition'0 f.current (e1, Snapshot.new s) - -> postcondition_mut'0 f.current (e1, Snapshot.new s) f.final b - -> precondition'0 f.final (e2, Snapshot.new (Seq.snoc s e1)) - - predicate reinitialize'0 [#"../../../creusot-contracts/src/std/iter/map_inv.rs" 157 4 157 33] (_1 : ()) = - [%#smap_inv20] forall iter : borrowed t_I'0, func : t_F'0 . inv'5 iter /\ inv'4 func - -> completed'0 iter - -> next_precondition'0 iter.final func (Seq.empty : Seq.seq t_Item'0) /\ preservation'0 iter.final func - - use prelude.prelude.Snapshot - - predicate preservation_inv'0 [#"../../../creusot-contracts/src/std/iter/map_inv.rs" 131 4 131 73] (iter : t_I'0) (func : t_F'0) (produced : Seq.seq t_Item'0) - - = - [%#smap_inv22] forall s : Seq.seq t_Item'0, e1 : t_Item'0, e2 : t_Item'0, f : borrowed t_F'0, b : t_B'0, i : t_I'0 . inv'2 s - /\ inv'6 e1 /\ inv'6 e2 /\ inv'7 f /\ inv'8 b /\ inv'3 i /\ unnest'0 func f.current - -> produces'1 iter (Seq.snoc (Seq.snoc s e1) e2) i - -> precondition'0 f.current (e1, Snapshot.new (Seq.(++) produced s)) - -> postcondition_mut'0 f.current (e1, Snapshot.new (Seq.(++) produced s)) f.final b - -> precondition'0 f.final (e2, Snapshot.new (Seq.snoc (Seq.(++) produced s) e1)) - - axiom preservation_inv'0_spec : forall iter : t_I'0, func : t_F'0, produced : Seq.seq t_Item'0 . [%#smap_inv21] produced - = (Seq.empty : Seq.seq t_Item'0) -> preservation_inv'0 iter func produced = preservation'0 iter func - - predicate invariant'0 [#"../../../creusot-contracts/src/std/iter/map_inv.rs" 78 4 78 30] (self : t_MapInv'0) = - [%#smap_inv4] reinitialize'0 () - /\ preservation_inv'0 self.t_MapInv__iter'0 self.t_MapInv__func'0 (Snapshot.inner self.t_MapInv__produced'0) - /\ next_precondition'0 self.t_MapInv__iter'0 self.t_MapInv__func'0 (Snapshot.inner self.t_MapInv__produced'0) - - predicate inv'0 [#"../../../creusot-contracts/src/invariant.rs" 41 0 41 35] (_1 : t_MapInv'0) - - axiom inv_axiom'0 [@rewrite] : forall x : t_MapInv'0 [inv'0 x] . inv'0 x - = (invariant'0 x - /\ match x with - | {t_MapInv__iter'0 = iter ; t_MapInv__func'0 = func ; t_MapInv__produced'0 = produced} -> inv'3 iter /\ inv'4 func - end) - use seq.Seq use seq.Seq @@ -3255,41 +2662,44 @@ module M_creusot_contracts__stdqy35z1__iter__map_inv__qyi9026772487048432788__pr use seq.Seq - predicate invariant'5 [#"../../../creusot-contracts/src/std/boxed.rs" 27 4 27 30] (self : borrowed t_F'0) = - [%#sboxed27] inv'7 self - - predicate inv'9 [#"../../../creusot-contracts/src/invariant.rs" 41 0 41 35] (_1 : borrowed t_F'0) + predicate produces'1 [#"../../../creusot-contracts/src/std/iter.rs" 32 4 32 65] (self : t_I'0) (visited : Seq.seq t_Item'0) (o : t_I'0) + - axiom inv_axiom'5 [@rewrite] : forall x : borrowed t_F'0 [inv'9 x] . inv'9 x = invariant'5 x + function produces_trans'0 [#"../../../creusot-contracts/src/std/iter.rs" 45 4 45 91] (a : t_I'0) (ab : Seq.seq t_Item'0) (b : t_I'0) (bc : Seq.seq t_Item'0) (c : t_I'0) : () + - predicate invariant'1 [#"../../../creusot-contracts/src/logic/seq.rs" 610 4 610 30] (self : Seq.seq (borrowed t_F'0)) - = - [%#sseq24] forall i : int . 0 <= i /\ i < Seq.length self -> inv'9 (Seq.get self i) + axiom produces_trans'0_spec : forall a : t_I'0, ab : Seq.seq t_Item'0, b : t_I'0, bc : Seq.seq t_Item'0, c : t_I'0 . ([%#siter11] produces'1 a ab b) + -> ([%#siter12] produces'1 b bc c) -> ([%#siter13] produces'1 a (Seq.(++) ab bc) c) - predicate inv'1 [#"../../../creusot-contracts/src/invariant.rs" 41 0 41 35] (_1 : Seq.seq (borrowed t_F'0)) + function produces_refl'1 [#"../../../creusot-contracts/src/std/iter.rs" 39 4 39 27] (self : t_I'0) : () - axiom inv_axiom'1 [@rewrite] : forall x : Seq.seq (borrowed t_F'0) [inv'1 x] . inv'1 x = invariant'1 x + axiom produces_refl'1_spec : forall self : t_I'0 . [%#siter10] produces'1 self (Seq.empty : Seq.seq t_Item'0) self - use seq.Seq + use prelude.prelude.Snapshot use prelude.prelude.Snapshot + use prelude.prelude.Int + use seq.Seq use seq.Seq use seq.Seq + use prelude.prelude.Snapshot + + predicate precondition'0 [#"../../../creusot-contracts/src/std/ops.rs" 77 4 77 45] (self : t_F'0) (args : (t_Item'0, Snapshot.snap_ty (Seq.seq t_Item'0))) + + use seq.Seq - predicate produces'0 [@inline:trivial] [#"../../../creusot-contracts/src/std/iter/map_inv.rs" 40 4 40 67] (self : t_MapInv'0) (visited : Seq.seq t_B'0) (succ : t_MapInv'0) + predicate produces'0 [@inline:trivial] [#"../../../creusot-contracts/src/std/iter/map_inv.rs" 36 4 36 67] (self : t_MapInv'0) (visited : Seq.seq t_B'0) (succ : t_MapInv'0) = - [%#smap_inv3] unnest'0 self.t_MapInv__func'0 succ.t_MapInv__func'0 - /\ (exists fs : Seq.seq (borrowed t_F'0) . inv'1 fs - /\ Seq.length fs = Seq.length visited - /\ (exists s : Seq.seq t_Item'0 . inv'2 s - /\ Seq.length s = Seq.length visited + [%#smap_inv2] unnest'0 self.t_MapInv__func'0 succ.t_MapInv__func'0 + /\ (exists fs : Seq.seq (borrowed t_F'0) . Seq.length fs = Seq.length visited + /\ (exists s : Seq.seq t_Item'0 . Seq.length s = Seq.length visited /\ produces'1 self.t_MapInv__iter'0 s succ.t_MapInv__iter'0 /\ Snapshot.inner succ.t_MapInv__produced'0 = Seq.(++) (Snapshot.inner self.t_MapInv__produced'0) s /\ (forall i : int . 1 <= i /\ i < Seq.length fs -> (Seq.get fs (i - 1)).final = (Seq.get fs i).current) @@ -3306,44 +2716,27 @@ module M_creusot_contracts__stdqy35z1__iter__map_inv__qyi9026772487048432788__pr constant self : t_MapInv'0 - function produces_refl'0 [#"../../../creusot-contracts/src/std/iter/map_inv.rs" 25 4 25 26] (self : t_MapInv'0) : () - - goal vc_produces_refl'0 : ([%#smap_inv0] inv'0 self) - -> ([%#smap_inv1] produces'0 self (Seq.empty : Seq.seq t_B'0) self) -end -module M_creusot_contracts__stdqy35z1__iter__map_inv__qyi9026772487048432788__produces_trans [#"../../../creusot-contracts/src/std/iter/map_inv.rs" 35 4 35 90] (* ::Item, F> as std::iter::Iterator> *) - let%span smap_inv0 = "../../../creusot-contracts/src/std/iter/map_inv.rs" 29 15 29 21 - let%span smap_inv1 = "../../../creusot-contracts/src/std/iter/map_inv.rs" 30 15 30 21 - let%span smap_inv2 = "../../../creusot-contracts/src/std/iter/map_inv.rs" 31 15 31 21 - let%span smap_inv3 = "../../../creusot-contracts/src/std/iter/map_inv.rs" 32 15 32 32 - let%span smap_inv4 = "../../../creusot-contracts/src/std/iter/map_inv.rs" 33 15 33 32 - let%span smap_inv5 = "../../../creusot-contracts/src/std/iter/map_inv.rs" 34 14 34 42 - let%span smap_inv6 = "../../../creusot-contracts/src/std/iter/map_inv.rs" 27 4 27 10 - let%span smap_inv7 = "../../../creusot-contracts/src/std/iter/map_inv.rs" 41 8 54 9 - let%span smap_inv8 = "../../../creusot-contracts/src/std/iter/map_inv.rs" 80 12 82 73 - let%span sops9 = "../../../creusot-contracts/src/std/ops.rs" 109 15 109 59 - let%span sops10 = "../../../creusot-contracts/src/std/ops.rs" 110 14 110 36 - let%span sops11 = "../../../creusot-contracts/src/std/ops.rs" 115 14 115 31 - let%span sops12 = "../../../creusot-contracts/src/std/ops.rs" 120 15 120 29 - let%span sops13 = "../../../creusot-contracts/src/std/ops.rs" 121 15 121 26 - let%span sops14 = "../../../creusot-contracts/src/std/ops.rs" 122 14 122 28 - let%span sops15 = "../../../creusot-contracts/src/std/ops.rs" 127 14 128 105 - let%span siter16 = "../../../creusot-contracts/src/std/iter.rs" 38 15 38 24 - let%span siter17 = "../../../creusot-contracts/src/std/iter.rs" 39 14 39 45 - let%span siter18 = "../../../creusot-contracts/src/std/iter.rs" 43 15 43 21 - let%span siter19 = "../../../creusot-contracts/src/std/iter.rs" 44 15 44 21 - let%span siter20 = "../../../creusot-contracts/src/std/iter.rs" 45 15 45 21 - let%span siter21 = "../../../creusot-contracts/src/std/iter.rs" 46 15 46 32 - let%span siter22 = "../../../creusot-contracts/src/std/iter.rs" 47 15 47 32 - let%span siter23 = "../../../creusot-contracts/src/std/iter.rs" 48 14 48 42 - let%span smap_inv24 = "../../../creusot-contracts/src/std/iter/map_inv.rs" 159 12 163 47 - let%span smap_inv25 = "../../../creusot-contracts/src/std/iter/map_inv.rs" 130 14 130 81 - let%span smap_inv26 = "../../../creusot-contracts/src/std/iter/map_inv.rs" 133 12 138 88 - let%span smap_inv27 = "../../../creusot-contracts/src/std/iter/map_inv.rs" 123 12 125 63 - let%span sseq28 = "../../../creusot-contracts/src/logic/seq.rs" 611 20 611 95 - let%span smap_inv29 = "../../../creusot-contracts/src/std/iter/map_inv.rs" 146 12 151 71 - let%span sinvariant30 = "../../../creusot-contracts/src/invariant.rs" 34 20 34 44 - let%span sboxed31 = "../../../creusot-contracts/src/std/boxed.rs" 28 8 28 18 + function produces_refl'0 [#"../../../creusot-contracts/src/std/iter/map_inv.rs" 24 4 24 26] (self : t_MapInv'0) : () + + goal vc_produces_refl'0 : [%#smap_inv0] produces'0 self (Seq.empty : Seq.seq t_B'0) self +end +module M_creusot_contracts__stdqy35z1__iter__map_inv__qyi9026772487048432788__produces_trans [#"../../../creusot-contracts/src/std/iter/map_inv.rs" 31 4 31 90] (* ::Item, F> as std::iter::Iterator> *) + let%span smap_inv0 = "../../../creusot-contracts/src/std/iter/map_inv.rs" 28 15 28 32 + let%span smap_inv1 = "../../../creusot-contracts/src/std/iter/map_inv.rs" 29 15 29 32 + let%span smap_inv2 = "../../../creusot-contracts/src/std/iter/map_inv.rs" 30 14 30 42 + let%span smap_inv3 = "../../../creusot-contracts/src/std/iter/map_inv.rs" 26 4 26 10 + let%span smap_inv4 = "../../../creusot-contracts/src/std/iter/map_inv.rs" 37 8 49 9 + let%span sops5 = "../../../creusot-contracts/src/std/ops.rs" 109 15 109 59 + let%span sops6 = "../../../creusot-contracts/src/std/ops.rs" 110 14 110 36 + let%span sops7 = "../../../creusot-contracts/src/std/ops.rs" 115 14 115 31 + let%span sops8 = "../../../creusot-contracts/src/std/ops.rs" 120 15 120 29 + let%span sops9 = "../../../creusot-contracts/src/std/ops.rs" 121 15 121 26 + let%span sops10 = "../../../creusot-contracts/src/std/ops.rs" 122 14 122 28 + let%span sops11 = "../../../creusot-contracts/src/std/ops.rs" 127 14 128 105 + let%span siter12 = "../../../creusot-contracts/src/std/iter.rs" 38 14 38 45 + let%span siter13 = "../../../creusot-contracts/src/std/iter.rs" 42 15 42 32 + let%span siter14 = "../../../creusot-contracts/src/std/iter.rs" 43 15 43 32 + let%span siter15 = "../../../creusot-contracts/src/std/iter.rs" 44 14 44 42 type t_I'0 @@ -3358,91 +2751,15 @@ module M_creusot_contracts__stdqy35z1__iter__map_inv__qyi9026772487048432788__pr type t_MapInv'0 = { t_MapInv__iter'0: t_I'0; t_MapInv__func'0: t_F'0; t_MapInv__produced'0: Snapshot.snap_ty (Seq.seq t_Item'0) } - use prelude.prelude.Borrow - - predicate inv'3 [#"../../../creusot-contracts/src/invariant.rs" 41 0 41 35] (_1 : t_I'0) - - predicate invariant'3 [#"../../../creusot-contracts/src/invariant.rs" 33 4 33 30] (self : borrowed t_I'0) = - [%#sinvariant30] inv'3 self.current /\ inv'3 self.final - - predicate inv'5 [#"../../../creusot-contracts/src/invariant.rs" 41 0 41 35] (_1 : borrowed t_I'0) - - axiom inv_axiom'3 [@rewrite] : forall x : borrowed t_I'0 [inv'5 x] . inv'5 x = invariant'3 x - - predicate inv'4 [#"../../../creusot-contracts/src/invariant.rs" 41 0 41 35] (_1 : t_F'0) - - use seq.Seq - - use seq.Seq - - predicate produces'1 [#"../../../creusot-contracts/src/std/iter.rs" 32 4 32 65] (self : t_I'0) (visited : Seq.seq t_Item'0) (o : t_I'0) - - - function produces_trans'1 [#"../../../creusot-contracts/src/std/iter.rs" 49 4 49 91] (a : t_I'0) (ab : Seq.seq t_Item'0) (b : t_I'0) (bc : Seq.seq t_Item'0) (c : t_I'0) : () - - - axiom produces_trans'1_spec : forall a : t_I'0, ab : Seq.seq t_Item'0, b : t_I'0, bc : Seq.seq t_Item'0, c : t_I'0 . ([%#siter18] inv'3 a) - -> ([%#siter19] inv'3 b) - -> ([%#siter20] inv'3 c) - -> ([%#siter21] produces'1 a ab b) - -> ([%#siter22] produces'1 b bc c) -> ([%#siter23] produces'1 a (Seq.(++) ab bc) c) - - function produces_refl'0 [#"../../../creusot-contracts/src/std/iter.rs" 40 4 40 27] (self : t_I'0) : () - - axiom produces_refl'0_spec : forall self : t_I'0 . ([%#siter16] inv'3 self) - -> ([%#siter17] produces'1 self (Seq.empty : Seq.seq t_Item'0) self) - - predicate completed'0 [#"../../../creusot-contracts/src/std/iter.rs" 35 4 35 36] (self : borrowed t_I'0) - - predicate inv'6 [#"../../../creusot-contracts/src/invariant.rs" 41 0 41 35] (_1 : t_Item'0) - - use seq.Seq - - use prelude.prelude.Snapshot - - predicate precondition'0 [#"../../../creusot-contracts/src/std/ops.rs" 77 4 77 45] (self : t_F'0) (args : (t_Item'0, Snapshot.snap_ty (Seq.seq t_Item'0))) - - - predicate next_precondition'0 [#"../../../creusot-contracts/src/std/iter/map_inv.rs" 121 4 121 78] (iter : t_I'0) (func : t_F'0) (produced : Seq.seq t_Item'0) - - = - [%#smap_inv27] forall e : t_Item'0, i : t_I'0 . inv'6 e /\ inv'3 i /\ produces'1 iter (Seq.singleton e) i - -> precondition'0 func (e, Snapshot.new produced) - type t_B'0 - use prelude.prelude.Int - use seq.Seq - use seq.Seq - - predicate invariant'6 [#"../../../creusot-contracts/src/std/boxed.rs" 27 4 27 30] (self : t_Item'0) = - [%#sboxed31] inv'6 self - - predicate inv'10 [#"../../../creusot-contracts/src/invariant.rs" 41 0 41 35] (_1 : t_Item'0) - - axiom inv_axiom'6 [@rewrite] : forall x : t_Item'0 [inv'10 x] . inv'10 x = invariant'6 x - - predicate invariant'2 [#"../../../creusot-contracts/src/logic/seq.rs" 610 4 610 30] (self : Seq.seq t_Item'0) = - [%#sseq28] forall i : int . 0 <= i /\ i < Seq.length self -> inv'10 (Seq.get self i) - - predicate inv'2 [#"../../../creusot-contracts/src/invariant.rs" 41 0 41 35] (_1 : Seq.seq t_Item'0) - - axiom inv_axiom'2 [@rewrite] : forall x : Seq.seq t_Item'0 [inv'2 x] . inv'2 x = invariant'2 x - - predicate invariant'4 [#"../../../creusot-contracts/src/invariant.rs" 33 4 33 30] (self : borrowed t_F'0) = - [%#sinvariant30] inv'4 self.current /\ inv'4 self.final - - predicate inv'7 [#"../../../creusot-contracts/src/invariant.rs" 41 0 41 35] (_1 : borrowed t_F'0) - - axiom inv_axiom'4 [@rewrite] : forall x : borrowed t_F'0 [inv'7 x] . inv'7 x = invariant'4 x - - predicate inv'8 [#"../../../creusot-contracts/src/invariant.rs" 41 0 41 35] (_1 : t_B'0) - predicate postcondition_once'0 [#"../../../creusot-contracts/src/std/ops.rs" 85 4 85 73] (self : t_F'0) (args : (t_Item'0, Snapshot.snap_ty (Seq.seq t_Item'0))) (result : t_B'0) + use prelude.prelude.Borrow + predicate resolve'0 [#"../../../creusot-contracts/src/resolve.rs" 19 0 19 40] (_1 : t_F'0) predicate postcondition_mut'0 [#"../../../creusot-contracts/src/std/ops.rs" 95 4 95 92] (self : t_F'0) (args : (t_Item'0, Snapshot.snap_ty (Seq.seq t_Item'0))) (result_state : t_F'0) (result : t_B'0) @@ -3451,71 +2768,26 @@ module M_creusot_contracts__stdqy35z1__iter__map_inv__qyi9026772487048432788__pr function fn_mut_once'0 [#"../../../creusot-contracts/src/std/ops.rs" 129 4 129 55] (self : t_F'0) (args : (t_Item'0, Snapshot.snap_ty (Seq.seq t_Item'0))) (res : t_B'0) : () - axiom fn_mut_once'0_spec : forall self : t_F'0, args : (t_Item'0, Snapshot.snap_ty (Seq.seq t_Item'0)), res : t_B'0 . [%#sops15] postcondition_once'0 self args res + axiom fn_mut_once'0_spec : forall self : t_F'0, args : (t_Item'0, Snapshot.snap_ty (Seq.seq t_Item'0)), res : t_B'0 . [%#sops11] postcondition_once'0 self args res = (exists res_state : t_F'0 . postcondition_mut'0 self args res_state res /\ resolve'0 res_state) - predicate unnest'0 [#"../../../creusot-contracts/src/std/ops.rs" 103 4 103 36] (self : t_F'0) (_2 : t_F'0) - - function unnest_trans'0 [#"../../../creusot-contracts/src/std/ops.rs" 123 4 123 43] (self : t_F'0) (b : t_F'0) (c : t_F'0) : () - - - axiom unnest_trans'0_spec : forall self : t_F'0, b : t_F'0, c : t_F'0 . ([%#sops12] unnest'0 self b) - -> ([%#sops13] unnest'0 b c) -> ([%#sops14] unnest'0 self c) - - function unnest_refl'0 [#"../../../creusot-contracts/src/std/ops.rs" 116 4 116 24] (self : t_F'0) : () - - axiom unnest_refl'0_spec : forall self : t_F'0 . [%#sops11] unnest'0 self self - - function postcondition_mut_unnest'0 [#"../../../creusot-contracts/src/std/ops.rs" 111 4 111 85] (self : t_F'0) (args : (t_Item'0, Snapshot.snap_ty (Seq.seq t_Item'0))) (res_state : t_F'0) (res : t_B'0) : () - - - axiom postcondition_mut_unnest'0_spec : forall self : t_F'0, args : (t_Item'0, Snapshot.snap_ty (Seq.seq t_Item'0)), res_state : t_F'0, res : t_B'0 . ([%#sops9] postcondition_mut'0 self args res_state res) - -> ([%#sops10] unnest'0 self res_state) - - use seq.Seq - - predicate preservation'0 [#"../../../creusot-contracts/src/std/iter/map_inv.rs" 144 4 144 49] (iter : t_I'0) (func : t_F'0) - - = - [%#smap_inv29] forall s : Seq.seq t_Item'0, e1 : t_Item'0, e2 : t_Item'0, f : borrowed t_F'0, b : t_B'0, i : t_I'0 . inv'2 s - /\ inv'6 e1 /\ inv'6 e2 /\ inv'7 f /\ inv'8 b /\ inv'3 i /\ unnest'0 func f.current - -> produces'1 iter (Seq.snoc (Seq.snoc s e1) e2) i - -> precondition'0 f.current (e1, Snapshot.new s) - -> postcondition_mut'0 f.current (e1, Snapshot.new s) f.final b - -> precondition'0 f.final (e2, Snapshot.new (Seq.snoc s e1)) - - predicate reinitialize'0 [#"../../../creusot-contracts/src/std/iter/map_inv.rs" 157 4 157 33] (_1 : ()) = - [%#smap_inv24] forall iter : borrowed t_I'0, func : t_F'0 . inv'5 iter /\ inv'4 func - -> completed'0 iter - -> next_precondition'0 iter.final func (Seq.empty : Seq.seq t_Item'0) /\ preservation'0 iter.final func - - use prelude.prelude.Snapshot + predicate unnest'0 [#"../../../creusot-contracts/src/std/ops.rs" 103 4 103 36] (self : t_F'0) (_2 : t_F'0) - predicate preservation_inv'0 [#"../../../creusot-contracts/src/std/iter/map_inv.rs" 131 4 131 73] (iter : t_I'0) (func : t_F'0) (produced : Seq.seq t_Item'0) + function unnest_trans'0 [#"../../../creusot-contracts/src/std/ops.rs" 123 4 123 43] (self : t_F'0) (b : t_F'0) (c : t_F'0) : () - = - [%#smap_inv26] forall s : Seq.seq t_Item'0, e1 : t_Item'0, e2 : t_Item'0, f : borrowed t_F'0, b : t_B'0, i : t_I'0 . inv'2 s - /\ inv'6 e1 /\ inv'6 e2 /\ inv'7 f /\ inv'8 b /\ inv'3 i /\ unnest'0 func f.current - -> produces'1 iter (Seq.snoc (Seq.snoc s e1) e2) i - -> precondition'0 f.current (e1, Snapshot.new (Seq.(++) produced s)) - -> postcondition_mut'0 f.current (e1, Snapshot.new (Seq.(++) produced s)) f.final b - -> precondition'0 f.final (e2, Snapshot.new (Seq.snoc (Seq.(++) produced s) e1)) - axiom preservation_inv'0_spec : forall iter : t_I'0, func : t_F'0, produced : Seq.seq t_Item'0 . [%#smap_inv25] produced - = (Seq.empty : Seq.seq t_Item'0) -> preservation_inv'0 iter func produced = preservation'0 iter func + axiom unnest_trans'0_spec : forall self : t_F'0, b : t_F'0, c : t_F'0 . ([%#sops8] unnest'0 self b) + -> ([%#sops9] unnest'0 b c) -> ([%#sops10] unnest'0 self c) - predicate invariant'0 [#"../../../creusot-contracts/src/std/iter/map_inv.rs" 78 4 78 30] (self : t_MapInv'0) = - [%#smap_inv8] reinitialize'0 () - /\ preservation_inv'0 self.t_MapInv__iter'0 self.t_MapInv__func'0 (Snapshot.inner self.t_MapInv__produced'0) - /\ next_precondition'0 self.t_MapInv__iter'0 self.t_MapInv__func'0 (Snapshot.inner self.t_MapInv__produced'0) + function unnest_refl'0 [#"../../../creusot-contracts/src/std/ops.rs" 116 4 116 24] (self : t_F'0) : () - predicate inv'0 [#"../../../creusot-contracts/src/invariant.rs" 41 0 41 35] (_1 : t_MapInv'0) + axiom unnest_refl'0_spec : forall self : t_F'0 . [%#sops7] unnest'0 self self - axiom inv_axiom'0 [@rewrite] : forall x : t_MapInv'0 [inv'0 x] . inv'0 x - = (invariant'0 x - /\ match x with - | {t_MapInv__iter'0 = iter ; t_MapInv__func'0 = func ; t_MapInv__produced'0 = produced} -> inv'3 iter /\ inv'4 func - end) + function postcondition_mut_unnest'0 [#"../../../creusot-contracts/src/std/ops.rs" 111 4 111 85] (self : t_F'0) (args : (t_Item'0, Snapshot.snap_ty (Seq.seq t_Item'0))) (res_state : t_F'0) (res : t_B'0) : () + + + axiom postcondition_mut_unnest'0_spec : forall self : t_F'0, args : (t_Item'0, Snapshot.snap_ty (Seq.seq t_Item'0)), res_state : t_F'0, res : t_B'0 . ([%#sops5] postcondition_mut'0 self args res_state res) + -> ([%#sops6] unnest'0 self res_state) use seq.Seq @@ -3525,41 +2797,48 @@ module M_creusot_contracts__stdqy35z1__iter__map_inv__qyi9026772487048432788__pr use seq.Seq - predicate invariant'5 [#"../../../creusot-contracts/src/std/boxed.rs" 27 4 27 30] (self : borrowed t_F'0) = - [%#sboxed31] inv'7 self + use seq.Seq + + use seq.Seq - predicate inv'9 [#"../../../creusot-contracts/src/invariant.rs" 41 0 41 35] (_1 : borrowed t_F'0) + predicate produces'1 [#"../../../creusot-contracts/src/std/iter.rs" 32 4 32 65] (self : t_I'0) (visited : Seq.seq t_Item'0) (o : t_I'0) + - axiom inv_axiom'5 [@rewrite] : forall x : borrowed t_F'0 [inv'9 x] . inv'9 x = invariant'5 x + function produces_trans'1 [#"../../../creusot-contracts/src/std/iter.rs" 45 4 45 91] (a : t_I'0) (ab : Seq.seq t_Item'0) (b : t_I'0) (bc : Seq.seq t_Item'0) (c : t_I'0) : () + - predicate invariant'1 [#"../../../creusot-contracts/src/logic/seq.rs" 610 4 610 30] (self : Seq.seq (borrowed t_F'0)) - = - [%#sseq28] forall i : int . 0 <= i /\ i < Seq.length self -> inv'9 (Seq.get self i) + axiom produces_trans'1_spec : forall a : t_I'0, ab : Seq.seq t_Item'0, b : t_I'0, bc : Seq.seq t_Item'0, c : t_I'0 . ([%#siter13] produces'1 a ab b) + -> ([%#siter14] produces'1 b bc c) -> ([%#siter15] produces'1 a (Seq.(++) ab bc) c) - predicate inv'1 [#"../../../creusot-contracts/src/invariant.rs" 41 0 41 35] (_1 : Seq.seq (borrowed t_F'0)) + function produces_refl'0 [#"../../../creusot-contracts/src/std/iter.rs" 39 4 39 27] (self : t_I'0) : () - axiom inv_axiom'1 [@rewrite] : forall x : Seq.seq (borrowed t_F'0) [inv'1 x] . inv'1 x = invariant'1 x + axiom produces_refl'0_spec : forall self : t_I'0 . [%#siter12] produces'1 self (Seq.empty : Seq.seq t_Item'0) self - use seq.Seq + use prelude.prelude.Snapshot use prelude.prelude.Snapshot + use prelude.prelude.Int + use seq.Seq use seq.Seq use seq.Seq + use prelude.prelude.Snapshot + + predicate precondition'0 [#"../../../creusot-contracts/src/std/ops.rs" 77 4 77 45] (self : t_F'0) (args : (t_Item'0, Snapshot.snap_ty (Seq.seq t_Item'0))) + + use seq.Seq - predicate produces'0 [@inline:trivial] [#"../../../creusot-contracts/src/std/iter/map_inv.rs" 40 4 40 67] (self : t_MapInv'0) (visited : Seq.seq t_B'0) (succ : t_MapInv'0) + predicate produces'0 [@inline:trivial] [#"../../../creusot-contracts/src/std/iter/map_inv.rs" 36 4 36 67] (self : t_MapInv'0) (visited : Seq.seq t_B'0) (succ : t_MapInv'0) = - [%#smap_inv7] unnest'0 self.t_MapInv__func'0 succ.t_MapInv__func'0 - /\ (exists fs : Seq.seq (borrowed t_F'0) . inv'1 fs - /\ Seq.length fs = Seq.length visited - /\ (exists s : Seq.seq t_Item'0 . inv'2 s - /\ Seq.length s = Seq.length visited + [%#smap_inv4] unnest'0 self.t_MapInv__func'0 succ.t_MapInv__func'0 + /\ (exists fs : Seq.seq (borrowed t_F'0) . Seq.length fs = Seq.length visited + /\ (exists s : Seq.seq t_Item'0 . Seq.length s = Seq.length visited /\ produces'1 self.t_MapInv__iter'0 s succ.t_MapInv__iter'0 /\ Snapshot.inner succ.t_MapInv__produced'0 = Seq.(++) (Snapshot.inner self.t_MapInv__produced'0) s /\ (forall i : int . 1 <= i /\ i < Seq.length fs -> (Seq.get fs (i - 1)).final = (Seq.get fs i).current) @@ -3586,19 +2865,17 @@ module M_creusot_contracts__stdqy35z1__iter__map_inv__qyi9026772487048432788__pr constant c : t_MapInv'0 - function produces_trans'0 [#"../../../creusot-contracts/src/std/iter/map_inv.rs" 35 4 35 90] (a : t_MapInv'0) (ab : Seq.seq t_B'0) (b : t_MapInv'0) (bc : Seq.seq t_B'0) (c : t_MapInv'0) : () + function produces_trans'0 [#"../../../creusot-contracts/src/std/iter/map_inv.rs" 31 4 31 90] (a : t_MapInv'0) (ab : Seq.seq t_B'0) (b : t_MapInv'0) (bc : Seq.seq t_B'0) (c : t_MapInv'0) : () - goal vc_produces_trans'0 : ([%#smap_inv4] produces'0 b bc c) - -> ([%#smap_inv3] produces'0 a ab b) - -> ([%#smap_inv2] inv'0 c) - -> ([%#smap_inv1] inv'0 b) -> ([%#smap_inv0] inv'0 a) -> ([%#smap_inv5] produces'0 a (Seq.(++) ab bc) c) + goal vc_produces_trans'0 : ([%#smap_inv1] produces'0 b bc c) + -> ([%#smap_inv0] produces'0 a ab b) -> ([%#smap_inv2] produces'0 a (Seq.(++) ab bc) c) end -module M_creusot_contracts__stdqy35z1__iter__map_inv__qyi5691635635396426195__resolve_coherence [#"../../../creusot-contracts/src/std/iter/map_inv.rs" 69 4 69 31] (* as resolve::Resolve> *) - let%span smap_inv0 = "../../../creusot-contracts/src/std/iter/map_inv.rs" 67 15 67 39 - let%span smap_inv1 = "../../../creusot-contracts/src/std/iter/map_inv.rs" 68 14 68 31 - let%span smap_inv2 = "../../../creusot-contracts/src/std/iter/map_inv.rs" 65 4 65 23 - let%span smap_inv3 = "../../../creusot-contracts/src/std/iter/map_inv.rs" 62 8 62 50 +module M_creusot_contracts__stdqy35z1__iter__map_inv__qyi5691635635396426195__resolve_coherence [#"../../../creusot-contracts/src/std/iter/map_inv.rs" 64 4 64 31] (* as resolve::Resolve> *) + let%span smap_inv0 = "../../../creusot-contracts/src/std/iter/map_inv.rs" 62 15 62 39 + let%span smap_inv1 = "../../../creusot-contracts/src/std/iter/map_inv.rs" 63 14 63 31 + let%span smap_inv2 = "../../../creusot-contracts/src/std/iter/map_inv.rs" 60 4 60 23 + let%span smap_inv3 = "../../../creusot-contracts/src/std/iter/map_inv.rs" 57 8 57 50 use prelude.prelude.Borrow @@ -3629,78 +2906,64 @@ module M_creusot_contracts__stdqy35z1__iter__map_inv__qyi5691635635396426195__re /\ resolve'2 x1 /\ resolve'3 x0 end - predicate resolve'0 [#"../../../creusot-contracts/src/std/iter/map_inv.rs" 61 4 61 28] (self : t_MapInv'0) = + predicate resolve'0 [#"../../../creusot-contracts/src/std/iter/map_inv.rs" 56 4 56 28] (self : t_MapInv'0) = [%#smap_inv3] resolve'3 self.t_MapInv__iter'0 /\ resolve'2 self.t_MapInv__func'0 constant self : t_MapInv'0 - function resolve_coherence'0 [#"../../../creusot-contracts/src/std/iter/map_inv.rs" 69 4 69 31] (self : t_MapInv'0) : () + function resolve_coherence'0 [#"../../../creusot-contracts/src/std/iter/map_inv.rs" 64 4 64 31] (self : t_MapInv'0) : () goal vc_resolve_coherence'0 : ([%#smap_inv0] structural_resolve'0 self) -> ([%#smap_inv1] resolve'0 self) end -module M_creusot_contracts__stdqy35z1__iter__map_inv__qyi4413682431414748756__next [#"../../../creusot-contracts/src/std/iter/map_inv.rs" 96 4 96 44] (* ::Item, F> as std::iter::Iterator> *) - let%span smap_inv0 = "../../../creusot-contracts/src/std/iter/map_inv.rs" 97 39 97 58 - let%span smap_inv1 = "../../../creusot-contracts/src/std/iter/map_inv.rs" 100 16 100 76 - let%span smap_inv2 = "../../../creusot-contracts/src/std/iter/map_inv.rs" 101 31 101 71 - let%span smap_inv3 = "../../../creusot-contracts/src/std/iter/map_inv.rs" 105 38 105 88 - let%span smap_inv4 = "../../../creusot-contracts/src/std/iter/map_inv.rs" 106 32 106 63 - let%span smap_inv5 = "../../../creusot-contracts/src/std/iter/map_inv.rs" 111 32 111 56 - let%span smap_inv6 = "../../../creusot-contracts/src/std/iter/map_inv.rs" 96 17 96 21 - let%span smap_inv7 = "../../../creusot-contracts/src/std/iter/map_inv.rs" 96 26 96 44 - let%span smap_inv8 = "../../../creusot-contracts/src/std/iter/map_inv.rs" 92 14 95 5 - let%span siter9 = "../../../creusot-contracts/src/std/iter.rs" 107 26 110 17 +module M_creusot_contracts__stdqy35z1__iter__map_inv__qyi4413682431414748756__next [#"../../../creusot-contracts/src/std/iter/map_inv.rs" 90 4 90 44] (* ::Item, F> as std::iter::Iterator> *) + let%span smap_inv0 = "../../../creusot-contracts/src/std/iter/map_inv.rs" 91 39 91 58 + let%span smap_inv1 = "../../../creusot-contracts/src/std/iter/map_inv.rs" 94 16 94 76 + let%span smap_inv2 = "../../../creusot-contracts/src/std/iter/map_inv.rs" 95 31 95 71 + let%span smap_inv3 = "../../../creusot-contracts/src/std/iter/map_inv.rs" 99 38 99 88 + let%span smap_inv4 = "../../../creusot-contracts/src/std/iter/map_inv.rs" 100 32 100 63 + let%span smap_inv5 = "../../../creusot-contracts/src/std/iter/map_inv.rs" 105 32 105 56 + let%span smap_inv6 = "../../../creusot-contracts/src/std/iter/map_inv.rs" 90 17 90 21 + let%span smap_inv7 = "../../../creusot-contracts/src/std/iter/map_inv.rs" 90 26 90 44 + let%span smap_inv8 = "../../../creusot-contracts/src/std/iter/map_inv.rs" 86 14 89 5 + let%span siter9 = "../../../creusot-contracts/src/std/iter.rs" 103 26 106 17 let%span sops10 = "../../../creusot-contracts/src/std/ops.rs" 162 27 162 52 let%span sops11 = "../../../creusot-contracts/src/std/ops.rs" 163 26 163 71 - let%span smap_inv12 = "../../../creusot-contracts/src/std/iter/map_inv.rs" 170 15 170 24 - let%span smap_inv13 = "../../../creusot-contracts/src/std/iter/map_inv.rs" 171 15 171 21 - let%span smap_inv14 = "../../../creusot-contracts/src/std/iter/map_inv.rs" 172 15 172 21 - let%span smap_inv15 = "../../../creusot-contracts/src/std/iter/map_inv.rs" 173 15 173 21 - let%span smap_inv16 = "../../../creusot-contracts/src/std/iter/map_inv.rs" 174 15 174 24 - let%span smap_inv17 = "../../../creusot-contracts/src/std/iter/map_inv.rs" 175 4 175 60 - let%span smap_inv18 = "../../../creusot-contracts/src/std/iter/map_inv.rs" 176 15 176 30 - let%span smap_inv19 = "../../../creusot-contracts/src/std/iter/map_inv.rs" 177 15 177 64 - let%span smap_inv20 = "../../../creusot-contracts/src/std/iter/map_inv.rs" 178 14 178 74 - let%span smap_inv21 = "../../../creusot-contracts/src/std/iter/map_inv.rs" 179 14 179 75 - let%span smap_inv22 = "../../../creusot-contracts/src/std/iter/map_inv.rs" 191 14 191 68 - let%span smap_inv23 = "../../../creusot-contracts/src/std/iter/map_inv.rs" 194 12 199 74 - let%span smap_inv24 = "../../../creusot-contracts/src/std/iter/map_inv.rs" 15 8 18 9 - let%span smap_inv25 = "../../../creusot-contracts/src/std/iter/map_inv.rs" 130 14 130 81 - let%span smap_inv26 = "../../../creusot-contracts/src/std/iter/map_inv.rs" 133 12 138 88 - let%span smap_inv27 = "../../../creusot-contracts/src/std/iter/map_inv.rs" 123 12 125 63 - let%span smap_inv28 = "../../../creusot-contracts/src/std/iter/map_inv.rs" 41 8 54 9 - let%span sresolve29 = "../../../creusot-contracts/src/resolve.rs" 54 20 54 34 - let%span smap_inv30 = "../../../creusot-contracts/src/std/iter/map_inv.rs" 23 15 23 24 - let%span smap_inv31 = "../../../creusot-contracts/src/std/iter/map_inv.rs" 24 14 24 45 - let%span smap_inv32 = "../../../creusot-contracts/src/std/iter/map_inv.rs" 21 4 21 10 - let%span smap_inv33 = "../../../creusot-contracts/src/std/iter/map_inv.rs" 29 15 29 21 - let%span smap_inv34 = "../../../creusot-contracts/src/std/iter/map_inv.rs" 30 15 30 21 - let%span smap_inv35 = "../../../creusot-contracts/src/std/iter/map_inv.rs" 31 15 31 21 - let%span smap_inv36 = "../../../creusot-contracts/src/std/iter/map_inv.rs" 32 15 32 32 - let%span smap_inv37 = "../../../creusot-contracts/src/std/iter/map_inv.rs" 33 15 33 32 - let%span smap_inv38 = "../../../creusot-contracts/src/std/iter/map_inv.rs" 34 14 34 42 - let%span smap_inv39 = "../../../creusot-contracts/src/std/iter/map_inv.rs" 27 4 27 10 - let%span siter40 = "../../../creusot-contracts/src/std/iter.rs" 38 15 38 24 - let%span siter41 = "../../../creusot-contracts/src/std/iter.rs" 39 14 39 45 - let%span siter42 = "../../../creusot-contracts/src/std/iter.rs" 43 15 43 21 - let%span siter43 = "../../../creusot-contracts/src/std/iter.rs" 44 15 44 21 - let%span siter44 = "../../../creusot-contracts/src/std/iter.rs" 45 15 45 21 - let%span siter45 = "../../../creusot-contracts/src/std/iter.rs" 46 15 46 32 - let%span siter46 = "../../../creusot-contracts/src/std/iter.rs" 47 15 47 32 - let%span siter47 = "../../../creusot-contracts/src/std/iter.rs" 48 14 48 42 - let%span sops48 = "../../../creusot-contracts/src/std/ops.rs" 109 15 109 59 - let%span sops49 = "../../../creusot-contracts/src/std/ops.rs" 110 14 110 36 - let%span sops50 = "../../../creusot-contracts/src/std/ops.rs" 115 14 115 31 - let%span sops51 = "../../../creusot-contracts/src/std/ops.rs" 120 15 120 29 - let%span sops52 = "../../../creusot-contracts/src/std/ops.rs" 121 15 121 26 - let%span sops53 = "../../../creusot-contracts/src/std/ops.rs" 122 14 122 28 - let%span sops54 = "../../../creusot-contracts/src/std/ops.rs" 127 14 128 105 - let%span smap_inv55 = "../../../creusot-contracts/src/std/iter/map_inv.rs" 146 12 151 71 - let%span sinvariant56 = "../../../creusot-contracts/src/invariant.rs" 34 20 34 44 - let%span smap_inv57 = "../../../creusot-contracts/src/std/iter/map_inv.rs" 80 12 82 73 - let%span smap_inv58 = "../../../creusot-contracts/src/std/iter/map_inv.rs" 159 12 163 47 - let%span sseq59 = "../../../creusot-contracts/src/logic/seq.rs" 611 20 611 95 - let%span sboxed60 = "../../../creusot-contracts/src/std/boxed.rs" 28 8 28 18 + let%span smap_inv12 = "../../../creusot-contracts/src/std/iter/map_inv.rs" 163 15 163 31 + let%span smap_inv13 = "../../../creusot-contracts/src/std/iter/map_inv.rs" 164 4 164 60 + let%span smap_inv14 = "../../../creusot-contracts/src/std/iter/map_inv.rs" 165 15 165 30 + let%span smap_inv15 = "../../../creusot-contracts/src/std/iter/map_inv.rs" 166 15 166 64 + let%span smap_inv16 = "../../../creusot-contracts/src/std/iter/map_inv.rs" 167 14 167 74 + let%span smap_inv17 = "../../../creusot-contracts/src/std/iter/map_inv.rs" 168 14 168 75 + let%span smap_inv18 = "../../../creusot-contracts/src/std/iter/map_inv.rs" 179 14 179 68 + let%span smap_inv19 = "../../../creusot-contracts/src/std/iter/map_inv.rs" 182 12 187 74 + let%span smap_inv20 = "../../../creusot-contracts/src/std/iter/map_inv.rs" 15 8 18 9 + let%span smap_inv21 = "../../../creusot-contracts/src/std/iter/map_inv.rs" 74 12 76 73 + let%span smap_inv22 = "../../../creusot-contracts/src/std/iter/map_inv.rs" 124 14 124 81 + let%span smap_inv23 = "../../../creusot-contracts/src/std/iter/map_inv.rs" 127 12 132 88 + let%span smap_inv24 = "../../../creusot-contracts/src/std/iter/map_inv.rs" 117 12 119 63 + let%span smap_inv25 = "../../../creusot-contracts/src/std/iter/map_inv.rs" 37 8 49 9 + let%span sresolve26 = "../../../creusot-contracts/src/resolve.rs" 54 20 54 34 + let%span smap_inv27 = "../../../creusot-contracts/src/std/iter/map_inv.rs" 23 14 23 45 + let%span smap_inv28 = "../../../creusot-contracts/src/std/iter/map_inv.rs" 21 4 21 10 + let%span smap_inv29 = "../../../creusot-contracts/src/std/iter/map_inv.rs" 28 15 28 32 + let%span smap_inv30 = "../../../creusot-contracts/src/std/iter/map_inv.rs" 29 15 29 32 + let%span smap_inv31 = "../../../creusot-contracts/src/std/iter/map_inv.rs" 30 14 30 42 + let%span smap_inv32 = "../../../creusot-contracts/src/std/iter/map_inv.rs" 26 4 26 10 + let%span siter33 = "../../../creusot-contracts/src/std/iter.rs" 38 14 38 45 + let%span siter34 = "../../../creusot-contracts/src/std/iter.rs" 42 15 42 32 + let%span siter35 = "../../../creusot-contracts/src/std/iter.rs" 43 15 43 32 + let%span siter36 = "../../../creusot-contracts/src/std/iter.rs" 44 14 44 42 + let%span sops37 = "../../../creusot-contracts/src/std/ops.rs" 109 15 109 59 + let%span sops38 = "../../../creusot-contracts/src/std/ops.rs" 110 14 110 36 + let%span sops39 = "../../../creusot-contracts/src/std/ops.rs" 115 14 115 31 + let%span sops40 = "../../../creusot-contracts/src/std/ops.rs" 120 15 120 29 + let%span sops41 = "../../../creusot-contracts/src/std/ops.rs" 121 15 121 26 + let%span sops42 = "../../../creusot-contracts/src/std/ops.rs" 122 14 122 28 + let%span sops43 = "../../../creusot-contracts/src/std/ops.rs" 127 14 128 105 + let%span smap_inv44 = "../../../creusot-contracts/src/std/iter/map_inv.rs" 153 12 156 47 + let%span smap_inv45 = "../../../creusot-contracts/src/std/iter/map_inv.rs" 140 12 145 71 + let%span sinvariant46 = "../../../creusot-contracts/src/invariant.rs" 34 20 34 44 use prelude.prelude.Borrow @@ -3721,25 +2984,25 @@ module M_creusot_contracts__stdqy35z1__iter__map_inv__qyi4413682431414748756__ne type t_MapInv'0 = { t_MapInv__iter'0: t_I'0; t_MapInv__func'0: t_F'0; t_MapInv__produced'0: Snapshot.snap_ty (Seq.seq t_Item'0) } - predicate invariant'1 [#"../../../creusot-contracts/src/invariant.rs" 33 4 33 30] (self : borrowed t_I'0) = - [%#sinvariant56] inv'0 self.current /\ inv'0 self.final + predicate invariant'2 [#"../../../creusot-contracts/src/invariant.rs" 33 4 33 30] (self : borrowed t_I'0) = + [%#sinvariant46] inv'0 self.current /\ inv'0 self.final predicate inv'4 [#"../../../creusot-contracts/src/invariant.rs" 41 0 41 35] (_1 : borrowed t_I'0) - axiom inv_axiom'2 [@rewrite] : forall x : borrowed t_I'0 [inv'4 x] . inv'4 x = invariant'1 x + axiom inv_axiom'2 [@rewrite] : forall x : borrowed t_I'0 [inv'4 x] . inv'4 x = invariant'2 x type t_Option'0 = | C_None'0 | C_Some'0 t_Item'0 - predicate inv'10 [#"../../../creusot-contracts/src/invariant.rs" 41 0 41 35] (_1 : t_Item'0) + predicate inv'9 [#"../../../creusot-contracts/src/invariant.rs" 41 0 41 35] (_1 : t_Item'0) predicate inv'5 [#"../../../creusot-contracts/src/invariant.rs" 41 0 41 35] (_1 : t_Option'0) axiom inv_axiom'3 [@rewrite] : forall x : t_Option'0 [inv'5 x] . inv'5 x = match x with | C_None'0 -> true - | C_Some'0 a_0 -> inv'10 a_0 + | C_Some'0 a_0 -> inv'9 a_0 end use seq.Seq @@ -3749,19 +3012,15 @@ module M_creusot_contracts__stdqy35z1__iter__map_inv__qyi4413682431414748756__ne predicate produces'0 [#"../../../creusot-contracts/src/std/iter.rs" 32 4 32 65] (self : t_I'0) (visited : Seq.seq t_Item'0) (o : t_I'0) - function produces_trans'1 [#"../../../creusot-contracts/src/std/iter.rs" 49 4 49 91] (a : t_I'0) (ab : Seq.seq t_Item'0) (b : t_I'0) (bc : Seq.seq t_Item'0) (c : t_I'0) : () + function produces_trans'1 [#"../../../creusot-contracts/src/std/iter.rs" 45 4 45 91] (a : t_I'0) (ab : Seq.seq t_Item'0) (b : t_I'0) (bc : Seq.seq t_Item'0) (c : t_I'0) : () - axiom produces_trans'1_spec : forall a : t_I'0, ab : Seq.seq t_Item'0, b : t_I'0, bc : Seq.seq t_Item'0, c : t_I'0 . ([%#siter42] inv'0 a) - -> ([%#siter43] inv'0 b) - -> ([%#siter44] inv'0 c) - -> ([%#siter45] produces'0 a ab b) - -> ([%#siter46] produces'0 b bc c) -> ([%#siter47] produces'0 a (Seq.(++) ab bc) c) + axiom produces_trans'1_spec : forall a : t_I'0, ab : Seq.seq t_Item'0, b : t_I'0, bc : Seq.seq t_Item'0, c : t_I'0 . ([%#siter34] produces'0 a ab b) + -> ([%#siter35] produces'0 b bc c) -> ([%#siter36] produces'0 a (Seq.(++) ab bc) c) - function produces_refl'1 [#"../../../creusot-contracts/src/std/iter.rs" 40 4 40 27] (self : t_I'0) : () + function produces_refl'1 [#"../../../creusot-contracts/src/std/iter.rs" 39 4 39 27] (self : t_I'0) : () - axiom produces_refl'1_spec : forall self : t_I'0 . ([%#siter40] inv'0 self) - -> ([%#siter41] produces'0 self (Seq.empty : Seq.seq t_Item'0) self) + axiom produces_refl'1_spec : forall self : t_I'0 . [%#siter33] produces'0 self (Seq.empty : Seq.seq t_Item'0) self predicate completed'1 [#"../../../creusot-contracts/src/std/iter.rs" 35 4 35 36] (self : borrowed t_I'0) @@ -3793,18 +3052,18 @@ module M_creusot_contracts__stdqy35z1__iter__map_inv__qyi4413682431414748756__ne predicate inv'1 [#"../../../creusot-contracts/src/invariant.rs" 41 0 41 35] (_1 : t_F'0) - predicate invariant'2 [#"../../../creusot-contracts/src/invariant.rs" 33 4 33 30] (self : borrowed t_F'0) = - [%#sinvariant56] inv'1 self.current /\ inv'1 self.final + predicate invariant'3 [#"../../../creusot-contracts/src/invariant.rs" 33 4 33 30] (self : borrowed t_F'0) = + [%#sinvariant46] inv'1 self.current /\ inv'1 self.final predicate inv'6 [#"../../../creusot-contracts/src/invariant.rs" 41 0 41 35] (_1 : borrowed t_F'0) - axiom inv_axiom'4 [@rewrite] : forall x : borrowed t_F'0 [inv'6 x] . inv'6 x = invariant'2 x + axiom inv_axiom'4 [@rewrite] : forall x : borrowed t_F'0 [inv'6 x] . inv'6 x = invariant'3 x predicate inv'7 [#"../../../creusot-contracts/src/invariant.rs" 41 0 41 35] (_1 : (t_Item'0, Snapshot.snap_ty (Seq.seq t_Item'0))) axiom inv_axiom'5 [@rewrite] : forall x : (t_Item'0, Snapshot.snap_ty (Seq.seq t_Item'0)) [inv'7 x] . inv'7 x - = (let (x0, x1) = x in inv'10 x0) + = (let (x0, x1) = x in inv'9 x0) type t_B'0 @@ -3821,7 +3080,7 @@ module M_creusot_contracts__stdqy35z1__iter__map_inv__qyi4413682431414748756__ne function fn_mut_once'0 [#"../../../creusot-contracts/src/std/ops.rs" 129 4 129 55] (self : t_F'0) (args : (t_Item'0, Snapshot.snap_ty (Seq.seq t_Item'0))) (res : t_B'0) : () - axiom fn_mut_once'0_spec : forall self : t_F'0, args : (t_Item'0, Snapshot.snap_ty (Seq.seq t_Item'0)), res : t_B'0 . [%#sops54] postcondition_once'0 self args res + axiom fn_mut_once'0_spec : forall self : t_F'0, args : (t_Item'0, Snapshot.snap_ty (Seq.seq t_Item'0)), res : t_B'0 . [%#sops43] postcondition_once'0 self args res = (exists res_state : t_F'0 . postcondition_mut'0 self args res_state res /\ resolve'2 res_state) predicate unnest'0 [#"../../../creusot-contracts/src/std/ops.rs" 103 4 103 36] (self : t_F'0) (_2 : t_F'0) @@ -3829,18 +3088,18 @@ module M_creusot_contracts__stdqy35z1__iter__map_inv__qyi4413682431414748756__ne function unnest_trans'0 [#"../../../creusot-contracts/src/std/ops.rs" 123 4 123 43] (self : t_F'0) (b : t_F'0) (c : t_F'0) : () - axiom unnest_trans'0_spec : forall self : t_F'0, b : t_F'0, c : t_F'0 . ([%#sops51] unnest'0 self b) - -> ([%#sops52] unnest'0 b c) -> ([%#sops53] unnest'0 self c) + axiom unnest_trans'0_spec : forall self : t_F'0, b : t_F'0, c : t_F'0 . ([%#sops40] unnest'0 self b) + -> ([%#sops41] unnest'0 b c) -> ([%#sops42] unnest'0 self c) function unnest_refl'0 [#"../../../creusot-contracts/src/std/ops.rs" 116 4 116 24] (self : t_F'0) : () - axiom unnest_refl'0_spec : forall self : t_F'0 . [%#sops50] unnest'0 self self + axiom unnest_refl'0_spec : forall self : t_F'0 . [%#sops39] unnest'0 self self function postcondition_mut_unnest'0 [#"../../../creusot-contracts/src/std/ops.rs" 111 4 111 85] (self : t_F'0) (args : (t_Item'0, Snapshot.snap_ty (Seq.seq t_Item'0))) (res_state : t_F'0) (res : t_B'0) : () - axiom postcondition_mut_unnest'0_spec : forall self : t_F'0, args : (t_Item'0, Snapshot.snap_ty (Seq.seq t_Item'0)), res_state : t_F'0, res : t_B'0 . ([%#sops48] postcondition_mut'0 self args res_state res) - -> ([%#sops49] unnest'0 self res_state) + axiom postcondition_mut_unnest'0_spec : forall self : t_F'0, args : (t_Item'0, Snapshot.snap_ty (Seq.seq t_Item'0)), res_state : t_F'0, res : t_B'0 . ([%#sops37] postcondition_mut'0 self args res_state res) + -> ([%#sops38] unnest'0 self res_state) let rec call_mut'0 (self:borrowed t_F'0) (args:(t_Item'0, Snapshot.snap_ty (Seq.seq t_Item'0))) (return' (ret:t_B'0))= {[@expl:call_mut 'self' type invariant] inv'6 self} {[@expl:call_mut 'args' type invariant] inv'7 args} @@ -3851,86 +3110,51 @@ module M_creusot_contracts__stdqy35z1__iter__map_inv__qyi4413682431414748756__ne (! return' {result}) ] - predicate next_precondition'0 [#"../../../creusot-contracts/src/std/iter/map_inv.rs" 121 4 121 78] (iter : t_I'0) (func : t_F'0) (produced : Seq.seq t_Item'0) + predicate next_precondition'0 [#"../../../creusot-contracts/src/std/iter/map_inv.rs" 115 4 115 78] (iter : t_I'0) (func : t_F'0) (produced : Seq.seq t_Item'0) = - [%#smap_inv27] forall e : t_Item'0, i : t_I'0 . inv'10 e /\ inv'0 i /\ produces'0 iter (Seq.singleton e) i + [%#smap_inv24] forall e : t_Item'0, i : t_I'0 . produces'0 iter (Seq.singleton e) i -> precondition'0 func (e, Snapshot.new produced) - use prelude.prelude.Int - - use seq.Seq - - use seq.Seq - - predicate invariant'6 [#"../../../creusot-contracts/src/std/boxed.rs" 27 4 27 30] (self : t_Item'0) = - [%#sboxed60] inv'10 self - - predicate inv'13 [#"../../../creusot-contracts/src/invariant.rs" 41 0 41 35] (_1 : t_Item'0) - - axiom inv_axiom'9 [@rewrite] : forall x : t_Item'0 [inv'13 x] . inv'13 x = invariant'6 x - - predicate invariant'4 [#"../../../creusot-contracts/src/logic/seq.rs" 610 4 610 30] (self : Seq.seq t_Item'0) = - [%#sseq59] forall i : int . 0 <= i /\ i < Seq.length self -> inv'13 (Seq.get self i) - - predicate inv'11 [#"../../../creusot-contracts/src/invariant.rs" 41 0 41 35] (_1 : Seq.seq t_Item'0) - - axiom inv_axiom'7 [@rewrite] : forall x : Seq.seq t_Item'0 [inv'11 x] . inv'11 x = invariant'4 x - - predicate preservation'0 [#"../../../creusot-contracts/src/std/iter/map_inv.rs" 144 4 144 49] (iter : t_I'0) (func : t_F'0) + predicate preservation'0 [#"../../../creusot-contracts/src/std/iter/map_inv.rs" 138 4 138 49] (iter : t_I'0) (func : t_F'0) = - [%#smap_inv55] forall s : Seq.seq t_Item'0, e1 : t_Item'0, e2 : t_Item'0, f : borrowed t_F'0, b : t_B'0, i : t_I'0 . inv'11 s - /\ inv'10 e1 /\ inv'10 e2 /\ inv'6 f /\ inv'8 b /\ inv'0 i /\ unnest'0 func f.current + [%#smap_inv45] forall s : Seq.seq t_Item'0, e1 : t_Item'0, e2 : t_Item'0, f : borrowed t_F'0, b : t_B'0, i : t_I'0 . unnest'0 func f.current -> produces'0 iter (Seq.snoc (Seq.snoc s e1) e2) i -> precondition'0 f.current (e1, Snapshot.new s) -> postcondition_mut'0 f.current (e1, Snapshot.new s) f.final b -> precondition'0 f.final (e2, Snapshot.new (Seq.snoc s e1)) - predicate reinitialize'0 [#"../../../creusot-contracts/src/std/iter/map_inv.rs" 157 4 157 33] (_1 : ()) = - [%#smap_inv58] forall iter : borrowed t_I'0, func : t_F'0 . inv'4 iter /\ inv'1 func - -> completed'1 iter + predicate reinitialize'0 [#"../../../creusot-contracts/src/std/iter/map_inv.rs" 151 4 151 33] (_1 : ()) = + [%#smap_inv44] forall iter : borrowed t_I'0, func : t_F'0 . completed'1 iter -> next_precondition'0 iter.final func (Seq.empty : Seq.seq t_Item'0) /\ preservation'0 iter.final func - predicate preservation_inv'0 [#"../../../creusot-contracts/src/std/iter/map_inv.rs" 131 4 131 73] (iter : t_I'0) (func : t_F'0) (produced : Seq.seq t_Item'0) + predicate preservation_inv'0 [#"../../../creusot-contracts/src/std/iter/map_inv.rs" 125 4 125 73] (iter : t_I'0) (func : t_F'0) (produced : Seq.seq t_Item'0) = - [%#smap_inv26] forall s : Seq.seq t_Item'0, e1 : t_Item'0, e2 : t_Item'0, f : borrowed t_F'0, b : t_B'0, i : t_I'0 . inv'11 s - /\ inv'10 e1 /\ inv'10 e2 /\ inv'6 f /\ inv'8 b /\ inv'0 i /\ unnest'0 func f.current + [%#smap_inv23] forall s : Seq.seq t_Item'0, e1 : t_Item'0, e2 : t_Item'0, f : borrowed t_F'0, b : t_B'0, i : t_I'0 . unnest'0 func f.current -> produces'0 iter (Seq.snoc (Seq.snoc s e1) e2) i -> precondition'0 f.current (e1, Snapshot.new (Seq.(++) produced s)) -> postcondition_mut'0 f.current (e1, Snapshot.new (Seq.(++) produced s)) f.final b -> precondition'0 f.final (e2, Snapshot.new (Seq.snoc (Seq.(++) produced s) e1)) - axiom preservation_inv'0_spec : forall iter : t_I'0, func : t_F'0, produced : Seq.seq t_Item'0 . [%#smap_inv25] produced + axiom preservation_inv'0_spec : forall iter : t_I'0, func : t_F'0, produced : Seq.seq t_Item'0 . [%#smap_inv22] produced = (Seq.empty : Seq.seq t_Item'0) -> preservation_inv'0 iter func produced = preservation'0 iter func - predicate invariant'3 [#"../../../creusot-contracts/src/std/iter/map_inv.rs" 78 4 78 30] (self : t_MapInv'0) = - [%#smap_inv57] reinitialize'0 () + predicate invariant'0 [#"../../../creusot-contracts/src/std/iter/map_inv.rs" 72 4 72 30] (self : t_MapInv'0) = + [%#smap_inv21] reinitialize'0 () /\ preservation_inv'0 self.t_MapInv__iter'0 self.t_MapInv__func'0 (Snapshot.inner self.t_MapInv__produced'0) /\ next_precondition'0 self.t_MapInv__iter'0 self.t_MapInv__func'0 (Snapshot.inner self.t_MapInv__produced'0) - predicate inv'9 [#"../../../creusot-contracts/src/invariant.rs" 41 0 41 35] (_1 : t_MapInv'0) - - axiom inv_axiom'6 [@rewrite] : forall x : t_MapInv'0 [inv'9 x] . inv'9 x - = (invariant'3 x - /\ match x with - | {t_MapInv__iter'0 = iter ; t_MapInv__func'0 = func ; t_MapInv__produced'0 = produced} -> inv'0 iter /\ inv'1 func - end) - - function produces_one_invariant'0 [#"../../../creusot-contracts/src/std/iter/map_inv.rs" 180 4 180 73] (self : t_MapInv'0) (e : t_Item'0) (r : t_B'0) (f : borrowed t_F'0) (iter : t_I'0) : () + function produces_one_invariant'0 [#"../../../creusot-contracts/src/std/iter/map_inv.rs" 169 4 169 73] (self : t_MapInv'0) (e : t_Item'0) (r : t_B'0) (f : borrowed t_F'0) (iter : t_I'0) : () - axiom produces_one_invariant'0_spec : forall self : t_MapInv'0, e : t_Item'0, r : t_B'0, f : borrowed t_F'0, iter : t_I'0 . ([%#smap_inv12] inv'9 self) - -> ([%#smap_inv13] inv'10 e) - -> ([%#smap_inv14] inv'8 r) - -> ([%#smap_inv15] inv'6 f) - -> ([%#smap_inv16] inv'0 iter) - -> ([%#smap_inv17] produces'0 self.t_MapInv__iter'0 (Seq.singleton e) iter) - -> ([%#smap_inv18] f.current = self.t_MapInv__func'0) - -> ([%#smap_inv19] postcondition_mut'0 f.current (e, self.t_MapInv__produced'0) f.final r) - -> ([%#smap_inv20] preservation_inv'0 iter f.final (Seq.snoc (Snapshot.inner self.t_MapInv__produced'0) e)) - && ([%#smap_inv21] next_precondition'0 iter f.final (Seq.snoc (Snapshot.inner self.t_MapInv__produced'0) e)) + axiom produces_one_invariant'0_spec : forall self : t_MapInv'0, e : t_Item'0, r : t_B'0, f : borrowed t_F'0, iter : t_I'0 . ([%#smap_inv12] invariant'0 self) + -> ([%#smap_inv13] produces'0 self.t_MapInv__iter'0 (Seq.singleton e) iter) + -> ([%#smap_inv14] f.current = self.t_MapInv__func'0) + -> ([%#smap_inv15] postcondition_mut'0 f.current (e, self.t_MapInv__produced'0) f.final r) + -> ([%#smap_inv16] preservation_inv'0 iter f.final (Seq.snoc (Snapshot.inner self.t_MapInv__produced'0) e)) + && ([%#smap_inv17] next_precondition'0 iter f.final (Seq.snoc (Snapshot.inner self.t_MapInv__produced'0) e)) use prelude.prelude.Snapshot @@ -3950,25 +3174,12 @@ module M_creusot_contracts__stdqy35z1__iter__map_inv__qyi4413682431414748756__ne use seq.Seq - predicate invariant'7 [#"../../../creusot-contracts/src/std/boxed.rs" 27 4 27 30] (self : borrowed t_F'0) = - [%#sboxed60] inv'6 self - - predicate inv'14 [#"../../../creusot-contracts/src/invariant.rs" 41 0 41 35] (_1 : borrowed t_F'0) - - axiom inv_axiom'10 [@rewrite] : forall x : borrowed t_F'0 [inv'14 x] . inv'14 x = invariant'7 x - - predicate invariant'5 [#"../../../creusot-contracts/src/logic/seq.rs" 610 4 610 30] (self : Seq.seq (borrowed t_F'0)) - = - [%#sseq59] forall i : int . 0 <= i /\ i < Seq.length self -> inv'14 (Seq.get self i) - - predicate inv'12 [#"../../../creusot-contracts/src/invariant.rs" 41 0 41 35] (_1 : Seq.seq (borrowed t_F'0)) - - axiom inv_axiom'8 [@rewrite] : forall x : Seq.seq (borrowed t_F'0) [inv'12 x] . inv'12 x = invariant'5 x - use seq.Seq use prelude.prelude.Snapshot + use prelude.prelude.Int + use seq.Seq use seq.Seq @@ -3977,14 +3188,12 @@ module M_creusot_contracts__stdqy35z1__iter__map_inv__qyi4413682431414748756__ne use seq.Seq - predicate produces'1 [@inline:trivial] [#"../../../creusot-contracts/src/std/iter/map_inv.rs" 40 4 40 67] (self : t_MapInv'0) (visited : Seq.seq t_B'0) (succ : t_MapInv'0) + predicate produces'1 [@inline:trivial] [#"../../../creusot-contracts/src/std/iter/map_inv.rs" 36 4 36 67] (self : t_MapInv'0) (visited : Seq.seq t_B'0) (succ : t_MapInv'0) = - [%#smap_inv28] unnest'0 self.t_MapInv__func'0 succ.t_MapInv__func'0 - /\ (exists fs : Seq.seq (borrowed t_F'0) . inv'12 fs - /\ Seq.length fs = Seq.length visited - /\ (exists s : Seq.seq t_Item'0 . inv'11 s - /\ Seq.length s = Seq.length visited + [%#smap_inv25] unnest'0 self.t_MapInv__func'0 succ.t_MapInv__func'0 + /\ (exists fs : Seq.seq (borrowed t_F'0) . Seq.length fs = Seq.length visited + /\ (exists s : Seq.seq t_Item'0 . Seq.length s = Seq.length visited /\ produces'0 self.t_MapInv__iter'0 s succ.t_MapInv__iter'0 /\ Snapshot.inner succ.t_MapInv__produced'0 = Seq.(++) (Snapshot.inner self.t_MapInv__produced'0) s /\ (forall i : int . 1 <= i /\ i < Seq.length fs -> (Seq.get fs (i - 1)).final = (Seq.get fs i).current) @@ -3999,47 +3208,49 @@ module M_creusot_contracts__stdqy35z1__iter__map_inv__qyi4413682431414748756__ne /\ precondition'0 (Seq.get fs i).current (Seq.get s i, Snapshot.new (Seq.(++) (Snapshot.inner self.t_MapInv__produced'0) (Seq.([..]) s 0 i))) /\ postcondition_mut'0 (Seq.get fs i).current (Seq.get s i, Snapshot.new (Seq.(++) (Snapshot.inner self.t_MapInv__produced'0) (Seq.([..]) s 0 i))) (Seq.get fs i).final (Seq.get visited i)))) - function produces_trans'0 [#"../../../creusot-contracts/src/std/iter/map_inv.rs" 35 4 35 90] (a : t_MapInv'0) (ab : Seq.seq t_B'0) (b : t_MapInv'0) (bc : Seq.seq t_B'0) (c : t_MapInv'0) : () + function produces_trans'0 [#"../../../creusot-contracts/src/std/iter/map_inv.rs" 31 4 31 90] (a : t_MapInv'0) (ab : Seq.seq t_B'0) (b : t_MapInv'0) (bc : Seq.seq t_B'0) (c : t_MapInv'0) : () = - [%#smap_inv39] () + [%#smap_inv32] () - axiom produces_trans'0_spec : forall a : t_MapInv'0, ab : Seq.seq t_B'0, b : t_MapInv'0, bc : Seq.seq t_B'0, c : t_MapInv'0 . ([%#smap_inv33] inv'9 a) - -> ([%#smap_inv34] inv'9 b) - -> ([%#smap_inv35] inv'9 c) - -> ([%#smap_inv36] produces'1 a ab b) - -> ([%#smap_inv37] produces'1 b bc c) -> ([%#smap_inv38] produces'1 a (Seq.(++) ab bc) c) + axiom produces_trans'0_spec : forall a : t_MapInv'0, ab : Seq.seq t_B'0, b : t_MapInv'0, bc : Seq.seq t_B'0, c : t_MapInv'0 . ([%#smap_inv29] produces'1 a ab b) + -> ([%#smap_inv30] produces'1 b bc c) -> ([%#smap_inv31] produces'1 a (Seq.(++) ab bc) c) - function produces_refl'0 [#"../../../creusot-contracts/src/std/iter/map_inv.rs" 25 4 25 26] (self : t_MapInv'0) : () = - [%#smap_inv32] () + function produces_refl'0 [#"../../../creusot-contracts/src/std/iter/map_inv.rs" 24 4 24 26] (self : t_MapInv'0) : () = + [%#smap_inv28] () - axiom produces_refl'0_spec : forall self : t_MapInv'0 . ([%#smap_inv30] inv'9 self) - -> ([%#smap_inv31] produces'1 self (Seq.empty : Seq.seq t_B'0) self) + axiom produces_refl'0_spec : forall self : t_MapInv'0 . [%#smap_inv27] produces'1 self (Seq.empty : Seq.seq t_B'0) self - predicate produces_one'0 [#"../../../creusot-contracts/src/std/iter/map_inv.rs" 192 4 192 57] (self : t_MapInv'0) (visited : t_B'0) (succ : t_MapInv'0) + predicate produces_one'0 [#"../../../creusot-contracts/src/std/iter/map_inv.rs" 180 4 180 57] (self : t_MapInv'0) (visited : t_B'0) (succ : t_MapInv'0) = - [%#smap_inv23] exists f : borrowed t_F'0, e : t_Item'0 . inv'6 f - /\ inv'10 e - /\ f.current = self.t_MapInv__func'0 + [%#smap_inv19] exists f : borrowed t_F'0, e : t_Item'0 . f.current = self.t_MapInv__func'0 /\ f.final = succ.t_MapInv__func'0 /\ produces'0 self.t_MapInv__iter'0 (Seq.singleton e) succ.t_MapInv__iter'0 /\ Snapshot.inner succ.t_MapInv__produced'0 = Seq.snoc (Snapshot.inner self.t_MapInv__produced'0) e /\ precondition'0 f.current (e, self.t_MapInv__produced'0) /\ postcondition_mut'0 f.current (e, self.t_MapInv__produced'0) f.final visited - axiom produces_one'0_spec : forall self : t_MapInv'0, visited : t_B'0, succ : t_MapInv'0 . [%#smap_inv22] produces_one'0 self visited succ + axiom produces_one'0_spec : forall self : t_MapInv'0, visited : t_B'0, succ : t_MapInv'0 . [%#smap_inv18] produces_one'0 self visited succ = produces'1 self (Seq.singleton visited) succ - predicate invariant'0 [#"../../../creusot-contracts/src/invariant.rs" 33 4 33 30] (self : borrowed (t_MapInv'0)) = - [%#sinvariant56] inv'9 self.current /\ inv'9 self.final + predicate inv'10 [#"../../../creusot-contracts/src/invariant.rs" 41 0 41 35] (_1 : t_MapInv'0) + + axiom inv_axiom'6 [@rewrite] : forall x : t_MapInv'0 [inv'10 x] . inv'10 x + = (invariant'0 x + /\ match x with + | {t_MapInv__iter'0 = iter ; t_MapInv__func'0 = func ; t_MapInv__produced'0 = produced} -> inv'0 iter /\ inv'1 func + end) + + predicate invariant'1 [#"../../../creusot-contracts/src/invariant.rs" 33 4 33 30] (self : borrowed (t_MapInv'0)) = + [%#sinvariant46] inv'10 self.current /\ inv'10 self.final predicate inv'2 [#"../../../creusot-contracts/src/invariant.rs" 41 0 41 35] (_1 : borrowed (t_MapInv'0)) - axiom inv_axiom'0 [@rewrite] : forall x : borrowed (t_MapInv'0) [inv'2 x] . inv'2 x = invariant'0 x + axiom inv_axiom'0 [@rewrite] : forall x : borrowed (t_MapInv'0) [inv'2 x] . inv'2 x = invariant'1 x predicate resolve'1 [#"../../../creusot-contracts/src/resolve.rs" 53 4 53 28] (self : borrowed (t_MapInv'0)) = - [%#sresolve29] self.final = self.current + [%#sresolve26] self.final = self.current predicate resolve'0 [#"../../../creusot-contracts/src/resolve.rs" 19 0 19 40] (_1 : borrowed (t_MapInv'0)) = resolve'1 _1 @@ -4065,7 +3276,7 @@ module M_creusot_contracts__stdqy35z1__iter__map_inv__qyi4413682431414748756__ne predicate completed'0 [#"../../../creusot-contracts/src/std/iter/map_inv.rs" 14 4 14 35] (self : borrowed (t_MapInv'0)) = - [%#smap_inv24] Snapshot.inner (self.final).t_MapInv__produced'0 = (Seq.empty : Seq.seq t_Item'0) + [%#smap_inv20] Snapshot.inner (self.final).t_MapInv__produced'0 = (Seq.empty : Seq.seq t_Item'0) /\ completed'1 (Borrow.borrow_logic (self.current).t_MapInv__iter'0 (self.final).t_MapInv__iter'0 (Borrow.inherit_id (Borrow.get_id self) 1)) /\ (self.current).t_MapInv__func'0 = (self.final).t_MapInv__func'0 @@ -4162,10 +3373,10 @@ module M_creusot_contracts__stdqy35z1__iter__map_inv__qyi4413682431414748756__ne (! return' {result}) ] end -module M_creusot_contracts__stdqy35z1__iter__map_inv__qyi4899712594723907874__preservation_inv [#"../../../creusot-contracts/src/std/iter/map_inv.rs" 131 4 131 73] (* std::iter::map_inv::MapInv::Item, F> *) - let%span smap_inv0 = "../../../creusot-contracts/src/std/iter/map_inv.rs" 130 14 130 81 - let%span smap_inv1 = "../../../creusot-contracts/src/std/iter/map_inv.rs" 133 12 138 88 - let%span smap_inv2 = "../../../creusot-contracts/src/std/iter/map_inv.rs" 146 12 151 71 +module M_creusot_contracts__stdqy35z1__iter__map_inv__qyi4899712594723907874__preservation_inv [#"../../../creusot-contracts/src/std/iter/map_inv.rs" 125 4 125 73] (* std::iter::map_inv::MapInv::Item, F> *) + let%span smap_inv0 = "../../../creusot-contracts/src/std/iter/map_inv.rs" 124 14 124 81 + let%span smap_inv1 = "../../../creusot-contracts/src/std/iter/map_inv.rs" 127 12 132 88 + let%span smap_inv2 = "../../../creusot-contracts/src/std/iter/map_inv.rs" 140 12 145 71 let%span sops3 = "../../../creusot-contracts/src/std/ops.rs" 109 15 109 59 let%span sops4 = "../../../creusot-contracts/src/std/ops.rs" 110 14 110 36 let%span sops5 = "../../../creusot-contracts/src/std/ops.rs" 115 14 115 31 @@ -4173,17 +3384,10 @@ module M_creusot_contracts__stdqy35z1__iter__map_inv__qyi4899712594723907874__pr let%span sops7 = "../../../creusot-contracts/src/std/ops.rs" 121 15 121 26 let%span sops8 = "../../../creusot-contracts/src/std/ops.rs" 122 14 122 28 let%span sops9 = "../../../creusot-contracts/src/std/ops.rs" 127 14 128 105 - let%span siter10 = "../../../creusot-contracts/src/std/iter.rs" 38 15 38 24 - let%span siter11 = "../../../creusot-contracts/src/std/iter.rs" 39 14 39 45 - let%span siter12 = "../../../creusot-contracts/src/std/iter.rs" 43 15 43 21 - let%span siter13 = "../../../creusot-contracts/src/std/iter.rs" 44 15 44 21 - let%span siter14 = "../../../creusot-contracts/src/std/iter.rs" 45 15 45 21 - let%span siter15 = "../../../creusot-contracts/src/std/iter.rs" 46 15 46 32 - let%span siter16 = "../../../creusot-contracts/src/std/iter.rs" 47 15 47 32 - let%span siter17 = "../../../creusot-contracts/src/std/iter.rs" 48 14 48 42 - let%span sseq18 = "../../../creusot-contracts/src/logic/seq.rs" 611 20 611 95 - let%span sinvariant19 = "../../../creusot-contracts/src/invariant.rs" 34 20 34 44 - let%span sboxed20 = "../../../creusot-contracts/src/std/boxed.rs" 28 8 28 18 + let%span siter10 = "../../../creusot-contracts/src/std/iter.rs" 38 14 38 45 + let%span siter11 = "../../../creusot-contracts/src/std/iter.rs" 42 15 42 32 + let%span siter12 = "../../../creusot-contracts/src/std/iter.rs" 43 15 43 32 + let%span siter13 = "../../../creusot-contracts/src/std/iter.rs" 44 14 44 42 use seq.Seq @@ -4199,41 +3403,6 @@ module M_creusot_contracts__stdqy35z1__iter__map_inv__qyi4899712594723907874__pr type t_B'0 - use prelude.prelude.Int - - use seq.Seq - - use seq.Seq - - predicate inv'1 [#"../../../creusot-contracts/src/invariant.rs" 41 0 41 35] (_1 : t_Item'0) - - predicate invariant'2 [#"../../../creusot-contracts/src/std/boxed.rs" 27 4 27 30] (self : t_Item'0) = - [%#sboxed20] inv'1 self - - predicate inv'5 [#"../../../creusot-contracts/src/invariant.rs" 41 0 41 35] (_1 : t_Item'0) - - axiom inv_axiom'2 [@rewrite] : forall x : t_Item'0 [inv'5 x] . inv'5 x = invariant'2 x - - predicate invariant'0 [#"../../../creusot-contracts/src/logic/seq.rs" 610 4 610 30] (self : Seq.seq t_Item'0) = - [%#sseq18] forall i : int . 0 <= i /\ i < Seq.length self -> inv'5 (Seq.get self i) - - predicate inv'0 [#"../../../creusot-contracts/src/invariant.rs" 41 0 41 35] (_1 : Seq.seq t_Item'0) - - axiom inv_axiom'0 [@rewrite] : forall x : Seq.seq t_Item'0 [inv'0 x] . inv'0 x = invariant'0 x - - predicate inv'6 [#"../../../creusot-contracts/src/invariant.rs" 41 0 41 35] (_1 : t_F'0) - - predicate invariant'1 [#"../../../creusot-contracts/src/invariant.rs" 33 4 33 30] (self : borrowed t_F'0) = - [%#sinvariant19] inv'6 self.current /\ inv'6 self.final - - predicate inv'2 [#"../../../creusot-contracts/src/invariant.rs" 41 0 41 35] (_1 : borrowed t_F'0) - - axiom inv_axiom'1 [@rewrite] : forall x : borrowed t_F'0 [inv'2 x] . inv'2 x = invariant'1 x - - predicate inv'3 [#"../../../creusot-contracts/src/invariant.rs" 41 0 41 35] (_1 : t_B'0) - - predicate inv'4 [#"../../../creusot-contracts/src/invariant.rs" 41 0 41 35] (_1 : t_I'0) - use prelude.prelude.Snapshot predicate postcondition_once'0 [#"../../../creusot-contracts/src/std/ops.rs" 85 4 85 73] (self : t_F'0) (args : (t_Item'0, Snapshot.snap_ty (Seq.seq t_Item'0))) (result : t_B'0) @@ -4275,30 +3444,25 @@ module M_creusot_contracts__stdqy35z1__iter__map_inv__qyi4899712594723907874__pr predicate produces'0 [#"../../../creusot-contracts/src/std/iter.rs" 32 4 32 65] (self : t_I'0) (visited : Seq.seq t_Item'0) (o : t_I'0) - function produces_trans'0 [#"../../../creusot-contracts/src/std/iter.rs" 49 4 49 91] (a : t_I'0) (ab : Seq.seq t_Item'0) (b : t_I'0) (bc : Seq.seq t_Item'0) (c : t_I'0) : () + function produces_trans'0 [#"../../../creusot-contracts/src/std/iter.rs" 45 4 45 91] (a : t_I'0) (ab : Seq.seq t_Item'0) (b : t_I'0) (bc : Seq.seq t_Item'0) (c : t_I'0) : () - axiom produces_trans'0_spec : forall a : t_I'0, ab : Seq.seq t_Item'0, b : t_I'0, bc : Seq.seq t_Item'0, c : t_I'0 . ([%#siter12] inv'4 a) - -> ([%#siter13] inv'4 b) - -> ([%#siter14] inv'4 c) - -> ([%#siter15] produces'0 a ab b) - -> ([%#siter16] produces'0 b bc c) -> ([%#siter17] produces'0 a (Seq.(++) ab bc) c) + axiom produces_trans'0_spec : forall a : t_I'0, ab : Seq.seq t_Item'0, b : t_I'0, bc : Seq.seq t_Item'0, c : t_I'0 . ([%#siter11] produces'0 a ab b) + -> ([%#siter12] produces'0 b bc c) -> ([%#siter13] produces'0 a (Seq.(++) ab bc) c) - function produces_refl'0 [#"../../../creusot-contracts/src/std/iter.rs" 40 4 40 27] (self : t_I'0) : () + function produces_refl'0 [#"../../../creusot-contracts/src/std/iter.rs" 39 4 39 27] (self : t_I'0) : () - axiom produces_refl'0_spec : forall self : t_I'0 . ([%#siter10] inv'4 self) - -> ([%#siter11] produces'0 self (Seq.empty : Seq.seq t_Item'0) self) + axiom produces_refl'0_spec : forall self : t_I'0 . [%#siter10] produces'0 self (Seq.empty : Seq.seq t_Item'0) self use prelude.prelude.Snapshot predicate precondition'0 [#"../../../creusot-contracts/src/std/ops.rs" 77 4 77 45] (self : t_F'0) (args : (t_Item'0, Snapshot.snap_ty (Seq.seq t_Item'0))) - predicate preservation'0 [#"../../../creusot-contracts/src/std/iter/map_inv.rs" 144 4 144 49] (iter : t_I'0) (func : t_F'0) + predicate preservation'0 [#"../../../creusot-contracts/src/std/iter/map_inv.rs" 138 4 138 49] (iter : t_I'0) (func : t_F'0) = - [%#smap_inv2] forall s : Seq.seq t_Item'0, e1 : t_Item'0, e2 : t_Item'0, f : borrowed t_F'0, b : t_B'0, i : t_I'0 . inv'0 s - /\ inv'1 e1 /\ inv'1 e2 /\ inv'2 f /\ inv'3 b /\ inv'4 i /\ unnest'0 func f.current + [%#smap_inv2] forall s : Seq.seq t_Item'0, e1 : t_Item'0, e2 : t_Item'0, f : borrowed t_F'0, b : t_B'0, i : t_I'0 . unnest'0 func f.current -> produces'0 iter (Seq.snoc (Seq.snoc s e1) e2) i -> precondition'0 f.current (e1, Snapshot.new s) -> postcondition_mut'0 f.current (e1, Snapshot.new s) f.final b @@ -4310,56 +3474,40 @@ module M_creusot_contracts__stdqy35z1__iter__map_inv__qyi4899712594723907874__pr constant produced : Seq.seq t_Item'0 - predicate preservation_inv'0 [#"../../../creusot-contracts/src/std/iter/map_inv.rs" 131 4 131 73] (iter : t_I'0) (func : t_F'0) (produced : Seq.seq t_Item'0) + predicate preservation_inv'0 [#"../../../creusot-contracts/src/std/iter/map_inv.rs" 125 4 125 73] (iter : t_I'0) (func : t_F'0) (produced : Seq.seq t_Item'0) goal vc_preservation_inv'0 : [%#smap_inv0] produced = (Seq.empty : Seq.seq t_Item'0) - -> ([%#smap_inv1] forall s : Seq.seq t_Item'0, e1 : t_Item'0, e2 : t_Item'0, f : borrowed t_F'0, b : t_B'0, i : t_I'0 . inv'0 s - /\ inv'1 e1 /\ inv'1 e2 /\ inv'2 f /\ inv'3 b /\ inv'4 i /\ unnest'0 func f.current + -> ([%#smap_inv1] forall s : Seq.seq t_Item'0, e1 : t_Item'0, e2 : t_Item'0, f : borrowed t_F'0, b : t_B'0, i : t_I'0 . unnest'0 func f.current -> produces'0 iter (Seq.snoc (Seq.snoc s e1) e2) i -> precondition'0 f.current (e1, Snapshot.new (Seq.(++) produced s)) -> postcondition_mut'0 f.current (e1, Snapshot.new (Seq.(++) produced s)) f.final b -> precondition'0 f.final (e2, Snapshot.new (Seq.snoc (Seq.(++) produced s) e1))) = preservation'0 iter func end -module M_creusot_contracts__stdqy35z1__iter__map_inv__qyi4899712594723907874__produces_one [#"../../../creusot-contracts/src/std/iter/map_inv.rs" 192 4 192 57] (* std::iter::map_inv::MapInv::Item, F> *) - let%span smap_inv0 = "../../../creusot-contracts/src/std/iter/map_inv.rs" 191 14 191 68 - let%span smap_inv1 = "../../../creusot-contracts/src/std/iter/map_inv.rs" 194 12 199 74 - let%span smap_inv2 = "../../../creusot-contracts/src/std/iter/map_inv.rs" 41 8 54 9 - let%span smap_inv3 = "../../../creusot-contracts/src/std/iter/map_inv.rs" 23 15 23 24 - let%span smap_inv4 = "../../../creusot-contracts/src/std/iter/map_inv.rs" 24 14 24 45 - let%span smap_inv5 = "../../../creusot-contracts/src/std/iter/map_inv.rs" 21 4 21 10 - let%span smap_inv6 = "../../../creusot-contracts/src/std/iter/map_inv.rs" 29 15 29 21 - let%span smap_inv7 = "../../../creusot-contracts/src/std/iter/map_inv.rs" 30 15 30 21 - let%span smap_inv8 = "../../../creusot-contracts/src/std/iter/map_inv.rs" 31 15 31 21 - let%span smap_inv9 = "../../../creusot-contracts/src/std/iter/map_inv.rs" 32 15 32 32 - let%span smap_inv10 = "../../../creusot-contracts/src/std/iter/map_inv.rs" 33 15 33 32 - let%span smap_inv11 = "../../../creusot-contracts/src/std/iter/map_inv.rs" 34 14 34 42 - let%span smap_inv12 = "../../../creusot-contracts/src/std/iter/map_inv.rs" 27 4 27 10 - let%span siter13 = "../../../creusot-contracts/src/std/iter.rs" 38 15 38 24 - let%span siter14 = "../../../creusot-contracts/src/std/iter.rs" 39 14 39 45 - let%span siter15 = "../../../creusot-contracts/src/std/iter.rs" 43 15 43 21 - let%span siter16 = "../../../creusot-contracts/src/std/iter.rs" 44 15 44 21 - let%span siter17 = "../../../creusot-contracts/src/std/iter.rs" 45 15 45 21 - let%span siter18 = "../../../creusot-contracts/src/std/iter.rs" 46 15 46 32 - let%span siter19 = "../../../creusot-contracts/src/std/iter.rs" 47 15 47 32 - let%span siter20 = "../../../creusot-contracts/src/std/iter.rs" 48 14 48 42 - let%span sops21 = "../../../creusot-contracts/src/std/ops.rs" 109 15 109 59 - let%span sops22 = "../../../creusot-contracts/src/std/ops.rs" 110 14 110 36 - let%span sops23 = "../../../creusot-contracts/src/std/ops.rs" 115 14 115 31 - let%span sops24 = "../../../creusot-contracts/src/std/ops.rs" 120 15 120 29 - let%span sops25 = "../../../creusot-contracts/src/std/ops.rs" 121 15 121 26 - let%span sops26 = "../../../creusot-contracts/src/std/ops.rs" 122 14 122 28 - let%span sops27 = "../../../creusot-contracts/src/std/ops.rs" 127 14 128 105 - let%span sinvariant28 = "../../../creusot-contracts/src/invariant.rs" 34 20 34 44 - let%span sseq29 = "../../../creusot-contracts/src/logic/seq.rs" 611 20 611 95 - let%span smap_inv30 = "../../../creusot-contracts/src/std/iter/map_inv.rs" 80 12 82 73 - let%span smap_inv31 = "../../../creusot-contracts/src/std/iter/map_inv.rs" 159 12 163 47 - let%span smap_inv32 = "../../../creusot-contracts/src/std/iter/map_inv.rs" 130 14 130 81 - let%span smap_inv33 = "../../../creusot-contracts/src/std/iter/map_inv.rs" 133 12 138 88 - let%span smap_inv34 = "../../../creusot-contracts/src/std/iter/map_inv.rs" 123 12 125 63 - let%span smap_inv35 = "../../../creusot-contracts/src/std/iter/map_inv.rs" 146 12 151 71 - let%span sboxed36 = "../../../creusot-contracts/src/std/boxed.rs" 28 8 28 18 +module M_creusot_contracts__stdqy35z1__iter__map_inv__qyi4899712594723907874__produces_one [#"../../../creusot-contracts/src/std/iter/map_inv.rs" 180 4 180 57] (* std::iter::map_inv::MapInv::Item, F> *) + let%span smap_inv0 = "../../../creusot-contracts/src/std/iter/map_inv.rs" 179 14 179 68 + let%span smap_inv1 = "../../../creusot-contracts/src/std/iter/map_inv.rs" 182 12 187 74 + let%span smap_inv2 = "../../../creusot-contracts/src/std/iter/map_inv.rs" 37 8 49 9 + let%span smap_inv3 = "../../../creusot-contracts/src/std/iter/map_inv.rs" 23 14 23 45 + let%span smap_inv4 = "../../../creusot-contracts/src/std/iter/map_inv.rs" 21 4 21 10 + let%span smap_inv5 = "../../../creusot-contracts/src/std/iter/map_inv.rs" 28 15 28 32 + let%span smap_inv6 = "../../../creusot-contracts/src/std/iter/map_inv.rs" 29 15 29 32 + let%span smap_inv7 = "../../../creusot-contracts/src/std/iter/map_inv.rs" 30 14 30 42 + let%span smap_inv8 = "../../../creusot-contracts/src/std/iter/map_inv.rs" 26 4 26 10 + let%span siter9 = "../../../creusot-contracts/src/std/iter.rs" 38 14 38 45 + let%span siter10 = "../../../creusot-contracts/src/std/iter.rs" 42 15 42 32 + let%span siter11 = "../../../creusot-contracts/src/std/iter.rs" 43 15 43 32 + let%span siter12 = "../../../creusot-contracts/src/std/iter.rs" 44 14 44 42 + let%span sops13 = "../../../creusot-contracts/src/std/ops.rs" 109 15 109 59 + let%span sops14 = "../../../creusot-contracts/src/std/ops.rs" 110 14 110 36 + let%span sops15 = "../../../creusot-contracts/src/std/ops.rs" 115 14 115 31 + let%span sops16 = "../../../creusot-contracts/src/std/ops.rs" 120 15 120 29 + let%span sops17 = "../../../creusot-contracts/src/std/ops.rs" 121 15 121 26 + let%span sops18 = "../../../creusot-contracts/src/std/ops.rs" 122 14 122 28 + let%span sops19 = "../../../creusot-contracts/src/std/ops.rs" 127 14 128 105 + + use seq.Seq use seq.Seq @@ -4376,91 +3524,17 @@ module M_creusot_contracts__stdqy35z1__iter__map_inv__qyi4899712594723907874__pr type t_MapInv'0 = { t_MapInv__iter'0: t_I'0; t_MapInv__func'0: t_F'0; t_MapInv__produced'0: Snapshot.snap_ty (Seq.seq t_Item'0) } - use prelude.prelude.Borrow - - predicate inv'5 [#"../../../creusot-contracts/src/invariant.rs" 41 0 41 35] (_1 : t_I'0) - - predicate invariant'6 [#"../../../creusot-contracts/src/invariant.rs" 33 4 33 30] (self : borrowed t_I'0) = - [%#sinvariant28] inv'5 self.current /\ inv'5 self.final - - predicate inv'9 [#"../../../creusot-contracts/src/invariant.rs" 41 0 41 35] (_1 : borrowed t_I'0) - - axiom inv_axiom'6 [@rewrite] : forall x : borrowed t_I'0 [inv'9 x] . inv'9 x = invariant'6 x - - predicate inv'6 [#"../../../creusot-contracts/src/invariant.rs" 41 0 41 35] (_1 : t_F'0) - - use seq.Seq - - use seq.Seq - - predicate produces'1 [#"../../../creusot-contracts/src/std/iter.rs" 32 4 32 65] (self : t_I'0) (visited : Seq.seq t_Item'0) (o : t_I'0) - - - function produces_trans'1 [#"../../../creusot-contracts/src/std/iter.rs" 49 4 49 91] (a : t_I'0) (ab : Seq.seq t_Item'0) (b : t_I'0) (bc : Seq.seq t_Item'0) (c : t_I'0) : () - - - axiom produces_trans'1_spec : forall a : t_I'0, ab : Seq.seq t_Item'0, b : t_I'0, bc : Seq.seq t_Item'0, c : t_I'0 . ([%#siter15] inv'5 a) - -> ([%#siter16] inv'5 b) - -> ([%#siter17] inv'5 c) - -> ([%#siter18] produces'1 a ab b) - -> ([%#siter19] produces'1 b bc c) -> ([%#siter20] produces'1 a (Seq.(++) ab bc) c) - - function produces_refl'1 [#"../../../creusot-contracts/src/std/iter.rs" 40 4 40 27] (self : t_I'0) : () - - axiom produces_refl'1_spec : forall self : t_I'0 . ([%#siter13] inv'5 self) - -> ([%#siter14] produces'1 self (Seq.empty : Seq.seq t_Item'0) self) - - predicate completed'0 [#"../../../creusot-contracts/src/std/iter.rs" 35 4 35 36] (self : borrowed t_I'0) - - predicate inv'1 [#"../../../creusot-contracts/src/invariant.rs" 41 0 41 35] (_1 : t_Item'0) - - use seq.Seq - - use prelude.prelude.Snapshot - - predicate precondition'0 [#"../../../creusot-contracts/src/std/ops.rs" 77 4 77 45] (self : t_F'0) (args : (t_Item'0, Snapshot.snap_ty (Seq.seq t_Item'0))) - - - predicate next_precondition'0 [#"../../../creusot-contracts/src/std/iter/map_inv.rs" 121 4 121 78] (iter : t_I'0) (func : t_F'0) (produced : Seq.seq t_Item'0) - - = - [%#smap_inv34] forall e : t_Item'0, i : t_I'0 . inv'1 e /\ inv'5 i /\ produces'1 iter (Seq.singleton e) i - -> precondition'0 func (e, Snapshot.new produced) - type t_B'0 - use prelude.prelude.Int - use seq.Seq use seq.Seq - predicate invariant'5 [#"../../../creusot-contracts/src/std/boxed.rs" 27 4 27 30] (self : t_Item'0) = - [%#sboxed36] inv'1 self - - predicate inv'8 [#"../../../creusot-contracts/src/invariant.rs" 41 0 41 35] (_1 : t_Item'0) - - axiom inv_axiom'5 [@rewrite] : forall x : t_Item'0 [inv'8 x] . inv'8 x = invariant'5 x - - predicate invariant'2 [#"../../../creusot-contracts/src/logic/seq.rs" 610 4 610 30] (self : Seq.seq t_Item'0) = - [%#sseq29] forall i : int . 0 <= i /\ i < Seq.length self -> inv'8 (Seq.get self i) - - predicate inv'3 [#"../../../creusot-contracts/src/invariant.rs" 41 0 41 35] (_1 : Seq.seq t_Item'0) - - axiom inv_axiom'2 [@rewrite] : forall x : Seq.seq t_Item'0 [inv'3 x] . inv'3 x = invariant'2 x - - predicate invariant'0 [#"../../../creusot-contracts/src/invariant.rs" 33 4 33 30] (self : borrowed t_F'0) = - [%#sinvariant28] inv'6 self.current /\ inv'6 self.final - - predicate inv'0 [#"../../../creusot-contracts/src/invariant.rs" 41 0 41 35] (_1 : borrowed t_F'0) - - axiom inv_axiom'0 [@rewrite] : forall x : borrowed t_F'0 [inv'0 x] . inv'0 x = invariant'0 x - - predicate inv'10 [#"../../../creusot-contracts/src/invariant.rs" 41 0 41 35] (_1 : t_B'0) - predicate postcondition_once'0 [#"../../../creusot-contracts/src/std/ops.rs" 85 4 85 73] (self : t_F'0) (args : (t_Item'0, Snapshot.snap_ty (Seq.seq t_Item'0))) (result : t_B'0) + use prelude.prelude.Borrow + predicate resolve'0 [#"../../../creusot-contracts/src/resolve.rs" 19 0 19 40] (_1 : t_F'0) predicate postcondition_mut'0 [#"../../../creusot-contracts/src/std/ops.rs" 95 4 95 92] (self : t_F'0) (args : (t_Item'0, Snapshot.snap_ty (Seq.seq t_Item'0))) (result_state : t_F'0) (result : t_B'0) @@ -4469,7 +3543,7 @@ module M_creusot_contracts__stdqy35z1__iter__map_inv__qyi4899712594723907874__pr function fn_mut_once'0 [#"../../../creusot-contracts/src/std/ops.rs" 129 4 129 55] (self : t_F'0) (args : (t_Item'0, Snapshot.snap_ty (Seq.seq t_Item'0))) (res : t_B'0) : () - axiom fn_mut_once'0_spec : forall self : t_F'0, args : (t_Item'0, Snapshot.snap_ty (Seq.seq t_Item'0)), res : t_B'0 . [%#sops27] postcondition_once'0 self args res + axiom fn_mut_once'0_spec : forall self : t_F'0, args : (t_Item'0, Snapshot.snap_ty (Seq.seq t_Item'0)), res : t_B'0 . [%#sops19] postcondition_once'0 self args res = (exists res_state : t_F'0 . postcondition_mut'0 self args res_state res /\ resolve'0 res_state) predicate unnest'0 [#"../../../creusot-contracts/src/std/ops.rs" 103 4 103 36] (self : t_F'0) (_2 : t_F'0) @@ -4477,63 +3551,18 @@ module M_creusot_contracts__stdqy35z1__iter__map_inv__qyi4899712594723907874__pr function unnest_trans'0 [#"../../../creusot-contracts/src/std/ops.rs" 123 4 123 43] (self : t_F'0) (b : t_F'0) (c : t_F'0) : () - axiom unnest_trans'0_spec : forall self : t_F'0, b : t_F'0, c : t_F'0 . ([%#sops24] unnest'0 self b) - -> ([%#sops25] unnest'0 b c) -> ([%#sops26] unnest'0 self c) + axiom unnest_trans'0_spec : forall self : t_F'0, b : t_F'0, c : t_F'0 . ([%#sops16] unnest'0 self b) + -> ([%#sops17] unnest'0 b c) -> ([%#sops18] unnest'0 self c) function unnest_refl'0 [#"../../../creusot-contracts/src/std/ops.rs" 116 4 116 24] (self : t_F'0) : () - axiom unnest_refl'0_spec : forall self : t_F'0 . [%#sops23] unnest'0 self self + axiom unnest_refl'0_spec : forall self : t_F'0 . [%#sops15] unnest'0 self self function postcondition_mut_unnest'0 [#"../../../creusot-contracts/src/std/ops.rs" 111 4 111 85] (self : t_F'0) (args : (t_Item'0, Snapshot.snap_ty (Seq.seq t_Item'0))) (res_state : t_F'0) (res : t_B'0) : () - axiom postcondition_mut_unnest'0_spec : forall self : t_F'0, args : (t_Item'0, Snapshot.snap_ty (Seq.seq t_Item'0)), res_state : t_F'0, res : t_B'0 . ([%#sops21] postcondition_mut'0 self args res_state res) - -> ([%#sops22] unnest'0 self res_state) - - use seq.Seq - - predicate preservation'0 [#"../../../creusot-contracts/src/std/iter/map_inv.rs" 144 4 144 49] (iter : t_I'0) (func : t_F'0) - - = - [%#smap_inv35] forall s : Seq.seq t_Item'0, e1 : t_Item'0, e2 : t_Item'0, f : borrowed t_F'0, b : t_B'0, i : t_I'0 . inv'3 s - /\ inv'1 e1 /\ inv'1 e2 /\ inv'0 f /\ inv'10 b /\ inv'5 i /\ unnest'0 func f.current - -> produces'1 iter (Seq.snoc (Seq.snoc s e1) e2) i - -> precondition'0 f.current (e1, Snapshot.new s) - -> postcondition_mut'0 f.current (e1, Snapshot.new s) f.final b - -> precondition'0 f.final (e2, Snapshot.new (Seq.snoc s e1)) - - predicate reinitialize'0 [#"../../../creusot-contracts/src/std/iter/map_inv.rs" 157 4 157 33] (_1 : ()) = - [%#smap_inv31] forall iter : borrowed t_I'0, func : t_F'0 . inv'9 iter /\ inv'6 func - -> completed'0 iter - -> next_precondition'0 iter.final func (Seq.empty : Seq.seq t_Item'0) /\ preservation'0 iter.final func - - use prelude.prelude.Snapshot - - predicate preservation_inv'0 [#"../../../creusot-contracts/src/std/iter/map_inv.rs" 131 4 131 73] (iter : t_I'0) (func : t_F'0) (produced : Seq.seq t_Item'0) - - = - [%#smap_inv33] forall s : Seq.seq t_Item'0, e1 : t_Item'0, e2 : t_Item'0, f : borrowed t_F'0, b : t_B'0, i : t_I'0 . inv'3 s - /\ inv'1 e1 /\ inv'1 e2 /\ inv'0 f /\ inv'10 b /\ inv'5 i /\ unnest'0 func f.current - -> produces'1 iter (Seq.snoc (Seq.snoc s e1) e2) i - -> precondition'0 f.current (e1, Snapshot.new (Seq.(++) produced s)) - -> postcondition_mut'0 f.current (e1, Snapshot.new (Seq.(++) produced s)) f.final b - -> precondition'0 f.final (e2, Snapshot.new (Seq.snoc (Seq.(++) produced s) e1)) - - axiom preservation_inv'0_spec : forall iter : t_I'0, func : t_F'0, produced : Seq.seq t_Item'0 . [%#smap_inv32] produced - = (Seq.empty : Seq.seq t_Item'0) -> preservation_inv'0 iter func produced = preservation'0 iter func - - predicate invariant'3 [#"../../../creusot-contracts/src/std/iter/map_inv.rs" 78 4 78 30] (self : t_MapInv'0) = - [%#smap_inv30] reinitialize'0 () - /\ preservation_inv'0 self.t_MapInv__iter'0 self.t_MapInv__func'0 (Snapshot.inner self.t_MapInv__produced'0) - /\ next_precondition'0 self.t_MapInv__iter'0 self.t_MapInv__func'0 (Snapshot.inner self.t_MapInv__produced'0) - - predicate inv'4 [#"../../../creusot-contracts/src/invariant.rs" 41 0 41 35] (_1 : t_MapInv'0) - - axiom inv_axiom'3 [@rewrite] : forall x : t_MapInv'0 [inv'4 x] . inv'4 x - = (invariant'3 x - /\ match x with - | {t_MapInv__iter'0 = iter ; t_MapInv__func'0 = func ; t_MapInv__produced'0 = produced} -> inv'5 iter /\ inv'6 func - end) + axiom postcondition_mut_unnest'0_spec : forall self : t_F'0, args : (t_Item'0, Snapshot.snap_ty (Seq.seq t_Item'0)), res_state : t_F'0, res : t_B'0 . ([%#sops13] postcondition_mut'0 self args res_state res) + -> ([%#sops14] unnest'0 self res_state) use seq.Seq @@ -4547,41 +3576,44 @@ module M_creusot_contracts__stdqy35z1__iter__map_inv__qyi4899712594723907874__pr use seq.Seq - predicate invariant'4 [#"../../../creusot-contracts/src/std/boxed.rs" 27 4 27 30] (self : borrowed t_F'0) = - [%#sboxed36] inv'0 self - - predicate inv'7 [#"../../../creusot-contracts/src/invariant.rs" 41 0 41 35] (_1 : borrowed t_F'0) + predicate produces'1 [#"../../../creusot-contracts/src/std/iter.rs" 32 4 32 65] (self : t_I'0) (visited : Seq.seq t_Item'0) (o : t_I'0) + - axiom inv_axiom'4 [@rewrite] : forall x : borrowed t_F'0 [inv'7 x] . inv'7 x = invariant'4 x + function produces_trans'1 [#"../../../creusot-contracts/src/std/iter.rs" 45 4 45 91] (a : t_I'0) (ab : Seq.seq t_Item'0) (b : t_I'0) (bc : Seq.seq t_Item'0) (c : t_I'0) : () + - predicate invariant'1 [#"../../../creusot-contracts/src/logic/seq.rs" 610 4 610 30] (self : Seq.seq (borrowed t_F'0)) - = - [%#sseq29] forall i : int . 0 <= i /\ i < Seq.length self -> inv'7 (Seq.get self i) + axiom produces_trans'1_spec : forall a : t_I'0, ab : Seq.seq t_Item'0, b : t_I'0, bc : Seq.seq t_Item'0, c : t_I'0 . ([%#siter10] produces'1 a ab b) + -> ([%#siter11] produces'1 b bc c) -> ([%#siter12] produces'1 a (Seq.(++) ab bc) c) - predicate inv'2 [#"../../../creusot-contracts/src/invariant.rs" 41 0 41 35] (_1 : Seq.seq (borrowed t_F'0)) + function produces_refl'1 [#"../../../creusot-contracts/src/std/iter.rs" 39 4 39 27] (self : t_I'0) : () - axiom inv_axiom'1 [@rewrite] : forall x : Seq.seq (borrowed t_F'0) [inv'2 x] . inv'2 x = invariant'1 x + axiom produces_refl'1_spec : forall self : t_I'0 . [%#siter9] produces'1 self (Seq.empty : Seq.seq t_Item'0) self - use seq.Seq + use prelude.prelude.Snapshot use prelude.prelude.Snapshot + use prelude.prelude.Int + use seq.Seq use seq.Seq use seq.Seq + use prelude.prelude.Snapshot + + predicate precondition'0 [#"../../../creusot-contracts/src/std/ops.rs" 77 4 77 45] (self : t_F'0) (args : (t_Item'0, Snapshot.snap_ty (Seq.seq t_Item'0))) + + use seq.Seq - predicate produces'0 [@inline:trivial] [#"../../../creusot-contracts/src/std/iter/map_inv.rs" 40 4 40 67] (self : t_MapInv'0) (visited : Seq.seq t_B'0) (succ : t_MapInv'0) + predicate produces'0 [@inline:trivial] [#"../../../creusot-contracts/src/std/iter/map_inv.rs" 36 4 36 67] (self : t_MapInv'0) (visited : Seq.seq t_B'0) (succ : t_MapInv'0) = [%#smap_inv2] unnest'0 self.t_MapInv__func'0 succ.t_MapInv__func'0 - /\ (exists fs : Seq.seq (borrowed t_F'0) . inv'2 fs - /\ Seq.length fs = Seq.length visited - /\ (exists s : Seq.seq t_Item'0 . inv'3 s - /\ Seq.length s = Seq.length visited + /\ (exists fs : Seq.seq (borrowed t_F'0) . Seq.length fs = Seq.length visited + /\ (exists s : Seq.seq t_Item'0 . Seq.length s = Seq.length visited /\ produces'1 self.t_MapInv__iter'0 s succ.t_MapInv__iter'0 /\ Snapshot.inner succ.t_MapInv__produced'0 = Seq.(++) (Snapshot.inner self.t_MapInv__produced'0) s /\ (forall i : int . 1 <= i /\ i < Seq.length fs -> (Seq.get fs (i - 1)).final = (Seq.get fs i).current) @@ -4596,22 +3628,22 @@ module M_creusot_contracts__stdqy35z1__iter__map_inv__qyi4899712594723907874__pr /\ precondition'0 (Seq.get fs i).current (Seq.get s i, Snapshot.new (Seq.(++) (Snapshot.inner self.t_MapInv__produced'0) (Seq.([..]) s 0 i))) /\ postcondition_mut'0 (Seq.get fs i).current (Seq.get s i, Snapshot.new (Seq.(++) (Snapshot.inner self.t_MapInv__produced'0) (Seq.([..]) s 0 i))) (Seq.get fs i).final (Seq.get visited i)))) - function produces_trans'0 [#"../../../creusot-contracts/src/std/iter/map_inv.rs" 35 4 35 90] (a : t_MapInv'0) (ab : Seq.seq t_B'0) (b : t_MapInv'0) (bc : Seq.seq t_B'0) (c : t_MapInv'0) : () + function produces_trans'0 [#"../../../creusot-contracts/src/std/iter/map_inv.rs" 31 4 31 90] (a : t_MapInv'0) (ab : Seq.seq t_B'0) (b : t_MapInv'0) (bc : Seq.seq t_B'0) (c : t_MapInv'0) : () = - [%#smap_inv12] () + [%#smap_inv8] () + + axiom produces_trans'0_spec : forall a : t_MapInv'0, ab : Seq.seq t_B'0, b : t_MapInv'0, bc : Seq.seq t_B'0, c : t_MapInv'0 . ([%#smap_inv5] produces'0 a ab b) + -> ([%#smap_inv6] produces'0 b bc c) -> ([%#smap_inv7] produces'0 a (Seq.(++) ab bc) c) - axiom produces_trans'0_spec : forall a : t_MapInv'0, ab : Seq.seq t_B'0, b : t_MapInv'0, bc : Seq.seq t_B'0, c : t_MapInv'0 . ([%#smap_inv6] inv'4 a) - -> ([%#smap_inv7] inv'4 b) - -> ([%#smap_inv8] inv'4 c) - -> ([%#smap_inv9] produces'0 a ab b) - -> ([%#smap_inv10] produces'0 b bc c) -> ([%#smap_inv11] produces'0 a (Seq.(++) ab bc) c) + function produces_refl'0 [#"../../../creusot-contracts/src/std/iter/map_inv.rs" 24 4 24 26] (self : t_MapInv'0) : () = + [%#smap_inv4] () - function produces_refl'0 [#"../../../creusot-contracts/src/std/iter/map_inv.rs" 25 4 25 26] (self : t_MapInv'0) : () = - [%#smap_inv5] () + axiom produces_refl'0_spec : forall self : t_MapInv'0 . [%#smap_inv3] produces'0 self (Seq.empty : Seq.seq t_B'0) self - axiom produces_refl'0_spec : forall self : t_MapInv'0 . ([%#smap_inv3] inv'4 self) - -> ([%#smap_inv4] produces'0 self (Seq.empty : Seq.seq t_B'0) self) + use seq.Seq + + use seq.Seq constant self : t_MapInv'0 @@ -4619,12 +3651,11 @@ module M_creusot_contracts__stdqy35z1__iter__map_inv__qyi4899712594723907874__pr constant succ : t_MapInv'0 - predicate produces_one'0 [#"../../../creusot-contracts/src/std/iter/map_inv.rs" 192 4 192 57] (self : t_MapInv'0) (visited : t_B'0) (succ : t_MapInv'0) + predicate produces_one'0 [#"../../../creusot-contracts/src/std/iter/map_inv.rs" 180 4 180 57] (self : t_MapInv'0) (visited : t_B'0) (succ : t_MapInv'0) - goal vc_produces_one'0 : [%#smap_inv0] ([%#smap_inv1] exists f : borrowed t_F'0, e : t_Item'0 . inv'0 f - /\ inv'1 e - /\ f.current = self.t_MapInv__func'0 + goal vc_produces_one'0 : [%#smap_inv0] ([%#smap_inv1] exists f : borrowed t_F'0, e : t_Item'0 . f.current + = self.t_MapInv__func'0 /\ f.final = succ.t_MapInv__func'0 /\ produces'1 self.t_MapInv__iter'0 (Seq.singleton e) succ.t_MapInv__iter'0 /\ Snapshot.inner succ.t_MapInv__produced'0 = Seq.snoc (Snapshot.inner self.t_MapInv__produced'0) e @@ -4632,14 +3663,17 @@ module M_creusot_contracts__stdqy35z1__iter__map_inv__qyi4899712594723907874__pr /\ postcondition_mut'0 f.current (e, self.t_MapInv__produced'0) f.final visited) = produces'0 self (Seq.singleton visited) succ end -module M_creusot_contracts__stdqy35z1__iter__once__qyi8116812009287608646__produces_refl [#"../../../creusot-contracts/src/std/iter/once.rs" 33 4 33 26] (* as std::iter::Iterator> *) - let%span sonce0 = "../../../creusot-contracts/src/std/iter/once.rs" 31 15 31 24 - let%span sonce1 = "../../../creusot-contracts/src/std/iter/once.rs" 32 14 32 45 - let%span sonce2 = "../../../creusot-contracts/src/std/iter/once.rs" 29 4 29 10 - let%span sonce3 = "../../../creusot-contracts/src/std/iter/once.rs" 24 12 25 106 +module M_creusot_contracts__stdqy35z1__iter__once__qyi8116812009287608646__produces_refl [#"../../../creusot-contracts/src/std/iter/once.rs" 32 4 32 26] (* as std::iter::Iterator> *) + let%span sonce0 = "../../../creusot-contracts/src/std/iter/once.rs" 31 14 31 45 + let%span sonce1 = "../../../creusot-contracts/src/std/iter/once.rs" 29 4 29 10 + let%span sonce2 = "../../../creusot-contracts/src/std/iter/once.rs" 24 12 25 96 + + use seq.Seq type t_T'0 + use seq.Seq + type t_Option'0 = | C_None'0 | C_Some'0 t_T'0 @@ -4653,41 +3687,6 @@ module M_creusot_contracts__stdqy35z1__iter__once__qyi8116812009287608646__produ type t_Once'0 = { t_Once__inner'0: t_IntoIter'0 } - predicate inv'1 [#"../../../creusot-contracts/src/invariant.rs" 41 0 41 35] (_1 : t_T'0) - - predicate inv'4 [#"../../../creusot-contracts/src/invariant.rs" 41 0 41 35] (_1 : t_Option'0) - - axiom inv_axiom'3 [@rewrite] : forall x : t_Option'0 [inv'4 x] . inv'4 x - = match x with - | C_None'0 -> true - | C_Some'0 a_0 -> inv'1 a_0 - end - - predicate inv'3 [#"../../../creusot-contracts/src/invariant.rs" 41 0 41 35] (_1 : t_Item'0) - - axiom inv_axiom'2 [@rewrite] : forall x : t_Item'0 [inv'3 x] . inv'3 x - = match x with - | {t_Item__opt'0 = opt} -> inv'4 opt - end - - predicate inv'2 [#"../../../creusot-contracts/src/invariant.rs" 41 0 41 35] (_1 : t_IntoIter'0) - - axiom inv_axiom'1 [@rewrite] : forall x : t_IntoIter'0 [inv'2 x] . inv'2 x - = match x with - | {t_IntoIter__inner'0 = inner} -> inv'3 inner - end - - predicate inv'0 [#"../../../creusot-contracts/src/invariant.rs" 41 0 41 35] (_1 : t_Once'0) - - axiom inv_axiom'0 [@rewrite] : forall x : t_Once'0 [inv'0 x] . inv'0 x - = match x with - | {t_Once__inner'0 = inner} -> inv'2 inner - end - - use seq.Seq - - use seq.Seq - function view'0 [#"../../../creusot-contracts/src/std/iter/once.rs" 8 4 8 30] (self : t_Once'0) : t_Option'0 use seq.Seq @@ -4695,24 +3694,21 @@ module M_creusot_contracts__stdqy35z1__iter__once__qyi8116812009287608646__produ predicate produces'0 [#"../../../creusot-contracts/src/std/iter/once.rs" 22 4 22 64] (self : t_Once'0) (visited : Seq.seq t_T'0) (o : t_Once'0) = - [%#sonce3] visited = (Seq.empty : Seq.seq t_T'0) /\ self = o - \/ (exists e : t_T'0 . inv'1 e /\ view'0 self = C_Some'0 e /\ visited = Seq.singleton e /\ view'0 o = C_None'0) + [%#sonce2] visited = (Seq.empty : Seq.seq t_T'0) /\ self = o + \/ (exists e : t_T'0 . view'0 self = C_Some'0 e /\ visited = Seq.singleton e /\ view'0 o = C_None'0) constant self : t_Once'0 - function produces_refl'0 [#"../../../creusot-contracts/src/std/iter/once.rs" 33 4 33 26] (self : t_Once'0) : () + function produces_refl'0 [#"../../../creusot-contracts/src/std/iter/once.rs" 32 4 32 26] (self : t_Once'0) : () - goal vc_produces_refl'0 : ([%#sonce0] inv'0 self) -> ([%#sonce1] produces'0 self (Seq.empty : Seq.seq t_T'0) self) + goal vc_produces_refl'0 : [%#sonce0] produces'0 self (Seq.empty : Seq.seq t_T'0) self end -module M_creusot_contracts__stdqy35z1__iter__once__qyi8116812009287608646__produces_trans [#"../../../creusot-contracts/src/std/iter/once.rs" 43 4 43 90] (* as std::iter::Iterator> *) - let%span sonce0 = "../../../creusot-contracts/src/std/iter/once.rs" 37 15 37 21 - let%span sonce1 = "../../../creusot-contracts/src/std/iter/once.rs" 38 15 38 21 - let%span sonce2 = "../../../creusot-contracts/src/std/iter/once.rs" 39 15 39 21 - let%span sonce3 = "../../../creusot-contracts/src/std/iter/once.rs" 40 15 40 32 - let%span sonce4 = "../../../creusot-contracts/src/std/iter/once.rs" 41 15 41 32 - let%span sonce5 = "../../../creusot-contracts/src/std/iter/once.rs" 42 14 42 42 - let%span sonce6 = "../../../creusot-contracts/src/std/iter/once.rs" 35 4 35 10 - let%span sonce7 = "../../../creusot-contracts/src/std/iter/once.rs" 24 12 25 106 +module M_creusot_contracts__stdqy35z1__iter__once__qyi8116812009287608646__produces_trans [#"../../../creusot-contracts/src/std/iter/once.rs" 39 4 39 90] (* as std::iter::Iterator> *) + let%span sonce0 = "../../../creusot-contracts/src/std/iter/once.rs" 36 15 36 32 + let%span sonce1 = "../../../creusot-contracts/src/std/iter/once.rs" 37 15 37 32 + let%span sonce2 = "../../../creusot-contracts/src/std/iter/once.rs" 38 14 38 42 + let%span sonce3 = "../../../creusot-contracts/src/std/iter/once.rs" 34 4 34 10 + let%span sonce4 = "../../../creusot-contracts/src/std/iter/once.rs" 24 12 25 96 type t_T'0 @@ -4729,37 +3725,6 @@ module M_creusot_contracts__stdqy35z1__iter__once__qyi8116812009287608646__produ type t_Once'0 = { t_Once__inner'0: t_IntoIter'0 } - predicate inv'1 [#"../../../creusot-contracts/src/invariant.rs" 41 0 41 35] (_1 : t_T'0) - - predicate inv'4 [#"../../../creusot-contracts/src/invariant.rs" 41 0 41 35] (_1 : t_Option'0) - - axiom inv_axiom'3 [@rewrite] : forall x : t_Option'0 [inv'4 x] . inv'4 x - = match x with - | C_None'0 -> true - | C_Some'0 a_0 -> inv'1 a_0 - end - - predicate inv'3 [#"../../../creusot-contracts/src/invariant.rs" 41 0 41 35] (_1 : t_Item'0) - - axiom inv_axiom'2 [@rewrite] : forall x : t_Item'0 [inv'3 x] . inv'3 x - = match x with - | {t_Item__opt'0 = opt} -> inv'4 opt - end - - predicate inv'2 [#"../../../creusot-contracts/src/invariant.rs" 41 0 41 35] (_1 : t_IntoIter'0) - - axiom inv_axiom'1 [@rewrite] : forall x : t_IntoIter'0 [inv'2 x] . inv'2 x - = match x with - | {t_IntoIter__inner'0 = inner} -> inv'3 inner - end - - predicate inv'0 [#"../../../creusot-contracts/src/invariant.rs" 41 0 41 35] (_1 : t_Once'0) - - axiom inv_axiom'0 [@rewrite] : forall x : t_Once'0 [inv'0 x] . inv'0 x - = match x with - | {t_Once__inner'0 = inner} -> inv'2 inner - end - use seq.Seq use seq.Seq @@ -4771,8 +3736,8 @@ module M_creusot_contracts__stdqy35z1__iter__once__qyi8116812009287608646__produ predicate produces'0 [#"../../../creusot-contracts/src/std/iter/once.rs" 22 4 22 64] (self : t_Once'0) (visited : Seq.seq t_T'0) (o : t_Once'0) = - [%#sonce7] visited = (Seq.empty : Seq.seq t_T'0) /\ self = o - \/ (exists e : t_T'0 . inv'1 e /\ view'0 self = C_Some'0 e /\ visited = Seq.singleton e /\ view'0 o = C_None'0) + [%#sonce4] visited = (Seq.empty : Seq.seq t_T'0) /\ self = o + \/ (exists e : t_T'0 . view'0 self = C_Some'0 e /\ visited = Seq.singleton e /\ view'0 o = C_None'0) use seq.Seq @@ -4784,40 +3749,28 @@ module M_creusot_contracts__stdqy35z1__iter__once__qyi8116812009287608646__produ constant bc : Seq.seq t_T'0 - constant c : t_Once'0 - - function produces_trans'0 [#"../../../creusot-contracts/src/std/iter/once.rs" 43 4 43 90] (a : t_Once'0) (ab : Seq.seq t_T'0) (b : t_Once'0) (bc : Seq.seq t_T'0) (c : t_Once'0) : () - - - goal vc_produces_trans'0 : ([%#sonce4] produces'0 b bc c) - -> ([%#sonce3] produces'0 a ab b) - -> ([%#sonce2] inv'0 c) - -> ([%#sonce1] inv'0 b) -> ([%#sonce0] inv'0 a) -> ([%#sonce5] produces'0 a (Seq.(++) ab bc) c) -end -module M_creusot_contracts__stdqy35z1__iter__range__qyi16860283617022118777__produces_refl [#"../../../creusot-contracts/src/std/iter/range.rs" 35 4 35 26] (* as std::iter::Iterator> *) - let%span srange0 = "../../../creusot-contracts/src/std/iter/range.rs" 33 15 33 24 - let%span srange1 = "../../../creusot-contracts/src/std/iter/range.rs" 34 14 34 45 - let%span srange2 = "../../../creusot-contracts/src/std/iter/range.rs" 31 4 31 10 - let%span srange3 = "../../../creusot-contracts/src/std/iter/range.rs" 23 12 27 70 - - type t_Idx'0 - - type t_Range'0 = - { t_Range__start'0: t_Idx'0; t_Range__end'0: t_Idx'0 } - - predicate inv'1 [#"../../../creusot-contracts/src/invariant.rs" 41 0 41 35] (_1 : t_Idx'0) + constant c : t_Once'0 - predicate inv'0 [#"../../../creusot-contracts/src/invariant.rs" 41 0 41 35] (_1 : t_Range'0) + function produces_trans'0 [#"../../../creusot-contracts/src/std/iter/once.rs" 39 4 39 90] (a : t_Once'0) (ab : Seq.seq t_T'0) (b : t_Once'0) (bc : Seq.seq t_T'0) (c : t_Once'0) : () + - axiom inv_axiom'0 [@rewrite] : forall x : t_Range'0 [inv'0 x] . inv'0 x - = match x with - | {t_Range__start'0 = start ; t_Range__end'0 = end'} -> inv'1 start /\ inv'1 end' - end + goal vc_produces_trans'0 : ([%#sonce1] produces'0 b bc c) + -> ([%#sonce0] produces'0 a ab b) -> ([%#sonce2] produces'0 a (Seq.(++) ab bc) c) +end +module M_creusot_contracts__stdqy35z1__iter__range__qyi16860283617022118777__produces_refl [#"../../../creusot-contracts/src/std/iter/range.rs" 33 4 33 26] (* as std::iter::Iterator> *) + let%span srange0 = "../../../creusot-contracts/src/std/iter/range.rs" 32 14 32 45 + let%span srange1 = "../../../creusot-contracts/src/std/iter/range.rs" 30 4 30 10 + let%span srange2 = "../../../creusot-contracts/src/std/iter/range.rs" 22 12 26 70 use seq.Seq + type t_Idx'0 + use seq.Seq + type t_Range'0 = + { t_Range__start'0: t_Idx'0; t_Range__end'0: t_Idx'0 } + use prelude.prelude.Int function deep_model'0 [#"../../../creusot-contracts/src/model.rs" 25 4 25 45] (self : t_Idx'0) : int @@ -4826,10 +3779,10 @@ module M_creusot_contracts__stdqy35z1__iter__range__qyi16860283617022118777__pro use seq.Seq - predicate produces'0 [#"../../../creusot-contracts/src/std/iter/range.rs" 21 4 21 64] (self : t_Range'0) (visited : Seq.seq t_Idx'0) (o : t_Range'0) + predicate produces'0 [#"../../../creusot-contracts/src/std/iter/range.rs" 20 4 20 64] (self : t_Range'0) (visited : Seq.seq t_Idx'0) (o : t_Range'0) = - [%#srange3] self.t_Range__end'0 = o.t_Range__end'0 + [%#srange2] self.t_Range__end'0 = o.t_Range__end'0 /\ deep_model'0 self.t_Range__start'0 <= deep_model'0 o.t_Range__start'0 /\ (Seq.length visited > 0 -> deep_model'0 o.t_Range__start'0 <= deep_model'0 o.t_Range__end'0) /\ Seq.length visited = deep_model'0 o.t_Range__start'0 - deep_model'0 self.t_Range__start'0 @@ -4838,35 +3791,22 @@ module M_creusot_contracts__stdqy35z1__iter__range__qyi16860283617022118777__pro constant self : t_Range'0 - function produces_refl'0 [#"../../../creusot-contracts/src/std/iter/range.rs" 35 4 35 26] (self : t_Range'0) : () + function produces_refl'0 [#"../../../creusot-contracts/src/std/iter/range.rs" 33 4 33 26] (self : t_Range'0) : () - goal vc_produces_refl'0 : ([%#srange0] inv'0 self) - -> ([%#srange1] produces'0 self (Seq.empty : Seq.seq t_Idx'0) self) + goal vc_produces_refl'0 : [%#srange0] produces'0 self (Seq.empty : Seq.seq t_Idx'0) self end -module M_creusot_contracts__stdqy35z1__iter__range__qyi16860283617022118777__produces_trans [#"../../../creusot-contracts/src/std/iter/range.rs" 45 4 45 90] (* as std::iter::Iterator> *) - let%span srange0 = "../../../creusot-contracts/src/std/iter/range.rs" 39 15 39 21 - let%span srange1 = "../../../creusot-contracts/src/std/iter/range.rs" 40 15 40 21 - let%span srange2 = "../../../creusot-contracts/src/std/iter/range.rs" 41 15 41 21 - let%span srange3 = "../../../creusot-contracts/src/std/iter/range.rs" 42 15 42 32 - let%span srange4 = "../../../creusot-contracts/src/std/iter/range.rs" 43 15 43 32 - let%span srange5 = "../../../creusot-contracts/src/std/iter/range.rs" 44 14 44 42 - let%span srange6 = "../../../creusot-contracts/src/std/iter/range.rs" 37 4 37 10 - let%span srange7 = "../../../creusot-contracts/src/std/iter/range.rs" 23 12 27 70 +module M_creusot_contracts__stdqy35z1__iter__range__qyi16860283617022118777__produces_trans [#"../../../creusot-contracts/src/std/iter/range.rs" 40 4 40 90] (* as std::iter::Iterator> *) + let%span srange0 = "../../../creusot-contracts/src/std/iter/range.rs" 37 15 37 32 + let%span srange1 = "../../../creusot-contracts/src/std/iter/range.rs" 38 15 38 32 + let%span srange2 = "../../../creusot-contracts/src/std/iter/range.rs" 39 14 39 42 + let%span srange3 = "../../../creusot-contracts/src/std/iter/range.rs" 35 4 35 10 + let%span srange4 = "../../../creusot-contracts/src/std/iter/range.rs" 22 12 26 70 type t_Idx'0 type t_Range'0 = { t_Range__start'0: t_Idx'0; t_Range__end'0: t_Idx'0 } - predicate inv'1 [#"../../../creusot-contracts/src/invariant.rs" 41 0 41 35] (_1 : t_Idx'0) - - predicate inv'0 [#"../../../creusot-contracts/src/invariant.rs" 41 0 41 35] (_1 : t_Range'0) - - axiom inv_axiom'0 [@rewrite] : forall x : t_Range'0 [inv'0 x] . inv'0 x - = match x with - | {t_Range__start'0 = start ; t_Range__end'0 = end'} -> inv'1 start /\ inv'1 end' - end - use seq.Seq use prelude.prelude.Int @@ -4877,10 +3817,10 @@ module M_creusot_contracts__stdqy35z1__iter__range__qyi16860283617022118777__pro use seq.Seq - predicate produces'0 [#"../../../creusot-contracts/src/std/iter/range.rs" 21 4 21 64] (self : t_Range'0) (visited : Seq.seq t_Idx'0) (o : t_Range'0) + predicate produces'0 [#"../../../creusot-contracts/src/std/iter/range.rs" 20 4 20 64] (self : t_Range'0) (visited : Seq.seq t_Idx'0) (o : t_Range'0) = - [%#srange7] self.t_Range__end'0 = o.t_Range__end'0 + [%#srange4] self.t_Range__end'0 = o.t_Range__end'0 /\ deep_model'0 self.t_Range__start'0 <= deep_model'0 o.t_Range__start'0 /\ (Seq.length visited > 0 -> deep_model'0 o.t_Range__start'0 <= deep_model'0 o.t_Range__end'0) /\ Seq.length visited = deep_model'0 o.t_Range__start'0 - deep_model'0 self.t_Range__start'0 @@ -4899,18 +3839,16 @@ module M_creusot_contracts__stdqy35z1__iter__range__qyi16860283617022118777__pro constant c : t_Range'0 - function produces_trans'0 [#"../../../creusot-contracts/src/std/iter/range.rs" 45 4 45 90] (a : t_Range'0) (ab : Seq.seq t_Idx'0) (b : t_Range'0) (bc : Seq.seq t_Idx'0) (c : t_Range'0) : () + function produces_trans'0 [#"../../../creusot-contracts/src/std/iter/range.rs" 40 4 40 90] (a : t_Range'0) (ab : Seq.seq t_Idx'0) (b : t_Range'0) (bc : Seq.seq t_Idx'0) (c : t_Range'0) : () - goal vc_produces_trans'0 : ([%#srange4] produces'0 b bc c) - -> ([%#srange3] produces'0 a ab b) - -> ([%#srange2] inv'0 c) - -> ([%#srange1] inv'0 b) -> ([%#srange0] inv'0 a) -> ([%#srange5] produces'0 a (Seq.(++) ab bc) c) + goal vc_produces_trans'0 : ([%#srange1] produces'0 b bc c) + -> ([%#srange0] produces'0 a ab b) -> ([%#srange2] produces'0 a (Seq.(++) ab bc) c) end -module M_creusot_contracts__stdqy35z1__iter__range__range_inclusive_len [#"../../../creusot-contracts/src/std/iter/range.rs" 51 0 51 92] - let%span srange0 = "../../../creusot-contracts/src/std/iter/range.rs" 50 10 50 43 +module M_creusot_contracts__stdqy35z1__iter__range__range_inclusive_len [#"../../../creusot-contracts/src/std/iter/range.rs" 46 0 46 92] + let%span srange0 = "../../../creusot-contracts/src/std/iter/range.rs" 45 10 45 43 let%span sops1 = "../../../creusot-contracts/src/std/ops.rs" 205 14 205 86 - let%span srange2 = "../../../creusot-contracts/src/std/iter/range.rs" 52 4 55 5 + let%span srange2 = "../../../creusot-contracts/src/std/iter/range.rs" 47 4 50 5 type t_Idx'0 @@ -4932,7 +3870,7 @@ module M_creusot_contracts__stdqy35z1__iter__range__range_inclusive_len [#"../.. constant r : t_RangeInclusive'0 - function range_inclusive_len'0 [#"../../../creusot-contracts/src/std/iter/range.rs" 51 0 51 92] (r : t_RangeInclusive'0) : int + function range_inclusive_len'0 [#"../../../creusot-contracts/src/std/iter/range.rs" 46 0 46 92] (r : t_RangeInclusive'0) : int goal vc_range_inclusive_len'0 : ([%#sops1] not is_empty_log'0 r @@ -4943,12 +3881,12 @@ module M_creusot_contracts__stdqy35z1__iter__range__range_inclusive_len [#"../.. [%#srange0] is_empty_log'0 r = (deep_model'0 (end_log'0 r) - deep_model'0 (start_log'0 r) + 1 = 0) ) end -module M_creusot_contracts__stdqy35z1__iter__range__qyi11108913944999844411__produces_refl [#"../../../creusot-contracts/src/std/iter/range.rs" 82 4 82 26] (* as std::iter::Iterator> *) - let%span srange0 = "../../../creusot-contracts/src/std/iter/range.rs" 81 14 81 45 - let%span srange1 = "../../../creusot-contracts/src/std/iter/range.rs" 79 4 79 10 - let%span srange2 = "../../../creusot-contracts/src/std/iter/range.rs" 71 12 75 76 - let%span srange3 = "../../../creusot-contracts/src/std/iter/range.rs" 50 10 50 43 - let%span srange4 = "../../../creusot-contracts/src/std/iter/range.rs" 52 4 55 5 +module M_creusot_contracts__stdqy35z1__iter__range__qyi11108913944999844411__produces_refl [#"../../../creusot-contracts/src/std/iter/range.rs" 77 4 77 26] (* as std::iter::Iterator> *) + let%span srange0 = "../../../creusot-contracts/src/std/iter/range.rs" 76 14 76 45 + let%span srange1 = "../../../creusot-contracts/src/std/iter/range.rs" 74 4 74 10 + let%span srange2 = "../../../creusot-contracts/src/std/iter/range.rs" 66 12 70 76 + let%span srange3 = "../../../creusot-contracts/src/std/iter/range.rs" 45 10 45 43 + let%span srange4 = "../../../creusot-contracts/src/std/iter/range.rs" 47 4 50 5 let%span sops5 = "../../../creusot-contracts/src/std/ops.rs" 205 14 205 86 use seq.Seq @@ -4975,7 +3913,7 @@ module M_creusot_contracts__stdqy35z1__iter__range__qyi11108913944999844411__pro axiom is_empty_log'0_spec : forall self : t_RangeInclusive'0 . [%#sops5] not is_empty_log'0 self -> deep_model'0 (start_log'0 self) <= deep_model'0 (end_log'0 self) - function range_inclusive_len'0 [#"../../../creusot-contracts/src/std/iter/range.rs" 51 0 51 92] (r : t_RangeInclusive'0) : int + function range_inclusive_len'0 [#"../../../creusot-contracts/src/std/iter/range.rs" 46 0 46 92] (r : t_RangeInclusive'0) : int = [%#srange4] if is_empty_log'0 r then 0 else deep_model'0 (end_log'0 r) - deep_model'0 (start_log'0 r) + 1 @@ -4985,7 +3923,7 @@ module M_creusot_contracts__stdqy35z1__iter__range__qyi11108913944999844411__pro use seq.Seq - predicate produces'0 [#"../../../creusot-contracts/src/std/iter/range.rs" 69 4 69 64] (self : t_RangeInclusive'0) (visited : Seq.seq t_Idx'0) (o : t_RangeInclusive'0) + predicate produces'0 [#"../../../creusot-contracts/src/std/iter/range.rs" 64 4 64 64] (self : t_RangeInclusive'0) (visited : Seq.seq t_Idx'0) (o : t_RangeInclusive'0) = [%#srange2] Seq.length visited = range_inclusive_len'0 self - range_inclusive_len'0 o @@ -4996,19 +3934,19 @@ module M_creusot_contracts__stdqy35z1__iter__range__qyi11108913944999844411__pro constant self : t_RangeInclusive'0 - function produces_refl'0 [#"../../../creusot-contracts/src/std/iter/range.rs" 82 4 82 26] (self : t_RangeInclusive'0) : () + function produces_refl'0 [#"../../../creusot-contracts/src/std/iter/range.rs" 77 4 77 26] (self : t_RangeInclusive'0) : () goal vc_produces_refl'0 : [%#srange0] produces'0 self (Seq.empty : Seq.seq t_Idx'0) self end -module M_creusot_contracts__stdqy35z1__iter__range__qyi11108913944999844411__produces_trans [#"../../../creusot-contracts/src/std/iter/range.rs" 89 4 89 90] (* as std::iter::Iterator> *) - let%span srange0 = "../../../creusot-contracts/src/std/iter/range.rs" 86 15 86 32 - let%span srange1 = "../../../creusot-contracts/src/std/iter/range.rs" 87 15 87 32 - let%span srange2 = "../../../creusot-contracts/src/std/iter/range.rs" 88 14 88 42 - let%span srange3 = "../../../creusot-contracts/src/std/iter/range.rs" 84 4 84 10 - let%span srange4 = "../../../creusot-contracts/src/std/iter/range.rs" 71 12 75 76 - let%span srange5 = "../../../creusot-contracts/src/std/iter/range.rs" 50 10 50 43 - let%span srange6 = "../../../creusot-contracts/src/std/iter/range.rs" 52 4 55 5 +module M_creusot_contracts__stdqy35z1__iter__range__qyi11108913944999844411__produces_trans [#"../../../creusot-contracts/src/std/iter/range.rs" 84 4 84 90] (* as std::iter::Iterator> *) + let%span srange0 = "../../../creusot-contracts/src/std/iter/range.rs" 81 15 81 32 + let%span srange1 = "../../../creusot-contracts/src/std/iter/range.rs" 82 15 82 32 + let%span srange2 = "../../../creusot-contracts/src/std/iter/range.rs" 83 14 83 42 + let%span srange3 = "../../../creusot-contracts/src/std/iter/range.rs" 79 4 79 10 + let%span srange4 = "../../../creusot-contracts/src/std/iter/range.rs" 66 12 70 76 + let%span srange5 = "../../../creusot-contracts/src/std/iter/range.rs" 45 10 45 43 + let%span srange6 = "../../../creusot-contracts/src/std/iter/range.rs" 47 4 50 5 let%span sops7 = "../../../creusot-contracts/src/std/ops.rs" 205 14 205 86 type t_Idx'0 @@ -5033,7 +3971,7 @@ module M_creusot_contracts__stdqy35z1__iter__range__qyi11108913944999844411__pro axiom is_empty_log'0_spec : forall self : t_RangeInclusive'0 . [%#sops7] not is_empty_log'0 self -> deep_model'0 (start_log'0 self) <= deep_model'0 (end_log'0 self) - function range_inclusive_len'0 [#"../../../creusot-contracts/src/std/iter/range.rs" 51 0 51 92] (r : t_RangeInclusive'0) : int + function range_inclusive_len'0 [#"../../../creusot-contracts/src/std/iter/range.rs" 46 0 46 92] (r : t_RangeInclusive'0) : int = [%#srange6] if is_empty_log'0 r then 0 else deep_model'0 (end_log'0 r) - deep_model'0 (start_log'0 r) + 1 @@ -5043,7 +3981,7 @@ module M_creusot_contracts__stdqy35z1__iter__range__qyi11108913944999844411__pro use seq.Seq - predicate produces'0 [#"../../../creusot-contracts/src/std/iter/range.rs" 69 4 69 64] (self : t_RangeInclusive'0) (visited : Seq.seq t_Idx'0) (o : t_RangeInclusive'0) + predicate produces'0 [#"../../../creusot-contracts/src/std/iter/range.rs" 64 4 64 64] (self : t_RangeInclusive'0) (visited : Seq.seq t_Idx'0) (o : t_RangeInclusive'0) = [%#srange4] Seq.length visited = range_inclusive_len'0 self - range_inclusive_len'0 o @@ -5064,35 +4002,25 @@ module M_creusot_contracts__stdqy35z1__iter__range__qyi11108913944999844411__pro constant c : t_RangeInclusive'0 - function produces_trans'0 [#"../../../creusot-contracts/src/std/iter/range.rs" 89 4 89 90] (a : t_RangeInclusive'0) (ab : Seq.seq t_Idx'0) (b : t_RangeInclusive'0) (bc : Seq.seq t_Idx'0) (c : t_RangeInclusive'0) : () + function produces_trans'0 [#"../../../creusot-contracts/src/std/iter/range.rs" 84 4 84 90] (a : t_RangeInclusive'0) (ab : Seq.seq t_Idx'0) (b : t_RangeInclusive'0) (bc : Seq.seq t_Idx'0) (c : t_RangeInclusive'0) : () goal vc_produces_trans'0 : ([%#srange1] produces'0 b bc c) -> ([%#srange0] produces'0 a ab b) -> ([%#srange2] produces'0 a (Seq.(++) ab bc) c) end -module M_creusot_contracts__stdqy35z1__iter__repeat__qyi8658929399712466629__produces_refl [#"../../../creusot-contracts/src/std/iter/repeat.rs" 33 4 33 26] (* as std::iter::Iterator> *) - let%span srepeat0 = "../../../creusot-contracts/src/std/iter/repeat.rs" 31 15 31 24 - let%span srepeat1 = "../../../creusot-contracts/src/std/iter/repeat.rs" 32 14 32 45 - let%span srepeat2 = "../../../creusot-contracts/src/std/iter/repeat.rs" 29 4 29 10 - let%span srepeat3 = "../../../creusot-contracts/src/std/iter/repeat.rs" 24 12 25 78 - - type t_T'0 - - type t_Repeat'0 = - { t_Repeat__element'0: t_T'0 } - - predicate inv'1 [#"../../../creusot-contracts/src/invariant.rs" 41 0 41 35] (_1 : t_T'0) +module M_creusot_contracts__stdqy35z1__iter__repeat__qyi8658929399712466629__produces_refl [#"../../../creusot-contracts/src/std/iter/repeat.rs" 32 4 32 26] (* as std::iter::Iterator> *) + let%span srepeat0 = "../../../creusot-contracts/src/std/iter/repeat.rs" 31 14 31 45 + let%span srepeat1 = "../../../creusot-contracts/src/std/iter/repeat.rs" 29 4 29 10 + let%span srepeat2 = "../../../creusot-contracts/src/std/iter/repeat.rs" 24 12 25 78 - predicate inv'0 [#"../../../creusot-contracts/src/invariant.rs" 41 0 41 35] (_1 : t_Repeat'0) + use seq.Seq - axiom inv_axiom'0 [@rewrite] : forall x : t_Repeat'0 [inv'0 x] . inv'0 x - = match x with - | {t_Repeat__element'0 = element} -> inv'1 element - end + type t_T'0 use seq.Seq - use seq.Seq + type t_Repeat'0 = + { t_Repeat__element'0: t_T'0 } use prelude.prelude.Int @@ -5105,39 +4033,26 @@ module M_creusot_contracts__stdqy35z1__iter__repeat__qyi8658929399712466629__pro predicate produces'0 [#"../../../creusot-contracts/src/std/iter/repeat.rs" 22 4 22 64] (self : t_Repeat'0) (visited : Seq.seq t_T'0) (o : t_Repeat'0) = - [%#srepeat3] self = o /\ (forall i : int . 0 <= i /\ i < Seq.length visited -> Seq.get visited i = view'0 self) + [%#srepeat2] self = o /\ (forall i : int . 0 <= i /\ i < Seq.length visited -> Seq.get visited i = view'0 self) constant self : t_Repeat'0 - function produces_refl'0 [#"../../../creusot-contracts/src/std/iter/repeat.rs" 33 4 33 26] (self : t_Repeat'0) : () + function produces_refl'0 [#"../../../creusot-contracts/src/std/iter/repeat.rs" 32 4 32 26] (self : t_Repeat'0) : () - goal vc_produces_refl'0 : ([%#srepeat0] inv'0 self) - -> ([%#srepeat1] produces'0 self (Seq.empty : Seq.seq t_T'0) self) + goal vc_produces_refl'0 : [%#srepeat0] produces'0 self (Seq.empty : Seq.seq t_T'0) self end -module M_creusot_contracts__stdqy35z1__iter__repeat__qyi8658929399712466629__produces_trans [#"../../../creusot-contracts/src/std/iter/repeat.rs" 43 4 43 90] (* as std::iter::Iterator> *) - let%span srepeat0 = "../../../creusot-contracts/src/std/iter/repeat.rs" 37 15 37 21 - let%span srepeat1 = "../../../creusot-contracts/src/std/iter/repeat.rs" 38 15 38 21 - let%span srepeat2 = "../../../creusot-contracts/src/std/iter/repeat.rs" 39 15 39 21 - let%span srepeat3 = "../../../creusot-contracts/src/std/iter/repeat.rs" 40 15 40 32 - let%span srepeat4 = "../../../creusot-contracts/src/std/iter/repeat.rs" 41 15 41 32 - let%span srepeat5 = "../../../creusot-contracts/src/std/iter/repeat.rs" 42 14 42 42 - let%span srepeat6 = "../../../creusot-contracts/src/std/iter/repeat.rs" 35 4 35 10 - let%span srepeat7 = "../../../creusot-contracts/src/std/iter/repeat.rs" 24 12 25 78 +module M_creusot_contracts__stdqy35z1__iter__repeat__qyi8658929399712466629__produces_trans [#"../../../creusot-contracts/src/std/iter/repeat.rs" 39 4 39 90] (* as std::iter::Iterator> *) + let%span srepeat0 = "../../../creusot-contracts/src/std/iter/repeat.rs" 36 15 36 32 + let%span srepeat1 = "../../../creusot-contracts/src/std/iter/repeat.rs" 37 15 37 32 + let%span srepeat2 = "../../../creusot-contracts/src/std/iter/repeat.rs" 38 14 38 42 + let%span srepeat3 = "../../../creusot-contracts/src/std/iter/repeat.rs" 34 4 34 10 + let%span srepeat4 = "../../../creusot-contracts/src/std/iter/repeat.rs" 24 12 25 78 type t_T'0 type t_Repeat'0 = { t_Repeat__element'0: t_T'0 } - predicate inv'1 [#"../../../creusot-contracts/src/invariant.rs" 41 0 41 35] (_1 : t_T'0) - - predicate inv'0 [#"../../../creusot-contracts/src/invariant.rs" 41 0 41 35] (_1 : t_Repeat'0) - - axiom inv_axiom'0 [@rewrite] : forall x : t_Repeat'0 [inv'0 x] . inv'0 x - = match x with - | {t_Repeat__element'0 = element} -> inv'1 element - end - use seq.Seq use prelude.prelude.Int @@ -5151,7 +4066,7 @@ module M_creusot_contracts__stdqy35z1__iter__repeat__qyi8658929399712466629__pro predicate produces'0 [#"../../../creusot-contracts/src/std/iter/repeat.rs" 22 4 22 64] (self : t_Repeat'0) (visited : Seq.seq t_T'0) (o : t_Repeat'0) = - [%#srepeat7] self = o /\ (forall i : int . 0 <= i /\ i < Seq.length visited -> Seq.get visited i = view'0 self) + [%#srepeat4] self = o /\ (forall i : int . 0 <= i /\ i < Seq.length visited -> Seq.get visited i = view'0 self) use seq.Seq @@ -5165,47 +4080,22 @@ module M_creusot_contracts__stdqy35z1__iter__repeat__qyi8658929399712466629__pro constant c : t_Repeat'0 - function produces_trans'0 [#"../../../creusot-contracts/src/std/iter/repeat.rs" 43 4 43 90] (a : t_Repeat'0) (ab : Seq.seq t_T'0) (b : t_Repeat'0) (bc : Seq.seq t_T'0) (c : t_Repeat'0) : () - - - goal vc_produces_trans'0 : ([%#srepeat4] produces'0 b bc c) - -> ([%#srepeat3] produces'0 a ab b) - -> ([%#srepeat2] inv'0 c) - -> ([%#srepeat1] inv'0 b) -> ([%#srepeat0] inv'0 a) -> ([%#srepeat5] produces'0 a (Seq.(++) ab bc) c) -end -module M_creusot_contracts__stdqy35z1__iter__skip__qyi3195031491774060502__produces_refl [#"../../../creusot-contracts/src/std/iter/skip.rs" 75 4 75 26] (* as std::iter::Iterator> *) - let%span sskip0 = "../../../creusot-contracts/src/std/iter/skip.rs" 73 15 73 24 - let%span sskip1 = "../../../creusot-contracts/src/std/iter/skip.rs" 74 14 74 45 - let%span sskip2 = "../../../creusot-contracts/src/std/iter/skip.rs" 71 4 71 10 - let%span sskip3 = "../../../creusot-contracts/src/std/iter/skip.rs" 62 12 67 74 - let%span sskip4 = "../../../creusot-contracts/src/std/iter/skip.rs" 21 14 21 50 - let%span sskip5 = "../../../creusot-contracts/src/std/iter/skip.rs" 14 14 14 39 - let%span siter6 = "../../../creusot-contracts/src/std/iter.rs" 38 15 38 24 - let%span siter7 = "../../../creusot-contracts/src/std/iter.rs" 39 14 39 45 - let%span siter8 = "../../../creusot-contracts/src/std/iter.rs" 43 15 43 21 - let%span siter9 = "../../../creusot-contracts/src/std/iter.rs" 44 15 44 21 - let%span siter10 = "../../../creusot-contracts/src/std/iter.rs" 45 15 45 21 - let%span siter11 = "../../../creusot-contracts/src/std/iter.rs" 46 15 46 32 - let%span siter12 = "../../../creusot-contracts/src/std/iter.rs" 47 15 47 32 - let%span siter13 = "../../../creusot-contracts/src/std/iter.rs" 48 14 48 42 - let%span sseq14 = "../../../creusot-contracts/src/logic/seq.rs" 611 20 611 95 - let%span sboxed15 = "../../../creusot-contracts/src/std/boxed.rs" 28 8 28 18 - - type t_I'0 - - use prelude.prelude.UIntSize - - type t_Skip'0 = - { t_Skip__iter'0: t_I'0; t_Skip__n'0: usize } - - predicate inv'2 [#"../../../creusot-contracts/src/invariant.rs" 41 0 41 35] (_1 : t_I'0) - - predicate inv'0 [#"../../../creusot-contracts/src/invariant.rs" 41 0 41 35] (_1 : t_Skip'0) + function produces_trans'0 [#"../../../creusot-contracts/src/std/iter/repeat.rs" 39 4 39 90] (a : t_Repeat'0) (ab : Seq.seq t_T'0) (b : t_Repeat'0) (bc : Seq.seq t_T'0) (c : t_Repeat'0) : () + - axiom inv_axiom'0 [@rewrite] : forall x : t_Skip'0 [inv'0 x] . inv'0 x - = match x with - | {t_Skip__iter'0 = iter ; t_Skip__n'0 = n} -> inv'2 iter - end + goal vc_produces_trans'0 : ([%#srepeat1] produces'0 b bc c) + -> ([%#srepeat0] produces'0 a ab b) -> ([%#srepeat2] produces'0 a (Seq.(++) ab bc) c) +end +module M_creusot_contracts__stdqy35z1__iter__skip__qyi3195031491774060502__produces_refl [#"../../../creusot-contracts/src/std/iter/skip.rs" 74 4 74 26] (* as std::iter::Iterator> *) + let%span sskip0 = "../../../creusot-contracts/src/std/iter/skip.rs" 73 14 73 45 + let%span sskip1 = "../../../creusot-contracts/src/std/iter/skip.rs" 71 4 71 10 + let%span sskip2 = "../../../creusot-contracts/src/std/iter/skip.rs" 62 12 67 74 + let%span sskip3 = "../../../creusot-contracts/src/std/iter/skip.rs" 21 14 21 50 + let%span sskip4 = "../../../creusot-contracts/src/std/iter/skip.rs" 14 14 14 39 + let%span siter5 = "../../../creusot-contracts/src/std/iter.rs" 38 14 38 45 + let%span siter6 = "../../../creusot-contracts/src/std/iter.rs" 42 15 42 32 + let%span siter7 = "../../../creusot-contracts/src/std/iter.rs" 43 15 43 32 + let%span siter8 = "../../../creusot-contracts/src/std/iter.rs" 44 14 44 42 use seq.Seq @@ -5213,6 +4103,13 @@ module M_creusot_contracts__stdqy35z1__iter__skip__qyi3195031491774060502__produ use seq.Seq + type t_I'0 + + use prelude.prelude.UIntSize + + type t_Skip'0 = + { t_Skip__iter'0: t_I'0; t_Skip__n'0: usize } + use prelude.prelude.Int constant v_MAX'0 : usize = (18446744073709551615 : usize) @@ -5221,50 +4118,37 @@ module M_creusot_contracts__stdqy35z1__iter__skip__qyi3195031491774060502__produ function n'0 [#"../../../creusot-contracts/src/std/iter/skip.rs" 22 4 22 21] (self : t_Skip'0) : int - axiom n'0_spec : forall self : t_Skip'0 . [%#sskip4] n'0 self >= 0 /\ n'0 self <= UIntSize.to_int (v_MAX'0 : usize) - - use seq.Seq + axiom n'0_spec : forall self : t_Skip'0 . [%#sskip3] n'0 self >= 0 /\ n'0 self <= UIntSize.to_int (v_MAX'0 : usize) use seq.Seq - predicate inv'4 [#"../../../creusot-contracts/src/invariant.rs" 41 0 41 35] (_1 : t_Item'0) - - predicate invariant'1 [#"../../../creusot-contracts/src/std/boxed.rs" 27 4 27 30] (self : t_Item'0) = - [%#sboxed15] inv'4 self - - predicate inv'3 [#"../../../creusot-contracts/src/invariant.rs" 41 0 41 35] (_1 : t_Item'0) - - axiom inv_axiom'2 [@rewrite] : forall x : t_Item'0 [inv'3 x] . inv'3 x = invariant'1 x - - predicate invariant'0 [#"../../../creusot-contracts/src/logic/seq.rs" 610 4 610 30] (self : Seq.seq t_Item'0) = - [%#sseq14] forall i : int . 0 <= i /\ i < Seq.length self -> inv'3 (Seq.get self i) + predicate inv'1 [#"../../../creusot-contracts/src/invariant.rs" 41 0 41 35] (_1 : t_I'0) - predicate inv'1 [#"../../../creusot-contracts/src/invariant.rs" 41 0 41 35] (_1 : Seq.seq t_Item'0) + predicate inv'0 [#"../../../creusot-contracts/src/invariant.rs" 41 0 41 35] (_1 : t_Skip'0) - axiom inv_axiom'1 [@rewrite] : forall x : Seq.seq t_Item'0 [inv'1 x] . inv'1 x = invariant'0 x + axiom inv_axiom'0 [@rewrite] : forall x : t_Skip'0 [inv'0 x] . inv'0 x + = match x with + | {t_Skip__iter'0 = iter ; t_Skip__n'0 = n} -> inv'1 iter + end function iter'0 [#"../../../creusot-contracts/src/std/iter/skip.rs" 15 4 15 22] (self : t_Skip'0) : t_I'0 - axiom iter'0_spec : forall self : t_Skip'0 . [%#sskip5] inv'0 self -> inv'2 (iter'0 self) + axiom iter'0_spec : forall self : t_Skip'0 . [%#sskip4] inv'0 self -> inv'1 (iter'0 self) use seq.Seq predicate produces'1 [#"../../../creusot-contracts/src/std/iter.rs" 32 4 32 65] (self : t_I'0) (visited : Seq.seq t_Item'0) (o : t_I'0) - function produces_trans'0 [#"../../../creusot-contracts/src/std/iter.rs" 49 4 49 91] (a : t_I'0) (ab : Seq.seq t_Item'0) (b : t_I'0) (bc : Seq.seq t_Item'0) (c : t_I'0) : () + function produces_trans'0 [#"../../../creusot-contracts/src/std/iter.rs" 45 4 45 91] (a : t_I'0) (ab : Seq.seq t_Item'0) (b : t_I'0) (bc : Seq.seq t_Item'0) (c : t_I'0) : () - axiom produces_trans'0_spec : forall a : t_I'0, ab : Seq.seq t_Item'0, b : t_I'0, bc : Seq.seq t_Item'0, c : t_I'0 . ([%#siter8] inv'2 a) - -> ([%#siter9] inv'2 b) - -> ([%#siter10] inv'2 c) - -> ([%#siter11] produces'1 a ab b) - -> ([%#siter12] produces'1 b bc c) -> ([%#siter13] produces'1 a (Seq.(++) ab bc) c) + axiom produces_trans'0_spec : forall a : t_I'0, ab : Seq.seq t_Item'0, b : t_I'0, bc : Seq.seq t_Item'0, c : t_I'0 . ([%#siter6] produces'1 a ab b) + -> ([%#siter7] produces'1 b bc c) -> ([%#siter8] produces'1 a (Seq.(++) ab bc) c) - function produces_refl'1 [#"../../../creusot-contracts/src/std/iter.rs" 40 4 40 27] (self : t_I'0) : () + function produces_refl'1 [#"../../../creusot-contracts/src/std/iter.rs" 39 4 39 27] (self : t_I'0) : () - axiom produces_refl'1_spec : forall self : t_I'0 . ([%#siter6] inv'2 self) - -> ([%#siter7] produces'1 self (Seq.empty : Seq.seq t_Item'0) self) + axiom produces_refl'1_spec : forall self : t_I'0 . [%#siter5] produces'1 self (Seq.empty : Seq.seq t_Item'0) self use seq.Seq @@ -5275,42 +4159,31 @@ module M_creusot_contracts__stdqy35z1__iter__skip__qyi3195031491774060502__produ predicate produces'0 [#"../../../creusot-contracts/src/std/iter/skip.rs" 60 4 60 64] (self : t_Skip'0) (visited : Seq.seq t_Item'0) (o : t_Skip'0) = - [%#sskip3] visited = (Seq.empty : Seq.seq t_Item'0) /\ self = o + [%#sskip2] visited = (Seq.empty : Seq.seq t_Item'0) /\ self = o \/ n'0 o = 0 /\ Seq.length visited > 0 - /\ (exists s : Seq.seq t_Item'0 . inv'1 s - /\ Seq.length s = n'0 self + /\ (exists s : Seq.seq t_Item'0 . Seq.length s = n'0 self /\ produces'1 (iter'0 self) (Seq.(++) s visited) (iter'0 o) /\ (forall i : int . 0 <= i /\ i < Seq.length s -> resolve'0 (Seq.get s i))) constant self : t_Skip'0 - function produces_refl'0 [#"../../../creusot-contracts/src/std/iter/skip.rs" 75 4 75 26] (self : t_Skip'0) : () - - goal vc_produces_refl'0 : ([%#sskip0] inv'0 self) - -> ([%#sskip1] produces'0 self (Seq.empty : Seq.seq t_Item'0) self) -end -module M_creusot_contracts__stdqy35z1__iter__skip__qyi3195031491774060502__produces_trans [#"../../../creusot-contracts/src/std/iter/skip.rs" 85 4 85 90] (* as std::iter::Iterator> *) - let%span sskip0 = "../../../creusot-contracts/src/std/iter/skip.rs" 79 15 79 21 - let%span sskip1 = "../../../creusot-contracts/src/std/iter/skip.rs" 80 15 80 21 - let%span sskip2 = "../../../creusot-contracts/src/std/iter/skip.rs" 81 15 81 21 - let%span sskip3 = "../../../creusot-contracts/src/std/iter/skip.rs" 82 15 82 32 - let%span sskip4 = "../../../creusot-contracts/src/std/iter/skip.rs" 83 15 83 32 - let%span sskip5 = "../../../creusot-contracts/src/std/iter/skip.rs" 84 14 84 42 - let%span sskip6 = "../../../creusot-contracts/src/std/iter/skip.rs" 77 4 77 10 - let%span sskip7 = "../../../creusot-contracts/src/std/iter/skip.rs" 62 12 67 74 - let%span sskip8 = "../../../creusot-contracts/src/std/iter/skip.rs" 21 14 21 50 - let%span sskip9 = "../../../creusot-contracts/src/std/iter/skip.rs" 14 14 14 39 - let%span siter10 = "../../../creusot-contracts/src/std/iter.rs" 38 15 38 24 - let%span siter11 = "../../../creusot-contracts/src/std/iter.rs" 39 14 39 45 - let%span siter12 = "../../../creusot-contracts/src/std/iter.rs" 43 15 43 21 - let%span siter13 = "../../../creusot-contracts/src/std/iter.rs" 44 15 44 21 - let%span siter14 = "../../../creusot-contracts/src/std/iter.rs" 45 15 45 21 - let%span siter15 = "../../../creusot-contracts/src/std/iter.rs" 46 15 46 32 - let%span siter16 = "../../../creusot-contracts/src/std/iter.rs" 47 15 47 32 - let%span siter17 = "../../../creusot-contracts/src/std/iter.rs" 48 14 48 42 - let%span sseq18 = "../../../creusot-contracts/src/logic/seq.rs" 611 20 611 95 - let%span sboxed19 = "../../../creusot-contracts/src/std/boxed.rs" 28 8 28 18 + function produces_refl'0 [#"../../../creusot-contracts/src/std/iter/skip.rs" 74 4 74 26] (self : t_Skip'0) : () + + goal vc_produces_refl'0 : [%#sskip0] produces'0 self (Seq.empty : Seq.seq t_Item'0) self +end +module M_creusot_contracts__stdqy35z1__iter__skip__qyi3195031491774060502__produces_trans [#"../../../creusot-contracts/src/std/iter/skip.rs" 81 4 81 90] (* as std::iter::Iterator> *) + let%span sskip0 = "../../../creusot-contracts/src/std/iter/skip.rs" 78 15 78 32 + let%span sskip1 = "../../../creusot-contracts/src/std/iter/skip.rs" 79 15 79 32 + let%span sskip2 = "../../../creusot-contracts/src/std/iter/skip.rs" 80 14 80 42 + let%span sskip3 = "../../../creusot-contracts/src/std/iter/skip.rs" 76 4 76 10 + let%span sskip4 = "../../../creusot-contracts/src/std/iter/skip.rs" 62 12 67 74 + let%span sskip5 = "../../../creusot-contracts/src/std/iter/skip.rs" 21 14 21 50 + let%span sskip6 = "../../../creusot-contracts/src/std/iter/skip.rs" 14 14 14 39 + let%span siter7 = "../../../creusot-contracts/src/std/iter.rs" 38 14 38 45 + let%span siter8 = "../../../creusot-contracts/src/std/iter.rs" 42 15 42 32 + let%span siter9 = "../../../creusot-contracts/src/std/iter.rs" 43 15 43 32 + let%span siter10 = "../../../creusot-contracts/src/std/iter.rs" 44 14 44 42 type t_I'0 @@ -5319,15 +4192,6 @@ module M_creusot_contracts__stdqy35z1__iter__skip__qyi3195031491774060502__produ type t_Skip'0 = { t_Skip__iter'0: t_I'0; t_Skip__n'0: usize } - predicate inv'2 [#"../../../creusot-contracts/src/invariant.rs" 41 0 41 35] (_1 : t_I'0) - - predicate inv'0 [#"../../../creusot-contracts/src/invariant.rs" 41 0 41 35] (_1 : t_Skip'0) - - axiom inv_axiom'0 [@rewrite] : forall x : t_Skip'0 [inv'0 x] . inv'0 x - = match x with - | {t_Skip__iter'0 = iter ; t_Skip__n'0 = n} -> inv'2 iter - end - type t_Item'0 use seq.Seq @@ -5342,50 +4206,37 @@ module M_creusot_contracts__stdqy35z1__iter__skip__qyi3195031491774060502__produ function n'0 [#"../../../creusot-contracts/src/std/iter/skip.rs" 22 4 22 21] (self : t_Skip'0) : int - axiom n'0_spec : forall self : t_Skip'0 . [%#sskip8] n'0 self >= 0 /\ n'0 self <= UIntSize.to_int (v_MAX'0 : usize) - - use seq.Seq + axiom n'0_spec : forall self : t_Skip'0 . [%#sskip5] n'0 self >= 0 /\ n'0 self <= UIntSize.to_int (v_MAX'0 : usize) use seq.Seq - predicate inv'4 [#"../../../creusot-contracts/src/invariant.rs" 41 0 41 35] (_1 : t_Item'0) - - predicate invariant'1 [#"../../../creusot-contracts/src/std/boxed.rs" 27 4 27 30] (self : t_Item'0) = - [%#sboxed19] inv'4 self - - predicate inv'3 [#"../../../creusot-contracts/src/invariant.rs" 41 0 41 35] (_1 : t_Item'0) - - axiom inv_axiom'2 [@rewrite] : forall x : t_Item'0 [inv'3 x] . inv'3 x = invariant'1 x - - predicate invariant'0 [#"../../../creusot-contracts/src/logic/seq.rs" 610 4 610 30] (self : Seq.seq t_Item'0) = - [%#sseq18] forall i : int . 0 <= i /\ i < Seq.length self -> inv'3 (Seq.get self i) + predicate inv'1 [#"../../../creusot-contracts/src/invariant.rs" 41 0 41 35] (_1 : t_I'0) - predicate inv'1 [#"../../../creusot-contracts/src/invariant.rs" 41 0 41 35] (_1 : Seq.seq t_Item'0) + predicate inv'0 [#"../../../creusot-contracts/src/invariant.rs" 41 0 41 35] (_1 : t_Skip'0) - axiom inv_axiom'1 [@rewrite] : forall x : Seq.seq t_Item'0 [inv'1 x] . inv'1 x = invariant'0 x + axiom inv_axiom'0 [@rewrite] : forall x : t_Skip'0 [inv'0 x] . inv'0 x + = match x with + | {t_Skip__iter'0 = iter ; t_Skip__n'0 = n} -> inv'1 iter + end function iter'0 [#"../../../creusot-contracts/src/std/iter/skip.rs" 15 4 15 22] (self : t_Skip'0) : t_I'0 - axiom iter'0_spec : forall self : t_Skip'0 . [%#sskip9] inv'0 self -> inv'2 (iter'0 self) + axiom iter'0_spec : forall self : t_Skip'0 . [%#sskip6] inv'0 self -> inv'1 (iter'0 self) use seq.Seq predicate produces'1 [#"../../../creusot-contracts/src/std/iter.rs" 32 4 32 65] (self : t_I'0) (visited : Seq.seq t_Item'0) (o : t_I'0) - function produces_trans'1 [#"../../../creusot-contracts/src/std/iter.rs" 49 4 49 91] (a : t_I'0) (ab : Seq.seq t_Item'0) (b : t_I'0) (bc : Seq.seq t_Item'0) (c : t_I'0) : () + function produces_trans'1 [#"../../../creusot-contracts/src/std/iter.rs" 45 4 45 91] (a : t_I'0) (ab : Seq.seq t_Item'0) (b : t_I'0) (bc : Seq.seq t_Item'0) (c : t_I'0) : () - axiom produces_trans'1_spec : forall a : t_I'0, ab : Seq.seq t_Item'0, b : t_I'0, bc : Seq.seq t_Item'0, c : t_I'0 . ([%#siter12] inv'2 a) - -> ([%#siter13] inv'2 b) - -> ([%#siter14] inv'2 c) - -> ([%#siter15] produces'1 a ab b) - -> ([%#siter16] produces'1 b bc c) -> ([%#siter17] produces'1 a (Seq.(++) ab bc) c) + axiom produces_trans'1_spec : forall a : t_I'0, ab : Seq.seq t_Item'0, b : t_I'0, bc : Seq.seq t_Item'0, c : t_I'0 . ([%#siter8] produces'1 a ab b) + -> ([%#siter9] produces'1 b bc c) -> ([%#siter10] produces'1 a (Seq.(++) ab bc) c) - function produces_refl'0 [#"../../../creusot-contracts/src/std/iter.rs" 40 4 40 27] (self : t_I'0) : () + function produces_refl'0 [#"../../../creusot-contracts/src/std/iter.rs" 39 4 39 27] (self : t_I'0) : () - axiom produces_refl'0_spec : forall self : t_I'0 . ([%#siter10] inv'2 self) - -> ([%#siter11] produces'1 self (Seq.empty : Seq.seq t_Item'0) self) + axiom produces_refl'0_spec : forall self : t_I'0 . [%#siter7] produces'1 self (Seq.empty : Seq.seq t_Item'0) self use seq.Seq @@ -5396,11 +4247,10 @@ module M_creusot_contracts__stdqy35z1__iter__skip__qyi3195031491774060502__produ predicate produces'0 [#"../../../creusot-contracts/src/std/iter/skip.rs" 60 4 60 64] (self : t_Skip'0) (visited : Seq.seq t_Item'0) (o : t_Skip'0) = - [%#sskip7] visited = (Seq.empty : Seq.seq t_Item'0) /\ self = o + [%#sskip4] visited = (Seq.empty : Seq.seq t_Item'0) /\ self = o \/ n'0 o = 0 /\ Seq.length visited > 0 - /\ (exists s : Seq.seq t_Item'0 . inv'1 s - /\ Seq.length s = n'0 self + /\ (exists s : Seq.seq t_Item'0 . Seq.length s = n'0 self /\ produces'1 (iter'0 self) (Seq.(++) s visited) (iter'0 o) /\ (forall i : int . 0 <= i /\ i < Seq.length s -> resolve'0 (Seq.get s i))) @@ -5414,45 +4264,22 @@ module M_creusot_contracts__stdqy35z1__iter__skip__qyi3195031491774060502__produ constant c : t_Skip'0 - function produces_trans'0 [#"../../../creusot-contracts/src/std/iter/skip.rs" 85 4 85 90] (a : t_Skip'0) (ab : Seq.seq t_Item'0) (b : t_Skip'0) (bc : Seq.seq t_Item'0) (c : t_Skip'0) : () - - - goal vc_produces_trans'0 : ([%#sskip4] produces'0 b bc c) - -> ([%#sskip3] produces'0 a ab b) - -> ([%#sskip2] inv'0 c) - -> ([%#sskip1] inv'0 b) -> ([%#sskip0] inv'0 a) -> ([%#sskip5] produces'0 a (Seq.(++) ab bc) c) -end -module M_creusot_contracts__stdqy35z1__iter__take__qyi12344256497067751022__produces_refl [#"../../../creusot-contracts/src/std/iter/take.rs" 73 4 73 26] (* as std::iter::Iterator> *) - let%span stake0 = "../../../creusot-contracts/src/std/iter/take.rs" 71 15 71 24 - let%span stake1 = "../../../creusot-contracts/src/std/iter/take.rs" 72 14 72 45 - let%span stake2 = "../../../creusot-contracts/src/std/iter/take.rs" 69 4 69 10 - let%span stake3 = "../../../creusot-contracts/src/std/iter/take.rs" 65 12 65 88 - let%span stake4 = "../../../creusot-contracts/src/std/iter/take.rs" 31 14 31 50 - let%span stake5 = "../../../creusot-contracts/src/std/iter/take.rs" 17 14 17 39 - let%span siter6 = "../../../creusot-contracts/src/std/iter.rs" 38 15 38 24 - let%span siter7 = "../../../creusot-contracts/src/std/iter.rs" 39 14 39 45 - let%span siter8 = "../../../creusot-contracts/src/std/iter.rs" 43 15 43 21 - let%span siter9 = "../../../creusot-contracts/src/std/iter.rs" 44 15 44 21 - let%span siter10 = "../../../creusot-contracts/src/std/iter.rs" 45 15 45 21 - let%span siter11 = "../../../creusot-contracts/src/std/iter.rs" 46 15 46 32 - let%span siter12 = "../../../creusot-contracts/src/std/iter.rs" 47 15 47 32 - let%span siter13 = "../../../creusot-contracts/src/std/iter.rs" 48 14 48 42 - - type t_I'0 - - use prelude.prelude.UIntSize - - type t_Take'0 = - { t_Take__iter'0: t_I'0; t_Take__n'0: usize } - - predicate inv'1 [#"../../../creusot-contracts/src/invariant.rs" 41 0 41 35] (_1 : t_I'0) - - predicate inv'0 [#"../../../creusot-contracts/src/invariant.rs" 41 0 41 35] (_1 : t_Take'0) + function produces_trans'0 [#"../../../creusot-contracts/src/std/iter/skip.rs" 81 4 81 90] (a : t_Skip'0) (ab : Seq.seq t_Item'0) (b : t_Skip'0) (bc : Seq.seq t_Item'0) (c : t_Skip'0) : () + - axiom inv_axiom'0 [@rewrite] : forall x : t_Take'0 [inv'0 x] . inv'0 x - = match x with - | {t_Take__iter'0 = iter ; t_Take__n'0 = n} -> inv'1 iter - end + goal vc_produces_trans'0 : ([%#sskip1] produces'0 b bc c) + -> ([%#sskip0] produces'0 a ab b) -> ([%#sskip2] produces'0 a (Seq.(++) ab bc) c) +end +module M_creusot_contracts__stdqy35z1__iter__take__qyi12344256497067751022__produces_refl [#"../../../creusot-contracts/src/std/iter/take.rs" 72 4 72 26] (* as std::iter::Iterator> *) + let%span stake0 = "../../../creusot-contracts/src/std/iter/take.rs" 71 14 71 45 + let%span stake1 = "../../../creusot-contracts/src/std/iter/take.rs" 69 4 69 10 + let%span stake2 = "../../../creusot-contracts/src/std/iter/take.rs" 65 12 65 88 + let%span stake3 = "../../../creusot-contracts/src/std/iter/take.rs" 31 14 31 50 + let%span stake4 = "../../../creusot-contracts/src/std/iter/take.rs" 17 14 17 39 + let%span siter5 = "../../../creusot-contracts/src/std/iter.rs" 38 14 38 45 + let%span siter6 = "../../../creusot-contracts/src/std/iter.rs" 42 15 42 32 + let%span siter7 = "../../../creusot-contracts/src/std/iter.rs" 43 15 43 32 + let%span siter8 = "../../../creusot-contracts/src/std/iter.rs" 44 14 44 42 use seq.Seq @@ -5460,6 +4287,13 @@ module M_creusot_contracts__stdqy35z1__iter__take__qyi12344256497067751022__prod use seq.Seq + type t_I'0 + + use prelude.prelude.UIntSize + + type t_Take'0 = + { t_Take__iter'0: t_I'0; t_Take__n'0: usize } + use prelude.prelude.Int constant v_MAX'0 : usize = (18446744073709551615 : usize) @@ -5468,64 +4302,61 @@ module M_creusot_contracts__stdqy35z1__iter__take__qyi12344256497067751022__prod function n'0 [#"../../../creusot-contracts/src/std/iter/take.rs" 32 4 32 21] (self : t_Take'0) : int - axiom n'0_spec : forall self : t_Take'0 . [%#stake4] n'0 self >= 0 /\ n'0 self <= UIntSize.to_int (v_MAX'0 : usize) + axiom n'0_spec : forall self : t_Take'0 . [%#stake3] n'0 self >= 0 /\ n'0 self <= UIntSize.to_int (v_MAX'0 : usize) use seq.Seq + predicate inv'1 [#"../../../creusot-contracts/src/invariant.rs" 41 0 41 35] (_1 : t_I'0) + + predicate inv'0 [#"../../../creusot-contracts/src/invariant.rs" 41 0 41 35] (_1 : t_Take'0) + + axiom inv_axiom'0 [@rewrite] : forall x : t_Take'0 [inv'0 x] . inv'0 x + = match x with + | {t_Take__iter'0 = iter ; t_Take__n'0 = n} -> inv'1 iter + end + function iter'0 [#"../../../creusot-contracts/src/std/iter/take.rs" 18 4 18 22] (self : t_Take'0) : t_I'0 - axiom iter'0_spec : forall self : t_Take'0 . [%#stake5] inv'0 self -> inv'1 (iter'0 self) + axiom iter'0_spec : forall self : t_Take'0 . [%#stake4] inv'0 self -> inv'1 (iter'0 self) use seq.Seq predicate produces'1 [#"../../../creusot-contracts/src/std/iter.rs" 32 4 32 65] (self : t_I'0) (visited : Seq.seq t_Item'0) (o : t_I'0) - function produces_trans'0 [#"../../../creusot-contracts/src/std/iter.rs" 49 4 49 91] (a : t_I'0) (ab : Seq.seq t_Item'0) (b : t_I'0) (bc : Seq.seq t_Item'0) (c : t_I'0) : () + function produces_trans'0 [#"../../../creusot-contracts/src/std/iter.rs" 45 4 45 91] (a : t_I'0) (ab : Seq.seq t_Item'0) (b : t_I'0) (bc : Seq.seq t_Item'0) (c : t_I'0) : () - axiom produces_trans'0_spec : forall a : t_I'0, ab : Seq.seq t_Item'0, b : t_I'0, bc : Seq.seq t_Item'0, c : t_I'0 . ([%#siter8] inv'1 a) - -> ([%#siter9] inv'1 b) - -> ([%#siter10] inv'1 c) - -> ([%#siter11] produces'1 a ab b) - -> ([%#siter12] produces'1 b bc c) -> ([%#siter13] produces'1 a (Seq.(++) ab bc) c) + axiom produces_trans'0_spec : forall a : t_I'0, ab : Seq.seq t_Item'0, b : t_I'0, bc : Seq.seq t_Item'0, c : t_I'0 . ([%#siter6] produces'1 a ab b) + -> ([%#siter7] produces'1 b bc c) -> ([%#siter8] produces'1 a (Seq.(++) ab bc) c) - function produces_refl'1 [#"../../../creusot-contracts/src/std/iter.rs" 40 4 40 27] (self : t_I'0) : () + function produces_refl'1 [#"../../../creusot-contracts/src/std/iter.rs" 39 4 39 27] (self : t_I'0) : () - axiom produces_refl'1_spec : forall self : t_I'0 . ([%#siter6] inv'1 self) - -> ([%#siter7] produces'1 self (Seq.empty : Seq.seq t_Item'0) self) + axiom produces_refl'1_spec : forall self : t_I'0 . [%#siter5] produces'1 self (Seq.empty : Seq.seq t_Item'0) self predicate produces'0 [#"../../../creusot-contracts/src/std/iter/take.rs" 63 4 63 64] (self : t_Take'0) (visited : Seq.seq t_Item'0) (o : t_Take'0) = - [%#stake3] n'0 self = n'0 o + Seq.length visited /\ produces'1 (iter'0 self) visited (iter'0 o) + [%#stake2] n'0 self = n'0 o + Seq.length visited /\ produces'1 (iter'0 self) visited (iter'0 o) constant self : t_Take'0 - function produces_refl'0 [#"../../../creusot-contracts/src/std/iter/take.rs" 73 4 73 26] (self : t_Take'0) : () - - goal vc_produces_refl'0 : ([%#stake0] inv'0 self) - -> ([%#stake1] produces'0 self (Seq.empty : Seq.seq t_Item'0) self) -end -module M_creusot_contracts__stdqy35z1__iter__take__qyi12344256497067751022__produces_trans [#"../../../creusot-contracts/src/std/iter/take.rs" 83 4 83 90] (* as std::iter::Iterator> *) - let%span stake0 = "../../../creusot-contracts/src/std/iter/take.rs" 77 15 77 21 - let%span stake1 = "../../../creusot-contracts/src/std/iter/take.rs" 78 15 78 21 - let%span stake2 = "../../../creusot-contracts/src/std/iter/take.rs" 79 15 79 21 - let%span stake3 = "../../../creusot-contracts/src/std/iter/take.rs" 80 15 80 32 - let%span stake4 = "../../../creusot-contracts/src/std/iter/take.rs" 81 15 81 32 - let%span stake5 = "../../../creusot-contracts/src/std/iter/take.rs" 82 14 82 42 - let%span stake6 = "../../../creusot-contracts/src/std/iter/take.rs" 75 4 75 10 - let%span stake7 = "../../../creusot-contracts/src/std/iter/take.rs" 65 12 65 88 - let%span stake8 = "../../../creusot-contracts/src/std/iter/take.rs" 31 14 31 50 - let%span stake9 = "../../../creusot-contracts/src/std/iter/take.rs" 17 14 17 39 - let%span siter10 = "../../../creusot-contracts/src/std/iter.rs" 38 15 38 24 - let%span siter11 = "../../../creusot-contracts/src/std/iter.rs" 39 14 39 45 - let%span siter12 = "../../../creusot-contracts/src/std/iter.rs" 43 15 43 21 - let%span siter13 = "../../../creusot-contracts/src/std/iter.rs" 44 15 44 21 - let%span siter14 = "../../../creusot-contracts/src/std/iter.rs" 45 15 45 21 - let%span siter15 = "../../../creusot-contracts/src/std/iter.rs" 46 15 46 32 - let%span siter16 = "../../../creusot-contracts/src/std/iter.rs" 47 15 47 32 - let%span siter17 = "../../../creusot-contracts/src/std/iter.rs" 48 14 48 42 + function produces_refl'0 [#"../../../creusot-contracts/src/std/iter/take.rs" 72 4 72 26] (self : t_Take'0) : () + + goal vc_produces_refl'0 : [%#stake0] produces'0 self (Seq.empty : Seq.seq t_Item'0) self +end +module M_creusot_contracts__stdqy35z1__iter__take__qyi12344256497067751022__produces_trans [#"../../../creusot-contracts/src/std/iter/take.rs" 79 4 79 90] (* as std::iter::Iterator> *) + let%span stake0 = "../../../creusot-contracts/src/std/iter/take.rs" 76 15 76 32 + let%span stake1 = "../../../creusot-contracts/src/std/iter/take.rs" 77 15 77 32 + let%span stake2 = "../../../creusot-contracts/src/std/iter/take.rs" 78 14 78 42 + let%span stake3 = "../../../creusot-contracts/src/std/iter/take.rs" 74 4 74 10 + let%span stake4 = "../../../creusot-contracts/src/std/iter/take.rs" 65 12 65 88 + let%span stake5 = "../../../creusot-contracts/src/std/iter/take.rs" 31 14 31 50 + let%span stake6 = "../../../creusot-contracts/src/std/iter/take.rs" 17 14 17 39 + let%span siter7 = "../../../creusot-contracts/src/std/iter.rs" 38 14 38 45 + let%span siter8 = "../../../creusot-contracts/src/std/iter.rs" 42 15 42 32 + let%span siter9 = "../../../creusot-contracts/src/std/iter.rs" 43 15 43 32 + let%span siter10 = "../../../creusot-contracts/src/std/iter.rs" 44 14 44 42 type t_I'0 @@ -5534,15 +4365,6 @@ module M_creusot_contracts__stdqy35z1__iter__take__qyi12344256497067751022__prod type t_Take'0 = { t_Take__iter'0: t_I'0; t_Take__n'0: usize } - predicate inv'1 [#"../../../creusot-contracts/src/invariant.rs" 41 0 41 35] (_1 : t_I'0) - - predicate inv'0 [#"../../../creusot-contracts/src/invariant.rs" 41 0 41 35] (_1 : t_Take'0) - - axiom inv_axiom'0 [@rewrite] : forall x : t_Take'0 [inv'0 x] . inv'0 x - = match x with - | {t_Take__iter'0 = iter ; t_Take__n'0 = n} -> inv'1 iter - end - type t_Item'0 use seq.Seq @@ -5555,13 +4377,22 @@ module M_creusot_contracts__stdqy35z1__iter__take__qyi12344256497067751022__prod function n'0 [#"../../../creusot-contracts/src/std/iter/take.rs" 32 4 32 21] (self : t_Take'0) : int - axiom n'0_spec : forall self : t_Take'0 . [%#stake8] n'0 self >= 0 /\ n'0 self <= UIntSize.to_int (v_MAX'0 : usize) + axiom n'0_spec : forall self : t_Take'0 . [%#stake5] n'0 self >= 0 /\ n'0 self <= UIntSize.to_int (v_MAX'0 : usize) use seq.Seq + predicate inv'1 [#"../../../creusot-contracts/src/invariant.rs" 41 0 41 35] (_1 : t_I'0) + + predicate inv'0 [#"../../../creusot-contracts/src/invariant.rs" 41 0 41 35] (_1 : t_Take'0) + + axiom inv_axiom'0 [@rewrite] : forall x : t_Take'0 [inv'0 x] . inv'0 x + = match x with + | {t_Take__iter'0 = iter ; t_Take__n'0 = n} -> inv'1 iter + end + function iter'0 [#"../../../creusot-contracts/src/std/iter/take.rs" 18 4 18 22] (self : t_Take'0) : t_I'0 - axiom iter'0_spec : forall self : t_Take'0 . [%#stake9] inv'0 self -> inv'1 (iter'0 self) + axiom iter'0_spec : forall self : t_Take'0 . [%#stake6] inv'0 self -> inv'1 (iter'0 self) use seq.Seq @@ -5570,24 +4401,20 @@ module M_creusot_contracts__stdqy35z1__iter__take__qyi12344256497067751022__prod predicate produces'1 [#"../../../creusot-contracts/src/std/iter.rs" 32 4 32 65] (self : t_I'0) (visited : Seq.seq t_Item'0) (o : t_I'0) - function produces_trans'1 [#"../../../creusot-contracts/src/std/iter.rs" 49 4 49 91] (a : t_I'0) (ab : Seq.seq t_Item'0) (b : t_I'0) (bc : Seq.seq t_Item'0) (c : t_I'0) : () + function produces_trans'1 [#"../../../creusot-contracts/src/std/iter.rs" 45 4 45 91] (a : t_I'0) (ab : Seq.seq t_Item'0) (b : t_I'0) (bc : Seq.seq t_Item'0) (c : t_I'0) : () - axiom produces_trans'1_spec : forall a : t_I'0, ab : Seq.seq t_Item'0, b : t_I'0, bc : Seq.seq t_Item'0, c : t_I'0 . ([%#siter12] inv'1 a) - -> ([%#siter13] inv'1 b) - -> ([%#siter14] inv'1 c) - -> ([%#siter15] produces'1 a ab b) - -> ([%#siter16] produces'1 b bc c) -> ([%#siter17] produces'1 a (Seq.(++) ab bc) c) + axiom produces_trans'1_spec : forall a : t_I'0, ab : Seq.seq t_Item'0, b : t_I'0, bc : Seq.seq t_Item'0, c : t_I'0 . ([%#siter8] produces'1 a ab b) + -> ([%#siter9] produces'1 b bc c) -> ([%#siter10] produces'1 a (Seq.(++) ab bc) c) - function produces_refl'0 [#"../../../creusot-contracts/src/std/iter.rs" 40 4 40 27] (self : t_I'0) : () + function produces_refl'0 [#"../../../creusot-contracts/src/std/iter.rs" 39 4 39 27] (self : t_I'0) : () - axiom produces_refl'0_spec : forall self : t_I'0 . ([%#siter10] inv'1 self) - -> ([%#siter11] produces'1 self (Seq.empty : Seq.seq t_Item'0) self) + axiom produces_refl'0_spec : forall self : t_I'0 . [%#siter7] produces'1 self (Seq.empty : Seq.seq t_Item'0) self predicate produces'0 [#"../../../creusot-contracts/src/std/iter/take.rs" 63 4 63 64] (self : t_Take'0) (visited : Seq.seq t_Item'0) (o : t_Take'0) = - [%#stake7] n'0 self = n'0 o + Seq.length visited /\ produces'1 (iter'0 self) visited (iter'0 o) + [%#stake4] n'0 self = n'0 o + Seq.length visited /\ produces'1 (iter'0 self) visited (iter'0 o) constant a : t_Take'0 @@ -5599,31 +4426,30 @@ module M_creusot_contracts__stdqy35z1__iter__take__qyi12344256497067751022__prod constant c : t_Take'0 - function produces_trans'0 [#"../../../creusot-contracts/src/std/iter/take.rs" 83 4 83 90] (a : t_Take'0) (ab : Seq.seq t_Item'0) (b : t_Take'0) (bc : Seq.seq t_Item'0) (c : t_Take'0) : () - - - goal vc_produces_trans'0 : ([%#stake4] produces'0 b bc c) - -> ([%#stake3] produces'0 a ab b) - -> ([%#stake2] inv'0 c) - -> ([%#stake1] inv'0 b) -> ([%#stake0] inv'0 a) -> ([%#stake5] produces'0 a (Seq.(++) ab bc) c) -end -module M_creusot_contracts__stdqy35z1__iter__zip__qyi2281060687216883844__produces_refl [#"../../../creusot-contracts/src/std/iter/zip.rs" 57 4 57 26] (* as std::iter::Iterator> *) - let%span szip0 = "../../../creusot-contracts/src/std/iter/zip.rs" 55 15 55 24 - let%span szip1 = "../../../creusot-contracts/src/std/iter/zip.rs" 56 14 56 45 - let%span szip2 = "../../../creusot-contracts/src/std/iter/zip.rs" 53 4 53 10 - let%span szip3 = "../../../creusot-contracts/src/std/iter/zip.rs" 46 12 49 95 - let%span szip4 = "../../../creusot-contracts/src/std/iter/zip.rs" 14 14 14 39 - let%span szip5 = "../../../creusot-contracts/src/std/iter/zip.rs" 21 14 21 39 - let%span siter6 = "../../../creusot-contracts/src/std/iter.rs" 38 15 38 24 - let%span siter7 = "../../../creusot-contracts/src/std/iter.rs" 39 14 39 45 - let%span siter8 = "../../../creusot-contracts/src/std/iter.rs" 43 15 43 21 - let%span siter9 = "../../../creusot-contracts/src/std/iter.rs" 44 15 44 21 - let%span siter10 = "../../../creusot-contracts/src/std/iter.rs" 45 15 45 21 - let%span siter11 = "../../../creusot-contracts/src/std/iter.rs" 46 15 46 32 - let%span siter12 = "../../../creusot-contracts/src/std/iter.rs" 47 15 47 32 - let%span siter13 = "../../../creusot-contracts/src/std/iter.rs" 48 14 48 42 - let%span sseq14 = "../../../creusot-contracts/src/logic/seq.rs" 611 20 611 95 - let%span sboxed15 = "../../../creusot-contracts/src/std/boxed.rs" 28 8 28 18 + function produces_trans'0 [#"../../../creusot-contracts/src/std/iter/take.rs" 79 4 79 90] (a : t_Take'0) (ab : Seq.seq t_Item'0) (b : t_Take'0) (bc : Seq.seq t_Item'0) (c : t_Take'0) : () + + + goal vc_produces_trans'0 : ([%#stake1] produces'0 b bc c) + -> ([%#stake0] produces'0 a ab b) -> ([%#stake2] produces'0 a (Seq.(++) ab bc) c) +end +module M_creusot_contracts__stdqy35z1__iter__zip__qyi2281060687216883844__produces_refl [#"../../../creusot-contracts/src/std/iter/zip.rs" 56 4 56 26] (* as std::iter::Iterator> *) + let%span szip0 = "../../../creusot-contracts/src/std/iter/zip.rs" 55 14 55 45 + let%span szip1 = "../../../creusot-contracts/src/std/iter/zip.rs" 53 4 53 10 + let%span szip2 = "../../../creusot-contracts/src/std/iter/zip.rs" 46 12 49 95 + let%span szip3 = "../../../creusot-contracts/src/std/iter/zip.rs" 14 14 14 39 + let%span szip4 = "../../../creusot-contracts/src/std/iter/zip.rs" 21 14 21 39 + let%span siter5 = "../../../creusot-contracts/src/std/iter.rs" 38 14 38 45 + let%span siter6 = "../../../creusot-contracts/src/std/iter.rs" 42 15 42 32 + let%span siter7 = "../../../creusot-contracts/src/std/iter.rs" 43 15 43 32 + let%span siter8 = "../../../creusot-contracts/src/std/iter.rs" 44 14 44 42 + + use seq.Seq + + type t_Item'0 + + type t_Item'1 + + use seq.Seq type t_A'0 @@ -5634,23 +4460,9 @@ module M_creusot_contracts__stdqy35z1__iter__zip__qyi2281060687216883844__produc type t_Zip'0 = { t_Zip__a'0: t_A'0; t_Zip__b'0: t_B'0; t_Zip__index'0: usize; t_Zip__len'0: usize; t_Zip__a_len'0: usize } - predicate inv'3 [#"../../../creusot-contracts/src/invariant.rs" 41 0 41 35] (_1 : t_A'0) - - predicate inv'4 [#"../../../creusot-contracts/src/invariant.rs" 41 0 41 35] (_1 : t_B'0) - - predicate inv'0 [#"../../../creusot-contracts/src/invariant.rs" 41 0 41 35] (_1 : t_Zip'0) - - axiom inv_axiom'0 [@rewrite] : forall x : t_Zip'0 [inv'0 x] . inv'0 x - = match x with - | {t_Zip__a'0 = a ; t_Zip__b'0 = b ; t_Zip__index'0 = index ; t_Zip__len'0 = len ; t_Zip__a_len'0 = a_len} -> inv'3 a - /\ inv'4 b - end - use seq.Seq - type t_Item'0 - - type t_Item'1 + use seq.Seq use seq.Seq @@ -5664,53 +4476,23 @@ module M_creusot_contracts__stdqy35z1__iter__zip__qyi2281060687216883844__produc use seq.Seq - predicate inv'7 [#"../../../creusot-contracts/src/invariant.rs" 41 0 41 35] (_1 : t_Item'0) - - predicate invariant'2 [#"../../../creusot-contracts/src/std/boxed.rs" 27 4 27 30] (self : t_Item'0) = - [%#sboxed15] inv'7 self - - predicate inv'5 [#"../../../creusot-contracts/src/invariant.rs" 41 0 41 35] (_1 : t_Item'0) - - axiom inv_axiom'3 [@rewrite] : forall x : t_Item'0 [inv'5 x] . inv'5 x = invariant'2 x - - predicate invariant'0 [#"../../../creusot-contracts/src/logic/seq.rs" 610 4 610 30] (self : Seq.seq t_Item'0) = - [%#sseq14] forall i : int . 0 <= i /\ i < Seq.length self -> inv'5 (Seq.get self i) - - predicate inv'1 [#"../../../creusot-contracts/src/invariant.rs" 41 0 41 35] (_1 : Seq.seq t_Item'0) - - axiom inv_axiom'1 [@rewrite] : forall x : Seq.seq t_Item'0 [inv'1 x] . inv'1 x = invariant'0 x - - use seq.Seq - use seq.Seq - predicate inv'8 [#"../../../creusot-contracts/src/invariant.rs" 41 0 41 35] (_1 : t_Item'1) - - predicate invariant'3 [#"../../../creusot-contracts/src/std/boxed.rs" 27 4 27 30] (self : t_Item'1) = - [%#sboxed15] inv'8 self - - predicate inv'6 [#"../../../creusot-contracts/src/invariant.rs" 41 0 41 35] (_1 : t_Item'1) - - axiom inv_axiom'4 [@rewrite] : forall x : t_Item'1 [inv'6 x] . inv'6 x = invariant'3 x - - predicate invariant'1 [#"../../../creusot-contracts/src/logic/seq.rs" 610 4 610 30] (self : Seq.seq t_Item'1) = - [%#sseq14] forall i : int . 0 <= i /\ i < Seq.length self -> inv'6 (Seq.get self i) - - predicate inv'2 [#"../../../creusot-contracts/src/invariant.rs" 41 0 41 35] (_1 : Seq.seq t_Item'1) + predicate inv'1 [#"../../../creusot-contracts/src/invariant.rs" 41 0 41 35] (_1 : t_A'0) - axiom inv_axiom'2 [@rewrite] : forall x : Seq.seq t_Item'1 [inv'2 x] . inv'2 x = invariant'1 x + predicate inv'2 [#"../../../creusot-contracts/src/invariant.rs" 41 0 41 35] (_1 : t_B'0) - use seq.Seq - - use seq.Seq - - use seq.Seq + predicate inv'0 [#"../../../creusot-contracts/src/invariant.rs" 41 0 41 35] (_1 : t_Zip'0) - use seq.Seq + axiom inv_axiom'0 [@rewrite] : forall x : t_Zip'0 [inv'0 x] . inv'0 x + = match x with + | {t_Zip__a'0 = a ; t_Zip__b'0 = b ; t_Zip__index'0 = index ; t_Zip__len'0 = len ; t_Zip__a_len'0 = a_len} -> inv'1 a + /\ inv'2 b + end function itera'0 [#"../../../creusot-contracts/src/std/iter/zip.rs" 15 4 15 23] (self : t_Zip'0) : t_A'0 - axiom itera'0_spec : forall self : t_Zip'0 . [%#szip4] inv'0 self -> inv'3 (itera'0 self) + axiom itera'0_spec : forall self : t_Zip'0 . [%#szip3] inv'0 self -> inv'1 (itera'0 self) use seq.Seq @@ -5719,23 +4501,19 @@ module M_creusot_contracts__stdqy35z1__iter__zip__qyi2281060687216883844__produc predicate produces'1 [#"../../../creusot-contracts/src/std/iter.rs" 32 4 32 65] (self : t_A'0) (visited : Seq.seq t_Item'0) (o : t_A'0) - function produces_trans'0 [#"../../../creusot-contracts/src/std/iter.rs" 49 4 49 91] (a : t_A'0) (ab : Seq.seq t_Item'0) (b : t_A'0) (bc : Seq.seq t_Item'0) (c : t_A'0) : () + function produces_trans'0 [#"../../../creusot-contracts/src/std/iter.rs" 45 4 45 91] (a : t_A'0) (ab : Seq.seq t_Item'0) (b : t_A'0) (bc : Seq.seq t_Item'0) (c : t_A'0) : () - axiom produces_trans'0_spec : forall a : t_A'0, ab : Seq.seq t_Item'0, b : t_A'0, bc : Seq.seq t_Item'0, c : t_A'0 . ([%#siter8] inv'3 a) - -> ([%#siter9] inv'3 b) - -> ([%#siter10] inv'3 c) - -> ([%#siter11] produces'1 a ab b) - -> ([%#siter12] produces'1 b bc c) -> ([%#siter13] produces'1 a (Seq.(++) ab bc) c) + axiom produces_trans'0_spec : forall a : t_A'0, ab : Seq.seq t_Item'0, b : t_A'0, bc : Seq.seq t_Item'0, c : t_A'0 . ([%#siter6] produces'1 a ab b) + -> ([%#siter7] produces'1 b bc c) -> ([%#siter8] produces'1 a (Seq.(++) ab bc) c) - function produces_refl'1 [#"../../../creusot-contracts/src/std/iter.rs" 40 4 40 27] (self : t_A'0) : () + function produces_refl'1 [#"../../../creusot-contracts/src/std/iter.rs" 39 4 39 27] (self : t_A'0) : () - axiom produces_refl'1_spec : forall self : t_A'0 . ([%#siter6] inv'3 self) - -> ([%#siter7] produces'1 self (Seq.empty : Seq.seq t_Item'0) self) + axiom produces_refl'1_spec : forall self : t_A'0 . [%#siter5] produces'1 self (Seq.empty : Seq.seq t_Item'0) self function iterb'0 [#"../../../creusot-contracts/src/std/iter/zip.rs" 22 4 22 23] (self : t_Zip'0) : t_B'0 - axiom iterb'0_spec : forall self : t_Zip'0 . [%#szip5] inv'0 self -> inv'4 (iterb'0 self) + axiom iterb'0_spec : forall self : t_Zip'0 . [%#szip4] inv'0 self -> inv'2 (iterb'0 self) use seq.Seq @@ -5744,58 +4522,42 @@ module M_creusot_contracts__stdqy35z1__iter__zip__qyi2281060687216883844__produc predicate produces'2 [#"../../../creusot-contracts/src/std/iter.rs" 32 4 32 65] (self : t_B'0) (visited : Seq.seq t_Item'1) (o : t_B'0) - function produces_trans'1 [#"../../../creusot-contracts/src/std/iter.rs" 49 4 49 91] (a : t_B'0) (ab : Seq.seq t_Item'1) (b : t_B'0) (bc : Seq.seq t_Item'1) (c : t_B'0) : () + function produces_trans'1 [#"../../../creusot-contracts/src/std/iter.rs" 45 4 45 91] (a : t_B'0) (ab : Seq.seq t_Item'1) (b : t_B'0) (bc : Seq.seq t_Item'1) (c : t_B'0) : () - axiom produces_trans'1_spec : forall a : t_B'0, ab : Seq.seq t_Item'1, b : t_B'0, bc : Seq.seq t_Item'1, c : t_B'0 . ([%#siter8] inv'4 a) - -> ([%#siter9] inv'4 b) - -> ([%#siter10] inv'4 c) - -> ([%#siter11] produces'2 a ab b) - -> ([%#siter12] produces'2 b bc c) -> ([%#siter13] produces'2 a (Seq.(++) ab bc) c) + axiom produces_trans'1_spec : forall a : t_B'0, ab : Seq.seq t_Item'1, b : t_B'0, bc : Seq.seq t_Item'1, c : t_B'0 . ([%#siter6] produces'2 a ab b) + -> ([%#siter7] produces'2 b bc c) -> ([%#siter8] produces'2 a (Seq.(++) ab bc) c) - function produces_refl'2 [#"../../../creusot-contracts/src/std/iter.rs" 40 4 40 27] (self : t_B'0) : () + function produces_refl'2 [#"../../../creusot-contracts/src/std/iter.rs" 39 4 39 27] (self : t_B'0) : () - axiom produces_refl'2_spec : forall self : t_B'0 . ([%#siter6] inv'4 self) - -> ([%#siter7] produces'2 self (Seq.empty : Seq.seq t_Item'1) self) + axiom produces_refl'2_spec : forall self : t_B'0 . [%#siter5] produces'2 self (Seq.empty : Seq.seq t_Item'1) self predicate produces'0 [#"../../../creusot-contracts/src/std/iter/zip.rs" 43 4 43 64] (self : t_Zip'0) (visited : Seq.seq (t_Item'0, t_Item'1)) (o : t_Zip'0) = - [%#szip3] exists p1 : Seq.seq t_Item'0, p2 : Seq.seq t_Item'1 . inv'1 p1 - /\ inv'2 p2 - /\ Seq.length p1 = Seq.length p2 + [%#szip2] exists p1 : Seq.seq t_Item'0, p2 : Seq.seq t_Item'1 . Seq.length p1 = Seq.length p2 /\ Seq.length p2 = Seq.length visited /\ (forall i : int . 0 <= i /\ i < Seq.length visited -> Seq.get visited i = (Seq.get p1 i, Seq.get p2 i)) /\ produces'1 (itera'0 self) p1 (itera'0 o) /\ produces'2 (iterb'0 self) p2 (iterb'0 o) constant self : t_Zip'0 - function produces_refl'0 [#"../../../creusot-contracts/src/std/iter/zip.rs" 57 4 57 26] (self : t_Zip'0) : () - - goal vc_produces_refl'0 : ([%#szip0] inv'0 self) - -> ([%#szip1] produces'0 self (Seq.empty : Seq.seq (t_Item'0, t_Item'1)) self) -end -module M_creusot_contracts__stdqy35z1__iter__zip__qyi2281060687216883844__produces_trans [#"../../../creusot-contracts/src/std/iter/zip.rs" 67 4 67 90] (* as std::iter::Iterator> *) - let%span szip0 = "../../../creusot-contracts/src/std/iter/zip.rs" 61 15 61 21 - let%span szip1 = "../../../creusot-contracts/src/std/iter/zip.rs" 62 15 62 21 - let%span szip2 = "../../../creusot-contracts/src/std/iter/zip.rs" 63 15 63 21 - let%span szip3 = "../../../creusot-contracts/src/std/iter/zip.rs" 64 15 64 32 - let%span szip4 = "../../../creusot-contracts/src/std/iter/zip.rs" 65 15 65 32 - let%span szip5 = "../../../creusot-contracts/src/std/iter/zip.rs" 66 14 66 42 - let%span szip6 = "../../../creusot-contracts/src/std/iter/zip.rs" 59 4 59 10 - let%span szip7 = "../../../creusot-contracts/src/std/iter/zip.rs" 46 12 49 95 - let%span szip8 = "../../../creusot-contracts/src/std/iter/zip.rs" 14 14 14 39 - let%span szip9 = "../../../creusot-contracts/src/std/iter/zip.rs" 21 14 21 39 - let%span siter10 = "../../../creusot-contracts/src/std/iter.rs" 38 15 38 24 - let%span siter11 = "../../../creusot-contracts/src/std/iter.rs" 39 14 39 45 - let%span siter12 = "../../../creusot-contracts/src/std/iter.rs" 43 15 43 21 - let%span siter13 = "../../../creusot-contracts/src/std/iter.rs" 44 15 44 21 - let%span siter14 = "../../../creusot-contracts/src/std/iter.rs" 45 15 45 21 - let%span siter15 = "../../../creusot-contracts/src/std/iter.rs" 46 15 46 32 - let%span siter16 = "../../../creusot-contracts/src/std/iter.rs" 47 15 47 32 - let%span siter17 = "../../../creusot-contracts/src/std/iter.rs" 48 14 48 42 - let%span sseq18 = "../../../creusot-contracts/src/logic/seq.rs" 611 20 611 95 - let%span sboxed19 = "../../../creusot-contracts/src/std/boxed.rs" 28 8 28 18 + function produces_refl'0 [#"../../../creusot-contracts/src/std/iter/zip.rs" 56 4 56 26] (self : t_Zip'0) : () + + goal vc_produces_refl'0 : [%#szip0] produces'0 self (Seq.empty : Seq.seq (t_Item'0, t_Item'1)) self +end +module M_creusot_contracts__stdqy35z1__iter__zip__qyi2281060687216883844__produces_trans [#"../../../creusot-contracts/src/std/iter/zip.rs" 63 4 63 90] (* as std::iter::Iterator> *) + let%span szip0 = "../../../creusot-contracts/src/std/iter/zip.rs" 60 15 60 32 + let%span szip1 = "../../../creusot-contracts/src/std/iter/zip.rs" 61 15 61 32 + let%span szip2 = "../../../creusot-contracts/src/std/iter/zip.rs" 62 14 62 42 + let%span szip3 = "../../../creusot-contracts/src/std/iter/zip.rs" 58 4 58 10 + let%span szip4 = "../../../creusot-contracts/src/std/iter/zip.rs" 46 12 49 95 + let%span szip5 = "../../../creusot-contracts/src/std/iter/zip.rs" 14 14 14 39 + let%span szip6 = "../../../creusot-contracts/src/std/iter/zip.rs" 21 14 21 39 + let%span siter7 = "../../../creusot-contracts/src/std/iter.rs" 38 14 38 45 + let%span siter8 = "../../../creusot-contracts/src/std/iter.rs" 42 15 42 32 + let%span siter9 = "../../../creusot-contracts/src/std/iter.rs" 43 15 43 32 + let%span siter10 = "../../../creusot-contracts/src/std/iter.rs" 44 14 44 42 type t_A'0 @@ -5806,18 +4568,6 @@ module M_creusot_contracts__stdqy35z1__iter__zip__qyi2281060687216883844__produc type t_Zip'0 = { t_Zip__a'0: t_A'0; t_Zip__b'0: t_B'0; t_Zip__index'0: usize; t_Zip__len'0: usize; t_Zip__a_len'0: usize } - predicate inv'3 [#"../../../creusot-contracts/src/invariant.rs" 41 0 41 35] (_1 : t_A'0) - - predicate inv'4 [#"../../../creusot-contracts/src/invariant.rs" 41 0 41 35] (_1 : t_B'0) - - predicate inv'0 [#"../../../creusot-contracts/src/invariant.rs" 41 0 41 35] (_1 : t_Zip'0) - - axiom inv_axiom'0 [@rewrite] : forall x : t_Zip'0 [inv'0 x] . inv'0 x - = match x with - | {t_Zip__a'0 = a ; t_Zip__b'0 = b ; t_Zip__index'0 = index ; t_Zip__len'0 = len ; t_Zip__a_len'0 = a_len} -> inv'3 a - /\ inv'4 b - end - type t_Item'0 type t_Item'1 @@ -5828,59 +4578,35 @@ module M_creusot_contracts__stdqy35z1__iter__zip__qyi2281060687216883844__produc use seq.Seq - use prelude.prelude.Int - use seq.Seq use seq.Seq - predicate inv'7 [#"../../../creusot-contracts/src/invariant.rs" 41 0 41 35] (_1 : t_Item'0) - - predicate invariant'2 [#"../../../creusot-contracts/src/std/boxed.rs" 27 4 27 30] (self : t_Item'0) = - [%#sboxed19] inv'7 self - - predicate inv'5 [#"../../../creusot-contracts/src/invariant.rs" 41 0 41 35] (_1 : t_Item'0) - - axiom inv_axiom'3 [@rewrite] : forall x : t_Item'0 [inv'5 x] . inv'5 x = invariant'2 x - - predicate invariant'0 [#"../../../creusot-contracts/src/logic/seq.rs" 610 4 610 30] (self : Seq.seq t_Item'0) = - [%#sseq18] forall i : int . 0 <= i /\ i < Seq.length self -> inv'5 (Seq.get self i) - - predicate inv'1 [#"../../../creusot-contracts/src/invariant.rs" 41 0 41 35] (_1 : Seq.seq t_Item'0) + use seq.Seq - axiom inv_axiom'1 [@rewrite] : forall x : Seq.seq t_Item'0 [inv'1 x] . inv'1 x = invariant'0 x + use prelude.prelude.Int use seq.Seq use seq.Seq - predicate inv'8 [#"../../../creusot-contracts/src/invariant.rs" 41 0 41 35] (_1 : t_Item'1) - - predicate invariant'3 [#"../../../creusot-contracts/src/std/boxed.rs" 27 4 27 30] (self : t_Item'1) = - [%#sboxed19] inv'8 self - - predicate inv'6 [#"../../../creusot-contracts/src/invariant.rs" 41 0 41 35] (_1 : t_Item'1) - - axiom inv_axiom'4 [@rewrite] : forall x : t_Item'1 [inv'6 x] . inv'6 x = invariant'3 x - - predicate invariant'1 [#"../../../creusot-contracts/src/logic/seq.rs" 610 4 610 30] (self : Seq.seq t_Item'1) = - [%#sseq18] forall i : int . 0 <= i /\ i < Seq.length self -> inv'6 (Seq.get self i) - - predicate inv'2 [#"../../../creusot-contracts/src/invariant.rs" 41 0 41 35] (_1 : Seq.seq t_Item'1) - - axiom inv_axiom'2 [@rewrite] : forall x : Seq.seq t_Item'1 [inv'2 x] . inv'2 x = invariant'1 x - use seq.Seq - use seq.Seq + predicate inv'1 [#"../../../creusot-contracts/src/invariant.rs" 41 0 41 35] (_1 : t_A'0) - use seq.Seq + predicate inv'2 [#"../../../creusot-contracts/src/invariant.rs" 41 0 41 35] (_1 : t_B'0) - use seq.Seq + predicate inv'0 [#"../../../creusot-contracts/src/invariant.rs" 41 0 41 35] (_1 : t_Zip'0) + + axiom inv_axiom'0 [@rewrite] : forall x : t_Zip'0 [inv'0 x] . inv'0 x + = match x with + | {t_Zip__a'0 = a ; t_Zip__b'0 = b ; t_Zip__index'0 = index ; t_Zip__len'0 = len ; t_Zip__a_len'0 = a_len} -> inv'1 a + /\ inv'2 b + end function itera'0 [#"../../../creusot-contracts/src/std/iter/zip.rs" 15 4 15 23] (self : t_Zip'0) : t_A'0 - axiom itera'0_spec : forall self : t_Zip'0 . [%#szip8] inv'0 self -> inv'3 (itera'0 self) + axiom itera'0_spec : forall self : t_Zip'0 . [%#szip5] inv'0 self -> inv'1 (itera'0 self) use seq.Seq @@ -5889,23 +4615,19 @@ module M_creusot_contracts__stdqy35z1__iter__zip__qyi2281060687216883844__produc predicate produces'1 [#"../../../creusot-contracts/src/std/iter.rs" 32 4 32 65] (self : t_A'0) (visited : Seq.seq t_Item'0) (o : t_A'0) - function produces_trans'1 [#"../../../creusot-contracts/src/std/iter.rs" 49 4 49 91] (a : t_A'0) (ab : Seq.seq t_Item'0) (b : t_A'0) (bc : Seq.seq t_Item'0) (c : t_A'0) : () + function produces_trans'1 [#"../../../creusot-contracts/src/std/iter.rs" 45 4 45 91] (a : t_A'0) (ab : Seq.seq t_Item'0) (b : t_A'0) (bc : Seq.seq t_Item'0) (c : t_A'0) : () - axiom produces_trans'1_spec : forall a : t_A'0, ab : Seq.seq t_Item'0, b : t_A'0, bc : Seq.seq t_Item'0, c : t_A'0 . ([%#siter12] inv'3 a) - -> ([%#siter13] inv'3 b) - -> ([%#siter14] inv'3 c) - -> ([%#siter15] produces'1 a ab b) - -> ([%#siter16] produces'1 b bc c) -> ([%#siter17] produces'1 a (Seq.(++) ab bc) c) + axiom produces_trans'1_spec : forall a : t_A'0, ab : Seq.seq t_Item'0, b : t_A'0, bc : Seq.seq t_Item'0, c : t_A'0 . ([%#siter8] produces'1 a ab b) + -> ([%#siter9] produces'1 b bc c) -> ([%#siter10] produces'1 a (Seq.(++) ab bc) c) - function produces_refl'0 [#"../../../creusot-contracts/src/std/iter.rs" 40 4 40 27] (self : t_A'0) : () + function produces_refl'0 [#"../../../creusot-contracts/src/std/iter.rs" 39 4 39 27] (self : t_A'0) : () - axiom produces_refl'0_spec : forall self : t_A'0 . ([%#siter10] inv'3 self) - -> ([%#siter11] produces'1 self (Seq.empty : Seq.seq t_Item'0) self) + axiom produces_refl'0_spec : forall self : t_A'0 . [%#siter7] produces'1 self (Seq.empty : Seq.seq t_Item'0) self function iterb'0 [#"../../../creusot-contracts/src/std/iter/zip.rs" 22 4 22 23] (self : t_Zip'0) : t_B'0 - axiom iterb'0_spec : forall self : t_Zip'0 . [%#szip9] inv'0 self -> inv'4 (iterb'0 self) + axiom iterb'0_spec : forall self : t_Zip'0 . [%#szip6] inv'0 self -> inv'2 (iterb'0 self) use seq.Seq @@ -5914,26 +4636,20 @@ module M_creusot_contracts__stdqy35z1__iter__zip__qyi2281060687216883844__produc predicate produces'2 [#"../../../creusot-contracts/src/std/iter.rs" 32 4 32 65] (self : t_B'0) (visited : Seq.seq t_Item'1) (o : t_B'0) - function produces_trans'2 [#"../../../creusot-contracts/src/std/iter.rs" 49 4 49 91] (a : t_B'0) (ab : Seq.seq t_Item'1) (b : t_B'0) (bc : Seq.seq t_Item'1) (c : t_B'0) : () + function produces_trans'2 [#"../../../creusot-contracts/src/std/iter.rs" 45 4 45 91] (a : t_B'0) (ab : Seq.seq t_Item'1) (b : t_B'0) (bc : Seq.seq t_Item'1) (c : t_B'0) : () - axiom produces_trans'2_spec : forall a : t_B'0, ab : Seq.seq t_Item'1, b : t_B'0, bc : Seq.seq t_Item'1, c : t_B'0 . ([%#siter12] inv'4 a) - -> ([%#siter13] inv'4 b) - -> ([%#siter14] inv'4 c) - -> ([%#siter15] produces'2 a ab b) - -> ([%#siter16] produces'2 b bc c) -> ([%#siter17] produces'2 a (Seq.(++) ab bc) c) + axiom produces_trans'2_spec : forall a : t_B'0, ab : Seq.seq t_Item'1, b : t_B'0, bc : Seq.seq t_Item'1, c : t_B'0 . ([%#siter8] produces'2 a ab b) + -> ([%#siter9] produces'2 b bc c) -> ([%#siter10] produces'2 a (Seq.(++) ab bc) c) - function produces_refl'1 [#"../../../creusot-contracts/src/std/iter.rs" 40 4 40 27] (self : t_B'0) : () + function produces_refl'1 [#"../../../creusot-contracts/src/std/iter.rs" 39 4 39 27] (self : t_B'0) : () - axiom produces_refl'1_spec : forall self : t_B'0 . ([%#siter10] inv'4 self) - -> ([%#siter11] produces'2 self (Seq.empty : Seq.seq t_Item'1) self) + axiom produces_refl'1_spec : forall self : t_B'0 . [%#siter7] produces'2 self (Seq.empty : Seq.seq t_Item'1) self predicate produces'0 [#"../../../creusot-contracts/src/std/iter/zip.rs" 43 4 43 64] (self : t_Zip'0) (visited : Seq.seq (t_Item'0, t_Item'1)) (o : t_Zip'0) = - [%#szip7] exists p1 : Seq.seq t_Item'0, p2 : Seq.seq t_Item'1 . inv'1 p1 - /\ inv'2 p2 - /\ Seq.length p1 = Seq.length p2 + [%#szip4] exists p1 : Seq.seq t_Item'0, p2 : Seq.seq t_Item'1 . Seq.length p1 = Seq.length p2 /\ Seq.length p2 = Seq.length visited /\ (forall i : int . 0 <= i /\ i < Seq.length visited -> Seq.get visited i = (Seq.get p1 i, Seq.get p2 i)) /\ produces'1 (itera'0 self) p1 (itera'0 o) /\ produces'2 (iterb'0 self) p2 (iterb'0 o) @@ -5950,13 +4666,11 @@ module M_creusot_contracts__stdqy35z1__iter__zip__qyi2281060687216883844__produc constant c : t_Zip'0 - function produces_trans'0 [#"../../../creusot-contracts/src/std/iter/zip.rs" 67 4 67 90] (a : t_Zip'0) (ab : Seq.seq (t_Item'0, t_Item'1)) (b : t_Zip'0) (bc : Seq.seq (t_Item'0, t_Item'1)) (c : t_Zip'0) : () + function produces_trans'0 [#"../../../creusot-contracts/src/std/iter/zip.rs" 63 4 63 90] (a : t_Zip'0) (ab : Seq.seq (t_Item'0, t_Item'1)) (b : t_Zip'0) (bc : Seq.seq (t_Item'0, t_Item'1)) (c : t_Zip'0) : () - goal vc_produces_trans'0 : ([%#szip4] produces'0 b bc c) - -> ([%#szip3] produces'0 a ab b) - -> ([%#szip2] inv'0 c) - -> ([%#szip1] inv'0 b) -> ([%#szip0] inv'0 a) -> ([%#szip5] produces'0 a (Seq.(++) ab bc) c) + goal vc_produces_trans'0 : ([%#szip1] produces'0 b bc c) + -> ([%#szip0] produces'0 a ab b) -> ([%#szip2] produces'0 a (Seq.(++) ab bc) c) end module M_creusot_contracts__stdqy35z1__option__extern_spec_std_option_T_Option_T_unwrap_or_else_body [#"../../../creusot-contracts/src/std/option.rs" 103 16 105 36] let%span soption0 = "../../../creusot-contracts/src/std/option.rs" 31 0 423 1 @@ -8791,33 +7505,20 @@ module M_creusot_contracts__stdqy35z1__slice__qyi8256668011736225471__produces_t function produces_trans'0 [#"../../../creusot-contracts/src/std/slice.rs" 419 4 419 90] (a : t_Iter'0) (ab : Seq.seq t_T'0) (b : t_Iter'0) (bc : Seq.seq t_T'0) (c : t_Iter'0) : () - goal vc_produces_trans'0 : ([%#sslice1] produces'0 b bc c) - -> ([%#sslice0] produces'0 a ab b) -> ([%#sslice2] produces'0 a (Seq.(++) ab bc) c) -end -module M_creusot_contracts__stdqy35z1__slice__qyi7128337469104663169__produces_refl [#"../../../creusot-contracts/src/std/slice.rs" 467 4 467 26] (* as std::iter::Iterator> *) - let%span sslice0 = "../../../creusot-contracts/src/std/slice.rs" 465 15 465 24 - let%span sslice1 = "../../../creusot-contracts/src/std/slice.rs" 466 14 466 45 - let%span sslice2 = "../../../creusot-contracts/src/std/slice.rs" 463 4 463 10 - let%span sslice3 = "../../../creusot-contracts/src/std/slice.rs" 459 12 459 66 - let%span sslice4 = "../../../creusot-contracts/src/std/slice.rs" 427 14 427 50 - let%span sslice5 = "../../../creusot-contracts/src/std/slice.rs" 87 14 87 41 - let%span sslice6 = "../../../creusot-contracts/src/std/slice.rs" 88 14 88 84 - let%span sslice7 = "../../../creusot-contracts/src/std/slice.rs" 28 14 28 41 - let%span sslice8 = "../../../creusot-contracts/src/std/slice.rs" 29 14 29 42 - let%span smodel9 = "../../../creusot-contracts/src/model.rs" 106 8 106 22 - let%span sindex10 = "../../../creusot-contracts/src/logic/ops/index.rs" 45 8 45 31 - - use prelude.prelude.Opaque - - type t_NonNull'0 = - { t_NonNull__pointer'0: opaque_ptr } - - type t_IterMut'0 = - { t_IterMut__ptr'0: t_NonNull'0; t_IterMut__end_or_len'0: opaque_ptr; t_IterMut__qy95zmarker'0: () } - - predicate inv'0 [#"../../../creusot-contracts/src/invariant.rs" 41 0 41 35] (_1 : t_IterMut'0) - - axiom inv_axiom'0 [@rewrite] : forall x : t_IterMut'0 [inv'0 x] . inv'0 x = true + goal vc_produces_trans'0 : ([%#sslice1] produces'0 b bc c) + -> ([%#sslice0] produces'0 a ab b) -> ([%#sslice2] produces'0 a (Seq.(++) ab bc) c) +end +module M_creusot_contracts__stdqy35z1__slice__qyi7128337469104663169__produces_refl [#"../../../creusot-contracts/src/std/slice.rs" 466 4 466 26] (* as std::iter::Iterator> *) + let%span sslice0 = "../../../creusot-contracts/src/std/slice.rs" 465 14 465 45 + let%span sslice1 = "../../../creusot-contracts/src/std/slice.rs" 463 4 463 10 + let%span sslice2 = "../../../creusot-contracts/src/std/slice.rs" 459 12 459 66 + let%span sslice3 = "../../../creusot-contracts/src/std/slice.rs" 427 14 427 50 + let%span sslice4 = "../../../creusot-contracts/src/std/slice.rs" 87 14 87 41 + let%span sslice5 = "../../../creusot-contracts/src/std/slice.rs" 88 14 88 84 + let%span sslice6 = "../../../creusot-contracts/src/std/slice.rs" 28 14 28 41 + let%span sslice7 = "../../../creusot-contracts/src/std/slice.rs" 29 14 29 42 + let%span smodel8 = "../../../creusot-contracts/src/model.rs" 106 8 106 22 + let%span sindex9 = "../../../creusot-contracts/src/logic/ops/index.rs" 45 8 45 31 use seq.Seq @@ -8827,6 +7528,14 @@ module M_creusot_contracts__stdqy35z1__slice__qyi7128337469104663169__produces_r use seq.Seq + use prelude.prelude.Opaque + + type t_NonNull'0 = + { t_NonNull__pointer'0: opaque_ptr } + + type t_IterMut'0 = + { t_IterMut__ptr'0: t_NonNull'0; t_IterMut__end_or_len'0: opaque_ptr; t_IterMut__qy95zmarker'0: () } + use seq.Seq use prelude.prelude.UIntSize @@ -8845,14 +7554,14 @@ module M_creusot_contracts__stdqy35z1__slice__qyi7128337469104663169__produces_r function view'1 [#"../../../creusot-contracts/src/std/slice.rs" 30 4 30 33] (self : slice t_T'0) : Seq.seq t_T'0 - axiom view'1_spec : forall self : slice t_T'0 . ([%#sslice7] Seq.length (view'1 self) + axiom view'1_spec : forall self : slice t_T'0 . ([%#sslice6] Seq.length (view'1 self) <= UIntSize.to_int (v_MAX'0 : usize)) - && ([%#sslice8] view'1 self = Slice.id self) + && ([%#sslice7] view'1 self = Slice.id self) function view'0 [#"../../../creusot-contracts/src/std/slice.rs" 428 4 428 33] (self : t_IterMut'0) : borrowed (slice t_T'0) - axiom view'0_spec : forall self : t_IterMut'0 . [%#sslice4] Seq.length (view'1 (view'0 self).final) + axiom view'0_spec : forall self : t_IterMut'0 . [%#sslice3] Seq.length (view'1 (view'0 self).final) = Seq.length (view'1 (view'0 self).current) use seq.Seq @@ -8860,7 +7569,7 @@ module M_creusot_contracts__stdqy35z1__slice__qyi7128337469104663169__produces_r function view'2 [#"../../../creusot-contracts/src/model.rs" 105 4 105 33] (self : borrowed (slice t_T'0)) : Seq.seq t_T'0 = - [%#smodel9] view'1 self.current + [%#smodel8] view'1 self.current use seq.Seq @@ -8869,14 +7578,14 @@ module M_creusot_contracts__stdqy35z1__slice__qyi7128337469104663169__produces_r function index_logic'0 [@inline:trivial] [#"../../../creusot-contracts/src/logic/ops/index.rs" 44 4 44 47] (self : slice t_T'0) (ix : int) : t_T'0 = - [%#sindex10] Seq.get (view'1 self) ix + [%#sindex9] Seq.get (view'1 self) ix function to_mut_seq'0 [#"../../../creusot-contracts/src/std/slice.rs" 90 4 90 43] (self : borrowed (slice t_T'0)) : Seq.seq (borrowed t_T'0) - axiom to_mut_seq'0_spec : forall self : borrowed (slice t_T'0) . ([%#sslice5] Seq.length (to_mut_seq'0 self) + axiom to_mut_seq'0_spec : forall self : borrowed (slice t_T'0) . ([%#sslice4] Seq.length (to_mut_seq'0 self) = Seq.length (view'2 self)) - && ([%#sslice6] forall i : int . 0 <= i /\ i < Seq.length (to_mut_seq'0 self) + && ([%#sslice5] forall i : int . 0 <= i /\ i < Seq.length (to_mut_seq'0 self) -> Seq.get (to_mut_seq'0 self) i = Borrow.borrow_logic (index_logic'0 self.current i) (index_logic'0 self.final i) (Borrow.inherit_id (Borrow.get_id self) i)) @@ -8885,31 +7594,27 @@ module M_creusot_contracts__stdqy35z1__slice__qyi7128337469104663169__produces_r predicate produces'0 [#"../../../creusot-contracts/src/std/slice.rs" 457 4 457 65] (self : t_IterMut'0) (visited : Seq.seq (borrowed t_T'0)) (tl : t_IterMut'0) = - [%#sslice3] to_mut_seq'0 (view'0 self) = Seq.(++) visited (to_mut_seq'0 (view'0 tl)) + [%#sslice2] to_mut_seq'0 (view'0 self) = Seq.(++) visited (to_mut_seq'0 (view'0 tl)) constant self : t_IterMut'0 - function produces_refl'0 [#"../../../creusot-contracts/src/std/slice.rs" 467 4 467 26] (self : t_IterMut'0) : () - - goal vc_produces_refl'0 : ([%#sslice0] inv'0 self) - -> ([%#sslice1] produces'0 self (Seq.empty : Seq.seq (borrowed t_T'0)) self) -end -module M_creusot_contracts__stdqy35z1__slice__qyi7128337469104663169__produces_trans [#"../../../creusot-contracts/src/std/slice.rs" 477 4 477 90] (* as std::iter::Iterator> *) - let%span sslice0 = "../../../creusot-contracts/src/std/slice.rs" 471 15 471 21 - let%span sslice1 = "../../../creusot-contracts/src/std/slice.rs" 472 15 472 21 - let%span sslice2 = "../../../creusot-contracts/src/std/slice.rs" 473 15 473 21 - let%span sslice3 = "../../../creusot-contracts/src/std/slice.rs" 474 15 474 32 - let%span sslice4 = "../../../creusot-contracts/src/std/slice.rs" 475 15 475 32 - let%span sslice5 = "../../../creusot-contracts/src/std/slice.rs" 476 14 476 42 - let%span sslice6 = "../../../creusot-contracts/src/std/slice.rs" 469 4 469 10 - let%span sslice7 = "../../../creusot-contracts/src/std/slice.rs" 459 12 459 66 - let%span sslice8 = "../../../creusot-contracts/src/std/slice.rs" 427 14 427 50 - let%span sslice9 = "../../../creusot-contracts/src/std/slice.rs" 87 14 87 41 - let%span sslice10 = "../../../creusot-contracts/src/std/slice.rs" 88 14 88 84 - let%span sslice11 = "../../../creusot-contracts/src/std/slice.rs" 28 14 28 41 - let%span sslice12 = "../../../creusot-contracts/src/std/slice.rs" 29 14 29 42 - let%span smodel13 = "../../../creusot-contracts/src/model.rs" 106 8 106 22 - let%span sindex14 = "../../../creusot-contracts/src/logic/ops/index.rs" 45 8 45 31 + function produces_refl'0 [#"../../../creusot-contracts/src/std/slice.rs" 466 4 466 26] (self : t_IterMut'0) : () + + goal vc_produces_refl'0 : [%#sslice0] produces'0 self (Seq.empty : Seq.seq (borrowed t_T'0)) self +end +module M_creusot_contracts__stdqy35z1__slice__qyi7128337469104663169__produces_trans [#"../../../creusot-contracts/src/std/slice.rs" 473 4 473 90] (* as std::iter::Iterator> *) + let%span sslice0 = "../../../creusot-contracts/src/std/slice.rs" 470 15 470 32 + let%span sslice1 = "../../../creusot-contracts/src/std/slice.rs" 471 15 471 32 + let%span sslice2 = "../../../creusot-contracts/src/std/slice.rs" 472 14 472 42 + let%span sslice3 = "../../../creusot-contracts/src/std/slice.rs" 468 4 468 10 + let%span sslice4 = "../../../creusot-contracts/src/std/slice.rs" 459 12 459 66 + let%span sslice5 = "../../../creusot-contracts/src/std/slice.rs" 427 14 427 50 + let%span sslice6 = "../../../creusot-contracts/src/std/slice.rs" 87 14 87 41 + let%span sslice7 = "../../../creusot-contracts/src/std/slice.rs" 88 14 88 84 + let%span sslice8 = "../../../creusot-contracts/src/std/slice.rs" 28 14 28 41 + let%span sslice9 = "../../../creusot-contracts/src/std/slice.rs" 29 14 29 42 + let%span smodel10 = "../../../creusot-contracts/src/model.rs" 106 8 106 22 + let%span sindex11 = "../../../creusot-contracts/src/logic/ops/index.rs" 45 8 45 31 use prelude.prelude.Opaque @@ -8919,10 +7624,6 @@ module M_creusot_contracts__stdqy35z1__slice__qyi7128337469104663169__produces_t type t_IterMut'0 = { t_IterMut__ptr'0: t_NonNull'0; t_IterMut__end_or_len'0: opaque_ptr; t_IterMut__qy95zmarker'0: () } - predicate inv'0 [#"../../../creusot-contracts/src/invariant.rs" 41 0 41 35] (_1 : t_IterMut'0) - - axiom inv_axiom'0 [@rewrite] : forall x : t_IterMut'0 [inv'0 x] . inv'0 x = true - use prelude.prelude.Borrow type t_T'0 @@ -8947,14 +7648,14 @@ module M_creusot_contracts__stdqy35z1__slice__qyi7128337469104663169__produces_t function view'1 [#"../../../creusot-contracts/src/std/slice.rs" 30 4 30 33] (self : slice t_T'0) : Seq.seq t_T'0 - axiom view'1_spec : forall self : slice t_T'0 . ([%#sslice11] Seq.length (view'1 self) + axiom view'1_spec : forall self : slice t_T'0 . ([%#sslice8] Seq.length (view'1 self) <= UIntSize.to_int (v_MAX'0 : usize)) - && ([%#sslice12] view'1 self = Slice.id self) + && ([%#sslice9] view'1 self = Slice.id self) function view'0 [#"../../../creusot-contracts/src/std/slice.rs" 428 4 428 33] (self : t_IterMut'0) : borrowed (slice t_T'0) - axiom view'0_spec : forall self : t_IterMut'0 . [%#sslice8] Seq.length (view'1 (view'0 self).final) + axiom view'0_spec : forall self : t_IterMut'0 . [%#sslice5] Seq.length (view'1 (view'0 self).final) = Seq.length (view'1 (view'0 self).current) use seq.Seq @@ -8962,7 +7663,7 @@ module M_creusot_contracts__stdqy35z1__slice__qyi7128337469104663169__produces_t function view'2 [#"../../../creusot-contracts/src/model.rs" 105 4 105 33] (self : borrowed (slice t_T'0)) : Seq.seq t_T'0 = - [%#smodel13] view'1 self.current + [%#smodel10] view'1 self.current use seq.Seq @@ -8971,14 +7672,14 @@ module M_creusot_contracts__stdqy35z1__slice__qyi7128337469104663169__produces_t function index_logic'0 [@inline:trivial] [#"../../../creusot-contracts/src/logic/ops/index.rs" 44 4 44 47] (self : slice t_T'0) (ix : int) : t_T'0 = - [%#sindex14] Seq.get (view'1 self) ix + [%#sindex11] Seq.get (view'1 self) ix function to_mut_seq'0 [#"../../../creusot-contracts/src/std/slice.rs" 90 4 90 43] (self : borrowed (slice t_T'0)) : Seq.seq (borrowed t_T'0) - axiom to_mut_seq'0_spec : forall self : borrowed (slice t_T'0) . ([%#sslice9] Seq.length (to_mut_seq'0 self) + axiom to_mut_seq'0_spec : forall self : borrowed (slice t_T'0) . ([%#sslice6] Seq.length (to_mut_seq'0 self) = Seq.length (view'2 self)) - && ([%#sslice10] forall i : int . 0 <= i /\ i < Seq.length (to_mut_seq'0 self) + && ([%#sslice7] forall i : int . 0 <= i /\ i < Seq.length (to_mut_seq'0 self) -> Seq.get (to_mut_seq'0 self) i = Borrow.borrow_logic (index_logic'0 self.current i) (index_logic'0 self.final i) (Borrow.inherit_id (Borrow.get_id self) i)) @@ -8987,7 +7688,7 @@ module M_creusot_contracts__stdqy35z1__slice__qyi7128337469104663169__produces_t predicate produces'0 [#"../../../creusot-contracts/src/std/slice.rs" 457 4 457 65] (self : t_IterMut'0) (visited : Seq.seq (borrowed t_T'0)) (tl : t_IterMut'0) = - [%#sslice7] to_mut_seq'0 (view'0 self) = Seq.(++) visited (to_mut_seq'0 (view'0 tl)) + [%#sslice4] to_mut_seq'0 (view'0 self) = Seq.(++) visited (to_mut_seq'0 (view'0 tl)) constant a : t_IterMut'0 @@ -8999,13 +7700,11 @@ module M_creusot_contracts__stdqy35z1__slice__qyi7128337469104663169__produces_t constant c : t_IterMut'0 - function produces_trans'0 [#"../../../creusot-contracts/src/std/slice.rs" 477 4 477 90] (a : t_IterMut'0) (ab : Seq.seq (borrowed t_T'0)) (b : t_IterMut'0) (bc : Seq.seq (borrowed t_T'0)) (c : t_IterMut'0) : () + function produces_trans'0 [#"../../../creusot-contracts/src/std/slice.rs" 473 4 473 90] (a : t_IterMut'0) (ab : Seq.seq (borrowed t_T'0)) (b : t_IterMut'0) (bc : Seq.seq (borrowed t_T'0)) (c : t_IterMut'0) : () - goal vc_produces_trans'0 : ([%#sslice4] produces'0 b bc c) - -> ([%#sslice3] produces'0 a ab b) - -> ([%#sslice2] inv'0 c) - -> ([%#sslice1] inv'0 b) -> ([%#sslice0] inv'0 a) -> ([%#sslice5] produces'0 a (Seq.(++) ab bc) c) + goal vc_produces_trans'0 : ([%#sslice1] produces'0 b bc c) + -> ([%#sslice0] produces'0 a ab b) -> ([%#sslice2] produces'0 a (Seq.(++) ab bc) c) end module M_creusot_contracts__stdqy35z1__vec__qyi12862303518309667396__produces_refl [#"../../../creusot-contracts/src/std/vec.rs" 271 4 271 26] (* as std::iter::Iterator> *) let%span svec0 = "../../../creusot-contracts/src/std/vec.rs" 270 14 270 45 @@ -21568,9 +20267,9 @@ module M_creusot_contracts__stdqy35z1__iter__map__qyi13484997498660514945__resol goal refines : [%#smap0] forall self : t_Map'0 . structural_resolve'0 self /\ inv'0 self -> structural_resolve'0 self /\ (forall result : () . resolve'0 self -> resolve'0 self) end -module M_creusot_contracts__stdqy35z1__iter__map_inv__qyi5691635635396426195__resolve_coherence__refines [#"../../../creusot-contracts/src/std/iter/map_inv.rs" 69 4 69 31] (* as resolve::Resolve> *) - let%span smap_inv0 = "../../../creusot-contracts/src/std/iter/map_inv.rs" 69 4 69 31 - let%span smap_inv1 = "../../../creusot-contracts/src/std/iter/map_inv.rs" 62 8 62 50 +module M_creusot_contracts__stdqy35z1__iter__map_inv__qyi5691635635396426195__resolve_coherence__refines [#"../../../creusot-contracts/src/std/iter/map_inv.rs" 64 4 64 31] (* as resolve::Resolve> *) + let%span smap_inv0 = "../../../creusot-contracts/src/std/iter/map_inv.rs" 64 4 64 31 + let%span smap_inv1 = "../../../creusot-contracts/src/std/iter/map_inv.rs" 57 8 57 50 let%span sinvariant2 = "../../../creusot-contracts/src/invariant.rs" 24 8 24 18 use prelude.prelude.Borrow @@ -21620,7 +20319,7 @@ module M_creusot_contracts__stdqy35z1__iter__map_inv__qyi5691635635396426195__re axiom inv_axiom'0 [@rewrite] : forall x : t_MapInv'0 [inv'0 x] . inv'0 x = invariant'0 x - predicate resolve'0 [#"../../../creusot-contracts/src/std/iter/map_inv.rs" 61 4 61 28] (self : t_MapInv'0) = + predicate resolve'0 [#"../../../creusot-contracts/src/std/iter/map_inv.rs" 56 4 56 28] (self : t_MapInv'0) = [%#smap_inv1] resolve'3 self.t_MapInv__iter'0 /\ resolve'2 self.t_MapInv__func'0 goal refines : [%#smap_inv0] forall self : t_MapInv'0 . structural_resolve'0 self /\ inv'0 self @@ -22239,10 +20938,6 @@ module M_creusot_contracts__stdqy35z1__deque__qyi3159098507555769709__produces_r type t_Iter'0 = { t_Iter__i1'0: t_Iter'1; t_Iter__i2'0: t_Iter'1 } - predicate inv'0 [#"../../../creusot-contracts/src/invariant.rs" 41 0 41 35] (_1 : t_Iter'0) - - axiom inv_axiom'0 [@rewrite] : forall x : t_Iter'0 [inv'0 x] . inv'0 x = true - use seq.Seq use prelude.prelude.Borrow @@ -22303,9 +20998,8 @@ module M_creusot_contracts__stdqy35z1__deque__qyi3159098507555769709__produces_r = [%#sdeque1] to_ref_seq'0 (view'0 self) = Seq.(++) visited (to_ref_seq'0 (view'0 tl)) - goal refines : [%#sdeque0] forall self : t_Iter'0 . inv'0 self - -> (forall result : () . produces'0 self (Seq.empty : Seq.seq t_T'0) self - -> produces'0 self (Seq.empty : Seq.seq t_T'0) self) + goal refines : [%#sdeque0] forall self : t_Iter'0 . forall result : () . produces'0 self (Seq.empty : Seq.seq t_T'0) self + -> produces'0 self (Seq.empty : Seq.seq t_T'0) self end module M_creusot_contracts__stdqy35z1__deque__qyi3159098507555769709__produces_trans__refines [#"../../../creusot-contracts/src/std/deque.rs" 185 4 185 90] (* as std::iter::Iterator> *) let%span sdeque0 = "../../../creusot-contracts/src/std/deque.rs" 185 4 185 90 @@ -22386,30 +21080,19 @@ module M_creusot_contracts__stdqy35z1__deque__qyi3159098507555769709__produces_t = [%#sdeque1] to_ref_seq'0 (view'0 self) = Seq.(++) visited (to_ref_seq'0 (view'0 tl)) - predicate inv'0 [#"../../../creusot-contracts/src/invariant.rs" 41 0 41 35] (_1 : t_Iter'0) - - axiom inv_axiom'0 [@rewrite] : forall x : t_Iter'0 [inv'0 x] . inv'0 x = true - goal refines : [%#sdeque0] forall a : t_Iter'0 . forall ab : Seq.seq t_T'0 . forall b : t_Iter'0 . forall bc : Seq.seq t_T'0 . forall c : t_Iter'0 . produces'0 b bc c - /\ produces'0 a ab b /\ inv'0 c /\ inv'0 b /\ inv'0 a + /\ produces'0 a ab b -> produces'0 b bc c /\ produces'0 a ab b /\ (forall result : () . produces'0 a (Seq.(++) ab bc) c -> produces'0 a (Seq.(++) ab bc) c) end -module M_creusot_contracts__stdqy35z1__iter__cloned__qyi10472681371035856984__produces_trans__refines [#"../../../creusot-contracts/src/std/iter/cloned.rs" 72 4 72 90] (* as std::iter::Iterator> *) - let%span scloned0 = "../../../creusot-contracts/src/std/iter/cloned.rs" 72 4 72 90 - let%span scloned1 = "../../../creusot-contracts/src/std/iter/cloned.rs" 51 12 54 79 +module M_creusot_contracts__stdqy35z1__iter__cloned__qyi10472681371035856984__produces_trans__refines [#"../../../creusot-contracts/src/std/iter/cloned.rs" 65 4 65 90] (* as std::iter::Iterator> *) + let%span scloned0 = "../../../creusot-contracts/src/std/iter/cloned.rs" 65 4 65 90 + let%span scloned1 = "../../../creusot-contracts/src/std/iter/cloned.rs" 48 12 51 79 let%span scloned2 = "../../../creusot-contracts/src/std/iter/cloned.rs" 11 14 11 39 - let%span siter3 = "../../../creusot-contracts/src/std/iter.rs" 38 15 38 24 - let%span siter4 = "../../../creusot-contracts/src/std/iter.rs" 39 14 39 45 - let%span siter5 = "../../../creusot-contracts/src/std/iter.rs" 43 15 43 21 - let%span siter6 = "../../../creusot-contracts/src/std/iter.rs" 44 15 44 21 - let%span siter7 = "../../../creusot-contracts/src/std/iter.rs" 45 15 45 21 - let%span siter8 = "../../../creusot-contracts/src/std/iter.rs" 46 15 46 32 - let%span siter9 = "../../../creusot-contracts/src/std/iter.rs" 47 15 47 32 - let%span siter10 = "../../../creusot-contracts/src/std/iter.rs" 48 14 48 42 - let%span sseq11 = "../../../creusot-contracts/src/logic/seq.rs" 611 20 611 95 - let%span sboxed12 = "../../../creusot-contracts/src/std/boxed.rs" 28 8 28 18 - let%span sinvariant13 = "../../../creusot-contracts/src/invariant.rs" 24 8 24 18 + let%span siter3 = "../../../creusot-contracts/src/std/iter.rs" 38 14 38 45 + let%span siter4 = "../../../creusot-contracts/src/std/iter.rs" 42 15 42 32 + let%span siter5 = "../../../creusot-contracts/src/std/iter.rs" 43 15 43 32 + let%span siter6 = "../../../creusot-contracts/src/std/iter.rs" 44 14 44 42 type t_I'0 @@ -22424,47 +21107,18 @@ module M_creusot_contracts__stdqy35z1__iter__cloned__qyi10472681371035856984__pr use seq.Seq - use prelude.prelude.Int - - use seq.Seq - - use seq.Seq - - predicate inv'5 [#"../../../creusot-contracts/src/invariant.rs" 41 0 41 35] (_1 : t_T'0) - - predicate invariant'2 [#"../../../creusot-contracts/src/invariant.rs" 23 4 23 30] (self : t_T'0) = - [%#sinvariant13] inv'5 self - - predicate inv'4 [#"../../../creusot-contracts/src/invariant.rs" 41 0 41 35] (_1 : t_T'0) - - axiom inv_axiom'3 [@rewrite] : forall x : t_T'0 [inv'4 x] . inv'4 x = invariant'2 x - - predicate invariant'1 [#"../../../creusot-contracts/src/std/boxed.rs" 27 4 27 30] (self : t_T'0) = - [%#sboxed12] inv'4 self - - predicate inv'3 [#"../../../creusot-contracts/src/invariant.rs" 41 0 41 35] (_1 : t_T'0) - - axiom inv_axiom'2 [@rewrite] : forall x : t_T'0 [inv'3 x] . inv'3 x = invariant'1 x - - predicate invariant'0 [#"../../../creusot-contracts/src/logic/seq.rs" 610 4 610 30] (self : Seq.seq t_T'0) = - [%#sseq11] forall i : int . 0 <= i /\ i < Seq.length self -> inv'3 (Seq.get self i) - - predicate inv'1 [#"../../../creusot-contracts/src/invariant.rs" 41 0 41 35] (_1 : Seq.seq t_T'0) - - axiom inv_axiom'1 [@rewrite] : forall x : Seq.seq t_T'0 [inv'1 x] . inv'1 x = invariant'0 x - - predicate inv'2 [#"../../../creusot-contracts/src/invariant.rs" 41 0 41 35] (_1 : t_I'0) + predicate inv'1 [#"../../../creusot-contracts/src/invariant.rs" 41 0 41 35] (_1 : t_I'0) predicate inv'0 [#"../../../creusot-contracts/src/invariant.rs" 41 0 41 35] (_1 : t_Cloned'0) axiom inv_axiom'0 [@rewrite] : forall x : t_Cloned'0 [inv'0 x] . inv'0 x = match x with - | {t_Cloned__it'0 = it} -> inv'2 it + | {t_Cloned__it'0 = it} -> inv'1 it end function iter'0 [#"../../../creusot-contracts/src/std/iter/cloned.rs" 12 4 12 22] (self : t_Cloned'0) : t_I'0 - axiom iter'0_spec : forall self : t_Cloned'0 . [%#scloned2] inv'0 self -> inv'2 (iter'0 self) + axiom iter'0_spec : forall self : t_Cloned'0 . [%#scloned2] inv'0 self -> inv'1 (iter'0 self) use seq.Seq @@ -22473,73 +21127,54 @@ module M_creusot_contracts__stdqy35z1__iter__cloned__qyi10472681371035856984__pr predicate produces'1 [#"../../../creusot-contracts/src/std/iter.rs" 32 4 32 65] (self : t_I'0) (visited : Seq.seq t_T'0) (o : t_I'0) - function produces_trans'1 [#"../../../creusot-contracts/src/std/iter.rs" 49 4 49 91] (a : t_I'0) (ab : Seq.seq t_T'0) (b : t_I'0) (bc : Seq.seq t_T'0) (c : t_I'0) : () + function produces_trans'1 [#"../../../creusot-contracts/src/std/iter.rs" 45 4 45 91] (a : t_I'0) (ab : Seq.seq t_T'0) (b : t_I'0) (bc : Seq.seq t_T'0) (c : t_I'0) : () - axiom produces_trans'1_spec : forall a : t_I'0, ab : Seq.seq t_T'0, b : t_I'0, bc : Seq.seq t_T'0, c : t_I'0 . ([%#siter5] inv'2 a) - -> ([%#siter6] inv'2 b) - -> ([%#siter7] inv'2 c) - -> ([%#siter8] produces'1 a ab b) - -> ([%#siter9] produces'1 b bc c) -> ([%#siter10] produces'1 a (Seq.(++) ab bc) c) + axiom produces_trans'1_spec : forall a : t_I'0, ab : Seq.seq t_T'0, b : t_I'0, bc : Seq.seq t_T'0, c : t_I'0 . ([%#siter4] produces'1 a ab b) + -> ([%#siter5] produces'1 b bc c) -> ([%#siter6] produces'1 a (Seq.(++) ab bc) c) - function produces_refl'0 [#"../../../creusot-contracts/src/std/iter.rs" 40 4 40 27] (self : t_I'0) : () + function produces_refl'0 [#"../../../creusot-contracts/src/std/iter.rs" 39 4 39 27] (self : t_I'0) : () - axiom produces_refl'0_spec : forall self : t_I'0 . ([%#siter3] inv'2 self) - -> ([%#siter4] produces'1 self (Seq.empty : Seq.seq t_T'0) self) + axiom produces_refl'0_spec : forall self : t_I'0 . [%#siter3] produces'1 self (Seq.empty : Seq.seq t_T'0) self use seq.Seq use seq.Seq + use prelude.prelude.Int + + use seq.Seq + use seq.Seq - predicate produces'0 [#"../../../creusot-contracts/src/std/iter/cloned.rs" 49 4 49 64] (self : t_Cloned'0) (visited : Seq.seq t_T'0) (o : t_Cloned'0) + predicate produces'0 [#"../../../creusot-contracts/src/std/iter/cloned.rs" 46 4 46 64] (self : t_Cloned'0) (visited : Seq.seq t_T'0) (o : t_Cloned'0) = - [%#scloned1] exists s : Seq.seq t_T'0 . inv'1 s - /\ produces'1 (iter'0 self) s (iter'0 o) + [%#scloned1] exists s : Seq.seq t_T'0 . produces'1 (iter'0 self) s (iter'0 o) /\ Seq.length visited = Seq.length s /\ (forall i : int . 0 <= i /\ i < Seq.length s -> Seq.get visited i = Seq.get s i) use seq.Seq goal refines : [%#scloned0] forall a : t_Cloned'0 . forall ab : Seq.seq t_T'0 . forall b : t_Cloned'0 . forall bc : Seq.seq t_T'0 . forall c : t_Cloned'0 . produces'0 b bc c - /\ produces'0 a ab b /\ inv'0 c /\ inv'0 b /\ inv'0 a - -> produces'0 b bc c /\ produces'0 a ab b - /\ inv'0 c - /\ inv'0 b /\ inv'0 a /\ (forall result : () . produces'0 a (Seq.(++) ab bc) c -> produces'0 a (Seq.(++) ab bc) c) + -> produces'0 b bc c + /\ produces'0 a ab b /\ (forall result : () . produces'0 a (Seq.(++) ab bc) c -> produces'0 a (Seq.(++) ab bc) c) end -module M_creusot_contracts__stdqy35z1__iter__cloned__qyi10472681371035856984__produces_refl__refines [#"../../../creusot-contracts/src/std/iter/cloned.rs" 62 4 62 26] (* as std::iter::Iterator> *) - let%span scloned0 = "../../../creusot-contracts/src/std/iter/cloned.rs" 62 4 62 26 - let%span scloned1 = "../../../creusot-contracts/src/std/iter/cloned.rs" 51 12 54 79 +module M_creusot_contracts__stdqy35z1__iter__cloned__qyi10472681371035856984__produces_refl__refines [#"../../../creusot-contracts/src/std/iter/cloned.rs" 58 4 58 26] (* as std::iter::Iterator> *) + let%span scloned0 = "../../../creusot-contracts/src/std/iter/cloned.rs" 58 4 58 26 + let%span scloned1 = "../../../creusot-contracts/src/std/iter/cloned.rs" 48 12 51 79 let%span scloned2 = "../../../creusot-contracts/src/std/iter/cloned.rs" 11 14 11 39 - let%span siter3 = "../../../creusot-contracts/src/std/iter.rs" 38 15 38 24 - let%span siter4 = "../../../creusot-contracts/src/std/iter.rs" 39 14 39 45 - let%span siter5 = "../../../creusot-contracts/src/std/iter.rs" 43 15 43 21 - let%span siter6 = "../../../creusot-contracts/src/std/iter.rs" 44 15 44 21 - let%span siter7 = "../../../creusot-contracts/src/std/iter.rs" 45 15 45 21 - let%span siter8 = "../../../creusot-contracts/src/std/iter.rs" 46 15 46 32 - let%span siter9 = "../../../creusot-contracts/src/std/iter.rs" 47 15 47 32 - let%span siter10 = "../../../creusot-contracts/src/std/iter.rs" 48 14 48 42 - let%span sseq11 = "../../../creusot-contracts/src/logic/seq.rs" 611 20 611 95 - let%span sboxed12 = "../../../creusot-contracts/src/std/boxed.rs" 28 8 28 18 - let%span sinvariant13 = "../../../creusot-contracts/src/invariant.rs" 24 8 24 18 + let%span siter3 = "../../../creusot-contracts/src/std/iter.rs" 38 14 38 45 + let%span siter4 = "../../../creusot-contracts/src/std/iter.rs" 42 15 42 32 + let%span siter5 = "../../../creusot-contracts/src/std/iter.rs" 43 15 43 32 + let%span siter6 = "../../../creusot-contracts/src/std/iter.rs" 44 14 44 42 type t_I'0 type t_Cloned'0 = { t_Cloned__it'0: t_I'0 } - predicate inv'2 [#"../../../creusot-contracts/src/invariant.rs" 41 0 41 35] (_1 : t_I'0) - - predicate inv'0 [#"../../../creusot-contracts/src/invariant.rs" 41 0 41 35] (_1 : t_Cloned'0) - - axiom inv_axiom'0 [@rewrite] : forall x : t_Cloned'0 [inv'0 x] . inv'0 x - = match x with - | {t_Cloned__it'0 = it} -> inv'2 it - end - use seq.Seq type t_T'0 @@ -22550,38 +21185,18 @@ module M_creusot_contracts__stdqy35z1__iter__cloned__qyi10472681371035856984__pr use seq.Seq - use prelude.prelude.Int - - use seq.Seq - - use seq.Seq - - predicate inv'5 [#"../../../creusot-contracts/src/invariant.rs" 41 0 41 35] (_1 : t_T'0) - - predicate invariant'2 [#"../../../creusot-contracts/src/invariant.rs" 23 4 23 30] (self : t_T'0) = - [%#sinvariant13] inv'5 self - - predicate inv'4 [#"../../../creusot-contracts/src/invariant.rs" 41 0 41 35] (_1 : t_T'0) - - axiom inv_axiom'3 [@rewrite] : forall x : t_T'0 [inv'4 x] . inv'4 x = invariant'2 x - - predicate invariant'1 [#"../../../creusot-contracts/src/std/boxed.rs" 27 4 27 30] (self : t_T'0) = - [%#sboxed12] inv'4 self - - predicate inv'3 [#"../../../creusot-contracts/src/invariant.rs" 41 0 41 35] (_1 : t_T'0) - - axiom inv_axiom'2 [@rewrite] : forall x : t_T'0 [inv'3 x] . inv'3 x = invariant'1 x - - predicate invariant'0 [#"../../../creusot-contracts/src/logic/seq.rs" 610 4 610 30] (self : Seq.seq t_T'0) = - [%#sseq11] forall i : int . 0 <= i /\ i < Seq.length self -> inv'3 (Seq.get self i) + predicate inv'1 [#"../../../creusot-contracts/src/invariant.rs" 41 0 41 35] (_1 : t_I'0) - predicate inv'1 [#"../../../creusot-contracts/src/invariant.rs" 41 0 41 35] (_1 : Seq.seq t_T'0) + predicate inv'0 [#"../../../creusot-contracts/src/invariant.rs" 41 0 41 35] (_1 : t_Cloned'0) - axiom inv_axiom'1 [@rewrite] : forall x : Seq.seq t_T'0 [inv'1 x] . inv'1 x = invariant'0 x + axiom inv_axiom'0 [@rewrite] : forall x : t_Cloned'0 [inv'0 x] . inv'0 x + = match x with + | {t_Cloned__it'0 = it} -> inv'1 it + end function iter'0 [#"../../../creusot-contracts/src/std/iter/cloned.rs" 12 4 12 22] (self : t_Cloned'0) : t_I'0 - axiom iter'0_spec : forall self : t_Cloned'0 . [%#scloned2] inv'0 self -> inv'2 (iter'0 self) + axiom iter'0_spec : forall self : t_Cloned'0 . [%#scloned2] inv'0 self -> inv'1 (iter'0 self) use seq.Seq @@ -22590,69 +21205,50 @@ module M_creusot_contracts__stdqy35z1__iter__cloned__qyi10472681371035856984__pr predicate produces'1 [#"../../../creusot-contracts/src/std/iter.rs" 32 4 32 65] (self : t_I'0) (visited : Seq.seq t_T'0) (o : t_I'0) - function produces_trans'0 [#"../../../creusot-contracts/src/std/iter.rs" 49 4 49 91] (a : t_I'0) (ab : Seq.seq t_T'0) (b : t_I'0) (bc : Seq.seq t_T'0) (c : t_I'0) : () + function produces_trans'0 [#"../../../creusot-contracts/src/std/iter.rs" 45 4 45 91] (a : t_I'0) (ab : Seq.seq t_T'0) (b : t_I'0) (bc : Seq.seq t_T'0) (c : t_I'0) : () - axiom produces_trans'0_spec : forall a : t_I'0, ab : Seq.seq t_T'0, b : t_I'0, bc : Seq.seq t_T'0, c : t_I'0 . ([%#siter5] inv'2 a) - -> ([%#siter6] inv'2 b) - -> ([%#siter7] inv'2 c) - -> ([%#siter8] produces'1 a ab b) - -> ([%#siter9] produces'1 b bc c) -> ([%#siter10] produces'1 a (Seq.(++) ab bc) c) + axiom produces_trans'0_spec : forall a : t_I'0, ab : Seq.seq t_T'0, b : t_I'0, bc : Seq.seq t_T'0, c : t_I'0 . ([%#siter4] produces'1 a ab b) + -> ([%#siter5] produces'1 b bc c) -> ([%#siter6] produces'1 a (Seq.(++) ab bc) c) - function produces_refl'1 [#"../../../creusot-contracts/src/std/iter.rs" 40 4 40 27] (self : t_I'0) : () + function produces_refl'1 [#"../../../creusot-contracts/src/std/iter.rs" 39 4 39 27] (self : t_I'0) : () - axiom produces_refl'1_spec : forall self : t_I'0 . ([%#siter3] inv'2 self) - -> ([%#siter4] produces'1 self (Seq.empty : Seq.seq t_T'0) self) + axiom produces_refl'1_spec : forall self : t_I'0 . [%#siter3] produces'1 self (Seq.empty : Seq.seq t_T'0) self use seq.Seq use seq.Seq + use prelude.prelude.Int + + use seq.Seq + use seq.Seq - predicate produces'0 [#"../../../creusot-contracts/src/std/iter/cloned.rs" 49 4 49 64] (self : t_Cloned'0) (visited : Seq.seq t_T'0) (o : t_Cloned'0) + predicate produces'0 [#"../../../creusot-contracts/src/std/iter/cloned.rs" 46 4 46 64] (self : t_Cloned'0) (visited : Seq.seq t_T'0) (o : t_Cloned'0) = - [%#scloned1] exists s : Seq.seq t_T'0 . inv'1 s - /\ produces'1 (iter'0 self) s (iter'0 o) + [%#scloned1] exists s : Seq.seq t_T'0 . produces'1 (iter'0 self) s (iter'0 o) /\ Seq.length visited = Seq.length s /\ (forall i : int . 0 <= i /\ i < Seq.length s -> Seq.get visited i = Seq.get s i) - goal refines : [%#scloned0] forall self : t_Cloned'0 . inv'0 self - -> inv'0 self - /\ (forall result : () . produces'0 self (Seq.empty : Seq.seq t_T'0) self - -> produces'0 self (Seq.empty : Seq.seq t_T'0) self) + goal refines : [%#scloned0] forall self : t_Cloned'0 . forall result : () . produces'0 self (Seq.empty : Seq.seq t_T'0) self + -> produces'0 self (Seq.empty : Seq.seq t_T'0) self end -module M_creusot_contracts__stdqy35z1__iter__copied__qyi18224474876607687026__produces_refl__refines [#"../../../creusot-contracts/src/std/iter/copied.rs" 62 4 62 26] (* as std::iter::Iterator> *) - let%span scopied0 = "../../../creusot-contracts/src/std/iter/copied.rs" 62 4 62 26 - let%span scopied1 = "../../../creusot-contracts/src/std/iter/copied.rs" 51 12 54 79 +module M_creusot_contracts__stdqy35z1__iter__copied__qyi18224474876607687026__produces_refl__refines [#"../../../creusot-contracts/src/std/iter/copied.rs" 58 4 58 26] (* as std::iter::Iterator> *) + let%span scopied0 = "../../../creusot-contracts/src/std/iter/copied.rs" 58 4 58 26 + let%span scopied1 = "../../../creusot-contracts/src/std/iter/copied.rs" 48 12 51 79 let%span scopied2 = "../../../creusot-contracts/src/std/iter/copied.rs" 11 14 11 39 - let%span siter3 = "../../../creusot-contracts/src/std/iter.rs" 38 15 38 24 - let%span siter4 = "../../../creusot-contracts/src/std/iter.rs" 39 14 39 45 - let%span siter5 = "../../../creusot-contracts/src/std/iter.rs" 43 15 43 21 - let%span siter6 = "../../../creusot-contracts/src/std/iter.rs" 44 15 44 21 - let%span siter7 = "../../../creusot-contracts/src/std/iter.rs" 45 15 45 21 - let%span siter8 = "../../../creusot-contracts/src/std/iter.rs" 46 15 46 32 - let%span siter9 = "../../../creusot-contracts/src/std/iter.rs" 47 15 47 32 - let%span siter10 = "../../../creusot-contracts/src/std/iter.rs" 48 14 48 42 - let%span sseq11 = "../../../creusot-contracts/src/logic/seq.rs" 611 20 611 95 - let%span sboxed12 = "../../../creusot-contracts/src/std/boxed.rs" 28 8 28 18 - let%span sinvariant13 = "../../../creusot-contracts/src/invariant.rs" 24 8 24 18 + let%span siter3 = "../../../creusot-contracts/src/std/iter.rs" 38 14 38 45 + let%span siter4 = "../../../creusot-contracts/src/std/iter.rs" 42 15 42 32 + let%span siter5 = "../../../creusot-contracts/src/std/iter.rs" 43 15 43 32 + let%span siter6 = "../../../creusot-contracts/src/std/iter.rs" 44 14 44 42 type t_I'0 type t_Copied'0 = { t_Copied__it'0: t_I'0 } - predicate inv'2 [#"../../../creusot-contracts/src/invariant.rs" 41 0 41 35] (_1 : t_I'0) - - predicate inv'0 [#"../../../creusot-contracts/src/invariant.rs" 41 0 41 35] (_1 : t_Copied'0) - - axiom inv_axiom'0 [@rewrite] : forall x : t_Copied'0 [inv'0 x] . inv'0 x - = match x with - | {t_Copied__it'0 = it} -> inv'2 it - end - use seq.Seq type t_T'0 @@ -22663,38 +21259,18 @@ module M_creusot_contracts__stdqy35z1__iter__copied__qyi18224474876607687026__pr use seq.Seq - use prelude.prelude.Int - - use seq.Seq - - use seq.Seq - - predicate inv'5 [#"../../../creusot-contracts/src/invariant.rs" 41 0 41 35] (_1 : t_T'0) - - predicate invariant'2 [#"../../../creusot-contracts/src/invariant.rs" 23 4 23 30] (self : t_T'0) = - [%#sinvariant13] inv'5 self - - predicate inv'4 [#"../../../creusot-contracts/src/invariant.rs" 41 0 41 35] (_1 : t_T'0) - - axiom inv_axiom'3 [@rewrite] : forall x : t_T'0 [inv'4 x] . inv'4 x = invariant'2 x - - predicate invariant'1 [#"../../../creusot-contracts/src/std/boxed.rs" 27 4 27 30] (self : t_T'0) = - [%#sboxed12] inv'4 self - - predicate inv'3 [#"../../../creusot-contracts/src/invariant.rs" 41 0 41 35] (_1 : t_T'0) - - axiom inv_axiom'2 [@rewrite] : forall x : t_T'0 [inv'3 x] . inv'3 x = invariant'1 x - - predicate invariant'0 [#"../../../creusot-contracts/src/logic/seq.rs" 610 4 610 30] (self : Seq.seq t_T'0) = - [%#sseq11] forall i : int . 0 <= i /\ i < Seq.length self -> inv'3 (Seq.get self i) + predicate inv'1 [#"../../../creusot-contracts/src/invariant.rs" 41 0 41 35] (_1 : t_I'0) - predicate inv'1 [#"../../../creusot-contracts/src/invariant.rs" 41 0 41 35] (_1 : Seq.seq t_T'0) + predicate inv'0 [#"../../../creusot-contracts/src/invariant.rs" 41 0 41 35] (_1 : t_Copied'0) - axiom inv_axiom'1 [@rewrite] : forall x : Seq.seq t_T'0 [inv'1 x] . inv'1 x = invariant'0 x + axiom inv_axiom'0 [@rewrite] : forall x : t_Copied'0 [inv'0 x] . inv'0 x + = match x with + | {t_Copied__it'0 = it} -> inv'1 it + end function iter'0 [#"../../../creusot-contracts/src/std/iter/copied.rs" 12 4 12 22] (self : t_Copied'0) : t_I'0 - axiom iter'0_spec : forall self : t_Copied'0 . [%#scopied2] inv'0 self -> inv'2 (iter'0 self) + axiom iter'0_spec : forall self : t_Copied'0 . [%#scopied2] inv'0 self -> inv'1 (iter'0 self) use seq.Seq @@ -22703,54 +21279,44 @@ module M_creusot_contracts__stdqy35z1__iter__copied__qyi18224474876607687026__pr predicate produces'1 [#"../../../creusot-contracts/src/std/iter.rs" 32 4 32 65] (self : t_I'0) (visited : Seq.seq t_T'0) (o : t_I'0) - function produces_trans'0 [#"../../../creusot-contracts/src/std/iter.rs" 49 4 49 91] (a : t_I'0) (ab : Seq.seq t_T'0) (b : t_I'0) (bc : Seq.seq t_T'0) (c : t_I'0) : () + function produces_trans'0 [#"../../../creusot-contracts/src/std/iter.rs" 45 4 45 91] (a : t_I'0) (ab : Seq.seq t_T'0) (b : t_I'0) (bc : Seq.seq t_T'0) (c : t_I'0) : () - axiom produces_trans'0_spec : forall a : t_I'0, ab : Seq.seq t_T'0, b : t_I'0, bc : Seq.seq t_T'0, c : t_I'0 . ([%#siter5] inv'2 a) - -> ([%#siter6] inv'2 b) - -> ([%#siter7] inv'2 c) - -> ([%#siter8] produces'1 a ab b) - -> ([%#siter9] produces'1 b bc c) -> ([%#siter10] produces'1 a (Seq.(++) ab bc) c) + axiom produces_trans'0_spec : forall a : t_I'0, ab : Seq.seq t_T'0, b : t_I'0, bc : Seq.seq t_T'0, c : t_I'0 . ([%#siter4] produces'1 a ab b) + -> ([%#siter5] produces'1 b bc c) -> ([%#siter6] produces'1 a (Seq.(++) ab bc) c) - function produces_refl'1 [#"../../../creusot-contracts/src/std/iter.rs" 40 4 40 27] (self : t_I'0) : () + function produces_refl'1 [#"../../../creusot-contracts/src/std/iter.rs" 39 4 39 27] (self : t_I'0) : () - axiom produces_refl'1_spec : forall self : t_I'0 . ([%#siter3] inv'2 self) - -> ([%#siter4] produces'1 self (Seq.empty : Seq.seq t_T'0) self) + axiom produces_refl'1_spec : forall self : t_I'0 . [%#siter3] produces'1 self (Seq.empty : Seq.seq t_T'0) self + + use seq.Seq use seq.Seq + use prelude.prelude.Int + use seq.Seq use seq.Seq - predicate produces'0 [#"../../../creusot-contracts/src/std/iter/copied.rs" 49 4 49 64] (self : t_Copied'0) (visited : Seq.seq t_T'0) (o : t_Copied'0) + predicate produces'0 [#"../../../creusot-contracts/src/std/iter/copied.rs" 46 4 46 64] (self : t_Copied'0) (visited : Seq.seq t_T'0) (o : t_Copied'0) = - [%#scopied1] exists s : Seq.seq t_T'0 . inv'1 s - /\ produces'1 (iter'0 self) s (iter'0 o) + [%#scopied1] exists s : Seq.seq t_T'0 . produces'1 (iter'0 self) s (iter'0 o) /\ Seq.length visited = Seq.length s /\ (forall i : int . 0 <= i /\ i < Seq.length s -> Seq.get visited i = Seq.get s i) - goal refines : [%#scopied0] forall self : t_Copied'0 . inv'0 self - -> inv'0 self - /\ (forall result : () . produces'0 self (Seq.empty : Seq.seq t_T'0) self - -> produces'0 self (Seq.empty : Seq.seq t_T'0) self) + goal refines : [%#scopied0] forall self : t_Copied'0 . forall result : () . produces'0 self (Seq.empty : Seq.seq t_T'0) self + -> produces'0 self (Seq.empty : Seq.seq t_T'0) self end -module M_creusot_contracts__stdqy35z1__iter__copied__qyi18224474876607687026__produces_trans__refines [#"../../../creusot-contracts/src/std/iter/copied.rs" 72 4 72 90] (* as std::iter::Iterator> *) - let%span scopied0 = "../../../creusot-contracts/src/std/iter/copied.rs" 72 4 72 90 - let%span scopied1 = "../../../creusot-contracts/src/std/iter/copied.rs" 51 12 54 79 +module M_creusot_contracts__stdqy35z1__iter__copied__qyi18224474876607687026__produces_trans__refines [#"../../../creusot-contracts/src/std/iter/copied.rs" 65 4 65 90] (* as std::iter::Iterator> *) + let%span scopied0 = "../../../creusot-contracts/src/std/iter/copied.rs" 65 4 65 90 + let%span scopied1 = "../../../creusot-contracts/src/std/iter/copied.rs" 48 12 51 79 let%span scopied2 = "../../../creusot-contracts/src/std/iter/copied.rs" 11 14 11 39 - let%span siter3 = "../../../creusot-contracts/src/std/iter.rs" 38 15 38 24 - let%span siter4 = "../../../creusot-contracts/src/std/iter.rs" 39 14 39 45 - let%span siter5 = "../../../creusot-contracts/src/std/iter.rs" 43 15 43 21 - let%span siter6 = "../../../creusot-contracts/src/std/iter.rs" 44 15 44 21 - let%span siter7 = "../../../creusot-contracts/src/std/iter.rs" 45 15 45 21 - let%span siter8 = "../../../creusot-contracts/src/std/iter.rs" 46 15 46 32 - let%span siter9 = "../../../creusot-contracts/src/std/iter.rs" 47 15 47 32 - let%span siter10 = "../../../creusot-contracts/src/std/iter.rs" 48 14 48 42 - let%span sseq11 = "../../../creusot-contracts/src/logic/seq.rs" 611 20 611 95 - let%span sboxed12 = "../../../creusot-contracts/src/std/boxed.rs" 28 8 28 18 - let%span sinvariant13 = "../../../creusot-contracts/src/invariant.rs" 24 8 24 18 + let%span siter3 = "../../../creusot-contracts/src/std/iter.rs" 38 14 38 45 + let%span siter4 = "../../../creusot-contracts/src/std/iter.rs" 42 15 42 32 + let%span siter5 = "../../../creusot-contracts/src/std/iter.rs" 43 15 43 32 + let%span siter6 = "../../../creusot-contracts/src/std/iter.rs" 44 14 44 42 type t_I'0 @@ -22765,47 +21331,18 @@ module M_creusot_contracts__stdqy35z1__iter__copied__qyi18224474876607687026__pr use seq.Seq - use prelude.prelude.Int - - use seq.Seq - - use seq.Seq - - predicate inv'5 [#"../../../creusot-contracts/src/invariant.rs" 41 0 41 35] (_1 : t_T'0) - - predicate invariant'2 [#"../../../creusot-contracts/src/invariant.rs" 23 4 23 30] (self : t_T'0) = - [%#sinvariant13] inv'5 self - - predicate inv'4 [#"../../../creusot-contracts/src/invariant.rs" 41 0 41 35] (_1 : t_T'0) - - axiom inv_axiom'3 [@rewrite] : forall x : t_T'0 [inv'4 x] . inv'4 x = invariant'2 x - - predicate invariant'1 [#"../../../creusot-contracts/src/std/boxed.rs" 27 4 27 30] (self : t_T'0) = - [%#sboxed12] inv'4 self - - predicate inv'3 [#"../../../creusot-contracts/src/invariant.rs" 41 0 41 35] (_1 : t_T'0) - - axiom inv_axiom'2 [@rewrite] : forall x : t_T'0 [inv'3 x] . inv'3 x = invariant'1 x - - predicate invariant'0 [#"../../../creusot-contracts/src/logic/seq.rs" 610 4 610 30] (self : Seq.seq t_T'0) = - [%#sseq11] forall i : int . 0 <= i /\ i < Seq.length self -> inv'3 (Seq.get self i) - - predicate inv'1 [#"../../../creusot-contracts/src/invariant.rs" 41 0 41 35] (_1 : Seq.seq t_T'0) - - axiom inv_axiom'1 [@rewrite] : forall x : Seq.seq t_T'0 [inv'1 x] . inv'1 x = invariant'0 x - - predicate inv'2 [#"../../../creusot-contracts/src/invariant.rs" 41 0 41 35] (_1 : t_I'0) + predicate inv'1 [#"../../../creusot-contracts/src/invariant.rs" 41 0 41 35] (_1 : t_I'0) predicate inv'0 [#"../../../creusot-contracts/src/invariant.rs" 41 0 41 35] (_1 : t_Copied'0) axiom inv_axiom'0 [@rewrite] : forall x : t_Copied'0 [inv'0 x] . inv'0 x = match x with - | {t_Copied__it'0 = it} -> inv'2 it + | {t_Copied__it'0 = it} -> inv'1 it end function iter'0 [#"../../../creusot-contracts/src/std/iter/copied.rs" 12 4 12 22] (self : t_Copied'0) : t_I'0 - axiom iter'0_spec : forall self : t_Copied'0 . [%#scopied2] inv'0 self -> inv'2 (iter'0 self) + axiom iter'0_spec : forall self : t_Copied'0 . [%#scopied2] inv'0 self -> inv'1 (iter'0 self) use seq.Seq @@ -22814,54 +21351,47 @@ module M_creusot_contracts__stdqy35z1__iter__copied__qyi18224474876607687026__pr predicate produces'1 [#"../../../creusot-contracts/src/std/iter.rs" 32 4 32 65] (self : t_I'0) (visited : Seq.seq t_T'0) (o : t_I'0) - function produces_trans'1 [#"../../../creusot-contracts/src/std/iter.rs" 49 4 49 91] (a : t_I'0) (ab : Seq.seq t_T'0) (b : t_I'0) (bc : Seq.seq t_T'0) (c : t_I'0) : () + function produces_trans'1 [#"../../../creusot-contracts/src/std/iter.rs" 45 4 45 91] (a : t_I'0) (ab : Seq.seq t_T'0) (b : t_I'0) (bc : Seq.seq t_T'0) (c : t_I'0) : () - axiom produces_trans'1_spec : forall a : t_I'0, ab : Seq.seq t_T'0, b : t_I'0, bc : Seq.seq t_T'0, c : t_I'0 . ([%#siter5] inv'2 a) - -> ([%#siter6] inv'2 b) - -> ([%#siter7] inv'2 c) - -> ([%#siter8] produces'1 a ab b) - -> ([%#siter9] produces'1 b bc c) -> ([%#siter10] produces'1 a (Seq.(++) ab bc) c) + axiom produces_trans'1_spec : forall a : t_I'0, ab : Seq.seq t_T'0, b : t_I'0, bc : Seq.seq t_T'0, c : t_I'0 . ([%#siter4] produces'1 a ab b) + -> ([%#siter5] produces'1 b bc c) -> ([%#siter6] produces'1 a (Seq.(++) ab bc) c) - function produces_refl'0 [#"../../../creusot-contracts/src/std/iter.rs" 40 4 40 27] (self : t_I'0) : () + function produces_refl'0 [#"../../../creusot-contracts/src/std/iter.rs" 39 4 39 27] (self : t_I'0) : () - axiom produces_refl'0_spec : forall self : t_I'0 . ([%#siter3] inv'2 self) - -> ([%#siter4] produces'1 self (Seq.empty : Seq.seq t_T'0) self) + axiom produces_refl'0_spec : forall self : t_I'0 . [%#siter3] produces'1 self (Seq.empty : Seq.seq t_T'0) self use seq.Seq use seq.Seq + use prelude.prelude.Int + + use seq.Seq + use seq.Seq - predicate produces'0 [#"../../../creusot-contracts/src/std/iter/copied.rs" 49 4 49 64] (self : t_Copied'0) (visited : Seq.seq t_T'0) (o : t_Copied'0) + predicate produces'0 [#"../../../creusot-contracts/src/std/iter/copied.rs" 46 4 46 64] (self : t_Copied'0) (visited : Seq.seq t_T'0) (o : t_Copied'0) = - [%#scopied1] exists s : Seq.seq t_T'0 . inv'1 s - /\ produces'1 (iter'0 self) s (iter'0 o) + [%#scopied1] exists s : Seq.seq t_T'0 . produces'1 (iter'0 self) s (iter'0 o) /\ Seq.length visited = Seq.length s /\ (forall i : int . 0 <= i /\ i < Seq.length s -> Seq.get visited i = Seq.get s i) use seq.Seq goal refines : [%#scopied0] forall a : t_Copied'0 . forall ab : Seq.seq t_T'0 . forall b : t_Copied'0 . forall bc : Seq.seq t_T'0 . forall c : t_Copied'0 . produces'0 b bc c - /\ produces'0 a ab b /\ inv'0 c /\ inv'0 b /\ inv'0 a - -> produces'0 b bc c /\ produces'0 a ab b - /\ inv'0 c - /\ inv'0 b /\ inv'0 a /\ (forall result : () . produces'0 a (Seq.(++) ab bc) c -> produces'0 a (Seq.(++) ab bc) c) + -> produces'0 b bc c + /\ produces'0 a ab b /\ (forall result : () . produces'0 a (Seq.(++) ab bc) c -> produces'0 a (Seq.(++) ab bc) c) end -module M_creusot_contracts__stdqy35z1__iter__empty__qyi10605201058978801838__produces_refl__refines [#"../../../creusot-contracts/src/std/iter/empty.rs" 20 4 20 26] (* as std::iter::Iterator> *) - let%span sempty0 = "../../../creusot-contracts/src/std/iter/empty.rs" 20 4 20 26 +module M_creusot_contracts__stdqy35z1__iter__empty__qyi10605201058978801838__produces_refl__refines [#"../../../creusot-contracts/src/std/iter/empty.rs" 19 4 19 26] (* as std::iter::Iterator> *) + let%span sempty0 = "../../../creusot-contracts/src/std/iter/empty.rs" 19 4 19 26 let%span sempty1 = "../../../creusot-contracts/src/std/iter/empty.rs" 13 20 13 54 type t_Empty'0 = { t_Empty__0'0: () } - predicate inv'0 [#"../../../creusot-contracts/src/invariant.rs" 41 0 41 35] (_1 : t_Empty'0) - - axiom inv_axiom'0 [@rewrite] : forall x : t_Empty'0 [inv'0 x] . inv'0 x = true - use seq.Seq type t_T'0 @@ -22873,13 +21403,11 @@ module M_creusot_contracts__stdqy35z1__iter__empty__qyi10605201058978801838__pro = [%#sempty1] visited = (Seq.empty : Seq.seq t_T'0) /\ self = o - goal refines : [%#sempty0] forall self : t_Empty'0 . inv'0 self - -> inv'0 self - /\ (forall result : () . produces'0 self (Seq.empty : Seq.seq t_T'0) self - -> produces'0 self (Seq.empty : Seq.seq t_T'0) self) + goal refines : [%#sempty0] forall self : t_Empty'0 . forall result : () . produces'0 self (Seq.empty : Seq.seq t_T'0) self + -> produces'0 self (Seq.empty : Seq.seq t_T'0) self end -module M_creusot_contracts__stdqy35z1__iter__empty__qyi10605201058978801838__produces_trans__refines [#"../../../creusot-contracts/src/std/iter/empty.rs" 30 4 30 90] (* as std::iter::Iterator> *) - let%span sempty0 = "../../../creusot-contracts/src/std/iter/empty.rs" 30 4 30 90 +module M_creusot_contracts__stdqy35z1__iter__empty__qyi10605201058978801838__produces_trans__refines [#"../../../creusot-contracts/src/std/iter/empty.rs" 26 4 26 90] (* as std::iter::Iterator> *) + let%span sempty0 = "../../../creusot-contracts/src/std/iter/empty.rs" 26 4 26 90 let%span sempty1 = "../../../creusot-contracts/src/std/iter/empty.rs" 13 20 13 54 type t_Empty'0 = @@ -22896,34 +21424,22 @@ module M_creusot_contracts__stdqy35z1__iter__empty__qyi10605201058978801838__pro = [%#sempty1] visited = (Seq.empty : Seq.seq t_T'0) /\ self = o - predicate inv'0 [#"../../../creusot-contracts/src/invariant.rs" 41 0 41 35] (_1 : t_Empty'0) - - axiom inv_axiom'0 [@rewrite] : forall x : t_Empty'0 [inv'0 x] . inv'0 x = true - use seq.Seq goal refines : [%#sempty0] forall a : t_Empty'0 . forall ab : Seq.seq t_T'0 . forall b : t_Empty'0 . forall bc : Seq.seq t_T'0 . forall c : t_Empty'0 . produces'0 b bc c - /\ produces'0 a ab b /\ inv'0 c /\ inv'0 b /\ inv'0 a - -> produces'0 b bc c /\ produces'0 a ab b - /\ inv'0 c - /\ inv'0 b /\ inv'0 a /\ (forall result : () . produces'0 a (Seq.(++) ab bc) c -> produces'0 a (Seq.(++) ab bc) c) + -> produces'0 b bc c + /\ produces'0 a ab b /\ (forall result : () . produces'0 a (Seq.(++) ab bc) c -> produces'0 a (Seq.(++) ab bc) c) end -module M_creusot_contracts__stdqy35z1__iter__enumerate__qyi2718914205750388896__produces_trans__refines [#"../../../creusot-contracts/src/std/iter/enumerate.rs" 96 4 96 90] (* as std::iter::Iterator> *) - let%span senumerate0 = "../../../creusot-contracts/src/std/iter/enumerate.rs" 96 4 96 90 - let%span senumerate1 = "../../../creusot-contracts/src/std/iter/enumerate.rs" 74 12 78 113 +module M_creusot_contracts__stdqy35z1__iter__enumerate__qyi2718914205750388896__produces_trans__refines [#"../../../creusot-contracts/src/std/iter/enumerate.rs" 90 4 90 90] (* as std::iter::Iterator> *) + let%span senumerate0 = "../../../creusot-contracts/src/std/iter/enumerate.rs" 90 4 90 90 + let%span senumerate1 = "../../../creusot-contracts/src/std/iter/enumerate.rs" 72 12 76 113 let%span senumerate2 = "../../../creusot-contracts/src/std/iter/enumerate.rs" 14 14 14 39 - let%span siter3 = "../../../creusot-contracts/src/std/iter.rs" 38 15 38 24 - let%span siter4 = "../../../creusot-contracts/src/std/iter.rs" 39 14 39 45 - let%span siter5 = "../../../creusot-contracts/src/std/iter.rs" 43 15 43 21 - let%span siter6 = "../../../creusot-contracts/src/std/iter.rs" 44 15 44 21 - let%span siter7 = "../../../creusot-contracts/src/std/iter.rs" 45 15 45 21 - let%span siter8 = "../../../creusot-contracts/src/std/iter.rs" 46 15 46 32 - let%span siter9 = "../../../creusot-contracts/src/std/iter.rs" 47 15 47 32 - let%span siter10 = "../../../creusot-contracts/src/std/iter.rs" 48 14 48 42 - let%span senumerate11 = "../../../creusot-contracts/src/std/iter/enumerate.rs" 45 12 49 79 - let%span sseq12 = "../../../creusot-contracts/src/logic/seq.rs" 611 20 611 95 - let%span sboxed13 = "../../../creusot-contracts/src/std/boxed.rs" 28 8 28 18 + let%span siter3 = "../../../creusot-contracts/src/std/iter.rs" 38 14 38 45 + let%span siter4 = "../../../creusot-contracts/src/std/iter.rs" 42 15 42 32 + let%span siter5 = "../../../creusot-contracts/src/std/iter.rs" 43 15 43 32 + let%span siter6 = "../../../creusot-contracts/src/std/iter.rs" 44 14 44 42 + let%span senumerate7 = "../../../creusot-contracts/src/std/iter/enumerate.rs" 45 12 49 79 type t_I'0 @@ -22948,44 +21464,20 @@ module M_creusot_contracts__stdqy35z1__iter__enumerate__qyi2718914205750388896__ use seq.Seq - predicate inv'4 [#"../../../creusot-contracts/src/invariant.rs" 41 0 41 35] (_1 : t_Item'0) - - predicate invariant'2 [#"../../../creusot-contracts/src/std/boxed.rs" 27 4 27 30] (self : t_Item'0) = - [%#sboxed13] inv'4 self - - predicate inv'3 [#"../../../creusot-contracts/src/invariant.rs" 41 0 41 35] (_1 : t_Item'0) - - axiom inv_axiom'2 [@rewrite] : forall x : t_Item'0 [inv'3 x] . inv'3 x = invariant'2 x - - predicate invariant'1 [#"../../../creusot-contracts/src/logic/seq.rs" 610 4 610 30] (self : Seq.seq t_Item'0) = - [%#sseq12] forall i : int . 0 <= i /\ i < Seq.length self -> inv'3 (Seq.get self i) - - predicate inv'1 [#"../../../creusot-contracts/src/invariant.rs" 41 0 41 35] (_1 : Seq.seq t_Item'0) - - axiom inv_axiom'1 [@rewrite] : forall x : Seq.seq t_Item'0 [inv'1 x] . inv'1 x = invariant'1 x - - predicate inv'2 [#"../../../creusot-contracts/src/invariant.rs" 41 0 41 35] (_1 : t_I'0) - - use seq.Seq - - use seq.Seq - predicate produces'1 [#"../../../creusot-contracts/src/std/iter.rs" 32 4 32 65] (self : t_I'0) (visited : Seq.seq t_Item'0) (o : t_I'0) - function produces_trans'1 [#"../../../creusot-contracts/src/std/iter.rs" 49 4 49 91] (a : t_I'0) (ab : Seq.seq t_Item'0) (b : t_I'0) (bc : Seq.seq t_Item'0) (c : t_I'0) : () + function produces_trans'1 [#"../../../creusot-contracts/src/std/iter.rs" 45 4 45 91] (a : t_I'0) (ab : Seq.seq t_Item'0) (b : t_I'0) (bc : Seq.seq t_Item'0) (c : t_I'0) : () - axiom produces_trans'1_spec : forall a : t_I'0, ab : Seq.seq t_Item'0, b : t_I'0, bc : Seq.seq t_Item'0, c : t_I'0 . ([%#siter5] inv'2 a) - -> ([%#siter6] inv'2 b) - -> ([%#siter7] inv'2 c) - -> ([%#siter8] produces'1 a ab b) - -> ([%#siter9] produces'1 b bc c) -> ([%#siter10] produces'1 a (Seq.(++) ab bc) c) + axiom produces_trans'1_spec : forall a : t_I'0, ab : Seq.seq t_Item'0, b : t_I'0, bc : Seq.seq t_Item'0, c : t_I'0 . ([%#siter4] produces'1 a ab b) + -> ([%#siter5] produces'1 b bc c) -> ([%#siter6] produces'1 a (Seq.(++) ab bc) c) + + function produces_refl'0 [#"../../../creusot-contracts/src/std/iter.rs" 39 4 39 27] (self : t_I'0) : () - function produces_refl'0 [#"../../../creusot-contracts/src/std/iter.rs" 40 4 40 27] (self : t_I'0) : () + axiom produces_refl'0_spec : forall self : t_I'0 . [%#siter3] produces'1 self (Seq.empty : Seq.seq t_Item'0) self - axiom produces_refl'0_spec : forall self : t_I'0 . ([%#siter3] inv'2 self) - -> ([%#siter4] produces'1 self (Seq.empty : Seq.seq t_Item'0) self) + use seq.Seq constant v_MAX'0 : usize = (18446744073709551615 : usize) @@ -22995,33 +21487,34 @@ module M_creusot_contracts__stdqy35z1__iter__enumerate__qyi2718914205750388896__ predicate completed'0 [#"../../../creusot-contracts/src/std/iter.rs" 35 4 35 36] (self : borrowed t_I'0) + predicate inv'1 [#"../../../creusot-contracts/src/invariant.rs" 41 0 41 35] (_1 : t_I'0) + predicate inv'0 [#"../../../creusot-contracts/src/invariant.rs" 41 0 41 35] (_1 : t_Enumerate'0) function iter'0 [#"../../../creusot-contracts/src/std/iter/enumerate.rs" 15 4 15 22] (self : t_Enumerate'0) : t_I'0 - axiom iter'0_spec : forall self : t_Enumerate'0 . [%#senumerate2] inv'0 self -> inv'2 (iter'0 self) + axiom iter'0_spec : forall self : t_Enumerate'0 . [%#senumerate2] inv'0 self -> inv'1 (iter'0 self) predicate invariant'0 [#"../../../creusot-contracts/src/std/iter/enumerate.rs" 43 4 43 30] (self : t_Enumerate'0) = - [%#senumerate11] (forall s : Seq.seq t_Item'0, i : t_I'0 [produces'1 (iter'0 self) s i] . inv'1 s - /\ inv'2 i /\ produces'1 (iter'0 self) s i -> n'0 self + Seq.length s < UIntSize.to_int v_MAX'0) + [%#senumerate7] (forall s : Seq.seq t_Item'0, i : t_I'0 [produces'1 (iter'0 self) s i] . produces'1 (iter'0 self) s i + -> n'0 self + Seq.length s < UIntSize.to_int v_MAX'0) /\ (forall i : borrowed t_I'0 . completed'0 i -> produces'1 i.current (Seq.empty : Seq.seq t_Item'0) i.final) axiom inv_axiom'0 [@rewrite] : forall x : t_Enumerate'0 [inv'0 x] . inv'0 x = (invariant'0 x /\ match x with - | {t_Enumerate__iter'0 = iter ; t_Enumerate__count'0 = count} -> inv'2 iter + | {t_Enumerate__iter'0 = iter ; t_Enumerate__count'0 = count} -> inv'1 iter end) use seq.Seq use seq.Seq - predicate produces'0 [#"../../../creusot-contracts/src/std/iter/enumerate.rs" 72 4 72 64] (self : t_Enumerate'0) (visited : Seq.seq (usize, t_Item'0)) (o : t_Enumerate'0) + predicate produces'0 [#"../../../creusot-contracts/src/std/iter/enumerate.rs" 70 4 70 64] (self : t_Enumerate'0) (visited : Seq.seq (usize, t_Item'0)) (o : t_Enumerate'0) = [%#senumerate1] Seq.length visited = n'0 o - n'0 self - /\ (exists s : Seq.seq t_Item'0 . inv'1 s - /\ produces'1 (iter'0 self) s (iter'0 o) + /\ (exists s : Seq.seq t_Item'0 . produces'1 (iter'0 self) s (iter'0 o) /\ Seq.length visited = Seq.length s /\ (forall i : int . 0 <= i /\ i < Seq.length s -> UIntSize.to_int (let (a, _) = Seq.get visited i in a) = n'0 self + i @@ -23030,27 +21523,19 @@ module M_creusot_contracts__stdqy35z1__iter__enumerate__qyi2718914205750388896__ use seq.Seq goal refines : [%#senumerate0] forall a : t_Enumerate'0 . forall ab : Seq.seq (usize, t_Item'0) . forall b : t_Enumerate'0 . forall bc : Seq.seq (usize, t_Item'0) . forall c : t_Enumerate'0 . produces'0 b bc c - /\ produces'0 a ab b /\ inv'0 c /\ inv'0 b /\ inv'0 a - -> produces'0 b bc c /\ produces'0 a ab b - /\ inv'0 c - /\ inv'0 b /\ inv'0 a /\ (forall result : () . produces'0 a (Seq.(++) ab bc) c -> produces'0 a (Seq.(++) ab bc) c) + -> produces'0 b bc c + /\ produces'0 a ab b /\ (forall result : () . produces'0 a (Seq.(++) ab bc) c -> produces'0 a (Seq.(++) ab bc) c) end -module M_creusot_contracts__stdqy35z1__iter__enumerate__qyi2718914205750388896__produces_refl__refines [#"../../../creusot-contracts/src/std/iter/enumerate.rs" 86 4 86 26] (* as std::iter::Iterator> *) - let%span senumerate0 = "../../../creusot-contracts/src/std/iter/enumerate.rs" 86 4 86 26 - let%span senumerate1 = "../../../creusot-contracts/src/std/iter/enumerate.rs" 74 12 78 113 +module M_creusot_contracts__stdqy35z1__iter__enumerate__qyi2718914205750388896__produces_refl__refines [#"../../../creusot-contracts/src/std/iter/enumerate.rs" 83 4 83 26] (* as std::iter::Iterator> *) + let%span senumerate0 = "../../../creusot-contracts/src/std/iter/enumerate.rs" 83 4 83 26 + let%span senumerate1 = "../../../creusot-contracts/src/std/iter/enumerate.rs" 72 12 76 113 let%span senumerate2 = "../../../creusot-contracts/src/std/iter/enumerate.rs" 14 14 14 39 - let%span senumerate3 = "../../../creusot-contracts/src/std/iter/enumerate.rs" 45 12 49 79 - let%span siter4 = "../../../creusot-contracts/src/std/iter.rs" 38 15 38 24 - let%span siter5 = "../../../creusot-contracts/src/std/iter.rs" 39 14 39 45 - let%span siter6 = "../../../creusot-contracts/src/std/iter.rs" 43 15 43 21 - let%span siter7 = "../../../creusot-contracts/src/std/iter.rs" 44 15 44 21 - let%span siter8 = "../../../creusot-contracts/src/std/iter.rs" 45 15 45 21 - let%span siter9 = "../../../creusot-contracts/src/std/iter.rs" 46 15 46 32 - let%span siter10 = "../../../creusot-contracts/src/std/iter.rs" 47 15 47 32 - let%span siter11 = "../../../creusot-contracts/src/std/iter.rs" 48 14 48 42 - let%span sseq12 = "../../../creusot-contracts/src/logic/seq.rs" 611 20 611 95 - let%span sboxed13 = "../../../creusot-contracts/src/std/boxed.rs" 28 8 28 18 + let%span siter3 = "../../../creusot-contracts/src/std/iter.rs" 38 14 38 45 + let%span siter4 = "../../../creusot-contracts/src/std/iter.rs" 42 15 42 32 + let%span siter5 = "../../../creusot-contracts/src/std/iter.rs" 43 15 43 32 + let%span siter6 = "../../../creusot-contracts/src/std/iter.rs" 44 14 44 42 + let%span senumerate7 = "../../../creusot-contracts/src/std/iter/enumerate.rs" 45 12 49 79 type t_I'0 @@ -23059,33 +21544,19 @@ module M_creusot_contracts__stdqy35z1__iter__enumerate__qyi2718914205750388896__ type t_Enumerate'0 = { t_Enumerate__iter'0: t_I'0; t_Enumerate__count'0: usize } - type t_Item'0 - use seq.Seq - use prelude.prelude.Int + type t_Item'0 use seq.Seq use seq.Seq - predicate inv'4 [#"../../../creusot-contracts/src/invariant.rs" 41 0 41 35] (_1 : t_Item'0) - - predicate invariant'2 [#"../../../creusot-contracts/src/std/boxed.rs" 27 4 27 30] (self : t_Item'0) = - [%#sboxed13] inv'4 self - - predicate inv'3 [#"../../../creusot-contracts/src/invariant.rs" 41 0 41 35] (_1 : t_Item'0) - - axiom inv_axiom'2 [@rewrite] : forall x : t_Item'0 [inv'3 x] . inv'3 x = invariant'2 x - - predicate invariant'1 [#"../../../creusot-contracts/src/logic/seq.rs" 610 4 610 30] (self : Seq.seq t_Item'0) = - [%#sseq12] forall i : int . 0 <= i /\ i < Seq.length self -> inv'3 (Seq.get self i) - - predicate inv'1 [#"../../../creusot-contracts/src/invariant.rs" 41 0 41 35] (_1 : Seq.seq t_Item'0) + use prelude.prelude.Int - axiom inv_axiom'1 [@rewrite] : forall x : Seq.seq t_Item'0 [inv'1 x] . inv'1 x = invariant'1 x + function n'0 [#"../../../creusot-contracts/src/std/iter/enumerate.rs" 21 4 21 21] (self : t_Enumerate'0) : int - predicate inv'2 [#"../../../creusot-contracts/src/invariant.rs" 41 0 41 35] (_1 : t_I'0) + use seq.Seq use seq.Seq @@ -23094,21 +21565,17 @@ module M_creusot_contracts__stdqy35z1__iter__enumerate__qyi2718914205750388896__ predicate produces'1 [#"../../../creusot-contracts/src/std/iter.rs" 32 4 32 65] (self : t_I'0) (visited : Seq.seq t_Item'0) (o : t_I'0) - function produces_trans'0 [#"../../../creusot-contracts/src/std/iter.rs" 49 4 49 91] (a : t_I'0) (ab : Seq.seq t_Item'0) (b : t_I'0) (bc : Seq.seq t_Item'0) (c : t_I'0) : () + function produces_trans'0 [#"../../../creusot-contracts/src/std/iter.rs" 45 4 45 91] (a : t_I'0) (ab : Seq.seq t_Item'0) (b : t_I'0) (bc : Seq.seq t_Item'0) (c : t_I'0) : () - axiom produces_trans'0_spec : forall a : t_I'0, ab : Seq.seq t_Item'0, b : t_I'0, bc : Seq.seq t_Item'0, c : t_I'0 . ([%#siter6] inv'2 a) - -> ([%#siter7] inv'2 b) - -> ([%#siter8] inv'2 c) - -> ([%#siter9] produces'1 a ab b) - -> ([%#siter10] produces'1 b bc c) -> ([%#siter11] produces'1 a (Seq.(++) ab bc) c) + axiom produces_trans'0_spec : forall a : t_I'0, ab : Seq.seq t_Item'0, b : t_I'0, bc : Seq.seq t_Item'0, c : t_I'0 . ([%#siter4] produces'1 a ab b) + -> ([%#siter5] produces'1 b bc c) -> ([%#siter6] produces'1 a (Seq.(++) ab bc) c) - function produces_refl'1 [#"../../../creusot-contracts/src/std/iter.rs" 40 4 40 27] (self : t_I'0) : () + function produces_refl'1 [#"../../../creusot-contracts/src/std/iter.rs" 39 4 39 27] (self : t_I'0) : () - axiom produces_refl'1_spec : forall self : t_I'0 . ([%#siter4] inv'2 self) - -> ([%#siter5] produces'1 self (Seq.empty : Seq.seq t_Item'0) self) + axiom produces_refl'1_spec : forall self : t_I'0 . [%#siter3] produces'1 self (Seq.empty : Seq.seq t_Item'0) self - function n'0 [#"../../../creusot-contracts/src/std/iter/enumerate.rs" 21 4 21 21] (self : t_Enumerate'0) : int + use seq.Seq constant v_MAX'0 : usize = (18446744073709551615 : usize) @@ -23118,55 +21585,48 @@ module M_creusot_contracts__stdqy35z1__iter__enumerate__qyi2718914205750388896__ predicate completed'0 [#"../../../creusot-contracts/src/std/iter.rs" 35 4 35 36] (self : borrowed t_I'0) + predicate inv'1 [#"../../../creusot-contracts/src/invariant.rs" 41 0 41 35] (_1 : t_I'0) + predicate inv'0 [#"../../../creusot-contracts/src/invariant.rs" 41 0 41 35] (_1 : t_Enumerate'0) function iter'0 [#"../../../creusot-contracts/src/std/iter/enumerate.rs" 15 4 15 22] (self : t_Enumerate'0) : t_I'0 - axiom iter'0_spec : forall self : t_Enumerate'0 . [%#senumerate2] inv'0 self -> inv'2 (iter'0 self) + axiom iter'0_spec : forall self : t_Enumerate'0 . [%#senumerate2] inv'0 self -> inv'1 (iter'0 self) predicate invariant'0 [#"../../../creusot-contracts/src/std/iter/enumerate.rs" 43 4 43 30] (self : t_Enumerate'0) = - [%#senumerate3] (forall s : Seq.seq t_Item'0, i : t_I'0 [produces'1 (iter'0 self) s i] . inv'1 s - /\ inv'2 i /\ produces'1 (iter'0 self) s i -> n'0 self + Seq.length s < UIntSize.to_int v_MAX'0) + [%#senumerate7] (forall s : Seq.seq t_Item'0, i : t_I'0 [produces'1 (iter'0 self) s i] . produces'1 (iter'0 self) s i + -> n'0 self + Seq.length s < UIntSize.to_int v_MAX'0) /\ (forall i : borrowed t_I'0 . completed'0 i -> produces'1 i.current (Seq.empty : Seq.seq t_Item'0) i.final) axiom inv_axiom'0 [@rewrite] : forall x : t_Enumerate'0 [inv'0 x] . inv'0 x = (invariant'0 x /\ match x with - | {t_Enumerate__iter'0 = iter ; t_Enumerate__count'0 = count} -> inv'2 iter + | {t_Enumerate__iter'0 = iter ; t_Enumerate__count'0 = count} -> inv'1 iter end) use seq.Seq use seq.Seq - use seq.Seq - - use seq.Seq - - use seq.Seq - - predicate produces'0 [#"../../../creusot-contracts/src/std/iter/enumerate.rs" 72 4 72 64] (self : t_Enumerate'0) (visited : Seq.seq (usize, t_Item'0)) (o : t_Enumerate'0) + predicate produces'0 [#"../../../creusot-contracts/src/std/iter/enumerate.rs" 70 4 70 64] (self : t_Enumerate'0) (visited : Seq.seq (usize, t_Item'0)) (o : t_Enumerate'0) = [%#senumerate1] Seq.length visited = n'0 o - n'0 self - /\ (exists s : Seq.seq t_Item'0 . inv'1 s - /\ produces'1 (iter'0 self) s (iter'0 o) + /\ (exists s : Seq.seq t_Item'0 . produces'1 (iter'0 self) s (iter'0 o) /\ Seq.length visited = Seq.length s /\ (forall i : int . 0 <= i /\ i < Seq.length s -> UIntSize.to_int (let (a, _) = Seq.get visited i in a) = n'0 self + i /\ (let (_, a) = Seq.get visited i in a) = Seq.get s i)) - goal refines : [%#senumerate0] forall self : t_Enumerate'0 . inv'0 self - -> inv'0 self - /\ (forall result : () . produces'0 self (Seq.empty : Seq.seq (usize, t_Item'0)) self - -> produces'0 self (Seq.empty : Seq.seq (usize, t_Item'0)) self) + goal refines : [%#senumerate0] forall self : t_Enumerate'0 . forall result : () . produces'0 self (Seq.empty : Seq.seq (usize, t_Item'0)) self + -> produces'0 self (Seq.empty : Seq.seq (usize, t_Item'0)) self end module M_creusot_contracts__stdqy35z1__iter__filter__qyi9573749579793237160__produces_refl__refines [#"../../../creusot-contracts/src/std/iter/filter.rs" 106 4 106 26] (* as std::iter::Iterator> *) let%span sfilter0 = "../../../creusot-contracts/src/std/iter/filter.rs" 106 4 106 26 - let%span sfilter1 = "../../../creusot-contracts/src/std/iter/filter.rs" 87 12 98 17 - let%span sfilter2 = "../../../creusot-contracts/src/std/iter/filter.rs" 22 14 22 39 - let%span sfilter3 = "../../../creusot-contracts/src/std/iter/filter.rs" 15 14 15 39 - let%span sfilter4 = "../../../creusot-contracts/src/std/iter/filter.rs" 34 12 40 124 + let%span sfilter1 = "../../../creusot-contracts/src/std/iter/filter.rs" 87 12 99 17 + let%span sfilter2 = "../../../creusot-contracts/src/std/iter/filter.rs" 34 12 40 124 + let%span sfilter3 = "../../../creusot-contracts/src/std/iter/filter.rs" 22 14 22 39 + let%span sfilter4 = "../../../creusot-contracts/src/std/iter/filter.rs" 15 14 15 39 let%span sops5 = "../../../creusot-contracts/src/std/ops.rs" 109 15 109 59 let%span sops6 = "../../../creusot-contracts/src/std/ops.rs" 110 14 110 36 let%span sops7 = "../../../creusot-contracts/src/std/ops.rs" 115 14 115 31 @@ -23174,14 +21634,10 @@ module M_creusot_contracts__stdqy35z1__iter__filter__qyi9573749579793237160__pro let%span sops9 = "../../../creusot-contracts/src/std/ops.rs" 121 15 121 26 let%span sops10 = "../../../creusot-contracts/src/std/ops.rs" 122 14 122 28 let%span sops11 = "../../../creusot-contracts/src/std/ops.rs" 127 14 128 105 - let%span siter12 = "../../../creusot-contracts/src/std/iter.rs" 38 15 38 24 - let%span siter13 = "../../../creusot-contracts/src/std/iter.rs" 39 14 39 45 - let%span siter14 = "../../../creusot-contracts/src/std/iter.rs" 43 15 43 21 - let%span siter15 = "../../../creusot-contracts/src/std/iter.rs" 44 15 44 21 - let%span siter16 = "../../../creusot-contracts/src/std/iter.rs" 45 15 45 21 - let%span siter17 = "../../../creusot-contracts/src/std/iter.rs" 46 15 46 32 - let%span siter18 = "../../../creusot-contracts/src/std/iter.rs" 47 15 47 32 - let%span siter19 = "../../../creusot-contracts/src/std/iter.rs" 48 14 48 42 + let%span siter12 = "../../../creusot-contracts/src/std/iter.rs" 38 14 38 45 + let%span siter13 = "../../../creusot-contracts/src/std/iter.rs" 42 15 42 32 + let%span siter14 = "../../../creusot-contracts/src/std/iter.rs" 43 15 43 32 + let%span siter15 = "../../../creusot-contracts/src/std/iter.rs" 44 14 44 42 type t_I'0 @@ -23190,10 +21646,14 @@ module M_creusot_contracts__stdqy35z1__iter__filter__qyi9573749579793237160__pro type t_Filter'0 = { t_Filter__iter'0: t_I'0; t_Filter__predicate'0: t_F'0 } - use prelude.prelude.Borrow + use seq.Seq type t_Item'0 + use seq.Seq + + use prelude.prelude.Borrow + predicate precondition'0 [#"../../../creusot-contracts/src/std/ops.rs" 77 4 77 45] (self : t_F'0) (args : t_Item'0) predicate postcondition_once'0 [#"../../../creusot-contracts/src/std/ops.rs" 85 4 85 73] (self : t_F'0) (args : t_Item'0) (result : bool) @@ -23229,30 +21689,26 @@ module M_creusot_contracts__stdqy35z1__iter__filter__qyi9573749579793237160__pro -> ([%#sops6] unnest'0 self res_state) predicate invariant'0 [#"../../../creusot-contracts/src/std/iter/filter.rs" 31 4 31 30] (self : t_Filter'0) = - [%#sfilter4] forall f : t_F'0, i : t_Item'0 . precondition'0 f (i) + [%#sfilter2] forall f : t_F'0, i : t_Item'0 . precondition'0 f (i) /\ (forall f : t_F'0, g : t_F'0 . unnest'0 f g -> f = g) /\ (forall f1 : t_F'0, f2 : t_F'0, i : t_Item'0 . not (postcondition_mut'0 f1 (i) f2 true /\ postcondition_mut'0 f1 (i) f2 false)) - predicate inv'1 [#"../../../creusot-contracts/src/invariant.rs" 41 0 41 35] (_1 : t_I'0) + predicate inv'2 [#"../../../creusot-contracts/src/invariant.rs" 41 0 41 35] (_1 : t_I'0) - predicate inv'2 [#"../../../creusot-contracts/src/invariant.rs" 41 0 41 35] (_1 : t_F'0) + predicate inv'1 [#"../../../creusot-contracts/src/invariant.rs" 41 0 41 35] (_1 : t_F'0) predicate inv'0 [#"../../../creusot-contracts/src/invariant.rs" 41 0 41 35] (_1 : t_Filter'0) axiom inv_axiom'0 [@rewrite] : forall x : t_Filter'0 [inv'0 x] . inv'0 x = (invariant'0 x /\ match x with - | {t_Filter__iter'0 = iter ; t_Filter__predicate'0 = predicate'} -> inv'1 iter /\ inv'2 predicate' + | {t_Filter__iter'0 = iter ; t_Filter__predicate'0 = predicate'} -> inv'2 iter /\ inv'1 predicate' end) - use seq.Seq - - use seq.Seq - function func'0 [#"../../../creusot-contracts/src/std/iter/filter.rs" 23 4 23 22] (self : t_Filter'0) : t_F'0 - axiom func'0_spec : forall self : t_Filter'0 . [%#sfilter2] inv'0 self -> inv'2 (func'0 self) + axiom func'0_spec : forall self : t_Filter'0 . [%#sfilter3] inv'0 self -> inv'1 (func'0 self) use prelude.prelude.Int @@ -23260,26 +21716,22 @@ module M_creusot_contracts__stdqy35z1__iter__filter__qyi9573749579793237160__pro function iter'0 [#"../../../creusot-contracts/src/std/iter/filter.rs" 16 4 16 22] (self : t_Filter'0) : t_I'0 - axiom iter'0_spec : forall self : t_Filter'0 . [%#sfilter3] inv'0 self -> inv'1 (iter'0 self) + axiom iter'0_spec : forall self : t_Filter'0 . [%#sfilter4] inv'0 self -> inv'2 (iter'0 self) use seq.Seq predicate produces'1 [#"../../../creusot-contracts/src/std/iter.rs" 32 4 32 65] (self : t_I'0) (visited : Seq.seq t_Item'0) (o : t_I'0) - function produces_trans'0 [#"../../../creusot-contracts/src/std/iter.rs" 49 4 49 91] (a : t_I'0) (ab : Seq.seq t_Item'0) (b : t_I'0) (bc : Seq.seq t_Item'0) (c : t_I'0) : () + function produces_trans'0 [#"../../../creusot-contracts/src/std/iter.rs" 45 4 45 91] (a : t_I'0) (ab : Seq.seq t_Item'0) (b : t_I'0) (bc : Seq.seq t_Item'0) (c : t_I'0) : () - axiom produces_trans'0_spec : forall a : t_I'0, ab : Seq.seq t_Item'0, b : t_I'0, bc : Seq.seq t_Item'0, c : t_I'0 . ([%#siter14] inv'1 a) - -> ([%#siter15] inv'1 b) - -> ([%#siter16] inv'1 c) - -> ([%#siter17] produces'1 a ab b) - -> ([%#siter18] produces'1 b bc c) -> ([%#siter19] produces'1 a (Seq.(++) ab bc) c) + axiom produces_trans'0_spec : forall a : t_I'0, ab : Seq.seq t_Item'0, b : t_I'0, bc : Seq.seq t_Item'0, c : t_I'0 . ([%#siter13] produces'1 a ab b) + -> ([%#siter14] produces'1 b bc c) -> ([%#siter15] produces'1 a (Seq.(++) ab bc) c) - function produces_refl'1 [#"../../../creusot-contracts/src/std/iter.rs" 40 4 40 27] (self : t_I'0) : () + function produces_refl'1 [#"../../../creusot-contracts/src/std/iter.rs" 39 4 39 27] (self : t_I'0) : () - axiom produces_refl'1_spec : forall self : t_I'0 . ([%#siter12] inv'1 self) - -> ([%#siter13] produces'1 self (Seq.empty : Seq.seq t_Item'0) self) + axiom produces_refl'1_spec : forall self : t_I'0 . [%#siter12] produces'1 self (Seq.empty : Seq.seq t_Item'0) self use seq.Seq @@ -23290,7 +21742,8 @@ module M_creusot_contracts__stdqy35z1__iter__filter__qyi9573749579793237160__pro predicate produces'0 [#"../../../creusot-contracts/src/std/iter/filter.rs" 85 4 85 67] (self : t_Filter'0) (visited : Seq.seq t_Item'0) (succ : t_Filter'0) = - [%#sfilter1] unnest'0 (func'0 self) (func'0 succ) + [%#sfilter1] invariant'0 self + -> unnest'0 (func'0 self) (func'0 succ) /\ (exists s : Seq.seq t_Item'0, f : Map.map int int . produces'1 (iter'0 self) s (iter'0 succ) /\ (forall i : int, j : int . 0 <= i /\ i <= j /\ j < Seq.length visited -> 0 <= Map.get f i /\ Map.get f i <= Map.get f j /\ Map.get f j < Seq.length s) @@ -23299,32 +21752,26 @@ module M_creusot_contracts__stdqy35z1__iter__filter__qyi9573749579793237160__pro -> (exists j : int . 0 <= j /\ j < Seq.length visited /\ Map.get f j = i) = postcondition_mut'0 (func'0 self) (Seq.get s i) (func'0 self) true)) - goal refines : [%#sfilter0] forall self : t_Filter'0 . inv'0 self - -> inv'0 self - /\ (forall result : () . produces'0 self (Seq.empty : Seq.seq t_Item'0) self - -> produces'0 self (Seq.empty : Seq.seq t_Item'0) self) -end -module M_creusot_contracts__stdqy35z1__iter__filter__qyi9573749579793237160__produces_trans__refines [#"../../../creusot-contracts/src/std/iter/filter.rs" 116 4 116 90] (* as std::iter::Iterator> *) - let%span sfilter0 = "../../../creusot-contracts/src/std/iter/filter.rs" 116 4 116 90 - let%span sfilter1 = "../../../creusot-contracts/src/std/iter/filter.rs" 87 12 98 17 - let%span sfilter2 = "../../../creusot-contracts/src/std/iter/filter.rs" 22 14 22 39 - let%span sfilter3 = "../../../creusot-contracts/src/std/iter/filter.rs" 15 14 15 39 - let%span sops4 = "../../../creusot-contracts/src/std/ops.rs" 109 15 109 59 - let%span sops5 = "../../../creusot-contracts/src/std/ops.rs" 110 14 110 36 - let%span sops6 = "../../../creusot-contracts/src/std/ops.rs" 115 14 115 31 - let%span sops7 = "../../../creusot-contracts/src/std/ops.rs" 120 15 120 29 - let%span sops8 = "../../../creusot-contracts/src/std/ops.rs" 121 15 121 26 - let%span sops9 = "../../../creusot-contracts/src/std/ops.rs" 122 14 122 28 - let%span sops10 = "../../../creusot-contracts/src/std/ops.rs" 127 14 128 105 - let%span siter11 = "../../../creusot-contracts/src/std/iter.rs" 38 15 38 24 - let%span siter12 = "../../../creusot-contracts/src/std/iter.rs" 39 14 39 45 - let%span siter13 = "../../../creusot-contracts/src/std/iter.rs" 43 15 43 21 - let%span siter14 = "../../../creusot-contracts/src/std/iter.rs" 44 15 44 21 - let%span siter15 = "../../../creusot-contracts/src/std/iter.rs" 45 15 45 21 - let%span siter16 = "../../../creusot-contracts/src/std/iter.rs" 46 15 46 32 - let%span siter17 = "../../../creusot-contracts/src/std/iter.rs" 47 15 47 32 - let%span siter18 = "../../../creusot-contracts/src/std/iter.rs" 48 14 48 42 - let%span sfilter19 = "../../../creusot-contracts/src/std/iter/filter.rs" 34 12 40 124 + goal refines : [%#sfilter0] forall self : t_Filter'0 . forall result : () . produces'0 self (Seq.empty : Seq.seq t_Item'0) self + -> produces'0 self (Seq.empty : Seq.seq t_Item'0) self +end +module M_creusot_contracts__stdqy35z1__iter__filter__qyi9573749579793237160__produces_trans__refines [#"../../../creusot-contracts/src/std/iter/filter.rs" 113 4 113 90] (* as std::iter::Iterator> *) + let%span sfilter0 = "../../../creusot-contracts/src/std/iter/filter.rs" 113 4 113 90 + let%span sfilter1 = "../../../creusot-contracts/src/std/iter/filter.rs" 87 12 99 17 + let%span sfilter2 = "../../../creusot-contracts/src/std/iter/filter.rs" 34 12 40 124 + let%span sfilter3 = "../../../creusot-contracts/src/std/iter/filter.rs" 22 14 22 39 + let%span sfilter4 = "../../../creusot-contracts/src/std/iter/filter.rs" 15 14 15 39 + let%span sops5 = "../../../creusot-contracts/src/std/ops.rs" 109 15 109 59 + let%span sops6 = "../../../creusot-contracts/src/std/ops.rs" 110 14 110 36 + let%span sops7 = "../../../creusot-contracts/src/std/ops.rs" 115 14 115 31 + let%span sops8 = "../../../creusot-contracts/src/std/ops.rs" 120 15 120 29 + let%span sops9 = "../../../creusot-contracts/src/std/ops.rs" 121 15 121 26 + let%span sops10 = "../../../creusot-contracts/src/std/ops.rs" 122 14 122 28 + let%span sops11 = "../../../creusot-contracts/src/std/ops.rs" 127 14 128 105 + let%span siter12 = "../../../creusot-contracts/src/std/iter.rs" 38 14 38 45 + let%span siter13 = "../../../creusot-contracts/src/std/iter.rs" 42 15 42 32 + let%span siter14 = "../../../creusot-contracts/src/std/iter.rs" 43 15 43 32 + let%span siter15 = "../../../creusot-contracts/src/std/iter.rs" 44 14 44 42 type t_I'0 @@ -23352,7 +21799,7 @@ module M_creusot_contracts__stdqy35z1__iter__filter__qyi9573749579793237160__pro function fn_mut_once'0 [#"../../../creusot-contracts/src/std/ops.rs" 129 4 129 55] (self : t_F'0) (args : t_Item'0) (res : bool) : () - axiom fn_mut_once'0_spec : forall self : t_F'0, args : t_Item'0, res : bool . [%#sops10] postcondition_once'0 self args res + axiom fn_mut_once'0_spec : forall self : t_F'0, args : t_Item'0, res : bool . [%#sops11] postcondition_once'0 self args res = (exists res_state : t_F'0 . postcondition_mut'0 self args res_state res /\ resolve'0 res_state) predicate unnest'0 [#"../../../creusot-contracts/src/std/ops.rs" 103 4 103 36] (self : t_F'0) (_2 : t_F'0) @@ -23360,21 +21807,21 @@ module M_creusot_contracts__stdqy35z1__iter__filter__qyi9573749579793237160__pro function unnest_trans'0 [#"../../../creusot-contracts/src/std/ops.rs" 123 4 123 43] (self : t_F'0) (b : t_F'0) (c : t_F'0) : () - axiom unnest_trans'0_spec : forall self : t_F'0, b : t_F'0, c : t_F'0 . ([%#sops7] unnest'0 self b) - -> ([%#sops8] unnest'0 b c) -> ([%#sops9] unnest'0 self c) - + axiom unnest_trans'0_spec : forall self : t_F'0, b : t_F'0, c : t_F'0 . ([%#sops8] unnest'0 self b) + -> ([%#sops9] unnest'0 b c) -> ([%#sops10] unnest'0 self c) + function unnest_refl'0 [#"../../../creusot-contracts/src/std/ops.rs" 116 4 116 24] (self : t_F'0) : () - axiom unnest_refl'0_spec : forall self : t_F'0 . [%#sops6] unnest'0 self self + axiom unnest_refl'0_spec : forall self : t_F'0 . [%#sops7] unnest'0 self self function postcondition_mut_unnest'0 [#"../../../creusot-contracts/src/std/ops.rs" 111 4 111 85] (self : t_F'0) (args : t_Item'0) (res_state : t_F'0) (res : bool) : () - axiom postcondition_mut_unnest'0_spec : forall self : t_F'0, args : t_Item'0, res_state : t_F'0, res : bool . ([%#sops4] postcondition_mut'0 self args res_state res) - -> ([%#sops5] unnest'0 self res_state) + axiom postcondition_mut_unnest'0_spec : forall self : t_F'0, args : t_Item'0, res_state : t_F'0, res : bool . ([%#sops5] postcondition_mut'0 self args res_state res) + -> ([%#sops6] unnest'0 self res_state) predicate invariant'0 [#"../../../creusot-contracts/src/std/iter/filter.rs" 31 4 31 30] (self : t_Filter'0) = - [%#sfilter19] forall f : t_F'0, i : t_Item'0 . precondition'0 f (i) + [%#sfilter2] forall f : t_F'0, i : t_Item'0 . precondition'0 f (i) /\ (forall f : t_F'0, g : t_F'0 . unnest'0 f g -> f = g) /\ (forall f1 : t_F'0, f2 : t_F'0, i : t_Item'0 . not (postcondition_mut'0 f1 (i) f2 true /\ postcondition_mut'0 f1 (i) f2 false)) @@ -23393,7 +21840,7 @@ module M_creusot_contracts__stdqy35z1__iter__filter__qyi9573749579793237160__pro function func'0 [#"../../../creusot-contracts/src/std/iter/filter.rs" 23 4 23 22] (self : t_Filter'0) : t_F'0 - axiom func'0_spec : forall self : t_Filter'0 . [%#sfilter2] inv'0 self -> inv'1 (func'0 self) + axiom func'0_spec : forall self : t_Filter'0 . [%#sfilter3] inv'0 self -> inv'1 (func'0 self) use prelude.prelude.Int @@ -23401,7 +21848,7 @@ module M_creusot_contracts__stdqy35z1__iter__filter__qyi9573749579793237160__pro function iter'0 [#"../../../creusot-contracts/src/std/iter/filter.rs" 16 4 16 22] (self : t_Filter'0) : t_I'0 - axiom iter'0_spec : forall self : t_Filter'0 . [%#sfilter3] inv'0 self -> inv'2 (iter'0 self) + axiom iter'0_spec : forall self : t_Filter'0 . [%#sfilter4] inv'0 self -> inv'2 (iter'0 self) use seq.Seq @@ -23410,19 +21857,15 @@ module M_creusot_contracts__stdqy35z1__iter__filter__qyi9573749579793237160__pro predicate produces'1 [#"../../../creusot-contracts/src/std/iter.rs" 32 4 32 65] (self : t_I'0) (visited : Seq.seq t_Item'0) (o : t_I'0) - function produces_trans'1 [#"../../../creusot-contracts/src/std/iter.rs" 49 4 49 91] (a : t_I'0) (ab : Seq.seq t_Item'0) (b : t_I'0) (bc : Seq.seq t_Item'0) (c : t_I'0) : () + function produces_trans'1 [#"../../../creusot-contracts/src/std/iter.rs" 45 4 45 91] (a : t_I'0) (ab : Seq.seq t_Item'0) (b : t_I'0) (bc : Seq.seq t_Item'0) (c : t_I'0) : () - axiom produces_trans'1_spec : forall a : t_I'0, ab : Seq.seq t_Item'0, b : t_I'0, bc : Seq.seq t_Item'0, c : t_I'0 . ([%#siter13] inv'2 a) - -> ([%#siter14] inv'2 b) - -> ([%#siter15] inv'2 c) - -> ([%#siter16] produces'1 a ab b) - -> ([%#siter17] produces'1 b bc c) -> ([%#siter18] produces'1 a (Seq.(++) ab bc) c) + axiom produces_trans'1_spec : forall a : t_I'0, ab : Seq.seq t_Item'0, b : t_I'0, bc : Seq.seq t_Item'0, c : t_I'0 . ([%#siter13] produces'1 a ab b) + -> ([%#siter14] produces'1 b bc c) -> ([%#siter15] produces'1 a (Seq.(++) ab bc) c) - function produces_refl'0 [#"../../../creusot-contracts/src/std/iter.rs" 40 4 40 27] (self : t_I'0) : () + function produces_refl'0 [#"../../../creusot-contracts/src/std/iter.rs" 39 4 39 27] (self : t_I'0) : () - axiom produces_refl'0_spec : forall self : t_I'0 . ([%#siter11] inv'2 self) - -> ([%#siter12] produces'1 self (Seq.empty : Seq.seq t_Item'0) self) + axiom produces_refl'0_spec : forall self : t_I'0 . [%#siter12] produces'1 self (Seq.empty : Seq.seq t_Item'0) self use seq.Seq @@ -23433,7 +21876,8 @@ module M_creusot_contracts__stdqy35z1__iter__filter__qyi9573749579793237160__pro predicate produces'0 [#"../../../creusot-contracts/src/std/iter/filter.rs" 85 4 85 67] (self : t_Filter'0) (visited : Seq.seq t_Item'0) (succ : t_Filter'0) = - [%#sfilter1] unnest'0 (func'0 self) (func'0 succ) + [%#sfilter1] invariant'0 self + -> unnest'0 (func'0 self) (func'0 succ) /\ (exists s : Seq.seq t_Item'0, f : Map.map int int . produces'1 (iter'0 self) s (iter'0 succ) /\ (forall i : int, j : int . 0 <= i /\ i <= j /\ j < Seq.length visited -> 0 <= Map.get f i /\ Map.get f i <= Map.get f j /\ Map.get f j < Seq.length s) @@ -23443,25 +21887,19 @@ module M_creusot_contracts__stdqy35z1__iter__filter__qyi9573749579793237160__pro = postcondition_mut'0 (func'0 self) (Seq.get s i) (func'0 self) true)) goal refines : [%#sfilter0] forall a : t_Filter'0 . forall ab : Seq.seq t_Item'0 . forall b : t_Filter'0 . forall bc : Seq.seq t_Item'0 . forall c : t_Filter'0 . produces'0 b bc c - /\ produces'0 a ab b /\ inv'0 c /\ inv'0 b /\ inv'0 a - -> produces'0 b bc c /\ produces'0 a ab b - /\ inv'0 c - /\ inv'0 b /\ inv'0 a /\ (forall result : () . produces'0 a (Seq.(++) ab bc) c -> produces'0 a (Seq.(++) ab bc) c) + -> produces'0 b bc c + /\ produces'0 a ab b /\ (forall result : () . produces'0 a (Seq.(++) ab bc) c -> produces'0 a (Seq.(++) ab bc) c) end -module M_creusot_contracts__stdqy35z1__iter__fuse__qyi10730559947553418603__produces_trans__refines [#"../../../creusot-contracts/src/std/iter/fuse.rs" 53 4 53 90] (* as std::iter::Iterator> *) - let%span sfuse0 = "../../../creusot-contracts/src/std/iter/fuse.rs" 53 4 53 90 +module M_creusot_contracts__stdqy35z1__iter__fuse__qyi10730559947553418603__produces_trans__refines [#"../../../creusot-contracts/src/std/iter/fuse.rs" 49 4 49 90] (* as std::iter::Iterator> *) + let%span sfuse0 = "../../../creusot-contracts/src/std/iter/fuse.rs" 49 4 49 90 let%span sfuse1 = "../../../creusot-contracts/src/std/iter/fuse.rs" 29 12 35 13 let%span sfuse2 = "../../../creusot-contracts/src/std/iter/fuse.rs" 8 14 8 39 let%span sfuse3 = "../../../creusot-contracts/src/std/iter/fuse.rs" 9 14 9 71 - let%span siter4 = "../../../creusot-contracts/src/std/iter.rs" 38 15 38 24 - let%span siter5 = "../../../creusot-contracts/src/std/iter.rs" 39 14 39 45 - let%span siter6 = "../../../creusot-contracts/src/std/iter.rs" 43 15 43 21 - let%span siter7 = "../../../creusot-contracts/src/std/iter.rs" 44 15 44 21 - let%span siter8 = "../../../creusot-contracts/src/std/iter.rs" 45 15 45 21 - let%span siter9 = "../../../creusot-contracts/src/std/iter.rs" 46 15 46 32 - let%span siter10 = "../../../creusot-contracts/src/std/iter.rs" 47 15 47 32 - let%span siter11 = "../../../creusot-contracts/src/std/iter.rs" 48 14 48 42 + let%span siter4 = "../../../creusot-contracts/src/std/iter.rs" 38 14 38 45 + let%span siter5 = "../../../creusot-contracts/src/std/iter.rs" 42 15 42 32 + let%span siter6 = "../../../creusot-contracts/src/std/iter.rs" 43 15 43 32 + let%span siter7 = "../../../creusot-contracts/src/std/iter.rs" 44 14 44 42 type t_I'0 @@ -23505,19 +21943,15 @@ module M_creusot_contracts__stdqy35z1__iter__fuse__qyi10730559947553418603__prod predicate produces'1 [#"../../../creusot-contracts/src/std/iter.rs" 32 4 32 65] (self : t_I'0) (visited : Seq.seq t_Item'0) (o : t_I'0) - function produces_trans'1 [#"../../../creusot-contracts/src/std/iter.rs" 49 4 49 91] (a : t_I'0) (ab : Seq.seq t_Item'0) (b : t_I'0) (bc : Seq.seq t_Item'0) (c : t_I'0) : () + function produces_trans'1 [#"../../../creusot-contracts/src/std/iter.rs" 45 4 45 91] (a : t_I'0) (ab : Seq.seq t_Item'0) (b : t_I'0) (bc : Seq.seq t_Item'0) (c : t_I'0) : () - axiom produces_trans'1_spec : forall a : t_I'0, ab : Seq.seq t_Item'0, b : t_I'0, bc : Seq.seq t_Item'0, c : t_I'0 . ([%#siter6] inv'2 a) - -> ([%#siter7] inv'2 b) - -> ([%#siter8] inv'2 c) - -> ([%#siter9] produces'1 a ab b) - -> ([%#siter10] produces'1 b bc c) -> ([%#siter11] produces'1 a (Seq.(++) ab bc) c) + axiom produces_trans'1_spec : forall a : t_I'0, ab : Seq.seq t_Item'0, b : t_I'0, bc : Seq.seq t_Item'0, c : t_I'0 . ([%#siter5] produces'1 a ab b) + -> ([%#siter6] produces'1 b bc c) -> ([%#siter7] produces'1 a (Seq.(++) ab bc) c) - function produces_refl'0 [#"../../../creusot-contracts/src/std/iter.rs" 40 4 40 27] (self : t_I'0) : () + function produces_refl'0 [#"../../../creusot-contracts/src/std/iter.rs" 39 4 39 27] (self : t_I'0) : () - axiom produces_refl'0_spec : forall self : t_I'0 . ([%#siter4] inv'2 self) - -> ([%#siter5] produces'1 self (Seq.empty : Seq.seq t_Item'0) self) + axiom produces_refl'0_spec : forall self : t_I'0 . [%#siter4] produces'1 self (Seq.empty : Seq.seq t_Item'0) self predicate produces'0 [#"../../../creusot-contracts/src/std/iter/fuse.rs" 27 4 27 65] (self : t_Fuse'0) (prod : Seq.seq t_Item'0) (other : t_Fuse'0) @@ -23531,25 +21965,19 @@ module M_creusot_contracts__stdqy35z1__iter__fuse__qyi10730559947553418603__prod end goal refines : [%#sfuse0] forall a : t_Fuse'0 . forall ab : Seq.seq t_Item'0 . forall b : t_Fuse'0 . forall bc : Seq.seq t_Item'0 . forall c : t_Fuse'0 . produces'0 b bc c - /\ produces'0 a ab b /\ inv'0 c /\ inv'0 b /\ inv'0 a - -> produces'0 b bc c /\ produces'0 a ab b - /\ inv'0 c - /\ inv'0 b /\ inv'0 a /\ (forall result : () . produces'0 a (Seq.(++) ab bc) c -> produces'0 a (Seq.(++) ab bc) c) + -> produces'0 b bc c + /\ produces'0 a ab b /\ (forall result : () . produces'0 a (Seq.(++) ab bc) c -> produces'0 a (Seq.(++) ab bc) c) end -module M_creusot_contracts__stdqy35z1__iter__fuse__qyi10730559947553418603__produces_refl__refines [#"../../../creusot-contracts/src/std/iter/fuse.rs" 43 4 43 26] (* as std::iter::Iterator> *) - let%span sfuse0 = "../../../creusot-contracts/src/std/iter/fuse.rs" 43 4 43 26 +module M_creusot_contracts__stdqy35z1__iter__fuse__qyi10730559947553418603__produces_refl__refines [#"../../../creusot-contracts/src/std/iter/fuse.rs" 42 4 42 26] (* as std::iter::Iterator> *) + let%span sfuse0 = "../../../creusot-contracts/src/std/iter/fuse.rs" 42 4 42 26 let%span sfuse1 = "../../../creusot-contracts/src/std/iter/fuse.rs" 29 12 35 13 let%span sfuse2 = "../../../creusot-contracts/src/std/iter/fuse.rs" 8 14 8 39 let%span sfuse3 = "../../../creusot-contracts/src/std/iter/fuse.rs" 9 14 9 71 - let%span siter4 = "../../../creusot-contracts/src/std/iter.rs" 38 15 38 24 - let%span siter5 = "../../../creusot-contracts/src/std/iter.rs" 39 14 39 45 - let%span siter6 = "../../../creusot-contracts/src/std/iter.rs" 43 15 43 21 - let%span siter7 = "../../../creusot-contracts/src/std/iter.rs" 44 15 44 21 - let%span siter8 = "../../../creusot-contracts/src/std/iter.rs" 45 15 45 21 - let%span siter9 = "../../../creusot-contracts/src/std/iter.rs" 46 15 46 32 - let%span siter10 = "../../../creusot-contracts/src/std/iter.rs" 47 15 47 32 - let%span siter11 = "../../../creusot-contracts/src/std/iter.rs" 48 14 48 42 + let%span siter4 = "../../../creusot-contracts/src/std/iter.rs" 38 14 38 45 + let%span siter5 = "../../../creusot-contracts/src/std/iter.rs" 42 15 42 32 + let%span siter6 = "../../../creusot-contracts/src/std/iter.rs" 43 15 43 32 + let%span siter7 = "../../../creusot-contracts/src/std/iter.rs" 44 14 44 42 type t_I'0 @@ -23560,6 +21988,12 @@ module M_creusot_contracts__stdqy35z1__iter__fuse__qyi10730559947553418603__prod type t_Fuse'0 = { t_Fuse__iter'0: t_Option'0 } + use seq.Seq + + type t_Item'0 + + use seq.Seq + predicate inv'2 [#"../../../creusot-contracts/src/invariant.rs" 41 0 41 35] (_1 : t_I'0) predicate inv'1 [#"../../../creusot-contracts/src/invariant.rs" 41 0 41 35] (_1 : t_Option'0) @@ -23577,12 +22011,6 @@ module M_creusot_contracts__stdqy35z1__iter__fuse__qyi10730559947553418603__prod | {t_Fuse__iter'0 = iter} -> inv'1 iter end - use seq.Seq - - type t_Item'0 - - use seq.Seq - function view'0 [#"../../../creusot-contracts/src/std/iter/fuse.rs" 10 4 10 30] (self : t_Fuse'0) : t_Option'0 axiom view'0_spec : forall self : t_Fuse'0 . ([%#sfuse2] inv'0 self -> inv'1 (view'0 self)) @@ -23593,19 +22021,15 @@ module M_creusot_contracts__stdqy35z1__iter__fuse__qyi10730559947553418603__prod predicate produces'1 [#"../../../creusot-contracts/src/std/iter.rs" 32 4 32 65] (self : t_I'0) (visited : Seq.seq t_Item'0) (o : t_I'0) - function produces_trans'0 [#"../../../creusot-contracts/src/std/iter.rs" 49 4 49 91] (a : t_I'0) (ab : Seq.seq t_Item'0) (b : t_I'0) (bc : Seq.seq t_Item'0) (c : t_I'0) : () + function produces_trans'0 [#"../../../creusot-contracts/src/std/iter.rs" 45 4 45 91] (a : t_I'0) (ab : Seq.seq t_Item'0) (b : t_I'0) (bc : Seq.seq t_Item'0) (c : t_I'0) : () - axiom produces_trans'0_spec : forall a : t_I'0, ab : Seq.seq t_Item'0, b : t_I'0, bc : Seq.seq t_Item'0, c : t_I'0 . ([%#siter6] inv'2 a) - -> ([%#siter7] inv'2 b) - -> ([%#siter8] inv'2 c) - -> ([%#siter9] produces'1 a ab b) - -> ([%#siter10] produces'1 b bc c) -> ([%#siter11] produces'1 a (Seq.(++) ab bc) c) + axiom produces_trans'0_spec : forall a : t_I'0, ab : Seq.seq t_Item'0, b : t_I'0, bc : Seq.seq t_Item'0, c : t_I'0 . ([%#siter5] produces'1 a ab b) + -> ([%#siter6] produces'1 b bc c) -> ([%#siter7] produces'1 a (Seq.(++) ab bc) c) - function produces_refl'1 [#"../../../creusot-contracts/src/std/iter.rs" 40 4 40 27] (self : t_I'0) : () + function produces_refl'1 [#"../../../creusot-contracts/src/std/iter.rs" 39 4 39 27] (self : t_I'0) : () - axiom produces_refl'1_spec : forall self : t_I'0 . ([%#siter4] inv'2 self) - -> ([%#siter5] produces'1 self (Seq.empty : Seq.seq t_Item'0) self) + axiom produces_refl'1_spec : forall self : t_I'0 . [%#siter4] produces'1 self (Seq.empty : Seq.seq t_Item'0) self predicate produces'0 [#"../../../creusot-contracts/src/std/iter/fuse.rs" 27 4 27 65] (self : t_Fuse'0) (prod : Seq.seq t_Item'0) (other : t_Fuse'0) @@ -23618,14 +22042,12 @@ module M_creusot_contracts__stdqy35z1__iter__fuse__qyi10730559947553418603__prod end end - goal refines : [%#sfuse0] forall self : t_Fuse'0 . inv'0 self - -> inv'0 self - /\ (forall result : () . produces'0 self (Seq.empty : Seq.seq t_Item'0) self - -> produces'0 self (Seq.empty : Seq.seq t_Item'0) self) + goal refines : [%#sfuse0] forall self : t_Fuse'0 . forall result : () . produces'0 self (Seq.empty : Seq.seq t_Item'0) self + -> produces'0 self (Seq.empty : Seq.seq t_Item'0) self end module M_creusot_contracts__stdqy35z1__iter__map__qyi6597778842032428791__produces_refl__refines [#"../../../creusot-contracts/src/std/iter/map.rs" 81 4 81 26] (* as std::iter::Iterator> *) let%span smap0 = "../../../creusot-contracts/src/std/iter/map.rs" 81 4 81 26 - let%span smap1 = "../../../creusot-contracts/src/std/iter/map.rs" 62 12 73 75 + let%span smap1 = "../../../creusot-contracts/src/std/iter/map.rs" 63 12 74 75 let%span smap2 = "../../../creusot-contracts/src/std/iter/map.rs" 22 14 22 39 let%span smap3 = "../../../creusot-contracts/src/std/iter/map.rs" 15 14 15 39 let%span sops4 = "../../../creusot-contracts/src/std/ops.rs" 109 15 109 59 @@ -23635,17 +22057,10 @@ module M_creusot_contracts__stdqy35z1__iter__map__qyi6597778842032428791__produc let%span sops8 = "../../../creusot-contracts/src/std/ops.rs" 121 15 121 26 let%span sops9 = "../../../creusot-contracts/src/std/ops.rs" 122 14 122 28 let%span sops10 = "../../../creusot-contracts/src/std/ops.rs" 127 14 128 105 - let%span siter11 = "../../../creusot-contracts/src/std/iter.rs" 38 15 38 24 - let%span siter12 = "../../../creusot-contracts/src/std/iter.rs" 39 14 39 45 - let%span siter13 = "../../../creusot-contracts/src/std/iter.rs" 43 15 43 21 - let%span siter14 = "../../../creusot-contracts/src/std/iter.rs" 44 15 44 21 - let%span siter15 = "../../../creusot-contracts/src/std/iter.rs" 45 15 45 21 - let%span siter16 = "../../../creusot-contracts/src/std/iter.rs" 46 15 46 32 - let%span siter17 = "../../../creusot-contracts/src/std/iter.rs" 47 15 47 32 - let%span siter18 = "../../../creusot-contracts/src/std/iter.rs" 48 14 48 42 - let%span sseq19 = "../../../creusot-contracts/src/logic/seq.rs" 611 20 611 95 - let%span sboxed20 = "../../../creusot-contracts/src/std/boxed.rs" 28 8 28 18 - let%span sinvariant21 = "../../../creusot-contracts/src/invariant.rs" 34 20 34 44 + let%span siter11 = "../../../creusot-contracts/src/std/iter.rs" 38 14 38 45 + let%span siter12 = "../../../creusot-contracts/src/std/iter.rs" 42 15 42 32 + let%span siter13 = "../../../creusot-contracts/src/std/iter.rs" 43 15 43 32 + let%span siter14 = "../../../creusot-contracts/src/std/iter.rs" 44 14 44 42 type t_I'0 @@ -23654,26 +22069,26 @@ module M_creusot_contracts__stdqy35z1__iter__map__qyi6597778842032428791__produc type t_Map'0 = { t_Map__iter'0: t_I'0; t_Map__f'0: t_F'0 } - predicate inv'3 [#"../../../creusot-contracts/src/invariant.rs" 41 0 41 35] (_1 : t_I'0) + use seq.Seq + + type t_B'0 + + use seq.Seq + + predicate inv'2 [#"../../../creusot-contracts/src/invariant.rs" 41 0 41 35] (_1 : t_I'0) - predicate inv'4 [#"../../../creusot-contracts/src/invariant.rs" 41 0 41 35] (_1 : t_F'0) + predicate inv'1 [#"../../../creusot-contracts/src/invariant.rs" 41 0 41 35] (_1 : t_F'0) predicate inv'0 [#"../../../creusot-contracts/src/invariant.rs" 41 0 41 35] (_1 : t_Map'0) axiom inv_axiom'0 [@rewrite] : forall x : t_Map'0 [inv'0 x] . inv'0 x = match x with - | {t_Map__iter'0 = iter ; t_Map__f'0 = f} -> inv'3 iter /\ inv'4 f + | {t_Map__iter'0 = iter ; t_Map__f'0 = f} -> inv'2 iter /\ inv'1 f end - use seq.Seq - - type t_B'0 - - use seq.Seq - function func'0 [#"../../../creusot-contracts/src/std/iter/map.rs" 23 4 23 22] (self : t_Map'0) : t_F'0 - axiom func'0_spec : forall self : t_Map'0 . [%#smap2] inv'0 self -> inv'4 (func'0 self) + axiom func'0_spec : forall self : t_Map'0 . [%#smap2] inv'0 self -> inv'1 (func'0 self) type t_Item'0 @@ -23713,34 +22128,6 @@ module M_creusot_contracts__stdqy35z1__iter__map__qyi6597778842032428791__produc use seq.Seq - use prelude.prelude.Int - - use seq.Seq - - use seq.Seq - - predicate invariant'4 [#"../../../creusot-contracts/src/invariant.rs" 33 4 33 30] (self : borrowed t_F'0) = - [%#sinvariant21] inv'4 self.current /\ inv'4 self.final - - predicate inv'7 [#"../../../creusot-contracts/src/invariant.rs" 41 0 41 35] (_1 : borrowed t_F'0) - - axiom inv_axiom'5 [@rewrite] : forall x : borrowed t_F'0 [inv'7 x] . inv'7 x = invariant'4 x - - predicate invariant'2 [#"../../../creusot-contracts/src/std/boxed.rs" 27 4 27 30] (self : borrowed t_F'0) = - [%#sboxed20] inv'7 self - - predicate inv'5 [#"../../../creusot-contracts/src/invariant.rs" 41 0 41 35] (_1 : borrowed t_F'0) - - axiom inv_axiom'3 [@rewrite] : forall x : borrowed t_F'0 [inv'5 x] . inv'5 x = invariant'2 x - - predicate invariant'0 [#"../../../creusot-contracts/src/logic/seq.rs" 610 4 610 30] (self : Seq.seq (borrowed t_F'0)) - = - [%#sseq19] forall i : int . 0 <= i /\ i < Seq.length self -> inv'5 (Seq.get self i) - - predicate inv'1 [#"../../../creusot-contracts/src/invariant.rs" 41 0 41 35] (_1 : Seq.seq (borrowed t_F'0)) - - axiom inv_axiom'1 [@rewrite] : forall x : Seq.seq (borrowed t_F'0) [inv'1 x] . inv'1 x = invariant'0 x - use seq.Seq use seq.Seq @@ -23749,25 +22136,9 @@ module M_creusot_contracts__stdqy35z1__iter__map__qyi6597778842032428791__produc use seq.Seq - predicate inv'8 [#"../../../creusot-contracts/src/invariant.rs" 41 0 41 35] (_1 : t_Item'0) - - predicate invariant'3 [#"../../../creusot-contracts/src/std/boxed.rs" 27 4 27 30] (self : t_Item'0) = - [%#sboxed20] inv'8 self - - predicate inv'6 [#"../../../creusot-contracts/src/invariant.rs" 41 0 41 35] (_1 : t_Item'0) - - axiom inv_axiom'4 [@rewrite] : forall x : t_Item'0 [inv'6 x] . inv'6 x = invariant'3 x - - predicate invariant'1 [#"../../../creusot-contracts/src/logic/seq.rs" 610 4 610 30] (self : Seq.seq t_Item'0) = - [%#sseq19] forall i : int . 0 <= i /\ i < Seq.length self -> inv'6 (Seq.get self i) - - predicate inv'2 [#"../../../creusot-contracts/src/invariant.rs" 41 0 41 35] (_1 : Seq.seq t_Item'0) - - axiom inv_axiom'2 [@rewrite] : forall x : Seq.seq t_Item'0 [inv'2 x] . inv'2 x = invariant'1 x - function iter'0 [#"../../../creusot-contracts/src/std/iter/map.rs" 16 4 16 22] (self : t_Map'0) : t_I'0 - axiom iter'0_spec : forall self : t_Map'0 . [%#smap3] inv'0 self -> inv'3 (iter'0 self) + axiom iter'0_spec : forall self : t_Map'0 . [%#smap3] inv'0 self -> inv'2 (iter'0 self) use seq.Seq @@ -23776,19 +22147,17 @@ module M_creusot_contracts__stdqy35z1__iter__map__qyi6597778842032428791__produc predicate produces'1 [#"../../../creusot-contracts/src/std/iter.rs" 32 4 32 65] (self : t_I'0) (visited : Seq.seq t_Item'0) (o : t_I'0) - function produces_trans'0 [#"../../../creusot-contracts/src/std/iter.rs" 49 4 49 91] (a : t_I'0) (ab : Seq.seq t_Item'0) (b : t_I'0) (bc : Seq.seq t_Item'0) (c : t_I'0) : () + function produces_trans'0 [#"../../../creusot-contracts/src/std/iter.rs" 45 4 45 91] (a : t_I'0) (ab : Seq.seq t_Item'0) (b : t_I'0) (bc : Seq.seq t_Item'0) (c : t_I'0) : () - axiom produces_trans'0_spec : forall a : t_I'0, ab : Seq.seq t_Item'0, b : t_I'0, bc : Seq.seq t_Item'0, c : t_I'0 . ([%#siter13] inv'3 a) - -> ([%#siter14] inv'3 b) - -> ([%#siter15] inv'3 c) - -> ([%#siter16] produces'1 a ab b) - -> ([%#siter17] produces'1 b bc c) -> ([%#siter18] produces'1 a (Seq.(++) ab bc) c) + axiom produces_trans'0_spec : forall a : t_I'0, ab : Seq.seq t_Item'0, b : t_I'0, bc : Seq.seq t_Item'0, c : t_I'0 . ([%#siter12] produces'1 a ab b) + -> ([%#siter13] produces'1 b bc c) -> ([%#siter14] produces'1 a (Seq.(++) ab bc) c) - function produces_refl'1 [#"../../../creusot-contracts/src/std/iter.rs" 40 4 40 27] (self : t_I'0) : () + function produces_refl'1 [#"../../../creusot-contracts/src/std/iter.rs" 39 4 39 27] (self : t_I'0) : () - axiom produces_refl'1_spec : forall self : t_I'0 . ([%#siter11] inv'3 self) - -> ([%#siter12] produces'1 self (Seq.empty : Seq.seq t_Item'0) self) + axiom produces_refl'1_spec : forall self : t_I'0 . [%#siter11] produces'1 self (Seq.empty : Seq.seq t_Item'0) self + + use prelude.prelude.Int use seq.Seq @@ -23798,14 +22167,12 @@ module M_creusot_contracts__stdqy35z1__iter__map__qyi6597778842032428791__produc use seq.Seq - predicate produces'0 [@inline:trivial] [#"../../../creusot-contracts/src/std/iter/map.rs" 60 4 60 67] (self : t_Map'0) (visited : Seq.seq t_B'0) (succ : t_Map'0) + predicate produces'0 [@inline:trivial] [#"../../../creusot-contracts/src/std/iter/map.rs" 61 4 61 67] (self : t_Map'0) (visited : Seq.seq t_B'0) (succ : t_Map'0) = [%#smap1] unnest'0 (func'0 self) (func'0 succ) - /\ (exists fs : Seq.seq (borrowed t_F'0) . inv'1 fs - /\ Seq.length fs = Seq.length visited - /\ (exists s : Seq.seq t_Item'0 [produces'1 (iter'0 self) s (iter'0 succ)] . inv'2 s - /\ Seq.length s = Seq.length visited + /\ (exists fs : Seq.seq (borrowed t_F'0) . Seq.length fs = Seq.length visited + /\ (exists s : Seq.seq t_Item'0 [produces'1 (iter'0 self) s (iter'0 succ)] . Seq.length s = Seq.length visited /\ produces'1 (iter'0 self) s (iter'0 succ) /\ (forall i : int . 1 <= i /\ i < Seq.length fs -> (Seq.get fs (i - 1)).final = (Seq.get fs i).current) /\ (if Seq.length visited = 0 then @@ -23818,14 +22185,12 @@ module M_creusot_contracts__stdqy35z1__iter__map__qyi6597778842032428791__produc /\ precondition'0 (Seq.get fs i).current (Seq.get s i) /\ postcondition_mut'0 (Seq.get fs i).current (Seq.get s i) (Seq.get fs i).final (Seq.get visited i)))) - goal refines : [%#smap0] forall self : t_Map'0 . inv'0 self - -> inv'0 self - /\ (forall result : () . produces'0 self (Seq.empty : Seq.seq t_B'0) self - -> produces'0 self (Seq.empty : Seq.seq t_B'0) self) + goal refines : [%#smap0] forall self : t_Map'0 . forall result : () . produces'0 self (Seq.empty : Seq.seq t_B'0) self + -> produces'0 self (Seq.empty : Seq.seq t_B'0) self end -module M_creusot_contracts__stdqy35z1__iter__map__qyi6597778842032428791__produces_trans__refines [#"../../../creusot-contracts/src/std/iter/map.rs" 91 4 91 90] (* as std::iter::Iterator> *) - let%span smap0 = "../../../creusot-contracts/src/std/iter/map.rs" 91 4 91 90 - let%span smap1 = "../../../creusot-contracts/src/std/iter/map.rs" 62 12 73 75 +module M_creusot_contracts__stdqy35z1__iter__map__qyi6597778842032428791__produces_trans__refines [#"../../../creusot-contracts/src/std/iter/map.rs" 88 4 88 90] (* as std::iter::Iterator> *) + let%span smap0 = "../../../creusot-contracts/src/std/iter/map.rs" 88 4 88 90 + let%span smap1 = "../../../creusot-contracts/src/std/iter/map.rs" 63 12 74 75 let%span smap2 = "../../../creusot-contracts/src/std/iter/map.rs" 22 14 22 39 let%span smap3 = "../../../creusot-contracts/src/std/iter/map.rs" 15 14 15 39 let%span sops4 = "../../../creusot-contracts/src/std/ops.rs" 109 15 109 59 @@ -23835,17 +22200,10 @@ module M_creusot_contracts__stdqy35z1__iter__map__qyi6597778842032428791__produc let%span sops8 = "../../../creusot-contracts/src/std/ops.rs" 121 15 121 26 let%span sops9 = "../../../creusot-contracts/src/std/ops.rs" 122 14 122 28 let%span sops10 = "../../../creusot-contracts/src/std/ops.rs" 127 14 128 105 - let%span siter11 = "../../../creusot-contracts/src/std/iter.rs" 38 15 38 24 - let%span siter12 = "../../../creusot-contracts/src/std/iter.rs" 39 14 39 45 - let%span siter13 = "../../../creusot-contracts/src/std/iter.rs" 43 15 43 21 - let%span siter14 = "../../../creusot-contracts/src/std/iter.rs" 44 15 44 21 - let%span siter15 = "../../../creusot-contracts/src/std/iter.rs" 45 15 45 21 - let%span siter16 = "../../../creusot-contracts/src/std/iter.rs" 46 15 46 32 - let%span siter17 = "../../../creusot-contracts/src/std/iter.rs" 47 15 47 32 - let%span siter18 = "../../../creusot-contracts/src/std/iter.rs" 48 14 48 42 - let%span sseq19 = "../../../creusot-contracts/src/logic/seq.rs" 611 20 611 95 - let%span sboxed20 = "../../../creusot-contracts/src/std/boxed.rs" 28 8 28 18 - let%span sinvariant21 = "../../../creusot-contracts/src/invariant.rs" 34 20 34 44 + let%span siter11 = "../../../creusot-contracts/src/std/iter.rs" 38 14 38 45 + let%span siter12 = "../../../creusot-contracts/src/std/iter.rs" 42 15 42 32 + let%span siter13 = "../../../creusot-contracts/src/std/iter.rs" 43 15 43 32 + let%span siter14 = "../../../creusot-contracts/src/std/iter.rs" 44 14 44 42 type t_I'0 @@ -23858,20 +22216,20 @@ module M_creusot_contracts__stdqy35z1__iter__map__qyi6597778842032428791__produc use seq.Seq - predicate inv'4 [#"../../../creusot-contracts/src/invariant.rs" 41 0 41 35] (_1 : t_I'0) + predicate inv'2 [#"../../../creusot-contracts/src/invariant.rs" 41 0 41 35] (_1 : t_I'0) - predicate inv'3 [#"../../../creusot-contracts/src/invariant.rs" 41 0 41 35] (_1 : t_F'0) + predicate inv'1 [#"../../../creusot-contracts/src/invariant.rs" 41 0 41 35] (_1 : t_F'0) predicate inv'0 [#"../../../creusot-contracts/src/invariant.rs" 41 0 41 35] (_1 : t_Map'0) axiom inv_axiom'0 [@rewrite] : forall x : t_Map'0 [inv'0 x] . inv'0 x = match x with - | {t_Map__iter'0 = iter ; t_Map__f'0 = f} -> inv'4 iter /\ inv'3 f + | {t_Map__iter'0 = iter ; t_Map__f'0 = f} -> inv'2 iter /\ inv'1 f end function func'0 [#"../../../creusot-contracts/src/std/iter/map.rs" 23 4 23 22] (self : t_Map'0) : t_F'0 - axiom func'0_spec : forall self : t_Map'0 . [%#smap2] inv'0 self -> inv'3 (func'0 self) + axiom func'0_spec : forall self : t_Map'0 . [%#smap2] inv'0 self -> inv'1 (func'0 self) type t_Item'0 @@ -23911,34 +22269,6 @@ module M_creusot_contracts__stdqy35z1__iter__map__qyi6597778842032428791__produc use seq.Seq - use prelude.prelude.Int - - use seq.Seq - - use seq.Seq - - predicate invariant'4 [#"../../../creusot-contracts/src/invariant.rs" 33 4 33 30] (self : borrowed t_F'0) = - [%#sinvariant21] inv'3 self.current /\ inv'3 self.final - - predicate inv'7 [#"../../../creusot-contracts/src/invariant.rs" 41 0 41 35] (_1 : borrowed t_F'0) - - axiom inv_axiom'5 [@rewrite] : forall x : borrowed t_F'0 [inv'7 x] . inv'7 x = invariant'4 x - - predicate invariant'2 [#"../../../creusot-contracts/src/std/boxed.rs" 27 4 27 30] (self : borrowed t_F'0) = - [%#sboxed20] inv'7 self - - predicate inv'5 [#"../../../creusot-contracts/src/invariant.rs" 41 0 41 35] (_1 : borrowed t_F'0) - - axiom inv_axiom'3 [@rewrite] : forall x : borrowed t_F'0 [inv'5 x] . inv'5 x = invariant'2 x - - predicate invariant'0 [#"../../../creusot-contracts/src/logic/seq.rs" 610 4 610 30] (self : Seq.seq (borrowed t_F'0)) - = - [%#sseq19] forall i : int . 0 <= i /\ i < Seq.length self -> inv'5 (Seq.get self i) - - predicate inv'1 [#"../../../creusot-contracts/src/invariant.rs" 41 0 41 35] (_1 : Seq.seq (borrowed t_F'0)) - - axiom inv_axiom'1 [@rewrite] : forall x : Seq.seq (borrowed t_F'0) [inv'1 x] . inv'1 x = invariant'0 x - use seq.Seq use seq.Seq @@ -23947,25 +22277,9 @@ module M_creusot_contracts__stdqy35z1__iter__map__qyi6597778842032428791__produc use seq.Seq - predicate inv'8 [#"../../../creusot-contracts/src/invariant.rs" 41 0 41 35] (_1 : t_Item'0) - - predicate invariant'3 [#"../../../creusot-contracts/src/std/boxed.rs" 27 4 27 30] (self : t_Item'0) = - [%#sboxed20] inv'8 self - - predicate inv'6 [#"../../../creusot-contracts/src/invariant.rs" 41 0 41 35] (_1 : t_Item'0) - - axiom inv_axiom'4 [@rewrite] : forall x : t_Item'0 [inv'6 x] . inv'6 x = invariant'3 x - - predicate invariant'1 [#"../../../creusot-contracts/src/logic/seq.rs" 610 4 610 30] (self : Seq.seq t_Item'0) = - [%#sseq19] forall i : int . 0 <= i /\ i < Seq.length self -> inv'6 (Seq.get self i) - - predicate inv'2 [#"../../../creusot-contracts/src/invariant.rs" 41 0 41 35] (_1 : Seq.seq t_Item'0) - - axiom inv_axiom'2 [@rewrite] : forall x : Seq.seq t_Item'0 [inv'2 x] . inv'2 x = invariant'1 x - function iter'0 [#"../../../creusot-contracts/src/std/iter/map.rs" 16 4 16 22] (self : t_Map'0) : t_I'0 - axiom iter'0_spec : forall self : t_Map'0 . [%#smap3] inv'0 self -> inv'4 (iter'0 self) + axiom iter'0_spec : forall self : t_Map'0 . [%#smap3] inv'0 self -> inv'2 (iter'0 self) use seq.Seq @@ -23974,19 +22288,17 @@ module M_creusot_contracts__stdqy35z1__iter__map__qyi6597778842032428791__produc predicate produces'1 [#"../../../creusot-contracts/src/std/iter.rs" 32 4 32 65] (self : t_I'0) (visited : Seq.seq t_Item'0) (o : t_I'0) - function produces_trans'1 [#"../../../creusot-contracts/src/std/iter.rs" 49 4 49 91] (a : t_I'0) (ab : Seq.seq t_Item'0) (b : t_I'0) (bc : Seq.seq t_Item'0) (c : t_I'0) : () + function produces_trans'1 [#"../../../creusot-contracts/src/std/iter.rs" 45 4 45 91] (a : t_I'0) (ab : Seq.seq t_Item'0) (b : t_I'0) (bc : Seq.seq t_Item'0) (c : t_I'0) : () - axiom produces_trans'1_spec : forall a : t_I'0, ab : Seq.seq t_Item'0, b : t_I'0, bc : Seq.seq t_Item'0, c : t_I'0 . ([%#siter13] inv'4 a) - -> ([%#siter14] inv'4 b) - -> ([%#siter15] inv'4 c) - -> ([%#siter16] produces'1 a ab b) - -> ([%#siter17] produces'1 b bc c) -> ([%#siter18] produces'1 a (Seq.(++) ab bc) c) + axiom produces_trans'1_spec : forall a : t_I'0, ab : Seq.seq t_Item'0, b : t_I'0, bc : Seq.seq t_Item'0, c : t_I'0 . ([%#siter12] produces'1 a ab b) + -> ([%#siter13] produces'1 b bc c) -> ([%#siter14] produces'1 a (Seq.(++) ab bc) c) + + function produces_refl'0 [#"../../../creusot-contracts/src/std/iter.rs" 39 4 39 27] (self : t_I'0) : () - function produces_refl'0 [#"../../../creusot-contracts/src/std/iter.rs" 40 4 40 27] (self : t_I'0) : () + axiom produces_refl'0_spec : forall self : t_I'0 . [%#siter11] produces'1 self (Seq.empty : Seq.seq t_Item'0) self - axiom produces_refl'0_spec : forall self : t_I'0 . ([%#siter11] inv'4 self) - -> ([%#siter12] produces'1 self (Seq.empty : Seq.seq t_Item'0) self) + use prelude.prelude.Int use seq.Seq @@ -23996,14 +22308,12 @@ module M_creusot_contracts__stdqy35z1__iter__map__qyi6597778842032428791__produc use seq.Seq - predicate produces'0 [@inline:trivial] [#"../../../creusot-contracts/src/std/iter/map.rs" 60 4 60 67] (self : t_Map'0) (visited : Seq.seq t_B'0) (succ : t_Map'0) + predicate produces'0 [@inline:trivial] [#"../../../creusot-contracts/src/std/iter/map.rs" 61 4 61 67] (self : t_Map'0) (visited : Seq.seq t_B'0) (succ : t_Map'0) = [%#smap1] unnest'0 (func'0 self) (func'0 succ) - /\ (exists fs : Seq.seq (borrowed t_F'0) . inv'1 fs - /\ Seq.length fs = Seq.length visited - /\ (exists s : Seq.seq t_Item'0 [produces'1 (iter'0 self) s (iter'0 succ)] . inv'2 s - /\ Seq.length s = Seq.length visited + /\ (exists fs : Seq.seq (borrowed t_F'0) . Seq.length fs = Seq.length visited + /\ (exists s : Seq.seq t_Item'0 [produces'1 (iter'0 self) s (iter'0 succ)] . Seq.length s = Seq.length visited /\ produces'1 (iter'0 self) s (iter'0 succ) /\ (forall i : int . 1 <= i /\ i < Seq.length fs -> (Seq.get fs (i - 1)).final = (Seq.get fs i).current) /\ (if Seq.length visited = 0 then @@ -24019,39 +22329,24 @@ module M_creusot_contracts__stdqy35z1__iter__map__qyi6597778842032428791__produc use seq.Seq goal refines : [%#smap0] forall a : t_Map'0 . forall ab : Seq.seq t_B'0 . forall b : t_Map'0 . forall bc : Seq.seq t_B'0 . forall c : t_Map'0 . produces'0 b bc c - /\ produces'0 a ab b /\ inv'0 c /\ inv'0 b /\ inv'0 a - -> produces'0 b bc c /\ produces'0 a ab b - /\ inv'0 c - /\ inv'0 b /\ inv'0 a /\ (forall result : () . produces'0 a (Seq.(++) ab bc) c -> produces'0 a (Seq.(++) ab bc) c) + -> produces'0 b bc c + /\ produces'0 a ab b /\ (forall result : () . produces'0 a (Seq.(++) ab bc) c -> produces'0 a (Seq.(++) ab bc) c) end -module M_creusot_contracts__stdqy35z1__iter__map_inv__qyi9026772487048432788__produces_refl__refines [#"../../../creusot-contracts/src/std/iter/map_inv.rs" 25 4 25 26] (* ::Item, F> as std::iter::Iterator> *) - let%span smap_inv0 = "../../../creusot-contracts/src/std/iter/map_inv.rs" 25 4 25 26 - let%span smap_inv1 = "../../../creusot-contracts/src/std/iter/map_inv.rs" 41 8 54 9 - let%span smap_inv2 = "../../../creusot-contracts/src/std/iter/map_inv.rs" 80 12 82 73 - let%span sops3 = "../../../creusot-contracts/src/std/ops.rs" 109 15 109 59 - let%span sops4 = "../../../creusot-contracts/src/std/ops.rs" 110 14 110 36 - let%span sops5 = "../../../creusot-contracts/src/std/ops.rs" 115 14 115 31 - let%span sops6 = "../../../creusot-contracts/src/std/ops.rs" 120 15 120 29 - let%span sops7 = "../../../creusot-contracts/src/std/ops.rs" 121 15 121 26 - let%span sops8 = "../../../creusot-contracts/src/std/ops.rs" 122 14 122 28 - let%span sops9 = "../../../creusot-contracts/src/std/ops.rs" 127 14 128 105 - let%span siter10 = "../../../creusot-contracts/src/std/iter.rs" 38 15 38 24 - let%span siter11 = "../../../creusot-contracts/src/std/iter.rs" 39 14 39 45 - let%span siter12 = "../../../creusot-contracts/src/std/iter.rs" 43 15 43 21 - let%span siter13 = "../../../creusot-contracts/src/std/iter.rs" 44 15 44 21 - let%span siter14 = "../../../creusot-contracts/src/std/iter.rs" 45 15 45 21 - let%span siter15 = "../../../creusot-contracts/src/std/iter.rs" 46 15 46 32 - let%span siter16 = "../../../creusot-contracts/src/std/iter.rs" 47 15 47 32 - let%span siter17 = "../../../creusot-contracts/src/std/iter.rs" 48 14 48 42 - let%span smap_inv18 = "../../../creusot-contracts/src/std/iter/map_inv.rs" 159 12 163 47 - let%span smap_inv19 = "../../../creusot-contracts/src/std/iter/map_inv.rs" 130 14 130 81 - let%span smap_inv20 = "../../../creusot-contracts/src/std/iter/map_inv.rs" 133 12 138 88 - let%span smap_inv21 = "../../../creusot-contracts/src/std/iter/map_inv.rs" 123 12 125 63 - let%span sseq22 = "../../../creusot-contracts/src/logic/seq.rs" 611 20 611 95 - let%span smap_inv23 = "../../../creusot-contracts/src/std/iter/map_inv.rs" 146 12 151 71 - let%span sinvariant24 = "../../../creusot-contracts/src/invariant.rs" 34 20 34 44 - let%span sboxed25 = "../../../creusot-contracts/src/std/boxed.rs" 28 8 28 18 +module M_creusot_contracts__stdqy35z1__iter__map_inv__qyi9026772487048432788__produces_refl__refines [#"../../../creusot-contracts/src/std/iter/map_inv.rs" 24 4 24 26] (* ::Item, F> as std::iter::Iterator> *) + let%span smap_inv0 = "../../../creusot-contracts/src/std/iter/map_inv.rs" 24 4 24 26 + let%span smap_inv1 = "../../../creusot-contracts/src/std/iter/map_inv.rs" 37 8 49 9 + let%span sops2 = "../../../creusot-contracts/src/std/ops.rs" 109 15 109 59 + let%span sops3 = "../../../creusot-contracts/src/std/ops.rs" 110 14 110 36 + let%span sops4 = "../../../creusot-contracts/src/std/ops.rs" 115 14 115 31 + let%span sops5 = "../../../creusot-contracts/src/std/ops.rs" 120 15 120 29 + let%span sops6 = "../../../creusot-contracts/src/std/ops.rs" 121 15 121 26 + let%span sops7 = "../../../creusot-contracts/src/std/ops.rs" 122 14 122 28 + let%span sops8 = "../../../creusot-contracts/src/std/ops.rs" 127 14 128 105 + let%span siter9 = "../../../creusot-contracts/src/std/iter.rs" 38 14 38 45 + let%span siter10 = "../../../creusot-contracts/src/std/iter.rs" 42 15 42 32 + let%span siter11 = "../../../creusot-contracts/src/std/iter.rs" 43 15 43 32 + let%span siter12 = "../../../creusot-contracts/src/std/iter.rs" 44 14 44 42 type t_I'0 @@ -24066,91 +22361,17 @@ module M_creusot_contracts__stdqy35z1__iter__map_inv__qyi9026772487048432788__pr type t_MapInv'0 = { t_MapInv__iter'0: t_I'0; t_MapInv__func'0: t_F'0; t_MapInv__produced'0: Snapshot.snap_ty (Seq.seq t_Item'0) } - use prelude.prelude.Borrow - - predicate inv'3 [#"../../../creusot-contracts/src/invariant.rs" 41 0 41 35] (_1 : t_I'0) - - predicate invariant'3 [#"../../../creusot-contracts/src/invariant.rs" 33 4 33 30] (self : borrowed t_I'0) = - [%#sinvariant24] inv'3 self.current /\ inv'3 self.final - - predicate inv'5 [#"../../../creusot-contracts/src/invariant.rs" 41 0 41 35] (_1 : borrowed t_I'0) - - axiom inv_axiom'3 [@rewrite] : forall x : borrowed t_I'0 [inv'5 x] . inv'5 x = invariant'3 x - - predicate inv'4 [#"../../../creusot-contracts/src/invariant.rs" 41 0 41 35] (_1 : t_F'0) - - use seq.Seq - - use seq.Seq - - predicate produces'1 [#"../../../creusot-contracts/src/std/iter.rs" 32 4 32 65] (self : t_I'0) (visited : Seq.seq t_Item'0) (o : t_I'0) - - - function produces_trans'0 [#"../../../creusot-contracts/src/std/iter.rs" 49 4 49 91] (a : t_I'0) (ab : Seq.seq t_Item'0) (b : t_I'0) (bc : Seq.seq t_Item'0) (c : t_I'0) : () - - - axiom produces_trans'0_spec : forall a : t_I'0, ab : Seq.seq t_Item'0, b : t_I'0, bc : Seq.seq t_Item'0, c : t_I'0 . ([%#siter12] inv'3 a) - -> ([%#siter13] inv'3 b) - -> ([%#siter14] inv'3 c) - -> ([%#siter15] produces'1 a ab b) - -> ([%#siter16] produces'1 b bc c) -> ([%#siter17] produces'1 a (Seq.(++) ab bc) c) - - function produces_refl'1 [#"../../../creusot-contracts/src/std/iter.rs" 40 4 40 27] (self : t_I'0) : () - - axiom produces_refl'1_spec : forall self : t_I'0 . ([%#siter10] inv'3 self) - -> ([%#siter11] produces'1 self (Seq.empty : Seq.seq t_Item'0) self) - - predicate completed'0 [#"../../../creusot-contracts/src/std/iter.rs" 35 4 35 36] (self : borrowed t_I'0) - - predicate inv'6 [#"../../../creusot-contracts/src/invariant.rs" 41 0 41 35] (_1 : t_Item'0) - use seq.Seq - use prelude.prelude.Snapshot - - predicate precondition'0 [#"../../../creusot-contracts/src/std/ops.rs" 77 4 77 45] (self : t_F'0) (args : (t_Item'0, Snapshot.snap_ty (Seq.seq t_Item'0))) - - - predicate next_precondition'0 [#"../../../creusot-contracts/src/std/iter/map_inv.rs" 121 4 121 78] (iter : t_I'0) (func : t_F'0) (produced : Seq.seq t_Item'0) - - = - [%#smap_inv21] forall e : t_Item'0, i : t_I'0 . inv'6 e /\ inv'3 i /\ produces'1 iter (Seq.singleton e) i - -> precondition'0 func (e, Snapshot.new produced) - type t_B'0 - use prelude.prelude.Int - - use seq.Seq - use seq.Seq - predicate invariant'6 [#"../../../creusot-contracts/src/std/boxed.rs" 27 4 27 30] (self : t_Item'0) = - [%#sboxed25] inv'6 self - - predicate inv'10 [#"../../../creusot-contracts/src/invariant.rs" 41 0 41 35] (_1 : t_Item'0) - - axiom inv_axiom'6 [@rewrite] : forall x : t_Item'0 [inv'10 x] . inv'10 x = invariant'6 x - - predicate invariant'2 [#"../../../creusot-contracts/src/logic/seq.rs" 610 4 610 30] (self : Seq.seq t_Item'0) = - [%#sseq22] forall i : int . 0 <= i /\ i < Seq.length self -> inv'10 (Seq.get self i) - - predicate inv'2 [#"../../../creusot-contracts/src/invariant.rs" 41 0 41 35] (_1 : Seq.seq t_Item'0) - - axiom inv_axiom'2 [@rewrite] : forall x : Seq.seq t_Item'0 [inv'2 x] . inv'2 x = invariant'2 x - - predicate invariant'4 [#"../../../creusot-contracts/src/invariant.rs" 33 4 33 30] (self : borrowed t_F'0) = - [%#sinvariant24] inv'4 self.current /\ inv'4 self.final - - predicate inv'7 [#"../../../creusot-contracts/src/invariant.rs" 41 0 41 35] (_1 : borrowed t_F'0) - - axiom inv_axiom'4 [@rewrite] : forall x : borrowed t_F'0 [inv'7 x] . inv'7 x = invariant'4 x - - predicate inv'8 [#"../../../creusot-contracts/src/invariant.rs" 41 0 41 35] (_1 : t_B'0) - predicate postcondition_once'0 [#"../../../creusot-contracts/src/std/ops.rs" 85 4 85 73] (self : t_F'0) (args : (t_Item'0, Snapshot.snap_ty (Seq.seq t_Item'0))) (result : t_B'0) + use prelude.prelude.Borrow + predicate resolve'0 [#"../../../creusot-contracts/src/resolve.rs" 19 0 19 40] (_1 : t_F'0) predicate postcondition_mut'0 [#"../../../creusot-contracts/src/std/ops.rs" 95 4 95 92] (self : t_F'0) (args : (t_Item'0, Snapshot.snap_ty (Seq.seq t_Item'0))) (result_state : t_F'0) (result : t_B'0) @@ -24159,7 +22380,7 @@ module M_creusot_contracts__stdqy35z1__iter__map_inv__qyi9026772487048432788__pr function fn_mut_once'0 [#"../../../creusot-contracts/src/std/ops.rs" 129 4 129 55] (self : t_F'0) (args : (t_Item'0, Snapshot.snap_ty (Seq.seq t_Item'0))) (res : t_B'0) : () - axiom fn_mut_once'0_spec : forall self : t_F'0, args : (t_Item'0, Snapshot.snap_ty (Seq.seq t_Item'0)), res : t_B'0 . [%#sops9] postcondition_once'0 self args res + axiom fn_mut_once'0_spec : forall self : t_F'0, args : (t_Item'0, Snapshot.snap_ty (Seq.seq t_Item'0)), res : t_B'0 . [%#sops8] postcondition_once'0 self args res = (exists res_state : t_F'0 . postcondition_mut'0 self args res_state res /\ resolve'0 res_state) predicate unnest'0 [#"../../../creusot-contracts/src/std/ops.rs" 103 4 103 36] (self : t_F'0) (_2 : t_F'0) @@ -24167,64 +22388,21 @@ module M_creusot_contracts__stdqy35z1__iter__map_inv__qyi9026772487048432788__pr function unnest_trans'0 [#"../../../creusot-contracts/src/std/ops.rs" 123 4 123 43] (self : t_F'0) (b : t_F'0) (c : t_F'0) : () - axiom unnest_trans'0_spec : forall self : t_F'0, b : t_F'0, c : t_F'0 . ([%#sops6] unnest'0 self b) - -> ([%#sops7] unnest'0 b c) -> ([%#sops8] unnest'0 self c) + axiom unnest_trans'0_spec : forall self : t_F'0, b : t_F'0, c : t_F'0 . ([%#sops5] unnest'0 self b) + -> ([%#sops6] unnest'0 b c) -> ([%#sops7] unnest'0 self c) function unnest_refl'0 [#"../../../creusot-contracts/src/std/ops.rs" 116 4 116 24] (self : t_F'0) : () - axiom unnest_refl'0_spec : forall self : t_F'0 . [%#sops5] unnest'0 self self + axiom unnest_refl'0_spec : forall self : t_F'0 . [%#sops4] unnest'0 self self function postcondition_mut_unnest'0 [#"../../../creusot-contracts/src/std/ops.rs" 111 4 111 85] (self : t_F'0) (args : (t_Item'0, Snapshot.snap_ty (Seq.seq t_Item'0))) (res_state : t_F'0) (res : t_B'0) : () - axiom postcondition_mut_unnest'0_spec : forall self : t_F'0, args : (t_Item'0, Snapshot.snap_ty (Seq.seq t_Item'0)), res_state : t_F'0, res : t_B'0 . ([%#sops3] postcondition_mut'0 self args res_state res) - -> ([%#sops4] unnest'0 self res_state) + axiom postcondition_mut_unnest'0_spec : forall self : t_F'0, args : (t_Item'0, Snapshot.snap_ty (Seq.seq t_Item'0)), res_state : t_F'0, res : t_B'0 . ([%#sops2] postcondition_mut'0 self args res_state res) + -> ([%#sops3] unnest'0 self res_state) use seq.Seq - predicate preservation'0 [#"../../../creusot-contracts/src/std/iter/map_inv.rs" 144 4 144 49] (iter : t_I'0) (func : t_F'0) - - = - [%#smap_inv23] forall s : Seq.seq t_Item'0, e1 : t_Item'0, e2 : t_Item'0, f : borrowed t_F'0, b : t_B'0, i : t_I'0 . inv'2 s - /\ inv'6 e1 /\ inv'6 e2 /\ inv'7 f /\ inv'8 b /\ inv'3 i /\ unnest'0 func f.current - -> produces'1 iter (Seq.snoc (Seq.snoc s e1) e2) i - -> precondition'0 f.current (e1, Snapshot.new s) - -> postcondition_mut'0 f.current (e1, Snapshot.new s) f.final b - -> precondition'0 f.final (e2, Snapshot.new (Seq.snoc s e1)) - - predicate reinitialize'0 [#"../../../creusot-contracts/src/std/iter/map_inv.rs" 157 4 157 33] (_1 : ()) = - [%#smap_inv18] forall iter : borrowed t_I'0, func : t_F'0 . inv'5 iter /\ inv'4 func - -> completed'0 iter - -> next_precondition'0 iter.final func (Seq.empty : Seq.seq t_Item'0) /\ preservation'0 iter.final func - - use prelude.prelude.Snapshot - - predicate preservation_inv'0 [#"../../../creusot-contracts/src/std/iter/map_inv.rs" 131 4 131 73] (iter : t_I'0) (func : t_F'0) (produced : Seq.seq t_Item'0) - - = - [%#smap_inv20] forall s : Seq.seq t_Item'0, e1 : t_Item'0, e2 : t_Item'0, f : borrowed t_F'0, b : t_B'0, i : t_I'0 . inv'2 s - /\ inv'6 e1 /\ inv'6 e2 /\ inv'7 f /\ inv'8 b /\ inv'3 i /\ unnest'0 func f.current - -> produces'1 iter (Seq.snoc (Seq.snoc s e1) e2) i - -> precondition'0 f.current (e1, Snapshot.new (Seq.(++) produced s)) - -> postcondition_mut'0 f.current (e1, Snapshot.new (Seq.(++) produced s)) f.final b - -> precondition'0 f.final (e2, Snapshot.new (Seq.snoc (Seq.(++) produced s) e1)) - - axiom preservation_inv'0_spec : forall iter : t_I'0, func : t_F'0, produced : Seq.seq t_Item'0 . [%#smap_inv19] produced - = (Seq.empty : Seq.seq t_Item'0) -> preservation_inv'0 iter func produced = preservation'0 iter func - - predicate invariant'0 [#"../../../creusot-contracts/src/std/iter/map_inv.rs" 78 4 78 30] (self : t_MapInv'0) = - [%#smap_inv2] reinitialize'0 () - /\ preservation_inv'0 self.t_MapInv__iter'0 self.t_MapInv__func'0 (Snapshot.inner self.t_MapInv__produced'0) - /\ next_precondition'0 self.t_MapInv__iter'0 self.t_MapInv__func'0 (Snapshot.inner self.t_MapInv__produced'0) - - predicate inv'0 [#"../../../creusot-contracts/src/invariant.rs" 41 0 41 35] (_1 : t_MapInv'0) - - axiom inv_axiom'0 [@rewrite] : forall x : t_MapInv'0 [inv'0 x] . inv'0 x - = (invariant'0 x - /\ match x with - | {t_MapInv__iter'0 = iter ; t_MapInv__func'0 = func ; t_MapInv__produced'0 = produced} -> inv'3 iter /\ inv'4 func - end) - use seq.Seq use seq.Seq @@ -24235,41 +22413,44 @@ module M_creusot_contracts__stdqy35z1__iter__map_inv__qyi9026772487048432788__pr use seq.Seq - predicate invariant'5 [#"../../../creusot-contracts/src/std/boxed.rs" 27 4 27 30] (self : borrowed t_F'0) = - [%#sboxed25] inv'7 self - - predicate inv'9 [#"../../../creusot-contracts/src/invariant.rs" 41 0 41 35] (_1 : borrowed t_F'0) + predicate produces'1 [#"../../../creusot-contracts/src/std/iter.rs" 32 4 32 65] (self : t_I'0) (visited : Seq.seq t_Item'0) (o : t_I'0) + - axiom inv_axiom'5 [@rewrite] : forall x : borrowed t_F'0 [inv'9 x] . inv'9 x = invariant'5 x + function produces_trans'0 [#"../../../creusot-contracts/src/std/iter.rs" 45 4 45 91] (a : t_I'0) (ab : Seq.seq t_Item'0) (b : t_I'0) (bc : Seq.seq t_Item'0) (c : t_I'0) : () + - predicate invariant'1 [#"../../../creusot-contracts/src/logic/seq.rs" 610 4 610 30] (self : Seq.seq (borrowed t_F'0)) - = - [%#sseq22] forall i : int . 0 <= i /\ i < Seq.length self -> inv'9 (Seq.get self i) + axiom produces_trans'0_spec : forall a : t_I'0, ab : Seq.seq t_Item'0, b : t_I'0, bc : Seq.seq t_Item'0, c : t_I'0 . ([%#siter10] produces'1 a ab b) + -> ([%#siter11] produces'1 b bc c) -> ([%#siter12] produces'1 a (Seq.(++) ab bc) c) - predicate inv'1 [#"../../../creusot-contracts/src/invariant.rs" 41 0 41 35] (_1 : Seq.seq (borrowed t_F'0)) + function produces_refl'1 [#"../../../creusot-contracts/src/std/iter.rs" 39 4 39 27] (self : t_I'0) : () - axiom inv_axiom'1 [@rewrite] : forall x : Seq.seq (borrowed t_F'0) [inv'1 x] . inv'1 x = invariant'1 x + axiom produces_refl'1_spec : forall self : t_I'0 . [%#siter9] produces'1 self (Seq.empty : Seq.seq t_Item'0) self - use seq.Seq + use prelude.prelude.Snapshot use prelude.prelude.Snapshot + use prelude.prelude.Int + use seq.Seq use seq.Seq use seq.Seq + use prelude.prelude.Snapshot + + predicate precondition'0 [#"../../../creusot-contracts/src/std/ops.rs" 77 4 77 45] (self : t_F'0) (args : (t_Item'0, Snapshot.snap_ty (Seq.seq t_Item'0))) + + use seq.Seq - predicate produces'0 [@inline:trivial] [#"../../../creusot-contracts/src/std/iter/map_inv.rs" 40 4 40 67] (self : t_MapInv'0) (visited : Seq.seq t_B'0) (succ : t_MapInv'0) + predicate produces'0 [@inline:trivial] [#"../../../creusot-contracts/src/std/iter/map_inv.rs" 36 4 36 67] (self : t_MapInv'0) (visited : Seq.seq t_B'0) (succ : t_MapInv'0) = [%#smap_inv1] unnest'0 self.t_MapInv__func'0 succ.t_MapInv__func'0 - /\ (exists fs : Seq.seq (borrowed t_F'0) . inv'1 fs - /\ Seq.length fs = Seq.length visited - /\ (exists s : Seq.seq t_Item'0 . inv'2 s - /\ Seq.length s = Seq.length visited + /\ (exists fs : Seq.seq (borrowed t_F'0) . Seq.length fs = Seq.length visited + /\ (exists s : Seq.seq t_Item'0 . Seq.length s = Seq.length visited /\ produces'1 self.t_MapInv__iter'0 s succ.t_MapInv__iter'0 /\ Snapshot.inner succ.t_MapInv__produced'0 = Seq.(++) (Snapshot.inner self.t_MapInv__produced'0) s /\ (forall i : int . 1 <= i /\ i < Seq.length fs -> (Seq.get fs (i - 1)).final = (Seq.get fs i).current) @@ -24284,14 +22465,12 @@ module M_creusot_contracts__stdqy35z1__iter__map_inv__qyi9026772487048432788__pr /\ precondition'0 (Seq.get fs i).current (Seq.get s i, Snapshot.new (Seq.(++) (Snapshot.inner self.t_MapInv__produced'0) (Seq.([..]) s 0 i))) /\ postcondition_mut'0 (Seq.get fs i).current (Seq.get s i, Snapshot.new (Seq.(++) (Snapshot.inner self.t_MapInv__produced'0) (Seq.([..]) s 0 i))) (Seq.get fs i).final (Seq.get visited i)))) - goal refines : [%#smap_inv0] forall self : t_MapInv'0 . inv'0 self - -> inv'0 self - /\ (forall result : () . produces'0 self (Seq.empty : Seq.seq t_B'0) self - -> produces'0 self (Seq.empty : Seq.seq t_B'0) self) + goal refines : [%#smap_inv0] forall self : t_MapInv'0 . forall result : () . produces'0 self (Seq.empty : Seq.seq t_B'0) self + -> produces'0 self (Seq.empty : Seq.seq t_B'0) self end -module M_creusot_contracts__stdqy35z1__iter__map_inv__qyi9026772487048432788__produces_trans__refines [#"../../../creusot-contracts/src/std/iter/map_inv.rs" 35 4 35 90] (* ::Item, F> as std::iter::Iterator> *) - let%span smap_inv0 = "../../../creusot-contracts/src/std/iter/map_inv.rs" 35 4 35 90 - let%span smap_inv1 = "../../../creusot-contracts/src/std/iter/map_inv.rs" 41 8 54 9 +module M_creusot_contracts__stdqy35z1__iter__map_inv__qyi9026772487048432788__produces_trans__refines [#"../../../creusot-contracts/src/std/iter/map_inv.rs" 31 4 31 90] (* ::Item, F> as std::iter::Iterator> *) + let%span smap_inv0 = "../../../creusot-contracts/src/std/iter/map_inv.rs" 31 4 31 90 + let%span smap_inv1 = "../../../creusot-contracts/src/std/iter/map_inv.rs" 37 8 49 9 let%span sops2 = "../../../creusot-contracts/src/std/ops.rs" 109 15 109 59 let%span sops3 = "../../../creusot-contracts/src/std/ops.rs" 110 14 110 36 let%span sops4 = "../../../creusot-contracts/src/std/ops.rs" 115 14 115 31 @@ -24299,23 +22478,10 @@ module M_creusot_contracts__stdqy35z1__iter__map_inv__qyi9026772487048432788__pr let%span sops6 = "../../../creusot-contracts/src/std/ops.rs" 121 15 121 26 let%span sops7 = "../../../creusot-contracts/src/std/ops.rs" 122 14 122 28 let%span sops8 = "../../../creusot-contracts/src/std/ops.rs" 127 14 128 105 - let%span siter9 = "../../../creusot-contracts/src/std/iter.rs" 38 15 38 24 - let%span siter10 = "../../../creusot-contracts/src/std/iter.rs" 39 14 39 45 - let%span siter11 = "../../../creusot-contracts/src/std/iter.rs" 43 15 43 21 - let%span siter12 = "../../../creusot-contracts/src/std/iter.rs" 44 15 44 21 - let%span siter13 = "../../../creusot-contracts/src/std/iter.rs" 45 15 45 21 - let%span siter14 = "../../../creusot-contracts/src/std/iter.rs" 46 15 46 32 - let%span siter15 = "../../../creusot-contracts/src/std/iter.rs" 47 15 47 32 - let%span siter16 = "../../../creusot-contracts/src/std/iter.rs" 48 14 48 42 - let%span smap_inv17 = "../../../creusot-contracts/src/std/iter/map_inv.rs" 80 12 82 73 - let%span sseq18 = "../../../creusot-contracts/src/logic/seq.rs" 611 20 611 95 - let%span smap_inv19 = "../../../creusot-contracts/src/std/iter/map_inv.rs" 159 12 163 47 - let%span smap_inv20 = "../../../creusot-contracts/src/std/iter/map_inv.rs" 130 14 130 81 - let%span smap_inv21 = "../../../creusot-contracts/src/std/iter/map_inv.rs" 133 12 138 88 - let%span smap_inv22 = "../../../creusot-contracts/src/std/iter/map_inv.rs" 123 12 125 63 - let%span smap_inv23 = "../../../creusot-contracts/src/std/iter/map_inv.rs" 146 12 151 71 - let%span sboxed24 = "../../../creusot-contracts/src/std/boxed.rs" 28 8 28 18 - let%span sinvariant25 = "../../../creusot-contracts/src/invariant.rs" 34 20 34 44 + let%span siter9 = "../../../creusot-contracts/src/std/iter.rs" 38 14 38 45 + let%span siter10 = "../../../creusot-contracts/src/std/iter.rs" 42 15 42 32 + let%span siter11 = "../../../creusot-contracts/src/std/iter.rs" 43 15 43 32 + let%span siter12 = "../../../creusot-contracts/src/std/iter.rs" 44 14 44 42 type t_I'0 @@ -24360,69 +22526,21 @@ module M_creusot_contracts__stdqy35z1__iter__map_inv__qyi9026772487048432788__pr function unnest_refl'0 [#"../../../creusot-contracts/src/std/ops.rs" 116 4 116 24] (self : t_F'0) : () - axiom unnest_refl'0_spec : forall self : t_F'0 . [%#sops4] unnest'0 self self - - function postcondition_mut_unnest'0 [#"../../../creusot-contracts/src/std/ops.rs" 111 4 111 85] (self : t_F'0) (args : (t_Item'0, Snapshot.snap_ty (Seq.seq t_Item'0))) (res_state : t_F'0) (res : t_B'0) : () - - - axiom postcondition_mut_unnest'0_spec : forall self : t_F'0, args : (t_Item'0, Snapshot.snap_ty (Seq.seq t_Item'0)), res_state : t_F'0, res : t_B'0 . ([%#sops2] postcondition_mut'0 self args res_state res) - -> ([%#sops3] unnest'0 self res_state) - - use seq.Seq - - use prelude.prelude.Int - - use seq.Seq - - use seq.Seq - - predicate inv'4 [#"../../../creusot-contracts/src/invariant.rs" 41 0 41 35] (_1 : t_F'0) - - predicate invariant'6 [#"../../../creusot-contracts/src/invariant.rs" 33 4 33 30] (self : borrowed t_F'0) = - [%#sinvariant25] inv'4 self.current /\ inv'4 self.final - - predicate inv'9 [#"../../../creusot-contracts/src/invariant.rs" 41 0 41 35] (_1 : borrowed t_F'0) - - axiom inv_axiom'6 [@rewrite] : forall x : borrowed t_F'0 [inv'9 x] . inv'9 x = invariant'6 x - - predicate invariant'3 [#"../../../creusot-contracts/src/std/boxed.rs" 27 4 27 30] (self : borrowed t_F'0) = - [%#sboxed24] inv'9 self - - predicate inv'5 [#"../../../creusot-contracts/src/invariant.rs" 41 0 41 35] (_1 : borrowed t_F'0) - - axiom inv_axiom'3 [@rewrite] : forall x : borrowed t_F'0 [inv'5 x] . inv'5 x = invariant'3 x - - predicate invariant'1 [#"../../../creusot-contracts/src/logic/seq.rs" 610 4 610 30] (self : Seq.seq (borrowed t_F'0)) - = - [%#sseq18] forall i : int . 0 <= i /\ i < Seq.length self -> inv'5 (Seq.get self i) - - predicate inv'1 [#"../../../creusot-contracts/src/invariant.rs" 41 0 41 35] (_1 : Seq.seq (borrowed t_F'0)) - - axiom inv_axiom'1 [@rewrite] : forall x : Seq.seq (borrowed t_F'0) [inv'1 x] . inv'1 x = invariant'1 x - - use seq.Seq - - use seq.Seq - - use seq.Seq - - predicate inv'8 [#"../../../creusot-contracts/src/invariant.rs" 41 0 41 35] (_1 : t_Item'0) - - predicate invariant'4 [#"../../../creusot-contracts/src/std/boxed.rs" 27 4 27 30] (self : t_Item'0) = - [%#sboxed24] inv'8 self + axiom unnest_refl'0_spec : forall self : t_F'0 . [%#sops4] unnest'0 self self - predicate inv'6 [#"../../../creusot-contracts/src/invariant.rs" 41 0 41 35] (_1 : t_Item'0) + function postcondition_mut_unnest'0 [#"../../../creusot-contracts/src/std/ops.rs" 111 4 111 85] (self : t_F'0) (args : (t_Item'0, Snapshot.snap_ty (Seq.seq t_Item'0))) (res_state : t_F'0) (res : t_B'0) : () + - axiom inv_axiom'4 [@rewrite] : forall x : t_Item'0 [inv'6 x] . inv'6 x = invariant'4 x + axiom postcondition_mut_unnest'0_spec : forall self : t_F'0, args : (t_Item'0, Snapshot.snap_ty (Seq.seq t_Item'0)), res_state : t_F'0, res : t_B'0 . ([%#sops2] postcondition_mut'0 self args res_state res) + -> ([%#sops3] unnest'0 self res_state) - predicate invariant'2 [#"../../../creusot-contracts/src/logic/seq.rs" 610 4 610 30] (self : Seq.seq t_Item'0) = - [%#sseq18] forall i : int . 0 <= i /\ i < Seq.length self -> inv'6 (Seq.get self i) + use seq.Seq - predicate inv'2 [#"../../../creusot-contracts/src/invariant.rs" 41 0 41 35] (_1 : Seq.seq t_Item'0) + use seq.Seq - axiom inv_axiom'2 [@rewrite] : forall x : Seq.seq t_Item'0 [inv'2 x] . inv'2 x = invariant'2 x + use seq.Seq - predicate inv'3 [#"../../../creusot-contracts/src/invariant.rs" 41 0 41 35] (_1 : t_I'0) + use seq.Seq use seq.Seq @@ -24431,24 +22549,22 @@ module M_creusot_contracts__stdqy35z1__iter__map_inv__qyi9026772487048432788__pr predicate produces'1 [#"../../../creusot-contracts/src/std/iter.rs" 32 4 32 65] (self : t_I'0) (visited : Seq.seq t_Item'0) (o : t_I'0) - function produces_trans'1 [#"../../../creusot-contracts/src/std/iter.rs" 49 4 49 91] (a : t_I'0) (ab : Seq.seq t_Item'0) (b : t_I'0) (bc : Seq.seq t_Item'0) (c : t_I'0) : () + function produces_trans'1 [#"../../../creusot-contracts/src/std/iter.rs" 45 4 45 91] (a : t_I'0) (ab : Seq.seq t_Item'0) (b : t_I'0) (bc : Seq.seq t_Item'0) (c : t_I'0) : () - axiom produces_trans'1_spec : forall a : t_I'0, ab : Seq.seq t_Item'0, b : t_I'0, bc : Seq.seq t_Item'0, c : t_I'0 . ([%#siter11] inv'3 a) - -> ([%#siter12] inv'3 b) - -> ([%#siter13] inv'3 c) - -> ([%#siter14] produces'1 a ab b) - -> ([%#siter15] produces'1 b bc c) -> ([%#siter16] produces'1 a (Seq.(++) ab bc) c) + axiom produces_trans'1_spec : forall a : t_I'0, ab : Seq.seq t_Item'0, b : t_I'0, bc : Seq.seq t_Item'0, c : t_I'0 . ([%#siter10] produces'1 a ab b) + -> ([%#siter11] produces'1 b bc c) -> ([%#siter12] produces'1 a (Seq.(++) ab bc) c) - function produces_refl'0 [#"../../../creusot-contracts/src/std/iter.rs" 40 4 40 27] (self : t_I'0) : () + function produces_refl'0 [#"../../../creusot-contracts/src/std/iter.rs" 39 4 39 27] (self : t_I'0) : () - axiom produces_refl'0_spec : forall self : t_I'0 . ([%#siter9] inv'3 self) - -> ([%#siter10] produces'1 self (Seq.empty : Seq.seq t_Item'0) self) + axiom produces_refl'0_spec : forall self : t_I'0 . [%#siter9] produces'1 self (Seq.empty : Seq.seq t_Item'0) self use prelude.prelude.Snapshot use prelude.prelude.Snapshot + use prelude.prelude.Int + use seq.Seq use seq.Seq @@ -24462,14 +22578,12 @@ module M_creusot_contracts__stdqy35z1__iter__map_inv__qyi9026772487048432788__pr use seq.Seq - predicate produces'0 [@inline:trivial] [#"../../../creusot-contracts/src/std/iter/map_inv.rs" 40 4 40 67] (self : t_MapInv'0) (visited : Seq.seq t_B'0) (succ : t_MapInv'0) + predicate produces'0 [@inline:trivial] [#"../../../creusot-contracts/src/std/iter/map_inv.rs" 36 4 36 67] (self : t_MapInv'0) (visited : Seq.seq t_B'0) (succ : t_MapInv'0) = [%#smap_inv1] unnest'0 self.t_MapInv__func'0 succ.t_MapInv__func'0 - /\ (exists fs : Seq.seq (borrowed t_F'0) . inv'1 fs - /\ Seq.length fs = Seq.length visited - /\ (exists s : Seq.seq t_Item'0 . inv'2 s - /\ Seq.length s = Seq.length visited + /\ (exists fs : Seq.seq (borrowed t_F'0) . Seq.length fs = Seq.length visited + /\ (exists s : Seq.seq t_Item'0 . Seq.length s = Seq.length visited /\ produces'1 self.t_MapInv__iter'0 s succ.t_MapInv__iter'0 /\ Snapshot.inner succ.t_MapInv__produced'0 = Seq.(++) (Snapshot.inner self.t_MapInv__produced'0) s /\ (forall i : int . 1 <= i /\ i < Seq.length fs -> (Seq.get fs (i - 1)).final = (Seq.get fs i).current) @@ -24484,80 +22598,16 @@ module M_creusot_contracts__stdqy35z1__iter__map_inv__qyi9026772487048432788__pr /\ precondition'0 (Seq.get fs i).current (Seq.get s i, Snapshot.new (Seq.(++) (Snapshot.inner self.t_MapInv__produced'0) (Seq.([..]) s 0 i))) /\ postcondition_mut'0 (Seq.get fs i).current (Seq.get s i, Snapshot.new (Seq.(++) (Snapshot.inner self.t_MapInv__produced'0) (Seq.([..]) s 0 i))) (Seq.get fs i).final (Seq.get visited i)))) - predicate invariant'5 [#"../../../creusot-contracts/src/invariant.rs" 33 4 33 30] (self : borrowed t_I'0) = - [%#sinvariant25] inv'3 self.current /\ inv'3 self.final - - predicate inv'7 [#"../../../creusot-contracts/src/invariant.rs" 41 0 41 35] (_1 : borrowed t_I'0) - - axiom inv_axiom'5 [@rewrite] : forall x : borrowed t_I'0 [inv'7 x] . inv'7 x = invariant'5 x - - predicate completed'0 [#"../../../creusot-contracts/src/std/iter.rs" 35 4 35 36] (self : borrowed t_I'0) - - use seq.Seq - - predicate next_precondition'0 [#"../../../creusot-contracts/src/std/iter/map_inv.rs" 121 4 121 78] (iter : t_I'0) (func : t_F'0) (produced : Seq.seq t_Item'0) - - = - [%#smap_inv22] forall e : t_Item'0, i : t_I'0 . inv'8 e /\ inv'3 i /\ produces'1 iter (Seq.singleton e) i - -> precondition'0 func (e, Snapshot.new produced) - - predicate inv'10 [#"../../../creusot-contracts/src/invariant.rs" 41 0 41 35] (_1 : t_B'0) - - use seq.Seq - - predicate preservation'0 [#"../../../creusot-contracts/src/std/iter/map_inv.rs" 144 4 144 49] (iter : t_I'0) (func : t_F'0) - - = - [%#smap_inv23] forall s : Seq.seq t_Item'0, e1 : t_Item'0, e2 : t_Item'0, f : borrowed t_F'0, b : t_B'0, i : t_I'0 . inv'2 s - /\ inv'8 e1 /\ inv'8 e2 /\ inv'9 f /\ inv'10 b /\ inv'3 i /\ unnest'0 func f.current - -> produces'1 iter (Seq.snoc (Seq.snoc s e1) e2) i - -> precondition'0 f.current (e1, Snapshot.new s) - -> postcondition_mut'0 f.current (e1, Snapshot.new s) f.final b - -> precondition'0 f.final (e2, Snapshot.new (Seq.snoc s e1)) - - predicate reinitialize'0 [#"../../../creusot-contracts/src/std/iter/map_inv.rs" 157 4 157 33] (_1 : ()) = - [%#smap_inv19] forall iter : borrowed t_I'0, func : t_F'0 . inv'7 iter /\ inv'4 func - -> completed'0 iter - -> next_precondition'0 iter.final func (Seq.empty : Seq.seq t_Item'0) /\ preservation'0 iter.final func - - predicate preservation_inv'0 [#"../../../creusot-contracts/src/std/iter/map_inv.rs" 131 4 131 73] (iter : t_I'0) (func : t_F'0) (produced : Seq.seq t_Item'0) - - = - [%#smap_inv21] forall s : Seq.seq t_Item'0, e1 : t_Item'0, e2 : t_Item'0, f : borrowed t_F'0, b : t_B'0, i : t_I'0 . inv'2 s - /\ inv'8 e1 /\ inv'8 e2 /\ inv'9 f /\ inv'10 b /\ inv'3 i /\ unnest'0 func f.current - -> produces'1 iter (Seq.snoc (Seq.snoc s e1) e2) i - -> precondition'0 f.current (e1, Snapshot.new (Seq.(++) produced s)) - -> postcondition_mut'0 f.current (e1, Snapshot.new (Seq.(++) produced s)) f.final b - -> precondition'0 f.final (e2, Snapshot.new (Seq.snoc (Seq.(++) produced s) e1)) - - axiom preservation_inv'0_spec : forall iter : t_I'0, func : t_F'0, produced : Seq.seq t_Item'0 . [%#smap_inv20] produced - = (Seq.empty : Seq.seq t_Item'0) -> preservation_inv'0 iter func produced = preservation'0 iter func - - predicate invariant'0 [#"../../../creusot-contracts/src/std/iter/map_inv.rs" 78 4 78 30] (self : t_MapInv'0) = - [%#smap_inv17] reinitialize'0 () - /\ preservation_inv'0 self.t_MapInv__iter'0 self.t_MapInv__func'0 (Snapshot.inner self.t_MapInv__produced'0) - /\ next_precondition'0 self.t_MapInv__iter'0 self.t_MapInv__func'0 (Snapshot.inner self.t_MapInv__produced'0) - - predicate inv'0 [#"../../../creusot-contracts/src/invariant.rs" 41 0 41 35] (_1 : t_MapInv'0) - - axiom inv_axiom'0 [@rewrite] : forall x : t_MapInv'0 [inv'0 x] . inv'0 x - = (invariant'0 x - /\ match x with - | {t_MapInv__iter'0 = iter ; t_MapInv__func'0 = func ; t_MapInv__produced'0 = produced} -> inv'3 iter /\ inv'4 func - end) - use seq.Seq goal refines : [%#smap_inv0] forall a : t_MapInv'0 . forall ab : Seq.seq t_B'0 . forall b : t_MapInv'0 . forall bc : Seq.seq t_B'0 . forall c : t_MapInv'0 . produces'0 b bc c - /\ produces'0 a ab b /\ inv'0 c /\ inv'0 b /\ inv'0 a - -> produces'0 b bc c /\ produces'0 a ab b - /\ inv'0 c - /\ inv'0 b /\ inv'0 a /\ (forall result : () . produces'0 a (Seq.(++) ab bc) c -> produces'0 a (Seq.(++) ab bc) c) + -> produces'0 b bc c + /\ produces'0 a ab b /\ (forall result : () . produces'0 a (Seq.(++) ab bc) c -> produces'0 a (Seq.(++) ab bc) c) end -module M_creusot_contracts__stdqy35z1__iter__once__qyi8116812009287608646__produces_trans__refines [#"../../../creusot-contracts/src/std/iter/once.rs" 43 4 43 90] (* as std::iter::Iterator> *) - let%span sonce0 = "../../../creusot-contracts/src/std/iter/once.rs" 43 4 43 90 - let%span sonce1 = "../../../creusot-contracts/src/std/iter/once.rs" 24 12 25 106 +module M_creusot_contracts__stdqy35z1__iter__once__qyi8116812009287608646__produces_trans__refines [#"../../../creusot-contracts/src/std/iter/once.rs" 39 4 39 90] (* as std::iter::Iterator> *) + let%span sonce0 = "../../../creusot-contracts/src/std/iter/once.rs" 39 4 39 90 + let%span sonce1 = "../../../creusot-contracts/src/std/iter/once.rs" 24 12 25 96 type t_T'0 @@ -24578,8 +22628,6 @@ module M_creusot_contracts__stdqy35z1__iter__once__qyi8116812009287608646__produ use seq.Seq - predicate inv'1 [#"../../../creusot-contracts/src/invariant.rs" 41 0 41 35] (_1 : t_T'0) - function view'0 [#"../../../creusot-contracts/src/std/iter/once.rs" 8 4 8 30] (self : t_Once'0) : t_Option'0 use seq.Seq @@ -24588,49 +22636,18 @@ module M_creusot_contracts__stdqy35z1__iter__once__qyi8116812009287608646__produ = [%#sonce1] visited = (Seq.empty : Seq.seq t_T'0) /\ self = o - \/ (exists e : t_T'0 . inv'1 e /\ view'0 self = C_Some'0 e /\ visited = Seq.singleton e /\ view'0 o = C_None'0) - - predicate inv'4 [#"../../../creusot-contracts/src/invariant.rs" 41 0 41 35] (_1 : t_Option'0) - - axiom inv_axiom'3 [@rewrite] : forall x : t_Option'0 [inv'4 x] . inv'4 x - = match x with - | C_None'0 -> true - | C_Some'0 a_0 -> inv'1 a_0 - end - - predicate inv'3 [#"../../../creusot-contracts/src/invariant.rs" 41 0 41 35] (_1 : t_Item'0) - - axiom inv_axiom'2 [@rewrite] : forall x : t_Item'0 [inv'3 x] . inv'3 x - = match x with - | {t_Item__opt'0 = opt} -> inv'4 opt - end - - predicate inv'2 [#"../../../creusot-contracts/src/invariant.rs" 41 0 41 35] (_1 : t_IntoIter'0) - - axiom inv_axiom'1 [@rewrite] : forall x : t_IntoIter'0 [inv'2 x] . inv'2 x - = match x with - | {t_IntoIter__inner'0 = inner} -> inv'3 inner - end - - predicate inv'0 [#"../../../creusot-contracts/src/invariant.rs" 41 0 41 35] (_1 : t_Once'0) - - axiom inv_axiom'0 [@rewrite] : forall x : t_Once'0 [inv'0 x] . inv'0 x - = match x with - | {t_Once__inner'0 = inner} -> inv'2 inner - end + \/ (exists e : t_T'0 . view'0 self = C_Some'0 e /\ visited = Seq.singleton e /\ view'0 o = C_None'0) use seq.Seq goal refines : [%#sonce0] forall a : t_Once'0 . forall ab : Seq.seq t_T'0 . forall b : t_Once'0 . forall bc : Seq.seq t_T'0 . forall c : t_Once'0 . produces'0 b bc c - /\ produces'0 a ab b /\ inv'0 c /\ inv'0 b /\ inv'0 a - -> produces'0 b bc c /\ produces'0 a ab b - /\ inv'0 c - /\ inv'0 b /\ inv'0 a /\ (forall result : () . produces'0 a (Seq.(++) ab bc) c -> produces'0 a (Seq.(++) ab bc) c) + -> produces'0 b bc c + /\ produces'0 a ab b /\ (forall result : () . produces'0 a (Seq.(++) ab bc) c -> produces'0 a (Seq.(++) ab bc) c) end -module M_creusot_contracts__stdqy35z1__iter__once__qyi8116812009287608646__produces_refl__refines [#"../../../creusot-contracts/src/std/iter/once.rs" 33 4 33 26] (* as std::iter::Iterator> *) - let%span sonce0 = "../../../creusot-contracts/src/std/iter/once.rs" 33 4 33 26 - let%span sonce1 = "../../../creusot-contracts/src/std/iter/once.rs" 24 12 25 106 +module M_creusot_contracts__stdqy35z1__iter__once__qyi8116812009287608646__produces_refl__refines [#"../../../creusot-contracts/src/std/iter/once.rs" 32 4 32 26] (* as std::iter::Iterator> *) + let%span sonce0 = "../../../creusot-contracts/src/std/iter/once.rs" 32 4 32 26 + let%span sonce1 = "../../../creusot-contracts/src/std/iter/once.rs" 24 12 25 96 type t_T'0 @@ -24647,37 +22664,6 @@ module M_creusot_contracts__stdqy35z1__iter__once__qyi8116812009287608646__produ type t_Once'0 = { t_Once__inner'0: t_IntoIter'0 } - predicate inv'1 [#"../../../creusot-contracts/src/invariant.rs" 41 0 41 35] (_1 : t_T'0) - - predicate inv'4 [#"../../../creusot-contracts/src/invariant.rs" 41 0 41 35] (_1 : t_Option'0) - - axiom inv_axiom'3 [@rewrite] : forall x : t_Option'0 [inv'4 x] . inv'4 x - = match x with - | C_None'0 -> true - | C_Some'0 a_0 -> inv'1 a_0 - end - - predicate inv'3 [#"../../../creusot-contracts/src/invariant.rs" 41 0 41 35] (_1 : t_Item'0) - - axiom inv_axiom'2 [@rewrite] : forall x : t_Item'0 [inv'3 x] . inv'3 x - = match x with - | {t_Item__opt'0 = opt} -> inv'4 opt - end - - predicate inv'2 [#"../../../creusot-contracts/src/invariant.rs" 41 0 41 35] (_1 : t_IntoIter'0) - - axiom inv_axiom'1 [@rewrite] : forall x : t_IntoIter'0 [inv'2 x] . inv'2 x - = match x with - | {t_IntoIter__inner'0 = inner} -> inv'3 inner - end - - predicate inv'0 [#"../../../creusot-contracts/src/invariant.rs" 41 0 41 35] (_1 : t_Once'0) - - axiom inv_axiom'0 [@rewrite] : forall x : t_Once'0 [inv'0 x] . inv'0 x - = match x with - | {t_Once__inner'0 = inner} -> inv'2 inner - end - use seq.Seq use seq.Seq @@ -24690,31 +22676,20 @@ module M_creusot_contracts__stdqy35z1__iter__once__qyi8116812009287608646__produ = [%#sonce1] visited = (Seq.empty : Seq.seq t_T'0) /\ self = o - \/ (exists e : t_T'0 . inv'1 e /\ view'0 self = C_Some'0 e /\ visited = Seq.singleton e /\ view'0 o = C_None'0) + \/ (exists e : t_T'0 . view'0 self = C_Some'0 e /\ visited = Seq.singleton e /\ view'0 o = C_None'0) - goal refines : [%#sonce0] forall self : t_Once'0 . inv'0 self - -> inv'0 self - /\ (forall result : () . produces'0 self (Seq.empty : Seq.seq t_T'0) self - -> produces'0 self (Seq.empty : Seq.seq t_T'0) self) + goal refines : [%#sonce0] forall self : t_Once'0 . forall result : () . produces'0 self (Seq.empty : Seq.seq t_T'0) self + -> produces'0 self (Seq.empty : Seq.seq t_T'0) self end -module M_creusot_contracts__stdqy35z1__iter__range__qyi16860283617022118777__produces_refl__refines [#"../../../creusot-contracts/src/std/iter/range.rs" 35 4 35 26] (* as std::iter::Iterator> *) - let%span srange0 = "../../../creusot-contracts/src/std/iter/range.rs" 35 4 35 26 - let%span srange1 = "../../../creusot-contracts/src/std/iter/range.rs" 23 12 27 70 +module M_creusot_contracts__stdqy35z1__iter__range__qyi16860283617022118777__produces_refl__refines [#"../../../creusot-contracts/src/std/iter/range.rs" 33 4 33 26] (* as std::iter::Iterator> *) + let%span srange0 = "../../../creusot-contracts/src/std/iter/range.rs" 33 4 33 26 + let%span srange1 = "../../../creusot-contracts/src/std/iter/range.rs" 22 12 26 70 type t_Idx'0 type t_Range'0 = { t_Range__start'0: t_Idx'0; t_Range__end'0: t_Idx'0 } - predicate inv'1 [#"../../../creusot-contracts/src/invariant.rs" 41 0 41 35] (_1 : t_Idx'0) - - predicate inv'0 [#"../../../creusot-contracts/src/invariant.rs" 41 0 41 35] (_1 : t_Range'0) - - axiom inv_axiom'0 [@rewrite] : forall x : t_Range'0 [inv'0 x] . inv'0 x - = match x with - | {t_Range__start'0 = start ; t_Range__end'0 = end'} -> inv'1 start /\ inv'1 end' - end - use seq.Seq use seq.Seq @@ -24727,7 +22702,7 @@ module M_creusot_contracts__stdqy35z1__iter__range__qyi16860283617022118777__pro use seq.Seq - predicate produces'0 [#"../../../creusot-contracts/src/std/iter/range.rs" 21 4 21 64] (self : t_Range'0) (visited : Seq.seq t_Idx'0) (o : t_Range'0) + predicate produces'0 [#"../../../creusot-contracts/src/std/iter/range.rs" 20 4 20 64] (self : t_Range'0) (visited : Seq.seq t_Idx'0) (o : t_Range'0) = [%#srange1] self.t_Range__end'0 = o.t_Range__end'0 @@ -24737,14 +22712,12 @@ module M_creusot_contracts__stdqy35z1__iter__range__qyi16860283617022118777__pro /\ (forall i : int . 0 <= i /\ i < Seq.length visited -> deep_model'0 (Seq.get visited i) = deep_model'0 self.t_Range__start'0 + i) - goal refines : [%#srange0] forall self : t_Range'0 . inv'0 self - -> inv'0 self - /\ (forall result : () . produces'0 self (Seq.empty : Seq.seq t_Idx'0) self - -> produces'0 self (Seq.empty : Seq.seq t_Idx'0) self) + goal refines : [%#srange0] forall self : t_Range'0 . forall result : () . produces'0 self (Seq.empty : Seq.seq t_Idx'0) self + -> produces'0 self (Seq.empty : Seq.seq t_Idx'0) self end -module M_creusot_contracts__stdqy35z1__iter__range__qyi16860283617022118777__produces_trans__refines [#"../../../creusot-contracts/src/std/iter/range.rs" 45 4 45 90] (* as std::iter::Iterator> *) - let%span srange0 = "../../../creusot-contracts/src/std/iter/range.rs" 45 4 45 90 - let%span srange1 = "../../../creusot-contracts/src/std/iter/range.rs" 23 12 27 70 +module M_creusot_contracts__stdqy35z1__iter__range__qyi16860283617022118777__produces_trans__refines [#"../../../creusot-contracts/src/std/iter/range.rs" 40 4 40 90] (* as std::iter::Iterator> *) + let%span srange0 = "../../../creusot-contracts/src/std/iter/range.rs" 40 4 40 90 + let%span srange1 = "../../../creusot-contracts/src/std/iter/range.rs" 22 12 26 70 type t_Idx'0 @@ -24761,7 +22734,7 @@ module M_creusot_contracts__stdqy35z1__iter__range__qyi16860283617022118777__pro use seq.Seq - predicate produces'0 [#"../../../creusot-contracts/src/std/iter/range.rs" 21 4 21 64] (self : t_Range'0) (visited : Seq.seq t_Idx'0) (o : t_Range'0) + predicate produces'0 [#"../../../creusot-contracts/src/std/iter/range.rs" 20 4 20 64] (self : t_Range'0) (visited : Seq.seq t_Idx'0) (o : t_Range'0) = [%#srange1] self.t_Range__end'0 = o.t_Range__end'0 @@ -24771,29 +22744,18 @@ module M_creusot_contracts__stdqy35z1__iter__range__qyi16860283617022118777__pro /\ (forall i : int . 0 <= i /\ i < Seq.length visited -> deep_model'0 (Seq.get visited i) = deep_model'0 self.t_Range__start'0 + i) - predicate inv'1 [#"../../../creusot-contracts/src/invariant.rs" 41 0 41 35] (_1 : t_Idx'0) - - predicate inv'0 [#"../../../creusot-contracts/src/invariant.rs" 41 0 41 35] (_1 : t_Range'0) - - axiom inv_axiom'0 [@rewrite] : forall x : t_Range'0 [inv'0 x] . inv'0 x - = match x with - | {t_Range__start'0 = start ; t_Range__end'0 = end'} -> inv'1 start /\ inv'1 end' - end - use seq.Seq goal refines : [%#srange0] forall a : t_Range'0 . forall ab : Seq.seq t_Idx'0 . forall b : t_Range'0 . forall bc : Seq.seq t_Idx'0 . forall c : t_Range'0 . produces'0 b bc c - /\ produces'0 a ab b /\ inv'0 c /\ inv'0 b /\ inv'0 a - -> produces'0 b bc c /\ produces'0 a ab b - /\ inv'0 c - /\ inv'0 b /\ inv'0 a /\ (forall result : () . produces'0 a (Seq.(++) ab bc) c -> produces'0 a (Seq.(++) ab bc) c) -end -module M_creusot_contracts__stdqy35z1__iter__range__qyi11108913944999844411__produces_trans__refines [#"../../../creusot-contracts/src/std/iter/range.rs" 89 4 89 90] (* as std::iter::Iterator> *) - let%span srange0 = "../../../creusot-contracts/src/std/iter/range.rs" 89 4 89 90 - let%span srange1 = "../../../creusot-contracts/src/std/iter/range.rs" 71 12 75 76 - let%span srange2 = "../../../creusot-contracts/src/std/iter/range.rs" 50 10 50 43 - let%span srange3 = "../../../creusot-contracts/src/std/iter/range.rs" 52 4 55 5 + -> produces'0 b bc c + /\ produces'0 a ab b /\ (forall result : () . produces'0 a (Seq.(++) ab bc) c -> produces'0 a (Seq.(++) ab bc) c) +end +module M_creusot_contracts__stdqy35z1__iter__range__qyi11108913944999844411__produces_trans__refines [#"../../../creusot-contracts/src/std/iter/range.rs" 84 4 84 90] (* as std::iter::Iterator> *) + let%span srange0 = "../../../creusot-contracts/src/std/iter/range.rs" 84 4 84 90 + let%span srange1 = "../../../creusot-contracts/src/std/iter/range.rs" 66 12 70 76 + let%span srange2 = "../../../creusot-contracts/src/std/iter/range.rs" 45 10 45 43 + let%span srange3 = "../../../creusot-contracts/src/std/iter/range.rs" 47 4 50 5 let%span sops4 = "../../../creusot-contracts/src/std/ops.rs" 205 14 205 86 type t_Idx'0 @@ -24818,7 +22780,7 @@ module M_creusot_contracts__stdqy35z1__iter__range__qyi11108913944999844411__pro axiom is_empty_log'0_spec : forall self : t_RangeInclusive'0 . [%#sops4] not is_empty_log'0 self -> deep_model'0 (start_log'0 self) <= deep_model'0 (end_log'0 self) - function range_inclusive_len'0 [#"../../../creusot-contracts/src/std/iter/range.rs" 51 0 51 92] (r : t_RangeInclusive'0) : int + function range_inclusive_len'0 [#"../../../creusot-contracts/src/std/iter/range.rs" 46 0 46 92] (r : t_RangeInclusive'0) : int = [%#srange3] if is_empty_log'0 r then 0 else deep_model'0 (end_log'0 r) - deep_model'0 (start_log'0 r) + 1 @@ -24828,7 +22790,7 @@ module M_creusot_contracts__stdqy35z1__iter__range__qyi11108913944999844411__pro use seq.Seq - predicate produces'0 [#"../../../creusot-contracts/src/std/iter/range.rs" 69 4 69 64] (self : t_RangeInclusive'0) (visited : Seq.seq t_Idx'0) (o : t_RangeInclusive'0) + predicate produces'0 [#"../../../creusot-contracts/src/std/iter/range.rs" 64 4 64 64] (self : t_RangeInclusive'0) (visited : Seq.seq t_Idx'0) (o : t_RangeInclusive'0) = [%#srange1] Seq.length visited = range_inclusive_len'0 self - range_inclusive_len'0 o @@ -24837,28 +22799,18 @@ module M_creusot_contracts__stdqy35z1__iter__range__qyi11108913944999844411__pro /\ (forall i : int . 0 <= i /\ i < Seq.length visited -> deep_model'0 (Seq.get visited i) = deep_model'0 (start_log'0 self) + i) - predicate inv'1 [#"../../../creusot-contracts/src/invariant.rs" 41 0 41 35] (_1 : t_Idx'0) - - predicate inv'0 [#"../../../creusot-contracts/src/invariant.rs" 41 0 41 35] (_1 : t_RangeInclusive'0) - - axiom inv_axiom'0 [@rewrite] : forall x : t_RangeInclusive'0 [inv'0 x] . inv'0 x - = match x with - | {t_RangeInclusive__start'0 = start ; t_RangeInclusive__end'0 = end' ; t_RangeInclusive__exhausted'0 = exhausted} -> inv'1 start - /\ inv'1 end' - end - use seq.Seq goal refines : [%#srange0] forall a : t_RangeInclusive'0 . forall ab : Seq.seq t_Idx'0 . forall b : t_RangeInclusive'0 . forall bc : Seq.seq t_Idx'0 . forall c : t_RangeInclusive'0 . produces'0 b bc c - /\ produces'0 a ab b /\ inv'0 c /\ inv'0 b /\ inv'0 a + /\ produces'0 a ab b -> produces'0 b bc c /\ produces'0 a ab b /\ (forall result : () . produces'0 a (Seq.(++) ab bc) c -> produces'0 a (Seq.(++) ab bc) c) end -module M_creusot_contracts__stdqy35z1__iter__range__qyi11108913944999844411__produces_refl__refines [#"../../../creusot-contracts/src/std/iter/range.rs" 82 4 82 26] (* as std::iter::Iterator> *) - let%span srange0 = "../../../creusot-contracts/src/std/iter/range.rs" 82 4 82 26 - let%span srange1 = "../../../creusot-contracts/src/std/iter/range.rs" 71 12 75 76 - let%span srange2 = "../../../creusot-contracts/src/std/iter/range.rs" 50 10 50 43 - let%span srange3 = "../../../creusot-contracts/src/std/iter/range.rs" 52 4 55 5 +module M_creusot_contracts__stdqy35z1__iter__range__qyi11108913944999844411__produces_refl__refines [#"../../../creusot-contracts/src/std/iter/range.rs" 77 4 77 26] (* as std::iter::Iterator> *) + let%span srange0 = "../../../creusot-contracts/src/std/iter/range.rs" 77 4 77 26 + let%span srange1 = "../../../creusot-contracts/src/std/iter/range.rs" 66 12 70 76 + let%span srange2 = "../../../creusot-contracts/src/std/iter/range.rs" 45 10 45 43 + let%span srange3 = "../../../creusot-contracts/src/std/iter/range.rs" 47 4 50 5 let%span sops4 = "../../../creusot-contracts/src/std/ops.rs" 205 14 205 86 type t_Idx'0 @@ -24866,16 +22818,6 @@ module M_creusot_contracts__stdqy35z1__iter__range__qyi11108913944999844411__pro type t_RangeInclusive'0 = { t_RangeInclusive__start'0: t_Idx'0; t_RangeInclusive__end'0: t_Idx'0; t_RangeInclusive__exhausted'0: bool } - predicate inv'1 [#"../../../creusot-contracts/src/invariant.rs" 41 0 41 35] (_1 : t_Idx'0) - - predicate inv'0 [#"../../../creusot-contracts/src/invariant.rs" 41 0 41 35] (_1 : t_RangeInclusive'0) - - axiom inv_axiom'0 [@rewrite] : forall x : t_RangeInclusive'0 [inv'0 x] . inv'0 x - = match x with - | {t_RangeInclusive__start'0 = start ; t_RangeInclusive__end'0 = end' ; t_RangeInclusive__exhausted'0 = exhausted} -> inv'1 start - /\ inv'1 end' - end - use seq.Seq use seq.Seq @@ -24895,7 +22837,7 @@ module M_creusot_contracts__stdqy35z1__iter__range__qyi11108913944999844411__pro axiom is_empty_log'0_spec : forall self : t_RangeInclusive'0 . [%#sops4] not is_empty_log'0 self -> deep_model'0 (start_log'0 self) <= deep_model'0 (end_log'0 self) - function range_inclusive_len'0 [#"../../../creusot-contracts/src/std/iter/range.rs" 51 0 51 92] (r : t_RangeInclusive'0) : int + function range_inclusive_len'0 [#"../../../creusot-contracts/src/std/iter/range.rs" 46 0 46 92] (r : t_RangeInclusive'0) : int = [%#srange3] if is_empty_log'0 r then 0 else deep_model'0 (end_log'0 r) - deep_model'0 (start_log'0 r) + 1 @@ -24905,7 +22847,7 @@ module M_creusot_contracts__stdqy35z1__iter__range__qyi11108913944999844411__pro use seq.Seq - predicate produces'0 [#"../../../creusot-contracts/src/std/iter/range.rs" 69 4 69 64] (self : t_RangeInclusive'0) (visited : Seq.seq t_Idx'0) (o : t_RangeInclusive'0) + predicate produces'0 [#"../../../creusot-contracts/src/std/iter/range.rs" 64 4 64 64] (self : t_RangeInclusive'0) (visited : Seq.seq t_Idx'0) (o : t_RangeInclusive'0) = [%#srange1] Seq.length visited = range_inclusive_len'0 self - range_inclusive_len'0 o @@ -24914,12 +22856,11 @@ module M_creusot_contracts__stdqy35z1__iter__range__qyi11108913944999844411__pro /\ (forall i : int . 0 <= i /\ i < Seq.length visited -> deep_model'0 (Seq.get visited i) = deep_model'0 (start_log'0 self) + i) - goal refines : [%#srange0] forall self : t_RangeInclusive'0 . inv'0 self - -> (forall result : () . produces'0 self (Seq.empty : Seq.seq t_Idx'0) self - -> produces'0 self (Seq.empty : Seq.seq t_Idx'0) self) + goal refines : [%#srange0] forall self : t_RangeInclusive'0 . forall result : () . produces'0 self (Seq.empty : Seq.seq t_Idx'0) self + -> produces'0 self (Seq.empty : Seq.seq t_Idx'0) self end -module M_creusot_contracts__stdqy35z1__iter__repeat__qyi8658929399712466629__produces_refl__refines [#"../../../creusot-contracts/src/std/iter/repeat.rs" 33 4 33 26] (* as std::iter::Iterator> *) - let%span srepeat0 = "../../../creusot-contracts/src/std/iter/repeat.rs" 33 4 33 26 +module M_creusot_contracts__stdqy35z1__iter__repeat__qyi8658929399712466629__produces_refl__refines [#"../../../creusot-contracts/src/std/iter/repeat.rs" 32 4 32 26] (* as std::iter::Iterator> *) + let%span srepeat0 = "../../../creusot-contracts/src/std/iter/repeat.rs" 32 4 32 26 let%span srepeat1 = "../../../creusot-contracts/src/std/iter/repeat.rs" 24 12 25 78 type t_T'0 @@ -24927,15 +22868,6 @@ module M_creusot_contracts__stdqy35z1__iter__repeat__qyi8658929399712466629__pro type t_Repeat'0 = { t_Repeat__element'0: t_T'0 } - predicate inv'1 [#"../../../creusot-contracts/src/invariant.rs" 41 0 41 35] (_1 : t_T'0) - - predicate inv'0 [#"../../../creusot-contracts/src/invariant.rs" 41 0 41 35] (_1 : t_Repeat'0) - - axiom inv_axiom'0 [@rewrite] : forall x : t_Repeat'0 [inv'0 x] . inv'0 x - = match x with - | {t_Repeat__element'0 = element} -> inv'1 element - end - use seq.Seq use seq.Seq @@ -24953,13 +22885,11 @@ module M_creusot_contracts__stdqy35z1__iter__repeat__qyi8658929399712466629__pro = [%#srepeat1] self = o /\ (forall i : int . 0 <= i /\ i < Seq.length visited -> Seq.get visited i = view'0 self) - goal refines : [%#srepeat0] forall self : t_Repeat'0 . inv'0 self - -> inv'0 self - /\ (forall result : () . produces'0 self (Seq.empty : Seq.seq t_T'0) self - -> produces'0 self (Seq.empty : Seq.seq t_T'0) self) + goal refines : [%#srepeat0] forall self : t_Repeat'0 . forall result : () . produces'0 self (Seq.empty : Seq.seq t_T'0) self + -> produces'0 self (Seq.empty : Seq.seq t_T'0) self end -module M_creusot_contracts__stdqy35z1__iter__repeat__qyi8658929399712466629__produces_trans__refines [#"../../../creusot-contracts/src/std/iter/repeat.rs" 43 4 43 90] (* as std::iter::Iterator> *) - let%span srepeat0 = "../../../creusot-contracts/src/std/iter/repeat.rs" 43 4 43 90 +module M_creusot_contracts__stdqy35z1__iter__repeat__qyi8658929399712466629__produces_trans__refines [#"../../../creusot-contracts/src/std/iter/repeat.rs" 39 4 39 90] (* as std::iter::Iterator> *) + let%span srepeat0 = "../../../creusot-contracts/src/std/iter/repeat.rs" 39 4 39 90 let%span srepeat1 = "../../../creusot-contracts/src/std/iter/repeat.rs" 24 12 25 78 type t_T'0 @@ -24982,39 +22912,22 @@ module M_creusot_contracts__stdqy35z1__iter__repeat__qyi8658929399712466629__pro = [%#srepeat1] self = o /\ (forall i : int . 0 <= i /\ i < Seq.length visited -> Seq.get visited i = view'0 self) - predicate inv'1 [#"../../../creusot-contracts/src/invariant.rs" 41 0 41 35] (_1 : t_T'0) - - predicate inv'0 [#"../../../creusot-contracts/src/invariant.rs" 41 0 41 35] (_1 : t_Repeat'0) - - axiom inv_axiom'0 [@rewrite] : forall x : t_Repeat'0 [inv'0 x] . inv'0 x - = match x with - | {t_Repeat__element'0 = element} -> inv'1 element - end - use seq.Seq goal refines : [%#srepeat0] forall a : t_Repeat'0 . forall ab : Seq.seq t_T'0 . forall b : t_Repeat'0 . forall bc : Seq.seq t_T'0 . forall c : t_Repeat'0 . produces'0 b bc c - /\ produces'0 a ab b /\ inv'0 c /\ inv'0 b /\ inv'0 a - -> produces'0 b bc c /\ produces'0 a ab b - /\ inv'0 c - /\ inv'0 b /\ inv'0 a /\ (forall result : () . produces'0 a (Seq.(++) ab bc) c -> produces'0 a (Seq.(++) ab bc) c) + -> produces'0 b bc c + /\ produces'0 a ab b /\ (forall result : () . produces'0 a (Seq.(++) ab bc) c -> produces'0 a (Seq.(++) ab bc) c) end -module M_creusot_contracts__stdqy35z1__iter__skip__qyi3195031491774060502__produces_trans__refines [#"../../../creusot-contracts/src/std/iter/skip.rs" 85 4 85 90] (* as std::iter::Iterator> *) - let%span sskip0 = "../../../creusot-contracts/src/std/iter/skip.rs" 85 4 85 90 +module M_creusot_contracts__stdqy35z1__iter__skip__qyi3195031491774060502__produces_trans__refines [#"../../../creusot-contracts/src/std/iter/skip.rs" 81 4 81 90] (* as std::iter::Iterator> *) + let%span sskip0 = "../../../creusot-contracts/src/std/iter/skip.rs" 81 4 81 90 let%span sskip1 = "../../../creusot-contracts/src/std/iter/skip.rs" 62 12 67 74 let%span sskip2 = "../../../creusot-contracts/src/std/iter/skip.rs" 21 14 21 50 let%span sskip3 = "../../../creusot-contracts/src/std/iter/skip.rs" 14 14 14 39 - let%span siter4 = "../../../creusot-contracts/src/std/iter.rs" 38 15 38 24 - let%span siter5 = "../../../creusot-contracts/src/std/iter.rs" 39 14 39 45 - let%span siter6 = "../../../creusot-contracts/src/std/iter.rs" 43 15 43 21 - let%span siter7 = "../../../creusot-contracts/src/std/iter.rs" 44 15 44 21 - let%span siter8 = "../../../creusot-contracts/src/std/iter.rs" 45 15 45 21 - let%span siter9 = "../../../creusot-contracts/src/std/iter.rs" 46 15 46 32 - let%span siter10 = "../../../creusot-contracts/src/std/iter.rs" 47 15 47 32 - let%span siter11 = "../../../creusot-contracts/src/std/iter.rs" 48 14 48 42 - let%span sseq12 = "../../../creusot-contracts/src/logic/seq.rs" 611 20 611 95 - let%span sboxed13 = "../../../creusot-contracts/src/std/boxed.rs" 28 8 28 18 + let%span siter4 = "../../../creusot-contracts/src/std/iter.rs" 38 14 38 45 + let%span siter5 = "../../../creusot-contracts/src/std/iter.rs" 42 15 42 32 + let%span siter6 = "../../../creusot-contracts/src/std/iter.rs" 43 15 43 32 + let%span siter7 = "../../../creusot-contracts/src/std/iter.rs" 44 14 44 42 type t_I'0 @@ -25041,55 +22954,33 @@ module M_creusot_contracts__stdqy35z1__iter__skip__qyi3195031491774060502__produ use seq.Seq - use seq.Seq - - predicate inv'4 [#"../../../creusot-contracts/src/invariant.rs" 41 0 41 35] (_1 : t_Item'0) - - predicate invariant'1 [#"../../../creusot-contracts/src/std/boxed.rs" 27 4 27 30] (self : t_Item'0) = - [%#sboxed13] inv'4 self - - predicate inv'3 [#"../../../creusot-contracts/src/invariant.rs" 41 0 41 35] (_1 : t_Item'0) - - axiom inv_axiom'2 [@rewrite] : forall x : t_Item'0 [inv'3 x] . inv'3 x = invariant'1 x - - predicate invariant'0 [#"../../../creusot-contracts/src/logic/seq.rs" 610 4 610 30] (self : Seq.seq t_Item'0) = - [%#sseq12] forall i : int . 0 <= i /\ i < Seq.length self -> inv'3 (Seq.get self i) - - predicate inv'1 [#"../../../creusot-contracts/src/invariant.rs" 41 0 41 35] (_1 : Seq.seq t_Item'0) - - axiom inv_axiom'1 [@rewrite] : forall x : Seq.seq t_Item'0 [inv'1 x] . inv'1 x = invariant'0 x - - predicate inv'2 [#"../../../creusot-contracts/src/invariant.rs" 41 0 41 35] (_1 : t_I'0) + predicate inv'1 [#"../../../creusot-contracts/src/invariant.rs" 41 0 41 35] (_1 : t_I'0) predicate inv'0 [#"../../../creusot-contracts/src/invariant.rs" 41 0 41 35] (_1 : t_Skip'0) axiom inv_axiom'0 [@rewrite] : forall x : t_Skip'0 [inv'0 x] . inv'0 x = match x with - | {t_Skip__iter'0 = iter ; t_Skip__n'0 = n} -> inv'2 iter + | {t_Skip__iter'0 = iter ; t_Skip__n'0 = n} -> inv'1 iter end function iter'0 [#"../../../creusot-contracts/src/std/iter/skip.rs" 15 4 15 22] (self : t_Skip'0) : t_I'0 - axiom iter'0_spec : forall self : t_Skip'0 . [%#sskip3] inv'0 self -> inv'2 (iter'0 self) + axiom iter'0_spec : forall self : t_Skip'0 . [%#sskip3] inv'0 self -> inv'1 (iter'0 self) use seq.Seq predicate produces'1 [#"../../../creusot-contracts/src/std/iter.rs" 32 4 32 65] (self : t_I'0) (visited : Seq.seq t_Item'0) (o : t_I'0) - function produces_trans'1 [#"../../../creusot-contracts/src/std/iter.rs" 49 4 49 91] (a : t_I'0) (ab : Seq.seq t_Item'0) (b : t_I'0) (bc : Seq.seq t_Item'0) (c : t_I'0) : () + function produces_trans'1 [#"../../../creusot-contracts/src/std/iter.rs" 45 4 45 91] (a : t_I'0) (ab : Seq.seq t_Item'0) (b : t_I'0) (bc : Seq.seq t_Item'0) (c : t_I'0) : () - axiom produces_trans'1_spec : forall a : t_I'0, ab : Seq.seq t_Item'0, b : t_I'0, bc : Seq.seq t_Item'0, c : t_I'0 . ([%#siter6] inv'2 a) - -> ([%#siter7] inv'2 b) - -> ([%#siter8] inv'2 c) - -> ([%#siter9] produces'1 a ab b) - -> ([%#siter10] produces'1 b bc c) -> ([%#siter11] produces'1 a (Seq.(++) ab bc) c) + axiom produces_trans'1_spec : forall a : t_I'0, ab : Seq.seq t_Item'0, b : t_I'0, bc : Seq.seq t_Item'0, c : t_I'0 . ([%#siter5] produces'1 a ab b) + -> ([%#siter6] produces'1 b bc c) -> ([%#siter7] produces'1 a (Seq.(++) ab bc) c) - function produces_refl'0 [#"../../../creusot-contracts/src/std/iter.rs" 40 4 40 27] (self : t_I'0) : () + function produces_refl'0 [#"../../../creusot-contracts/src/std/iter.rs" 39 4 39 27] (self : t_I'0) : () - axiom produces_refl'0_spec : forall self : t_I'0 . ([%#siter4] inv'2 self) - -> ([%#siter5] produces'1 self (Seq.empty : Seq.seq t_Item'0) self) + axiom produces_refl'0_spec : forall self : t_I'0 . [%#siter4] produces'1 self (Seq.empty : Seq.seq t_Item'0) self use seq.Seq @@ -25103,33 +22994,24 @@ module M_creusot_contracts__stdqy35z1__iter__skip__qyi3195031491774060502__produ [%#sskip1] visited = (Seq.empty : Seq.seq t_Item'0) /\ self = o \/ n'0 o = 0 /\ Seq.length visited > 0 - /\ (exists s : Seq.seq t_Item'0 . inv'1 s - /\ Seq.length s = n'0 self + /\ (exists s : Seq.seq t_Item'0 . Seq.length s = n'0 self /\ produces'1 (iter'0 self) (Seq.(++) s visited) (iter'0 o) /\ (forall i : int . 0 <= i /\ i < Seq.length s -> resolve'0 (Seq.get s i))) goal refines : [%#sskip0] forall a : t_Skip'0 . forall ab : Seq.seq t_Item'0 . forall b : t_Skip'0 . forall bc : Seq.seq t_Item'0 . forall c : t_Skip'0 . produces'0 b bc c - /\ produces'0 a ab b /\ inv'0 c /\ inv'0 b /\ inv'0 a - -> produces'0 b bc c /\ produces'0 a ab b - /\ inv'0 c - /\ inv'0 b /\ inv'0 a /\ (forall result : () . produces'0 a (Seq.(++) ab bc) c -> produces'0 a (Seq.(++) ab bc) c) + -> produces'0 b bc c + /\ produces'0 a ab b /\ (forall result : () . produces'0 a (Seq.(++) ab bc) c -> produces'0 a (Seq.(++) ab bc) c) end -module M_creusot_contracts__stdqy35z1__iter__skip__qyi3195031491774060502__produces_refl__refines [#"../../../creusot-contracts/src/std/iter/skip.rs" 75 4 75 26] (* as std::iter::Iterator> *) - let%span sskip0 = "../../../creusot-contracts/src/std/iter/skip.rs" 75 4 75 26 +module M_creusot_contracts__stdqy35z1__iter__skip__qyi3195031491774060502__produces_refl__refines [#"../../../creusot-contracts/src/std/iter/skip.rs" 74 4 74 26] (* as std::iter::Iterator> *) + let%span sskip0 = "../../../creusot-contracts/src/std/iter/skip.rs" 74 4 74 26 let%span sskip1 = "../../../creusot-contracts/src/std/iter/skip.rs" 62 12 67 74 let%span sskip2 = "../../../creusot-contracts/src/std/iter/skip.rs" 21 14 21 50 let%span sskip3 = "../../../creusot-contracts/src/std/iter/skip.rs" 14 14 14 39 - let%span siter4 = "../../../creusot-contracts/src/std/iter.rs" 38 15 38 24 - let%span siter5 = "../../../creusot-contracts/src/std/iter.rs" 39 14 39 45 - let%span siter6 = "../../../creusot-contracts/src/std/iter.rs" 43 15 43 21 - let%span siter7 = "../../../creusot-contracts/src/std/iter.rs" 44 15 44 21 - let%span siter8 = "../../../creusot-contracts/src/std/iter.rs" 45 15 45 21 - let%span siter9 = "../../../creusot-contracts/src/std/iter.rs" 46 15 46 32 - let%span siter10 = "../../../creusot-contracts/src/std/iter.rs" 47 15 47 32 - let%span siter11 = "../../../creusot-contracts/src/std/iter.rs" 48 14 48 42 - let%span sseq12 = "../../../creusot-contracts/src/logic/seq.rs" 611 20 611 95 - let%span sboxed13 = "../../../creusot-contracts/src/std/boxed.rs" 28 8 28 18 + let%span siter4 = "../../../creusot-contracts/src/std/iter.rs" 38 14 38 45 + let%span siter5 = "../../../creusot-contracts/src/std/iter.rs" 42 15 42 32 + let%span siter6 = "../../../creusot-contracts/src/std/iter.rs" 43 15 43 32 + let%span siter7 = "../../../creusot-contracts/src/std/iter.rs" 44 14 44 42 type t_I'0 @@ -25138,15 +23020,6 @@ module M_creusot_contracts__stdqy35z1__iter__skip__qyi3195031491774060502__produ type t_Skip'0 = { t_Skip__iter'0: t_I'0; t_Skip__n'0: usize } - predicate inv'2 [#"../../../creusot-contracts/src/invariant.rs" 41 0 41 35] (_1 : t_I'0) - - predicate inv'0 [#"../../../creusot-contracts/src/invariant.rs" 41 0 41 35] (_1 : t_Skip'0) - - axiom inv_axiom'0 [@rewrite] : forall x : t_Skip'0 [inv'0 x] . inv'0 x - = match x with - | {t_Skip__iter'0 = iter ; t_Skip__n'0 = n} -> inv'2 iter - end - use seq.Seq type t_Item'0 @@ -25165,46 +23038,33 @@ module M_creusot_contracts__stdqy35z1__iter__skip__qyi3195031491774060502__produ use seq.Seq - use seq.Seq - - predicate inv'4 [#"../../../creusot-contracts/src/invariant.rs" 41 0 41 35] (_1 : t_Item'0) - - predicate invariant'1 [#"../../../creusot-contracts/src/std/boxed.rs" 27 4 27 30] (self : t_Item'0) = - [%#sboxed13] inv'4 self - - predicate inv'3 [#"../../../creusot-contracts/src/invariant.rs" 41 0 41 35] (_1 : t_Item'0) - - axiom inv_axiom'2 [@rewrite] : forall x : t_Item'0 [inv'3 x] . inv'3 x = invariant'1 x - - predicate invariant'0 [#"../../../creusot-contracts/src/logic/seq.rs" 610 4 610 30] (self : Seq.seq t_Item'0) = - [%#sseq12] forall i : int . 0 <= i /\ i < Seq.length self -> inv'3 (Seq.get self i) + predicate inv'1 [#"../../../creusot-contracts/src/invariant.rs" 41 0 41 35] (_1 : t_I'0) - predicate inv'1 [#"../../../creusot-contracts/src/invariant.rs" 41 0 41 35] (_1 : Seq.seq t_Item'0) + predicate inv'0 [#"../../../creusot-contracts/src/invariant.rs" 41 0 41 35] (_1 : t_Skip'0) - axiom inv_axiom'1 [@rewrite] : forall x : Seq.seq t_Item'0 [inv'1 x] . inv'1 x = invariant'0 x + axiom inv_axiom'0 [@rewrite] : forall x : t_Skip'0 [inv'0 x] . inv'0 x + = match x with + | {t_Skip__iter'0 = iter ; t_Skip__n'0 = n} -> inv'1 iter + end function iter'0 [#"../../../creusot-contracts/src/std/iter/skip.rs" 15 4 15 22] (self : t_Skip'0) : t_I'0 - axiom iter'0_spec : forall self : t_Skip'0 . [%#sskip3] inv'0 self -> inv'2 (iter'0 self) + axiom iter'0_spec : forall self : t_Skip'0 . [%#sskip3] inv'0 self -> inv'1 (iter'0 self) use seq.Seq predicate produces'1 [#"../../../creusot-contracts/src/std/iter.rs" 32 4 32 65] (self : t_I'0) (visited : Seq.seq t_Item'0) (o : t_I'0) - function produces_trans'0 [#"../../../creusot-contracts/src/std/iter.rs" 49 4 49 91] (a : t_I'0) (ab : Seq.seq t_Item'0) (b : t_I'0) (bc : Seq.seq t_Item'0) (c : t_I'0) : () + function produces_trans'0 [#"../../../creusot-contracts/src/std/iter.rs" 45 4 45 91] (a : t_I'0) (ab : Seq.seq t_Item'0) (b : t_I'0) (bc : Seq.seq t_Item'0) (c : t_I'0) : () - axiom produces_trans'0_spec : forall a : t_I'0, ab : Seq.seq t_Item'0, b : t_I'0, bc : Seq.seq t_Item'0, c : t_I'0 . ([%#siter6] inv'2 a) - -> ([%#siter7] inv'2 b) - -> ([%#siter8] inv'2 c) - -> ([%#siter9] produces'1 a ab b) - -> ([%#siter10] produces'1 b bc c) -> ([%#siter11] produces'1 a (Seq.(++) ab bc) c) + axiom produces_trans'0_spec : forall a : t_I'0, ab : Seq.seq t_Item'0, b : t_I'0, bc : Seq.seq t_Item'0, c : t_I'0 . ([%#siter5] produces'1 a ab b) + -> ([%#siter6] produces'1 b bc c) -> ([%#siter7] produces'1 a (Seq.(++) ab bc) c) - function produces_refl'1 [#"../../../creusot-contracts/src/std/iter.rs" 40 4 40 27] (self : t_I'0) : () + function produces_refl'1 [#"../../../creusot-contracts/src/std/iter.rs" 39 4 39 27] (self : t_I'0) : () - axiom produces_refl'1_spec : forall self : t_I'0 . ([%#siter4] inv'2 self) - -> ([%#siter5] produces'1 self (Seq.empty : Seq.seq t_Item'0) self) + axiom produces_refl'1_spec : forall self : t_I'0 . [%#siter4] produces'1 self (Seq.empty : Seq.seq t_Item'0) self use seq.Seq @@ -25218,29 +23078,22 @@ module M_creusot_contracts__stdqy35z1__iter__skip__qyi3195031491774060502__produ [%#sskip1] visited = (Seq.empty : Seq.seq t_Item'0) /\ self = o \/ n'0 o = 0 /\ Seq.length visited > 0 - /\ (exists s : Seq.seq t_Item'0 . inv'1 s - /\ Seq.length s = n'0 self + /\ (exists s : Seq.seq t_Item'0 . Seq.length s = n'0 self /\ produces'1 (iter'0 self) (Seq.(++) s visited) (iter'0 o) /\ (forall i : int . 0 <= i /\ i < Seq.length s -> resolve'0 (Seq.get s i))) - goal refines : [%#sskip0] forall self : t_Skip'0 . inv'0 self - -> inv'0 self - /\ (forall result : () . produces'0 self (Seq.empty : Seq.seq t_Item'0) self - -> produces'0 self (Seq.empty : Seq.seq t_Item'0) self) + goal refines : [%#sskip0] forall self : t_Skip'0 . forall result : () . produces'0 self (Seq.empty : Seq.seq t_Item'0) self + -> produces'0 self (Seq.empty : Seq.seq t_Item'0) self end -module M_creusot_contracts__stdqy35z1__iter__take__qyi12344256497067751022__produces_refl__refines [#"../../../creusot-contracts/src/std/iter/take.rs" 73 4 73 26] (* as std::iter::Iterator> *) - let%span stake0 = "../../../creusot-contracts/src/std/iter/take.rs" 73 4 73 26 +module M_creusot_contracts__stdqy35z1__iter__take__qyi12344256497067751022__produces_refl__refines [#"../../../creusot-contracts/src/std/iter/take.rs" 72 4 72 26] (* as std::iter::Iterator> *) + let%span stake0 = "../../../creusot-contracts/src/std/iter/take.rs" 72 4 72 26 let%span stake1 = "../../../creusot-contracts/src/std/iter/take.rs" 65 12 65 88 let%span stake2 = "../../../creusot-contracts/src/std/iter/take.rs" 31 14 31 50 let%span stake3 = "../../../creusot-contracts/src/std/iter/take.rs" 17 14 17 39 - let%span siter4 = "../../../creusot-contracts/src/std/iter.rs" 38 15 38 24 - let%span siter5 = "../../../creusot-contracts/src/std/iter.rs" 39 14 39 45 - let%span siter6 = "../../../creusot-contracts/src/std/iter.rs" 43 15 43 21 - let%span siter7 = "../../../creusot-contracts/src/std/iter.rs" 44 15 44 21 - let%span siter8 = "../../../creusot-contracts/src/std/iter.rs" 45 15 45 21 - let%span siter9 = "../../../creusot-contracts/src/std/iter.rs" 46 15 46 32 - let%span siter10 = "../../../creusot-contracts/src/std/iter.rs" 47 15 47 32 - let%span siter11 = "../../../creusot-contracts/src/std/iter.rs" 48 14 48 42 + let%span siter4 = "../../../creusot-contracts/src/std/iter.rs" 38 14 38 45 + let%span siter5 = "../../../creusot-contracts/src/std/iter.rs" 42 15 42 32 + let%span siter6 = "../../../creusot-contracts/src/std/iter.rs" 43 15 43 32 + let%span siter7 = "../../../creusot-contracts/src/std/iter.rs" 44 14 44 42 type t_I'0 @@ -25249,15 +23102,6 @@ module M_creusot_contracts__stdqy35z1__iter__take__qyi12344256497067751022__prod type t_Take'0 = { t_Take__iter'0: t_I'0; t_Take__n'0: usize } - predicate inv'1 [#"../../../creusot-contracts/src/invariant.rs" 41 0 41 35] (_1 : t_I'0) - - predicate inv'0 [#"../../../creusot-contracts/src/invariant.rs" 41 0 41 35] (_1 : t_Take'0) - - axiom inv_axiom'0 [@rewrite] : forall x : t_Take'0 [inv'0 x] . inv'0 x - = match x with - | {t_Take__iter'0 = iter ; t_Take__n'0 = n} -> inv'1 iter - end - use seq.Seq type t_Item'0 @@ -25276,6 +23120,15 @@ module M_creusot_contracts__stdqy35z1__iter__take__qyi12344256497067751022__prod use seq.Seq + predicate inv'1 [#"../../../creusot-contracts/src/invariant.rs" 41 0 41 35] (_1 : t_I'0) + + predicate inv'0 [#"../../../creusot-contracts/src/invariant.rs" 41 0 41 35] (_1 : t_Take'0) + + axiom inv_axiom'0 [@rewrite] : forall x : t_Take'0 [inv'0 x] . inv'0 x + = match x with + | {t_Take__iter'0 = iter ; t_Take__n'0 = n} -> inv'1 iter + end + function iter'0 [#"../../../creusot-contracts/src/std/iter/take.rs" 18 4 18 22] (self : t_Take'0) : t_I'0 axiom iter'0_spec : forall self : t_Take'0 . [%#stake3] inv'0 self -> inv'1 (iter'0 self) @@ -25285,43 +23138,33 @@ module M_creusot_contracts__stdqy35z1__iter__take__qyi12344256497067751022__prod predicate produces'1 [#"../../../creusot-contracts/src/std/iter.rs" 32 4 32 65] (self : t_I'0) (visited : Seq.seq t_Item'0) (o : t_I'0) - function produces_trans'0 [#"../../../creusot-contracts/src/std/iter.rs" 49 4 49 91] (a : t_I'0) (ab : Seq.seq t_Item'0) (b : t_I'0) (bc : Seq.seq t_Item'0) (c : t_I'0) : () + function produces_trans'0 [#"../../../creusot-contracts/src/std/iter.rs" 45 4 45 91] (a : t_I'0) (ab : Seq.seq t_Item'0) (b : t_I'0) (bc : Seq.seq t_Item'0) (c : t_I'0) : () - axiom produces_trans'0_spec : forall a : t_I'0, ab : Seq.seq t_Item'0, b : t_I'0, bc : Seq.seq t_Item'0, c : t_I'0 . ([%#siter6] inv'1 a) - -> ([%#siter7] inv'1 b) - -> ([%#siter8] inv'1 c) - -> ([%#siter9] produces'1 a ab b) - -> ([%#siter10] produces'1 b bc c) -> ([%#siter11] produces'1 a (Seq.(++) ab bc) c) + axiom produces_trans'0_spec : forall a : t_I'0, ab : Seq.seq t_Item'0, b : t_I'0, bc : Seq.seq t_Item'0, c : t_I'0 . ([%#siter5] produces'1 a ab b) + -> ([%#siter6] produces'1 b bc c) -> ([%#siter7] produces'1 a (Seq.(++) ab bc) c) - function produces_refl'1 [#"../../../creusot-contracts/src/std/iter.rs" 40 4 40 27] (self : t_I'0) : () + function produces_refl'1 [#"../../../creusot-contracts/src/std/iter.rs" 39 4 39 27] (self : t_I'0) : () - axiom produces_refl'1_spec : forall self : t_I'0 . ([%#siter4] inv'1 self) - -> ([%#siter5] produces'1 self (Seq.empty : Seq.seq t_Item'0) self) + axiom produces_refl'1_spec : forall self : t_I'0 . [%#siter4] produces'1 self (Seq.empty : Seq.seq t_Item'0) self predicate produces'0 [#"../../../creusot-contracts/src/std/iter/take.rs" 63 4 63 64] (self : t_Take'0) (visited : Seq.seq t_Item'0) (o : t_Take'0) = [%#stake1] n'0 self = n'0 o + Seq.length visited /\ produces'1 (iter'0 self) visited (iter'0 o) - goal refines : [%#stake0] forall self : t_Take'0 . inv'0 self - -> inv'0 self - /\ (forall result : () . produces'0 self (Seq.empty : Seq.seq t_Item'0) self - -> produces'0 self (Seq.empty : Seq.seq t_Item'0) self) + goal refines : [%#stake0] forall self : t_Take'0 . forall result : () . produces'0 self (Seq.empty : Seq.seq t_Item'0) self + -> produces'0 self (Seq.empty : Seq.seq t_Item'0) self end -module M_creusot_contracts__stdqy35z1__iter__take__qyi12344256497067751022__produces_trans__refines [#"../../../creusot-contracts/src/std/iter/take.rs" 83 4 83 90] (* as std::iter::Iterator> *) - let%span stake0 = "../../../creusot-contracts/src/std/iter/take.rs" 83 4 83 90 +module M_creusot_contracts__stdqy35z1__iter__take__qyi12344256497067751022__produces_trans__refines [#"../../../creusot-contracts/src/std/iter/take.rs" 79 4 79 90] (* as std::iter::Iterator> *) + let%span stake0 = "../../../creusot-contracts/src/std/iter/take.rs" 79 4 79 90 let%span stake1 = "../../../creusot-contracts/src/std/iter/take.rs" 65 12 65 88 let%span stake2 = "../../../creusot-contracts/src/std/iter/take.rs" 31 14 31 50 let%span stake3 = "../../../creusot-contracts/src/std/iter/take.rs" 17 14 17 39 - let%span siter4 = "../../../creusot-contracts/src/std/iter.rs" 38 15 38 24 - let%span siter5 = "../../../creusot-contracts/src/std/iter.rs" 39 14 39 45 - let%span siter6 = "../../../creusot-contracts/src/std/iter.rs" 43 15 43 21 - let%span siter7 = "../../../creusot-contracts/src/std/iter.rs" 44 15 44 21 - let%span siter8 = "../../../creusot-contracts/src/std/iter.rs" 45 15 45 21 - let%span siter9 = "../../../creusot-contracts/src/std/iter.rs" 46 15 46 32 - let%span siter10 = "../../../creusot-contracts/src/std/iter.rs" 47 15 47 32 - let%span siter11 = "../../../creusot-contracts/src/std/iter.rs" 48 14 48 42 + let%span siter4 = "../../../creusot-contracts/src/std/iter.rs" 38 14 38 45 + let%span siter5 = "../../../creusot-contracts/src/std/iter.rs" 42 15 42 32 + let%span siter6 = "../../../creusot-contracts/src/std/iter.rs" 43 15 43 32 + let%span siter7 = "../../../creusot-contracts/src/std/iter.rs" 44 14 44 42 type t_I'0 @@ -25366,19 +23209,15 @@ module M_creusot_contracts__stdqy35z1__iter__take__qyi12344256497067751022__prod predicate produces'1 [#"../../../creusot-contracts/src/std/iter.rs" 32 4 32 65] (self : t_I'0) (visited : Seq.seq t_Item'0) (o : t_I'0) - function produces_trans'1 [#"../../../creusot-contracts/src/std/iter.rs" 49 4 49 91] (a : t_I'0) (ab : Seq.seq t_Item'0) (b : t_I'0) (bc : Seq.seq t_Item'0) (c : t_I'0) : () + function produces_trans'1 [#"../../../creusot-contracts/src/std/iter.rs" 45 4 45 91] (a : t_I'0) (ab : Seq.seq t_Item'0) (b : t_I'0) (bc : Seq.seq t_Item'0) (c : t_I'0) : () - axiom produces_trans'1_spec : forall a : t_I'0, ab : Seq.seq t_Item'0, b : t_I'0, bc : Seq.seq t_Item'0, c : t_I'0 . ([%#siter6] inv'1 a) - -> ([%#siter7] inv'1 b) - -> ([%#siter8] inv'1 c) - -> ([%#siter9] produces'1 a ab b) - -> ([%#siter10] produces'1 b bc c) -> ([%#siter11] produces'1 a (Seq.(++) ab bc) c) + axiom produces_trans'1_spec : forall a : t_I'0, ab : Seq.seq t_Item'0, b : t_I'0, bc : Seq.seq t_Item'0, c : t_I'0 . ([%#siter5] produces'1 a ab b) + -> ([%#siter6] produces'1 b bc c) -> ([%#siter7] produces'1 a (Seq.(++) ab bc) c) - function produces_refl'0 [#"../../../creusot-contracts/src/std/iter.rs" 40 4 40 27] (self : t_I'0) : () + function produces_refl'0 [#"../../../creusot-contracts/src/std/iter.rs" 39 4 39 27] (self : t_I'0) : () - axiom produces_refl'0_spec : forall self : t_I'0 . ([%#siter4] inv'1 self) - -> ([%#siter5] produces'1 self (Seq.empty : Seq.seq t_Item'0) self) + axiom produces_refl'0_spec : forall self : t_I'0 . [%#siter4] produces'1 self (Seq.empty : Seq.seq t_Item'0) self predicate produces'0 [#"../../../creusot-contracts/src/std/iter/take.rs" 63 4 63 64] (self : t_Take'0) (visited : Seq.seq t_Item'0) (o : t_Take'0) @@ -25386,27 +23225,19 @@ module M_creusot_contracts__stdqy35z1__iter__take__qyi12344256497067751022__prod [%#stake1] n'0 self = n'0 o + Seq.length visited /\ produces'1 (iter'0 self) visited (iter'0 o) goal refines : [%#stake0] forall a : t_Take'0 . forall ab : Seq.seq t_Item'0 . forall b : t_Take'0 . forall bc : Seq.seq t_Item'0 . forall c : t_Take'0 . produces'0 b bc c - /\ produces'0 a ab b /\ inv'0 c /\ inv'0 b /\ inv'0 a - -> produces'0 b bc c /\ produces'0 a ab b - /\ inv'0 c - /\ inv'0 b /\ inv'0 a /\ (forall result : () . produces'0 a (Seq.(++) ab bc) c -> produces'0 a (Seq.(++) ab bc) c) + -> produces'0 b bc c + /\ produces'0 a ab b /\ (forall result : () . produces'0 a (Seq.(++) ab bc) c -> produces'0 a (Seq.(++) ab bc) c) end -module M_creusot_contracts__stdqy35z1__iter__zip__qyi2281060687216883844__produces_trans__refines [#"../../../creusot-contracts/src/std/iter/zip.rs" 67 4 67 90] (* as std::iter::Iterator> *) - let%span szip0 = "../../../creusot-contracts/src/std/iter/zip.rs" 67 4 67 90 +module M_creusot_contracts__stdqy35z1__iter__zip__qyi2281060687216883844__produces_trans__refines [#"../../../creusot-contracts/src/std/iter/zip.rs" 63 4 63 90] (* as std::iter::Iterator> *) + let%span szip0 = "../../../creusot-contracts/src/std/iter/zip.rs" 63 4 63 90 let%span szip1 = "../../../creusot-contracts/src/std/iter/zip.rs" 46 12 49 95 let%span szip2 = "../../../creusot-contracts/src/std/iter/zip.rs" 14 14 14 39 let%span szip3 = "../../../creusot-contracts/src/std/iter/zip.rs" 21 14 21 39 - let%span siter4 = "../../../creusot-contracts/src/std/iter.rs" 38 15 38 24 - let%span siter5 = "../../../creusot-contracts/src/std/iter.rs" 39 14 39 45 - let%span siter6 = "../../../creusot-contracts/src/std/iter.rs" 43 15 43 21 - let%span siter7 = "../../../creusot-contracts/src/std/iter.rs" 44 15 44 21 - let%span siter8 = "../../../creusot-contracts/src/std/iter.rs" 45 15 45 21 - let%span siter9 = "../../../creusot-contracts/src/std/iter.rs" 46 15 46 32 - let%span siter10 = "../../../creusot-contracts/src/std/iter.rs" 47 15 47 32 - let%span siter11 = "../../../creusot-contracts/src/std/iter.rs" 48 14 48 42 - let%span sseq12 = "../../../creusot-contracts/src/logic/seq.rs" 611 20 611 95 - let%span sboxed13 = "../../../creusot-contracts/src/std/boxed.rs" 28 8 28 18 + let%span siter4 = "../../../creusot-contracts/src/std/iter.rs" 38 14 38 45 + let%span siter5 = "../../../creusot-contracts/src/std/iter.rs" 42 15 42 32 + let%span siter6 = "../../../creusot-contracts/src/std/iter.rs" 43 15 43 32 + let%span siter7 = "../../../creusot-contracts/src/std/iter.rs" 44 14 44 42 type t_A'0 @@ -25427,49 +23258,13 @@ module M_creusot_contracts__stdqy35z1__iter__zip__qyi2281060687216883844__produc use seq.Seq - use prelude.prelude.Int - - use seq.Seq - use seq.Seq - predicate inv'7 [#"../../../creusot-contracts/src/invariant.rs" 41 0 41 35] (_1 : t_Item'0) - - predicate invariant'2 [#"../../../creusot-contracts/src/std/boxed.rs" 27 4 27 30] (self : t_Item'0) = - [%#sboxed13] inv'7 self - - predicate inv'5 [#"../../../creusot-contracts/src/invariant.rs" 41 0 41 35] (_1 : t_Item'0) - - axiom inv_axiom'3 [@rewrite] : forall x : t_Item'0 [inv'5 x] . inv'5 x = invariant'2 x - - predicate invariant'0 [#"../../../creusot-contracts/src/logic/seq.rs" 610 4 610 30] (self : Seq.seq t_Item'0) = - [%#sseq12] forall i : int . 0 <= i /\ i < Seq.length self -> inv'5 (Seq.get self i) - - predicate inv'1 [#"../../../creusot-contracts/src/invariant.rs" 41 0 41 35] (_1 : Seq.seq t_Item'0) - - axiom inv_axiom'1 [@rewrite] : forall x : Seq.seq t_Item'0 [inv'1 x] . inv'1 x = invariant'0 x - use seq.Seq use seq.Seq - predicate inv'8 [#"../../../creusot-contracts/src/invariant.rs" 41 0 41 35] (_1 : t_Item'1) - - predicate invariant'3 [#"../../../creusot-contracts/src/std/boxed.rs" 27 4 27 30] (self : t_Item'1) = - [%#sboxed13] inv'8 self - - predicate inv'6 [#"../../../creusot-contracts/src/invariant.rs" 41 0 41 35] (_1 : t_Item'1) - - axiom inv_axiom'4 [@rewrite] : forall x : t_Item'1 [inv'6 x] . inv'6 x = invariant'3 x - - predicate invariant'1 [#"../../../creusot-contracts/src/logic/seq.rs" 610 4 610 30] (self : Seq.seq t_Item'1) = - [%#sseq12] forall i : int . 0 <= i /\ i < Seq.length self -> inv'6 (Seq.get self i) - - predicate inv'2 [#"../../../creusot-contracts/src/invariant.rs" 41 0 41 35] (_1 : Seq.seq t_Item'1) - - axiom inv_axiom'2 [@rewrite] : forall x : Seq.seq t_Item'1 [inv'2 x] . inv'2 x = invariant'1 x - - use seq.Seq + use prelude.prelude.Int use seq.Seq @@ -25477,21 +23272,21 @@ module M_creusot_contracts__stdqy35z1__iter__zip__qyi2281060687216883844__produc use seq.Seq - predicate inv'3 [#"../../../creusot-contracts/src/invariant.rs" 41 0 41 35] (_1 : t_A'0) + predicate inv'1 [#"../../../creusot-contracts/src/invariant.rs" 41 0 41 35] (_1 : t_A'0) - predicate inv'4 [#"../../../creusot-contracts/src/invariant.rs" 41 0 41 35] (_1 : t_B'0) + predicate inv'2 [#"../../../creusot-contracts/src/invariant.rs" 41 0 41 35] (_1 : t_B'0) predicate inv'0 [#"../../../creusot-contracts/src/invariant.rs" 41 0 41 35] (_1 : t_Zip'0) axiom inv_axiom'0 [@rewrite] : forall x : t_Zip'0 [inv'0 x] . inv'0 x = match x with - | {t_Zip__a'0 = a ; t_Zip__b'0 = b ; t_Zip__index'0 = index ; t_Zip__len'0 = len ; t_Zip__a_len'0 = a_len} -> inv'3 a - /\ inv'4 b + | {t_Zip__a'0 = a ; t_Zip__b'0 = b ; t_Zip__index'0 = index ; t_Zip__len'0 = len ; t_Zip__a_len'0 = a_len} -> inv'1 a + /\ inv'2 b end function itera'0 [#"../../../creusot-contracts/src/std/iter/zip.rs" 15 4 15 23] (self : t_Zip'0) : t_A'0 - axiom itera'0_spec : forall self : t_Zip'0 . [%#szip2] inv'0 self -> inv'3 (itera'0 self) + axiom itera'0_spec : forall self : t_Zip'0 . [%#szip2] inv'0 self -> inv'1 (itera'0 self) use seq.Seq @@ -25500,23 +23295,19 @@ module M_creusot_contracts__stdqy35z1__iter__zip__qyi2281060687216883844__produc predicate produces'1 [#"../../../creusot-contracts/src/std/iter.rs" 32 4 32 65] (self : t_A'0) (visited : Seq.seq t_Item'0) (o : t_A'0) - function produces_trans'1 [#"../../../creusot-contracts/src/std/iter.rs" 49 4 49 91] (a : t_A'0) (ab : Seq.seq t_Item'0) (b : t_A'0) (bc : Seq.seq t_Item'0) (c : t_A'0) : () + function produces_trans'1 [#"../../../creusot-contracts/src/std/iter.rs" 45 4 45 91] (a : t_A'0) (ab : Seq.seq t_Item'0) (b : t_A'0) (bc : Seq.seq t_Item'0) (c : t_A'0) : () - axiom produces_trans'1_spec : forall a : t_A'0, ab : Seq.seq t_Item'0, b : t_A'0, bc : Seq.seq t_Item'0, c : t_A'0 . ([%#siter6] inv'3 a) - -> ([%#siter7] inv'3 b) - -> ([%#siter8] inv'3 c) - -> ([%#siter9] produces'1 a ab b) - -> ([%#siter10] produces'1 b bc c) -> ([%#siter11] produces'1 a (Seq.(++) ab bc) c) + axiom produces_trans'1_spec : forall a : t_A'0, ab : Seq.seq t_Item'0, b : t_A'0, bc : Seq.seq t_Item'0, c : t_A'0 . ([%#siter5] produces'1 a ab b) + -> ([%#siter6] produces'1 b bc c) -> ([%#siter7] produces'1 a (Seq.(++) ab bc) c) - function produces_refl'0 [#"../../../creusot-contracts/src/std/iter.rs" 40 4 40 27] (self : t_A'0) : () + function produces_refl'0 [#"../../../creusot-contracts/src/std/iter.rs" 39 4 39 27] (self : t_A'0) : () - axiom produces_refl'0_spec : forall self : t_A'0 . ([%#siter4] inv'3 self) - -> ([%#siter5] produces'1 self (Seq.empty : Seq.seq t_Item'0) self) + axiom produces_refl'0_spec : forall self : t_A'0 . [%#siter4] produces'1 self (Seq.empty : Seq.seq t_Item'0) self function iterb'0 [#"../../../creusot-contracts/src/std/iter/zip.rs" 22 4 22 23] (self : t_Zip'0) : t_B'0 - axiom iterb'0_spec : forall self : t_Zip'0 . [%#szip3] inv'0 self -> inv'4 (iterb'0 self) + axiom iterb'0_spec : forall self : t_Zip'0 . [%#szip3] inv'0 self -> inv'2 (iterb'0 self) use seq.Seq @@ -25525,26 +23316,20 @@ module M_creusot_contracts__stdqy35z1__iter__zip__qyi2281060687216883844__produc predicate produces'2 [#"../../../creusot-contracts/src/std/iter.rs" 32 4 32 65] (self : t_B'0) (visited : Seq.seq t_Item'1) (o : t_B'0) - function produces_trans'2 [#"../../../creusot-contracts/src/std/iter.rs" 49 4 49 91] (a : t_B'0) (ab : Seq.seq t_Item'1) (b : t_B'0) (bc : Seq.seq t_Item'1) (c : t_B'0) : () + function produces_trans'2 [#"../../../creusot-contracts/src/std/iter.rs" 45 4 45 91] (a : t_B'0) (ab : Seq.seq t_Item'1) (b : t_B'0) (bc : Seq.seq t_Item'1) (c : t_B'0) : () - axiom produces_trans'2_spec : forall a : t_B'0, ab : Seq.seq t_Item'1, b : t_B'0, bc : Seq.seq t_Item'1, c : t_B'0 . ([%#siter6] inv'4 a) - -> ([%#siter7] inv'4 b) - -> ([%#siter8] inv'4 c) - -> ([%#siter9] produces'2 a ab b) - -> ([%#siter10] produces'2 b bc c) -> ([%#siter11] produces'2 a (Seq.(++) ab bc) c) + axiom produces_trans'2_spec : forall a : t_B'0, ab : Seq.seq t_Item'1, b : t_B'0, bc : Seq.seq t_Item'1, c : t_B'0 . ([%#siter5] produces'2 a ab b) + -> ([%#siter6] produces'2 b bc c) -> ([%#siter7] produces'2 a (Seq.(++) ab bc) c) - function produces_refl'1 [#"../../../creusot-contracts/src/std/iter.rs" 40 4 40 27] (self : t_B'0) : () + function produces_refl'1 [#"../../../creusot-contracts/src/std/iter.rs" 39 4 39 27] (self : t_B'0) : () - axiom produces_refl'1_spec : forall self : t_B'0 . ([%#siter4] inv'4 self) - -> ([%#siter5] produces'2 self (Seq.empty : Seq.seq t_Item'1) self) + axiom produces_refl'1_spec : forall self : t_B'0 . [%#siter4] produces'2 self (Seq.empty : Seq.seq t_Item'1) self predicate produces'0 [#"../../../creusot-contracts/src/std/iter/zip.rs" 43 4 43 64] (self : t_Zip'0) (visited : Seq.seq (t_Item'0, t_Item'1)) (o : t_Zip'0) = - [%#szip1] exists p1 : Seq.seq t_Item'0, p2 : Seq.seq t_Item'1 . inv'1 p1 - /\ inv'2 p2 - /\ Seq.length p1 = Seq.length p2 + [%#szip1] exists p1 : Seq.seq t_Item'0, p2 : Seq.seq t_Item'1 . Seq.length p1 = Seq.length p2 /\ Seq.length p2 = Seq.length visited /\ (forall i : int . 0 <= i /\ i < Seq.length visited -> Seq.get visited i = (Seq.get p1 i, Seq.get p2 i)) /\ produces'1 (itera'0 self) p1 (itera'0 o) /\ produces'2 (iterb'0 self) p2 (iterb'0 o) @@ -25552,27 +23337,19 @@ module M_creusot_contracts__stdqy35z1__iter__zip__qyi2281060687216883844__produc use seq.Seq goal refines : [%#szip0] forall a : t_Zip'0 . forall ab : Seq.seq (t_Item'0, t_Item'1) . forall b : t_Zip'0 . forall bc : Seq.seq (t_Item'0, t_Item'1) . forall c : t_Zip'0 . produces'0 b bc c - /\ produces'0 a ab b /\ inv'0 c /\ inv'0 b /\ inv'0 a - -> produces'0 b bc c /\ produces'0 a ab b - /\ inv'0 c - /\ inv'0 b /\ inv'0 a /\ (forall result : () . produces'0 a (Seq.(++) ab bc) c -> produces'0 a (Seq.(++) ab bc) c) + -> produces'0 b bc c + /\ produces'0 a ab b /\ (forall result : () . produces'0 a (Seq.(++) ab bc) c -> produces'0 a (Seq.(++) ab bc) c) end -module M_creusot_contracts__stdqy35z1__iter__zip__qyi2281060687216883844__produces_refl__refines [#"../../../creusot-contracts/src/std/iter/zip.rs" 57 4 57 26] (* as std::iter::Iterator> *) - let%span szip0 = "../../../creusot-contracts/src/std/iter/zip.rs" 57 4 57 26 +module M_creusot_contracts__stdqy35z1__iter__zip__qyi2281060687216883844__produces_refl__refines [#"../../../creusot-contracts/src/std/iter/zip.rs" 56 4 56 26] (* as std::iter::Iterator> *) + let%span szip0 = "../../../creusot-contracts/src/std/iter/zip.rs" 56 4 56 26 let%span szip1 = "../../../creusot-contracts/src/std/iter/zip.rs" 46 12 49 95 let%span szip2 = "../../../creusot-contracts/src/std/iter/zip.rs" 14 14 14 39 let%span szip3 = "../../../creusot-contracts/src/std/iter/zip.rs" 21 14 21 39 - let%span siter4 = "../../../creusot-contracts/src/std/iter.rs" 38 15 38 24 - let%span siter5 = "../../../creusot-contracts/src/std/iter.rs" 39 14 39 45 - let%span siter6 = "../../../creusot-contracts/src/std/iter.rs" 43 15 43 21 - let%span siter7 = "../../../creusot-contracts/src/std/iter.rs" 44 15 44 21 - let%span siter8 = "../../../creusot-contracts/src/std/iter.rs" 45 15 45 21 - let%span siter9 = "../../../creusot-contracts/src/std/iter.rs" 46 15 46 32 - let%span siter10 = "../../../creusot-contracts/src/std/iter.rs" 47 15 47 32 - let%span siter11 = "../../../creusot-contracts/src/std/iter.rs" 48 14 48 42 - let%span sseq12 = "../../../creusot-contracts/src/logic/seq.rs" 611 20 611 95 - let%span sboxed13 = "../../../creusot-contracts/src/std/boxed.rs" 28 8 28 18 + let%span siter4 = "../../../creusot-contracts/src/std/iter.rs" 38 14 38 45 + let%span siter5 = "../../../creusot-contracts/src/std/iter.rs" 42 15 42 32 + let%span siter6 = "../../../creusot-contracts/src/std/iter.rs" 43 15 43 32 + let%span siter7 = "../../../creusot-contracts/src/std/iter.rs" 44 14 44 42 type t_A'0 @@ -25583,18 +23360,6 @@ module M_creusot_contracts__stdqy35z1__iter__zip__qyi2281060687216883844__produc type t_Zip'0 = { t_Zip__a'0: t_A'0; t_Zip__b'0: t_B'0; t_Zip__index'0: usize; t_Zip__len'0: usize; t_Zip__a_len'0: usize } - predicate inv'3 [#"../../../creusot-contracts/src/invariant.rs" 41 0 41 35] (_1 : t_A'0) - - predicate inv'4 [#"../../../creusot-contracts/src/invariant.rs" 41 0 41 35] (_1 : t_B'0) - - predicate inv'0 [#"../../../creusot-contracts/src/invariant.rs" 41 0 41 35] (_1 : t_Zip'0) - - axiom inv_axiom'0 [@rewrite] : forall x : t_Zip'0 [inv'0 x] . inv'0 x - = match x with - | {t_Zip__a'0 = a ; t_Zip__b'0 = b ; t_Zip__index'0 = index ; t_Zip__len'0 = len ; t_Zip__a_len'0 = a_len} -> inv'3 a - /\ inv'4 b - end - use seq.Seq type t_Item'0 @@ -25607,47 +23372,13 @@ module M_creusot_contracts__stdqy35z1__iter__zip__qyi2281060687216883844__produc use seq.Seq - use prelude.prelude.Int - - use seq.Seq - - use seq.Seq - - predicate inv'7 [#"../../../creusot-contracts/src/invariant.rs" 41 0 41 35] (_1 : t_Item'0) - - predicate invariant'2 [#"../../../creusot-contracts/src/std/boxed.rs" 27 4 27 30] (self : t_Item'0) = - [%#sboxed13] inv'7 self - - predicate inv'5 [#"../../../creusot-contracts/src/invariant.rs" 41 0 41 35] (_1 : t_Item'0) - - axiom inv_axiom'3 [@rewrite] : forall x : t_Item'0 [inv'5 x] . inv'5 x = invariant'2 x - - predicate invariant'0 [#"../../../creusot-contracts/src/logic/seq.rs" 610 4 610 30] (self : Seq.seq t_Item'0) = - [%#sseq12] forall i : int . 0 <= i /\ i < Seq.length self -> inv'5 (Seq.get self i) - - predicate inv'1 [#"../../../creusot-contracts/src/invariant.rs" 41 0 41 35] (_1 : Seq.seq t_Item'0) - - axiom inv_axiom'1 [@rewrite] : forall x : Seq.seq t_Item'0 [inv'1 x] . inv'1 x = invariant'0 x - - use seq.Seq - - use seq.Seq - - predicate inv'8 [#"../../../creusot-contracts/src/invariant.rs" 41 0 41 35] (_1 : t_Item'1) - - predicate invariant'3 [#"../../../creusot-contracts/src/std/boxed.rs" 27 4 27 30] (self : t_Item'1) = - [%#sboxed13] inv'8 self - - predicate inv'6 [#"../../../creusot-contracts/src/invariant.rs" 41 0 41 35] (_1 : t_Item'1) - - axiom inv_axiom'4 [@rewrite] : forall x : t_Item'1 [inv'6 x] . inv'6 x = invariant'3 x + use seq.Seq - predicate invariant'1 [#"../../../creusot-contracts/src/logic/seq.rs" 610 4 610 30] (self : Seq.seq t_Item'1) = - [%#sseq12] forall i : int . 0 <= i /\ i < Seq.length self -> inv'6 (Seq.get self i) + use seq.Seq - predicate inv'2 [#"../../../creusot-contracts/src/invariant.rs" 41 0 41 35] (_1 : Seq.seq t_Item'1) + use seq.Seq - axiom inv_axiom'2 [@rewrite] : forall x : Seq.seq t_Item'1 [inv'2 x] . inv'2 x = invariant'1 x + use prelude.prelude.Int use seq.Seq @@ -25655,11 +23386,21 @@ module M_creusot_contracts__stdqy35z1__iter__zip__qyi2281060687216883844__produc use seq.Seq - use seq.Seq + predicate inv'1 [#"../../../creusot-contracts/src/invariant.rs" 41 0 41 35] (_1 : t_A'0) + + predicate inv'2 [#"../../../creusot-contracts/src/invariant.rs" 41 0 41 35] (_1 : t_B'0) + + predicate inv'0 [#"../../../creusot-contracts/src/invariant.rs" 41 0 41 35] (_1 : t_Zip'0) + + axiom inv_axiom'0 [@rewrite] : forall x : t_Zip'0 [inv'0 x] . inv'0 x + = match x with + | {t_Zip__a'0 = a ; t_Zip__b'0 = b ; t_Zip__index'0 = index ; t_Zip__len'0 = len ; t_Zip__a_len'0 = a_len} -> inv'1 a + /\ inv'2 b + end function itera'0 [#"../../../creusot-contracts/src/std/iter/zip.rs" 15 4 15 23] (self : t_Zip'0) : t_A'0 - axiom itera'0_spec : forall self : t_Zip'0 . [%#szip2] inv'0 self -> inv'3 (itera'0 self) + axiom itera'0_spec : forall self : t_Zip'0 . [%#szip2] inv'0 self -> inv'1 (itera'0 self) use seq.Seq @@ -25668,23 +23409,19 @@ module M_creusot_contracts__stdqy35z1__iter__zip__qyi2281060687216883844__produc predicate produces'1 [#"../../../creusot-contracts/src/std/iter.rs" 32 4 32 65] (self : t_A'0) (visited : Seq.seq t_Item'0) (o : t_A'0) - function produces_trans'0 [#"../../../creusot-contracts/src/std/iter.rs" 49 4 49 91] (a : t_A'0) (ab : Seq.seq t_Item'0) (b : t_A'0) (bc : Seq.seq t_Item'0) (c : t_A'0) : () + function produces_trans'0 [#"../../../creusot-contracts/src/std/iter.rs" 45 4 45 91] (a : t_A'0) (ab : Seq.seq t_Item'0) (b : t_A'0) (bc : Seq.seq t_Item'0) (c : t_A'0) : () - axiom produces_trans'0_spec : forall a : t_A'0, ab : Seq.seq t_Item'0, b : t_A'0, bc : Seq.seq t_Item'0, c : t_A'0 . ([%#siter6] inv'3 a) - -> ([%#siter7] inv'3 b) - -> ([%#siter8] inv'3 c) - -> ([%#siter9] produces'1 a ab b) - -> ([%#siter10] produces'1 b bc c) -> ([%#siter11] produces'1 a (Seq.(++) ab bc) c) + axiom produces_trans'0_spec : forall a : t_A'0, ab : Seq.seq t_Item'0, b : t_A'0, bc : Seq.seq t_Item'0, c : t_A'0 . ([%#siter5] produces'1 a ab b) + -> ([%#siter6] produces'1 b bc c) -> ([%#siter7] produces'1 a (Seq.(++) ab bc) c) - function produces_refl'1 [#"../../../creusot-contracts/src/std/iter.rs" 40 4 40 27] (self : t_A'0) : () + function produces_refl'1 [#"../../../creusot-contracts/src/std/iter.rs" 39 4 39 27] (self : t_A'0) : () - axiom produces_refl'1_spec : forall self : t_A'0 . ([%#siter4] inv'3 self) - -> ([%#siter5] produces'1 self (Seq.empty : Seq.seq t_Item'0) self) + axiom produces_refl'1_spec : forall self : t_A'0 . [%#siter4] produces'1 self (Seq.empty : Seq.seq t_Item'0) self function iterb'0 [#"../../../creusot-contracts/src/std/iter/zip.rs" 22 4 22 23] (self : t_Zip'0) : t_B'0 - axiom iterb'0_spec : forall self : t_Zip'0 . [%#szip3] inv'0 self -> inv'4 (iterb'0 self) + axiom iterb'0_spec : forall self : t_Zip'0 . [%#szip3] inv'0 self -> inv'2 (iterb'0 self) use seq.Seq @@ -25693,34 +23430,26 @@ module M_creusot_contracts__stdqy35z1__iter__zip__qyi2281060687216883844__produc predicate produces'2 [#"../../../creusot-contracts/src/std/iter.rs" 32 4 32 65] (self : t_B'0) (visited : Seq.seq t_Item'1) (o : t_B'0) - function produces_trans'1 [#"../../../creusot-contracts/src/std/iter.rs" 49 4 49 91] (a : t_B'0) (ab : Seq.seq t_Item'1) (b : t_B'0) (bc : Seq.seq t_Item'1) (c : t_B'0) : () + function produces_trans'1 [#"../../../creusot-contracts/src/std/iter.rs" 45 4 45 91] (a : t_B'0) (ab : Seq.seq t_Item'1) (b : t_B'0) (bc : Seq.seq t_Item'1) (c : t_B'0) : () - axiom produces_trans'1_spec : forall a : t_B'0, ab : Seq.seq t_Item'1, b : t_B'0, bc : Seq.seq t_Item'1, c : t_B'0 . ([%#siter6] inv'4 a) - -> ([%#siter7] inv'4 b) - -> ([%#siter8] inv'4 c) - -> ([%#siter9] produces'2 a ab b) - -> ([%#siter10] produces'2 b bc c) -> ([%#siter11] produces'2 a (Seq.(++) ab bc) c) + axiom produces_trans'1_spec : forall a : t_B'0, ab : Seq.seq t_Item'1, b : t_B'0, bc : Seq.seq t_Item'1, c : t_B'0 . ([%#siter5] produces'2 a ab b) + -> ([%#siter6] produces'2 b bc c) -> ([%#siter7] produces'2 a (Seq.(++) ab bc) c) - function produces_refl'2 [#"../../../creusot-contracts/src/std/iter.rs" 40 4 40 27] (self : t_B'0) : () + function produces_refl'2 [#"../../../creusot-contracts/src/std/iter.rs" 39 4 39 27] (self : t_B'0) : () - axiom produces_refl'2_spec : forall self : t_B'0 . ([%#siter4] inv'4 self) - -> ([%#siter5] produces'2 self (Seq.empty : Seq.seq t_Item'1) self) + axiom produces_refl'2_spec : forall self : t_B'0 . [%#siter4] produces'2 self (Seq.empty : Seq.seq t_Item'1) self predicate produces'0 [#"../../../creusot-contracts/src/std/iter/zip.rs" 43 4 43 64] (self : t_Zip'0) (visited : Seq.seq (t_Item'0, t_Item'1)) (o : t_Zip'0) = - [%#szip1] exists p1 : Seq.seq t_Item'0, p2 : Seq.seq t_Item'1 . inv'1 p1 - /\ inv'2 p2 - /\ Seq.length p1 = Seq.length p2 + [%#szip1] exists p1 : Seq.seq t_Item'0, p2 : Seq.seq t_Item'1 . Seq.length p1 = Seq.length p2 /\ Seq.length p2 = Seq.length visited /\ (forall i : int . 0 <= i /\ i < Seq.length visited -> Seq.get visited i = (Seq.get p1 i, Seq.get p2 i)) /\ produces'1 (itera'0 self) p1 (itera'0 o) /\ produces'2 (iterb'0 self) p2 (iterb'0 o) - goal refines : [%#szip0] forall self : t_Zip'0 . inv'0 self - -> inv'0 self - /\ (forall result : () . produces'0 self (Seq.empty : Seq.seq (t_Item'0, t_Item'1)) self - -> produces'0 self (Seq.empty : Seq.seq (t_Item'0, t_Item'1)) self) + goal refines : [%#szip0] forall self : t_Zip'0 . forall result : () . produces'0 self (Seq.empty : Seq.seq (t_Item'0, t_Item'1)) self + -> produces'0 self (Seq.empty : Seq.seq (t_Item'0, t_Item'1)) self end module M_creusot_contracts__stdqy35z1__option__qyi15354566128244900690__produces_refl__refines [#"../../../creusot-contracts/src/std/option.rs" 477 4 477 26] (* as std::iter::Iterator> *) let%span soption0 = "../../../creusot-contracts/src/std/option.rs" 477 4 477 26 @@ -25738,30 +23467,6 @@ module M_creusot_contracts__stdqy35z1__option__qyi15354566128244900690__produces type t_IntoIter'0 = { t_IntoIter__inner'0: t_Item'0 } - predicate inv'3 [#"../../../creusot-contracts/src/invariant.rs" 41 0 41 35] (_1 : t_T'0) - - predicate inv'2 [#"../../../creusot-contracts/src/invariant.rs" 41 0 41 35] (_1 : t_Option'0) - - axiom inv_axiom'2 [@rewrite] : forall x : t_Option'0 [inv'2 x] . inv'2 x - = match x with - | C_None'0 -> true - | C_Some'0 a_0 -> inv'3 a_0 - end - - predicate inv'1 [#"../../../creusot-contracts/src/invariant.rs" 41 0 41 35] (_1 : t_Item'0) - - axiom inv_axiom'1 [@rewrite] : forall x : t_Item'0 [inv'1 x] . inv'1 x - = match x with - | {t_Item__opt'0 = opt} -> inv'2 opt - end - - predicate inv'0 [#"../../../creusot-contracts/src/invariant.rs" 41 0 41 35] (_1 : t_IntoIter'0) - - axiom inv_axiom'0 [@rewrite] : forall x : t_IntoIter'0 [inv'0 x] . inv'0 x - = match x with - | {t_IntoIter__inner'0 = inner} -> inv'1 inner - end - use seq.Seq use seq.Seq @@ -25776,9 +23481,8 @@ module M_creusot_contracts__stdqy35z1__option__qyi15354566128244900690__produces [%#soption1] visited = (Seq.empty : Seq.seq t_T'0) /\ self = o \/ (exists e : t_T'0 . view'0 self = C_Some'0 e /\ visited = Seq.singleton e /\ view'0 o = C_None'0) - goal refines : [%#soption0] forall self : t_IntoIter'0 . inv'0 self - -> (forall result : () . produces'0 self (Seq.empty : Seq.seq t_T'0) self - -> produces'0 self (Seq.empty : Seq.seq t_T'0) self) + goal refines : [%#soption0] forall self : t_IntoIter'0 . forall result : () . produces'0 self (Seq.empty : Seq.seq t_T'0) self + -> produces'0 self (Seq.empty : Seq.seq t_T'0) self end module M_creusot_contracts__stdqy35z1__option__qyi15354566128244900690__produces_trans__refines [#"../../../creusot-contracts/src/std/option.rs" 484 4 484 90] (* as std::iter::Iterator> *) let%span soption0 = "../../../creusot-contracts/src/std/option.rs" 484 4 484 90 @@ -25810,41 +23514,16 @@ module M_creusot_contracts__stdqy35z1__option__qyi15354566128244900690__produces [%#soption1] visited = (Seq.empty : Seq.seq t_T'0) /\ self = o \/ (exists e : t_T'0 . view'0 self = C_Some'0 e /\ visited = Seq.singleton e /\ view'0 o = C_None'0) - predicate inv'3 [#"../../../creusot-contracts/src/invariant.rs" 41 0 41 35] (_1 : t_T'0) - - predicate inv'2 [#"../../../creusot-contracts/src/invariant.rs" 41 0 41 35] (_1 : t_Option'0) - - axiom inv_axiom'2 [@rewrite] : forall x : t_Option'0 [inv'2 x] . inv'2 x - = match x with - | C_None'0 -> true - | C_Some'0 a_0 -> inv'3 a_0 - end - - predicate inv'1 [#"../../../creusot-contracts/src/invariant.rs" 41 0 41 35] (_1 : t_Item'0) - - axiom inv_axiom'1 [@rewrite] : forall x : t_Item'0 [inv'1 x] . inv'1 x - = match x with - | {t_Item__opt'0 = opt} -> inv'2 opt - end - - predicate inv'0 [#"../../../creusot-contracts/src/invariant.rs" 41 0 41 35] (_1 : t_IntoIter'0) - - axiom inv_axiom'0 [@rewrite] : forall x : t_IntoIter'0 [inv'0 x] . inv'0 x - = match x with - | {t_IntoIter__inner'0 = inner} -> inv'1 inner - end - use seq.Seq goal refines : [%#soption0] forall a : t_IntoIter'0 . forall ab : Seq.seq t_T'0 . forall b : t_IntoIter'0 . forall bc : Seq.seq t_T'0 . forall c : t_IntoIter'0 . produces'0 b bc c - /\ produces'0 a ab b /\ inv'0 c /\ inv'0 b /\ inv'0 a + /\ produces'0 a ab b -> produces'0 b bc c /\ produces'0 a ab b /\ (forall result : () . produces'0 a (Seq.(++) ab bc) c -> produces'0 a (Seq.(++) ab bc) c) end module M_creusot_contracts__stdqy35z1__option__qyi15411423289202690388__produces_refl__refines [#"../../../creusot-contracts/src/std/option.rs" 530 4 530 26] (* as std::iter::Iterator> *) let%span soption0 = "../../../creusot-contracts/src/std/option.rs" 530 4 530 26 let%span soption1 = "../../../creusot-contracts/src/std/option.rs" 522 12 523 96 - let%span sinvariant2 = "../../../creusot-contracts/src/invariant.rs" 24 8 24 18 use prelude.prelude.Borrow @@ -25860,37 +23539,6 @@ module M_creusot_contracts__stdqy35z1__option__qyi15411423289202690388__produces type t_Iter'0 = { t_Iter__inner'0: t_Item'0 } - predicate inv'4 [#"../../../creusot-contracts/src/invariant.rs" 41 0 41 35] (_1 : t_T'0) - - predicate invariant'0 [#"../../../creusot-contracts/src/invariant.rs" 23 4 23 30] (self : t_T'0) = - [%#sinvariant2] inv'4 self - - predicate inv'3 [#"../../../creusot-contracts/src/invariant.rs" 41 0 41 35] (_1 : t_T'0) - - axiom inv_axiom'3 [@rewrite] : forall x : t_T'0 [inv'3 x] . inv'3 x = invariant'0 x - - predicate inv'2 [#"../../../creusot-contracts/src/invariant.rs" 41 0 41 35] (_1 : t_Option'0) - - axiom inv_axiom'2 [@rewrite] : forall x : t_Option'0 [inv'2 x] . inv'2 x - = match x with - | C_None'0 -> true - | C_Some'0 a_0 -> inv'3 a_0 - end - - predicate inv'1 [#"../../../creusot-contracts/src/invariant.rs" 41 0 41 35] (_1 : t_Item'0) - - axiom inv_axiom'1 [@rewrite] : forall x : t_Item'0 [inv'1 x] . inv'1 x - = match x with - | {t_Item__opt'0 = opt} -> inv'2 opt - end - - predicate inv'0 [#"../../../creusot-contracts/src/invariant.rs" 41 0 41 35] (_1 : t_Iter'0) - - axiom inv_axiom'0 [@rewrite] : forall x : t_Iter'0 [inv'0 x] . inv'0 x - = match x with - | {t_Iter__inner'0 = inner} -> inv'1 inner - end - use seq.Seq use seq.Seq @@ -25905,14 +23553,12 @@ module M_creusot_contracts__stdqy35z1__option__qyi15411423289202690388__produces [%#soption1] visited = (Seq.empty : Seq.seq t_T'0) /\ self = o \/ (exists e : t_T'0 . view'0 self = C_Some'0 e /\ visited = Seq.singleton e /\ view'0 o = C_None'0) - goal refines : [%#soption0] forall self : t_Iter'0 . inv'0 self - -> (forall result : () . produces'0 self (Seq.empty : Seq.seq t_T'0) self - -> produces'0 self (Seq.empty : Seq.seq t_T'0) self) + goal refines : [%#soption0] forall self : t_Iter'0 . forall result : () . produces'0 self (Seq.empty : Seq.seq t_T'0) self + -> produces'0 self (Seq.empty : Seq.seq t_T'0) self end module M_creusot_contracts__stdqy35z1__option__qyi15411423289202690388__produces_trans__refines [#"../../../creusot-contracts/src/std/option.rs" 537 4 537 90] (* as std::iter::Iterator> *) let%span soption0 = "../../../creusot-contracts/src/std/option.rs" 537 4 537 90 let%span soption1 = "../../../creusot-contracts/src/std/option.rs" 522 12 523 96 - let%span sinvariant2 = "../../../creusot-contracts/src/invariant.rs" 24 8 24 18 use prelude.prelude.Borrow @@ -25942,48 +23588,16 @@ module M_creusot_contracts__stdqy35z1__option__qyi15411423289202690388__produces [%#soption1] visited = (Seq.empty : Seq.seq t_T'0) /\ self = o \/ (exists e : t_T'0 . view'0 self = C_Some'0 e /\ visited = Seq.singleton e /\ view'0 o = C_None'0) - predicate inv'4 [#"../../../creusot-contracts/src/invariant.rs" 41 0 41 35] (_1 : t_T'0) - - predicate invariant'0 [#"../../../creusot-contracts/src/invariant.rs" 23 4 23 30] (self : t_T'0) = - [%#sinvariant2] inv'4 self - - predicate inv'3 [#"../../../creusot-contracts/src/invariant.rs" 41 0 41 35] (_1 : t_T'0) - - axiom inv_axiom'3 [@rewrite] : forall x : t_T'0 [inv'3 x] . inv'3 x = invariant'0 x - - predicate inv'2 [#"../../../creusot-contracts/src/invariant.rs" 41 0 41 35] (_1 : t_Option'0) - - axiom inv_axiom'2 [@rewrite] : forall x : t_Option'0 [inv'2 x] . inv'2 x - = match x with - | C_None'0 -> true - | C_Some'0 a_0 -> inv'3 a_0 - end - - predicate inv'1 [#"../../../creusot-contracts/src/invariant.rs" 41 0 41 35] (_1 : t_Item'0) - - axiom inv_axiom'1 [@rewrite] : forall x : t_Item'0 [inv'1 x] . inv'1 x - = match x with - | {t_Item__opt'0 = opt} -> inv'2 opt - end - - predicate inv'0 [#"../../../creusot-contracts/src/invariant.rs" 41 0 41 35] (_1 : t_Iter'0) - - axiom inv_axiom'0 [@rewrite] : forall x : t_Iter'0 [inv'0 x] . inv'0 x - = match x with - | {t_Iter__inner'0 = inner} -> inv'1 inner - end - use seq.Seq goal refines : [%#soption0] forall a : t_Iter'0 . forall ab : Seq.seq t_T'0 . forall b : t_Iter'0 . forall bc : Seq.seq t_T'0 . forall c : t_Iter'0 . produces'0 b bc c - /\ produces'0 a ab b /\ inv'0 c /\ inv'0 b /\ inv'0 a + /\ produces'0 a ab b -> produces'0 b bc c /\ produces'0 a ab b /\ (forall result : () . produces'0 a (Seq.(++) ab bc) c -> produces'0 a (Seq.(++) ab bc) c) end module M_creusot_contracts__stdqy35z1__option__qyi6601631924869095363__produces_trans__refines [#"../../../creusot-contracts/src/std/option.rs" 593 4 593 90] (* as std::iter::Iterator> *) let%span soption0 = "../../../creusot-contracts/src/std/option.rs" 593 4 593 90 let%span soption1 = "../../../creusot-contracts/src/std/option.rs" 578 12 579 96 - let%span sinvariant2 = "../../../creusot-contracts/src/invariant.rs" 34 20 34 44 use prelude.prelude.Borrow @@ -26013,48 +23627,16 @@ module M_creusot_contracts__stdqy35z1__option__qyi6601631924869095363__produces_ [%#soption1] visited = (Seq.empty : Seq.seq (borrowed t_T'0)) /\ self = o \/ (exists e : borrowed t_T'0 . view'0 self = C_Some'0 e /\ visited = Seq.singleton e /\ view'0 o = C_None'0) - predicate inv'4 [#"../../../creusot-contracts/src/invariant.rs" 41 0 41 35] (_1 : t_T'0) - - predicate invariant'0 [#"../../../creusot-contracts/src/invariant.rs" 33 4 33 30] (self : borrowed t_T'0) = - [%#sinvariant2] inv'4 self.current /\ inv'4 self.final - - predicate inv'3 [#"../../../creusot-contracts/src/invariant.rs" 41 0 41 35] (_1 : borrowed t_T'0) - - axiom inv_axiom'3 [@rewrite] : forall x : borrowed t_T'0 [inv'3 x] . inv'3 x = invariant'0 x - - predicate inv'2 [#"../../../creusot-contracts/src/invariant.rs" 41 0 41 35] (_1 : t_Option'0) - - axiom inv_axiom'2 [@rewrite] : forall x : t_Option'0 [inv'2 x] . inv'2 x - = match x with - | C_None'0 -> true - | C_Some'0 a_0 -> inv'3 a_0 - end - - predicate inv'1 [#"../../../creusot-contracts/src/invariant.rs" 41 0 41 35] (_1 : t_Item'0) - - axiom inv_axiom'1 [@rewrite] : forall x : t_Item'0 [inv'1 x] . inv'1 x - = match x with - | {t_Item__opt'0 = opt} -> inv'2 opt - end - - predicate inv'0 [#"../../../creusot-contracts/src/invariant.rs" 41 0 41 35] (_1 : t_IterMut'0) - - axiom inv_axiom'0 [@rewrite] : forall x : t_IterMut'0 [inv'0 x] . inv'0 x - = match x with - | {t_IterMut__inner'0 = inner} -> inv'1 inner - end - use seq.Seq goal refines : [%#soption0] forall a : t_IterMut'0 . forall ab : Seq.seq (borrowed t_T'0) . forall b : t_IterMut'0 . forall bc : Seq.seq (borrowed t_T'0) . forall c : t_IterMut'0 . produces'0 b bc c - /\ produces'0 a ab b /\ inv'0 c /\ inv'0 b /\ inv'0 a + /\ produces'0 a ab b -> produces'0 b bc c /\ produces'0 a ab b /\ (forall result : () . produces'0 a (Seq.(++) ab bc) c -> produces'0 a (Seq.(++) ab bc) c) end module M_creusot_contracts__stdqy35z1__option__qyi6601631924869095363__produces_refl__refines [#"../../../creusot-contracts/src/std/option.rs" 586 4 586 26] (* as std::iter::Iterator> *) let%span soption0 = "../../../creusot-contracts/src/std/option.rs" 586 4 586 26 let%span soption1 = "../../../creusot-contracts/src/std/option.rs" 578 12 579 96 - let%span sinvariant2 = "../../../creusot-contracts/src/invariant.rs" 34 20 34 44 use prelude.prelude.Borrow @@ -26070,37 +23652,6 @@ module M_creusot_contracts__stdqy35z1__option__qyi6601631924869095363__produces_ type t_IterMut'0 = { t_IterMut__inner'0: t_Item'0 } - predicate inv'4 [#"../../../creusot-contracts/src/invariant.rs" 41 0 41 35] (_1 : t_T'0) - - predicate invariant'0 [#"../../../creusot-contracts/src/invariant.rs" 33 4 33 30] (self : borrowed t_T'0) = - [%#sinvariant2] inv'4 self.current /\ inv'4 self.final - - predicate inv'3 [#"../../../creusot-contracts/src/invariant.rs" 41 0 41 35] (_1 : borrowed t_T'0) - - axiom inv_axiom'3 [@rewrite] : forall x : borrowed t_T'0 [inv'3 x] . inv'3 x = invariant'0 x - - predicate inv'2 [#"../../../creusot-contracts/src/invariant.rs" 41 0 41 35] (_1 : t_Option'0) - - axiom inv_axiom'2 [@rewrite] : forall x : t_Option'0 [inv'2 x] . inv'2 x - = match x with - | C_None'0 -> true - | C_Some'0 a_0 -> inv'3 a_0 - end - - predicate inv'1 [#"../../../creusot-contracts/src/invariant.rs" 41 0 41 35] (_1 : t_Item'0) - - axiom inv_axiom'1 [@rewrite] : forall x : t_Item'0 [inv'1 x] . inv'1 x - = match x with - | {t_Item__opt'0 = opt} -> inv'2 opt - end - - predicate inv'0 [#"../../../creusot-contracts/src/invariant.rs" 41 0 41 35] (_1 : t_IterMut'0) - - axiom inv_axiom'0 [@rewrite] : forall x : t_IterMut'0 [inv'0 x] . inv'0 x - = match x with - | {t_IterMut__inner'0 = inner} -> inv'1 inner - end - use seq.Seq use seq.Seq @@ -26115,9 +23666,8 @@ module M_creusot_contracts__stdqy35z1__option__qyi6601631924869095363__produces_ [%#soption1] visited = (Seq.empty : Seq.seq (borrowed t_T'0)) /\ self = o \/ (exists e : borrowed t_T'0 . view'0 self = C_Some'0 e /\ visited = Seq.singleton e /\ view'0 o = C_None'0) - goal refines : [%#soption0] forall self : t_IterMut'0 . inv'0 self - -> (forall result : () . produces'0 self (Seq.empty : Seq.seq (borrowed t_T'0)) self - -> produces'0 self (Seq.empty : Seq.seq (borrowed t_T'0)) self) + goal refines : [%#soption0] forall self : t_IterMut'0 . forall result : () . produces'0 self (Seq.empty : Seq.seq (borrowed t_T'0)) self + -> produces'0 self (Seq.empty : Seq.seq (borrowed t_T'0)) self end module M_creusot_contracts__stdqy35z1__slice__qyi8256668011736225471__produces_trans__refines [#"../../../creusot-contracts/src/std/slice.rs" 419 4 419 90] (* as std::iter::Iterator> *) let%span sslice0 = "../../../creusot-contracts/src/std/slice.rs" 419 4 419 90 @@ -26195,12 +23745,8 @@ module M_creusot_contracts__stdqy35z1__slice__qyi8256668011736225471__produces_t = [%#sslice1] to_ref_seq'0 (view'0 self) = Seq.(++) visited (to_ref_seq'0 (view'0 tl)) - predicate inv'0 [#"../../../creusot-contracts/src/invariant.rs" 41 0 41 35] (_1 : t_Iter'0) - - axiom inv_axiom'0 [@rewrite] : forall x : t_Iter'0 [inv'0 x] . inv'0 x = true - goal refines : [%#sslice0] forall a : t_Iter'0 . forall ab : Seq.seq t_T'0 . forall b : t_Iter'0 . forall bc : Seq.seq t_T'0 . forall c : t_Iter'0 . produces'0 b bc c - /\ produces'0 a ab b /\ inv'0 c /\ inv'0 b /\ inv'0 a + /\ produces'0 a ab b -> produces'0 b bc c /\ produces'0 a ab b /\ (forall result : () . produces'0 a (Seq.(++) ab bc) c -> produces'0 a (Seq.(++) ab bc) c) end @@ -26222,10 +23768,6 @@ module M_creusot_contracts__stdqy35z1__slice__qyi8256668011736225471__produces_r type t_Iter'0 = { t_Iter__ptr'0: t_NonNull'0; t_Iter__end_or_len'0: opaque_ptr; t_Iter__qy95zmarker'0: () } - predicate inv'0 [#"../../../creusot-contracts/src/invariant.rs" 41 0 41 35] (_1 : t_Iter'0) - - axiom inv_axiom'0 [@rewrite] : forall x : t_Iter'0 [inv'0 x] . inv'0 x = true - use seq.Seq use prelude.prelude.Borrow @@ -26286,12 +23828,11 @@ module M_creusot_contracts__stdqy35z1__slice__qyi8256668011736225471__produces_r = [%#sslice1] to_ref_seq'0 (view'0 self) = Seq.(++) visited (to_ref_seq'0 (view'0 tl)) - goal refines : [%#sslice0] forall self : t_Iter'0 . inv'0 self - -> (forall result : () . produces'0 self (Seq.empty : Seq.seq t_T'0) self - -> produces'0 self (Seq.empty : Seq.seq t_T'0) self) + goal refines : [%#sslice0] forall self : t_Iter'0 . forall result : () . produces'0 self (Seq.empty : Seq.seq t_T'0) self + -> produces'0 self (Seq.empty : Seq.seq t_T'0) self end -module M_creusot_contracts__stdqy35z1__slice__qyi7128337469104663169__produces_refl__refines [#"../../../creusot-contracts/src/std/slice.rs" 467 4 467 26] (* as std::iter::Iterator> *) - let%span sslice0 = "../../../creusot-contracts/src/std/slice.rs" 467 4 467 26 +module M_creusot_contracts__stdqy35z1__slice__qyi7128337469104663169__produces_refl__refines [#"../../../creusot-contracts/src/std/slice.rs" 466 4 466 26] (* as std::iter::Iterator> *) + let%span sslice0 = "../../../creusot-contracts/src/std/slice.rs" 466 4 466 26 let%span sslice1 = "../../../creusot-contracts/src/std/slice.rs" 459 12 459 66 let%span sslice2 = "../../../creusot-contracts/src/std/slice.rs" 427 14 427 50 let%span sslice3 = "../../../creusot-contracts/src/std/slice.rs" 87 14 87 41 @@ -26309,10 +23850,6 @@ module M_creusot_contracts__stdqy35z1__slice__qyi7128337469104663169__produces_r type t_IterMut'0 = { t_IterMut__ptr'0: t_NonNull'0; t_IterMut__end_or_len'0: opaque_ptr; t_IterMut__qy95zmarker'0: () } - predicate inv'0 [#"../../../creusot-contracts/src/invariant.rs" 41 0 41 35] (_1 : t_IterMut'0) - - axiom inv_axiom'0 [@rewrite] : forall x : t_IterMut'0 [inv'0 x] . inv'0 x = true - use seq.Seq use prelude.prelude.Borrow @@ -26381,13 +23918,11 @@ module M_creusot_contracts__stdqy35z1__slice__qyi7128337469104663169__produces_r = [%#sslice1] to_mut_seq'0 (view'0 self) = Seq.(++) visited (to_mut_seq'0 (view'0 tl)) - goal refines : [%#sslice0] forall self : t_IterMut'0 . inv'0 self - -> inv'0 self - /\ (forall result : () . produces'0 self (Seq.empty : Seq.seq (borrowed t_T'0)) self - -> produces'0 self (Seq.empty : Seq.seq (borrowed t_T'0)) self) + goal refines : [%#sslice0] forall self : t_IterMut'0 . forall result : () . produces'0 self (Seq.empty : Seq.seq (borrowed t_T'0)) self + -> produces'0 self (Seq.empty : Seq.seq (borrowed t_T'0)) self end -module M_creusot_contracts__stdqy35z1__slice__qyi7128337469104663169__produces_trans__refines [#"../../../creusot-contracts/src/std/slice.rs" 477 4 477 90] (* as std::iter::Iterator> *) - let%span sslice0 = "../../../creusot-contracts/src/std/slice.rs" 477 4 477 90 +module M_creusot_contracts__stdqy35z1__slice__qyi7128337469104663169__produces_trans__refines [#"../../../creusot-contracts/src/std/slice.rs" 473 4 473 90] (* as std::iter::Iterator> *) + let%span sslice0 = "../../../creusot-contracts/src/std/slice.rs" 473 4 473 90 let%span sslice1 = "../../../creusot-contracts/src/std/slice.rs" 459 12 459 66 let%span sslice2 = "../../../creusot-contracts/src/std/slice.rs" 427 14 427 50 let%span sslice3 = "../../../creusot-contracts/src/std/slice.rs" 87 14 87 41 @@ -26471,16 +24006,10 @@ module M_creusot_contracts__stdqy35z1__slice__qyi7128337469104663169__produces_t = [%#sslice1] to_mut_seq'0 (view'0 self) = Seq.(++) visited (to_mut_seq'0 (view'0 tl)) - predicate inv'0 [#"../../../creusot-contracts/src/invariant.rs" 41 0 41 35] (_1 : t_IterMut'0) - - axiom inv_axiom'0 [@rewrite] : forall x : t_IterMut'0 [inv'0 x] . inv'0 x = true - goal refines : [%#sslice0] forall a : t_IterMut'0 . forall ab : Seq.seq (borrowed t_T'0) . forall b : t_IterMut'0 . forall bc : Seq.seq (borrowed t_T'0) . forall c : t_IterMut'0 . produces'0 b bc c - /\ produces'0 a ab b /\ inv'0 c /\ inv'0 b /\ inv'0 a - -> produces'0 b bc c /\ produces'0 a ab b - /\ inv'0 c - /\ inv'0 b /\ inv'0 a /\ (forall result : () . produces'0 a (Seq.(++) ab bc) c -> produces'0 a (Seq.(++) ab bc) c) + -> produces'0 b bc c + /\ produces'0 a ab b /\ (forall result : () . produces'0 a (Seq.(++) ab bc) c -> produces'0 a (Seq.(++) ab bc) c) end module M_creusot_contracts__stdqy35z1__vec__qyi12862303518309667396__produces_trans__refines [#"../../../creusot-contracts/src/std/vec.rs" 278 4 278 72] (* as std::iter::Iterator> *) let%span svec0 = "../../../creusot-contracts/src/std/vec.rs" 278 4 278 72 @@ -26519,24 +24048,8 @@ module M_creusot_contracts__stdqy35z1__vec__qyi12862303518309667396__produces_tr = [%#svec1] view'0 self = Seq.(++) visited (view'0 rhs) - predicate inv'2 [#"../../../creusot-contracts/src/invariant.rs" 41 0 41 35] (_1 : t_A'0) - - predicate inv'1 [#"../../../creusot-contracts/src/invariant.rs" 41 0 41 35] (_1 : t_ManuallyDrop'0) - - axiom inv_axiom'1 [@rewrite] : forall x : t_ManuallyDrop'0 [inv'1 x] . inv'1 x - = match x with - | {t_ManuallyDrop__value'0 = value} -> inv'2 value - end - - predicate inv'0 [#"../../../creusot-contracts/src/invariant.rs" 41 0 41 35] (_1 : t_IntoIter'0) - - axiom inv_axiom'0 [@rewrite] : forall x : t_IntoIter'0 [inv'0 x] . inv'0 x - = match x with - | {t_IntoIter__buf'0 = buf ; t_IntoIter__phantom'0 = phantom ; t_IntoIter__cap'0 = cap ; t_IntoIter__alloc'0 = alloc ; t_IntoIter__ptr'0 = ptr ; t_IntoIter__end'0 = end'} -> inv'1 alloc - end - goal refines : [%#svec0] forall a : t_IntoIter'0 . forall ab : Seq.seq t_T'0 . forall b : t_IntoIter'0 . forall bc : Seq.seq t_T'0 . forall c : t_IntoIter'0 . produces'0 b bc c - /\ produces'0 a ab b /\ inv'0 c /\ inv'0 b /\ inv'0 a + /\ produces'0 a ab b -> produces'0 b bc c /\ produces'0 a ab b /\ (forall result : () . produces'0 a (Seq.(++) ab bc) c -> produces'0 a (Seq.(++) ab bc) c) end @@ -26564,22 +24077,6 @@ module M_creusot_contracts__stdqy35z1__vec__qyi12862303518309667396__produces_re t_IntoIter__ptr'0: t_NonNull'0; t_IntoIter__end'0: opaque_ptr } - predicate inv'2 [#"../../../creusot-contracts/src/invariant.rs" 41 0 41 35] (_1 : t_A'0) - - predicate inv'1 [#"../../../creusot-contracts/src/invariant.rs" 41 0 41 35] (_1 : t_ManuallyDrop'0) - - axiom inv_axiom'1 [@rewrite] : forall x : t_ManuallyDrop'0 [inv'1 x] . inv'1 x - = match x with - | {t_ManuallyDrop__value'0 = value} -> inv'2 value - end - - predicate inv'0 [#"../../../creusot-contracts/src/invariant.rs" 41 0 41 35] (_1 : t_IntoIter'0) - - axiom inv_axiom'0 [@rewrite] : forall x : t_IntoIter'0 [inv'0 x] . inv'0 x - = match x with - | {t_IntoIter__buf'0 = buf ; t_IntoIter__phantom'0 = phantom ; t_IntoIter__cap'0 = cap ; t_IntoIter__alloc'0 = alloc ; t_IntoIter__ptr'0 = ptr ; t_IntoIter__end'0 = end'} -> inv'1 alloc - end - use seq.Seq type t_T'0 @@ -26595,38 +24092,26 @@ module M_creusot_contracts__stdqy35z1__vec__qyi12862303518309667396__produces_re = [%#svec1] view'0 self = Seq.(++) visited (view'0 rhs) - goal refines : [%#svec0] forall self : t_IntoIter'0 . inv'0 self - -> (forall result : () . produces'0 self (Seq.empty : Seq.seq t_T'0) self - -> produces'0 self (Seq.empty : Seq.seq t_T'0) self) + goal refines : [%#svec0] forall self : t_IntoIter'0 . forall result : () . produces'0 self (Seq.empty : Seq.seq t_T'0) self + -> produces'0 self (Seq.empty : Seq.seq t_T'0) self end -module M_creusot_contracts__stdqy35z1__iter__fuse__qyi7691061398646472980__is_fused__refines [#"../../../creusot-contracts/src/std/iter/fuse.rs" 76 4 76 62] (* as std::iter::fuse::FusedIterator> *) - let%span sfuse0 = "../../../creusot-contracts/src/std/iter/fuse.rs" 76 4 76 62 +module M_creusot_contracts__stdqy35z1__iter__fuse__qyi7691061398646472980__is_fused__refines [#"../../../creusot-contracts/src/std/iter/fuse.rs" 66 4 66 62] (* as std::iter::fuse::FusedIterator> *) + let%span sfuse0 = "../../../creusot-contracts/src/std/iter/fuse.rs" 66 4 66 62 let%span sfuse1 = "../../../creusot-contracts/src/std/iter/fuse.rs" 29 12 35 13 let%span sfuse2 = "../../../creusot-contracts/src/std/iter/fuse.rs" 20 12 21 28 - let%span sfuse3 = "../../../creusot-contracts/src/std/iter/fuse.rs" 41 15 41 24 - let%span sfuse4 = "../../../creusot-contracts/src/std/iter/fuse.rs" 42 14 42 45 - let%span sfuse5 = "../../../creusot-contracts/src/std/iter/fuse.rs" 39 4 39 10 - let%span sfuse6 = "../../../creusot-contracts/src/std/iter/fuse.rs" 47 15 47 21 - let%span sfuse7 = "../../../creusot-contracts/src/std/iter/fuse.rs" 48 15 48 21 - let%span sfuse8 = "../../../creusot-contracts/src/std/iter/fuse.rs" 49 15 49 21 - let%span sfuse9 = "../../../creusot-contracts/src/std/iter/fuse.rs" 50 15 50 32 - let%span sfuse10 = "../../../creusot-contracts/src/std/iter/fuse.rs" 51 15 51 32 - let%span sfuse11 = "../../../creusot-contracts/src/std/iter/fuse.rs" 52 14 52 42 - let%span sfuse12 = "../../../creusot-contracts/src/std/iter/fuse.rs" 45 4 45 10 - let%span sfuse13 = "../../../creusot-contracts/src/std/iter/fuse.rs" 8 14 8 39 - let%span sfuse14 = "../../../creusot-contracts/src/std/iter/fuse.rs" 9 14 9 71 - let%span smodel15 = "../../../creusot-contracts/src/model.rs" 106 8 106 22 - let%span siter16 = "../../../creusot-contracts/src/std/iter.rs" 38 15 38 24 - let%span siter17 = "../../../creusot-contracts/src/std/iter.rs" 39 14 39 45 - let%span siter18 = "../../../creusot-contracts/src/std/iter.rs" 43 15 43 21 - let%span siter19 = "../../../creusot-contracts/src/std/iter.rs" 44 15 44 21 - let%span siter20 = "../../../creusot-contracts/src/std/iter.rs" 45 15 45 21 - let%span siter21 = "../../../creusot-contracts/src/std/iter.rs" 46 15 46 32 - let%span siter22 = "../../../creusot-contracts/src/std/iter.rs" 47 15 47 32 - let%span siter23 = "../../../creusot-contracts/src/std/iter.rs" 48 14 48 42 - let%span sseq24 = "../../../creusot-contracts/src/logic/seq.rs" 611 20 611 95 - let%span sinvariant25 = "../../../creusot-contracts/src/invariant.rs" 34 20 34 44 - let%span sboxed26 = "../../../creusot-contracts/src/std/boxed.rs" 28 8 28 18 + let%span sfuse3 = "../../../creusot-contracts/src/std/iter/fuse.rs" 41 14 41 45 + let%span sfuse4 = "../../../creusot-contracts/src/std/iter/fuse.rs" 39 4 39 10 + let%span sfuse5 = "../../../creusot-contracts/src/std/iter/fuse.rs" 46 15 46 32 + let%span sfuse6 = "../../../creusot-contracts/src/std/iter/fuse.rs" 47 15 47 32 + let%span sfuse7 = "../../../creusot-contracts/src/std/iter/fuse.rs" 48 14 48 42 + let%span sfuse8 = "../../../creusot-contracts/src/std/iter/fuse.rs" 44 4 44 10 + let%span sfuse9 = "../../../creusot-contracts/src/std/iter/fuse.rs" 8 14 8 39 + let%span sfuse10 = "../../../creusot-contracts/src/std/iter/fuse.rs" 9 14 9 71 + let%span smodel11 = "../../../creusot-contracts/src/model.rs" 106 8 106 22 + let%span siter12 = "../../../creusot-contracts/src/std/iter.rs" 38 14 38 45 + let%span siter13 = "../../../creusot-contracts/src/std/iter.rs" 42 15 42 32 + let%span siter14 = "../../../creusot-contracts/src/std/iter.rs" 43 15 43 32 + let%span siter15 = "../../../creusot-contracts/src/std/iter.rs" 44 14 44 42 use prelude.prelude.Borrow @@ -26643,48 +24128,44 @@ module M_creusot_contracts__stdqy35z1__iter__fuse__qyi7691061398646472980__is_fu use seq.Seq - predicate inv'5 [#"../../../creusot-contracts/src/invariant.rs" 41 0 41 35] (_1 : t_I'0) + use seq.Seq + + use seq.Seq + + predicate inv'2 [#"../../../creusot-contracts/src/invariant.rs" 41 0 41 35] (_1 : t_I'0) - predicate inv'4 [#"../../../creusot-contracts/src/invariant.rs" 41 0 41 35] (_1 : t_Option'0) + predicate inv'1 [#"../../../creusot-contracts/src/invariant.rs" 41 0 41 35] (_1 : t_Option'0) - axiom inv_axiom'4 [@rewrite] : forall x : t_Option'0 [inv'4 x] . inv'4 x + axiom inv_axiom'1 [@rewrite] : forall x : t_Option'0 [inv'1 x] . inv'1 x = match x with | C_None'0 -> true - | C_Some'0 a_0 -> inv'5 a_0 + | C_Some'0 a_0 -> inv'2 a_0 end - predicate inv'1 [#"../../../creusot-contracts/src/invariant.rs" 41 0 41 35] (_1 : t_Fuse'0) + predicate inv'0 [#"../../../creusot-contracts/src/invariant.rs" 41 0 41 35] (_1 : t_Fuse'0) - axiom inv_axiom'1 [@rewrite] : forall x : t_Fuse'0 [inv'1 x] . inv'1 x + axiom inv_axiom'0 [@rewrite] : forall x : t_Fuse'0 [inv'0 x] . inv'0 x = match x with - | {t_Fuse__iter'0 = iter} -> inv'4 iter + | {t_Fuse__iter'0 = iter} -> inv'1 iter end - use seq.Seq - - use seq.Seq - function view'0 [#"../../../creusot-contracts/src/std/iter/fuse.rs" 10 4 10 30] (self : t_Fuse'0) : t_Option'0 - axiom view'0_spec : forall self : t_Fuse'0 . ([%#sfuse13] inv'1 self -> inv'4 (view'0 self)) - && ([%#sfuse14] forall other : t_Fuse'0 . view'0 self = view'0 other -> self = other) + axiom view'0_spec : forall self : t_Fuse'0 . ([%#sfuse9] inv'0 self -> inv'1 (view'0 self)) + && ([%#sfuse10] forall other : t_Fuse'0 . view'0 self = view'0 other -> self = other) predicate produces'1 [#"../../../creusot-contracts/src/std/iter.rs" 32 4 32 65] (self : t_I'0) (visited : Seq.seq t_Item'0) (o : t_I'0) - function produces_trans'1 [#"../../../creusot-contracts/src/std/iter.rs" 49 4 49 91] (a : t_I'0) (ab : Seq.seq t_Item'0) (b : t_I'0) (bc : Seq.seq t_Item'0) (c : t_I'0) : () + function produces_trans'1 [#"../../../creusot-contracts/src/std/iter.rs" 45 4 45 91] (a : t_I'0) (ab : Seq.seq t_Item'0) (b : t_I'0) (bc : Seq.seq t_Item'0) (c : t_I'0) : () - axiom produces_trans'1_spec : forall a : t_I'0, ab : Seq.seq t_Item'0, b : t_I'0, bc : Seq.seq t_Item'0, c : t_I'0 . ([%#siter18] inv'5 a) - -> ([%#siter19] inv'5 b) - -> ([%#siter20] inv'5 c) - -> ([%#siter21] produces'1 a ab b) - -> ([%#siter22] produces'1 b bc c) -> ([%#siter23] produces'1 a (Seq.(++) ab bc) c) + axiom produces_trans'1_spec : forall a : t_I'0, ab : Seq.seq t_Item'0, b : t_I'0, bc : Seq.seq t_Item'0, c : t_I'0 . ([%#siter13] produces'1 a ab b) + -> ([%#siter14] produces'1 b bc c) -> ([%#siter15] produces'1 a (Seq.(++) ab bc) c) - function produces_refl'1 [#"../../../creusot-contracts/src/std/iter.rs" 40 4 40 27] (self : t_I'0) : () + function produces_refl'1 [#"../../../creusot-contracts/src/std/iter.rs" 39 4 39 27] (self : t_I'0) : () - axiom produces_refl'1_spec : forall self : t_I'0 . ([%#siter16] inv'5 self) - -> ([%#siter17] produces'1 self (Seq.empty : Seq.seq t_Item'0) self) + axiom produces_refl'1_spec : forall self : t_I'0 . [%#siter12] produces'1 self (Seq.empty : Seq.seq t_Item'0) self predicate produces'0 [#"../../../creusot-contracts/src/std/iter/fuse.rs" 27 4 27 65] (self : t_Fuse'0) (prod : Seq.seq t_Item'0) (other : t_Fuse'0) @@ -26697,119 +24178,66 @@ module M_creusot_contracts__stdqy35z1__iter__fuse__qyi7691061398646472980__is_fu end end - function produces_trans'0 [#"../../../creusot-contracts/src/std/iter/fuse.rs" 53 4 53 90] (a : t_Fuse'0) (ab : Seq.seq t_Item'0) (b : t_Fuse'0) (bc : Seq.seq t_Item'0) (c : t_Fuse'0) : () + function produces_trans'0 [#"../../../creusot-contracts/src/std/iter/fuse.rs" 49 4 49 90] (a : t_Fuse'0) (ab : Seq.seq t_Item'0) (b : t_Fuse'0) (bc : Seq.seq t_Item'0) (c : t_Fuse'0) : () = - [%#sfuse12] () + [%#sfuse8] () - axiom produces_trans'0_spec : forall a : t_Fuse'0, ab : Seq.seq t_Item'0, b : t_Fuse'0, bc : Seq.seq t_Item'0, c : t_Fuse'0 . ([%#sfuse6] inv'1 a) - -> ([%#sfuse7] inv'1 b) - -> ([%#sfuse8] inv'1 c) - -> ([%#sfuse9] produces'0 a ab b) - -> ([%#sfuse10] produces'0 b bc c) -> ([%#sfuse11] produces'0 a (Seq.(++) ab bc) c) + axiom produces_trans'0_spec : forall a : t_Fuse'0, ab : Seq.seq t_Item'0, b : t_Fuse'0, bc : Seq.seq t_Item'0, c : t_Fuse'0 . ([%#sfuse5] produces'0 a ab b) + -> ([%#sfuse6] produces'0 b bc c) -> ([%#sfuse7] produces'0 a (Seq.(++) ab bc) c) - function produces_refl'0 [#"../../../creusot-contracts/src/std/iter/fuse.rs" 43 4 43 26] (self : t_Fuse'0) : () = - [%#sfuse5] () + function produces_refl'0 [#"../../../creusot-contracts/src/std/iter/fuse.rs" 42 4 42 26] (self : t_Fuse'0) : () = + [%#sfuse4] () - axiom produces_refl'0_spec : forall self : t_Fuse'0 . ([%#sfuse3] inv'1 self) - -> ([%#sfuse4] produces'0 self (Seq.empty : Seq.seq t_Item'0) self) + axiom produces_refl'0_spec : forall self : t_Fuse'0 . [%#sfuse3] produces'0 self (Seq.empty : Seq.seq t_Item'0) self function view'1 [#"../../../creusot-contracts/src/model.rs" 105 4 105 33] (self : borrowed (t_Fuse'0)) : t_Option'0 = - [%#smodel15] view'0 self.current - - predicate invariant'2 [#"../../../creusot-contracts/src/invariant.rs" 33 4 33 30] (self : borrowed t_I'0) = - [%#sinvariant25] inv'5 self.current /\ inv'5 self.final - - predicate inv'3 [#"../../../creusot-contracts/src/invariant.rs" 41 0 41 35] (_1 : borrowed t_I'0) - - axiom inv_axiom'3 [@rewrite] : forall x : borrowed t_I'0 [inv'3 x] . inv'3 x = invariant'2 x + [%#smodel11] view'0 self.current predicate completed'1 [#"../../../creusot-contracts/src/std/iter.rs" 35 4 35 36] (self : borrowed t_I'0) predicate completed'0 [#"../../../creusot-contracts/src/std/iter/fuse.rs" 18 4 18 35] (self : borrowed (t_Fuse'0)) = [%#sfuse2] (view'1 self = C_None'0 - \/ (exists it : borrowed t_I'0 . inv'3 it /\ completed'1 it /\ view'1 self = C_Some'0 (it.current))) + \/ (exists it : borrowed t_I'0 . completed'1 it /\ view'1 self = C_Some'0 (it.current))) /\ view'0 self.final = C_None'0 - use prelude.prelude.Int - - use seq.Seq - - use seq.Seq - - predicate inv'7 [#"../../../creusot-contracts/src/invariant.rs" 41 0 41 35] (_1 : t_Item'0) - - predicate invariant'3 [#"../../../creusot-contracts/src/std/boxed.rs" 27 4 27 30] (self : t_Item'0) = - [%#sboxed26] inv'7 self - - predicate inv'6 [#"../../../creusot-contracts/src/invariant.rs" 41 0 41 35] (_1 : t_Item'0) - - axiom inv_axiom'5 [@rewrite] : forall x : t_Item'0 [inv'6 x] . inv'6 x = invariant'3 x - - predicate invariant'0 [#"../../../creusot-contracts/src/logic/seq.rs" 610 4 610 30] (self : Seq.seq t_Item'0) = - [%#sseq24] forall i : int . 0 <= i /\ i < Seq.length self -> inv'6 (Seq.get self i) - - predicate inv'0 [#"../../../creusot-contracts/src/invariant.rs" 41 0 41 35] (_1 : Seq.seq t_Item'0) - - axiom inv_axiom'0 [@rewrite] : forall x : Seq.seq t_Item'0 [inv'0 x] . inv'0 x = invariant'0 x - - predicate invariant'1 [#"../../../creusot-contracts/src/invariant.rs" 33 4 33 30] (self : borrowed (t_Fuse'0)) = - [%#sinvariant25] inv'1 self.current /\ inv'1 self.final - - predicate inv'2 [#"../../../creusot-contracts/src/invariant.rs" 41 0 41 35] (_1 : borrowed (t_Fuse'0)) - - axiom inv_axiom'2 [@rewrite] : forall x : borrowed (t_Fuse'0) [inv'2 x] . inv'2 x = invariant'1 x - goal refines : [%#sfuse0] forall self : borrowed (t_Fuse'0) . forall steps : Seq.seq t_Item'0 . forall next : t_Fuse'0 . produces'0 self.final steps next - /\ completed'0 self /\ inv'0 steps /\ inv'1 next /\ inv'2 self + /\ completed'0 self -> produces'0 self.final steps next /\ completed'0 self - /\ inv'0 steps - /\ inv'1 next - /\ inv'2 self /\ (forall result : () . steps = (Seq.empty : Seq.seq t_Item'0) /\ self.final = next -> steps = (Seq.empty : Seq.seq t_Item'0) /\ self.final = next) end -module M_creusot_contracts__stdqy35z1__iter__map_inv__qyi4413682431414748756__next__refines [#"../../../creusot-contracts/src/std/iter/map_inv.rs" 96 4 96 44] (* ::Item, F> as std::iter::Iterator> *) - let%span smap_inv0 = "../../../creusot-contracts/src/std/iter/map_inv.rs" 96 4 96 44 +module M_creusot_contracts__stdqy35z1__iter__map_inv__qyi4413682431414748756__next__refines [#"../../../creusot-contracts/src/std/iter/map_inv.rs" 90 4 90 44] (* ::Item, F> as std::iter::Iterator> *) + let%span smap_inv0 = "../../../creusot-contracts/src/std/iter/map_inv.rs" 90 4 90 44 let%span smap_inv1 = "../../../creusot-contracts/src/std/iter/map_inv.rs" 15 8 18 9 - let%span smap_inv2 = "../../../creusot-contracts/src/std/iter/map_inv.rs" 191 14 191 68 - let%span smap_inv3 = "../../../creusot-contracts/src/std/iter/map_inv.rs" 194 12 199 74 - let%span smap_inv4 = "../../../creusot-contracts/src/std/iter/map_inv.rs" 41 8 54 9 - let%span smap_inv5 = "../../../creusot-contracts/src/std/iter/map_inv.rs" 23 15 23 24 - let%span smap_inv6 = "../../../creusot-contracts/src/std/iter/map_inv.rs" 24 14 24 45 - let%span smap_inv7 = "../../../creusot-contracts/src/std/iter/map_inv.rs" 21 4 21 10 - let%span smap_inv8 = "../../../creusot-contracts/src/std/iter/map_inv.rs" 29 15 29 21 - let%span smap_inv9 = "../../../creusot-contracts/src/std/iter/map_inv.rs" 30 15 30 21 - let%span smap_inv10 = "../../../creusot-contracts/src/std/iter/map_inv.rs" 31 15 31 21 - let%span smap_inv11 = "../../../creusot-contracts/src/std/iter/map_inv.rs" 32 15 32 32 - let%span smap_inv12 = "../../../creusot-contracts/src/std/iter/map_inv.rs" 33 15 33 32 - let%span smap_inv13 = "../../../creusot-contracts/src/std/iter/map_inv.rs" 34 14 34 42 - let%span smap_inv14 = "../../../creusot-contracts/src/std/iter/map_inv.rs" 27 4 27 10 - let%span sinvariant15 = "../../../creusot-contracts/src/invariant.rs" 34 20 34 44 - let%span siter16 = "../../../creusot-contracts/src/std/iter.rs" 38 15 38 24 - let%span siter17 = "../../../creusot-contracts/src/std/iter.rs" 39 14 39 45 - let%span siter18 = "../../../creusot-contracts/src/std/iter.rs" 43 15 43 21 - let%span siter19 = "../../../creusot-contracts/src/std/iter.rs" 44 15 44 21 - let%span siter20 = "../../../creusot-contracts/src/std/iter.rs" 45 15 45 21 - let%span siter21 = "../../../creusot-contracts/src/std/iter.rs" 46 15 46 32 - let%span siter22 = "../../../creusot-contracts/src/std/iter.rs" 47 15 47 32 - let%span siter23 = "../../../creusot-contracts/src/std/iter.rs" 48 14 48 42 - let%span sops24 = "../../../creusot-contracts/src/std/ops.rs" 109 15 109 59 - let%span sops25 = "../../../creusot-contracts/src/std/ops.rs" 110 14 110 36 - let%span sops26 = "../../../creusot-contracts/src/std/ops.rs" 115 14 115 31 - let%span sops27 = "../../../creusot-contracts/src/std/ops.rs" 120 15 120 29 - let%span sops28 = "../../../creusot-contracts/src/std/ops.rs" 121 15 121 26 - let%span sops29 = "../../../creusot-contracts/src/std/ops.rs" 122 14 122 28 - let%span sops30 = "../../../creusot-contracts/src/std/ops.rs" 127 14 128 105 - let%span sseq31 = "../../../creusot-contracts/src/logic/seq.rs" 611 20 611 95 - let%span smap_inv32 = "../../../creusot-contracts/src/std/iter/map_inv.rs" 80 12 82 73 - let%span smap_inv33 = "../../../creusot-contracts/src/std/iter/map_inv.rs" 159 12 163 47 - let%span smap_inv34 = "../../../creusot-contracts/src/std/iter/map_inv.rs" 130 14 130 81 - let%span smap_inv35 = "../../../creusot-contracts/src/std/iter/map_inv.rs" 133 12 138 88 - let%span smap_inv36 = "../../../creusot-contracts/src/std/iter/map_inv.rs" 123 12 125 63 - let%span smap_inv37 = "../../../creusot-contracts/src/std/iter/map_inv.rs" 146 12 151 71 - let%span sboxed38 = "../../../creusot-contracts/src/std/boxed.rs" 28 8 28 18 + let%span smap_inv2 = "../../../creusot-contracts/src/std/iter/map_inv.rs" 179 14 179 68 + let%span smap_inv3 = "../../../creusot-contracts/src/std/iter/map_inv.rs" 182 12 187 74 + let%span smap_inv4 = "../../../creusot-contracts/src/std/iter/map_inv.rs" 37 8 49 9 + let%span smap_inv5 = "../../../creusot-contracts/src/std/iter/map_inv.rs" 23 14 23 45 + let%span smap_inv6 = "../../../creusot-contracts/src/std/iter/map_inv.rs" 21 4 21 10 + let%span smap_inv7 = "../../../creusot-contracts/src/std/iter/map_inv.rs" 28 15 28 32 + let%span smap_inv8 = "../../../creusot-contracts/src/std/iter/map_inv.rs" 29 15 29 32 + let%span smap_inv9 = "../../../creusot-contracts/src/std/iter/map_inv.rs" 30 14 30 42 + let%span smap_inv10 = "../../../creusot-contracts/src/std/iter/map_inv.rs" 26 4 26 10 + let%span sinvariant11 = "../../../creusot-contracts/src/invariant.rs" 34 20 34 44 + let%span siter12 = "../../../creusot-contracts/src/std/iter.rs" 38 14 38 45 + let%span siter13 = "../../../creusot-contracts/src/std/iter.rs" 42 15 42 32 + let%span siter14 = "../../../creusot-contracts/src/std/iter.rs" 43 15 43 32 + let%span siter15 = "../../../creusot-contracts/src/std/iter.rs" 44 14 44 42 + let%span sops16 = "../../../creusot-contracts/src/std/ops.rs" 109 15 109 59 + let%span sops17 = "../../../creusot-contracts/src/std/ops.rs" 110 14 110 36 + let%span sops18 = "../../../creusot-contracts/src/std/ops.rs" 115 14 115 31 + let%span sops19 = "../../../creusot-contracts/src/std/ops.rs" 120 15 120 29 + let%span sops20 = "../../../creusot-contracts/src/std/ops.rs" 121 15 121 26 + let%span sops21 = "../../../creusot-contracts/src/std/ops.rs" 122 14 122 28 + let%span sops22 = "../../../creusot-contracts/src/std/ops.rs" 127 14 128 105 + let%span smap_inv23 = "../../../creusot-contracts/src/std/iter/map_inv.rs" 74 12 76 73 + let%span smap_inv24 = "../../../creusot-contracts/src/std/iter/map_inv.rs" 153 12 156 47 + let%span smap_inv25 = "../../../creusot-contracts/src/std/iter/map_inv.rs" 124 14 124 81 + let%span smap_inv26 = "../../../creusot-contracts/src/std/iter/map_inv.rs" 127 12 132 88 + let%span smap_inv27 = "../../../creusot-contracts/src/std/iter/map_inv.rs" 117 12 119 63 + let%span smap_inv28 = "../../../creusot-contracts/src/std/iter/map_inv.rs" 140 12 145 71 use prelude.prelude.Borrow @@ -26826,17 +24254,6 @@ module M_creusot_contracts__stdqy35z1__iter__map_inv__qyi4413682431414748756__ne type t_MapInv'0 = { t_MapInv__iter'0: t_I'0; t_MapInv__func'0: t_F'0; t_MapInv__produced'0: Snapshot.snap_ty (Seq.seq t_Item'0) } - predicate inv'8 [#"../../../creusot-contracts/src/invariant.rs" 41 0 41 35] (_1 : t_I'0) - - predicate invariant'7 [#"../../../creusot-contracts/src/invariant.rs" 33 4 33 30] (self : borrowed t_I'0) = - [%#sinvariant15] inv'8 self.current /\ inv'8 self.final - - predicate inv'12 [#"../../../creusot-contracts/src/invariant.rs" 41 0 41 35] (_1 : borrowed t_I'0) - - axiom inv_axiom'8 [@rewrite] : forall x : borrowed t_I'0 [inv'12 x] . inv'12 x = invariant'7 x - - predicate inv'9 [#"../../../creusot-contracts/src/invariant.rs" 41 0 41 35] (_1 : t_F'0) - use seq.Seq use seq.Seq @@ -26844,24 +24261,18 @@ module M_creusot_contracts__stdqy35z1__iter__map_inv__qyi4413682431414748756__ne predicate produces'1 [#"../../../creusot-contracts/src/std/iter.rs" 32 4 32 65] (self : t_I'0) (visited : Seq.seq t_Item'0) (o : t_I'0) - function produces_trans'1 [#"../../../creusot-contracts/src/std/iter.rs" 49 4 49 91] (a : t_I'0) (ab : Seq.seq t_Item'0) (b : t_I'0) (bc : Seq.seq t_Item'0) (c : t_I'0) : () + function produces_trans'1 [#"../../../creusot-contracts/src/std/iter.rs" 45 4 45 91] (a : t_I'0) (ab : Seq.seq t_Item'0) (b : t_I'0) (bc : Seq.seq t_Item'0) (c : t_I'0) : () - axiom produces_trans'1_spec : forall a : t_I'0, ab : Seq.seq t_Item'0, b : t_I'0, bc : Seq.seq t_Item'0, c : t_I'0 . ([%#siter18] inv'8 a) - -> ([%#siter19] inv'8 b) - -> ([%#siter20] inv'8 c) - -> ([%#siter21] produces'1 a ab b) - -> ([%#siter22] produces'1 b bc c) -> ([%#siter23] produces'1 a (Seq.(++) ab bc) c) + axiom produces_trans'1_spec : forall a : t_I'0, ab : Seq.seq t_Item'0, b : t_I'0, bc : Seq.seq t_Item'0, c : t_I'0 . ([%#siter13] produces'1 a ab b) + -> ([%#siter14] produces'1 b bc c) -> ([%#siter15] produces'1 a (Seq.(++) ab bc) c) - function produces_refl'1 [#"../../../creusot-contracts/src/std/iter.rs" 40 4 40 27] (self : t_I'0) : () + function produces_refl'1 [#"../../../creusot-contracts/src/std/iter.rs" 39 4 39 27] (self : t_I'0) : () - axiom produces_refl'1_spec : forall self : t_I'0 . ([%#siter16] inv'8 self) - -> ([%#siter17] produces'1 self (Seq.empty : Seq.seq t_Item'0) self) + axiom produces_refl'1_spec : forall self : t_I'0 . [%#siter12] produces'1 self (Seq.empty : Seq.seq t_Item'0) self predicate completed'1 [#"../../../creusot-contracts/src/std/iter.rs" 35 4 35 36] (self : borrowed t_I'0) - predicate inv'3 [#"../../../creusot-contracts/src/invariant.rs" 41 0 41 35] (_1 : t_Item'0) - use seq.Seq use prelude.prelude.Snapshot @@ -26869,43 +24280,14 @@ module M_creusot_contracts__stdqy35z1__iter__map_inv__qyi4413682431414748756__ne predicate precondition'0 [#"../../../creusot-contracts/src/std/ops.rs" 77 4 77 45] (self : t_F'0) (args : (t_Item'0, Snapshot.snap_ty (Seq.seq t_Item'0))) - predicate next_precondition'0 [#"../../../creusot-contracts/src/std/iter/map_inv.rs" 121 4 121 78] (iter : t_I'0) (func : t_F'0) (produced : Seq.seq t_Item'0) + predicate next_precondition'0 [#"../../../creusot-contracts/src/std/iter/map_inv.rs" 115 4 115 78] (iter : t_I'0) (func : t_F'0) (produced : Seq.seq t_Item'0) = - [%#smap_inv36] forall e : t_Item'0, i : t_I'0 . inv'3 e /\ inv'8 i /\ produces'1 iter (Seq.singleton e) i + [%#smap_inv27] forall e : t_Item'0, i : t_I'0 . produces'1 iter (Seq.singleton e) i -> precondition'0 func (e, Snapshot.new produced) type t_B'0 - use prelude.prelude.Int - - use seq.Seq - - use seq.Seq - - predicate invariant'6 [#"../../../creusot-contracts/src/std/boxed.rs" 27 4 27 30] (self : t_Item'0) = - [%#sboxed38] inv'3 self - - predicate inv'11 [#"../../../creusot-contracts/src/invariant.rs" 41 0 41 35] (_1 : t_Item'0) - - axiom inv_axiom'7 [@rewrite] : forall x : t_Item'0 [inv'11 x] . inv'11 x = invariant'6 x - - predicate invariant'3 [#"../../../creusot-contracts/src/logic/seq.rs" 610 4 610 30] (self : Seq.seq t_Item'0) = - [%#sseq31] forall i : int . 0 <= i /\ i < Seq.length self -> inv'11 (Seq.get self i) - - predicate inv'5 [#"../../../creusot-contracts/src/invariant.rs" 41 0 41 35] (_1 : Seq.seq t_Item'0) - - axiom inv_axiom'4 [@rewrite] : forall x : Seq.seq t_Item'0 [inv'5 x] . inv'5 x = invariant'3 x - - predicate invariant'1 [#"../../../creusot-contracts/src/invariant.rs" 33 4 33 30] (self : borrowed t_F'0) = - [%#sinvariant15] inv'9 self.current /\ inv'9 self.final - - predicate inv'2 [#"../../../creusot-contracts/src/invariant.rs" 41 0 41 35] (_1 : borrowed t_F'0) - - axiom inv_axiom'2 [@rewrite] : forall x : borrowed t_F'0 [inv'2 x] . inv'2 x = invariant'1 x - - predicate inv'7 [#"../../../creusot-contracts/src/invariant.rs" 41 0 41 35] (_1 : t_B'0) - predicate postcondition_once'0 [#"../../../creusot-contracts/src/std/ops.rs" 85 4 85 73] (self : t_F'0) (args : (t_Item'0, Snapshot.snap_ty (Seq.seq t_Item'0))) (result : t_B'0) @@ -26917,7 +24299,7 @@ module M_creusot_contracts__stdqy35z1__iter__map_inv__qyi4413682431414748756__ne function fn_mut_once'0 [#"../../../creusot-contracts/src/std/ops.rs" 129 4 129 55] (self : t_F'0) (args : (t_Item'0, Snapshot.snap_ty (Seq.seq t_Item'0))) (res : t_B'0) : () - axiom fn_mut_once'0_spec : forall self : t_F'0, args : (t_Item'0, Snapshot.snap_ty (Seq.seq t_Item'0)), res : t_B'0 . [%#sops30] postcondition_once'0 self args res + axiom fn_mut_once'0_spec : forall self : t_F'0, args : (t_Item'0, Snapshot.snap_ty (Seq.seq t_Item'0)), res : t_B'0 . [%#sops22] postcondition_once'0 self args res = (exists res_state : t_F'0 . postcondition_mut'0 self args res_state res /\ resolve'0 res_state) predicate unnest'0 [#"../../../creusot-contracts/src/std/ops.rs" 103 4 103 36] (self : t_F'0) (_2 : t_F'0) @@ -26925,66 +24307,67 @@ module M_creusot_contracts__stdqy35z1__iter__map_inv__qyi4413682431414748756__ne function unnest_trans'0 [#"../../../creusot-contracts/src/std/ops.rs" 123 4 123 43] (self : t_F'0) (b : t_F'0) (c : t_F'0) : () - axiom unnest_trans'0_spec : forall self : t_F'0, b : t_F'0, c : t_F'0 . ([%#sops27] unnest'0 self b) - -> ([%#sops28] unnest'0 b c) -> ([%#sops29] unnest'0 self c) + axiom unnest_trans'0_spec : forall self : t_F'0, b : t_F'0, c : t_F'0 . ([%#sops19] unnest'0 self b) + -> ([%#sops20] unnest'0 b c) -> ([%#sops21] unnest'0 self c) function unnest_refl'0 [#"../../../creusot-contracts/src/std/ops.rs" 116 4 116 24] (self : t_F'0) : () - axiom unnest_refl'0_spec : forall self : t_F'0 . [%#sops26] unnest'0 self self + axiom unnest_refl'0_spec : forall self : t_F'0 . [%#sops18] unnest'0 self self function postcondition_mut_unnest'0 [#"../../../creusot-contracts/src/std/ops.rs" 111 4 111 85] (self : t_F'0) (args : (t_Item'0, Snapshot.snap_ty (Seq.seq t_Item'0))) (res_state : t_F'0) (res : t_B'0) : () - axiom postcondition_mut_unnest'0_spec : forall self : t_F'0, args : (t_Item'0, Snapshot.snap_ty (Seq.seq t_Item'0)), res_state : t_F'0, res : t_B'0 . ([%#sops24] postcondition_mut'0 self args res_state res) - -> ([%#sops25] unnest'0 self res_state) + axiom postcondition_mut_unnest'0_spec : forall self : t_F'0, args : (t_Item'0, Snapshot.snap_ty (Seq.seq t_Item'0)), res_state : t_F'0, res : t_B'0 . ([%#sops16] postcondition_mut'0 self args res_state res) + -> ([%#sops17] unnest'0 self res_state) use seq.Seq - predicate preservation'0 [#"../../../creusot-contracts/src/std/iter/map_inv.rs" 144 4 144 49] (iter : t_I'0) (func : t_F'0) + predicate preservation'0 [#"../../../creusot-contracts/src/std/iter/map_inv.rs" 138 4 138 49] (iter : t_I'0) (func : t_F'0) = - [%#smap_inv37] forall s : Seq.seq t_Item'0, e1 : t_Item'0, e2 : t_Item'0, f : borrowed t_F'0, b : t_B'0, i : t_I'0 . inv'5 s - /\ inv'3 e1 /\ inv'3 e2 /\ inv'2 f /\ inv'7 b /\ inv'8 i /\ unnest'0 func f.current + [%#smap_inv28] forall s : Seq.seq t_Item'0, e1 : t_Item'0, e2 : t_Item'0, f : borrowed t_F'0, b : t_B'0, i : t_I'0 . unnest'0 func f.current -> produces'1 iter (Seq.snoc (Seq.snoc s e1) e2) i -> precondition'0 f.current (e1, Snapshot.new s) -> postcondition_mut'0 f.current (e1, Snapshot.new s) f.final b -> precondition'0 f.final (e2, Snapshot.new (Seq.snoc s e1)) - predicate reinitialize'0 [#"../../../creusot-contracts/src/std/iter/map_inv.rs" 157 4 157 33] (_1 : ()) = - [%#smap_inv33] forall iter : borrowed t_I'0, func : t_F'0 . inv'12 iter /\ inv'9 func - -> completed'1 iter + predicate reinitialize'0 [#"../../../creusot-contracts/src/std/iter/map_inv.rs" 151 4 151 33] (_1 : ()) = + [%#smap_inv24] forall iter : borrowed t_I'0, func : t_F'0 . completed'1 iter -> next_precondition'0 iter.final func (Seq.empty : Seq.seq t_Item'0) /\ preservation'0 iter.final func use prelude.prelude.Snapshot - predicate preservation_inv'0 [#"../../../creusot-contracts/src/std/iter/map_inv.rs" 131 4 131 73] (iter : t_I'0) (func : t_F'0) (produced : Seq.seq t_Item'0) + predicate preservation_inv'0 [#"../../../creusot-contracts/src/std/iter/map_inv.rs" 125 4 125 73] (iter : t_I'0) (func : t_F'0) (produced : Seq.seq t_Item'0) = - [%#smap_inv35] forall s : Seq.seq t_Item'0, e1 : t_Item'0, e2 : t_Item'0, f : borrowed t_F'0, b : t_B'0, i : t_I'0 . inv'5 s - /\ inv'3 e1 /\ inv'3 e2 /\ inv'2 f /\ inv'7 b /\ inv'8 i /\ unnest'0 func f.current + [%#smap_inv26] forall s : Seq.seq t_Item'0, e1 : t_Item'0, e2 : t_Item'0, f : borrowed t_F'0, b : t_B'0, i : t_I'0 . unnest'0 func f.current -> produces'1 iter (Seq.snoc (Seq.snoc s e1) e2) i -> precondition'0 f.current (e1, Snapshot.new (Seq.(++) produced s)) -> postcondition_mut'0 f.current (e1, Snapshot.new (Seq.(++) produced s)) f.final b -> precondition'0 f.final (e2, Snapshot.new (Seq.snoc (Seq.(++) produced s) e1)) - axiom preservation_inv'0_spec : forall iter : t_I'0, func : t_F'0, produced : Seq.seq t_Item'0 . [%#smap_inv34] produced + axiom preservation_inv'0_spec : forall iter : t_I'0, func : t_F'0, produced : Seq.seq t_Item'0 . [%#smap_inv25] produced = (Seq.empty : Seq.seq t_Item'0) -> preservation_inv'0 iter func produced = preservation'0 iter func - predicate invariant'4 [#"../../../creusot-contracts/src/std/iter/map_inv.rs" 78 4 78 30] (self : t_MapInv'0) = - [%#smap_inv32] reinitialize'0 () + predicate invariant'1 [#"../../../creusot-contracts/src/std/iter/map_inv.rs" 72 4 72 30] (self : t_MapInv'0) = + [%#smap_inv23] reinitialize'0 () /\ preservation_inv'0 self.t_MapInv__iter'0 self.t_MapInv__func'0 (Snapshot.inner self.t_MapInv__produced'0) /\ next_precondition'0 self.t_MapInv__iter'0 self.t_MapInv__func'0 (Snapshot.inner self.t_MapInv__produced'0) - predicate inv'6 [#"../../../creusot-contracts/src/invariant.rs" 41 0 41 35] (_1 : t_MapInv'0) + predicate inv'4 [#"../../../creusot-contracts/src/invariant.rs" 41 0 41 35] (_1 : t_I'0) + + predicate inv'5 [#"../../../creusot-contracts/src/invariant.rs" 41 0 41 35] (_1 : t_F'0) - axiom inv_axiom'5 [@rewrite] : forall x : t_MapInv'0 [inv'6 x] . inv'6 x - = (invariant'4 x + predicate inv'3 [#"../../../creusot-contracts/src/invariant.rs" 41 0 41 35] (_1 : t_MapInv'0) + + axiom inv_axiom'2 [@rewrite] : forall x : t_MapInv'0 [inv'3 x] . inv'3 x + = (invariant'1 x /\ match x with - | {t_MapInv__iter'0 = iter ; t_MapInv__func'0 = func ; t_MapInv__produced'0 = produced} -> inv'8 iter /\ inv'9 func + | {t_MapInv__iter'0 = iter ; t_MapInv__func'0 = func ; t_MapInv__produced'0 = produced} -> inv'4 iter /\ inv'5 func end) predicate invariant'0 [#"../../../creusot-contracts/src/invariant.rs" 33 4 33 30] (self : borrowed (t_MapInv'0)) = - [%#sinvariant15] inv'6 self.current /\ inv'6 self.final + [%#sinvariant11] inv'3 self.current /\ inv'3 self.final predicate inv'0 [#"../../../creusot-contracts/src/invariant.rs" 41 0 41 35] (_1 : borrowed (t_MapInv'0)) @@ -27002,25 +24385,12 @@ module M_creusot_contracts__stdqy35z1__iter__map_inv__qyi4413682431414748756__ne use seq.Seq - predicate invariant'5 [#"../../../creusot-contracts/src/std/boxed.rs" 27 4 27 30] (self : borrowed t_F'0) = - [%#sboxed38] inv'2 self - - predicate inv'10 [#"../../../creusot-contracts/src/invariant.rs" 41 0 41 35] (_1 : borrowed t_F'0) - - axiom inv_axiom'6 [@rewrite] : forall x : borrowed t_F'0 [inv'10 x] . inv'10 x = invariant'5 x - - predicate invariant'2 [#"../../../creusot-contracts/src/logic/seq.rs" 610 4 610 30] (self : Seq.seq (borrowed t_F'0)) - = - [%#sseq31] forall i : int . 0 <= i /\ i < Seq.length self -> inv'10 (Seq.get self i) - - predicate inv'4 [#"../../../creusot-contracts/src/invariant.rs" 41 0 41 35] (_1 : Seq.seq (borrowed t_F'0)) - - axiom inv_axiom'3 [@rewrite] : forall x : Seq.seq (borrowed t_F'0) [inv'4 x] . inv'4 x = invariant'2 x - use seq.Seq use prelude.prelude.Snapshot + use prelude.prelude.Int + use seq.Seq use seq.Seq @@ -27033,14 +24403,12 @@ module M_creusot_contracts__stdqy35z1__iter__map_inv__qyi4413682431414748756__ne use seq.Seq - predicate produces'0 [@inline:trivial] [#"../../../creusot-contracts/src/std/iter/map_inv.rs" 40 4 40 67] (self : t_MapInv'0) (visited : Seq.seq t_B'0) (succ : t_MapInv'0) + predicate produces'0 [@inline:trivial] [#"../../../creusot-contracts/src/std/iter/map_inv.rs" 36 4 36 67] (self : t_MapInv'0) (visited : Seq.seq t_B'0) (succ : t_MapInv'0) = [%#smap_inv4] unnest'0 self.t_MapInv__func'0 succ.t_MapInv__func'0 - /\ (exists fs : Seq.seq (borrowed t_F'0) . inv'4 fs - /\ Seq.length fs = Seq.length visited - /\ (exists s : Seq.seq t_Item'0 . inv'5 s - /\ Seq.length s = Seq.length visited + /\ (exists fs : Seq.seq (borrowed t_F'0) . Seq.length fs = Seq.length visited + /\ (exists s : Seq.seq t_Item'0 . Seq.length s = Seq.length visited /\ produces'1 self.t_MapInv__iter'0 s succ.t_MapInv__iter'0 /\ Snapshot.inner succ.t_MapInv__produced'0 = Seq.(++) (Snapshot.inner self.t_MapInv__produced'0) s /\ (forall i : int . 1 <= i /\ i < Seq.length fs -> (Seq.get fs (i - 1)).final = (Seq.get fs i).current) @@ -27055,22 +24423,18 @@ module M_creusot_contracts__stdqy35z1__iter__map_inv__qyi4413682431414748756__ne /\ precondition'0 (Seq.get fs i).current (Seq.get s i, Snapshot.new (Seq.(++) (Snapshot.inner self.t_MapInv__produced'0) (Seq.([..]) s 0 i))) /\ postcondition_mut'0 (Seq.get fs i).current (Seq.get s i, Snapshot.new (Seq.(++) (Snapshot.inner self.t_MapInv__produced'0) (Seq.([..]) s 0 i))) (Seq.get fs i).final (Seq.get visited i)))) - function produces_trans'0 [#"../../../creusot-contracts/src/std/iter/map_inv.rs" 35 4 35 90] (a : t_MapInv'0) (ab : Seq.seq t_B'0) (b : t_MapInv'0) (bc : Seq.seq t_B'0) (c : t_MapInv'0) : () + function produces_trans'0 [#"../../../creusot-contracts/src/std/iter/map_inv.rs" 31 4 31 90] (a : t_MapInv'0) (ab : Seq.seq t_B'0) (b : t_MapInv'0) (bc : Seq.seq t_B'0) (c : t_MapInv'0) : () = - [%#smap_inv14] () + [%#smap_inv10] () - axiom produces_trans'0_spec : forall a : t_MapInv'0, ab : Seq.seq t_B'0, b : t_MapInv'0, bc : Seq.seq t_B'0, c : t_MapInv'0 . ([%#smap_inv8] inv'6 a) - -> ([%#smap_inv9] inv'6 b) - -> ([%#smap_inv10] inv'6 c) - -> ([%#smap_inv11] produces'0 a ab b) - -> ([%#smap_inv12] produces'0 b bc c) -> ([%#smap_inv13] produces'0 a (Seq.(++) ab bc) c) + axiom produces_trans'0_spec : forall a : t_MapInv'0, ab : Seq.seq t_B'0, b : t_MapInv'0, bc : Seq.seq t_B'0, c : t_MapInv'0 . ([%#smap_inv7] produces'0 a ab b) + -> ([%#smap_inv8] produces'0 b bc c) -> ([%#smap_inv9] produces'0 a (Seq.(++) ab bc) c) - function produces_refl'0 [#"../../../creusot-contracts/src/std/iter/map_inv.rs" 25 4 25 26] (self : t_MapInv'0) : () = - [%#smap_inv7] () + function produces_refl'0 [#"../../../creusot-contracts/src/std/iter/map_inv.rs" 24 4 24 26] (self : t_MapInv'0) : () = + [%#smap_inv6] () - axiom produces_refl'0_spec : forall self : t_MapInv'0 . ([%#smap_inv5] inv'6 self) - -> ([%#smap_inv6] produces'0 self (Seq.empty : Seq.seq t_B'0) self) + axiom produces_refl'0_spec : forall self : t_MapInv'0 . [%#smap_inv5] produces'0 self (Seq.empty : Seq.seq t_B'0) self predicate completed'0 [#"../../../creusot-contracts/src/std/iter/map_inv.rs" 14 4 14 35] (self : borrowed (t_MapInv'0)) @@ -27081,12 +24445,10 @@ module M_creusot_contracts__stdqy35z1__iter__map_inv__qyi4413682431414748756__ne use seq.Seq - predicate produces_one'0 [#"../../../creusot-contracts/src/std/iter/map_inv.rs" 192 4 192 57] (self : t_MapInv'0) (visited : t_B'0) (succ : t_MapInv'0) + predicate produces_one'0 [#"../../../creusot-contracts/src/std/iter/map_inv.rs" 180 4 180 57] (self : t_MapInv'0) (visited : t_B'0) (succ : t_MapInv'0) = - [%#smap_inv3] exists f : borrowed t_F'0, e : t_Item'0 . inv'2 f - /\ inv'3 e - /\ f.current = self.t_MapInv__func'0 + [%#smap_inv3] exists f : borrowed t_F'0, e : t_Item'0 . f.current = self.t_MapInv__func'0 /\ f.final = succ.t_MapInv__func'0 /\ produces'1 self.t_MapInv__iter'0 (Seq.singleton e) succ.t_MapInv__iter'0 /\ Snapshot.inner succ.t_MapInv__produced'0 = Seq.snoc (Snapshot.inner self.t_MapInv__produced'0) e @@ -27096,12 +24458,14 @@ module M_creusot_contracts__stdqy35z1__iter__map_inv__qyi4413682431414748756__ne axiom produces_one'0_spec : forall self : t_MapInv'0, visited : t_B'0, succ : t_MapInv'0 . [%#smap_inv2] produces_one'0 self visited succ = produces'0 self (Seq.singleton visited) succ + predicate inv'2 [#"../../../creusot-contracts/src/invariant.rs" 41 0 41 35] (_1 : t_B'0) + predicate inv'1 [#"../../../creusot-contracts/src/invariant.rs" 41 0 41 35] (_1 : t_Option'0) axiom inv_axiom'1 [@rewrite] : forall x : t_Option'0 [inv'1 x] . inv'1 x = match x with | C_None'0 -> true - | C_Some'0 a_0 -> inv'7 a_0 + | C_Some'0 a_0 -> inv'2 a_0 end goal refines : [%#smap_inv0] forall self : borrowed (t_MapInv'0) . inv'0 self diff --git a/creusot/tests/creusot-contracts/creusot-contracts/why3session.xml b/creusot/tests/creusot-contracts/creusot-contracts/why3session.xml index dbee8e622..8ba632708 100644 --- a/creusot/tests/creusot-contracts/creusot-contracts/why3session.xml +++ b/creusot/tests/creusot-contracts/creusot-contracts/why3session.xml @@ -1635,7 +1635,7 @@ - + @@ -1649,7 +1649,7 @@ - + @@ -1663,7 +1663,7 @@ - + @@ -1677,7 +1677,7 @@ - + @@ -1703,7 +1703,7 @@ - + @@ -1723,7 +1723,7 @@ - + @@ -1741,22 +1741,22 @@ - + - + - + - + @@ -1771,17 +1771,17 @@ - + - + - + @@ -1791,19 +1791,19 @@ - + - + - + @@ -1820,7 +1820,7 @@ - + @@ -1830,7 +1830,7 @@ - + @@ -1849,7 +1849,7 @@ - + @@ -1869,51 +1869,58 @@ - + - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + - - - - - - - + + + + + + + + + + + @@ -2011,12 +2018,12 @@ - + - + @@ -2027,16 +2034,16 @@ - + - + - + - + @@ -2052,7 +2059,7 @@ - + @@ -2067,12 +2074,12 @@ - + - + @@ -2081,22 +2088,19 @@ - + - + - - - - - + + @@ -2111,14 +2115,14 @@ - + - + @@ -2134,68 +2138,62 @@ - + - + - - - - + - + - - - - - + + - - + + - - + + - - + + - - + + - - + + - - + + - - + + - - - - - - + + + + + + - - - - - - + + + + + + @@ -2228,19 +2226,19 @@ - + - + - + @@ -2253,60 +2251,54 @@ - + - + - - - - + - - - - - + + - - + + - - + + - + - - + + - - + + - - + + - - + + - + - - + + - + - - + + @@ -2325,7 +2317,7 @@ - + @@ -2334,17 +2326,17 @@ - + - + - + @@ -2355,15 +2347,15 @@ - - - - - + + + + + @@ -2373,22 +2365,22 @@ - + - + - + - + @@ -2408,7 +2400,7 @@ - + @@ -2418,12 +2410,12 @@ - + - + @@ -2433,7 +2425,7 @@ - + @@ -2448,19 +2440,19 @@ - + - + - + @@ -2472,12 +2464,12 @@ - + - + @@ -2487,7 +2479,7 @@ - + @@ -2497,12 +2489,12 @@ - + - + @@ -2515,7 +2507,7 @@ - + @@ -2583,7 +2575,7 @@ - + @@ -2593,7 +2585,7 @@ - + @@ -2618,7 +2610,7 @@ - + @@ -2628,7 +2620,7 @@ - + @@ -2653,7 +2645,7 @@ - + @@ -2663,7 +2655,7 @@ - + @@ -2736,7 +2728,7 @@ - + diff --git a/creusot/tests/creusot-contracts/creusot-contracts/why3shapes.gz b/creusot/tests/creusot-contracts/creusot-contracts/why3shapes.gz index e11c5b3f114491a58bd8f0820928675e83db43e7..dc51f2921829b41a6d0bc7e94a9a4ed81b43830e 100644 GIT binary patch literal 23189 zcmV)IK)k;niwFP!00000|Lncnk{mg%Aow0%QE$C_WNk)V2$E~1w$auqC(^7=&%+!G z8`~EduibfCEvb~LI^Fa2Yw%mRd$>nNs-&LF_JgV-c>zHH1VI3#{~!PI!{eXhr~3HA zul4ie!^aQ**AMc;zxgV5?RX=;;dF`?*pX>y5)lW|T6qc>sWs#iRDXe;e zIe|G(XI%>?z&S?0#MkjpPhG7UYX9x?mwI>jciPLiM__z4?Js4e` zLb#DO@RhVN3)*bXaf=UUy1cxL(qw}SmwnDOxKXHJAynHO+mgiRxO}ybPG^g)m!0-_ zdSz|FVr@Myf`7V|L(lcvVbW%|&3SdeAe=SI1s?Ot%hCRJuDqN#oDeVPrKNXoE~k4! zT$XClHi-SUcN-M>@A2dP1(8-of7e!rHOOx6o9ca|dTUObyUMz5jq%?*s%{UvklJm0 zw+39+?O?hy(TnPBd^d(&OXK#+nC;A6(e~);Ry&e^Zl(n*<N!b{@_ zFO4JIFplu5afDxK9N||ONBA`c0KULDT5e2xD`eRW@r1BvvRP`o3cm&sP8fELUNR?w-Ho}g-Lkg`Pej}HNnf==YvL2xZOf^z+8jtu zPs)tS^4S(!(@N*5GF-L#w zH19Pa8%p8>)DRZ!pxlP&GlJB#;y}ZjaA~5SS$=S=A?+NqR z1O47wa;_HI_q>*?OtiWv*2d5{==TyUAKAujQNK><-2Helm5Nl;}%q|u8QkY zhYP8DepCI^t-A5KUe9xD*6o^xyxwDD7_)csUsT<#m-{UyCtfi*@fnj7ubZ5B&E&*Q zlM^>hPTV#*@v6y*UukmUSD2jmHL44L%l7a0Bw|&0DNA^wwG82jR?Y@x#Cq zS+`PfPrt;655MYocjJ$PdUxK}4}W_4bNuz8{)du(-1B~Y_pfjMTc@=?*T;|Vf34~Q zyr2JZ_a;6*eg2Z4zI=}F-z{48@Nus}H@9v;Jel}VPUg)T6P&i}878Xhp0xOLZSNlI zFa45^4VB>uy?S+Gbwb^57vH^El&imMQDQIqZnwGXHO&mK7+<}LF~yW)zF$^o z>7uA_HE|41pd5n>j=`4fteV93@FBh*Wer!A`OD|eRl5(>3)!Q&?9ra=(I|Vg*Whk8 zlO5TEZP~jr6SzJTn9J^8zdQ}1roPYg@$=`8|IrKYQjkX=U9)9PH}+8e=lc2K>D@z7 z@b4Z}6mAmX<%av{fa)-EVPD@xEd6V(fS0~58`78CpOH52({m5Fu}F&>y`SBrXFs29sw z@t#8%#4^U1yIm{3I?2{ZW4m1A>-e9P%nxz9LHzy6pX97nPCovqC3ioMaL1Z`Twc98 zE2Ygrb~V`Hr*6@sDxh~iz5n>3mfxA*{q--Wlj-+7823ETJ@4VeukrIk{P3jWK5mLQ zZi;y5fyIYzJ0CR)bo@W-5uU3f-cv_Bsw3WOa5o?iyT~s$?5^#I+j*y*O9E_fEpV}6 zK)+!u`}$!m`{hy&Lvgs@EWKN|e)XygrKl_Dez#`1{6kj`i?YtebOGZ^!(I_A1mfeT zhpPgyV8BM>B?D$-nql_lezSB%6VuIHNq)awyrf2F$Sg|mvhQ}AOB%fW@a3=db9}19 z%oOG83xmeF(>QlpEesw(@M2-u`NFV!3&W0*Yxf!~rE-&aa6uC2NwVx~2Zkuf#qyC6 z2|2GqzeO$gWz(OOcXIPTeNVa#9Q?TYXNr^GjG|8Q>D}GK`;NUm>vYO<-od2tVN&^kqhPczAG#yN zB%Uw|%_R0PNe#$S&cJn?@_i!7LMn%ZlU1QcYfccBP!IA}+4! zyW-+zCHGuBkKwk*;Lg00x0gJf{tU}MeHV$J{#0RwMFI9Ay)oD*#uKy7%%1aV`gItk zMcsJHwWZATJefL9YaHAlC4D-PdM}q9`{bc%OP)3j9JX!Kac%%%N0~)_qrldZtG-M7 zb}73!>0+dn#Nsqll(od7o9f(3*1SqAh7+mtaA_HsjY9NYW3#e0rqeIYI5uF`AAx7T z@8?q*PsNv9U3C9bed-*QvM5#OWAFcbf)m*jxf977J^Q%P>g@0u&phsJcQ6`F-4l(5 zG)Z?HQqz8zh#!VL!}eWYzX@26F+WaC*(?V*!w9oBecxG~!k@aH;rHIcailQU|KmQ^ zQA3fP{rUE5$*fLsyH92nOX;Nd#}mpHHBdS-<9K#CA&oV5MP_uvkZ0Jg>$}N6bZ0Va z)36-iT;XSJ=49^bI{4v|%$;bDBl&$YBQ41M=Ii8rp}lnp_GEQy#XhTA?)+WsqT|E7 z&~8Gx(sJ1O*KHjP)w9(!G7PK4*8rEXLmeIo31E^-0+aP~@JX3BW7tC1s2xo%9AOwAjImzHg5twMEs=*9% zg%JjsZuOc=)nKkuEsl^h0KT=bI_P*Jcr#a8vjMPIXRw^M*1!(oUcFMx7s96Gc<3C; z5AolXn*V<3$sB3cyGK>U@T(81t^ksi zzP;;b{*92D6HuwGpdYr}!yW%8@9x9&_v5f8zZJO`qYoGpX=kp;|pY05!>SNx8cBv=s6bLuf0Mw zU{w;lP!c@b-B?cSW{}(!NKPTSC7N$myCwS*&uGk7Xv|7u4ol2BcL{9KxKFMcsLf{E zRNdI}Um)qcDe2u-VSBI7Ox>>eZ{OapC3!BXyd|k}A*tP9vOFQJN0L#}y2gG-Qo2fa zZg%EWU$b<4Ehw!XH$Ru_TPXeZ22%H=+@Uge$%oys>dM@EDo=+iqKW?dszCL}IK-{1 zxN97i!%XG=++t2v9{q`7o2-6n-#ZsKkGS+QilSF*e3PPs1K7M-n9XN{8s08!`4jrH zE&pbI3czuw2`t|48R--Kv>7i!PvvxOF{58sv*mf{jkUSX-#n%IE2q>OL{mM@JEAEa z@7$Z+CDU>A?LxGAQJ#eALNq6@@iau(mz~i`{Nvbo(vib3Q@J^}n2VN@zspkyj@VF=fFgZ-kO>S$}o(29s%}eoQD+PAJ466In22NXKfbF zEUmj=?A=SE;?&{9xJOj?BBH+BF}0fYP420QsLwm8*5JQ`t7<{i7dou+hAaQ<30$d( z%{b&g{js-P#DDwp>3zl1PG02%e29B)<#i1K(DN#X=W{e+ z%GjAwF%CaH#h>2&@#6;tIb!$IyZ`#}uR4dTS$ zw?6M;teFx#mpKulp<6d3xy-XGFN^y8?(uuDp!{toTB z)2!-lGc{~k$eU2Ev>c>);E-m`m@}K;ZYK%xcby2o?%oXPc|6vSiCSY;E}pvV89D>y zw`1EeMMe{rUZ3oO?J}k5*pcmaOww^9R$f87ML+*`mhra`gfIf^9u(BoR8$sW*>z6Igm4JHGygY zXsq!4HN#n#eu(|%KW(A;=3D-Vr&0-diSsK)0D!zvv2%v^h1wH#?Ymjp0~b5 z0;B9@D4&yq_ZpltP@h3@D}#SP@qAxtf#Nf1l{v!HRrFIOS}%&%*qe#}uCEA$lG?P7IiI9&m9d5%e!t+$d7^gzlRY&su<7Hpb1rOqTyI%{m#wyK?k!KjT zgtK+@ylj8Jm#;IwD)#DCN1^j7I!Cado88oP@S03<1$48CZnYYHEmtRf1^jdKpLc!M zd$SamGd+I4?sH|GPra@SP+riz2daDG_V_3CE7_mTt9Kds3pS4HV8>H*5yg13K&h+x zErKw3%=K-FZ5i+@8SuBtzzp&W*ndf;1^fN~)a(!Y><>mJh+LL*NDs}lq)UQ7mhl2$^D04-@ThSdQp@YN!#b@*)4&K z!p?c|@Zp1AdKjt&U%L;a6u$rT@S_dfi>vjSoCtiV-m^V`RLb5*1+hU!?hy3p0Z zxhk7+1NL>1|UVI9SXr6|XT+a+1Asx0)z!?1?*uEg~v^xKAg(fWxG_j5rSSI=$qnctbv)S?;A ztEyW!s#Uj@WiYSmx6NhYGj#pl=)Po&UG`jEPB~}zj~nl@_HdIAYbizN3sg6W($M@i zN%-bNZYqO^#Yz1|cyjDzY5G=xHbDrQQueid@R5PJU2LO2lix{qtNZqUDy_Yn!F;b7zkP=A z^A9oeFH@rR_+y?a9JVusyHA^*{9dN;c<1DN3Cna>N*3?0F8(&__gG0E+nyJ2p8&u0 zKlGwY)R{P}lfvC3A==zK2R>(wF^|Q|} z8R2k=h;$uJzgBO-+vzUQbSnhy^0mh9UQZY7?xM)^D!)}Yd@pMC4UzGB53N5gg7NX; z!=K*Qr;i`{yX?PA)$h973jH^p^gidt6)2L~9VoJ6emvRfN{pTE&-gb#E$#+%pL!ag z%~JEn&lixJV>X2O`cBh;{{AJv`}xcU&?}moV27&*rhAiN{Iz)L7spI{9+wg8jjt7f zLU*BPggXd?9dDJ{6WsE7mYt8TEcrNpL;s8=okBmRoWkAsW02>dcfO|UbudiF=}Y0$ zuk*6U6Ug?uA09%M6WG1AKYJ_rym(y~6g~g#SAV-MoP91p(|@Y%Tmb#M)EhWq|KVWj zv))(Bzk7*vbNQcNGkvWY6T|ZF?uNWuD*5iFbuT#(A3uD|S9JN9&ayG!i=kZI>$>l^ z^$f+Z2V@$sQyj17eb?Jdmwh=~nd@y{p`DlL@b<<+z4?o0n_s;eUsG9q7Q${7Qvc@I z3W}fJOkP!l89Lpw5tq7b{1Do7k%oC(>r9tQomX$U^Kf|+x@Qy4KbQAQS$-Ms3J#Be z>#v!1fUeM=*pKP~PA7KbhQaP``gQoDh65)hV(DbzZvOY1J^jYvWM%y3OL#L}RGP-K z^Giv?_hf4M-CzH*qJlLiYdeeO83|ns%+tX7$(wO_{0EG)qDBu#!7l0YO$Ogyj+Z9t z)Ms3umY;`iI~MhVV*C8Sg`N3LhUxj@UfMx68M%RplJ(+aLszBX>b#yoZY2yEr|Wp< z+k{uZe;*RxFV-*X`t7a<&#sSKTwSr8uh(89gp|E>iZ_@5o`ME;E zD*>oQ%SF1&Onz=j&ggKM_qr`Dca~tWBJs zyKVj5@xA8DyC#+g@wPJ4^2B{jYD0-PbR$U5QyOu=Vw_ z|9uyjTw7qPCkr+fn0%uJHYn}u>q=GQGt23k_Pik#=AX;xpUdc<%jlV9w7Gd*JApkL zxz%@L7viig`rF0XcCV<+gSR|A&vLoOu0HMZjc|F%(&~rY6Oq-5l8b~K{_P8?Qwaaq z_0!?4*Kpy26w4Q4#?L81|FZA5StRzBMPi>{B>Nih?YG*J{<%2*xj6p+x;UN{l;?b| z7ss*DtueH_<`d`1v2L%(^xzujvncNQ$8Umn3lDGc_1?tAd06)fKc^`^w_3K_=+{hd zWy$6X#{Xo=_hHG#W2s%w&ow^P`06x!g}nc?4xZ>CcDDylbb{DD6|e7IoZ#-~*&Vzd zK!)LaJSThVzvglI3afehU*-eKdO&yb$ZTFqOQtPL8fBjhMd*$;}{QUIp{l`CP$7NOhP{xXTjQ~76zUzQY zt@XY8{uckM`1_r{@$>F@@pFc3ez|}gKX;Jh>uj!8Z>hQGPaoese0Yk#zWdiV|4n7|4?{&Zv&U&y5VxLF zAENO?Cehxb=2j;!`iA);G00t%bV+in_o>bJAk8Y2JA3Q=ey4o>f(>*bWbD(})}3Zm zs~2pBr?Z!Zv6!WARrhYp)X`@gw95;gdMPhDrr17<@P1JxTZQA}@k=OS z96PL5>L^*b%Dp|8uh+KevUs7-NnCfDRjt4;`%ZK>r++Z8+G``ZhPk()d{F46NYrG4z zW%26n@+IBH8@gK$1um(5ezMZNJv@zx%4W<{zP$Q?TUQ@oG(6x0tHfqG(JZZ5-u$%l z!GV5)<}|zC@mdXs`TdRY@{?PnUb++A-7mlSG}xT?%MZHPyJtra^U>9m*&6;Lw{n6K zKm7gO`w7OEYf8LTXOf}cmb?<$||oO0v0 zjbQw?k$yjCo%YTrJI{KbQst*i`ITgZlguO|y!mPNC6!J3y3v+?-PzUjc7~vgiRcps zoejDJrngXgqyaA3qfG{;Oux)Z?7(#2{&{_xU6t~8Z)S9C+xYb)yI+2z<2*tKZ{Xsb zDVHePIsE%Gh~ZmBcgs6zX1t|j##>5e6bbx!T*x>sWIVxH9ndHybRi})rkjcBFftvU zXZq6(OdmviNzN53#x(F*;Vt~96Tr{YlG_yn{0(BTiv{h@tM53U)VQpFv(WG@LZi## zHZ{RpY63?!fhSz?->Ybx|9bON|Aj0247H?N@pDQ|T7H+$GJGIyY<9WKtQS=-b}xyAi=`Z5h{8`Lhz_&fM+nAspH*!kA9wm4@tD%`U9TyU|oB+oE!F+aEXe50+2-_h2*Vr0yw z_dTuA+YF1ju}P=t0foufrp=jDl zP{r_R6dN;&&81aK-`B}8GaH}vcFdOTKg#Vf=lupkFZ6%Ft^N=E2lzkMr{RSZOqTEL z9gnqSz}9((#w~|V>lXt?t;VBP`K_+oX_I!=Eb_74T&PN zXHVeb19an zH=l;3EnIL>_pCx)4wF`~fg_a6S zMvW$;Mw8ps&)K|sXx*V?`Y`mH#U#%rSm;fs9R<~2+3(IbZW z9NAC^bgfBecdbt;i?KF<%&WEc#%me-dS^H}$ld0=UaMm5&Ce|oPyE;rvgwfru>K9FKCh&La=>C{snLFg^3t-2lC#^1he^&e{= z+!!(@4=s$A7eX7oGGEb&Pk!=%^7Q=KsMO3^shNGHrl}XPl+T(G_mKOfuwRtiLyF$D z+CD#JUf(67_NjIo#a%|)5UK2wAun>%RxhD#9VX-aLANcxz(VKI^t|2ly502PVxP79 z;Y)n~{_p?K=Z|Cd)Ry@;CS2(oME4(_KHhgJa8t6?W(;ki&cm3F6~=U|a9AAwmWRQ; z&&|($-n&iiW~r%N8uF`GeU8(-a7m_XbJm2k|NQ5Vk5B*i$G;78-a0i6Kh&T+*|Tvz z{(Uzy`X8pW!HviH79oiRl3Q`Ck(YFd3X8#&Z))1l?!jv*)mduPDA=y;rp}w^P`D-fFM8e_3<)vgWc)((l5j zjeYWeaWd^$AZv+|GhxcK++WaR&jJbmW2U`j@ca)#WsfrcJ5F^Q_Iz*Ug(q!$XNB3e zw6m}Bj@pO0+TXKOXw*`6)KYd(`;!{8qZ+fL8ne?D>@L-!jN6Ee+lY+$-Rrh~V`u2F zUOzkw;|UVR6Xd9wWvQ8Au9+9nhFxxz`?Y3SdeXQkrMT@a* zxV0&cYhq&=O*a?l?gra<Q$!`^tX=w(4C!h_-w|D0lzcx z%ZI^NuJ>++7Cijl4r!+EzI=Fm`0w4_#aZ){JUpDe35#Z(3Vt2)#}7~O;luEtbssZZ zw&Qg>9@=#eJeG&YfB*Q!KJ`d|*^?oSuHo*At z>Cg4ER(CMp%%(CjXKX_K>8Zt1#mVw-H*Ym!X9*=BEOi;0Ose1A>cS%Fr1%uhu?jV*|M_Z59yYb9;fEj zZv5f9YPZ@Q&F+n=^}%Lg16)QQpG&>Hj&Uc0V?-%_`S2f~~mp-|QS9`FVN~_;UZ6n1y3x*mRcyH@$}!WHeXE$Rinf zhm4EFu5nx5C*!5t#SD`lQ_{vidlyMhiYZ^g-_J`&;`pC0#&c6L!j_Y)%j=?3=i^t$ z#z-^lXg0t2e1hel_{&_Cs%>yCn83iB3Ep7M7_~jL-K)-=xS`?iZ*BN5w>B&fzuwyP zuOG{^O*`W0SHj@j?Cx;LM1+ROxR6bW3AtIeY-|#2XygYl$8hvVca)<&@{x{sgrhld zZ5A9#qFk*c=Ph7#-X-$nxCZS9u+b5VMDpB7fF&o$RC7d!i859)rt8Q@pd;X_YYL_~ zaZWJ1KooMK;(ZDN+0_itb+wyajd!N{9570YLcW0w7%MQFYNWWXtJALT2+OY3+MF!` zaxjfNl~%2(h|RW;YVuuIzu7fJifDk*N61W>Y|Ob3WlKJqnzbvMzN;J|%(}XSLahN| z%}yvpjvUdrnvqkqwd)F-U2{zq7$89rjwX9bMZi+jF9}qex~@2Oo#RU>qO)Q!7?&d; zx8@<_DA}gmpzldrJ%f$G#nf5~p;;R&Kr%6+U}>qAj!4K`JrPp~9Fr?(F;*ivVyc*n z4V6PKT~E8!Ghw4Zt)jQK_?CT;3aM1*qA1O}p0d@mhGLVjBkz+l7CcFkj6M@HhR{g^ zx~-lr$KY!wZ)!E{SgKGoMvV1fiTa*?t0!cWi_J!yM_V98jJY}=qM)bHx&?z_tEbdV zO^ish;*#W6#d*_e&W0WIW0Kh%({e4TSOdOh%%R5WYBi>W+I(oS>j_&uBSeRkGKeXj zqbs@j7&1F&BUZ6{YN2HV98z%2gv{RimRq#hIIISs(5_m@&Iaq96E@b>luc4K0WNSU zDY#B85FWg^22$9V7OEHPnrIqopj&6e%+Vr5Xoak$egh+WFwSDO zE*MV^D`Y7lWflPx!!dL-wS2U6w0N{|wC2d+$o|Og$Z}+RWIi$-8IKG{Hb)9a@<(z< zl0$B;#0(}HhL|vN^b*-xKq0~c!wUU6;E0sG%^AEvsszoW2w@RQl{}9;(gg?BBKe>S z5eYF>Z*oYIDL6UHwwDm88ZOLY3;Dz$H&78Mt#x#;2aC`kxz-6Xl^QFyWO54$N~?_h zj1I;UgIMrJnv+C9^G|P`%VdEtm|c6tI=K_(Be) zU~P28#PXgz8A>fuw6Xc(*xMXq6!9Wtub5bDg>7SNEVSmJ1aEWYT(V0odE0GMR@BCj zjO3#Y5d*~1z@*6HjWb|#r(&!-kg+WS>O9q2WT`#{lf{SX2~!!MC1tP_t|H=dX>7z5 z2FY3H-^u_jWrsCeo0><+p+yJ;mAQIdQL!J?ABtcg*Ak{|!3V4oT?I;oswC61!G=R9 zRLEzHs&b_z$iSXMvyCMYg#j8n3DhFmln{_eT*}#{P-<%AOd6n-WSKoW)l#Ya) z%dS_Z-<)nFp_WqEM|L(CPN5<(g}`bi+dR&+q@vOrQq;|-8gD)OV1nlonzR9$el-q* zZ;jb{3pJJEyl@M|QUFKXS}g)0vadFkWFrJCHdAdm*1*+{bW6m(sZI^9#t4amgBrNi zI^>KwAw_4oh>f9IF{Ywv9%@ACHXGqX z$Q;DBKn1FYP(V`P;4n4D)M9@ow1*-Fhz)?}=sRPvIkL7CTWcy4#{+rS$m^jrviA|B zpeJ^*)?!N0WQjPBxCB8<7%rUhS_*qqzb#noP}a7tj2PcE63F&Hd^0eD^(4I zB%xFgdUIIpfmjkW(sQMuh$$)KoGZ{;2wb}LDRRIB)rV|tsOXyr2#3hEv=|G9 zPzPv%IkGBxRo{WLZ%wL?J~&$$$qdkZs-<|7BUARV1S+-q;&nHN5^G0aaR)A~){tAs zk)PhCR?=IpG#X4KEc&Y`mQ)38BvK&f_HHS(AGzeIIYse|7zaRzY$!1q8 za`LI)gv1{(h2#Tzq?|&vE`#^hkSf(m7}EgFwiaWih zvY1?R9A{b(k^{?t5``$YfR$1<&gA5<*6%_$D2ZHR8%uVLME5|ODXW{pj8ZP{kV@LDf>SrG#XX8R+1!C7XT26o^eOBu-CG z>`koV`jfQM!9yyxwGs@FRB2=o)fR~^*B~8_oE(_Qk*FO}gJV~02r5L$VQ@)Yudw_f zh^Tg9=0;q6_9-{(u;ge&1VCJS2yasd46Du(|;^Nf>gpr8J2R8<#AN zpygTw#rM{UxC50I(Dd^|OLi2RZ_18RyT3kpHDj9aBgh0k}wQ5`U+;WFn0&(JE zYpc1kA&M5Quy{2uQ#XS1hwLdQ%U;M^6TD5uqXY3Sg8C-Y2u%+kCD>Y9MhFI*&(2!o zQ?r<}8=z4I5nFtTE}KYRyxRV*8ni^Ybi8-rfYEzOKGq;4ro@66f(h(UT?nybsy7D} z2Xw@lOrV&&Wdb(dktfdFA0b^h*jmv;cV>!4$hO8Qs9zzoWb6+m-W;rR)uzPOL`kMZ zuZ~Y~tw2dR8aF_z*(C6keUp%-A>^t~$DGuMX)zDbsyEO8glj7d|Hn{h!~4+R!YmH&Z_JvS8w!`+WHf^ zH-{VwH;~X0frC;d7-7uFox6p3fR7v&AP&7oT+#)u5gR$Cg#-C zr%aAQh?LodP7itS@%(q;9KTVZos_@2Qfy-BZYz2q^|8S7Y{=?I=Hito0OI z%P6Kgk0ykgT4=$lKr&ia_-)H(~D1mwj-E4hY%W)=U)? zjTZpMQZSRK|G%U*K(i+LswP}WNIA2EnixrJ7R(`z(9{j)6G&~b2t{BMot|$hp%Qz9 zmeo@hA+#VaaEQsEVQ7Yp4b=r4pfya^q+BZpV?2oqHC0S5*=)&L9H2Qwssyn{L~m*f z!A5bJCDl}tgaMk>Nj1*C*x*vraY}Nb#blK3c7T?uvn?g-^Z=c5^y&yNqD*zvhR7Hl zvK3)b*KLcr)nufl*b*Q?R$t?YTXe?StPwuP0i=jZuIe_+&YOYF2UoC}Qjl`V=yC#S zY^}3NCBG4m&{{Sj6f!2ol7b{~2~4O-LxlyxccB}`Dv?_BCFkTqv6TY0gqCx}+`C#l zA1GurQTKh9ER+z0TtgPbYD}dzKm!USP#HW#t_EVP48{bm9;AsMph?u@qb=4Z%)TVY z84R>oo3$zSj(ntps;qzrNnK$zuuTkr0?CL_=@nAoW1wTeV}N5YM<0&fAH6$zIr`0* zp@w;Cb(~@o9~%YVfS}qETS5UImgdWVvWwo32E5Rk2$UN6mV;IOOdQ>~GFUhGrru?; ztvYWjc_-M6h+{jh3=UC%d?6EJDF7*8)WD=yOV`Aa!#R=V>XVmjf{`j9*h-S(Gf*9( zpLDZX>SSHT`iB-Te`(V1Nb%V>7IdT}=;(D5+)CY!T+zk{x+!J+x>`%sD(oY&fJns%`s-1qIicy$*A`k+XyXXQ)}_9 zS*E5|JVFT+sRY7k>L`6JXCqBYE7%yRCX?6{Q<0mI!M&jJq5(w;&L?57S*h5Fya%sN zV&98A+Jn#FTgssYgrvK+=SXBjw0e}UX4ELA2@-33&`Jd#O|G@54NBgN58p+jP{HIH zOMnt{0*zTwjhby0Y8x}0Hq&=v2WY8gvJ60ayje7D7mxN@Wrjj=pN7rVP*;R0{<`YV=+RQ_3Y~Pq7N*QNy|e zRwogx3oI7YeiDeBqNz-Jnv($Y>bzJW_SpTI&jkq?UlBlniOGh}}VbZz&iQQeR=Noz;}dTW7M#7Dk>@ zjR0V+CQ^yG+-kJqtwiS|%J-pLLCwPxL!o(ZG{Bl%Qtb~_Q?o{SQ=+o^J~W-CG-1)G zdriKWR47j~)lgaDLU1P4BuL3=CT#G1WM(JzF{!Q* z$W$_l>Yzq!YZQ&DyWtEN4q9(CZBNt1GN(+M*XDdt(Wl|G8xE;@jXcJPq-jFAIpU_9 z0YOP-uoJ_95P}{760+CC!C0-gBHT2UMtLF;6S`Xo%Xz5bQ&0$T=B=%$kLJigw9=7G6DxwCHD>}=D#9^qe zAY&2v6qADCU|2l|o90*f?fz5=A0%ZW)sE((kpZ1Q;=v=8Q?DTHso#k#j`~ zIv4tYcnF6mSgf>IG*D=wAt6n%sY>lI$dw9A&@@_0KE-6cW$z(-&9ybv1nWi?15jw1 zstg*qu~q|!&NT>JQ{p1uMWy88iiV1;H5{bWkaLSssv4aneY(|7-gwdwcTC_+N+x$Z zVXH0@6u{WiXghD*2XK1o$&yv&nCuF%=I#2HQ;MY*QaFTy9GN-98jP;poY00=jK*ZE z>v4latLp7x-vpu$-guh=xk{flvQvE$#sc`$^tGVxkk+;1wDGlen%uY*hDe0W}b;kA__5vR9k75 zg73-HVP|c~7^7F)Q?kUyQM?z6#u(QxaDqeh4vI&_;K4$w#sas3V6c>8`aA~(N2oyp z-I+lbMMW138>UcP^bm)v{zEq2iHVfFFrg-Zm=r>RBnhJ(F4`D4V8MoBV-fXybXK91 zT(WU3BrfA*rK-n7JaLc^9is3;>o?ChYW-p}r22Y$%kycP^rJK{La_=Qe;df`pQdQ;Uxr8oegv zv5_tV8z$Q2U~I58h(}c8#CvW{O{eHqY_tq~Tarq&S$%R!n?>O24w`aP?Y8snX@ zvVm%?*S%RKE|wvc9S#Mf0YWZZTXU&u8jao%vo3p%JP}f)fhGe*+q7|t+ybU-yawe( zMm7VnCYE@0i$s%K&BPfpXbL#z-ec7Xp?5{?oq#04P}Z1c5#nsHsNFqEO-URW*_Ud) zi|X%=hHCUe>IH5SxEdT*bu4=3h)L9qZ`C_f0a_pF`3~v@Qh@F%O-&rUCgSAUWg~?W zzz(|99>MSt3>`pa%amq)N?DKSMyjT|hG<+YFc=8_2*w@3$RUW)uuIX5t^`mzAB^~v ztORsCNM)GXqp8W*oSJdgFqE3JM7@E;HDbth-9EE8jbH^A7>jXLbOpICkDIZN8bQ}* zXm3oe4r>vy0s(x|cy&yAptsN~aR8XwCn!Nta_I1X1j`3Rc*57@~Z zMpchKWvd##B$Gs3aGJE5GsWRHi9dp7tAZQ>?7@--dmIF2hGtuhYIt#0=XdbgPIQ|0 z@oI1zmwXdF*B4hvQb>BI!44Tq>pmH3 z7@LOdl_bF>5^?5C<5?f}nt+WY5D9C_Nlf7gf@1Z8OHTtm8EXtlBT%!xddvt-qsCx; zm6p*)T~*PeI(Pc<)R(!@SEpiZHNiv*A(&)pE;+d9i>c$imw8{!Ina!S?)C;80nMRS z8){}v^C=`%S2Z*rf~VkWpaFNe3WI{vYlt?7#MW`KMKr-rujp9kv0qoDnG$L;D!g#8 zQPmV$pkfM_U^M=dP;<=H$J38X>cdqJuUwuy6#ceZvvhAA!}=rzVPc8xV_FMoR2aOwQ=o_OZ8) zx2t|!ixKTGtUZF|BUn0!4aBYKjqv7LGM-B@ z*3_UGJ9E3_9}EkkZKXmj7Sx{1A?xu+1Ad$`_IbJB{7tZ8LKDGjqMoK)s5e3)u#lme zhio5kas+3O;P?oRj^OYJ4vyfImWs2ErMEcb2x5;Qd<3CG5H=-3s*uz#&_q+PF#%Lj zBeP$h&V3bZU)cC;*#!+JXbM8sTOYMB8z*kS`!;%Nlmi)}jSd(SVrn63ZmQ;ExZybm zm9<;wnKdgvP&AHAkf{EJL>5CV;3M~LEZxU$fK}L+5K{9sf>9q!2)X43-dAv~4*`Lm zo;)AH(-Ax#!NU=}xe30eMk1)o-4qd~7Hy2cWb__WECa4z4?pW$7ZQa_g@6`VQmg90 zYN`Z_`2oB?f_K9JG7NAVaN(+#8&Y94}hh7I~5E0R0dhy(IL|G^Q05-!|4 zmd3M1!NyF|)a`+WnhVxR%vCpxZX!JV`}%>XaSTPD_^@ipf{0$sHYmAd&H3mjh5a}| zbMEaCg8u$(6O4NELQt5|Wv>Ad4JT?ciQdZaePmdztZzJS0h?>KffF}Z^m2f1Cz4_U zYBmq^HQ#((y)VbMs%uMKf1=UBB8FlJ*ox~%VvMnkG48vL#}6vL^6>}~SFM{p0~&WkBi{uV64OB4^86ST@z#fT-Fy9A}s;AZj0bI*s)zvGKob3)NMq>Q|K?X$V`y%2b ziLu2e+g%CQKx(Z>xn>HQ0@5R5j|lGjBU3t`b`owPMqjzf#2R?STyk!6Wca%yL&oaO zDAF6E9>Msc+05L8s@0sy9}vP3!T&=jV`3%n43r%-jTbh}oN$^?N6~Pf~YXG_FV+P#x4Gw+t#FRo3JCm}H`Kc4y>)~DRPHI-T2T~7s5mQVu zsSJ5=`t*@Lmf*p$LA@ZDOHQfASTz$*f^(Bgf%%B)^6({O+r(LFl08t)!8Ls=p^!$9 zd$@eC$z!zDkkv%y?iNF_pbi90Fs^2FGb70n$sS^`6aj22h%s<99`x>Kf}puvBfhKw ze0_;5_Hid$HLk$L=9CHmp&$vEf*)a5dCdv0`i#GX>3f zF9|CasG7hklbe#Xy*uc&5F7jJw#`!WsW}sJiJtX2lrz5SI*;H}XhPIXmn~_$=na}? z2V;!!hzv($?Guhjz8j-UQBADI8%LJt{H+G?-gkg)pxyrx{xOm-q^}Gq zE2A=Mph4)6ARgENaCf^VQO7J+kp8!600X?YnV+4z#uR|D5DHH*Sg+J&t z{`B19Hoc5;96^8HkYM&XY^3WsOz$n!XXj?&)x)OF@Cp=JaTVct=AgHz9h6sA9dr%~V;5JW3Bur*$>kBV;XCpV+U#BiAUIBr7hYtUp&$=X zz4O$p6TVOXpv|?<@`)7DS|gl!WcBm{$l6?Q<$?X9HjM{argg-&xY}YKGEu`yO!bi_ z8rsc98lT=1nsMnXh61i8_&_1+zPpyy`H_Sf{k09NA8nu*PimM@MS6K~*D)#&Lm|hx z-+wY~gwVnhDkI}p57gdsQFH*5AdPOv0BWo{?lQi=gpz&=Rggs^^G0T`5+u5Fqlm!v zp;INjAF^I5iuFGY|NN#cq#jI>aW`4W5`^i}W5|k?v(KlYkKeRKXRHcP)Lb?MI=iL) zoIc5+u9QzhAHQh}(=TK|x@(7rHbS^7xsiJ#w??jwTpBt4kFNQgyf$*&>;G(QfDq9F1%vSxu`IfEaYaTG zr8f8P`QAPh%^pxJ4@1f4Dy&e^tuoV>-yv>7gyS3guu*c19Opubd!8P(&Tf0HjIy6i zderajgGX#dHIL`S3%yO3voRfDA)cB~{?wMkU+)Oq&mP_ZpbQj24|^ar^~-`WRV z(432oO~IE=Q3&;=)y=6tYs2u5@AF?m#}kT8@l|qSXH(8Opu6T-9dy=@^}%n>UyCE8 zbT;f4EAIkj=hB3(SEv8&`Gf(R>6?Pa*m}~Dg)!UVKJH4ph~J(+2wCGwK$MI)~XW-<_XSb_PU-x=P<#>L?k|GWqb$508_6d%n|wn!n^gTB}2#BE8Rnb^Uzg zQCw7^R9vrk--%-=goj zJ|iW%SgL0ds?s zkaO|I#Tpm=wtje2s64T;LiKX5JI9(1n%$OiD{;8sJ^a3BaZJ=U*eZ*`i3X@^Gqkv8 z*}LSLYi(S=?|bM@bDwmdRDpXTpzcngV}cy>^F5$%?Zen>T1g!{tRrxvxv&o@V#DoW z4qq|2JCOc;??&l{dNL%1g%Ri40^x+Q)b)_N5v2U)eiWJP;LaPT8~_-_4{(cSRI1H) zKNx}1Z|=+V7~$4O&XuOnL?ecKc%o)H#*e<}|D-DbUAhPukkhgOW3 z?RSq$^@$0?4xLd^uagm4CpP<$YVUshFUBMY@T;AjinPvovOI%+#1`W5&8N8&fnUZ%nwpew6)0B!u{M3a6GV%KH@Z zxdH-Ny34jz8>=){ZmiT;Yhwk^IvYzg7H^E-CE8e|v2bId#!?%Dj0H3n*jR{nt|1FT z002+i0Z?I-cU*;BaSLTx?ISMrmt@x-sKSrhoxS&RrgFDcLPngYOzBVOUnCKS$kh_J zW(VTmdOD>@+z@6CZ>-T+f4?7u>`X^RhO75VwQk}*x3I3Uec$W((8eZ>jT;*^w%XXx zzx>XLh$LcZL-N6gXX5>6Mr2qY-YfXq)1-GCRiulFA$ zB+#8nb~(1^@;oM#z{s8VeGdL|`w*?J9=nJ!JAt)h0q%8;nCtO52>NpSpx4xXL2;$- zN;+oxT+&Z=sn2@R?91(sUZ`8Oq1AS*9qWiiLR=ei?zjwNKla7;k&=qFX{9hj36^uh zFr`F<=uKwjC||$7;j-(DP~@62`HWGv+CtUKx^q)({`LN|!2v_XOI@7?p~OXo^#U3H z&E>h<`&#>$$fq6+2vjzm=@Wos!{-4(%e(#f`ukS0|1UohMuaDKr9!o6&NS@J+OMwJyVcH*^o@+>B z|N8q}6F|2p6I7aT=txQ7%|m@e`29U{{jaVOQWc;*;)JFNczq9S%LyRz#|p%~vETXb zFOOH}p3P@72N_Gb$~W@ z5@8cE{n~XRt-h$F%qL%iviXCX0C1>I%vCESNgV*(Sg1(*CExr4DtYVL$Ks5lb#dk? zQs=oWjP5xObtBL5WK;^7K#k4WrxgWgE3)8QTA%xpKiYTQHiiI)c??3z!o<~!Aj)(D zyf}X951ghloqU`^vE~8sJOZeMF>ka9qlV=_tRm;PApbOvro6VVDREV2EWux%F6u2(X8bHk` z&8;#%Bup=MUYG6PaUWhhXstS^%&|(fXO2m3ob*B+78trE*}7~1tt*QAg{o9}M7^nv zQ?BFJ0Dy8{{LG36`9kEb8mow}J5Gdr#ryanz8pFYpQoRItnGqh>4`q}v))MiIG*7X z6ulVWhC1Lb1Zw^O7pIKp*+dNJIUX{A4X|pb9I=OYaNBt2*rm^>Y+dT>(8e}wZ5>6r zE!Tc&qY&jb%OBE{I;z4=431h`y&Q2!1gk+?au@F5UMNJJTR9L98DmVtuq-i_^hfuP zd$CQx7Fh&V)W9On%kWzE=7OL0-uu1t27=hM~_tdD%ID=7vge^Ez&j|W#eBb9P52!qu zyv)9*gw&k?1J~kyZn*ES1)7F$uxHW{;$*gBVYNaHsHfFvHK}? z_)=g%K(L-?c;GW}^@INWTNVn9ms$syVWNsqVeN$7tkreb>1g2Qo^G0*8-mH{fb!K*UZ8D7_7YQnV%>Ml|FWLPV}lAzL3!E!`92q=8Z z$c3#5YZHc-9lx@6&Z6aVNage{XV?y!=WILUJ_lw=f^)M8M-$ZUf#5Kv^@)YegaRu2 z#I(p9bLD-WG=bfc&`Z|9hGg~wwCOc(W8RO92>?aEkB=t6#Dfzr`m$Ux$La*u&s?P| z6PCEs&B*R|TC_HS&l4c?3@0Cx9HZo!-5@V9*Yqef4@bY(9-@5z9;K^qio&B6ro{$e zE6aN(t5u-h$DPv<^(G2_y*5#~#-IbXJIa5_-80>Z8y$0Ch zf>9;+4Oj&9LZ==d;66*Q{9XgZGA~ADaT!E`p8Xa4zO&WAmdPn*6wH{0K5;D*_@>lyYQUzcgJIta^{ z7`FQHj(11#ZLH%xzS@I{*$+5Qkv)iQ!b=5}u9H93SU}VAPzGEJ3*BPgWgRW7mXD_l z#&-b8y}9>cYeTvT-(a?Z`2mK&zm9Lw)foU=t4C6+QYVx`)$HCMe8tb>%L^~DD9sw^ zCxSu%->Plu{M2atG`@q&Ny5UnZzm1$u^?j{M`In;U&nV1cwUymM=>29njryOo2(2w zuJ`yBmAVCG&bT;Gf)h$M7u2Hn`mvvwe0qt3Z>!7#UyvT*gWRgpIOSsv8y!yo(wo5l z0Vjdf+9*n-`mxr2)y)S4F3_+S5(1KS!240OR-s=p2(JPlP=Y0#$lOglF$%0VHkrQ0 zuj31m7SL%&r_<4LMw$DnZ z+uUuB{cxG!d3A<=Mekh(Jow7J&lcx@y}e@_tQsIg=w9cU zRHeclBrKUf=ZD0-iCYubCN3}RdB)--Y+PW&_X4k&=*eO$o;y=*UwNCQ z8P2mGSe+!?!RmdzELWcF0=!jS8=hwCB;2uv7C~UN^kyoF+gu&={ycn{RT7M% zPG9gOz1Pi>@|W}C^pfcU(F9x&O_u?tzz3n4DEE2MB)v&mlhkWY_ON6kjHdXK(6DK0AkW0KKOdw7LM2blxxkh z9k@)u-D92v_L*SHI*SZUF1K-Oh1YVuj-QcmCtHRbtx~|7pd8Tcg6p{Noz`ety(t_V zt2V808G>}J8&!suc~&qGSMV-*M(uN-8$qNsuVWp0kvPaAi$SmA<1APREGi@DcKRf1 zO4^j9DZvt&no?~_7^;Mrtl3n zCIO_q6BjukY5_>-Aj8srt}V5xlnZHuq;QXYkV4X(J}6dC-pki^zF}WKA0L?QHLaI9 zAQqG{WXuU_c(rlwn^kUHlC0h9rkoy!Cp=B6=IV3;V1+wwq{4T*4CA2~euZ;j?a*Nf z5+ex8{@Z(3CKjXH*CETCUW4^JUc@9v)8RFTXzj?d?EL>&C;shrb=c z81e+dow$K7#En|vW_OHx^DyJ(1a-`@D{9i>oy7g@!lD_RqJ4qcB}1OdjEV@?cXzBfP2{;Wgz5kCh|5 zRF3dcIl>*~2(Kzf_=U<5et~j?U!nlu3zVbv!gRzT>tcv!gd;6ivajg5$Y-QuO&95m ze5C85KBGOO+f*^Tsd~t8TM+(?{!r;9btX7mn8(~beT(o+w6C9xSv$BUK9kyQd40JCi?D2*=zVb?Dw|7xLp$>@4a@-cDopRN0E^sZzt?PlF7;Rp5p? z`qLnJuL0Q+x-Tn!vj>-=_J008RPe9R9DX6q!HVW~X=jhVXL@^il^Z0msMG1}WyOz( zxmEe6LNW$u!{*K6FM(e$DdljwoW2c}YunrY#NOnKs4-b%rx-><@c2 z_e))vccfRW&I}iQ9a1-q4;*)9*rfUc5Le1xb_CAXY$)r@OPn0oZI(F~BlqKc95i{6 zy@!i~X4iT9Bi*%YEpm3pc+l5P=Fv!ZySmCd7~>I&w%Pk)cx@fo>-olhvO}Zf*TsgU z{oZU#3ApFq!qfY|N_!9O<0RIdcjf&bpZ^s8`c(c+(BIa)zrOwF*Z*yhS|7`&5AXh3 z#02C!uDoA`Qh~{{jASsm14%a6Xsq|AEte{d#XQ-;&d^L5PtkIgcxE9>CHMr zQddc1sXk?JM3%5mma8J6KD`g`8bfX9DWuOIKNhJzWv>{FmJCKm3`PxAbW~tTM}PVJ zJWV^DIm8biKYsYPk&xCz)p|A*TjvY|n$rJNK0ZCaeaZsmY6nR66 zixL}-pf$VciLvyX-PDIhBD$eOUnS+K)JWFzWFPP+?DOZ9$%gBb4g2#VGVG3dxe#^J zyo~AFdD#(zixv;W;G)E4UU0F1a1#T(nX4avY?k-k&pN+vKC|OUtK|jwHgSM-FcnJt&ML3XIw;9 zg#6*xr>k6etMH2IS14T;zKPOC4{vr;XGC^PYzR%zJ~-9i>?h9<+6OJx^JNv$Jyt0+ zg8i!Mmx%x6{pY`wkKwsY7&@yrm&jky@GcHlGJqQhUWq`x6oL9k1nPx?vR`1IE2(vu z4!9B;SAuZmLVygsLgT`{Nal+a9QE``3bl`(f@`^CC#tb6-#%>c)OTxcF(+zoQvB=H z6!%^c5KT z5?nvOA2#+gn@q&=12mj3gxGc+v4hNXV+h-7;-^rzO``aT&)^%eBebtM4eYuNYzq!z zuePy`Ahja&<{-Tb5$u~-Tx%OQC}2A`8w%LXoY-M*!|u1igSEo^a!C*Ur(gecL;O(x zDGpIsB?yh|lT%w|`b5u!vYhAsb!zh>&Ig(CHN6e<*{x4tdqsO{JT5_y;&WM7977)a zWb~y7)oC+T;^=7fj{I7HZK+;7F8Y@>-D4NFNE>R$K2kJWYDe4iwv_0GHOZezTplaJ z9^59|M07*pzB*7R;5lt@-Yfw%lBHQGrnY&U%m;0jr_qeIhQ;@m8i#pb75-y+9vm=c zl`2k^(XaCiXVPb~XELv4FW)ysL*LpS-u^Od^xL-WOx$wJu)UYf<1`pIH95m}LtVEE zSnPH`^`flS4a_k7qRd!#kvABJ)CK&}3({KhOABEmfdL!R*~QOa?nA1$_Vh7Qg-p#r z%|D&d?2R4GfK=3N%-Bp>s5eMOJ2g4OwnN?B*+M%bRf_s`19OI3lvyHm$Q$7MOQa5@ z-db|UNJUy9_4RF9{<(>tY01N{UGm_{l84`W$-}}BSt5l7(TVnbQ;MxRPmxul=!L9aHtbQ z4B0dN4(S8+_Bt_*q)WZvs1l64AhsLSC2K60XqGRwy0g5@1-s@Uj6MS1(u(TXNtUQg_L7FtvSx zHIWLco(3cDQ}|cG^uJ!302@9>yCTt<_$mAt{$r@&_p$=@UeCRhObMTm&Myi)Ol^HD zU<*L{OlASdTmfX33c&#AUnd&-7M)rmP_QkapZ4sk18sEc=TravY2xK?h3-}BQ;%du z|8?rbw;A-)J)F=9aLo;?PJV)Qza#`_(Jy_aUt0RLDDWVf>eIkmw4H&*NA%0-`QzvE zyA(dj`MOOFLw| zl-|9083EnTLDJqHseGGhKNH=W_cvRnl3w+Jw@tt--(-7sAmAhfXVF=IrL*FvS{8UX z)3BSE_kP=+_6^0@7~`2~Zj9-;F(%oY(XugyodGX^^O+Z-im!+&7E#43QN@cjmd%;% z0+PJ~$qFR9?&j;wn$7Oa3mo$m9JAn<{kmtvHWl`8JO=BvKnAtDsoGOKUO?%*OXu~|M=0dEVcrX_<(mt+N@Ok@1BVA)BxNeifJ`1vCcx zWyO(avP)yv2I?tC(v^SF3PMBD|v5LYkpheuopcuKD=JI zFot;E<*$ch2h9+3b|rIda+32QE6{3_d)e^fCoF!!rsyVbXmt^Yay$UO;bUC6fseuH zTdvA6RCSrZIIwUYf-UaH@k^>c95;=x7lTvRvG8^E7oL1NW49-V|N8mYcLmP}u}mHK z6v?^gVW0diOBedhxG3m0>TaSw{rnt$e)}&U-V4aqyPx0wmk)oDFfiz;7;po4+Id} zp&2Ou(#ldRYXp{Fjm~tpp>Cto&1q;`ubhCkt9tI2R@|P}Vn??DlZG`#RROwlxUC?F57go z5(NIu639#f;`m(wY8h@k)U~KGHgR11=e=&ez8GSM^z+3ew9YQbsm|PV+56tg1=s04 zu3Lq${XBi`bKNRd?Kao(hU>;4psx-D)IAVT&q=oe0rg%W;9 zG5O1>(7#ReG>K?EiRg}F(@<<0hK=ybK)yZb-L?<6<`tOb{Kj|c2Wp+ja4mUZC($=q zKjDD-S5NaBmT70M8abOY@P?d+qX%G`=XXWvdx?4|Jk$On7^;8ijRROUAMqSZqBbmp zJ-8NobnSwSM`!!{^6$?gXFolcUq3Z!p2JNh;6t&A0LP+lmh?6i-BR4x!U$Oa>?vQ* zZ~r;`+9N3sl%^k=O}524!VpY1>wT**D{~Ym*}eMasK7%P?Nb-&pobUn_~ZA78!qEK~F z*e9jMO!eSigo{uH2}YpN{l5;6;=RO`tfL;OwMyHlM`(LQOfOmES& zZQv}oI%3_Os1<0k5D_)jf zTQX-esb9K3di?a z*C{Hk@IC@nuaDY46K$AbF)q6BG>d$ToPW^AKj`B= zILB+x>&pe}22l+&%{^X#XB^Er3o_zsWVD5KgMP;17YJSl25ksO5b^?wITL;@sSGWi zNv~;S=)2woDPW_DLuV=NQpFD2OjJP!RIv}|fVyO7a1dm$91*(7;XH0I78vL`3qnv= z31I{479kA9*Q)B45Y(0s(7lKd(0w%_NQ-BJ4IxP1*DB<&jT;F8jv^KO-URN&K1{X; zzfTAUaCYK-CS#fVwt*2Z6(mD!!*>=TtI&vJ;c;z?b5m?=b~t|rff08Fh9uu9D%OT- z)$C-dnaMVeu)Xu?(2kZb3yv=G(Ojh4M^AyRPiHi~bo%Ea$ zqh+t1Z<;+vx_geg-x*h44SmK5<#Gk*L;u=b8PcuX)Xm(aR)#lfemPoStFTD#CO7I< z#I{fGG}O+)`F;-0w{vi_&y2dEn7W~u);)%Pi3#*uOn^5=Y2AHqy8GVr#wgvLKG3~B zVz~Zh=j*83RB4fR^L*W8Q(jFZHQs6Gi0yEWcuRRaki{P5bvx}Vp{_0E`A&Imhw|)( z@@%KPe!v>-mSW^ehUw1LEzvBp7If3U`jI|bpV=d5+n;43wKl#Dob7?YhK;vx`x0}J zv_6G3XD^NmUL+3Y+^6^N<(7z^H$lmR-t*&+*Ye|NCf*o?w_4D!SK1iT=1mgZGzeb~ zb=Ne!gQQpYVeShI$AnXe)MWZ44DZXo-9%UTl+@agHyh$^+wQ))-Pc!1>Y}N&k#A|< zyGEN~2ljQ^91dV!QtS=lj5kIdCL8&MF??(P8w|Z08^yvHPPdKWmjm86i|^oSheY=f z_(eu@UeU^saGO{LybTKS*3f>Zmi|rJzDB7#X8J2y{tHR9JHWbO_Le307Hzj`-(32J zusmW3m&Y$>x5U0}?diz0C7^b8yr(;1Q?QJJ>2b zttmS^-A~wZ6m=y=o+g%(qmS1)>g$?)5j%yaH%mfl%yb`qmWK=_PJhwoP1e2Z)~4D< zQCMb;tLQrM2425+cVDvNu4`^ibIxby+B&?>J>6x&UsKV1K>99Hnu^~?3E#ZQU19LF zGCaPhU&C7q7afz-m-TEo%(mxb(Ho*>Hoomm9va zH($g9w-4X`FTex#m- zdj$aK;cck}K@N{i-A9mSI8DEFe(C9S?Se1tb&ucIw|_T7jE&vA8(`x#)L+H|1G|1t z+8=s$Cb#u8UR*Re-nTH2x%&oWZf=sfxk2VTVrU|B^UEFV0C&m%@ihL5vW9r6`zQ;C zxTPhs;e}CE-=h5&Q1+#T^Hvm=80)`~vcJmIc@Jg7PGHu~MF`_ncRdvAYbhIVQa0Y8 z>}wHT%W^xH-%OMZzg(a6OLTr+*v5Af|6)Y`zJmYoT-DO4c;l9O+Yeu1FM;167Q(ey z2sfu(kA-lDu@KN>Az&Q~K`j+@By|Xmx@GI3K>g2lzOiMFVFx`(V4j zo%=yBriV3c?jAAUAPCfXi6H1v8$D=aJsCn0Ea$=3k78Yh9}K8+^?dI{4yNL zZGPL~B7!*q)p(?KPJr=+ft^0#df&PfTu0BK=^_rz!~A&}a3aqD?+2XN z@krbdaN^eiConANEneeN#7&3nx-@N~$#==*2f-wVc;BuUGGY7aojw~rz5kG|tXHEr zdcD{C7el$ap3lqadZW1l(iM zj>eDf+vR#p6EA^WyY?`Du2&JBmu;TcZC)?jJgnSu+mc+QxPG&R_7Y*dnyK}TdoLGh zn^m0KGR~$K*<3flb}5JD=ERE?g6){Gd7DD_W5~K6L)J?n2~FAPLK4nr-4DR)egIy> z>0iWS+eN9iXRRNWzh57Tc}-{2pR${RooH^)sKqJt>6yHefB4IvHw>rwto@+f-JtYk z!`k(R-|I9!*X}lSKTOf2V~#g!u5|Km(#$w7 z_N5if?nLhNM9_NihT>H!xH_&Io!byY>Tj56-!F~20{;7;_|1xco$&8)OO#%uitB2r z#Vz@Dlo-2jVy)xAS2rQ_ixB!f2&)??_LUVHl(0iZg)X0k^6Phg-YoN0`iUr1YWob( zfqnw>%~Rj7j>i4FG#~${#?6+X7G=*VMLr3M$LQh;o#t(yDKyOz~py@%vx}SgPPk*(C zIG|q$Gz7;BZ?w*gXkY82U9;{^-pfC zBkVo#_H)~xPdj{l#}1#m&dyzB=Sz*fAFjZDy5cC(AG;cjJCXi}aoe;T%sp=38zVLS zk(X(kE4-*7pZc{RWcs60wVmxR%b2x#DXH7z)uWATufXSYBS3Jx52&etq3o0xU|h9c zN|BpN#rOdCVW3cL*0yq7{kmEG9ta&(e|`G&^jz|_K)s>-0ZKCxlg+zn!0}w&Uppr|8f)BK}Yu7 z0c*~=9M@q(JG#|K5xcm%m&&f7@QT-dRdN+PxS*eVLfwWwENk5tWcPjBKbV`RP0EDg z7xs5;-Cs6+pP7HB$17*UwyoVh-*7^F|NdTc=3Jx83qSS6(2g9|U&&_MK#n`O{AE(+ zs*HJkJdz7f_ZnTBw-pz8cl*A-K%ifD7~Z$?zkb=O^m=bydl6r{mDf$4fw-5vCB$Yn zTkb(V;6isl7k+*3zMSU{iD<)f?*BJD=dbacU%!K~!*l){@!TZGud~|Ph`q~U*9Gdh z!yK_dC4~Dv%p?24}9w3Ez!P9?{Q+-TXx;nEiS#8>GeGm$`<1pIL1K#cX?IY<@=DP8>8mD)wzS z$lb$1?luQq6OR)IxnEwwa(LGo_78^n2gCe>VP=N8Nj$e~zZV<6W;mJ3-50uX;0T;e zt5Uf4{=i#vAG~|!^&Xq^T{F9k6}d9UeTcU>Xur%bsww(szD|3PhIdWV?t@PMn5Mtm zG+jghzUWz+H_zoS>t|`Gd9LYn7(~6tVil^c@JgD@a2iNsb z)HIiyX)ZT&6fU@z+G8VE;e@M_KmI6hbcpx*%~8e-rF}rZGalA=#*Z)NtdiPIW^cX) zkma@Whc9Mbys9GJ#Jv}@xV@Og&8-TDFJ^IjF^lIHvt|-#FJ@7Dj)mHbS#<7h`~G6q zT(7;DMeW5b8XgsTb@mrz1L~nYP_u}zo<3l{l?$a6fXn*$OTQ8fdcEP|HlP*N0r&U6 z+LdLhU0F6nD9mqb4Q=UlZPQ-?lk3TL9;sTrIyH*`u&?)Dud}L_a)(x3g$3 z-hbLz?e75auy{jsB8Bp63D46|ZpoQ`@#LG`)cF~m{tnJ2l5PkV5}tmupFBh8$4*|) zV_sGfQL#$l5$so0U!rF`g!W(l{B-qouN!4ASZO$M5S~B0eR}^K{`&TxU;j5*QvPYm zNNRJkhMVfkO_AYEV0r6PJDbrIqjuf=;?b~mMB8vtscY}YEi(L0njJ$q*V+)yNt+u= zp^-$>OSg}Lio(;1tQW0CdM5^;g~HU)sE*L61dVNCcr!87CZ?-iwC$G!lyVCbJ!{Zc>@FsLh{iP|v0ReR zvf!*0z`4H{*i-a|o>~Mh^i!aqHuSW73Uohxp0R%Au)G%9SI7+(_8vIiKo)YqaZ0w0 zF0vNw?$gYw<{0R_JMC}25u7EZY+efde`Zd(LI^#m)wHN{)1uDJT0XU-ul?lf!NFJ4 z!eY%77CXJp7lyU14_s~N;%EwBfwNWl_J-y(;(pKhB5f1-3r(wle%Cpe)l+zJVAS5n zl`O>ZCE{UAG(~sMS*Ugr+fCu~yLWTYd5=(c>o(eBt;6}gsqjX{Z?}gJmx=GE&x>zo z@6B<*{^~cJ`>|G7&nNc7#rf0aiU z$1fbF_9ywhy(k#hlDsirh|+fZu{4omqkSnd|48#l7DIv6SQdj>W#Hy%yy^A<)a&7Z zq>ST%;he)ylCZr_7WMvs!q9;}yxkFnp)Y-W2W8~g1j1_Y7mq)LUJ_u1$=B2P`V}O& zyi01XA?Yn)Xlyuo@slL)Uk-xfrFV1Y)W?g`t1@Hnwv`q)(=8KVuCk9B>D@QMi9Nu{ z5Fn~aC0!?Rfvxa(2ZaA;+@XzP~B>% zI~cjdLqAu7{Ywb$aB%we;P_q=AB3VAzx0cUdco~`gX6haADo__9RKC|B`dq*cC#!v z8n>NA%Ik&bS~qw@0_n?_QO&nlPFj)zE#o(9JIDm(z3G1*^6TzPw)o_pX;%sVVDY z(?;}<`Pb{858kgH2d&O_Zfi4{ZYs&DlnVEmR{<$vhPuat-ZCkBZ;}OkjY}wRiAV?_ve3ZPWtm5 zlRlC78l9V|Xqv+!@t*mYedr%L%N>#degzpE_JR(_HC9{>s-l#=8Vk4G&%(@VAfjv7G6TmiG1aB~;XIp_DIYHHagY*?%Y9o1&6_p3@@j4A z216}KU*OW-G3D~m)|y=w&{`YNXMJ?g^Ia2bgqjwB-^?I-3r!rKCVRm=!>dSx=O!nx z$qBreb+a7$uBBni^?J?q2MB6QC%{!y!n71D<6Lx?*ZXoGF8O{-5U^l)?q6`p@OniP z-54<;=6PWsSQ&0`!cTwHz8VXo<>8$^fLsqIp7w+6dipDrQI8mzg{ zV3$kNR^wdgsBq8Xb1{o!h*5`mkNUYc&v)vY_#Ji4D@w*PVT@dh+uL|nTBk&i9B(luz8-EX{P?-7X5-r9smr-}2=6`}v~j8N zEg}tD!$bXVyU*EK?{3lFqKkYyT7JoBw=2xoY>N6)f()VoF#V=HosoKGgxnk4d!5Y`>;%w^=yhVw~KUrz>;oH+dcp=$EGhcX4;(Z_-lsl z&nsbW&r|^zSOWkWB0D=x;cHUDSQc z1`bET->9=+0H+6Zs&+BY{$cm(=jSF}s7aU26W*ptG}9!SxnKOu>eW*nHYL-*z`b4# za#q3os5%`8s4+%k*x%URD0J@&xP=AyQUEPj`H*tVjzFMmMFzcVyGvQMwF6|CEwy*< z;yji+PwgS}-Ej@)7Dn}R55;{xc8ILqVF)r;h}UNV$Lj-M$>D;217UX_A>5dW3-#^= z0{T8-KA~b#hqXGgH8O zfqA$}+!bm&>haDAv$aCq>?pe@%+_wC>FfA}**X^K{<9)#|E!35$?2Pyf_>p}mRqoP zPO+h6monhIIQX%W8!N-e+D!8BI(&Nm_&Gg){uti9U6*SHl*1zH z(C*^_>_&Ls7{KAlmFXRZ^ZF9yp4$1tKP;rnaQ67eAICz=#0_W(i&cGfJIHz1qxjuW z=Qn%&^VGwn?}Rc(V{V@}*`*8#8vjp!`ta%b|NQXp6Jn1-WMwT8O-0YU|MvS~VO3}= z%eoK8;*o~MY}1E5!hCM(#kO=0g6{EBEz-gRqYo!({=JY+ccfvu!~)A^~aF`n*KWEr`8>atBT{*&x`;J51hrQH5cx8#-*FRvf>Ktevd?5B=DfW-lHEL2y zHz}pprx>AWsMs`AJnPk!9UHOO9-C^$Aec@a?W}EXXJr_A?e=v}(*|L>WHxKb3`@zp zibh#U`hEp}zky$O93Bs8W#76}kjr-CB_!s~I}fm&-MzBb9mra@5471zHY5J~j_eNc zI83Xb$C8_o^iVwR)HpQosH2|kntTpRuY$(5biKjFteW3h6dOEH(u_`u*;8!7ic>f%p-cMIhj6U~uIo_7zsod~}Nq+kDuOFTUV+hYz z7`zJd0$urS+|KvS_8PFARE{~t4YN3SV&Ck+csN}Q_S5J1{4u2Gw|_2wTVC<=v;jTr zvzC6g#ehcd$h_y@)RYsJPuphYaw_0`fZ@aQpUOwc9$>y+45dv@D?;NgaFaul3c50bz+lL#n?PhgUw+{mE=>V4ozgwaE*LytB zVDm_a&+q^3WB7Go0z3A)yRSEUXZKr|Z|&nWx`7t7KE&ky%PR0{w0U78)~6Oy^|UUv zirxwDK79D|=U*3WG8!9}BL`Ts*>Ij?B#_BousEu|I{RGTRFS_+Yk2tZ>%zq`=Y-Gi zKbDaG6yiJiH3fKl`1MVFz3A_UUk5T6V2nu@mcjX&l=q+Cy_=Jp;MuXu9ce|~F1L=R zYWmUTda`%@MYDRegL3BseehNIYj`&bF>%#}U!OltBCQ7$4UVegVzYzw53Mb@T)+Bc z_3JR2Ic&#-dVxl@x^4!qAmP$zqNc95fYkPLG;oXq>CsB=%`&wO&Hdq`J=;T(_AFRK zR40x1y@^?3dC|-IqM$RZf8uXTL3oB`!h9iGKS14%L=Tr%Nx2^fW#Ep2zrVNOf4H|` ze){XZMgQ_4-z+*^miPO9qn_wXr&A&#R7A@9q;iPJRkLQLqrr;G{0`Kke{_%b(LCx$ zexyfyghzGaQZ-mKky6nnTBiYnbvBYC%f(AQfSrn%O(4gW46sQN5|tFtVx)wHlo~4X zBhVw@rfT#mTVt)kWId5jk+O5q8%VY!fT611t*V?=#U+oy)L_U}&>lkpW>u8QcBpEl zs(plY)uMGungH3WN{(_ZS{1~qtB)nRp{m=h>H`H-z~}-brbIfVl!=li7gR}771dbP zJc3_TwGj=~3WOzDLq2fefXbGH9D^=HRoJbXO4Psr5whW+lB1XnXbPG`EjkWWu~l96 zmtsJxjY6+%3V>Xz1D}FPI;IL^P1>vJb?`RCTBG+>Yp(&K3IPq~8cQCKguGW1F?!D- z+Kd`QQ6>e91yk0(uuplYsrPC|tmLT{bXsRulk=uP%*EPZ1ZP7{vsbhDtfOH|&PA&< zI5N>BbcvYJ`+*wJ?$xv@cvliRRf=NErWguJ8KoU)qOqpis|iV^tdlacn7#RNuW$HC@QUGRym)d7pqM`EES1?;1@Rr$ouxteOwNm(okAk(2(NLG98 ztTn8(EitJmVgjt^oTImcSRgz(V=I`yKs(wn!U9E|$<*XFD z;tG=Iq)2PyaDrwzJJd{$H4!EgqYcIZ>1-`l&l5CNOw9>{i8i7R(M7CAG zPo#Dots*MXCOGr=yf=`H3F+M3MwNg&8WH!osqbO0;%4W!c zW0{~;8#x+?$putKSInU*Pn@;$nqp|sQlP@sdT>?|<;>9rWfCW=i7HRflCL?b;)05n zl}gT5MK+@<%m6vfc;if=M3qe;8!2bBTxw$Lsx$aq@K%|Nsjjk%!I|un4TX|nU9v}y zYJ!%%&n}>?2~lw&@{}-DHa2OWQ=8LN3ZPAd9Ic6kGJBP)N?fbf4$A~hsFFM=53+Oy zOdK>qfSO5b8W%9qCuKDzZM|}2u|P7}$Hc|}8pXj6Bh~z<=~3gOhDWU)**~&-Wc$eG zk@X|GDVI>NMwP0MkZWNaM|4t}7>ov|OtmJGr{bKkE;$2+Mv+E*icyn_$$OVE zQb`J9q{5U!tXa7_^-UH#48lJewIZc77|@}ZVp(%&v~5#L#wJXli?$ZP2h7fq4?$yb zZKU5;!a#ARM5cS5z$L$dRI00|gzb%a)x^Ap~QbF{H1kSgZ}} z%35it)k5}8r@|>G8*6lWSf;cQ9m6Cf7qk!PA>;}w1~yJv1v(8PM%xo9T?3$uQ?x}k z#YL}@alSahm?vmaCfH;y#u%4!Wo2w;Fe%CSYo4IRWU(ZzV|570*8rZNFc&8r6~;#0 zDI4@;Ys8o|IFH2yTYzGwVxk(SLHm=>l*uIwB63ZQkboWgswSLv^tr@JR>cWgj+)t_6)B~2s=8V>iIP&}(B?8hE2J5eajGW5syIZ^V?*K?va*gR zXw1=2^+Is9dL^RE*%~wy#}K@ppt;3%dVLJC_!Q-|W9OB3oP9NQf`%?s^sZKB?KG5_vvr26CpHPrY6``3(G72r*j16K-j)y`lDAMi*AlHI9>~(rqrpc5`$E>JLm{iRD+DE{B>geac1w zu>x=$+@LI0OIqiwONqJ9xF=^TIoXs3b}oR)=!k77CF|-#qaW*i$;E09Ix#{mQAB-K zjF?Hc8K;nq^SY>FY}N*S4pgLy&0d>{JR&$%X7Gm*TRM)f{pt1AdJ?ajvEKRDBAB8ns1_5NxLEHL7uSG47PL)j1hQ zB}1~J41tQ8eXgM-Uuc2`9*e6LIYzM;L~kAGWJ^JgE{=33hL9*)p$G3Gu=g$&$U^gB)J%;#fj7nYEE}j8il>;9Gug$O9XbVef)>a` z~KPHK>|BBvUPG)B5H_=d9LdPK6<9(IIPvWK=3Cw2@|nXhAce35F8YPc5I9)lCi4k=I z3|vZxF>~R8EbSmWohIuKhxB(W!H=BR=*wT@yD+!q1| z#2THUOaMA%kIIW!iaKW>Ra6rmEY_%#s~A18N|}t6ofA71im~HPTJYc?W?gIc3dj^w zNg;|Z5^O5o40B}7iHR&3(IbktY_s-Wh$ve0HX1t$EO+w8h;(7*N}OGCF;#6br=W~6 z*yf0nRVpNgm`%0HL9`f{Dkt^|i=FyrBKj0`&eep9m2)zcpr(=y8aHYu#-1owkIJQ# zvJXm3YJk=|M`W;?QEN8t8%r4FpkO5h2#J%dq!d)}6bou=QC~6rrRZFY1)R3lu`yLy ziel07sz7yg&Gc6t`;x7X#urj-Rra2g=AuQn9%sv*O7_H&vo5uy!ip$p)P{`{^)e1E zSa(W}Qq=4WIjy|YF*~$ioDCqh$=IOD<|BJuN=*n}VRgxBtz4`cQ?e5@DqxJxE(dwF zjGS?z``e;W6Qw-Nz4a#y&QWxsctb|zkP*FCo-K+AAq;$bO z6~R$*)%av8LMmc(Oi^r@8q)-=I0Y5JaH*Mr909tLMPsfa^uq+rJ27K$P{#RMib(@r zQ_UgNlGO|?V!~Ptnp^-qx#Vn$-nf{n9)*SA4P6GEv#FF_$$-fahEPI@h8)p%!JBoI zviIOALCKtJCXOmvDpWj=Y;XN3Lcow+)h5?OVysG*QgKRlsde0;J9SDva|PpTB(RW+ z@yakJKq>#hegiuVja%kEqmI3l19~MGFR}XS zwP+rVeiZBERB)VXkwqSu5@0Dh8XMd=1fgxHIVcYfjS!|%z_pSX>q7~|v5oYbN|-FH zUmb~Rz^F2&q>CPQ+$74B&};z#h?*?0bs}(6B)7p z=U69bS_M}`h4T?9CALr^BN?3xCLbC!F@w1XrqqxP1z;7d>~9L8AiF_JVkryYt2frO z4^g3FsEU>L#d@5eRg7B2R0?~g92x6NEEsLnNt4z%L9>Wd2to;nPL=At4#p-nvBVsW zpP*?ORORHd_BK{&Cr9gRh)VFTCup%)U1QW%HqbEzCx-BBWKu2F$umZ$q>W)CrrR1) zEm4^oLydq0No`D8Ozl`~Sx32lmCDr;?Z6w0r} z4O&gg`%Fs3kfS#dYy{;?6jxye|6TBgp_o85xSUe7KI=jrYedZ{U>Z#=j!)zhsvzsW zjT*A|hHOPPh()PFb%F-u$v|On5V$A^p)e@rxi~P@xCxpGvVGK9>xjwaXgPs`8cNkV zhS89ZbP|!}5h02xta#Ru0nk8H#!wywlIKTHj~*XAJbLx${G)S^&OSQx=yrXE;^ryE zatzhDP|3Rr1V!giBO2g|HD3mlZE%Xj;e}cSpjgS(T1EpLD_u z6|$`cNLQ<(tPkjtV?*9*2otnQXhSU)DjCl?m|TKS)*_IwZJQI>0c8mba12S65VXn4 zSdWTrwb1&;#^+>{HJMxqvAP_=bjYf5RGg#idVhE5 zf+kYlD`z2Ks)4h0IZ_6YbuIeIdA&RHSjA+)vbZT#qpuo@5_f-AkX#(t%23aK02J8kNJStI4BL*6R}(Su~YOm6Z5{S(~iM z=IC>#IBKD&PhuPZlI60v0w7*^;H)SWTcCsn&1D4`v*&Dy3!|?#q#S%O*%=ts1JoxY zTU78)7Yr%~#iC+HU9y;|%{W(HpK>5w1C?61rr^=$Od*hGvD;zQ6SNB6daN9c(~PLI zcgc7(+8OjUxdyG8ibxd1zfwfA)IsHB0IIdgO|b!|Xqm7U?F~_ISS(RRPr0)7&gw8h zOHf3}x-1VYlM%<0VsEwB8_6k{ph3n^6^mh4!b1X@SQARL2y>`Ww>i}gYS1}wfvmFl z)3tZmYB}f}qy0X33!ubYu60h{MPE!2igRMU^tt2B+Te-6PzhDg%PLubWE_eXGn#2o zpR{pG8IaW@xS~@Ls|#v?T6D6ZL1UYoqQIb`8eL6D+Q*tR5d{@}8)+b4h^qyqfn;;6 zv`i@IM2e>kh&L}4t*pdw%M4seq_wM@v{)ytbr$2qnlA$ipp6PDB@x+TQdJ35_O6JD zGAW+Mt$mHzCJm%avaD(;5DX@zY@q5Vv2aSjiEGrcTE?VfFwP=TRAPO`+MvaxO3AKP z%~VB;N64N6WltDXY1CI!Ql^?*Ggd|_QAJi+738YSWL^+@5r-mq>!M*NF{N0EoC7CD zVmFdJ>XS?0YD~U*gea@F<3OZ+(6W^;s!0@84HAogP@4iSs8mW89h96i&VLt)LK&m2 zY&_(UB8bn5N|0zPUuuhR+6~_c-ivui$yPyd;xQL(opnB?l=PMGoxoy!cB+W&iLJ>| z2s)uvDx-su8|_KV_u@fQvR?|W+7Q7BHB;)+)(RA0DqbV*c;37VLdQ#DRONU{vD zwgFudxG|*BL4)=L)&mP6=}ZVwLa9{5%)u4$)Z__Tg`y!Nm=c^bgfXTZlA}-zq$XkQ z35zuWwDoK>i2h_Ca15$2$!^X}&=_inMgrbUQOQ(K-Vr1%Y-?lSHqz{av5~NPhgntS zi`JTr8v%qPd)x?XR8GBED3c|JRBX~(+YH9U8i7pC3F4#?+mqPdqE~20Y=x-|T2msY ztx76sXmd&>0D#sKNM(#owFGUPHo>}p=KJ6+qr~AEMZP+x#K9VE6zLB|LbDpZ2~t^X z9}-TJt6?Kv_Yz%JF;nUz6<1~yt=KDBEh`ua|FMJf)Qt8xZ%-lSz_LPGvAtKP3~QH* zmE|)!-JofRDRH(EmyklqiA!;$(AAJN;wZ1(3q@<7l9{MRPH3u^fd@^jY$~Cc(Km_q zg+R5>Ue)3-vR9ULiJA*L0}>C4*k%|F*sNm(A3XRX9PD)z3rR+=Ya4fwwXj;}3`eUN z8IuDOxgdHmu}#oa$T^r)lqLs$u%3u_M4|?xaa{&5#TcrNL4;%Rvfx$&R!hueN!&Oi zh(9O#3^rzn6vU-!Yq4TS)-k{YEky(^Cfur`#tfz)bJk)_431TkC_Y=0q75kSdq8wp zLN2I?!R4&ocabO#86-?dJ12H0jhe(Sl9fxgOpdz!(8nsKY@eNH&fZ%UOEgH)N+hgz zqi5zI^f8L8F_0)HG$Mm4u`a=gSKUr~K!1{aC1HCKE|xeZlDIbOvXDMayIp^Z#fj%J z1SAO)O4SlqSqunrRFj_QPlVuQ3lNc=1P+FxohHLBR#jce6EtlwdlNM|OtDlSbTZLZ zOEqOc+xq57jQ`aqD8d^yyTlqxwT7##@)I=FHMjt*V=gS_2$eGzai%0pJVp$7e=;sm zOx`4l3eg*FLPVP++%-p1ZKTY45MbHYq9_|DUba${B@nl8gXY+aRh9@NDQ%-c32o(| zD`js+brSt4Cl#Vc>ubuKgHuUdKb5gKE-;F9?@!V#VWm_pmRMC}N6LUNUaQR0vg}1f z6t7Z2t67n;=!?zBm~*5Mu;DFRgC@o-@j(WZ7f+2PZIX{J!|2EU=6IvxLlL?FS=qGL z=ygzH9?vmM!RbOFB!(W7RrHFzVzC^M%Zh?gc{0hPmoQ^ll(C$p=`BPBLxEq zTpTQlvG_v4CS6?dW55^s7Xpn)IZMp3*gI5(%m6OPmO(VM&=`#=C1jNWRCLCsWW46Y zQHfuLIdwD!L*iZ`D?UaOi^`UR<(w!(brUoUwX$piD~ANu1Y-hnstKZXW?XAU2ry#E z)hZQp(ZHopC2O$;A-0)9f51 zC$YAwD6egsVgT}0LX|-rH(HAW(b@{0ON^Y&cM&Nm+bpgktrdHdi%+SBV2UW6WX5o- zgShc1F76P)su)!oR>E3rAjp7W#L<4-xbt9T*ON>Vk)x8$#1gmbYKk%Bkx1d>Gjd>N zABtDPyD6gfH7oJS7CZJ0PPK@&hg~%goOjCU=*bp}S?4lE5DPd?Vy&+xnT!&ls~viW zAt!Na7ZWFNvI!b&GXaZshHPR@0lhe#XmZL5xQJwjz(bh=&SX*v5=#oQ^$z2TNO01T zLS%_NGeU`Ih|$MVbJgVCh^C=;TKj|{IMF>#GNE!X&KZqLDLXPa!6`Tk*&(8Lpdl8e zfon!km~&QRoP&TP6eoeK%pgor(0av+$!8lJgej{3l$5hZ1&Yovp#*@a=zWH0A_hGj zv{7)vj1`Rz*@)$1&B(|@15*2#MYsr_L-7%)&|tpOJq2> zR3~uCAfZXhipED4l^m0DSV`DG`;NQhmG-)L;}AtTagJ*h)v89zg&N%j1IkocP7~P8$6cBReQmc(c!f51#n6}Ar;EqUR zDo8L;&{Yb@z|~_+%866nm^RHoEP*9X%pyUhS`u-B1QG(yX|z}kMCfc5ea9miuPBL6 zGaKThFpJ*Zs3u4DjO=pJ&IYk}2Sp_~Lt+K49bEAiix?IibHHfCjIYHyQvmAd>G=-g z1)_)HC{2m%odn{fGDIW!>_JbmR6l~^M^JRq-s>y^(*kG9)z(TxGB9jgX~y zwKx`GYzdLC7kG-|`3W%yH+qR+F0$-{XMn^mU6fCvpn|lajna%>du5Fu9GfPqJv^!8 zoQe{lqtW^tqw|#tB=MAEw6qY2(_ zf{bX;F<2=sY)Y&~Ibry54kcb{TTczqyX=ibs8_Pd+R7>!7GfAJCwuj>g=h+Z(#i$0 z*13#2Ih5l}M5Fx%#OEU(Bk|RXryphgfRw>{S8Aw`aw#5z3sp-{4o~uoFWYmjNQ7MR zF^a{DO_VKFtl4@dPvhE7vIiE6r$}b;R7s2gUci#D2MaN%D$zMH*g(;1D5T`*lpXnl z++DDg9DWT3qaZ?DbP_osK{Mjp2EePZ1{F~7MoXgG@E9bUEL5jKBF|rv9 z47?@&*i@lf1wJCwp*ia-dRrh)yd~q7wOf{lAoeQpak8;&N4GhFoI4!XRf9uWP;%sp zSW9FNWAU;GJ65Q4z$plO7>CFmIT|TDBkKW8u?7-HUu|VM$2gkaT3J14&K4y$TvRZl zsTQ#~csT^1#ML7u3|EO3Gzy}4C}z4is9!O% zsR2v?38kqnX3`iy49+o(=XnPF9MorPeXLHjrD9l%5!rGmrN}`l%+uun_y`Uj!3iAy z2-ZDLj1aMG@R1jmoy=oE97<1;R}m?0NU zI#?J8yf_s`9|(B&!LzKceDCRP=}nA5p<0Ds_Pi z@#y>DL)I$z3OXs}D*TV;&NNwW8`;ADYZYDsa!%|3+rYU0CA>I9NtPvbhpc{Aal_$I zw?%?U6bCT#2M2(-hsEtcDF44IB+VL~%sf+e5dv!sX z#^!|ZXKHA@;xtzKu;Y&!lhHysH}X@-d)dlP#%jI3HNJRXe$erq-H=TVGxS%Tjam!G zUNvf-cikB8>JK_TZSu+ko%tSxAy?Y9MlI0Ua)1B+@p0$B2>oRB;3JqOt5k)c@x-os z%$u5KYRrhEHm3ZrSax-ts-AI zX0DAn@4Rp{X8+ijO5u5+mCVg*XzngH%Z4gy7JI8^=^fX{#)6M`_w2*bs$0v^P6A!~ z$#k#u7YpBDr2LV9(5;bsk`#5;DOsV0;=;LU));@W-T_5p3zh_D69}6nSJ^}I!G>Yq-RYr6(&@^%)iTQU>{>OrX4yXq7m#3JWN){&%dTxuJ ze(Wz+YOLjt&Q$4JD3xRe9n@G4)FuH9qV%Fy7^?9KTx-0HpIUHsNLy%AQCUg!7Qbk| z24z8cW)U<5u{znwDp~vL!f_vQT3-buh(5>EJ@@EmnV_(~myvp$s~xfOI)`ZDL$2xp zw*;J+vX*$KEw$b{sS$d+CQ4#lprlU{R1KDwRYn=>tsOLeB>)pift76Lm}`!)d*4tm zdX4y+@^Ecz@+!INwBuoNd?pEg!vns=5>(yqxcah@+-(;zh`*oCk7d+R_Bw#Hd`Zo- zd1JFzuO^+y&SLIWdr3mS>>wl)&X;%-_83!=7_a{5XMR|1d=6W z1w!U)yiY2Efb1$#!CBHSCC-$ZgY~vke48F(tBoz6V=(eU9X;WwW{U4I&)TGQRg-$b z3g4!MzTJ00MY*U*?$P6rjHKYxy>uGmO}P0c9rTamBKM!sqdNq;F*pF@0R*moQIma} z2KshibbHotMkB?7R9eCz)HUAF6^;Lz#{J27g`+D(Bxrd!^9(DKo)UT#NEn`Z4*BKr ztVeXwrDSDGVKwULknWC;xm%`S|9O1u+1R78dtPv=xT72m^@I?>U(S%ZwVj$_V{RW^+}NZ&2nsla5ic# zyfQ#jx#RP1kB_!1Lz^ISU_)0)S-n?6Zh&dr`!TI?YU7l~$&Hg5CyrYiM>dXV9Nsvr zapL8(|rt4WGRlqYYp%&iVu(z1GUfs^4Yt%4_QfVQnE>j zCdHrglwwVaHYxItl!_Gm9W^QC1xVHrDqhrNO^dn6qL-;fdBoQg*zb-8s z`(`Gd6Y_;~tfGw@6|=YA08PZdJN`j4KjmbS&bH>RPgeot6&^oN`G|m}SexL}3iH6x zguMw{ljpOKny@rs{2e{(6~S*vwFzYty6czUjk%hW;sRX#L69Y-&9GIsZM82*$WIpY zlUOQQI_Ih@ff&jKy?hZpw{t+mK2^+U%<6m5U^LC3>6MGuT_Hs}=~o0H^tobQXU?&$ zW*-)A9HW<^GabFtHytX%pDN~FWsQv{0@;(G5)q$E`Dq$Fc4a-HpDJc7U$zd772MHj zQ6A_(EoKsLsHBK|s+iYE-LvC^1^1p<3F>vM4OmP+S8`^H~9%A3kgS>6N9M=80o zu0cbqnf$Ng6ZfpP3g8o1B6p}R(K`&i(75RxhY;3N zrJDgI6aXWNu63Sz^BbJ}{X6uN#I97T`SHyGirYl$0r<6vmZ*2v><{nKPZB$&?PJWv z>KvtvtfSTuXiH|Ld|xy6DPu>omo4@>mdEzF+{O^r4njw{5;v*(DPv#9D!zzkKf4^o zl04R4V3Ul@+s*u0V^6&D@}MQMCwV!J4r$B&^pD}EChvYuIpp@>xjl>TBGByV5=0zZm- z4%Q?;=`&{pV@-UZf3Llm=~$v5k9w*7{ToD+{G98XUZm`(S$4Hpk{un4S-~I4^@WO` z`Dx?Vx=I;)N1xf}G@8S56dk}B`rC>E`P84t89vK7^hf%TW?IPV)9}K+d*CaDi@eu5 z{Hf1D2b~cBCp@j7u0Fk@3*J(UZ}TtCL6G16#OL8@{fyXMY=c|W0nd+WUdG}#iu|4j zefo0&Fwe59E)I{>!y8n`tl$Qh{XQ4@)aQ_DYf-mHFaVAnafi{?gg2JH+yAP3`rl%J zX&-&74}rKa?bo4B(6G9Q7*!W&q|! zuCQ`r??ub*Hm0EXUW)hmr8b>0`;oQ5rR!E_NzGVi2rrhr{jW;el%y%a3xS&AzZC#k zvuTN@$S?lnT(nrzf!JrEM>|^7jO<@B89|#yhC}OLRwm>Cc=qW}AKq)lP7(_?#`Ig7m#Le<=#eLjj7*?BF{?BpHI09mT(vBzk_(zFkc1I*YwmHX*6EB66yz0RU=N8sD;sQ&TS2hkSK zwWdP1G`6NVt8w>Ly~@2W{p0VKy)xA_7Dyzb6rFI__A(aGpzHoF`r&b~JtEL`CUrm^ zw-CeSgkUG&x4l_YK0FQw-tXXx4}NGc!GReg+nHn5W$){we*E(TmIg6saITIQ?Szgj zfWNNr=X>Ia^5Jm^uU^t2Z;Hp@BX&Ir<^g=;wBGsP504``@gUzK!=4^Dpy7-rd{yMo zeJ29z{=spqWEv_oRQa5U!sP)$d(Tlr?ZzQZpKe6lkNf0McusXYok35kexZtI&yG>wmc-;l$d&NaZvE)V)Uhc6p|fZBZj zPWeY-0j&~k{yeGV9@)j%zz|u+TQ8Mf6Y<=Zkq>{?Mm-A@@owF048XJuO26ud5_JqH_Bkw*(i$J_cl9{ywT_!`?+ z_NZ$o>?)5>P&;E8Rn0#hPxM*o7lMrJr0jwLcA=XJ%>YE7#)tk zKr4*Fmca#!a(vN)e81ne0`cpta4kp>$B#3u1Af<`i{8=dKkNrj>aw8+$MfEGc^xNs zo`83}eQhoOem`Wsyl&kIBlM-U2hhM>RAuR{@BAkX_4i}Z_5nzVtPWo)TU;rC)(9Ep z-R5lN*T%A(fKr-o)ITIFSFg1*cevqQ=93lw=~z~*SGSYtx!dYrJe% z@KY3q%~~x1oIdLa+|%fdU$OFY)W)xje*{>f++&NmQ4XlR=i?DV-TQoO zfEMK{8tZ+I&wSM97@BKUKc$}9W#P`;1 z`d2&!wk6;79OgrP*_qJW5-fyZOk?X>&>QQs?S>2QoG{@5x>=^76c?w=Z9Xqd{P~Tr ztt*(Si^0eqQJ|h0f!22^IMpw?zb_he12??)(ocoC(5Ny>0mK_?hh-cl_c|A8hU;43 zWQ}9hW}MA9nz6sQl)61}^<)Jj9S)hhT89Hpxpl(l-2clM_5g?}gvwb_;9s!?w$!o@ ztUYfW{?9RR-@TC}21Dmv3UcTRwD=-IJqR2#8pvYZT;?-Z|0RwCmMAE$L=#4jry4G= zj<=!I8NV{dzy2KrcP;REw>^XkD$3t#$)MpJIW8D>ntMjrHdxdinj8_o6Rhmz4NzqoC!NZ+}nKWjFm_wTDX8$`uDv3i#X|E7>6&TJD3$qBn@s1p#JLf z{Itk_HD*7sd<(V}Tc!#ucp&kb-9utsd)@CeI|hfgkY>Tnf|>>9r#AC!=F!Z(nOiel z_b$zxo55N6-~1*=Mqia`hum^kDqwOJ;xT$dI;28xp)Rk zYnIw9rCBm`Mi8hM*v-O9qw5*Iljk|x&v@I6W53!gvsp&7^w$Elb4>3OE_f3f)Y_*h zlSt0@HCClrRoTO8Bp3vez1!V~pYw67@37{T4IfrFv~}SM zfK*z{3HE;D?Vwt`d4XY}Hpluf{RI>k=ylU90Y8GPvpIT%bZgIRf?9B#Y+mBkE2|vp zRUHju#SHX45A87CxOE7JXE|welI8^Sa%xWHWpcE@@0=BgCh8B9MFnq3Ik$G?jQ#74 z6VAC5&BHr$&T#ys-(H`23yf4RZ952g96Bcyno-3g8zX;m&d${#b8yS;hg zjw=2sWxEeO8R!I#kPx|O9p|s#2QMJHyC3*MP_9bojUE}fRTm0ucYFJ~{mi8)yoN=! zc(f;VJF14e=eoRW7iuopuQq4=27&dx>*{ddD)3^kIMH#BnfVkNU*=xQqE4wN2khkc z3^-=OnbsEU*6;ZI!}zcK^1hvaS-APtcv4OjUuIz0DdwB;!uo#xhm=!6 z?m~KuEj7mKbLlvi>)iM6xAVVgScR(v{0VCi^a1rzp&W|!_UV4+U;a5irnE7u2f@IG zVitz^5qk1Fov-u1WLWS%BSqq@SerHhi^G7HjlbvrpW{Qq$*|G^PKaP@Tc`rlY|Lg~ zzh_>w<$&f6XSH>TRIM~(ASXejOh3#&;L;VoR8=P+pe)B=5jUvg*8hI~d#z~1H_krh z#!8gZv7VRB!WS3w?fk=Pqwp5O>>Z~Z(SgYA=rgoQKV1Kw12q1|V_ z-%Bp~nqg)1BWQ4S>VnSn-k+9ms^z?YC;NXN@AwAySSs8rwHv5LWL%_!s(x$xUo;mk zwYg+-!T(z8^V2|1eJOa=&98IsoJ5O3f8M!Me^Eb#y_7PEMV`1WIyr z*7x-bQ(V>NDzBn_pS=cjAiDr41ZKlFgTJr*eI3Fo^Q^V{g5&!^?skz(d<*q87Cv4gx}ObQ)#O=yqVsa_;)z*$!2 zD^>@Z(sBIST=O+u7UTUYa8HW0IK(M?AWNXvBgIYbZ;9Uo+yIXkI#C8JKXgp6K4w`` z9}lZ~_S*=-&70f(=JPj3^Dz$~TN@q6>r^4ICxUSw)U|sd@eEotrx~cZ^Y=cYmzSz`|tFd0fJa z8CRIw0OWjggYNQ=xm4cJ?2G_nzA~B^VJia@zEb$@0q@z|qq%$Y_xG^-jTK%;K*d?# z9*XN{j+BQDv1h&Ch#t~BxOvcxIWXppIaevbh;;aYuM=Kjw!#C&#q+Lndc5PM^4b9_ z78nQSJQbE=%yDuS9e5etbz*q)uxI<3V8`Y1Zo3;Nd@l<=qCMpclGI^}ozy(BZ*3mg z95(OZ1e4SyGzoBum9k4cgZkX(YR)|6*)|4vfd@)0^;x{cI1Bcai_1uUu6M84zBbQn zj%zc$d0KNAh;}3p2l|V1%~NI{61CTXv~FAvMz8SBMh+M*aFp69E8Iu5DQqoV#s2+Xno@kSy>$G-3gOUzGy9+*;`!Z(fY; zI1Go2*xj^nEZb~DB>CB_RQJ_+yQk+p<^`+q({8owl* F0RYUd3>g3b diff --git a/creusot/tests/should_succeed/100doors.coma b/creusot/tests/should_succeed/100doors.coma index b633da86e..a240eaa52 100644 --- a/creusot/tests/should_succeed/100doors.coma +++ b/creusot/tests/should_succeed/100doors.coma @@ -15,10 +15,10 @@ module M_100doors__f [#"100doors.rs" 18 0 18 10] let%span s100doors13 = "100doors.rs" 26 29 26 30 let%span svec14 = "../../../creusot-contracts/src/std/vec.rs" 180 22 180 41 let%span svec15 = "../../../creusot-contracts/src/std/vec.rs" 181 22 181 76 - let%span siter16 = "../../../creusot-contracts/src/std/iter.rs" 101 0 213 1 + let%span siter16 = "../../../creusot-contracts/src/std/iter.rs" 97 0 205 1 let%span svec17 = "../../../creusot-contracts/src/std/vec.rs" 18 14 18 41 - let%span srange18 = "../../../creusot-contracts/src/std/iter/range.rs" 23 12 27 70 - let%span siter19 = "../../../creusot-contracts/src/std/iter.rs" 107 26 110 17 + let%span srange18 = "../../../creusot-contracts/src/std/iter/range.rs" 22 12 26 70 + let%span siter19 = "../../../creusot-contracts/src/std/iter.rs" 103 26 106 17 let%span svec20 = "../../../creusot-contracts/src/std/vec.rs" 162 27 162 46 let%span svec21 = "../../../creusot-contracts/src/std/vec.rs" 163 26 163 54 let%span svec22 = "../../../creusot-contracts/src/std/vec.rs" 152 27 152 46 @@ -27,24 +27,20 @@ module M_100doors__f [#"100doors.rs" 18 0 18 10] let%span svec25 = "../../../creusot-contracts/src/std/vec.rs" 155 26 155 62 let%span svec26 = "../../../creusot-contracts/src/std/vec.rs" 156 26 156 55 let%span sindex27 = "../../../creusot-contracts/src/logic/ops/index.rs" 23 8 23 31 - let%span siter28 = "../../../creusot-contracts/src/std/iter.rs" 86 20 86 24 - let%span siter29 = "../../../creusot-contracts/src/std/iter.rs" 92 8 92 19 - let%span srange30 = "../../../creusot-contracts/src/std/iter/range.rs" 33 15 33 24 - let%span srange31 = "../../../creusot-contracts/src/std/iter/range.rs" 34 14 34 45 - let%span srange32 = "../../../creusot-contracts/src/std/iter/range.rs" 39 15 39 21 - let%span srange33 = "../../../creusot-contracts/src/std/iter/range.rs" 40 15 40 21 - let%span srange34 = "../../../creusot-contracts/src/std/iter/range.rs" 41 15 41 21 - let%span srange35 = "../../../creusot-contracts/src/std/iter/range.rs" 42 15 42 32 - let%span srange36 = "../../../creusot-contracts/src/std/iter/range.rs" 43 15 43 32 - let%span srange37 = "../../../creusot-contracts/src/std/iter/range.rs" 44 14 44 42 - let%span snum38 = "../../../creusot-contracts/src/std/num.rs" 21 28 21 33 - let%span srange39 = "../../../creusot-contracts/src/std/iter/range.rs" 15 12 15 78 - let%span sresolve40 = "../../../creusot-contracts/src/resolve.rs" 54 20 54 34 - let%span smodel41 = "../../../creusot-contracts/src/model.rs" 88 8 88 22 - let%span sslice42 = "../../../creusot-contracts/src/std/slice.rs" 122 20 122 37 - let%span sslice43 = "../../../creusot-contracts/src/std/slice.rs" 129 20 129 37 - let%span smodel44 = "../../../creusot-contracts/src/model.rs" 106 8 106 22 - let%span sslice45 = "../../../creusot-contracts/src/std/slice.rs" 136 20 136 94 + let%span siter28 = "../../../creusot-contracts/src/std/iter.rs" 82 20 82 24 + let%span siter29 = "../../../creusot-contracts/src/std/iter.rs" 88 8 88 19 + let%span srange30 = "../../../creusot-contracts/src/std/iter/range.rs" 32 14 32 45 + let%span srange31 = "../../../creusot-contracts/src/std/iter/range.rs" 37 15 37 32 + let%span srange32 = "../../../creusot-contracts/src/std/iter/range.rs" 38 15 38 32 + let%span srange33 = "../../../creusot-contracts/src/std/iter/range.rs" 39 14 39 42 + let%span snum34 = "../../../creusot-contracts/src/std/num.rs" 21 28 21 33 + let%span srange35 = "../../../creusot-contracts/src/std/iter/range.rs" 14 12 14 78 + let%span sresolve36 = "../../../creusot-contracts/src/resolve.rs" 54 20 54 34 + let%span smodel37 = "../../../creusot-contracts/src/model.rs" 88 8 88 22 + let%span sslice38 = "../../../creusot-contracts/src/std/slice.rs" 122 20 122 37 + let%span sslice39 = "../../../creusot-contracts/src/std/slice.rs" 129 20 129 37 + let%span smodel40 = "../../../creusot-contracts/src/model.rs" 106 8 106 22 + let%span sslice41 = "../../../creusot-contracts/src/std/slice.rs" 136 20 136 94 use prelude.prelude.UIntSize @@ -132,7 +128,7 @@ module M_100doors__f [#"100doors.rs" 18 0 18 10] use seq.Seq function deep_model'0 (self : usize) : int = - [%#snum38] UIntSize.to_int self + [%#snum34] UIntSize.to_int self use seq.Seq @@ -149,16 +145,12 @@ module M_100doors__f [#"100doors.rs" 18 0 18 10] function produces_trans'0 (a : t_Range'0) (ab : Seq.seq usize) (b : t_Range'0) (bc : Seq.seq usize) (c : t_Range'0) : () - axiom produces_trans'0_spec : forall a : t_Range'0, ab : Seq.seq usize, b : t_Range'0, bc : Seq.seq usize, c : t_Range'0 . ([%#srange32] inv'0 a) - -> ([%#srange33] inv'0 b) - -> ([%#srange34] inv'0 c) - -> ([%#srange35] produces'0 a ab b) - -> ([%#srange36] produces'0 b bc c) -> ([%#srange37] produces'0 a (Seq.(++) ab bc) c) + axiom produces_trans'0_spec : forall a : t_Range'0, ab : Seq.seq usize, b : t_Range'0, bc : Seq.seq usize, c : t_Range'0 . ([%#srange31] produces'0 a ab b) + -> ([%#srange32] produces'0 b bc c) -> ([%#srange33] produces'0 a (Seq.(++) ab bc) c) function produces_refl'0 (self : t_Range'0) : () - axiom produces_refl'0_spec : forall self : t_Range'0 . ([%#srange30] inv'0 self) - -> ([%#srange31] produces'0 self (Seq.empty : Seq.seq usize) self) + axiom produces_refl'0_spec : forall self : t_Range'0 . [%#srange30] produces'0 self (Seq.empty : Seq.seq usize) self use prelude.prelude.Snapshot @@ -181,10 +173,10 @@ module M_100doors__f [#"100doors.rs" 18 0 18 10] axiom inv_axiom'5 [@rewrite] : forall x : t_Option'0 [inv'5 x] . inv'5 x = true predicate resolve'2 (self : borrowed (t_Range'0)) = - [%#sresolve40] self.final = self.current + [%#sresolve36] self.final = self.current predicate completed'0 (self : borrowed (t_Range'0)) = - [%#srange39] resolve'2 self + [%#srange35] resolve'2 self /\ deep_model'0 (self.current).t_Range__start'0 >= deep_model'0 (self.current).t_Range__end'0 use seq.Seq @@ -216,17 +208,17 @@ module M_100doors__f [#"100doors.rs" 18 0 18 10] axiom inv_axiom'7 [@rewrite] : forall x : usize [inv'7 x] . inv'7 x = true function view'1 (self : t_Vec'0) : Seq.seq bool = - [%#smodel41] view'0 self + [%#smodel37] view'0 self predicate in_bounds'0 [@inline:trivial] (self : usize) (seq : Seq.seq bool) = - [%#sslice42] UIntSize.to_int self < Seq.length seq + [%#sslice38] UIntSize.to_int self < Seq.length seq predicate inv'8 (_1 : bool) axiom inv_axiom'8 [@rewrite] : forall x : bool [inv'8 x] . inv'8 x = true predicate has_value'0 [@inline:trivial] (self : usize) (seq : Seq.seq bool) (out : bool) = - [%#sslice43] Seq.get seq (UIntSize.to_int self) = out + [%#sslice39] Seq.get seq (UIntSize.to_int self) = out let rec index'0 (self:t_Vec'0) (index:usize) (return' (ret:bool))= {[@expl:index 'self' type invariant] inv'6 self} {[@expl:index 'index' type invariant] inv'7 index} @@ -240,14 +232,14 @@ module M_100doors__f [#"100doors.rs" 18 0 18 10] axiom inv_axiom'9 [@rewrite] : forall x : borrowed (t_Vec'0) [inv'9 x] . inv'9 x = true function view'2 (self : borrowed (t_Vec'0)) : Seq.seq bool = - [%#smodel44] view'0 self.current + [%#smodel40] view'0 self.current predicate inv'10 (_1 : borrowed bool) axiom inv_axiom'10 [@rewrite] : forall x : borrowed bool [inv'10 x] . inv'10 x = true predicate resolve_elswhere'0 [@inline:trivial] (self : usize) (old' : Seq.seq bool) (fin : Seq.seq bool) = - [%#sslice45] forall i : int . 0 <= i /\ i <> UIntSize.to_int self /\ i < Seq.length old' + [%#sslice41] forall i : int . 0 <= i /\ i <> UIntSize.to_int self /\ i < Seq.length old' -> Seq.get old' i = Seq.get fin i let rec index_mut'0 (self:borrowed (t_Vec'0)) (index:usize) (return' (ret:borrowed bool))= {[@expl:index_mut 'self' type invariant] inv'9 self} @@ -263,7 +255,7 @@ module M_100doors__f [#"100doors.rs" 18 0 18 10] predicate resolve'3 (self : borrowed bool) = - [%#sresolve40] self.final = self.current + [%#sresolve36] self.final = self.current predicate resolve'1 (_1 : borrowed bool) = resolve'3 _1 diff --git a/creusot/tests/should_succeed/100doors/why3session.xml b/creusot/tests/should_succeed/100doors/why3session.xml index 3ca0cf89c..0daf56577 100644 --- a/creusot/tests/should_succeed/100doors/why3session.xml +++ b/creusot/tests/should_succeed/100doors/why3session.xml @@ -7,7 +7,7 @@ - + diff --git a/creusot/tests/should_succeed/100doors/why3shapes.gz b/creusot/tests/should_succeed/100doors/why3shapes.gz index a61fbaff788afed87a89bc02a45c5ed940ea16a1..734d087db02db7cdbbdc605738fe50c3291a9d17 100644 GIT binary patch delta 551 zcmV+?0@(e#1hE8=6@R1MsFKI#vuX~gl4TCvORG_DXae31DuFBzqW=2|f`Me&ZPnYG z=NZrQeE7q|ra90_H=9n^O2b-BLS z3^}z`l9w%Y$+zgI&7_HAD5L=vo$4w(r@FBjI<(!Qi#`VNl7IGIF%G)u$(z`a^zqdG z#&Ajl2&3j68P-7w5W$lZnv^jFU(V2a ze54(HO}+Q6-Pfm#gN0Dp}^xy|fzb4NZuK`@XkyRCYA zex4b>@jUy(!>T^e$<(XXRCQJspI83s;iJ>MP*${Sj!ao#If0-oaOlgHa#K7v2Wm5O zSu^C+lu1@J)F$7er!`YHkD*W&ICQGY{W&%DnxRXZ4SE=07=O=c{}tn+hkiWN2rU>H zSKXAAWR9oiH%hxNM=5|X^wlBDx(GvO9kQ&4z}1K>>mv-^bjY#+f~!Vk*$}}~BeJYS z@YRS$Weg!u6LcOQX-i*|@8!{Smm4DY)qEY%{Q!iQ0%K7(nd>A_NZNFqU31y(rZDZt zbQ3&cm{L?kS$~o2%5$-=mm^}TOkL)!Sp)6LswyvLzdruTNKsxJ`ca+DBW+Q*J*1ym zK{<+$vOS70Ug+b7;PaX&x_uP>cxGbq`f@N;cPk=zFJ-D9(}C)wrTje4>QA=fmP6hs zoSv)7beA%C6Bvqces6y*5e?=M!4=6jnx3W=(5F|kNPppGSc?I7jftx&=+AKD!L7o* zS3ipzwTftX2!hR(iT_g;cNXEjMHalxuHK%WIb}s*Dk{tcK~4+WY_1FBoa(H2&P`Jm z$R+YYE*la2L)xIKcXB*`T9a_bUMA^k!Oy++yX5!ZC8)^hKe43$q#eiXCng)S{-EIY*23Ld7z%_sdrlk&bpndIWR}0NGXy*I@(}f{V_5}a{c1jbC diff --git a/creusot/tests/should_succeed/bug/164.coma b/creusot/tests/should_succeed/bug/164.coma index 9cd49f120..2780aeba4 100644 --- a/creusot/tests/should_succeed/bug/164.coma +++ b/creusot/tests/should_succeed/bug/164.coma @@ -27,22 +27,18 @@ module M_164__main [#"164.rs" 5 0 5 13] let%span s16425 = "164.rs" 61 4 61 7 let%span s16426 = "164.rs" 60 16 60 27 let%span s16427 = "164.rs" 61 4 61 7 - let%span siter28 = "../../../../creusot-contracts/src/std/iter.rs" 101 0 213 1 - let%span srange29 = "../../../../creusot-contracts/src/std/iter/range.rs" 23 12 27 70 - let%span siter30 = "../../../../creusot-contracts/src/std/iter.rs" 107 26 110 17 - let%span siter31 = "../../../../creusot-contracts/src/std/iter.rs" 86 20 86 24 - let%span siter32 = "../../../../creusot-contracts/src/std/iter.rs" 92 8 92 19 - let%span srange33 = "../../../../creusot-contracts/src/std/iter/range.rs" 33 15 33 24 - let%span srange34 = "../../../../creusot-contracts/src/std/iter/range.rs" 34 14 34 45 - let%span srange35 = "../../../../creusot-contracts/src/std/iter/range.rs" 39 15 39 21 - let%span srange36 = "../../../../creusot-contracts/src/std/iter/range.rs" 40 15 40 21 - let%span srange37 = "../../../../creusot-contracts/src/std/iter/range.rs" 41 15 41 21 - let%span srange38 = "../../../../creusot-contracts/src/std/iter/range.rs" 42 15 42 32 - let%span srange39 = "../../../../creusot-contracts/src/std/iter/range.rs" 43 15 43 32 - let%span srange40 = "../../../../creusot-contracts/src/std/iter/range.rs" 44 14 44 42 - let%span snum41 = "../../../../creusot-contracts/src/std/num.rs" 21 28 21 33 - let%span srange42 = "../../../../creusot-contracts/src/std/iter/range.rs" 15 12 15 78 - let%span sresolve43 = "../../../../creusot-contracts/src/resolve.rs" 54 20 54 34 + let%span siter28 = "../../../../creusot-contracts/src/std/iter.rs" 97 0 205 1 + let%span srange29 = "../../../../creusot-contracts/src/std/iter/range.rs" 22 12 26 70 + let%span siter30 = "../../../../creusot-contracts/src/std/iter.rs" 103 26 106 17 + let%span siter31 = "../../../../creusot-contracts/src/std/iter.rs" 82 20 82 24 + let%span siter32 = "../../../../creusot-contracts/src/std/iter.rs" 88 8 88 19 + let%span srange33 = "../../../../creusot-contracts/src/std/iter/range.rs" 32 14 32 45 + let%span srange34 = "../../../../creusot-contracts/src/std/iter/range.rs" 37 15 37 32 + let%span srange35 = "../../../../creusot-contracts/src/std/iter/range.rs" 38 15 38 32 + let%span srange36 = "../../../../creusot-contracts/src/std/iter/range.rs" 39 14 39 42 + let%span snum37 = "../../../../creusot-contracts/src/std/num.rs" 21 28 21 33 + let%span srange38 = "../../../../creusot-contracts/src/std/iter/range.rs" 14 12 14 78 + let%span sresolve39 = "../../../../creusot-contracts/src/resolve.rs" 54 20 54 34 use prelude.prelude.UIntSize @@ -90,7 +86,7 @@ module M_164__main [#"164.rs" 5 0 5 13] use prelude.prelude.Int32 function deep_model'0 (self : int32) : int = - [%#snum41] Int32.to_int self + [%#snum37] Int32.to_int self use seq.Seq @@ -107,16 +103,12 @@ module M_164__main [#"164.rs" 5 0 5 13] function produces_trans'0 (a : t_Range'0) (ab : Seq.seq int32) (b : t_Range'0) (bc : Seq.seq int32) (c : t_Range'0) : () - axiom produces_trans'0_spec : forall a : t_Range'0, ab : Seq.seq int32, b : t_Range'0, bc : Seq.seq int32, c : t_Range'0 . ([%#srange35] inv'1 a) - -> ([%#srange36] inv'1 b) - -> ([%#srange37] inv'1 c) - -> ([%#srange38] produces'0 a ab b) - -> ([%#srange39] produces'0 b bc c) -> ([%#srange40] produces'0 a (Seq.(++) ab bc) c) + axiom produces_trans'0_spec : forall a : t_Range'0, ab : Seq.seq int32, b : t_Range'0, bc : Seq.seq int32, c : t_Range'0 . ([%#srange34] produces'0 a ab b) + -> ([%#srange35] produces'0 b bc c) -> ([%#srange36] produces'0 a (Seq.(++) ab bc) c) function produces_refl'0 (self : t_Range'0) : () - axiom produces_refl'0_spec : forall self : t_Range'0 . ([%#srange33] inv'1 self) - -> ([%#srange34] produces'0 self (Seq.empty : Seq.seq int32) self) + axiom produces_refl'0_spec : forall self : t_Range'0 . [%#srange33] produces'0 self (Seq.empty : Seq.seq int32) self use prelude.prelude.Borrow @@ -133,10 +125,10 @@ module M_164__main [#"164.rs" 5 0 5 13] axiom inv_axiom'3 [@rewrite] : forall x : t_Option'0 [inv'3 x] . inv'3 x = true predicate resolve'1 (self : borrowed (t_Range'0)) = - [%#sresolve43] self.final = self.current + [%#sresolve39] self.final = self.current predicate completed'0 (self : borrowed (t_Range'0)) = - [%#srange42] resolve'1 self + [%#srange38] resolve'1 self /\ deep_model'0 (self.current).t_Range__start'0 >= deep_model'0 (self.current).t_Range__end'0 use seq.Seq diff --git a/creusot/tests/should_succeed/bug/164/why3session.xml b/creusot/tests/should_succeed/bug/164/why3session.xml index 5cb282174..a0e3390d4 100644 --- a/creusot/tests/should_succeed/bug/164/why3session.xml +++ b/creusot/tests/should_succeed/bug/164/why3session.xml @@ -7,7 +7,7 @@ - + diff --git a/creusot/tests/should_succeed/bug/164/why3shapes.gz b/creusot/tests/should_succeed/bug/164/why3shapes.gz index 9927351be69e05a449556418aa3660631a506382..5c110572c559c9710d630d310442bc51908fd6ed 100644 GIT binary patch literal 514 zcmV+d0{#6TiwFP!00000|D{w-kDD+Mz4I$_qussOV?IJv4k(HRmsD!2xuS`2QnU#q z;LWQ4zA_8Mn?#kW-k#rh-kW(we0o~+zv!g<#YK00-8Nqq(c%VzQnNf?8JY4sHGAzd|M;Sq;&!!S))}Us zJ39TSVRXGO*mvR~Njmg;SSOe!wH$t5o(DQ&EKYV?Ml6n_B?MZ8qN*U;?h;ab5$91J=0PrU$a&7ZKLQkE^ZEn; E0RQCqX#fBK literal 521 zcmV+k0`~nMiwFP!00000|D{yHj+-zLz4H~^w%xs88*oxJ2eb-;ODeUMuV@0^6g9yK zc(dx?ckE!Vn?#kW-rl^Kd2eQL^5HR_e!x*q@mY>juZB-?9zTAJ^a=Xm{6IufI^eiO zkkWw&j-%>cTRCAw;ps^*k%_zx>GX!7Se4eZZtj3*X!(aM2YEQ^UxK?lFWo3qEJ_C) z$HcO9AlhtT1<%blb&$rF3X1y#aSbb^0)~_|jB--@GlsBL%V!H z*tQZRX|p15MWsQGFvvIK?}Pc&BroP$JCt14n6b2KdM(H1s3wgSy7>yj4#!6OHff1j zt@b*0dfze1dkwSeZNhvfl0gakN!oQ%kHKgT8aJE~F1ndFKD`w1+0m&7mR{ZRR+$AZ z_+D}g@KI)g7xg{NdeO9HMifyF-^W+^<-e6$($ZPbtIXmBzH}d~Z6b3Cy*<>itJl$>|b0I!FCIol$ inv'10 (Seq.get self i) + [%#sseq59] forall i : int . 0 <= i /\ i < Seq.length self -> inv'10 (Seq.get self i) predicate inv'8 (_1 : Seq.seq t_T'0) axiom inv_axiom'7 [@rewrite] : forall x : Seq.seq t_T'0 [inv'8 x] . inv'8 x = invariant'3 x predicate invariant'0 (self : t_Vec'0) = - [%#svec60] inv'8 (view'1 self) + [%#svec56] inv'8 (view'1 self) predicate inv'0 (_1 : t_Vec'0) @@ -1139,19 +1135,19 @@ module M_hillel__unique [#"hillel.rs" 102 0 102 56] function view'2 (self : slice t_T'0) : Seq.seq t_T'0 - axiom view'2_spec : forall self : slice t_T'0 . ([%#sslice57] Seq.length (view'2 self) + axiom view'2_spec : forall self : slice t_T'0 . ([%#sslice53] Seq.length (view'2 self) <= UIntSize.to_int (v_MAX'0 : usize)) - && ([%#sslice58] view'2 self = Slice.id self) + && ([%#sslice54] view'2 self = Slice.id self) predicate invariant'4 (self : slice t_T'0) = - [%#sslice64] inv'8 (view'2 self) + [%#sslice60] inv'8 (view'2 self) predicate inv'9 (_1 : slice t_T'0) axiom inv_axiom'8 [@rewrite] : forall x : slice t_T'0 [inv'9 x] . inv'9 x = invariant'4 x predicate invariant'2 (self : slice t_T'0) = - [%#sinvariant62] inv'9 self + [%#sinvariant58] inv'9 self predicate inv'4 (_1 : slice t_T'0) @@ -1201,7 +1197,7 @@ module M_hillel__unique [#"hillel.rs" 102 0 102 56] use seq.Seq function index_logic'1 [@inline:trivial] (self : slice t_T'0) (ix : int) : t_T'0 = - [%#sindex59] Seq.get (view'2 self) ix + [%#sindex55] Seq.get (view'2 self) ix function deep_model'3 (self : t_T'0) : t_DeepModelTy'0 @@ -1248,7 +1244,7 @@ module M_hillel__unique [#"hillel.rs" 102 0 102 56] use seq.Seq function deep_model'4 (self : usize) : int = - [%#snum53] UIntSize.to_int self + [%#snum49] UIntSize.to_int self use seq.Seq @@ -1263,16 +1259,12 @@ module M_hillel__unique [#"hillel.rs" 102 0 102 56] function produces_trans'0 (a : t_Range'0) (ab : Seq.seq usize) (b : t_Range'0) (bc : Seq.seq usize) (c : t_Range'0) : () - axiom produces_trans'0_spec : forall a : t_Range'0, ab : Seq.seq usize, b : t_Range'0, bc : Seq.seq usize, c : t_Range'0 . ([%#srange47] inv'1 a) - -> ([%#srange48] inv'1 b) - -> ([%#srange49] inv'1 c) - -> ([%#srange50] produces'0 a ab b) - -> ([%#srange51] produces'0 b bc c) -> ([%#srange52] produces'0 a (Seq.(++) ab bc) c) + axiom produces_trans'0_spec : forall a : t_Range'0, ab : Seq.seq usize, b : t_Range'0, bc : Seq.seq usize, c : t_Range'0 . ([%#srange46] produces'0 a ab b) + -> ([%#srange47] produces'0 b bc c) -> ([%#srange48] produces'0 a (Seq.(++) ab bc) c) function produces_refl'0 (self : t_Range'0) : () - axiom produces_refl'0_spec : forall self : t_Range'0 . ([%#srange45] inv'1 self) - -> ([%#srange46] produces'0 self (Seq.empty : Seq.seq usize) self) + axiom produces_refl'0_spec : forall self : t_Range'0 . [%#srange45] produces'0 self (Seq.empty : Seq.seq usize) self predicate inv'2 (_1 : Seq.seq usize) @@ -1291,10 +1283,10 @@ module M_hillel__unique [#"hillel.rs" 102 0 102 56] axiom inv_axiom'6 [@rewrite] : forall x : t_Option'0 [inv'6 x] . inv'6 x = true predicate resolve'2 (self : borrowed (t_Range'0)) = - [%#sresolve55] self.final = self.current + [%#sresolve51] self.final = self.current predicate completed'0 (self : borrowed (t_Range'0)) = - [%#srange54] resolve'2 self + [%#srange50] resolve'2 self /\ deep_model'4 (self.current).t_Range__start'0 >= deep_model'4 (self.current).t_Range__end'0 use seq.Seq @@ -1318,14 +1310,14 @@ module M_hillel__unique [#"hillel.rs" 102 0 102 56] predicate invariant'1 (self : borrowed (t_Vec'0)) = - [%#sinvariant61] inv'0 self.current /\ inv'0 self.final + [%#sinvariant57] inv'0 self.current /\ inv'0 self.final predicate inv'3 (_1 : borrowed (t_Vec'0)) axiom inv_axiom'3 [@rewrite] : forall x : borrowed (t_Vec'0) [inv'3 x] . inv'3 x = invariant'1 x function deep_model'5 (self : borrowed (t_Vec'0)) : Seq.seq t_DeepModelTy'0 = - [%#smodel56] deep_model'1 self.current + [%#smodel52] deep_model'1 self.current use seq.Seq @@ -1341,7 +1333,7 @@ module M_hillel__unique [#"hillel.rs" 102 0 102 56] predicate resolve'3 (self : borrowed (t_Vec'0)) = - [%#sresolve55] self.final = self.current + [%#sresolve51] self.final = self.current predicate resolve'1 (_1 : borrowed (t_Vec'0)) = resolve'3 _1 @@ -1678,20 +1670,20 @@ module M_hillel__fulcrum [#"hillel.rs" 159 0 159 30] let%span shillel22 = "hillel.rs" 156 11 156 23 let%span shillel23 = "hillel.rs" 157 10 157 44 let%span shillel24 = "hillel.rs" 158 10 158 86 - let%span siter25 = "../../../creusot-contracts/src/std/iter.rs" 101 0 213 1 + let%span siter25 = "../../../creusot-contracts/src/std/iter.rs" 97 0 205 1 let%span smodel26 = "../../../creusot-contracts/src/model.rs" 88 8 88 22 let%span shillel27 = "hillel.rs" 123 11 123 53 let%span shillel28 = "hillel.rs" 124 10 124 21 let%span shillel29 = "hillel.rs" 122 10 122 19 let%span shillel30 = "hillel.rs" 121 0 121 8 let%span sslice31 = "../../../creusot-contracts/src/std/slice.rs" 405 12 405 66 - let%span siter32 = "../../../creusot-contracts/src/std/iter.rs" 107 26 110 17 + let%span siter32 = "../../../creusot-contracts/src/std/iter.rs" 103 26 106 17 let%span sslice33 = "../../../creusot-contracts/src/std/slice.rs" 245 0 354 1 let%span shillel34 = "hillel.rs" 144 11 144 35 let%span shillel35 = "hillel.rs" 145 10 145 64 let%span shillel36 = "hillel.rs" 146 10 146 77 let%span shillel37 = "hillel.rs" 148 4 148 41 - let%span srange38 = "../../../creusot-contracts/src/std/iter/range.rs" 23 12 27 70 + let%span srange38 = "../../../creusot-contracts/src/std/iter/range.rs" 22 12 26 70 let%span snum39 = "../../../creusot-contracts/src/std/num.rs" 220 26 220 59 let%span sslice40 = "../../../creusot-contracts/src/std/slice.rs" 360 20 360 24 let%span sslice41 = "../../../creusot-contracts/src/std/slice.rs" 366 20 366 32 @@ -1707,25 +1699,21 @@ module M_hillel__fulcrum [#"hillel.rs" 159 0 159 30] let%span sslice51 = "../../../creusot-contracts/src/std/slice.rs" 97 14 97 80 let%span sslice52 = "../../../creusot-contracts/src/std/slice.rs" 398 20 398 61 let%span sresolve53 = "../../../creusot-contracts/src/resolve.rs" 54 20 54 34 - let%span siter54 = "../../../creusot-contracts/src/std/iter.rs" 86 20 86 24 - let%span siter55 = "../../../creusot-contracts/src/std/iter.rs" 92 8 92 19 + let%span siter54 = "../../../creusot-contracts/src/std/iter.rs" 82 20 82 24 + let%span siter55 = "../../../creusot-contracts/src/std/iter.rs" 88 8 88 19 let%span shillel56 = "hillel.rs" 135 11 135 63 let%span shillel57 = "hillel.rs" 136 10 136 85 let%span shillel58 = "hillel.rs" 134 10 134 18 let%span shillel59 = "hillel.rs" 138 4 140 5 let%span sint60 = "../../../creusot-contracts/src/logic/int.rs" 157 4 157 12 - let%span srange61 = "../../../creusot-contracts/src/std/iter/range.rs" 33 15 33 24 - let%span srange62 = "../../../creusot-contracts/src/std/iter/range.rs" 34 14 34 45 - let%span srange63 = "../../../creusot-contracts/src/std/iter/range.rs" 39 15 39 21 - let%span srange64 = "../../../creusot-contracts/src/std/iter/range.rs" 40 15 40 21 - let%span srange65 = "../../../creusot-contracts/src/std/iter/range.rs" 41 15 41 21 - let%span srange66 = "../../../creusot-contracts/src/std/iter/range.rs" 42 15 42 32 - let%span srange67 = "../../../creusot-contracts/src/std/iter/range.rs" 43 15 43 32 - let%span srange68 = "../../../creusot-contracts/src/std/iter/range.rs" 44 14 44 42 - let%span snum69 = "../../../creusot-contracts/src/std/num.rs" 21 28 21 33 - let%span srange70 = "../../../creusot-contracts/src/std/iter/range.rs" 15 12 15 78 - let%span sindex71 = "../../../creusot-contracts/src/logic/ops/index.rs" 45 8 45 31 - let%span smodel72 = "../../../creusot-contracts/src/model.rs" 106 8 106 22 + let%span srange61 = "../../../creusot-contracts/src/std/iter/range.rs" 32 14 32 45 + let%span srange62 = "../../../creusot-contracts/src/std/iter/range.rs" 37 15 37 32 + let%span srange63 = "../../../creusot-contracts/src/std/iter/range.rs" 38 15 38 32 + let%span srange64 = "../../../creusot-contracts/src/std/iter/range.rs" 39 14 39 42 + let%span snum65 = "../../../creusot-contracts/src/std/num.rs" 21 28 21 33 + let%span srange66 = "../../../creusot-contracts/src/std/iter/range.rs" 14 12 14 78 + let%span sindex67 = "../../../creusot-contracts/src/logic/ops/index.rs" 45 8 45 31 + let%span smodel68 = "../../../creusot-contracts/src/model.rs" 106 8 106 22 use prelude.prelude.UInt32 @@ -1815,7 +1803,7 @@ module M_hillel__fulcrum [#"hillel.rs" 159 0 159 30] use seq.Seq function index_logic'0 [@inline:trivial] (self : slice uint32) (ix : int) : uint32 = - [%#sindex71] Seq.get (view'1 self) ix + [%#sindex67] Seq.get (view'1 self) ix function to_ref_seq'0 (self : slice uint32) : Seq.seq uint32 @@ -1860,7 +1848,7 @@ module M_hillel__fulcrum [#"hillel.rs" 159 0 159 30] [%#sresolve53] self.final = self.current function view'3 (self : borrowed (t_Iter'0)) : slice uint32 = - [%#smodel72] view'2 self.current + [%#smodel68] view'2 self.current use seq.Seq @@ -1948,7 +1936,7 @@ module M_hillel__fulcrum [#"hillel.rs" 159 0 159 30] use seq.Seq function deep_model'0 (self : usize) : int = - [%#snum69] UIntSize.to_int self + [%#snum65] UIntSize.to_int self use seq.Seq @@ -1963,16 +1951,12 @@ module M_hillel__fulcrum [#"hillel.rs" 159 0 159 30] function produces_trans'1 (a : t_Range'0) (ab : Seq.seq usize) (b : t_Range'0) (bc : Seq.seq usize) (c : t_Range'0) : () - axiom produces_trans'1_spec : forall a : t_Range'0, ab : Seq.seq usize, b : t_Range'0, bc : Seq.seq usize, c : t_Range'0 . ([%#srange63] inv'2 a) - -> ([%#srange64] inv'2 b) - -> ([%#srange65] inv'2 c) - -> ([%#srange66] produces'1 a ab b) - -> ([%#srange67] produces'1 b bc c) -> ([%#srange68] produces'1 a (Seq.(++) ab bc) c) + axiom produces_trans'1_spec : forall a : t_Range'0, ab : Seq.seq usize, b : t_Range'0, bc : Seq.seq usize, c : t_Range'0 . ([%#srange62] produces'1 a ab b) + -> ([%#srange63] produces'1 b bc c) -> ([%#srange64] produces'1 a (Seq.(++) ab bc) c) function produces_refl'1 (self : t_Range'0) : () - axiom produces_refl'1_spec : forall self : t_Range'0 . ([%#srange61] inv'2 self) - -> ([%#srange62] produces'1 self (Seq.empty : Seq.seq usize) self) + axiom produces_refl'1_spec : forall self : t_Range'0 . [%#srange61] produces'1 self (Seq.empty : Seq.seq usize) self predicate inv'3 (_1 : Seq.seq usize) @@ -1994,7 +1978,7 @@ module M_hillel__fulcrum [#"hillel.rs" 159 0 159 30] [%#sresolve53] self.final = self.current predicate completed'1 (self : borrowed (t_Range'0)) = - [%#srange70] resolve'3 self + [%#srange66] resolve'3 self /\ deep_model'0 (self.current).t_Range__start'0 >= deep_model'0 (self.current).t_Range__end'0 use seq.Seq diff --git a/creusot/tests/should_succeed/hillel/why3session.xml b/creusot/tests/should_succeed/hillel/why3session.xml index 4f5c3cdd0..be335b1f2 100644 --- a/creusot/tests/should_succeed/hillel/why3session.xml +++ b/creusot/tests/should_succeed/hillel/why3session.xml @@ -63,7 +63,7 @@ - + @@ -81,7 +81,7 @@ - + @@ -102,7 +102,7 @@ - + @@ -117,7 +117,7 @@ - + @@ -135,13 +135,13 @@ - + - + - + @@ -150,28 +150,28 @@ - + - + - + - + - + - + - + @@ -180,28 +180,28 @@ - + - + - + - + - + - + - + @@ -210,25 +210,25 @@ - + - + - + - + - + @@ -255,43 +255,43 @@ - + - + - + - + - + - + - + - + - + @@ -306,7 +306,7 @@ - + @@ -315,22 +315,22 @@ - + - + - + - + - + @@ -339,46 +339,46 @@ - + - + - + - + - + - + - + - + - + - + - + - + - + diff --git a/creusot/tests/should_succeed/hillel/why3shapes.gz b/creusot/tests/should_succeed/hillel/why3shapes.gz index a9edf4d9b1dd22a6aba581183c3d4a71899d1b1d..fe950bc1c6847a14e59b7c2aa53a3c496d266cc2 100644 GIT binary patch literal 7478 zcmV-69m(P!iwFP!00000|LuHRZyY(Y=DU7H0sElcV+;@%1}}?t1IA#4G;nqX*gZ(> zo4{*N&5nUz^`x!Z25yZ6C1lMDtUg25p9G0Ok_-*$(;`}g^<`;;FK z`-l7gxzoFU`yW^Shu8it-~aUVcmHXh|9MR<_@{^4{r!{wbo;;F{NHQ1x$^t_PyTW5 z@1L$!iy!LewX}FM7Ul%pQcs{-x)}>|0%*A>fR=B@!kmCw)e~^5ZpOl#09)w^u$7y! zaOGe7{e8;+y1je&X&_N+gty`mJH|Fjs#yY7q9#8xh+SExBm6$vPk}L{}4Agj+4>4ZmPJoZ#s{m zvG6SQ+rdAPZhC4sQoQxATSWgKk00~OEd~*Fi+XUtXRLx9-P*T~Ow6`}bxj?2bINdZ zDYJ5^(ZG5(jXzH1HJ@|6PYB;ut$s0=zkOENH~z;nBv<*}`=|f9?SkA!FyIztmu}v)e}0|&KlNl=><2$sE{KKm^Ewc1vpV|AR;&Nh<%688#UUP@F553; za2kc4XYfq8xTM=@6vEF%A>4>UpP7iyM4`2-oLjN3I*5t5v1)6)dE2pEuH2%Ecxha%)KgsLGjWxkkE{Mwi|)kDPlL*p z-yd!dAHyL(U4uXL8^poqyZmm^)I!(PLW?)6(-60`J`KJ0KjkN%a(;jN?jhy7Yi_w! z^9o#ujkUR2UY+pf!TxF$rMcztdpXYHForOlgm^j%aXkwiX>6+p5^VL&R9YUm%y?uo zG}KpP&4nZ~yvmpRZx!F84gP0a8vL)8mgjjg zoWtm_i=|G4r$_K`q%UMqmv!u$n+l@(|q^v@cwl2MpXuh(`b=u zgNyVSJN7+3Bi~5el3mMJ0~Fb%=3|E;K9TK%!nGNs;Hy9T`0(!iU4F{xWYew!b=%}m z`RR6_Hrvqe6CRiST;ED@*x&zjm!BT)TXG$%DH=@U*TTcyr+hMaB_8=#&mPDp2L4}A ztEbPh&v)q-j%;5~Rg2wqeGc!|^q<3{BdMtYaTMukBcIl|MYU(rxcYmFVH= z@A+|S3D2fgO)4xZD~}J8NmO_Exte|7_`5@1FSHBv8J)Kp{^CV=0pEe)=DNH@tP57{ zB~omy=~FwNPRQt;Bl-AE{q_+bI#)Vu?H(J0o!N_q8$=)A@9SPNknQsQ;p1aI?EV{k zW~=%#Zg`g4tno@btaZ9~LJKIlh(Qa*~#~t$) zhc5H|Y-2mCbYtT)>ti#v4}o_KmRCPN@YcVE$ap?_&WK+7TiZ$ZA0OY}Ya*_Gt)E$9Q!K z^|R~s^w80gd-ItvQoF2X=u7yV5+C`#`Ajfv$-dpzzEyCPZlADcc52ZLstH5p+W48- zYsprse(LH+r)39vjHOL~JMH&&xMM3A&<{1EeDnNT*tGQPqgu1|)iPErh27Eys%2^w zzo|`j*+i{U8!Nsx9Qz!@UH2&+9Hy}Q=%KZ$#OoT(kMZfvc2t{5b0%_LBGfVn|K%@l zopmfp;b81wu%NYYbqTZ|MF(F^R&#J-G(msmp8`; z4d#~B^bIYmlg)1OaNQA}U27{u3!i`AllF)y93h467d|__@Y$A*8*i&B8l+ZeP;Gej zVNphyLPnHg0c6n#WT_FyQmr0QARLh^tjN_0prh8dZW&RQ0G(|+2XGspTZd?NUf@T>IC$&{M;AAIU z%z#H#plYx`RSbD5jkVIEn;wbXSgR|LHI+_)Ae?|8oPZ!4_w~cmt z=V6p3kbQW19DQ*_LWcGFbo;;k{ZIKCuHXGJZ@!NOO^dywrXPzu@e^4Zhd>86(UHwpH#4 z)+&FQg41nad+-i8{8{+R)qVcg(A@QUHHR{$%k73|aP2)q6LE4FmRB5`soo$?F7DT#a@_Vt)9rPmKqvB^a;f*74K~|LS-zh5GlctG z*ci;VJ@darlrI>jZ(g1Jzt-sd>{Ok(E)FtX&SvvA%g33SfpE_doo4$Vle&QpDJga6 z^A>c^Fa4HurP;U;*M=(FFB$(A3{^#c`^;p!v!3vUgT6W0au%9xP1~8Wyzd5j$G~i zkFO&{sEKi}#<8kx4*7#Gj}Pzs;p4m8$NtvQRle$~Bl@R@>j-aa$LC3^)_(l&=qn`7_#S&yGH;cFI8OZ$%X(G<0INmUbw zBDPcqZmGq7%$9}`+wQhqS&g^uo2wHu)tsJIhJK?f^cg+1Van{e+WWP6M@9Ur?WX;z zdf$1ubrvq zan6m7JbDwIbEnZVt!_<4i1q`RIsCI>!!9$;#12pLKen#RPJBIqM15Xv>v}|~HGR%h zgx1`g`Y~dUzAQ~VR;yK|>avxq&yGn+En@G)YDi}4dyWoGb;z2JdNNJNgTWzx=n@QP z-+%MfQ2UowO}KQP`jYORQ~Du$Upd5w$Bu=o4_OPQZd%IS zvr+fbHGOvxvgJOIT*_ovj|=inW?m7syukFazPY`6RbRsD4N%@Lns}=cJ7PZJq6eR1 zJ^2*ZqwiEYqW5fXrqWnz>e+cJb&pQ-U^XIkYwRu}09>tpFK~!3f&Odo{jdS7AHE=o z<22E*PWTX~B78>hQ)vG9yO+=R9cyOe`KN~`e|OQCM?n0CFYA6BwnwDL$BJJGIUZi! zPm$wU4j^8b1K7Q<-1fNWY-{OlFn%3T$EW;Le%w8L%8%vl;h%G(k121T<8h%cU7jzu z7U5EFy9oRG;Y;~XuCYXu)Yu(sun z_sO%Z>z044o(0v?ETj8R*6!Q`FEY~9cj|Q1z*6(cUv+P0f}RDZtftdkBe zXEa6~T+Dn=GuwOyenS+)jV$%m6U0o|_2VX9GPBcy8>Xauyo-+?-z{=~hbx%>!LL~S zj4AXRgKTBl<8p_^b(Z~chyBx;-SP18-D1DMR?+H>qE@c=JM}En6}cR-1KeC|1J~o6 z9DAOwn&U&Op7QH&wH@o;bf0SESUd;2Aw zH%|x4;{koy@c^e@Yr($gjDQHepab0)a8q*b|HC>LlR;|%pftOG9qGo5ffrQ4w^10q{ zYp^xl^Q&IwjtjSDD?g@d82gB8jp_>avoeTjO_%8|deA^*Xfkfx)_$)F3l0hk3<`HU z$A!-O4f(BiKwn5XNZcrLj4RV9jAT|hBh&d?&E-G3KC29yp zIg`;k%wEEdRm0pcHH;0zFB(gfW}|Wv0Q49g+u(i8!*IbXg|K7Yuza=QYz|h6jTnL= z?LtNrFb0E?P%N4qyM|4}w)^`l4T^>xS?v)rfJ>GPS`Fg84(K_^PEn(9=JdsVt>0rD>6KyxTd_w^Y79j(W3ZoPVp%jghm4pB!A$9_|Zz}_U0x{k@ zXN}7NLo~v|8JU!)0z2VGs1a-gzPT`*QpuQ{PLk^-Schbl<|rv@@>Xg{(cEZiG&UL< zagEqUOe4AxX+(W1!Ln06ChdGy+LvOyOHPR|DhukuYNw^q-$^#Hq!MF^Pyh?Y7%3+5 zUONie=djbJ(fYfIm!h#Qv+2T{DTD$ZK&OJmnc{VIas!Qajke!ua&5>ufJu^!Dy+2! zht3z3$cgA)Lj2A`CT9y&Co};P8Y@=2q2o#2|rU(c+>B zq;qjWbLb?5#+dIcr!y{T!^yD0`Zpzl5EMjP1kj`!y^U*(eG$@vi#|&r^1c*E#0pG= z;=IY^i1p55W8nn}%z|3j1w@Id-=j5Yq#PuJ)3~$TSbAYHN3bR6(jC>wWW|vL*hZ&g zw5jZ@G*-Plu>(OY+GpmZtVhF{w6emUgR?g5tZA%%iIR(!#9Az9FRV=nI)to?cY%bg zt(QYNOy-_tVAk;tHAW(x)yFuez<80$h<83B$k!&#)FOlz{VJJ_W_syLrBx@e7Ma)Dzq z)k!P_*&#w5=4DEseG~y?3e{(fj?P&nkts6koT(lmu%pHoD7_JMIch-VOVV6S2}x&@ zO2DFBpkb@V+UMmeL8)+v07)|Z6p9hVKnAT?#Vq!8n}6Bbn5dMh$JZE@&bfF(9fLJl11VMN z){oXSNUlM$4N@)Z21yzu)gV<~)F5Glb+9@b+NP>p!QvVq&{0WSt%W(QhgP24Nqq&Y=JR zCkc^5af+=~du zO^Ts|Wl&6mqU)^?MH&?KtBVSLSL+ueZeq5j z`Ys0YHi2Jp$TjykTb| zC}o2M(o&*#KB4xqLjw(J*Pym9R*9T4#T;@_)=M!KN$0?VG3ppniaRvapurcfhz1~= zba08agTR;_WrF(9Z&i$HhekDM_&1>piPTL~Qb<8(8?-?U7IoCgi{;!wX~s2Z>Q&t| z*nP{3*2yLnQgZA|Dv%3$AZMeM=!^9=@1n|UvB3(0{Kj;v@A=W8MQxo+6p{_jC)P|J zgTdJAM!#A8lGCgZqXpCuT~H2!a)F65Dk(4|2K<&)6su}7fwq=KC1>i}XABe&LuPCG zD|r?CH?F6_y2EM#7ef$?7#Ipb(Z&>&UFomTa>?G-yl!;Zpo0dj zyGj{}O3A`DrBL5Y#Aw8l$kyl+#|>6BhHe__P0K-s1j!eqzzVztNdlrwP1`0{ zp98odtp8#|2n~U22y8=O8Uo!ANJF3+0&WPXA*k;M^#Q>(=xl?o4zC+@az&=(=+Hw7 zF6xvFmaM$Z$!bsra>dsPbwel()s*qCI5r4Z6Ga_O1|L%0$v9SoqCQQkQek#N^X}|DnzaBaEhhUEgY%flXa%mr+beSU?IchL z0a8{(i5=upPqJt*XXm06ldA-T?i)+tiW4Xy8sltoL8M4XD#lna6cOt7cOv)|L_w>y zbt)S}RFh{^DeO!DiN!Gc)NR33pW}WNaf%J(i#V6rDMQhUwON#SumA>lNA<<9J{i_G zL+a2YstQR~of=F~>CD?=5NZfnst_1%Oh+B9JzL6N59rMs=&Q=9#?+X+yTaq$yPNo(f<>1cI59kBXt;)zofgZ4zu14XoK0>tDjp|~QhzTi;j3)OwAth!H?=#nIe zXa6`x;{=peQP3pt_z;aoHYiz-q~iote`l{{r*_b zy)R#vl$7$F3k7R+$Uwv@07JG~AWH`{QRiE~34J1oF%caWC{%Mhl8M@I1e2LaLI)&~ za=#^=LeZ)qaj}#GMpL+e=lWAOPSH8pkzhjt!_QEEW7=hjg)O7888HX+2}IW{fh69= z+-C++J+X;vNNhu58j_j;Dh*Y^YP--&)D5hSS-8X)oN>{kO~{6Q@)|`cy(29RY1NRf zI#NR#n@+{woT?0@oQ+)nFMtwKv0ifFh*DD|l2JR-t|4t3(lviq|4!6aCJA%JAW9-g zF$fe*#ujb7(<=55grSBEHdJp(ziD*=gI893QYnDV(fI%h87(QNGuA9>GWi*Kx?~?Rb#7}$dR1FDWNMxIoy@hN3aF5kV1g?lGg@#ZTI)?D z53$a*h2Oama?+-zHUo;v#l*~Ht#`o2u_-lzcRxzNKY%HMF4;LBV`hm(GO=S-3=|!T zDyc&V$#O%M{s7kSpdI*nM6n@2R9>7&W{h4ud(pi$)E~$qs{RVY*$m>9v#1pji+D;d zlk&m#7Lh-gRV;`rm;h5SB*BWx(HQn%SwK_lFTGa(0Zqf0AQEH!4-v9T!J42^qGTPt zA$0vc+L}M8c~Vf;CdbA2fGR?k6k(Ks>7mO8bQ5uvn){4Zd^0CLRJ A%m4rY literal 7511 zcmV-d9jM|TiwFP!00000|LuHRZyY(Y=DU7H0sElcV>A#K1}}?t1IA#4G;nqX*gZ(> zo4{*#&5nUz_x-0h3p-Ur)EG8ha7gTdg(DF63=+Z}%MZ}VaIA>SYN zcenp@r+5GMKQ8>wFa1rv{q^BD|6!m1c}Xq!hr8?j?Subt{l8xQ-%Gf<@cY{j{(kRo zA1+mk@9O8Jw0JcZ<^d~m8-FE z;a~dwZOZ?;zPbB#A1|RrYEiZJwg0(AwU{INaCd)y_s^Uz-~4BbvE)c?O%>2i{uZtcX5N`xEQVLmWo^ZsSv_ z_lN7l`*6q)m*5Zm0des8CcjxUwa_)S(Bjo98se7L(a=l(Yku%4=eO5y?oz(F{2$7dXkZOE*JF*CGs}QHyYOES?0ML&T|D974`ox_EeZJe;S} zxHu1Y*Y~+xAM(3lQ>ev?&}fG9(D0M{M-Ax^giZ8{TBb?MU4T_ zw&-3jn#@+Ebi`)Kg}`@5TT4s*nU)64Aha~7rYp{=bW1}(?phi&RZGi|oOq0=iLa*8 z#a|x$U#|alcbhL^;x7I#*Z=44O}>P-r6E!`Ee)Z1EzMa=ON0H{mInK)rDZ%%W{mjB zTur5mzT`jT*ca)zd*9#g-@UJ5&9(;&l(TJr+S+@8RqbNy_G26l`Tk*lciWFF(_vqS zNcldO-Q^+Ql*`@2f4$ASX)-;z_V@Yl{^nuYBQR8qC(xYR{vqF=V>U*(LwB6`_D*xC zz1ZK@ef9{SiQxL}ectSNpWnUT-{-@UH7&Z{9UhK-=M*0wQ|Hp;@+5cnQYp3J<&A*(lADx^SN2dSSSmv9%ySJx{H%?`cIE@;qI(X7N z#*TfDkH|L?w`AAyRR=|OIrFi@;Gf9$PT|rFQt-uJe7t+}_9j2%baH4{fx2Vz*Zgq3 zPn&J%_X&^Nem>tyaoFGfdXpdSZd-C4tH~QoDvd#J37mY-|u+qUxQ~n?>%QkFa5Rcr2CKeZ*OwvIDh@^?(lG3 zS72~~9STxsdUum%GwC{$n@RoBU-R#mxAw-zWjz|l{2o0Cyxc`k4$-=s%5wGls@^yC z!Q;j)bQA=~+10LZ-yeQEc{uv_XtwM?zz zSGCD5o2XT4W5?HqW1pkD>prD}!xVNOJ+xLQ@v?gJqknp}?bT+|objAb5o+m#|N7Tg zj|Uem>sHCB7CU@K7Qsx*BaW^rB)oMvvk!S(3fu~& zgVt{M*g^@h1Mcy>7|;`Rs1%+o+VOP)*RO;X^IwZmt55JK>hLJ;fu<$&q_!$)4%cGW zJd}=gbTWn+(5m`0HISIAah<4Q%~NTtl@{IfnC!+{T>-DDbOIRR1Q_827~y#SA0F;6 zRxhc2@Dt(UCf}ZiTb6+L;o*L?*%2`r_VvT{|Ms`P=1aJI^PdsstxKTgJl%&&d<10K z?zhBTR=CLtoH1T8wvN;ZNjmLv{vI)QS;l5n*QY#a$z#F1k=!(g)`6hyN!Z{0lxv#-rtR&i{mdeb<$;9q{oaoZYAcP5SkoydF2rQVA+ z*lcfQ`F!HfknnSEV^G`n%Ks5jK4F-?d38hhT%+@&OLgX2Imq;MHk-FzKCa9Rtb2s$ z^e}ufE{Y>m@W?{b<10Xa^lW%4)VY>xiJlQ}pl7tg*y@FA4zHbD9!@Ts^q90A6fik{ zKDkn{IeRUsji&>hz5EZH`aD5%<{C!w1o@_0Iv#KCPw4h~+X!2BEt{4%k%qDD^|_5w zujQNDq#mF{>Pj8@yawIlTfZe;X*Mp-wV}%PN5=mHLsijVKeE{FtR;Nnps!AjoW;zx z7VV=P$Fvo8W7m`5zQ1*Jl`p#Li2mX3GQ#WH z@o|zm>z``zSl@rvkN*C8Qqg@3>N(_hUDcfD&}pjrW!Arnw9TQL&9Qg=tl{TO_?qq0 z(!OJTR7I^_Qq@GGh%MEDTWYZ%v!!9gw!4*AR^#pb>f%IAHTS2Lq2FifFiR$m|9-s~SX*4^)4Zw$DgSPwcipBcC}rTyHH_DeI` zKWaoHlbJc~*T&TIIA=yj9=(drnbWA5R=1`iN&5lx9RAtRVVA*XVuw5VUs~5?F}|F@ zq&|PQbv^Rbnm)HGLTj#0?HI8~X_hJ;tJSJfby>~TX2;~E7O^*CH6%UtJx7DC@XpJc zw|cTn$H3r_-*t(Iv+uwAs;GU>?eVVTIQrkc4~OftFQrngdTiOrT!0PdG$-hD9cLBm z#Xgm(+Vz@itsj_eb?N_&TZ_J$`sT)2Qmi)4M>X*~ra8*|`W(TC$f*`a_FDXt@4@^Py_!m6t*J5gRO%kF=1y-! z^wt<(L;$#0{r=z(VR{@`gY<_D0RHd^Ng=0+i`6g&e-_~*f}cY8$KTO>yzf{u8_z%7 zJ@}g^jd=vlfBv-Y$6pS>s?M4i;wAFt+>qX8{4 zkqAz{@zYFcnVCeZESV+2@3Z^WJK^RlAwBVx@Uhp#4^!^<`jzlpzvU|-uU*X1Wq(>O z_RKLY^mZ}(+0vVE8~ z&P{a$J%$XBOTF5~h>JA2?dBf+pPxEwSMhX4qu0U3%J($0!)M?(cro0_dS5+N%!FM( zg5pzFcG_^ml9cy1@&5grMK1AhRr5dl6^q}ognna?t*m`qp0K#i+CQGKKb<)p5AWYB z&I@c6t==+f<@&r+k1}16%MoM1&Am2oJ+8^I=jpCFKFI1RU;kQ<@9o`>Xs`7+k1m(1 z+iL^6?x&5TvN~EZ+vhT_59W^kI^O5^hr5UCxA%9kKNaeWDK43+^TyZ{@E_PRJ%?$n z>gOaie$s3@#$Dz>$8^*&&ehc!>SB6x_5c0mpru}hbpH>|CoRS-Ai-!i*axrw3`Gv=g^C7v2zF9&^b z)Bvrv#7qZTbuXK%efZICGu3G|-`JhvUbfnvzJls0M|gY%Rq*ae**$q`(;C-x*R3&K zL0Z%0oNLt@-4%HGq%Ud~!wn=f7M9QYhFgQJ>7HrzG8bLAHCuT!UBlQ%Tx(QUupgB{ zOl!K#dC|iRM205g#$)ZzI$^KW`1f!hEXdPxRVaKXrZkQUzhT#v5B}%hVISBxI zjE-&azUFJV;FUtyv2IvC+i*4qE5$|(L6LSLBMKOUK}jeU&5m8ereWLt{h0 z2pPa7O9rh5@m>e?9Au}cQP?Q>%;U0T#H0) zDvpdtw==qqV&t1is4&=SpbBD;K(T0X(FD@DxS%<75<+9lH*8G?A#3a9(Aux=7|7Ji6x9Qj!3C9UHpxR&Nvt=j zItGOLhZ_WH5NbDQoNJtIoN1hHoK#7j8YFexIBFa=4jSt|o20?|5S?fYvFL0HXU|#} zRg}+Cy!4XFGm$o#9da_fJ~vM-7 zwR6Q{J|5rCdmaG{6wFp~$|aCd=xqcMU3>@vusG76_f!%aU4RmRjztQ^2x1_ER;*$c zdwR@2@7aXpFhyMya*Y!m2ee|6c!^vbt9lw((;&G9$u>x}tQ#b0kW_G~-XWuA(yFLpY=9jyHOSB)W1VGJ{6ixq2}%kp5~CeM zVT#sqBuX9%i>t6G)?=CZ^9>p$TPe}Hq&c7$RU)IwIhho+MX8u5vV8u5g>nhODzCja z1U^z1Le~JQC>OeGK63qI8f5)>2iG25qENhxoJ(-gdKXf%;Ij@UmVR*k>Tv@`5WSl)#$NB#4E9 z7?KVtp<$o(4)sx(XCia*fsvF2LFEyw7YD|QF%n!#*6&a+1$riOYXfY+kn+h$);eLy zx(MU~NY2p?H8-f~S<3Fo*+j;&B2(CvsI&(o!VUtIutO~s+`{^nG(ub7O4uBbtd?xS zknsf}7H4WY1cc%gRiq2Gem3F;&M3huvaUoe87#y^MN9E0QP;eX&Jv!H$k7%PlLXW{ zWGs>-vRA}WlQzk@N#y4zdhkeMkR4bTQid2ZDy@R8iSdEW4h=M@U4z;_+esv^O%j{M z7nfO+a}mV(R77R%*zM3zg9e}dM10mxtg)%0eTon{81P7(bSNIx4vlKi@OLqp;;iz_ zD%nWR*(kYKD?Uf^?6Wf+lxAFmre4)egWb10>p3}Qr;4SL8C(V~u^5Dci8QkbT_y}# zY_NhL-`U)R*emBFa)KPlvx0(FOGM*i;r>!<>ARhuLM}lR0MY5NZ9bHytSnC@QcLhf%ZvgDMLZ2UJq>QlI z$e<(b#03_MR+7eIY_VLjw_W`1ut5h6T6d8$5|xsLZAziOnTXMdrQWV$iPVv+1|2t8 zr!jOBCX?A)V=dRWh@@R`kl00|lA@ZnO|Cu%a6?%C#fA_X0@o1OhQKrgx*?E;Ks5y1 z5Ku!<-w)~of@{#(23;LqH|XTT+ECM+REj0VLa6{a(O^U3ivME8*9mn)C=Jz=@y|Fm zMvY3TWU{voh;$KaQ%X9Mu|QN|c0%*T#t#6Bqj<0;>kJsgOMQyYK|!ECH&NB$?H3u| zlK=x-6_kjNi6hqMVN6&r|3b>5uM!ZtFD(UP z1eM99=mbf5Z*s{B1I9!yyY74^g0CQoI5rVNQA))^!6@KR(5k3XbVRv3f~h{oeHC#O zMJ!x@?Vy=*vQ{e>od+Ks7frOI`eIn04C|XAb?6b*hr{}E*gYN6@!j!D3F&}XXCQ>) ztmaivj{pF30Rx+`z&{Q(sfKB2sW8_3# z8bcR#JP&!bC+lJ`*2e1pJyVe46Q^Q8k*F?6t2V3Pxri(bkS#%uMroZ0m1S`rY);~0 z=~5`@`H5}CFqQ<$qBR&SYHcVa%_%}D*!?DpR87sP;`4J79Z*4JWxaDnC4)966BH_I zy>dX(i_XtgeC4tx6;s3n&asG!P6r03RYJ%LR(|DVbut4q}{f9gsxIeNS@=#6=VoD+DO2-ifV?0$Oqr zn_)+S4G9cCL;cQXmqL!ZrgLc>16ffz#FBGHZxp-SX9iJ?*u*s?wjnVMNzDM2hN@t- zUFbQ^EsBod9oVF7R+x*RFHtESG;k5xk(P$EYDm{PQbQV>Zi?UCRO`=aY80Syu--*& zasou-ef|H63cDR?*O0ai>6*W*|0L5^^>+@KqE`u3(r6%3Dy{^SWElns!cap78>+XY z?|Ql%V=zIYiy;u$s1c|JB35EbsRM4w@Sk9!N!5fv2vQ(>pMxu;MWKxWfygcu|i2ay37 zl}1*WmD1SnZ;L;GDx73P4l_~b^qfx7I`p3FZ_{+@($C3qLzaF3ZIBBkLH(JYCiEm( zE8`Pn2v!{1{w8eI52O(*%DW)eD($%bcQF)HcDV!wtgu0^5&6NiqJm+seEoHyXws=( zO^_6LL-kjOs=xGF{R66oGTY*{PpBxc)|x92CggJc(IxZ=9c0Z9s-EOPp`nn;WT&ZU zVpbtb@Vami-CxbE{ee|v9O`0`lPV>cV!f(KliL2J3gdbjG{|}`u&oF75002RK+S>pC diff --git a/creusot/tests/should_succeed/insertion_sort.coma b/creusot/tests/should_succeed/insertion_sort.coma index fd18bc1ad..e7a4ce0a5 100644 --- a/creusot/tests/should_succeed/insertion_sort.coma +++ b/creusot/tests/should_succeed/insertion_sort.coma @@ -23,13 +23,13 @@ module M_insertion_sort__insertion_sort [#"insertion_sort.rs" 21 0 21 40] let%span sinsertion_sort21 = "insertion_sort.rs" 19 10 19 42 let%span sinsertion_sort22 = "insertion_sort.rs" 20 10 20 27 let%span sslice23 = "../../../creusot-contracts/src/std/slice.rs" 245 0 354 1 - let%span siter24 = "../../../creusot-contracts/src/std/iter.rs" 101 0 213 1 + let%span siter24 = "../../../creusot-contracts/src/std/iter.rs" 97 0 205 1 let%span ssnapshot25 = "../../../creusot-contracts/src/snapshot.rs" 52 20 52 39 let%span smodel26 = "../../../creusot-contracts/src/model.rs" 106 8 106 22 let%span sseq27 = "../../../creusot-contracts/src/logic/seq.rs" 316 8 316 41 let%span sinsertion_sort28 = "insertion_sort.rs" 8 8 8 72 - let%span srange29 = "../../../creusot-contracts/src/std/iter/range.rs" 23 12 27 70 - let%span siter30 = "../../../creusot-contracts/src/std/iter.rs" 107 26 110 17 + let%span srange29 = "../../../creusot-contracts/src/std/iter/range.rs" 22 12 26 70 + let%span siter30 = "../../../creusot-contracts/src/std/iter.rs" 103 26 106 17 let%span sindex31 = "../../../creusot-contracts/src/logic/ops/index.rs" 56 8 56 32 let%span sindex32 = "../../../creusot-contracts/src/logic/ops/index.rs" 45 8 45 31 let%span sslice33 = "../../../creusot-contracts/src/std/slice.rs" 257 19 257 35 @@ -39,19 +39,15 @@ module M_insertion_sort__insertion_sort [#"insertion_sort.rs" 21 0 21 40] let%span sslice37 = "../../../creusot-contracts/src/std/slice.rs" 29 14 29 42 let%span sinsertion_sort38 = "insertion_sort.rs" 15 8 15 35 let%span smodel39 = "../../../creusot-contracts/src/model.rs" 88 8 88 22 - let%span siter40 = "../../../creusot-contracts/src/std/iter.rs" 86 20 86 24 - let%span siter41 = "../../../creusot-contracts/src/std/iter.rs" 92 8 92 19 - let%span srange42 = "../../../creusot-contracts/src/std/iter/range.rs" 33 15 33 24 - let%span srange43 = "../../../creusot-contracts/src/std/iter/range.rs" 34 14 34 45 - let%span srange44 = "../../../creusot-contracts/src/std/iter/range.rs" 39 15 39 21 - let%span srange45 = "../../../creusot-contracts/src/std/iter/range.rs" 40 15 40 21 - let%span srange46 = "../../../creusot-contracts/src/std/iter/range.rs" 41 15 41 21 - let%span srange47 = "../../../creusot-contracts/src/std/iter/range.rs" 42 15 42 32 - let%span srange48 = "../../../creusot-contracts/src/std/iter/range.rs" 43 15 43 32 - let%span srange49 = "../../../creusot-contracts/src/std/iter/range.rs" 44 14 44 42 - let%span snum50 = "../../../creusot-contracts/src/std/num.rs" 21 28 21 33 - let%span srange51 = "../../../creusot-contracts/src/std/iter/range.rs" 15 12 15 78 - let%span sresolve52 = "../../../creusot-contracts/src/resolve.rs" 54 20 54 34 + let%span siter40 = "../../../creusot-contracts/src/std/iter.rs" 82 20 82 24 + let%span siter41 = "../../../creusot-contracts/src/std/iter.rs" 88 8 88 19 + let%span srange42 = "../../../creusot-contracts/src/std/iter/range.rs" 32 14 32 45 + let%span srange43 = "../../../creusot-contracts/src/std/iter/range.rs" 37 15 37 32 + let%span srange44 = "../../../creusot-contracts/src/std/iter/range.rs" 38 15 38 32 + let%span srange45 = "../../../creusot-contracts/src/std/iter/range.rs" 39 14 39 42 + let%span snum46 = "../../../creusot-contracts/src/std/num.rs" 21 28 21 33 + let%span srange47 = "../../../creusot-contracts/src/std/iter/range.rs" 14 12 14 78 + let%span sresolve48 = "../../../creusot-contracts/src/resolve.rs" 54 20 54 34 use prelude.prelude.Snapshot @@ -152,7 +148,7 @@ module M_insertion_sort__insertion_sort [#"insertion_sort.rs" 21 0 21 40] use seq.Seq function deep_model'0 (self : usize) : int = - [%#snum50] UIntSize.to_int self + [%#snum46] UIntSize.to_int self use seq.Seq @@ -167,16 +163,12 @@ module M_insertion_sort__insertion_sort [#"insertion_sort.rs" 21 0 21 40] function produces_trans'0 (a : t_Range'0) (ab : Seq.seq usize) (b : t_Range'0) (bc : Seq.seq usize) (c : t_Range'0) : () - axiom produces_trans'0_spec : forall a : t_Range'0, ab : Seq.seq usize, b : t_Range'0, bc : Seq.seq usize, c : t_Range'0 . ([%#srange44] inv'0 a) - -> ([%#srange45] inv'0 b) - -> ([%#srange46] inv'0 c) - -> ([%#srange47] produces'0 a ab b) - -> ([%#srange48] produces'0 b bc c) -> ([%#srange49] produces'0 a (Seq.(++) ab bc) c) + axiom produces_trans'0_spec : forall a : t_Range'0, ab : Seq.seq usize, b : t_Range'0, bc : Seq.seq usize, c : t_Range'0 . ([%#srange43] produces'0 a ab b) + -> ([%#srange44] produces'0 b bc c) -> ([%#srange45] produces'0 a (Seq.(++) ab bc) c) function produces_refl'0 (self : t_Range'0) : () - axiom produces_refl'0_spec : forall self : t_Range'0 . ([%#srange42] inv'0 self) - -> ([%#srange43] produces'0 self (Seq.empty : Seq.seq usize) self) + axiom produces_refl'0_spec : forall self : t_Range'0 . [%#srange42] produces'0 self (Seq.empty : Seq.seq usize) self predicate inv'1 (_1 : Seq.seq usize) @@ -195,10 +187,10 @@ module M_insertion_sort__insertion_sort [#"insertion_sort.rs" 21 0 21 40] axiom inv_axiom'4 [@rewrite] : forall x : t_Option'0 [inv'4 x] . inv'4 x = true predicate resolve'2 (self : borrowed (t_Range'0)) = - [%#sresolve52] self.final = self.current + [%#sresolve48] self.final = self.current predicate completed'0 (self : borrowed (t_Range'0)) = - [%#srange51] resolve'2 self + [%#srange47] resolve'2 self /\ deep_model'0 (self.current).t_Range__start'0 >= deep_model'0 (self.current).t_Range__end'0 use seq.Seq @@ -242,7 +234,7 @@ module M_insertion_sort__insertion_sort [#"insertion_sort.rs" 21 0 21 40] predicate resolve'3 (self : borrowed (slice int32)) = - [%#sresolve52] self.final = self.current + [%#sresolve48] self.final = self.current predicate resolve'1 (_1 : borrowed (slice int32)) = resolve'3 _1 diff --git a/creusot/tests/should_succeed/insertion_sort/why3session.xml b/creusot/tests/should_succeed/insertion_sort/why3session.xml index 2d6fe9322..4d447872f 100644 --- a/creusot/tests/should_succeed/insertion_sort/why3session.xml +++ b/creusot/tests/should_succeed/insertion_sort/why3session.xml @@ -27,28 +27,28 @@ - + - + - + - + - + @@ -63,67 +63,67 @@ - + - + - + - + - + - + - + - + - + - + - + - + - + - + - + - + - + - + - + @@ -132,13 +132,13 @@ - + - + - + @@ -150,13 +150,13 @@ - + - + - + diff --git a/creusot/tests/should_succeed/insertion_sort/why3shapes.gz b/creusot/tests/should_succeed/insertion_sort/why3shapes.gz index e8cf922ab02492ae4edf9c94c968dbb8141350c2..2ec28b437929e637e88b85224e25873f59c12ae6 100644 GIT binary patch literal 2740 zcmV;l3QP4LiwFP!00000|IJxTZyQOHzVlZQ*n@V*7$6=Q`53eZ5E>BDhxK7+QP`W1 zk4QH?GN~phyZhfSifAwZ`0?Aez~Cz)1-EIn|^wm9(4L)`OE&pa&|wNF4O1x|Gxdd z8@SsVf{yOC52N%rpVgMVVK#f*yC44t41A9FPG-~lS=)ku18NTKomil&D8*wIH)PdqH2e5nMd4O)qwx%Vc*@^a zx!?t|aG2s>$IWJwobqfwpMBAK^XcC!perUm=<+klionL^WQ(r9zN^9 zc`v-%O?tZ(-?`fB?FoA!g6D!XN{fZg`OvEZwHbZD-WlXvga+YV*0oAs(0uBM;P z$lk72O^0&3qO?PEw?g`6AXsq6_6c`q;lhxU<4C^5^9h0Gy5yn5Qhmb;R^Pl0vc?W^_GqstX`HwK?6>U4grxx#kA(FtRd>3yC( zP3t24{e)obr$_yu^YQGn&fCN6ORs;Fm_=o7Xk!VJht7D1$g|-dA}vo=nGU zs0a2xUTfJ7EN|aWkZy?8hvi~mY_ysj?^lIew1Iy-5^WbR_q3IR zOM}qrV}3!qL-*`gzwUN^fN8zzhO4V?`ks0{K3KsL^uY~vF|u+;=umy_PNCF?_Q@_-SPTH_Rx{-FIgSg+vkqi z8Tl4bt5hIMe z3n^tVYKkdF6r3_x>sxlgWeQ`27|!Tv358nomVK4xr8o#Sm|`dw_O6bRBT_^>qifk) zDyig}n-733laUOyTAxZWZHyApTvQK+4T_?*1#(qJt0^=mriJFcv@wQ=KB9|gF97hl z2oefAuq_ud*?9nmIj93{W5P)Af{|RvRm=skwc={ZuGMOMwN4yJ2)z-sFWWJNGa0f} z6NyDNBB?g?IfPQAxfK|?%2b02jD`TUd1uJECV=8gQx3+_UZL6|BBpW%wT>-V9UC8w z`!>EZGy9OFkqua(1W1|^n;;s18urIiFbYHy{uCHGS`kL>|cLd-xRZ8k5q-rGvK}62ki*;;5%_{)%eKDwGQmZU# zh?q_F8U)3emNJpGD-8C#!vNPHX$9w#_)2UbH5Ye7*apF^c&QJ4c|&e*JwGuB9d-SFY)(5oLA zU%WJ?62x-?kGa2P2sBI1q3AeB3?>Ht0oa^zNuiKU=z>9OTyE9YP*nge`f+eE*dGVa zK?tEzqw1B2NNa6Ivx=|288Z$c2LB@wqNf60xg=8wwN!N#$tq*MGye2REt!rBL#AO54I8!@W)|vDchW&6mfkba!^}ZV3QLS5rKX<&cwkp zK+Q>sid2T=tV7H`^*@gJzGx%xUjnN@5^q@%i3O-+Us90jQZ2p_a$mR+%wGmCLTHYC z@(hBOlyazvOKT8-fl~hq41$XYJ;$>D5$3P72~tXkSql|KNu?!FDhOCiQNyAC6$cUe upK%cS{rt6JP@H9O$rmQ@37l6^RHr#;LF?W6ZzuSteEdJ9Aqt#VF8}~!EMU0+ literal 2746 zcmV;r3PtrFiwFP!00000|IJxTZyY(2zSplPU=P|IV*mytNCpS(0fYtw`mjFiEE0PY zf@IKL9=S?gRkFMP{UWp8FR9#Z%Y9N7Gaetm2u1``|M|D^;um?;#rU(%7n9laA7elM z+kcIgzsh9#`NnqUZu2mbxAJ+SUv6v%GN~Qh%1>|QL8l*7vBFT0Z!?5K0^);7ZCVY`BN2WDCH)8q2@ zjyLal3kAA(w|UsCVF&At_D`Et>HzMxPn%WO!Fn(K(`ZGHl&ASzr%RFfTz(%t=yZIu z(1&(2UjF{5s?*f~blW8x! z)cGY(TY>w>xn5yruD?D_=DOIpT?xQ}q1j@2$RhJ!Wxcu8>WZOH zPs>BBpKoAKVTj(S&F1?;yZG)&uDu@X?$9h|^QG4N`3muhc37b(M&4|~aim{h^e~$} z?%a?6!yE?>&IavR4My^)^G{DpSx#ot`&rw7FniSO+dHvfuc8zVSzMD&>Ts4?qVdKIrm(QqR8YOBRf#`rGpI zart~hYgl&lvy|DV#|K?%y)l2xoBVwLem3n%+h@I(SWKoL9&|aIc7TJapYQ)Q`=mFf z+xqVxW)GkB$ayck-Hp86h;Lo(^mc^35W#an8p&dz^FAh*0tEZPu?I(cGF|K5_nyZ( zT|CWoF`S?jL3!CglbW`v7dsy&#rPiUnTnqXW89&b@mtZ#!^D zyIHN$@v8iEM)r1Cr4HQfKxqebHz0j;Bv@d}_6c`q;hJMk4kP&z&nE=Zb;)D*ljq|J z*0aUW{<-33uMMreGPL$Iv>%Ux`ths6c};-qmaUht`IT>f#`i95J{IV}-;Ly-$H6G( z*KOrM`QQ1Ij`n`v$-_dgYOMBjJbClxxLIyX`Yr`leYdaHSC1}N*j*cZrl{NVW6c$| z3ye+}n@sQX>}gsT^7j*hp`RZ0gU-jZ&pK}pvoF2=L5|Z|wQZ(srPe=JsE<=&7e{v# z$Mx?akH(Yfcm;LO{>N)A`yXOpf=%h3WvpGb-D(g?^qmCvu*t z7sWsBwib@I7Iw*hEO6k9&&O`K`W#FpM+n+vYGqRGXz@iJFO6G29s4@0msgwL+**eD z;*|40ZVpDGzm;G51GYD=*srj7yu%H)6QbjVLvkYaQkOXz6%Pii9uof9K6I^v!;xqW z|8OMQEMD$ugM&+h(C{+9pxr@u_ARfv9Uoy@t%l>(p&Rj05LTTqbikWV7>)*;wfcIn zxzHkq?Hq>rJRPI=@An4ZzEiJf-n;$9BPmOr-50QQdkIO0*r7iUVR#n?9&p1>XWc_c-s1PJEOZ)={>wySGTtI^w52k-o*~HmD#7r{V|H}-t{SEht_vxqMS>Hqkx~C z%R1|ypUL{Nvim4tU4h%PBV#{^zpULsyd90aHY~+!5sS!Zi?iwgDwb?=iFwSN0BqtE zl20yC!ekR9Gh%PNZPsxso=h;Ru~=WIwBkXajKQRMM$ZOgP%>4@&a-ep)2ITd7YWga zF<=6l0M6+`VH30&Fc}~SIxM+RL=tEUFb0=^E~+;hjjAPX-b9XB3?VsUir!Y_IEI*j z6NCi*f&~enj!Kgj$WsWeWQ~>31*{xpY#~|mf{`dS#tgnFHz6k|PMUK<;Htp@y%F$N z*vag(FU5ejcEy7i@#O!vC^$7t zULcelqASt}IH)3P(W+zXlXYKVFt7ygq%j6;!P#O!)o0(34M)ji%gKhXvuT7%@ZOfF zVx8rFr$~mO#LSue7(+sz&?TgVn9wGKgeKYe?A|3?)09hg)woElW~o*}p&qz%W1>Wu z$R>hBCSgp-U+u-XR)URIyU1l3RWv71V`XKG!{q1ni)!Q0Iolt4w5s8;ve?{iX_4+6|4!8#XD`SaA9LB zy4t6@v){l`4Zd<|5~FbRg+N*mME0Z%>Rf*c@EiF;4aWPJu~^Y6IcUkTMv5)87NqqD zWM%W4xDx>?J{wzntfa1i$*pP?ZX6oNv5U!Zav?dNoJ)?9!*2;db1RUm186m%@hu>T zDdH8ih``uW@|e6$9+EfT)OE|6oi+@yYU92ic`ioKW3DJemIh40rT{6JjKmPtIKzf51jw08@SbV_16-B*TC{TaI(UjUg(}Ed zd@H_qwjPn1vr?OsIA)VVOo6|PcMq-~F-t7LgL74ha;y?f?vJg}F;ikpY!k!x!eC-` z2sSYE^)XV2p+a?4ND3m?0fSHMzB>{%G3Mq%rdrV!El_MTP|%iU3uAxX;P6Udf(AE? zF{FxKV!%o+L{;CaRU-qK_qxtXKK}}@p$2_fy9MmxSzRf5* zs+rC=xF3MC8L%~EC@2tPB@>!AR=`JPhw)mY|BO=?xV6b2#*v2)%lZ*mpwJ79W?JI=$ z(tpJPF#Ts7F#Uf1S~0LqEfP{x&#q}yE!lYX Seq.get (to_mut_seq'0 self) i = Borrow.borrow_logic (index_logic'2 self.current i) (index_logic'2 self.final i) (Borrow.inherit_id (Borrow.get_id self) i)) @@ -825,19 +821,15 @@ module M_03_std_iterators__all_zero [#"03_std_iterators.rs" 28 0 28 35] function produces_trans'0 (a : t_IterMut'0) (ab : Seq.seq (borrowed usize)) (b : t_IterMut'0) (bc : Seq.seq (borrowed usize)) (c : t_IterMut'0) : () = - [%#sslice33] () + [%#sslice29] () - axiom produces_trans'0_spec : forall a : t_IterMut'0, ab : Seq.seq (borrowed usize), b : t_IterMut'0, bc : Seq.seq (borrowed usize), c : t_IterMut'0 . ([%#sslice27] inv'0 a) - -> ([%#sslice28] inv'0 b) - -> ([%#sslice29] inv'0 c) - -> ([%#sslice30] produces'0 a ab b) - -> ([%#sslice31] produces'0 b bc c) -> ([%#sslice32] produces'0 a (Seq.(++) ab bc) c) + axiom produces_trans'0_spec : forall a : t_IterMut'0, ab : Seq.seq (borrowed usize), b : t_IterMut'0, bc : Seq.seq (borrowed usize), c : t_IterMut'0 . ([%#sslice26] produces'0 a ab b) + -> ([%#sslice27] produces'0 b bc c) -> ([%#sslice28] produces'0 a (Seq.(++) ab bc) c) function produces_refl'0 (self : t_IterMut'0) : () = - [%#sslice26] () + [%#sslice25] () - axiom produces_refl'0_spec : forall self : t_IterMut'0 . ([%#sslice24] inv'0 self) - -> ([%#sslice25] produces'0 self (Seq.empty : Seq.seq (borrowed usize)) self) + axiom produces_refl'0_spec : forall self : t_IterMut'0 . [%#sslice24] produces'0 self (Seq.empty : Seq.seq (borrowed usize)) self predicate inv'1 (_1 : Seq.seq (borrowed usize)) @@ -860,7 +852,7 @@ module M_03_std_iterators__all_zero [#"03_std_iterators.rs" 28 0 28 35] use seq.Seq predicate completed'0 (self : borrowed (t_IterMut'0)) = - [%#sslice36] resolve'6 self /\ view'3 (view'5 self).current = (Seq.empty : Seq.seq usize) + [%#sslice32] resolve'6 self /\ view'3 (view'5 self).current = (Seq.empty : Seq.seq usize) use seq.Seq @@ -890,7 +882,7 @@ module M_03_std_iterators__all_zero [#"03_std_iterators.rs" 28 0 28 35] resolve'7 _1 predicate resolve'8 (self : t_IterMut'0) = - [%#sslice37] (view'4 self).current = (view'4 self).final + [%#sslice33] (view'4 self).current = (view'4 self).final predicate resolve'3 (_1 : t_IterMut'0) = resolve'8 _1 @@ -1000,8 +992,8 @@ end module M_03_std_iterators__skip_take [#"03_std_iterators.rs" 35 0 35 48] let%span s03_std_iterators0 = "03_std_iterators.rs" 38 20 38 31 let%span s03_std_iterators1 = "03_std_iterators.rs" 35 30 35 34 - let%span siter2 = "../../../../creusot-contracts/src/std/iter.rs" 101 0 213 1 - let%span siter3 = "../../../../creusot-contracts/src/std/iter.rs" 107 26 110 17 + let%span siter2 = "../../../../creusot-contracts/src/std/iter.rs" 97 0 205 1 + let%span siter3 = "../../../../creusot-contracts/src/std/iter.rs" 103 26 106 17 let%span stake4 = "../../../../creusot-contracts/src/std/iter/take.rs" 17 14 17 39 let%span stake5 = "../../../../creusot-contracts/src/std/iter/take.rs" 31 14 31 50 let%span sskip6 = "../../../../creusot-contracts/src/std/iter/skip.rs" 14 14 14 39 @@ -1010,38 +1002,24 @@ module M_03_std_iterators__skip_take [#"03_std_iterators.rs" 35 0 35 48] let%span sskip9 = "../../../../creusot-contracts/src/std/iter/skip.rs" 62 12 67 74 let%span sskip10 = "../../../../creusot-contracts/src/std/iter/skip.rs" 32 12 32 33 let%span sresolve11 = "../../../../creusot-contracts/src/resolve.rs" 82 8 85 9 - let%span sskip12 = "../../../../creusot-contracts/src/std/iter/skip.rs" 73 15 73 24 - let%span sskip13 = "../../../../creusot-contracts/src/std/iter/skip.rs" 74 14 74 45 - let%span sskip14 = "../../../../creusot-contracts/src/std/iter/skip.rs" 79 15 79 21 - let%span sskip15 = "../../../../creusot-contracts/src/std/iter/skip.rs" 80 15 80 21 - let%span sskip16 = "../../../../creusot-contracts/src/std/iter/skip.rs" 81 15 81 21 - let%span sskip17 = "../../../../creusot-contracts/src/std/iter/skip.rs" 82 15 82 32 - let%span sskip18 = "../../../../creusot-contracts/src/std/iter/skip.rs" 83 15 83 32 - let%span sskip19 = "../../../../creusot-contracts/src/std/iter/skip.rs" 84 14 84 42 - let%span stake20 = "../../../../creusot-contracts/src/std/iter/take.rs" 65 12 65 88 - let%span stake21 = "../../../../creusot-contracts/src/std/iter/take.rs" 56 12 57 92 - let%span sinvariant22 = "../../../../creusot-contracts/src/invariant.rs" 34 20 34 44 - let%span stake23 = "../../../../creusot-contracts/src/std/iter/take.rs" 71 15 71 24 - let%span stake24 = "../../../../creusot-contracts/src/std/iter/take.rs" 72 14 72 45 - let%span stake25 = "../../../../creusot-contracts/src/std/iter/take.rs" 77 15 77 21 - let%span stake26 = "../../../../creusot-contracts/src/std/iter/take.rs" 78 15 78 21 - let%span stake27 = "../../../../creusot-contracts/src/std/iter/take.rs" 79 15 79 21 - let%span stake28 = "../../../../creusot-contracts/src/std/iter/take.rs" 80 15 80 32 - let%span stake29 = "../../../../creusot-contracts/src/std/iter/take.rs" 81 15 81 32 - let%span stake30 = "../../../../creusot-contracts/src/std/iter/take.rs" 82 14 82 42 - let%span stake31 = "../../../../creusot-contracts/src/std/iter/take.rs" 24 14 24 68 - let%span stake32 = "../../../../creusot-contracts/src/std/iter/take.rs" 41 8 41 29 - let%span sseq33 = "../../../../creusot-contracts/src/logic/seq.rs" 611 20 611 95 - let%span siter34 = "../../../../creusot-contracts/src/std/iter.rs" 38 15 38 24 - let%span siter35 = "../../../../creusot-contracts/src/std/iter.rs" 39 14 39 45 - let%span siter36 = "../../../../creusot-contracts/src/std/iter.rs" 43 15 43 21 - let%span siter37 = "../../../../creusot-contracts/src/std/iter.rs" 44 15 44 21 - let%span siter38 = "../../../../creusot-contracts/src/std/iter.rs" 45 15 45 21 - let%span siter39 = "../../../../creusot-contracts/src/std/iter.rs" 46 15 46 32 - let%span siter40 = "../../../../creusot-contracts/src/std/iter.rs" 47 15 47 32 - let%span siter41 = "../../../../creusot-contracts/src/std/iter.rs" 48 14 48 42 - let%span sresolve42 = "../../../../creusot-contracts/src/resolve.rs" 54 20 54 34 - let%span sboxed43 = "../../../../creusot-contracts/src/std/boxed.rs" 28 8 28 18 + let%span sskip12 = "../../../../creusot-contracts/src/std/iter/skip.rs" 73 14 73 45 + let%span sskip13 = "../../../../creusot-contracts/src/std/iter/skip.rs" 78 15 78 32 + let%span sskip14 = "../../../../creusot-contracts/src/std/iter/skip.rs" 79 15 79 32 + let%span sskip15 = "../../../../creusot-contracts/src/std/iter/skip.rs" 80 14 80 42 + let%span stake16 = "../../../../creusot-contracts/src/std/iter/take.rs" 65 12 65 88 + let%span stake17 = "../../../../creusot-contracts/src/std/iter/take.rs" 56 12 57 92 + let%span sinvariant18 = "../../../../creusot-contracts/src/invariant.rs" 34 20 34 44 + let%span stake19 = "../../../../creusot-contracts/src/std/iter/take.rs" 71 14 71 45 + let%span stake20 = "../../../../creusot-contracts/src/std/iter/take.rs" 76 15 76 32 + let%span stake21 = "../../../../creusot-contracts/src/std/iter/take.rs" 77 15 77 32 + let%span stake22 = "../../../../creusot-contracts/src/std/iter/take.rs" 78 14 78 42 + let%span stake23 = "../../../../creusot-contracts/src/std/iter/take.rs" 24 14 24 68 + let%span stake24 = "../../../../creusot-contracts/src/std/iter/take.rs" 41 8 41 29 + let%span siter25 = "../../../../creusot-contracts/src/std/iter.rs" 38 14 38 45 + let%span siter26 = "../../../../creusot-contracts/src/std/iter.rs" 42 15 42 32 + let%span siter27 = "../../../../creusot-contracts/src/std/iter.rs" 43 15 43 32 + let%span siter28 = "../../../../creusot-contracts/src/std/iter.rs" 44 14 44 42 + let%span sresolve29 = "../../../../creusot-contracts/src/resolve.rs" 54 20 54 34 type t_I'0 @@ -1108,7 +1086,7 @@ module M_03_std_iterators__skip_take [#"03_std_iterators.rs" 35 0 35 48] use prelude.prelude.Borrow predicate invariant'0 (self : borrowed (t_Skip'0)) = - [%#sinvariant22] inv'0 self.current /\ inv'0 self.final + [%#sinvariant18] inv'0 self.current /\ inv'0 self.final predicate inv'4 (_1 : borrowed (t_Skip'0)) @@ -1120,14 +1098,14 @@ module M_03_std_iterators__skip_take [#"03_std_iterators.rs" 35 0 35 48] | C_None'0 | C_Some'0 t_Item'0 - predicate inv'7 (_1 : t_Item'0) + predicate inv'5 (_1 : t_Item'0) predicate inv'1 (_1 : t_Option'0) axiom inv_axiom'1 [@rewrite] : forall x : t_Option'0 [inv'1 x] . inv'1 x = match x with | C_None'0 -> true - | C_Some'0 a_0 -> inv'7 a_0 + | C_Some'0 a_0 -> inv'5 a_0 end use seq.Seq @@ -1138,53 +1116,29 @@ module M_03_std_iterators__skip_take [#"03_std_iterators.rs" 35 0 35 48] use seq.Seq - predicate invariant'3 (self : t_Item'0) = - [%#sboxed43] inv'7 self - - predicate inv'8 (_1 : t_Item'0) - - axiom inv_axiom'6 [@rewrite] : forall x : t_Item'0 [inv'8 x] . inv'8 x = invariant'3 x - - predicate invariant'1 (self : Seq.seq t_Item'0) = - [%#sseq33] forall i : int . 0 <= i /\ i < Seq.length self -> inv'8 (Seq.get self i) - - predicate inv'5 (_1 : Seq.seq t_Item'0) - - axiom inv_axiom'4 [@rewrite] : forall x : Seq.seq t_Item'0 [inv'5 x] . inv'5 x = invariant'1 x - - use seq.Seq - predicate produces'2 (self : t_I'0) (visited : Seq.seq t_Item'0) (o : t_I'0) function produces_trans'2 (a : t_I'0) (ab : Seq.seq t_Item'0) (b : t_I'0) (bc : Seq.seq t_Item'0) (c : t_I'0) : () - axiom produces_trans'2_spec : forall a : t_I'0, ab : Seq.seq t_Item'0, b : t_I'0, bc : Seq.seq t_Item'0, c : t_I'0 . ([%#siter36] inv'2 a) - -> ([%#siter37] inv'2 b) - -> ([%#siter38] inv'2 c) - -> ([%#siter39] produces'2 a ab b) - -> ([%#siter40] produces'2 b bc c) -> ([%#siter41] produces'2 a (Seq.(++) ab bc) c) + axiom produces_trans'2_spec : forall a : t_I'0, ab : Seq.seq t_Item'0, b : t_I'0, bc : Seq.seq t_Item'0, c : t_I'0 . ([%#siter26] produces'2 a ab b) + -> ([%#siter27] produces'2 b bc c) -> ([%#siter28] produces'2 a (Seq.(++) ab bc) c) function produces_refl'2 (self : t_I'0) : () - axiom produces_refl'2_spec : forall self : t_I'0 . ([%#siter34] inv'2 self) - -> ([%#siter35] produces'2 self (Seq.empty : Seq.seq t_Item'0) self) + axiom produces_refl'2_spec : forall self : t_I'0 . [%#siter25] produces'2 self (Seq.empty : Seq.seq t_Item'0) self predicate produces'1 (self : t_Take'0) (visited : Seq.seq t_Item'0) (o : t_Take'0) = - [%#stake20] n'0 self = n'0 o + Seq.length visited /\ produces'2 (iter'0 self) visited (iter'0 o) + [%#stake16] n'0 self = n'0 o + Seq.length visited /\ produces'2 (iter'0 self) visited (iter'0 o) function produces_trans'1 (a : t_Take'0) (ab : Seq.seq t_Item'0) (b : t_Take'0) (bc : Seq.seq t_Item'0) (c : t_Take'0) : () - axiom produces_trans'1_spec : forall a : t_Take'0, ab : Seq.seq t_Item'0, b : t_Take'0, bc : Seq.seq t_Item'0, c : t_Take'0 . ([%#stake25] inv'3 a) - -> ([%#stake26] inv'3 b) - -> ([%#stake27] inv'3 c) - -> ([%#stake28] produces'1 a ab b) - -> ([%#stake29] produces'1 b bc c) -> ([%#stake30] produces'1 a (Seq.(++) ab bc) c) + axiom produces_trans'1_spec : forall a : t_Take'0, ab : Seq.seq t_Item'0, b : t_Take'0, bc : Seq.seq t_Item'0, c : t_Take'0 . ([%#stake20] produces'1 a ab b) + -> ([%#stake21] produces'1 b bc c) -> ([%#stake22] produces'1 a (Seq.(++) ab bc) c) function produces_refl'1 (self : t_Take'0) : () - axiom produces_refl'1_spec : forall self : t_Take'0 . ([%#stake23] inv'3 self) - -> ([%#stake24] produces'1 self (Seq.empty : Seq.seq t_Item'0) self) + axiom produces_refl'1_spec : forall self : t_Take'0 . [%#stake19] produces'1 self (Seq.empty : Seq.seq t_Item'0) self use seq.Seq @@ -1194,55 +1148,41 @@ module M_03_std_iterators__skip_take [#"03_std_iterators.rs" 35 0 35 48] [%#sskip9] visited = (Seq.empty : Seq.seq t_Item'0) /\ self = o \/ n'1 o = 0 /\ Seq.length visited > 0 - /\ (exists s : Seq.seq t_Item'0 . inv'5 s - /\ Seq.length s = n'1 self + /\ (exists s : Seq.seq t_Item'0 . Seq.length s = n'1 self /\ produces'1 (iter'1 self) (Seq.(++) s visited) (iter'1 o) /\ (forall i : int . 0 <= i /\ i < Seq.length s -> resolve'4 (Seq.get s i))) function produces_trans'0 (a : t_Skip'0) (ab : Seq.seq t_Item'0) (b : t_Skip'0) (bc : Seq.seq t_Item'0) (c : t_Skip'0) : () - axiom produces_trans'0_spec : forall a : t_Skip'0, ab : Seq.seq t_Item'0, b : t_Skip'0, bc : Seq.seq t_Item'0, c : t_Skip'0 . ([%#sskip14] inv'0 a) - -> ([%#sskip15] inv'0 b) - -> ([%#sskip16] inv'0 c) - -> ([%#sskip17] produces'0 a ab b) - -> ([%#sskip18] produces'0 b bc c) -> ([%#sskip19] produces'0 a (Seq.(++) ab bc) c) + axiom produces_trans'0_spec : forall a : t_Skip'0, ab : Seq.seq t_Item'0, b : t_Skip'0, bc : Seq.seq t_Item'0, c : t_Skip'0 . ([%#sskip13] produces'0 a ab b) + -> ([%#sskip14] produces'0 b bc c) -> ([%#sskip15] produces'0 a (Seq.(++) ab bc) c) function produces_refl'0 (self : t_Skip'0) : () - axiom produces_refl'0_spec : forall self : t_Skip'0 . ([%#sskip12] inv'0 self) - -> ([%#sskip13] produces'0 self (Seq.empty : Seq.seq t_Item'0) self) - - predicate invariant'2 (self : borrowed (t_Take'0)) = - [%#sinvariant22] inv'3 self.current /\ inv'3 self.final - - predicate inv'6 (_1 : borrowed (t_Take'0)) - - axiom inv_axiom'5 [@rewrite] : forall x : borrowed (t_Take'0) [inv'6 x] . inv'6 x = invariant'2 x + axiom produces_refl'0_spec : forall self : t_Skip'0 . [%#sskip12] produces'0 self (Seq.empty : Seq.seq t_Item'0) self predicate resolve'8 (self : borrowed (t_Take'0)) = - [%#sresolve42] self.final = self.current + [%#sresolve29] self.final = self.current predicate resolve'6 (_1 : borrowed (t_Take'0)) = resolve'8 _1 function iter_mut'0 (self : borrowed (t_Take'0)) : borrowed t_I'0 - axiom iter_mut'0_spec : forall self : borrowed (t_Take'0) . [%#stake31] iter'0 self.current + axiom iter_mut'0_spec : forall self : borrowed (t_Take'0) . [%#stake23] iter'0 self.current = (iter_mut'0 self).current /\ iter'0 self.final = (iter_mut'0 self).final predicate completed'2 (self : borrowed t_I'0) predicate completed'1 (self : borrowed (t_Take'0)) = - [%#stake21] n'0 self.current = 0 /\ resolve'6 self + [%#stake17] n'0 self.current = 0 /\ resolve'6 self \/ n'0 self.current > 0 /\ n'0 self.current = n'0 self.final + 1 /\ completed'2 (iter_mut'0 self) predicate completed'0 (self : borrowed (t_Skip'0)) = [%#sskip8] n'1 self.final = 0 - /\ (exists s : Seq.seq t_Item'0, i : borrowed (t_Take'0) . inv'5 s - /\ inv'6 i - /\ Seq.length s <= n'1 self.current + /\ (exists s : Seq.seq t_Item'0, i : borrowed (t_Take'0) . Seq.length s <= n'1 self.current /\ produces'1 (iter'1 self.current) s i.current /\ (forall i : int . 0 <= i /\ i < Seq.length s -> resolve'4 (Seq.get s i)) /\ completed'1 i /\ i.final = iter'1 self.final) @@ -1262,7 +1202,7 @@ module M_03_std_iterators__skip_take [#"03_std_iterators.rs" 35 0 35 48] predicate resolve'9 (_1 : t_I'0) predicate resolve'7 (self : t_Take'0) = - [%#stake32] resolve'9 (iter'0 self) + [%#stake24] resolve'9 (iter'0 self) predicate resolve'5 (_1 : t_Take'0) = resolve'7 _1 @@ -1328,14 +1268,14 @@ module M_03_std_iterators__counter [#"03_std_iterators.rs" 41 0 41 27] let%span s03_std_iterators6 = "03_std_iterators.rs" 50 23 50 24 let%span s03_std_iterators7 = "03_std_iterators.rs" 47 23 47 65 let%span s03_std_iterators8 = "03_std_iterators.rs" 48 22 48 89 - let%span siter9 = "../../../../creusot-contracts/src/std/iter.rs" 59 21 59 25 - let%span siter10 = "../../../../creusot-contracts/src/std/iter.rs" 59 27 59 31 - let%span siter11 = "../../../../creusot-contracts/src/std/iter.rs" 53 15 55 69 - let%span siter12 = "../../../../creusot-contracts/src/std/iter.rs" 56 15 56 51 - let%span siter13 = "../../../../creusot-contracts/src/std/iter.rs" 57 15 57 70 - let%span siter14 = "../../../../creusot-contracts/src/std/iter.rs" 59 4 62 61 - let%span siter15 = "../../../../creusot-contracts/src/std/iter.rs" 58 14 58 88 - let%span siter16 = "../../../../creusot-contracts/src/std/iter.rs" 172 26 174 81 + let%span siter9 = "../../../../creusot-contracts/src/std/iter.rs" 55 21 55 25 + let%span siter10 = "../../../../creusot-contracts/src/std/iter.rs" 55 27 55 31 + let%span siter11 = "../../../../creusot-contracts/src/std/iter.rs" 49 15 51 69 + let%span siter12 = "../../../../creusot-contracts/src/std/iter.rs" 52 15 52 51 + let%span siter13 = "../../../../creusot-contracts/src/std/iter.rs" 53 15 53 70 + let%span siter14 = "../../../../creusot-contracts/src/std/iter.rs" 55 4 58 61 + let%span siter15 = "../../../../creusot-contracts/src/std/iter.rs" 54 14 54 88 + let%span siter16 = "../../../../creusot-contracts/src/std/iter.rs" 166 26 167 120 let%span svec17 = "../../../../creusot-contracts/src/std/vec.rs" 18 14 18 41 let%span smodel18 = "../../../../creusot-contracts/src/model.rs" 88 8 88 22 let%span sslice19 = "../../../../creusot-contracts/src/std/slice.rs" 411 14 411 45 @@ -1345,10 +1285,10 @@ module M_03_std_iterators__counter [#"03_std_iterators.rs" 41 0 41 27] let%span sslice23 = "../../../../creusot-contracts/src/std/slice.rs" 418 14 418 42 let%span sslice24 = "../../../../creusot-contracts/src/std/slice.rs" 414 4 414 10 let%span sslice25 = "../../../../creusot-contracts/src/std/slice.rs" 405 12 405 66 - let%span smap_inv26 = "../../../../creusot-contracts/src/std/iter/map_inv.rs" 159 12 163 47 - let%span smap_inv27 = "../../../../creusot-contracts/src/std/iter/map_inv.rs" 146 12 151 71 + let%span smap_inv26 = "../../../../creusot-contracts/src/std/iter/map_inv.rs" 153 12 156 47 + let%span smap_inv27 = "../../../../creusot-contracts/src/std/iter/map_inv.rs" 140 12 145 71 let%span smap_inv28 = "../../../../creusot-contracts/src/std/iter/map_inv.rs" 15 8 18 9 - let%span smap_inv29 = "../../../../creusot-contracts/src/std/iter/map_inv.rs" 41 8 54 9 + let%span smap_inv29 = "../../../../creusot-contracts/src/std/iter/map_inv.rs" 37 8 49 9 let%span svec30 = "../../../../creusot-contracts/src/std/vec.rs" 285 20 285 32 let%span sslice31 = "../../../../creusot-contracts/src/std/slice.rs" 28 14 28 41 let%span sslice32 = "../../../../creusot-contracts/src/std/slice.rs" 29 14 29 42 @@ -1363,19 +1303,14 @@ module M_03_std_iterators__counter [#"03_std_iterators.rs" 41 0 41 27] let%span sslice41 = "../../../../creusot-contracts/src/std/slice.rs" 96 14 96 41 let%span sslice42 = "../../../../creusot-contracts/src/std/slice.rs" 97 14 97 80 let%span sslice43 = "../../../../creusot-contracts/src/std/slice.rs" 398 20 398 61 - let%span smap_inv44 = "../../../../creusot-contracts/src/std/iter/map_inv.rs" 123 12 125 63 - let%span smap_inv45 = "../../../../creusot-contracts/src/std/iter/map_inv.rs" 62 8 62 50 - let%span smap_inv46 = "../../../../creusot-contracts/src/std/iter/map_inv.rs" 23 15 23 24 - let%span smap_inv47 = "../../../../creusot-contracts/src/std/iter/map_inv.rs" 24 14 24 45 - let%span smap_inv48 = "../../../../creusot-contracts/src/std/iter/map_inv.rs" 29 15 29 21 - let%span smap_inv49 = "../../../../creusot-contracts/src/std/iter/map_inv.rs" 30 15 30 21 - let%span smap_inv50 = "../../../../creusot-contracts/src/std/iter/map_inv.rs" 31 15 31 21 - let%span smap_inv51 = "../../../../creusot-contracts/src/std/iter/map_inv.rs" 32 15 32 32 - let%span smap_inv52 = "../../../../creusot-contracts/src/std/iter/map_inv.rs" 33 15 33 32 - let%span smap_inv53 = "../../../../creusot-contracts/src/std/iter/map_inv.rs" 34 14 34 42 - let%span sindex54 = "../../../../creusot-contracts/src/logic/ops/index.rs" 45 8 45 31 - let%span smodel55 = "../../../../creusot-contracts/src/model.rs" 106 8 106 22 - let%span sinvariant56 = "../../../../creusot-contracts/src/invariant.rs" 34 20 34 44 + let%span smap_inv44 = "../../../../creusot-contracts/src/std/iter/map_inv.rs" 117 12 119 63 + let%span smap_inv45 = "../../../../creusot-contracts/src/std/iter/map_inv.rs" 57 8 57 50 + let%span smap_inv46 = "../../../../creusot-contracts/src/std/iter/map_inv.rs" 23 14 23 45 + let%span smap_inv47 = "../../../../creusot-contracts/src/std/iter/map_inv.rs" 28 15 28 32 + let%span smap_inv48 = "../../../../creusot-contracts/src/std/iter/map_inv.rs" 29 15 29 32 + let%span smap_inv49 = "../../../../creusot-contracts/src/std/iter/map_inv.rs" 30 14 30 42 + let%span sindex50 = "../../../../creusot-contracts/src/logic/ops/index.rs" 45 8 45 31 + let%span smodel51 = "../../../../creusot-contracts/src/model.rs" 106 8 106 22 use prelude.prelude.UIntSize @@ -1553,7 +1488,7 @@ module M_03_std_iterators__counter [#"03_std_iterators.rs" 41 0 41 27] use seq.Seq function index_logic'0 [@inline:trivial] (self : slice uint32) (ix : int) : uint32 = - [%#sindex54] Seq.get (view'4 self) ix + [%#sindex50] Seq.get (view'4 self) ix function to_ref_seq'0 (self : slice uint32) : Seq.seq uint32 @@ -1599,10 +1534,6 @@ module M_03_std_iterators__counter [#"03_std_iterators.rs" 41 0 41 27] axiom inv_axiom'3 [@rewrite] : forall x : closure0'1 [inv'3 x] . inv'3 x = true - predicate inv'4 (_1 : uint32) - - axiom inv_axiom'4 [@rewrite] : forall x : uint32 [inv'4 x] . inv'4 x = true - use seq.Seq use prelude.prelude.Snapshot @@ -1612,15 +1543,11 @@ module M_03_std_iterators__counter [#"03_std_iterators.rs" 41 0 41 27] = Seq.length (Snapshot.inner _prod) /\ (self.field_0'0).current < (v_MAX'0 : usize) - predicate inv'9 (_1 : borrowed (t_Iter'0)) - - axiom inv_axiom'9 [@rewrite] : forall x : borrowed (t_Iter'0) [inv'9 x] . inv'9 x = true - predicate resolve'5 (self : borrowed (t_Iter'0)) = [%#sresolve33] self.final = self.current function view'5 (self : borrowed (t_Iter'0)) : slice uint32 = - [%#smodel55] view'3 self.current + [%#smodel51] view'3 self.current use seq.Seq @@ -1628,34 +1555,20 @@ module M_03_std_iterators__counter [#"03_std_iterators.rs" 41 0 41 27] [%#sslice43] resolve'5 self /\ view'4 (view'5 self) = (Seq.empty : Seq.seq uint32) predicate next_precondition'0 (iter : t_Iter'0) (func : closure0'1) (produced : Seq.seq uint32) = - [%#smap_inv44] forall e : uint32, i : t_Iter'0 . inv'4 e /\ inv'2 i /\ produces'0 iter (Seq.singleton e) i + [%#smap_inv44] forall e : uint32, i : t_Iter'0 . produces'0 iter (Seq.singleton e) i -> precondition'0 func (e, Snapshot.new produced) - predicate inv'10 (_1 : Seq.seq uint32) - - axiom inv_axiom'10 [@rewrite] : forall x : Seq.seq uint32 [inv'10 x] . inv'10 x = true - - predicate inv'11 (_1 : borrowed closure0'1) - - axiom inv_axiom'11 [@rewrite] : forall x : borrowed closure0'1 [inv'11 x] . inv'11 x = true - - predicate inv'12 (_1 : uint32) - - axiom inv_axiom'12 [@rewrite] : forall x : uint32 [inv'12 x] . inv'12 x = true - use seq.Seq predicate preservation'0 (iter : t_Iter'0) (func : closure0'1) = - [%#smap_inv27] forall s : Seq.seq uint32, e1 : uint32, e2 : uint32, f : borrowed closure0'1, b : uint32, i : t_Iter'0 . inv'10 s - /\ inv'4 e1 /\ inv'4 e2 /\ inv'11 f /\ inv'12 b /\ inv'2 i /\ unnest'0 func f.current + [%#smap_inv27] forall s : Seq.seq uint32, e1 : uint32, e2 : uint32, f : borrowed closure0'1, b : uint32, i : t_Iter'0 . unnest'0 func f.current -> produces'0 iter (Seq.snoc (Seq.snoc s e1) e2) i -> precondition'0 f.current (e1, Snapshot.new s) -> postcondition_mut'0 f.current (e1, Snapshot.new s) f.final b -> precondition'0 f.final (e2, Snapshot.new (Seq.snoc s e1)) predicate reinitialize'0 (_1 : ()) = - [%#smap_inv26] forall iter : borrowed (t_Iter'0), func : closure0'1 . inv'9 iter /\ inv'3 func - -> completed'1 iter + [%#smap_inv26] forall iter : borrowed (t_Iter'0), func : closure0'1 . completed'1 iter -> next_precondition'0 iter.final func (Seq.empty : Seq.seq uint32) /\ preservation'0 iter.final func type t_MapInv'0 = @@ -1665,9 +1578,9 @@ module M_03_std_iterators__counter [#"03_std_iterators.rs" 41 0 41 27] predicate invariant'0 (self : t_MapInv'0) - predicate inv'5 (_1 : t_MapInv'0) + predicate inv'4 (_1 : t_MapInv'0) - axiom inv_axiom'5 [@rewrite] : forall x : t_MapInv'0 [inv'5 x] . inv'5 x + axiom inv_axiom'4 [@rewrite] : forall x : t_MapInv'0 [inv'4 x] . inv'4 x = (invariant'0 x /\ match x with | {t_MapInv__iter'0 = iter ; t_MapInv__func'0 = func ; t_MapInv__produced'0 = produced} -> true @@ -1675,12 +1588,12 @@ module M_03_std_iterators__counter [#"03_std_iterators.rs" 41 0 41 27] let rec map_inv'0 (self:t_Iter'0) (func:closure0'1) (return' (ret:t_MapInv'0))= {[@expl:map_inv 'self' type invariant] [%#siter9] inv'2 self} {[@expl:map_inv 'func' type invariant] [%#siter10] inv'3 func} - {[@expl:map_inv requires #0] [%#siter11] forall e : uint32, i2 : t_Iter'0 . inv'4 e /\ inv'2 i2 - -> produces'0 self (Seq.singleton e) i2 -> precondition'0 func (e, Snapshot.new (Seq.empty : Seq.seq uint32))} + {[@expl:map_inv requires #0] [%#siter11] forall e : uint32, i2 : t_Iter'0 . produces'0 self (Seq.singleton e) i2 + -> precondition'0 func (e, Snapshot.new (Seq.empty : Seq.seq uint32))} {[@expl:map_inv requires #1] [%#siter12] reinitialize'0 ()} {[@expl:map_inv requires #2] [%#siter13] preservation'0 self func} any - [ return' (result:t_MapInv'0)-> {[%#siter14] inv'5 result} + [ return' (result:t_MapInv'0)-> {[%#siter14] inv'4 result} {[%#siter15] result = { t_MapInv__iter'0 = self; t_MapInv__func'0 = func; @@ -1688,20 +1601,9 @@ module M_03_std_iterators__counter [#"03_std_iterators.rs" 41 0 41 27] (! return' {result}) ] - predicate inv'6 (_1 : t_Vec'0) - - axiom inv_axiom'6 [@rewrite] : forall x : t_Vec'0 [inv'6 x] . inv'6 x = true + predicate inv'5 (_1 : t_Vec'0) - predicate invariant'1 (self : borrowed (t_MapInv'0)) = - [%#sinvariant56] inv'5 self.current /\ inv'5 self.final - - predicate inv'7 (_1 : borrowed (t_MapInv'0)) - - axiom inv_axiom'7 [@rewrite] : forall x : borrowed (t_MapInv'0) [inv'7 x] . inv'7 x = invariant'1 x - - predicate inv'8 (_1 : Seq.seq uint32) - - axiom inv_axiom'8 [@rewrite] : forall x : Seq.seq uint32 [inv'8 x] . inv'8 x = true + axiom inv_axiom'5 [@rewrite] : forall x : t_Vec'0 [inv'5 x] . inv'5 x = true predicate resolve'6 (_1 : t_Iter'0) = true @@ -1714,10 +1616,6 @@ module M_03_std_iterators__counter [#"03_std_iterators.rs" 41 0 41 27] use seq.Seq - predicate inv'13 (_1 : Seq.seq (borrowed closure0'1)) - - axiom inv_axiom'13 [@rewrite] : forall x : Seq.seq (borrowed closure0'1) [inv'13 x] . inv'13 x = true - use seq.Seq use prelude.prelude.Snapshot @@ -1730,10 +1628,8 @@ module M_03_std_iterators__counter [#"03_std_iterators.rs" 41 0 41 27] predicate produces'1 [@inline:trivial] (self : t_MapInv'0) (visited : Seq.seq uint32) (succ : t_MapInv'0) = [%#smap_inv29] unnest'0 self.t_MapInv__func'0 succ.t_MapInv__func'0 - /\ (exists fs : Seq.seq (borrowed closure0'1) . inv'13 fs - /\ Seq.length fs = Seq.length visited - /\ (exists s : Seq.seq uint32 . inv'10 s - /\ Seq.length s = Seq.length visited + /\ (exists fs : Seq.seq (borrowed closure0'1) . Seq.length fs = Seq.length visited + /\ (exists s : Seq.seq uint32 . Seq.length s = Seq.length visited /\ produces'0 self.t_MapInv__iter'0 s succ.t_MapInv__iter'0 /\ Snapshot.inner succ.t_MapInv__produced'0 = Seq.(++) (Snapshot.inner self.t_MapInv__produced'0) s /\ (forall i : int . 1 <= i /\ i < Seq.length fs -> (Seq.get fs (i - 1)).final = (Seq.get fs i).current) @@ -1751,16 +1647,12 @@ module M_03_std_iterators__counter [#"03_std_iterators.rs" 41 0 41 27] function produces_trans'2 (a : t_MapInv'0) (ab : Seq.seq uint32) (b : t_MapInv'0) (bc : Seq.seq uint32) (c : t_MapInv'0) : () - axiom produces_trans'2_spec : forall a : t_MapInv'0, ab : Seq.seq uint32, b : t_MapInv'0, bc : Seq.seq uint32, c : t_MapInv'0 . ([%#smap_inv48] inv'5 a) - -> ([%#smap_inv49] inv'5 b) - -> ([%#smap_inv50] inv'5 c) - -> ([%#smap_inv51] produces'1 a ab b) - -> ([%#smap_inv52] produces'1 b bc c) -> ([%#smap_inv53] produces'1 a (Seq.(++) ab bc) c) + axiom produces_trans'2_spec : forall a : t_MapInv'0, ab : Seq.seq uint32, b : t_MapInv'0, bc : Seq.seq uint32, c : t_MapInv'0 . ([%#smap_inv47] produces'1 a ab b) + -> ([%#smap_inv48] produces'1 b bc c) -> ([%#smap_inv49] produces'1 a (Seq.(++) ab bc) c) function produces_refl'2 (self : t_MapInv'0) : () - axiom produces_refl'2_spec : forall self : t_MapInv'0 . ([%#smap_inv46] inv'5 self) - -> ([%#smap_inv47] produces'1 self (Seq.empty : Seq.seq uint32) self) + axiom produces_refl'2_spec : forall self : t_MapInv'0 . [%#smap_inv46] produces'1 self (Seq.empty : Seq.seq uint32) self predicate completed'0 (self : borrowed (t_MapInv'0)) = [%#smap_inv28] Snapshot.inner (self.final).t_MapInv__produced'0 = (Seq.empty : Seq.seq uint32) @@ -1770,12 +1662,10 @@ module M_03_std_iterators__counter [#"03_std_iterators.rs" 41 0 41 27] predicate from_iter_post'0 (prod : Seq.seq uint32) (res : t_Vec'0) = [%#svec30] prod = view'0 res - let rec collect'0 (self:t_MapInv'0) (return' (ret:t_Vec'0))= {[@expl:collect 'self' type invariant] inv'5 self} + let rec collect'0 (self:t_MapInv'0) (return' (ret:t_Vec'0))= {[@expl:collect 'self' type invariant] inv'4 self} any - [ return' (result:t_Vec'0)-> {inv'6 result} - {[%#siter16] exists done' : borrowed (t_MapInv'0), prod : Seq.seq uint32 . inv'7 done' - /\ inv'8 prod - /\ resolve'1 done'.final + [ return' (result:t_Vec'0)-> {inv'5 result} + {[%#siter16] exists done' : borrowed (t_MapInv'0), prod : Seq.seq uint32 . resolve'1 done'.final /\ completed'0 done' /\ produces'1 self prod done'.current /\ from_iter_post'0 prod result} (! return' {result}) ] @@ -1832,22 +1722,18 @@ module M_03_std_iterators__sum_range [#"03_std_iterators.rs" 63 0 63 35] let%span s03_std_iterators7 = "03_std_iterators.rs" 67 13 67 14 let%span s03_std_iterators8 = "03_std_iterators.rs" 61 11 61 18 let%span s03_std_iterators9 = "03_std_iterators.rs" 62 10 62 21 - let%span siter10 = "../../../../creusot-contracts/src/std/iter.rs" 101 0 213 1 - let%span srange11 = "../../../../creusot-contracts/src/std/iter/range.rs" 23 12 27 70 - let%span siter12 = "../../../../creusot-contracts/src/std/iter.rs" 107 26 110 17 - let%span siter13 = "../../../../creusot-contracts/src/std/iter.rs" 86 20 86 24 - let%span siter14 = "../../../../creusot-contracts/src/std/iter.rs" 92 8 92 19 - let%span srange15 = "../../../../creusot-contracts/src/std/iter/range.rs" 33 15 33 24 - let%span srange16 = "../../../../creusot-contracts/src/std/iter/range.rs" 34 14 34 45 - let%span srange17 = "../../../../creusot-contracts/src/std/iter/range.rs" 39 15 39 21 - let%span srange18 = "../../../../creusot-contracts/src/std/iter/range.rs" 40 15 40 21 - let%span srange19 = "../../../../creusot-contracts/src/std/iter/range.rs" 41 15 41 21 - let%span srange20 = "../../../../creusot-contracts/src/std/iter/range.rs" 42 15 42 32 - let%span srange21 = "../../../../creusot-contracts/src/std/iter/range.rs" 43 15 43 32 - let%span srange22 = "../../../../creusot-contracts/src/std/iter/range.rs" 44 14 44 42 - let%span snum23 = "../../../../creusot-contracts/src/std/num.rs" 21 28 21 33 - let%span srange24 = "../../../../creusot-contracts/src/std/iter/range.rs" 15 12 15 78 - let%span sresolve25 = "../../../../creusot-contracts/src/resolve.rs" 54 20 54 34 + let%span siter10 = "../../../../creusot-contracts/src/std/iter.rs" 97 0 205 1 + let%span srange11 = "../../../../creusot-contracts/src/std/iter/range.rs" 22 12 26 70 + let%span siter12 = "../../../../creusot-contracts/src/std/iter.rs" 103 26 106 17 + let%span siter13 = "../../../../creusot-contracts/src/std/iter.rs" 82 20 82 24 + let%span siter14 = "../../../../creusot-contracts/src/std/iter.rs" 88 8 88 19 + let%span srange15 = "../../../../creusot-contracts/src/std/iter/range.rs" 32 14 32 45 + let%span srange16 = "../../../../creusot-contracts/src/std/iter/range.rs" 37 15 37 32 + let%span srange17 = "../../../../creusot-contracts/src/std/iter/range.rs" 38 15 38 32 + let%span srange18 = "../../../../creusot-contracts/src/std/iter/range.rs" 39 14 39 42 + let%span snum19 = "../../../../creusot-contracts/src/std/num.rs" 21 28 21 33 + let%span srange20 = "../../../../creusot-contracts/src/std/iter/range.rs" 14 12 14 78 + let%span sresolve21 = "../../../../creusot-contracts/src/resolve.rs" 54 20 54 34 use prelude.prelude.IntSize @@ -1891,7 +1777,7 @@ module M_03_std_iterators__sum_range [#"03_std_iterators.rs" 63 0 63 35] use seq.Seq function deep_model'0 (self : isize) : int = - [%#snum23] IntSize.to_int self + [%#snum19] IntSize.to_int self use seq.Seq @@ -1906,16 +1792,12 @@ module M_03_std_iterators__sum_range [#"03_std_iterators.rs" 63 0 63 35] function produces_trans'0 (a : t_Range'0) (ab : Seq.seq isize) (b : t_Range'0) (bc : Seq.seq isize) (c : t_Range'0) : () - axiom produces_trans'0_spec : forall a : t_Range'0, ab : Seq.seq isize, b : t_Range'0, bc : Seq.seq isize, c : t_Range'0 . ([%#srange17] inv'0 a) - -> ([%#srange18] inv'0 b) - -> ([%#srange19] inv'0 c) - -> ([%#srange20] produces'0 a ab b) - -> ([%#srange21] produces'0 b bc c) -> ([%#srange22] produces'0 a (Seq.(++) ab bc) c) + axiom produces_trans'0_spec : forall a : t_Range'0, ab : Seq.seq isize, b : t_Range'0, bc : Seq.seq isize, c : t_Range'0 . ([%#srange16] produces'0 a ab b) + -> ([%#srange17] produces'0 b bc c) -> ([%#srange18] produces'0 a (Seq.(++) ab bc) c) function produces_refl'0 (self : t_Range'0) : () - axiom produces_refl'0_spec : forall self : t_Range'0 . ([%#srange15] inv'0 self) - -> ([%#srange16] produces'0 self (Seq.empty : Seq.seq isize) self) + axiom produces_refl'0_spec : forall self : t_Range'0 . [%#srange15] produces'0 self (Seq.empty : Seq.seq isize) self predicate inv'1 (_1 : Seq.seq isize) @@ -1936,10 +1818,10 @@ module M_03_std_iterators__sum_range [#"03_std_iterators.rs" 63 0 63 35] axiom inv_axiom'3 [@rewrite] : forall x : t_Option'0 [inv'3 x] . inv'3 x = true predicate resolve'1 (self : borrowed (t_Range'0)) = - [%#sresolve25] self.final = self.current + [%#sresolve21] self.final = self.current predicate completed'0 (self : borrowed (t_Range'0)) = - [%#srange24] resolve'1 self + [%#srange20] resolve'1 self /\ deep_model'0 (self.current).t_Range__start'0 >= deep_model'0 (self.current).t_Range__end'0 use seq.Seq @@ -2046,37 +1928,29 @@ module M_03_std_iterators__enumerate_range [#"03_std_iterators.rs" 72 0 72 24] let%span s03_std_iterators4 = "03_std_iterators.rs" 73 16 73 93 let%span s03_std_iterators5 = "03_std_iterators.rs" 74 4 74 7 let%span s03_std_iterators6 = "03_std_iterators.rs" 74 4 74 7 - let%span siter7 = "../../../../creusot-contracts/src/std/iter.rs" 154 27 154 103 - let%span siter8 = "../../../../creusot-contracts/src/std/iter.rs" 155 27 157 54 - let%span siter9 = "../../../../creusot-contracts/src/std/iter.rs" 101 0 213 1 + let%span siter7 = "../../../../creusot-contracts/src/std/iter.rs" 150 27 150 93 + let%span siter8 = "../../../../creusot-contracts/src/std/iter.rs" 151 27 151 115 + let%span siter9 = "../../../../creusot-contracts/src/std/iter.rs" 97 0 205 1 let%span sindex10 = "../../../../creusot-contracts/src/logic/ops/index.rs" 89 8 89 33 - let%span senumerate11 = "../../../../creusot-contracts/src/std/iter/enumerate.rs" 74 12 78 113 - let%span siter12 = "../../../../creusot-contracts/src/std/iter.rs" 107 26 110 17 - let%span srange13 = "../../../../creusot-contracts/src/std/iter/range.rs" 15 12 15 78 - let%span srange14 = "../../../../creusot-contracts/src/std/iter/range.rs" 23 12 27 70 + let%span senumerate11 = "../../../../creusot-contracts/src/std/iter/enumerate.rs" 72 12 76 113 + let%span siter12 = "../../../../creusot-contracts/src/std/iter.rs" 103 26 106 17 + let%span srange13 = "../../../../creusot-contracts/src/std/iter/range.rs" 14 12 14 78 + let%span srange14 = "../../../../creusot-contracts/src/std/iter/range.rs" 22 12 26 70 let%span senumerate15 = "../../../../creusot-contracts/src/std/iter/enumerate.rs" 14 14 14 39 - let%span siter16 = "../../../../creusot-contracts/src/std/iter.rs" 86 20 86 24 - let%span siter17 = "../../../../creusot-contracts/src/std/iter.rs" 92 8 92 19 - let%span senumerate18 = "../../../../creusot-contracts/src/std/iter/enumerate.rs" 84 15 84 24 - let%span senumerate19 = "../../../../creusot-contracts/src/std/iter/enumerate.rs" 85 14 85 45 - let%span senumerate20 = "../../../../creusot-contracts/src/std/iter/enumerate.rs" 90 15 90 21 - let%span senumerate21 = "../../../../creusot-contracts/src/std/iter/enumerate.rs" 91 15 91 21 - let%span senumerate22 = "../../../../creusot-contracts/src/std/iter/enumerate.rs" 92 15 92 21 - let%span senumerate23 = "../../../../creusot-contracts/src/std/iter/enumerate.rs" 93 15 93 32 - let%span senumerate24 = "../../../../creusot-contracts/src/std/iter/enumerate.rs" 94 15 94 32 - let%span senumerate25 = "../../../../creusot-contracts/src/std/iter/enumerate.rs" 95 14 95 42 - let%span senumerate26 = "../../../../creusot-contracts/src/std/iter/enumerate.rs" 62 12 66 42 - let%span sresolve27 = "../../../../creusot-contracts/src/resolve.rs" 54 20 54 34 - let%span srange28 = "../../../../creusot-contracts/src/std/iter/range.rs" 33 15 33 24 - let%span srange29 = "../../../../creusot-contracts/src/std/iter/range.rs" 34 14 34 45 - let%span srange30 = "../../../../creusot-contracts/src/std/iter/range.rs" 39 15 39 21 - let%span srange31 = "../../../../creusot-contracts/src/std/iter/range.rs" 40 15 40 21 - let%span srange32 = "../../../../creusot-contracts/src/std/iter/range.rs" 41 15 41 21 - let%span srange33 = "../../../../creusot-contracts/src/std/iter/range.rs" 42 15 42 32 - let%span srange34 = "../../../../creusot-contracts/src/std/iter/range.rs" 43 15 43 32 - let%span srange35 = "../../../../creusot-contracts/src/std/iter/range.rs" 44 14 44 42 - let%span snum36 = "../../../../creusot-contracts/src/std/num.rs" 21 28 21 33 - let%span sinvariant37 = "../../../../creusot-contracts/src/invariant.rs" 34 20 34 44 + let%span siter16 = "../../../../creusot-contracts/src/std/iter.rs" 82 20 82 24 + let%span siter17 = "../../../../creusot-contracts/src/std/iter.rs" 88 8 88 19 + let%span senumerate18 = "../../../../creusot-contracts/src/std/iter/enumerate.rs" 82 14 82 45 + let%span senumerate19 = "../../../../creusot-contracts/src/std/iter/enumerate.rs" 87 15 87 32 + let%span senumerate20 = "../../../../creusot-contracts/src/std/iter/enumerate.rs" 88 15 88 32 + let%span senumerate21 = "../../../../creusot-contracts/src/std/iter/enumerate.rs" 89 14 89 42 + let%span senumerate22 = "../../../../creusot-contracts/src/std/iter/enumerate.rs" 62 12 64 42 + let%span sresolve23 = "../../../../creusot-contracts/src/resolve.rs" 54 20 54 34 + let%span srange24 = "../../../../creusot-contracts/src/std/iter/range.rs" 32 14 32 45 + let%span srange25 = "../../../../creusot-contracts/src/std/iter/range.rs" 37 15 37 32 + let%span srange26 = "../../../../creusot-contracts/src/std/iter/range.rs" 38 15 38 32 + let%span srange27 = "../../../../creusot-contracts/src/std/iter/range.rs" 39 14 39 42 + let%span snum28 = "../../../../creusot-contracts/src/std/num.rs" 21 28 21 33 + let%span sinvariant29 = "../../../../creusot-contracts/src/invariant.rs" 34 20 34 44 use prelude.prelude.UIntSize @@ -2089,10 +1963,6 @@ module M_03_std_iterators__enumerate_range [#"03_std_iterators.rs" 72 0 72 24] use prelude.prelude.Borrow - predicate inv'4 (_1 : borrowed (t_Range'0)) - - axiom inv_axiom'4 [@rewrite] : forall x : borrowed (t_Range'0) [inv'4 x] . inv'4 x = true - use seq.Seq use prelude.prelude.Int @@ -2100,7 +1970,7 @@ module M_03_std_iterators__enumerate_range [#"03_std_iterators.rs" 72 0 72 24] use prelude.prelude.UIntSize function deep_model'0 (self : usize) : int = - [%#snum36] UIntSize.to_int self + [%#snum28] UIntSize.to_int self use seq.Seq @@ -2121,28 +1991,20 @@ module M_03_std_iterators__enumerate_range [#"03_std_iterators.rs" 72 0 72 24] function produces_trans'1 (a : t_Range'0) (ab : Seq.seq usize) (b : t_Range'0) (bc : Seq.seq usize) (c : t_Range'0) : () - axiom produces_trans'1_spec : forall a : t_Range'0, ab : Seq.seq usize, b : t_Range'0, bc : Seq.seq usize, c : t_Range'0 . ([%#srange30] inv'3 a) - -> ([%#srange31] inv'3 b) - -> ([%#srange32] inv'3 c) - -> ([%#srange33] produces'1 a ab b) - -> ([%#srange34] produces'1 b bc c) -> ([%#srange35] produces'1 a (Seq.(++) ab bc) c) + axiom produces_trans'1_spec : forall a : t_Range'0, ab : Seq.seq usize, b : t_Range'0, bc : Seq.seq usize, c : t_Range'0 . ([%#srange25] produces'1 a ab b) + -> ([%#srange26] produces'1 b bc c) -> ([%#srange27] produces'1 a (Seq.(++) ab bc) c) function produces_refl'1 (self : t_Range'0) : () - axiom produces_refl'1_spec : forall self : t_Range'0 . ([%#srange28] inv'3 self) - -> ([%#srange29] produces'1 self (Seq.empty : Seq.seq usize) self) + axiom produces_refl'1_spec : forall self : t_Range'0 . [%#srange24] produces'1 self (Seq.empty : Seq.seq usize) self predicate resolve'2 (self : borrowed (t_Range'0)) = - [%#sresolve27] self.final = self.current + [%#sresolve23] self.final = self.current predicate completed'0 (self : borrowed (t_Range'0)) = [%#srange13] resolve'2 self /\ deep_model'0 (self.current).t_Range__start'0 >= deep_model'0 (self.current).t_Range__end'0 - predicate inv'5 (_1 : Seq.seq usize) - - axiom inv_axiom'5 [@rewrite] : forall x : Seq.seq usize [inv'5 x] . inv'5 x = true - constant v_MAX'0 : usize = (18446744073709551615 : usize) type t_Enumerate'0 = @@ -2165,10 +2027,10 @@ module M_03_std_iterators__enumerate_range [#"03_std_iterators.rs" 72 0 72 24] function n'0 (self : t_Enumerate'0) : int let rec enumerate'0 (self:t_Range'0) (return' (ret:t_Enumerate'0))= {[@expl:enumerate 'self' type invariant] inv'3 self} - {[@expl:enumerate requires #0] [%#siter7] forall i : borrowed (t_Range'0) . inv'4 i /\ completed'0 i + {[@expl:enumerate requires #0] [%#siter7] forall i : borrowed (t_Range'0) . completed'0 i -> produces'1 i.current (Seq.empty : Seq.seq usize) i.final} - {[@expl:enumerate requires #1] [%#siter8] forall s : Seq.seq usize, i : t_Range'0 . inv'5 s - /\ inv'3 i /\ produces'1 self s i -> Seq.length s < UIntSize.to_int v_MAX'0} + {[@expl:enumerate requires #1] [%#siter8] forall s : Seq.seq usize, i : t_Range'0 . produces'1 self s i + -> Seq.length s < UIntSize.to_int v_MAX'0} any [ return' (result:t_Enumerate'0)-> {inv'0 result} {[%#siter9] iter'0 result = self /\ n'0 result = 0} @@ -2216,8 +2078,7 @@ module M_03_std_iterators__enumerate_range [#"03_std_iterators.rs" 72 0 72 24] predicate produces'0 (self : t_Enumerate'0) (visited : Seq.seq (usize, usize)) (o : t_Enumerate'0) = [%#senumerate11] Seq.length visited = n'0 o - n'0 self - /\ (exists s : Seq.seq usize . inv'5 s - /\ produces'1 (iter'0 self) s (iter'0 o) + /\ (exists s : Seq.seq usize . produces'1 (iter'0 self) s (iter'0 o) /\ Seq.length visited = Seq.length s /\ (forall i : int . 0 <= i /\ i < Seq.length s -> UIntSize.to_int (let (a, _) = Seq.get visited i in a) = n'0 self + i @@ -2226,23 +2087,19 @@ module M_03_std_iterators__enumerate_range [#"03_std_iterators.rs" 72 0 72 24] function produces_trans'0 (a : t_Enumerate'0) (ab : Seq.seq (usize, usize)) (b : t_Enumerate'0) (bc : Seq.seq (usize, usize)) (c : t_Enumerate'0) : () - axiom produces_trans'0_spec : forall a : t_Enumerate'0, ab : Seq.seq (usize, usize), b : t_Enumerate'0, bc : Seq.seq (usize, usize), c : t_Enumerate'0 . ([%#senumerate20] inv'0 a) - -> ([%#senumerate21] inv'0 b) - -> ([%#senumerate22] inv'0 c) - -> ([%#senumerate23] produces'0 a ab b) - -> ([%#senumerate24] produces'0 b bc c) -> ([%#senumerate25] produces'0 a (Seq.(++) ab bc) c) + axiom produces_trans'0_spec : forall a : t_Enumerate'0, ab : Seq.seq (usize, usize), b : t_Enumerate'0, bc : Seq.seq (usize, usize), c : t_Enumerate'0 . ([%#senumerate19] produces'0 a ab b) + -> ([%#senumerate20] produces'0 b bc c) -> ([%#senumerate21] produces'0 a (Seq.(++) ab bc) c) function produces_refl'0 (self : t_Enumerate'0) : () - axiom produces_refl'0_spec : forall self : t_Enumerate'0 . ([%#senumerate18] inv'0 self) - -> ([%#senumerate19] produces'0 self (Seq.empty : Seq.seq (usize, usize)) self) + axiom produces_refl'0_spec : forall self : t_Enumerate'0 . [%#senumerate18] produces'0 self (Seq.empty : Seq.seq (usize, usize)) self predicate inv'1 (_1 : Seq.seq (usize, usize)) axiom inv_axiom'1 [@rewrite] : forall x : Seq.seq (usize, usize) [inv'1 x] . inv'1 x = true predicate invariant'1 (self : borrowed (t_Enumerate'0)) = - [%#sinvariant37] inv'0 self.current /\ inv'0 self.final + [%#sinvariant29] inv'0 self.current /\ inv'0 self.final predicate inv'2 (_1 : borrowed (t_Enumerate'0)) @@ -2252,20 +2109,19 @@ module M_03_std_iterators__enumerate_range [#"03_std_iterators.rs" 72 0 72 24] | C_None'0 | C_Some'0 (usize, usize) - predicate inv'6 (_1 : t_Option'0) + predicate inv'4 (_1 : t_Option'0) - axiom inv_axiom'6 [@rewrite] : forall x : t_Option'0 [inv'6 x] . inv'6 x = true + axiom inv_axiom'4 [@rewrite] : forall x : t_Option'0 [inv'4 x] . inv'4 x = true predicate completed'1 (self : borrowed (t_Enumerate'0)) = - [%#senumerate26] exists inner : borrowed (t_Range'0) . inv'4 inner - /\ inner.current = iter'0 self.current + [%#senumerate22] exists inner : borrowed (t_Range'0) . inner.current = iter'0 self.current /\ inner.final = iter'0 self.final /\ completed'0 inner /\ n'0 self.current = n'0 self.final use seq.Seq let rec next'0 (self:borrowed (t_Enumerate'0)) (return' (ret:t_Option'0))= {[@expl:next 'self' type invariant] inv'2 self} any - [ return' (result:t_Option'0)-> {inv'6 result} + [ return' (result:t_Option'0)-> {inv'4 result} {[%#siter12] match result with | C_None'0 -> completed'1 self | C_Some'0 v -> produces'0 self.current (Seq.singleton v) self.final @@ -2274,7 +2130,7 @@ module M_03_std_iterators__enumerate_range [#"03_std_iterators.rs" 72 0 72 24] predicate resolve'1 (self : borrowed (t_Enumerate'0)) = - [%#sresolve27] self.final = self.current + [%#sresolve23] self.final = self.current predicate resolve'0 (_1 : borrowed (t_Enumerate'0)) = resolve'1 _1 @@ -2374,7 +2230,7 @@ module M_03_std_iterators__enumerate_range [#"03_std_iterators.rs" 72 0 72 24] [ return' (result:())-> (! return' {result}) ] end module M_03_std_iterators__my_reverse [#"03_std_iterators.rs" 94 0 94 37] - let%span s03_std_iterators0 = "03_std_iterators.rs" 96 36 96 55 + let%span s03_std_iterators0 = "03_std_iterators.rs" 96 34 96 54 let%span s03_std_iterators1 = "03_std_iterators.rs" 101 26 101 27 let%span s03_std_iterators2 = "03_std_iterators.rs" 101 22 101 27 let%span s03_std_iterators3 = "03_std_iterators.rs" 101 19 101 20 @@ -2390,57 +2246,49 @@ module M_03_std_iterators__my_reverse [#"03_std_iterators.rs" 94 0 94 37] let%span s03_std_iterators13 = "03_std_iterators.rs" 101 4 101 7 let%span s03_std_iterators14 = "03_std_iterators.rs" 101 4 101 7 let%span s03_std_iterators15 = "03_std_iterators.rs" 102 30 102 31 - let%span s03_std_iterators16 = "03_std_iterators.rs" 103 22 103 52 - let%span s03_std_iterators17 = "03_std_iterators.rs" 94 21 94 26 - let%span s03_std_iterators18 = "03_std_iterators.rs" 93 10 93 44 - let%span sslice19 = "../../../../creusot-contracts/src/std/slice.rs" 245 0 354 1 - let%span siter20 = "../../../../creusot-contracts/src/std/iter.rs" 165 27 165 48 - let%span siter21 = "../../../../creusot-contracts/src/std/iter.rs" 101 0 213 1 - let%span siter22 = "../../../../creusot-contracts/src/std/iter.rs" 167 26 167 62 - let%span smodel23 = "../../../../creusot-contracts/src/model.rs" 106 8 106 22 - let%span ssnapshot24 = "../../../../creusot-contracts/src/snapshot.rs" 52 20 52 39 - let%span s03_std_iterators25 = "03_std_iterators.rs" 89 8 89 60 - let%span s03_std_iterators26 = "03_std_iterators.rs" 82 8 82 58 - let%span szip27 = "../../../../creusot-contracts/src/std/iter/zip.rs" 46 12 49 95 - let%span siter28 = "../../../../creusot-contracts/src/std/iter.rs" 107 26 110 17 - let%span sslice29 = "../../../../creusot-contracts/src/std/slice.rs" 257 19 257 35 - let%span sslice30 = "../../../../creusot-contracts/src/std/slice.rs" 258 19 258 35 - let%span sslice31 = "../../../../creusot-contracts/src/std/slice.rs" 259 18 259 50 - let%span sindex32 = "../../../../creusot-contracts/src/logic/ops/index.rs" 45 8 45 31 - let%span sindex33 = "../../../../creusot-contracts/src/logic/ops/index.rs" 56 8 56 32 + let%span s03_std_iterators16 = "03_std_iterators.rs" 103 22 103 28 + let%span s03_std_iterators17 = "03_std_iterators.rs" 104 22 104 54 + let%span s03_std_iterators18 = "03_std_iterators.rs" 105 22 105 54 + let%span s03_std_iterators19 = "03_std_iterators.rs" 94 21 94 26 + let%span s03_std_iterators20 = "03_std_iterators.rs" 93 10 93 44 + let%span sslice21 = "../../../../creusot-contracts/src/std/slice.rs" 245 0 354 1 + let%span smodel22 = "../../../../creusot-contracts/src/model.rs" 106 8 106 22 + let%span siter23 = "../../../../creusot-contracts/src/std/iter.rs" 159 27 159 48 + let%span siter24 = "../../../../creusot-contracts/src/std/iter.rs" 97 0 205 1 + let%span siter25 = "../../../../creusot-contracts/src/std/iter.rs" 161 26 161 62 + let%span s03_std_iterators26 = "03_std_iterators.rs" 89 8 89 60 + let%span s03_std_iterators27 = "03_std_iterators.rs" 82 8 82 58 + let%span szip28 = "../../../../creusot-contracts/src/std/iter/zip.rs" 46 12 49 95 + let%span siter29 = "../../../../creusot-contracts/src/std/iter.rs" 103 26 106 17 + let%span sslice30 = "../../../../creusot-contracts/src/std/slice.rs" 257 19 257 35 + let%span sslice31 = "../../../../creusot-contracts/src/std/slice.rs" 258 19 258 35 + let%span sslice32 = "../../../../creusot-contracts/src/std/slice.rs" 259 18 259 50 + let%span sindex33 = "../../../../creusot-contracts/src/logic/ops/index.rs" 89 8 89 33 let%span sslice34 = "../../../../creusot-contracts/src/std/slice.rs" 28 14 28 41 let%span sslice35 = "../../../../creusot-contracts/src/std/slice.rs" 29 14 29 42 let%span smodel36 = "../../../../creusot-contracts/src/model.rs" 88 8 88 22 - let%span siter37 = "../../../../creusot-contracts/src/std/iter.rs" 86 20 86 24 + let%span siter37 = "../../../../creusot-contracts/src/std/iter.rs" 82 20 82 24 let%span szip38 = "../../../../creusot-contracts/src/std/iter/zip.rs" 14 14 14 39 let%span szip39 = "../../../../creusot-contracts/src/std/iter/zip.rs" 21 14 21 39 - let%span siter40 = "../../../../creusot-contracts/src/std/iter.rs" 92 8 92 19 - let%span szip41 = "../../../../creusot-contracts/src/std/iter/zip.rs" 55 15 55 24 - let%span szip42 = "../../../../creusot-contracts/src/std/iter/zip.rs" 56 14 56 45 - let%span szip43 = "../../../../creusot-contracts/src/std/iter/zip.rs" 61 15 61 21 - let%span szip44 = "../../../../creusot-contracts/src/std/iter/zip.rs" 62 15 62 21 - let%span szip45 = "../../../../creusot-contracts/src/std/iter/zip.rs" 63 15 63 21 - let%span szip46 = "../../../../creusot-contracts/src/std/iter/zip.rs" 64 15 64 32 - let%span szip47 = "../../../../creusot-contracts/src/std/iter/zip.rs" 65 15 65 32 - let%span szip48 = "../../../../creusot-contracts/src/std/iter/zip.rs" 66 14 66 42 - let%span srange49 = "../../../../creusot-contracts/src/std/iter/range.rs" 23 12 27 70 - let%span szip50 = "../../../../creusot-contracts/src/std/iter/zip.rs" 32 12 37 71 - let%span sresolve51 = "../../../../creusot-contracts/src/resolve.rs" 54 20 54 34 - let%span srange52 = "../../../../creusot-contracts/src/std/iter/range.rs" 33 15 33 24 - let%span srange53 = "../../../../creusot-contracts/src/std/iter/range.rs" 34 14 34 45 - let%span srange54 = "../../../../creusot-contracts/src/std/iter/range.rs" 39 15 39 21 - let%span srange55 = "../../../../creusot-contracts/src/std/iter/range.rs" 40 15 40 21 - let%span srange56 = "../../../../creusot-contracts/src/std/iter/range.rs" 41 15 41 21 - let%span srange57 = "../../../../creusot-contracts/src/std/iter/range.rs" 42 15 42 32 - let%span srange58 = "../../../../creusot-contracts/src/std/iter/range.rs" 43 15 43 32 - let%span srange59 = "../../../../creusot-contracts/src/std/iter/range.rs" 44 14 44 42 - let%span snum60 = "../../../../creusot-contracts/src/std/num.rs" 21 28 21 33 - let%span srange61 = "../../../../creusot-contracts/src/std/iter/range.rs" 15 12 15 78 - let%span sslice62 = "../../../../creusot-contracts/src/std/slice.rs" 18 20 18 30 - let%span sinvariant63 = "../../../../creusot-contracts/src/invariant.rs" 34 20 34 44 - let%span sinvariant64 = "../../../../creusot-contracts/src/invariant.rs" 24 8 24 18 - let%span sseq65 = "../../../../creusot-contracts/src/logic/seq.rs" 611 20 611 95 - let%span sboxed66 = "../../../../creusot-contracts/src/std/boxed.rs" 28 8 28 18 + let%span siter40 = "../../../../creusot-contracts/src/std/iter.rs" 88 8 88 19 + let%span szip41 = "../../../../creusot-contracts/src/std/iter/zip.rs" 55 14 55 45 + let%span szip42 = "../../../../creusot-contracts/src/std/iter/zip.rs" 60 15 60 32 + let%span szip43 = "../../../../creusot-contracts/src/std/iter/zip.rs" 61 15 61 32 + let%span szip44 = "../../../../creusot-contracts/src/std/iter/zip.rs" 62 14 62 42 + let%span srange45 = "../../../../creusot-contracts/src/std/iter/range.rs" 22 12 26 70 + let%span szip46 = "../../../../creusot-contracts/src/std/iter/zip.rs" 32 12 37 71 + let%span sresolve47 = "../../../../creusot-contracts/src/resolve.rs" 54 20 54 34 + let%span srange48 = "../../../../creusot-contracts/src/std/iter/range.rs" 32 14 32 45 + let%span srange49 = "../../../../creusot-contracts/src/std/iter/range.rs" 37 15 37 32 + let%span srange50 = "../../../../creusot-contracts/src/std/iter/range.rs" 38 15 38 32 + let%span srange51 = "../../../../creusot-contracts/src/std/iter/range.rs" 39 14 39 42 + let%span snum52 = "../../../../creusot-contracts/src/std/num.rs" 21 28 21 33 + let%span srange53 = "../../../../creusot-contracts/src/std/iter/range.rs" 14 12 14 78 + let%span sslice54 = "../../../../creusot-contracts/src/std/slice.rs" 18 20 18 30 + let%span sinvariant55 = "../../../../creusot-contracts/src/invariant.rs" 34 20 34 44 + let%span sinvariant56 = "../../../../creusot-contracts/src/invariant.rs" 24 8 24 18 + let%span sseq57 = "../../../../creusot-contracts/src/logic/seq.rs" 611 20 611 95 + let%span sboxed58 = "../../../../creusot-contracts/src/std/boxed.rs" 28 8 28 18 use prelude.prelude.Borrow @@ -2462,52 +2310,55 @@ module M_03_std_iterators__my_reverse [#"03_std_iterators.rs" 94 0 94 37] use seq.Seq - function view'2 (self : slice t_T'0) : Seq.seq t_T'0 + function view'1 (self : slice t_T'0) : Seq.seq t_T'0 - axiom view'2_spec : forall self : slice t_T'0 . ([%#sslice34] Seq.length (view'2 self) + axiom view'1_spec : forall self : slice t_T'0 . ([%#sslice34] Seq.length (view'1 self) <= UIntSize.to_int (v_MAX'0 : usize)) - && ([%#sslice35] view'2 self = Slice.id self) + && ([%#sslice35] view'1 self = Slice.id self) use seq.Seq - predicate inv'13 (_1 : t_T'0) + predicate inv'11 (_1 : t_T'0) predicate invariant'4 (self : t_T'0) = - [%#sboxed66] inv'13 self + [%#sboxed58] inv'11 self - predicate inv'12 (_1 : t_T'0) + predicate inv'10 (_1 : t_T'0) - axiom inv_axiom'12 [@rewrite] : forall x : t_T'0 [inv'12 x] . inv'12 x = invariant'4 x + axiom inv_axiom'10 [@rewrite] : forall x : t_T'0 [inv'10 x] . inv'10 x = invariant'4 x predicate invariant'3 (self : Seq.seq t_T'0) = - [%#sseq65] forall i : int . 0 <= i /\ i < Seq.length self -> inv'12 (Seq.get self i) + [%#sseq57] forall i : int . 0 <= i /\ i < Seq.length self -> inv'10 (Seq.get self i) - predicate inv'11 (_1 : Seq.seq t_T'0) + predicate inv'9 (_1 : Seq.seq t_T'0) - axiom inv_axiom'11 [@rewrite] : forall x : Seq.seq t_T'0 [inv'11 x] . inv'11 x = invariant'3 x + axiom inv_axiom'9 [@rewrite] : forall x : Seq.seq t_T'0 [inv'9 x] . inv'9 x = invariant'3 x predicate invariant'0 (self : slice t_T'0) = - [%#sslice62] inv'11 (view'2 self) + [%#sslice54] inv'9 (view'1 self) predicate inv'2 (_1 : slice t_T'0) axiom inv_axiom'2 [@rewrite] : forall x : slice t_T'0 [inv'2 x] . inv'2 x = invariant'0 x predicate invariant'2 (self : slice t_T'0) = - [%#sinvariant64] inv'2 self + [%#sinvariant56] inv'2 self predicate inv'4 (_1 : slice t_T'0) axiom inv_axiom'4 [@rewrite] : forall x : slice t_T'0 [inv'4 x] . inv'4 x = invariant'2 x - function view'3 (self : slice t_T'0) : Seq.seq t_T'0 = - [%#smodel36] view'2 self + function view'2 (self : slice t_T'0) : Seq.seq t_T'0 = + [%#smodel36] view'1 self let rec len'0 (self:slice t_T'0) (return' (ret:usize))= {[@expl:len 'self' type invariant] inv'4 self} any - [ return' (result:usize)-> {[%#sslice19] Seq.length (view'3 self) = UIntSize.to_int result} (! return' {result}) ] + [ return' (result:usize)-> {[%#sslice21] Seq.length (view'2 self) = UIntSize.to_int result} (! return' {result}) ] + function view'0 (self : borrowed (slice t_T'0)) : Seq.seq t_T'0 = + [%#smodel22] view'1 self.current + use prelude.prelude.Snapshot type t_Range'0 = @@ -2540,11 +2391,11 @@ module M_03_std_iterators__my_reverse [#"03_std_iterators.rs" 94 0 94 37] let rec zip'0 (self:t_Range'0) (other:t_Range'0) (return' (ret:t_Zip'0))= {[@expl:zip 'self' type invariant] inv'5 self} {[@expl:zip 'other' type invariant] inv'5 other} - {[@expl:zip requires] [%#siter20] into_iter_pre'0 other} + {[@expl:zip requires] [%#siter23] into_iter_pre'0 other} any [ return' (result:t_Zip'0)-> {inv'0 result} - {[%#siter21] itera'0 result = self} - {[%#siter22] into_iter_post'0 other (iterb'0 result)} + {[%#siter24] itera'0 result = self} + {[%#siter25] into_iter_post'0 other (iterb'0 result)} (! return' {result}) ] @@ -2555,8 +2406,8 @@ module M_03_std_iterators__my_reverse [#"03_std_iterators.rs" 94 0 94 37] [%#siter40] self = res let rec into_iter'0 (self:t_Zip'0) (return' (ret:t_Zip'0))= {[@expl:into_iter 'self' type invariant] inv'0 self} - {[@expl:into_iter requires] [%#siter21] into_iter_pre'1 self} - any [ return' (result:t_Zip'0)-> {inv'0 result} {[%#siter21] into_iter_post'1 self result} (! return' {result}) ] + {[@expl:into_iter requires] [%#siter24] into_iter_pre'1 self} + any [ return' (result:t_Zip'0)-> {inv'0 result} {[%#siter24] into_iter_post'1 self result} (! return' {result}) ] use prelude.prelude.Snapshot @@ -2566,19 +2417,10 @@ module M_03_std_iterators__my_reverse [#"03_std_iterators.rs" 94 0 94 37] use prelude.prelude.Snapshot - function view'0 (self : borrowed (slice t_T'0)) : Seq.seq t_T'0 = - [%#smodel23] view'2 self.current - use prelude.prelude.Snapshot use prelude.prelude.Snapshot - function view'4 (self : borrowed (slice t_T'0)) : Seq.seq t_T'0 = - [%#smodel36] view'0 self - - function view'1 (self : Snapshot.snap_ty (borrowed (slice t_T'0))) : Seq.seq t_T'0 = - [%#ssnapshot24] view'4 (Snapshot.inner self) - use prelude.prelude.Snapshot use seq.Seq @@ -2588,12 +2430,12 @@ module M_03_std_iterators__my_reverse [#"03_std_iterators.rs" 94 0 94 37] predicate equiv_reverse_range'0 [#"03_std_iterators.rs" 87 0 87 81] (s1 : Seq.seq t_T'0) (s2 : Seq.seq t_T'0) (l : int) (u : int) (n : int) = - [%#s03_std_iterators25] forall i : int . l <= i /\ i < u -> Seq.get s1 i = Seq.get s2 (n - i) + [%#s03_std_iterators26] forall i : int . l <= i /\ i < u -> Seq.get s1 i = Seq.get s2 (n - i) predicate equiv_range'0 [#"03_std_iterators.rs" 80 0 80 65] (s1 : Seq.seq t_T'0) (s2 : Seq.seq t_T'0) (l : int) (u : int) = - [%#s03_std_iterators26] forall i : int . l <= i /\ i < u -> Seq.get s1 i = Seq.get s2 i + [%#s03_std_iterators27] forall i : int . l <= i /\ i < u -> Seq.get s1 i = Seq.get s2 i use prelude.prelude.Snapshot @@ -2603,10 +2445,6 @@ module M_03_std_iterators__my_reverse [#"03_std_iterators.rs" 94 0 94 37] use seq.Seq - predicate inv'6 (_1 : Seq.seq usize) - - axiom inv_axiom'6 [@rewrite] : forall x : Seq.seq usize [inv'6 x] . inv'6 x = true - use seq.Seq use seq.Seq @@ -2618,10 +2456,10 @@ module M_03_std_iterators__my_reverse [#"03_std_iterators.rs" 94 0 94 37] use seq.Seq function deep_model'0 (self : usize) : int = - [%#snum60] UIntSize.to_int self + [%#snum52] UIntSize.to_int self predicate produces'1 (self : t_Range'0) (visited : Seq.seq usize) (o : t_Range'0) = - [%#srange49] self.t_Range__end'0 = o.t_Range__end'0 + [%#srange45] self.t_Range__end'0 = o.t_Range__end'0 /\ deep_model'0 self.t_Range__start'0 <= deep_model'0 o.t_Range__start'0 /\ (Seq.length visited > 0 -> deep_model'0 o.t_Range__start'0 <= deep_model'0 o.t_Range__end'0) /\ Seq.length visited = deep_model'0 o.t_Range__start'0 - deep_model'0 self.t_Range__start'0 @@ -2631,21 +2469,15 @@ module M_03_std_iterators__my_reverse [#"03_std_iterators.rs" 94 0 94 37] function produces_trans'1 (a : t_Range'0) (ab : Seq.seq usize) (b : t_Range'0) (bc : Seq.seq usize) (c : t_Range'0) : () - axiom produces_trans'1_spec : forall a : t_Range'0, ab : Seq.seq usize, b : t_Range'0, bc : Seq.seq usize, c : t_Range'0 . ([%#srange54] inv'5 a) - -> ([%#srange55] inv'5 b) - -> ([%#srange56] inv'5 c) - -> ([%#srange57] produces'1 a ab b) - -> ([%#srange58] produces'1 b bc c) -> ([%#srange59] produces'1 a (Seq.(++) ab bc) c) + axiom produces_trans'1_spec : forall a : t_Range'0, ab : Seq.seq usize, b : t_Range'0, bc : Seq.seq usize, c : t_Range'0 . ([%#srange49] produces'1 a ab b) + -> ([%#srange50] produces'1 b bc c) -> ([%#srange51] produces'1 a (Seq.(++) ab bc) c) function produces_refl'1 (self : t_Range'0) : () - axiom produces_refl'1_spec : forall self : t_Range'0 . ([%#srange52] inv'5 self) - -> ([%#srange53] produces'1 self (Seq.empty : Seq.seq usize) self) + axiom produces_refl'1_spec : forall self : t_Range'0 . [%#srange48] produces'1 self (Seq.empty : Seq.seq usize) self predicate produces'0 (self : t_Zip'0) (visited : Seq.seq (usize, usize)) (o : t_Zip'0) = - [%#szip27] exists p1 : Seq.seq usize, p2 : Seq.seq usize . inv'6 p1 - /\ inv'6 p2 - /\ Seq.length p1 = Seq.length p2 + [%#szip28] exists p1 : Seq.seq usize, p2 : Seq.seq usize . Seq.length p1 = Seq.length p2 /\ Seq.length p2 = Seq.length visited /\ (forall i : int . 0 <= i /\ i < Seq.length visited -> Seq.get visited i = (Seq.get p1 i, Seq.get p2 i)) /\ produces'1 (itera'0 self) p1 (itera'0 o) /\ produces'1 (iterb'0 self) p2 (iterb'0 o) @@ -2653,49 +2485,44 @@ module M_03_std_iterators__my_reverse [#"03_std_iterators.rs" 94 0 94 37] function produces_trans'0 (a : t_Zip'0) (ab : Seq.seq (usize, usize)) (b : t_Zip'0) (bc : Seq.seq (usize, usize)) (c : t_Zip'0) : () - axiom produces_trans'0_spec : forall a : t_Zip'0, ab : Seq.seq (usize, usize), b : t_Zip'0, bc : Seq.seq (usize, usize), c : t_Zip'0 . ([%#szip43] inv'0 a) - -> ([%#szip44] inv'0 b) - -> ([%#szip45] inv'0 c) - -> ([%#szip46] produces'0 a ab b) -> ([%#szip47] produces'0 b bc c) -> ([%#szip48] produces'0 a (Seq.(++) ab bc) c) + axiom produces_trans'0_spec : forall a : t_Zip'0, ab : Seq.seq (usize, usize), b : t_Zip'0, bc : Seq.seq (usize, usize), c : t_Zip'0 . ([%#szip42] produces'0 a ab b) + -> ([%#szip43] produces'0 b bc c) -> ([%#szip44] produces'0 a (Seq.(++) ab bc) c) function produces_refl'0 (self : t_Zip'0) : () - axiom produces_refl'0_spec : forall self : t_Zip'0 . ([%#szip41] inv'0 self) - -> ([%#szip42] produces'0 self (Seq.empty : Seq.seq (usize, usize)) self) + axiom produces_refl'0_spec : forall self : t_Zip'0 . [%#szip41] produces'0 self (Seq.empty : Seq.seq (usize, usize)) self predicate inv'1 (_1 : Seq.seq (usize, usize)) axiom inv_axiom'1 [@rewrite] : forall x : Seq.seq (usize, usize) [inv'1 x] . inv'1 x = true - predicate inv'7 (_1 : borrowed (t_Zip'0)) + use prelude.prelude.Snapshot + + predicate inv'6 (_1 : borrowed (t_Zip'0)) - axiom inv_axiom'7 [@rewrite] : forall x : borrowed (t_Zip'0) [inv'7 x] . inv'7 x = true + axiom inv_axiom'6 [@rewrite] : forall x : borrowed (t_Zip'0) [inv'6 x] . inv'6 x = true type t_Option'0 = | C_None'0 | C_Some'0 (usize, usize) - predicate inv'8 (_1 : t_Option'0) + predicate inv'7 (_1 : t_Option'0) - axiom inv_axiom'8 [@rewrite] : forall x : t_Option'0 [inv'8 x] . inv'8 x = true - - predicate inv'9 (_1 : borrowed (t_Range'0)) - - axiom inv_axiom'9 [@rewrite] : forall x : borrowed (t_Range'0) [inv'9 x] . inv'9 x = true + axiom inv_axiom'7 [@rewrite] : forall x : t_Option'0 [inv'7 x] . inv'7 x = true predicate resolve'6 (self : borrowed (t_Range'0)) = - [%#sresolve51] self.final = self.current + [%#sresolve47] self.final = self.current predicate completed'1 (self : borrowed (t_Range'0)) = - [%#srange61] resolve'6 self + [%#srange53] resolve'6 self /\ deep_model'0 (self.current).t_Range__start'0 >= deep_model'0 (self.current).t_Range__end'0 predicate resolve'4 (_1 : borrowed (t_Range'0)) = resolve'6 _1 - predicate inv'10 (_1 : usize) + predicate inv'8 (_1 : usize) - axiom inv_axiom'10 [@rewrite] : forall x : usize [inv'10 x] . inv'10 x = true + axiom inv_axiom'8 [@rewrite] : forall x : usize [inv'8 x] . inv'8 x = true use seq.Seq @@ -2703,21 +2530,19 @@ module M_03_std_iterators__my_reverse [#"03_std_iterators.rs" 94 0 94 37] true predicate completed'0 (self : borrowed (t_Zip'0)) = - [%#szip50] exists a : borrowed (t_Range'0), b : borrowed (t_Range'0) . inv'9 a - /\ inv'9 b - /\ a.current = itera'0 self.current + [%#szip46] exists a : borrowed (t_Range'0), b : borrowed (t_Range'0) . a.current = itera'0 self.current /\ b.current = iterb'0 self.current /\ a.final = itera'0 self.final /\ b.final = iterb'0 self.final /\ (completed'1 a /\ resolve'4 b - \/ (exists x : usize . inv'10 x /\ produces'1 a.current (Seq.singleton x) a.final /\ resolve'5 x /\ completed'1 b)) + \/ (exists x : usize . inv'8 x /\ produces'1 a.current (Seq.singleton x) a.final /\ resolve'5 x /\ completed'1 b)) use seq.Seq - let rec next'0 (self:borrowed (t_Zip'0)) (return' (ret:t_Option'0))= {[@expl:next 'self' type invariant] inv'7 self} + let rec next'0 (self:borrowed (t_Zip'0)) (return' (ret:t_Option'0))= {[@expl:next 'self' type invariant] inv'6 self} any - [ return' (result:t_Option'0)-> {inv'8 result} - {[%#siter28] match result with + [ return' (result:t_Option'0)-> {inv'7 result} + {[%#siter29] match result with | C_None'0 -> completed'0 self | C_Some'0 v -> produces'0 self.current (Seq.singleton v) self.final end} @@ -2725,7 +2550,7 @@ module M_03_std_iterators__my_reverse [#"03_std_iterators.rs" 94 0 94 37] predicate resolve'2 (self : borrowed (t_Zip'0)) = - [%#sresolve51] self.final = self.current + [%#sresolve47] self.final = self.current predicate resolve'0 (_1 : borrowed (t_Zip'0)) = resolve'2 _1 @@ -2738,7 +2563,7 @@ module M_03_std_iterators__my_reverse [#"03_std_iterators.rs" 94 0 94 37] predicate invariant'1 (self : borrowed (slice t_T'0)) = - [%#sinvariant63] inv'2 self.current /\ inv'2 self.final + [%#sinvariant55] inv'2 self.current /\ inv'2 self.final predicate inv'3 (_1 : borrowed (slice t_T'0)) @@ -2747,21 +2572,20 @@ module M_03_std_iterators__my_reverse [#"03_std_iterators.rs" 94 0 94 37] use seq.Permut let rec swap'0 (self:borrowed (slice t_T'0)) (a:usize) (b:usize) (return' (ret:()))= {[@expl:swap 'self' type invariant] inv'3 self} - {[@expl:swap requires #0] [%#sslice29] UIntSize.to_int a < Seq.length (view'0 self)} - {[@expl:swap requires #1] [%#sslice30] UIntSize.to_int b < Seq.length (view'0 self)} + {[@expl:swap requires #0] [%#sslice30] UIntSize.to_int a < Seq.length (view'0 self)} + {[@expl:swap requires #1] [%#sslice31] UIntSize.to_int b < Seq.length (view'0 self)} any - [ return' (result:())-> {[%#sslice31] Permut.exchange (view'2 self.final) (view'0 self) (UIntSize.to_int a) (UIntSize.to_int b)} + [ return' (result:())-> {[%#sslice32] Permut.exchange (view'1 self.final) (view'0 self) (UIntSize.to_int a) (UIntSize.to_int b)} (! return' {result}) ] - function index_logic'0 [@inline:trivial] (self : slice t_T'0) (ix : int) : t_T'0 = - [%#sindex32] Seq.get (view'2 self) ix + use prelude.prelude.Snapshot - function index_logic'1 [@inline:trivial] (self : slice t_T'0) (ix : usize) : t_T'0 = - [%#sindex33] Seq.get (view'2 self) (UIntSize.to_int ix) + function index_logic'0 [@inline:trivial] (self : Snapshot.snap_ty (Seq.seq t_T'0)) (ix : int) : t_T'0 = + [%#sindex33] Seq.get (Snapshot.inner self) ix predicate resolve'3 (self : borrowed (slice t_T'0)) = - [%#sresolve51] self.final = self.current + [%#sresolve47] self.final = self.current predicate resolve'1 (_1 : borrowed (slice t_T'0)) = resolve'3 _1 @@ -2772,16 +2596,18 @@ module M_03_std_iterators__my_reverse [#"03_std_iterators.rs" 94 0 94 37] use prelude.prelude.Snapshot + use prelude.prelude.Snapshot + use seq.Reverse use seq.Seq meta "compute_max_steps" 1000000 - let rec my_reverse'0 (slice:borrowed (slice t_T'0)) (return' (ret:()))= {[@expl:my_reverse 'slice' type invariant] [%#s03_std_iterators17] inv'3 slice} + let rec my_reverse'0 (slice:borrowed (slice t_T'0)) (return' (ret:()))= {[@expl:my_reverse 'slice' type invariant] [%#s03_std_iterators19] inv'3 slice} (! bb0 [ bb0 = s0 [ s0 = len'0 {slice.current} (fun (_ret':usize) -> [ &n <- _ret' ] s1) | s1 = bb1 ] - | bb1 = s0 [ s0 = [ &old_v <- [%#s03_std_iterators0] Snapshot.new slice ] s1 | s1 = bb2 ] + | bb1 = s0 [ s0 = [ &old_v <- [%#s03_std_iterators0] Snapshot.new (view'0 slice) ] s1 | s1 = bb2 ] | bb2 = s0 [ s0 = UIntSize.eq {[%#s03_std_iterators1] (2 : usize)} {[%#s03_std_iterators2] (0 : usize)} (fun (_ret':bool) -> [ &_12 <- _ret' ] s1) @@ -2814,11 +2640,11 @@ module M_03_std_iterators__my_reverse [#"03_std_iterators.rs" 94 0 94 37] {[@expl:for invariant] [%#s03_std_iterators13] inv'0 iter} {[@expl:for invariant] [%#s03_std_iterators13] produces'0 (Snapshot.inner iter_old) (Snapshot.inner produced) iter} {[@expl:loop invariant #0] [%#s03_std_iterators12] UIntSize.to_int n = Seq.length (view'0 slice)} - {[@expl:loop invariant #1] [%#s03_std_iterators11] equiv_range'0 (view'0 slice) (view'1 old_v) (Seq.length (Snapshot.inner produced)) (UIntSize.to_int n + {[@expl:loop invariant #1] [%#s03_std_iterators11] equiv_range'0 (view'0 slice) (Snapshot.inner old_v) (Seq.length (Snapshot.inner produced)) (UIntSize.to_int n - Seq.length (Snapshot.inner produced))} - {[@expl:loop invariant #2] [%#s03_std_iterators10] equiv_reverse_range'0 (view'0 slice) (view'1 old_v) 0 (Seq.length (Snapshot.inner produced)) (UIntSize.to_int n + {[@expl:loop invariant #2] [%#s03_std_iterators10] equiv_reverse_range'0 (view'0 slice) (Snapshot.inner old_v) 0 (Seq.length (Snapshot.inner produced)) (UIntSize.to_int n - 1)} - {[@expl:loop invariant #3] [%#s03_std_iterators9] equiv_reverse_range'0 (view'0 slice) (view'1 old_v) (UIntSize.to_int n + {[@expl:loop invariant #3] [%#s03_std_iterators9] equiv_reverse_range'0 (view'0 slice) (Snapshot.inner old_v) (UIntSize.to_int n - Seq.length (Snapshot.inner produced)) (UIntSize.to_int n) (UIntSize.to_int n - 1)} (! s0) [ s0 = bb10 ] [ bb10 = s0 @@ -2859,12 +2685,16 @@ module M_03_std_iterators__my_reverse [#"03_std_iterators.rs" 94 0 94 37] | s7 = bb17 ] | bb17 = s0 - [ s0 = {[@expl:assertion] [%#s03_std_iterators16] index_logic'0 (Snapshot.inner old_v).current (UIntSize.to_int n + [ s0 = {[@expl:assertion] [%#s03_std_iterators16] i = j} s1 + | s1 = {[@expl:assertion] [%#s03_std_iterators17] Seq.get (view'0 slice) (UIntSize.to_int i) + = index_logic'0 old_v (UIntSize.to_int n - UIntSize.to_int j - 1)} + s2 + | s2 = {[@expl:assertion] [%#s03_std_iterators18] Seq.get (view'0 slice) (UIntSize.to_int n - UIntSize.to_int j - 1) - = index_logic'1 slice.current i} - s1 - | s1 = bb9 ] + = index_logic'0 old_v (UIntSize.to_int i)} + s3 + | s3 = bb9 ] ] ] @@ -2873,7 +2703,7 @@ module M_03_std_iterators__my_reverse [#"03_std_iterators.rs" 94 0 94 37] [ & _0 : () = any_l () | & slice : borrowed (slice t_T'0) = slice | & n : usize = any_l () - | & old_v : Snapshot.snap_ty (borrowed (slice t_T'0)) = any_l () + | & old_v : Snapshot.snap_ty (Seq.seq t_T'0) = any_l () | & iter : t_Zip'0 = any_l () | & _8 : t_Zip'0 = any_l () | & _9 : t_Range'0 = any_l () @@ -2897,7 +2727,7 @@ module M_03_std_iterators__my_reverse [#"03_std_iterators.rs" 94 0 94 37] | & _43 : usize = any_l () | & old_9_0 : Snapshot.snap_ty (borrowed (slice t_T'0)) = any_l () ] - [ return' (result:())-> {[@expl:my_reverse ensures] [%#s03_std_iterators18] Seq.(==) (view'2 slice.final) (Reverse.reverse (view'0 slice))} + [ return' (result:())-> {[@expl:my_reverse ensures] [%#s03_std_iterators20] Seq.(==) (view'1 slice.final) (Reverse.reverse (view'0 slice))} (! return' {result}) ] end diff --git a/creusot/tests/should_succeed/iterators/03_std_iterators.rs b/creusot/tests/should_succeed/iterators/03_std_iterators.rs index 649482e22..4b8892881 100644 --- a/creusot/tests/should_succeed/iterators/03_std_iterators.rs +++ b/creusot/tests/should_succeed/iterators/03_std_iterators.rs @@ -93,13 +93,15 @@ fn equiv_reverse_range(s1: Seq, s2: Seq, l: Int, u: Int, n: Int) -> boo #[ensures((^slice)@.ext_eq(slice@.reverse()))] pub fn my_reverse(slice: &mut [T]) { let n = slice.len(); - let old_v: Snapshot<&mut [T]> = snapshot! { slice }; + let old_v: Snapshot> = snapshot! { slice@ }; #[invariant(n@ == slice@.len())] - #[invariant(equiv_range(slice@, old_v@, produced.len(), n@-produced.len()))] - #[invariant(equiv_reverse_range(slice@, old_v@, 0, produced.len(), n@-1))] - #[invariant(equiv_reverse_range(slice@, old_v@, n@-produced.len(), n@, n@-1))] + #[invariant(equiv_range(slice@, *old_v, produced.len(), n@-produced.len()))] + #[invariant(equiv_reverse_range(slice@, *old_v, 0, produced.len(), n@-1))] + #[invariant(equiv_reverse_range(slice@, *old_v, n@-produced.len(), n@, n@-1))] for (i, j) in (0..n / 2).zip(0..n / 2) { slice.swap(i, n - j - 1); - proof_assert!(old_v[n@ - j@ - 1] == slice[i]); + proof_assert!(i == j); + proof_assert!(slice@[i@] == old_v[n@ - j@ - 1]); + proof_assert!(slice@[n@ - j@ - 1] == old_v[i@]); } } diff --git a/creusot/tests/should_succeed/iterators/03_std_iterators/why3session.xml b/creusot/tests/should_succeed/iterators/03_std_iterators/why3session.xml index 8ef71b74a..bdca7a90e 100644 --- a/creusot/tests/should_succeed/iterators/03_std_iterators/why3session.xml +++ b/creusot/tests/should_succeed/iterators/03_std_iterators/why3session.xml @@ -20,12 +20,12 @@ - + - + @@ -35,102 +35,102 @@ - + - + - + - + - + - + - + - + - + - + - + - + - + - + - + - + - + - + - + - + - + - + - + - + - + - + - + - + - + @@ -145,16 +145,16 @@ - + - + - + @@ -169,7 +169,7 @@ - + @@ -184,76 +184,98 @@ - + - + - + - + - + - + - + - + - + - + - + - + - - + + - - + + - - + + - - - - - - - - - - - - - - - - + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + diff --git a/creusot/tests/should_succeed/iterators/03_std_iterators/why3shapes.gz b/creusot/tests/should_succeed/iterators/03_std_iterators/why3shapes.gz index 902df7554fda6a693a9c0414f4d68808587b990b..3ecf27ac9653667043d29a7928190d0a1c167c3e 100644 GIT binary patch literal 6595 zcmV;!89e46iwFP!00000|LuEOj~q9a?tA`<1m>ac9bo{Th1e!a(H-n`0*@^|MTzL#~=Lr{J8y?A0GGj zcmKIn+kgMR8~@sW+~=RJun~Tr8u7+|_uAj)yYHWVI5a%n-|X+6{KuRBdGr6T#BSsF zcOU)3-rqf4sRn+mKd)>9yP+`cARFvDmN==~c0*y>0UGW)V8gqiuzBk0 zL?d@Yp)Th8{8ZU}$mQlS|9B-D)o8!JOZn%U+xzeLv8%cE-!*zz=Dd3qKopJMz45Qt zd(6Zm8nxT__Ye2!L(Gp?qA~u}tHw3}4dC^(0mMqBsa?gK0+7$|-aq}b0h)=L8t4Tf z8|WobOVd8sfb9Bk1HEKwY1&6Lpt?TLfZC0v&D$sc_U5nmclk;T#EpM@^SAqV`ARem z=x!7>pm$?w^Vh%n*N0vt8Z^7fJvY)D6l8)%9B+@87+@%}+Tk zyHJC=9*LWMI%=q65BojQKcuNtS`r5(Ky%%1J(}HacfGcfLAclFx3EEOkgkV~>Pv^l ziI}1|R-E>XT%sl2VL}*H0*+Op?Nb@3^F8HvR^`v0!KC;;D|JdcB-A*ym71slr zLLCTp_oj!dx~bnCZFB@7#P!%^w`sY!X>odU5f1m$$wpT2mPg=S8&(GW+8{|4BuBs= zuuCkki$?5{BX-FJcHxL!JYrWZE$~f`_@+mE(`)!&C4b`E z*Mx6pPz~GtT0$3!8FZl-Pd7GVFww+NM}uWZ)iQiNKmu0C!XwD44M&i*=p!0hgS8nM zU-ozYw)?>iFB;>AhlgB;_svsSeD~pL0*jqmb+|agNF0b9p(l28_w_&IhkdJ{ot~~C z>tx0g$U5ngz zUP5zJtk(A+2%PSGr|skTqd|uS@C^SzAI8)bOnXv`Ts`wk2!=U~susiKIS9rIvuhBH z-Pm;q#svhcDFo~5USCnqAb3q9E7TMBQso6g(;!sdJ&V=UAdXm#3#_Ky1?Qr}VUj&F z@+72pJjshR{u97`{Tc;3sDi1guz5S!oBrwM@BSb8O4MFWBL=V*16Yeq*VWg1q3Zo` zGg61hcUPj}1rERQ|J64{vFqoeM){|kzx`wXewa(H`R;AkZZ2rduoY&Q3mUsV7c@4` zV-nTZ9>GtH;3w7$K%5$YFajxzKnfGz9IJ2s>Qw{PCE3uLc?b=eUilj`6Mb(;4abAdnTsSF zQVr=0}manX8z7jxfSBWNG)?s999ng+!6;isMdG>x5hhW4mVE3koTm#;7av(q?? z81)g~mnIx>~D%?&IzK^Zw&yL#vl@dH=&5a7N;jQH!lwkAk%Dy)Z9&NdK<3tOYto z!wpUcLsks8MZ~ua8dorf*7le}uvn=C(;@!?-G{g_(xQP|*q0s1&&jK`O74(Qf{JSGXT^pw^jPeeLF*e}A*T`*@BKI*kgwGgD2!kx=Xspc|Iw zWZbZ7SWhG@54RiJg@o;jgzaChd;H{s0sAE!T)zN~H;cn{(eO9xhxg4V07%bA4<8cN z;iGbMKn@9w#KAPbgv&lpEqB+4kSEIuKZ6g$JjoX^4*@+M0>y{ERi_pfLwloF>v_g9 z9o0aC&0?(Tb!Zwn9MdHFaJ8G^W;ch6-46GCsIZvBU42B875njBb()xk7* zfv55%uo~xEjBQ}dm%zDv$zs?%_&=sY;JJJWoXD3{M!I~-G_T&K317GFi5T0?r$#_` z(S|d=Zgq85QzNyZj$L(vVHzLBmc%qaHu#z_U;8dPv*!tF| z8}lr%$g@B_MBhykEh}?=YWf9^BXlrE=-~47i+{TLfBx?KE(RC-CnDoQR`N2(1NvEy z8?I|~Y+P$Rq-f?5zG*ON4O8F^$fX&G%j{RS3jM{AYP`Th$k1IsYWpiJ|{e)KGmc@>NMmsEJ zz9|vJCJ%BsWwlMu^L{GgL$s{pdkC{lNG|N@<;VubbZDE|n;H&te-e(l_m7pOF&X%{ z@Wod-fx(?RcuEH|I*LhPu=kvfWj3CH)0Xc1kn~d>#trPud4bLGf$W)>bXYman{xkf z!f`tE94zO>*aPVrHR$BIKY>0Q|N3p+wBAtp=~T|a@88y>LD%i4=5)8s?fw1xV<)zo zwqHdWgjB_H(b|TA{fO5SW{!9s`Zg%u)=TvS&y#L7_JRw19-8~m3yRTcFZ;Vm5jMxS zRLf=CxN=jCjeegtclqbD&eiBYZKl^SeAZ-Zw{h1#y^lLeLO062J^X7 zcL@*mOv-a-@**O0D|_InORVKv#eJW@$lk_ zcylHZzslBgbB+o1Lpp4dW#?Jt>$eS`y6f63zkS>Asavk=&}xxA^$5Ve#3O*WHQe~z zh1@W{tsebzH*&*RS>_ctc=}X;@pGOE9D>rPp7z7}r~N!U?XPahZY<58Y~t|xABWff zI8VjXm?;<&1@i};JXp{?7|?u(`;X5+*!eNZrQ zT-t;?^x46=mjf%6w)4>zS^FX14vTy{wE6a$LNe_W;AxXytL&c;ED|q6zJ2n}uD%D@ zjisShHHf>hG}P*jy8}@XzhP^22@GV;C3P zM=nDIC+$DZIT`y^XCi-}AGY@&^Fz74|7j9o9xSCZqn8V!#e(Rf1sz7srs1-gaX0S%>4*IAyf=1+#JXQ5hesv;P<3hn&xKS*5%oB5m}1T*OdAfY zsG|wSj)xwv#}{D(5_dY?)piHt-G`?OJw|oHV^l}`zDR5ICvfKBwUK}-jXkPq+c`sb+qSNy{(M9S47iq}S z?|xo8;G8nRMcOb@-zVHW{^U>I^4~2uUFO>_ray~4f45x67Za^#{O9;XJ=hZ+!cU-hw9q+= z9WM7x(~YjL#8zf$$xb2L@6(|BM^hcUe+vkDMt$OEb8-Rc=eS!e=3?XJ!a&`z+Mm&u zb89_uw_Pl%OKqV`*7dCQa8Vrc5_f&{@#|U|SUB)Q2ty3+c`a>*QkN+`e1<=Ep}CLW zKTfuThi;qBU%ax7yq@)xLx;r&=W2M6tcD;!@4I8~vmX+JLkB&N5||+rWriq$>0Qvq zUe9`tdAL3eC&zC9YH4%Gu8yT;7y-r@5a3ZDVVY?^3IkMcUv|FzJeHu=D!I>!FFyh3 zg9-L13{dm4&_=0v{$LZ=D*KnCN1p)n!35ba4Qh05ENzDHfgS@1{pG3K4_}AUW(XbF zF^FL2K?D-x)ATXnOoNrsevLZoJ$*6Sxy#qj`~RH-zvz9^x$b&@v2k_1YW$oww5Y|L z>lOQ@eV_lC$i8n!oiu8XOw^ic{H&Q8qEDQvA!;MB^jWw!glp+@Mbm#1{3#4$`@|dd zmoVIZCUe#i`NFGc%@_WR%jj8u=}T|Sm$>|%b-32^VilQ&Q?`;9Yk_NZWcx6uAo77QM=-2~ z)IljFI2OfQU!fO0I}`;<%&*~SosAr(W)C6}$TPMOcA zUo2}R$u<{;;Jq*8H7BEl@gWwu)#$Wv8tT8FJxio$6blg2u(df;wmx$NYY?*#wAIpS zcACC;A_c%I`5289Qsfk)%*p#m#Z!`YtF_bWW#$6wmBvuC)}D$-&)O)m(xV_Hv)UTr zv~}9N*o;1VmP$jAf=TCGqOjFUV_s%P!6XxBlMLyQl3>p&O>LOT%3fshVFrA!V4IuNkYDH1@=RD6cOo|Cd5EXh<7 zLCjlduR^$(pp}qKVQaMwoGFDMNl{K&3zH~@Er4`TxvbahClC%r6~#b0lP*^0Xku2@ z3bfYC%xMeto(1Ee-m;)RiFheiAu5wWXbs3BY3Xy$=%Y6!`z;_ksCPL+_y2{2lM<$6 zDVlx~`^6J^ zzz8|ivz9`PJ_~D6>mWf;pdhzEMN%24GtPjd z1JVvi^=1C-`4~zF5TXqLMtOi3t$-4PwK8iChxyEl&MS>pib@tNN(wU9NmYpg3Rq?2aiQl zk*H)TF;EdCJs6EWb5i_f43f%57|ark_9Z4SGIJ0hqK~QCwJmx`bRc{5_zjtjg;Vxy zWDY7QWjIP^jM;l;m4xcd1p0M(Ql_A^l(R;T8U+X~6{;Xppk!MlM8gg=I?&)i3kS+N zP{x6(p0jeGqyxnc6gg1nK!F2QWo;eEsvz2dR1T!vNYp|~X$mWyr3Rl%$jV0cIeBgM z7PNGr>xA@TlL8f0QqU?}#R|cvB+){QtWvbeZovo#+B(q2fvzC|^`Z;})+Mrq2r>gD zPZ(6n#c~44oJ7ZffnSt~q@)$XdMi><-e;fC$E>9=GNhm?6Xd|)FV0BeD3z#}ph?Ma zl3H1l6bXZdWxeuSX=n#VIWW>etAM{8L!7;am>?)FDwQMz1xSf0Q%GRUVS9c>rc_cG zJ(%oOB9*N75Tan=buk8+=iBuwGKNAK#fE~)hNwszDTf@rjhql`w9Zy()%cqERT(oz zb2R8nvR+xihEfEJhD5fch2DZi2Nr%4<}_NJSz@+qqD9hH8}v4jCqvP~7A!lk^qVnQ zsDuQPytPRO3M4~Dp+f;tN|EXqu1tPKOe?541z?OCQ&uVG0!Bgh zY#DvQmT9cE*;mH6iBe${Qjzl33Y8d4NV$f4K%&Ae3h7YrSIKFitO_DTOU95= z0;;)D-O(+I%B=co7l2Z;U}Z!ig9O&5P(-pN)!>ZRuti}V3iDMjB3Q7>qY8n207;;8 zRFXYP%t>P0B7j2>U;RR4^u*cZ1R-m(!6#DLO06SimO8Z&6$IlDv_nu1K{~8XRE@0m z&Kd%K6^rp2B}EMsJz1}978qot63A#xIk(XnY_q25u;xusI0XB zA{mFIzo|thTMD8l=`B&t5P=~Y0wf(cTd_qJ4#|FV3lA8x4nWpM8%YvVlA;tFQnCUp z)dV&&I;^I`H?roObe2ZOg2HeTp}u^Q5(Nd^MXjWMDNLH!%Pai%*G2$(R$G+Ch} zhb|7q`VS=(;e`n*6ex-~0HC3itha0f8VIS2Z5jAeFndy&Rw`NoU5phzMdhsu z)$S0Iu@{W^!wE(eK~U4x1(E``RH({{E!nKe^cth>%Lqnmhg!Xea8OH!^})wPK&Z)K zE0|75sOy}cDs(_bC$sjXkpUGk literal 6434 zcmV+-8Qta|iwFP!00000|LuI+jvP0V=zD!d0sGMBtg!$ig4YA<0D>?LHn2MnyMx5O zHF&iP)9RMHTe4@qe!p}Z|L0%#Pd~bM>1qEVJw6>C z?*HFj?*H}w?%XT);gEj5!j8E^?AUAf{VR8u?tggxaT<7jxINrIyAQYj@%q27*!9jG z?mxK4gS&sek{$e1eqNalu4`isAUYfXbcffqF$drs4FIyE>)MzDK*t9F?D%zU?4E}{ z)`{!dD4Y2qJr{BxQ@(vlKV7j-cFG;@WBTRx?%{_+7bkXdfBma_H9-;UP+!k~7d{RG)Dc$R9q#Ybqq|Q(yYIdmessv))8YPyyY&2U z-x0i?v19`85H7&&P`n<6qP8wUyID~BU2P+dtpL|$vRnV~{ysi!0^BTk0fiSg?p22~ zKBBpvu>^4?PGB0sa1=N0F+DxpeJH2mA08hceopb~?cY089f}U+%^MdU-oCp_&nd1! zs6$n*#O)y-4HVqzyl3)v$d1T+?(@9*dgzbZt6jet!Z$^ zrofH`r@teYNXc-S5SmE9u}JhVg@Cf&b9%ge_wZD13KsB2;&A>AO*Q?dw)C5s>o?u>n{N6||F3@gy!x%bCI746 zz9#*4Myp|eUTf8bY@xc4wcCvyt1cR=eN;U|DxTr1suHlMEId+KW#C9z)%x^F-?YI}JAG)ny|ilY$`f7cQ#2i_>-q2LR*Xlu zFia~2x46nhBZVTa9l<$8yhIu~PURYWj7nZDjlA7IeoiGX(I(}Ga|IUIC_+@CGUx$U zMo0~ccc!~g&os({YcS3RvLhThwA9PR|F4X|x$F)1t>GUbO&j0~4Ge0+DLa@$Qm;El z;@3t1mWo{VT2!1f0$3FNmJz@KciRZy$_U805l}ayyrNndfh~zF#)kOFRlc$jRGG@J zU$hp~VY`5}H4R>0a4&|dNn#{MoHQx}P2wVn{|NK4ZOFk?QP4#cc5kZ3>z;4_=Kh|p zSb^#~R?P*g=7Q}8P**Hdk^5?!X|M_RSFGbJOYqwL|8XF&>v1jWq2zFq$ePGzE#R57lxF!g@j5 zH7C4YMmIF&!lq;x73XBQ0@W<=ssoD4_V#^|IO4A-uz6hb{fv@p{2K z4zoMmk*O+x%o%-5x+BwZwyAbW&(to*j^+UvADLJd9z$ooIdx-Sjj+qaMN5~vNV)|% zvT+1@T-6Zuh)8|spfE^nAeQcqnvjudF@5bUtyy%-szPBiuc+PS=Ku0j{x9G1f18c% z)N5B<_waBZ56_2(`|(71Cpy*1zx=cseYg*494-?7{{BAoe!uQry!O*9f9lT6fuUDN z^A7BwL_ZsZl%bNS9CSg&Xz~cMxdk(ORz)-)(p|h|bARKzr9lN1;8MhsFcUEWP8cm0 z?jD}rKPGks<=4WT>GAGuO;`-v_P~)h)B;P;ml1nDO1})X#B!IzPj>DM$7fipquS0j z^;Tr%LXDQ?`!ceXPHN66oK87yIH#-FrH_rk3^rt`&e=w1Zv$5btIr;c#)MV_yf-0Y zuno)UBe6l@V*w^r>n&7720Q%t=jn3}C0ib|WB ztsgt8^@7qY-pupuf4FxyMd1yORY&Ue!Vw}>T@g~(tyQO#Mb)>~s_HWqj#S6TEtOWq z)E#f`51+O~9j{v|&4nMpdzXjHj_Zz_g>r-1reif zc*Wd@T}+QD@2{THUB22s|KnZSw=M5RxB4+Xy}x^ImZEly0l)jOD~9RR6g9mvB2BXm zj`Y~Od+Xla9_~M!BZN-tz%e{6&U~9FzrPRL6LFWCACGfkZ!|WSz@-r+HM>$Y%*%AR zzrBBVm(Zmt9BHIIrk~y)9@EqQU)Zmhx)U%Db9HKp&b@lI2A-gnq5Ia%6HF)gD%&ZFv-E2E)mm_rsVSqY4!GGk0o_k}ius*5d;2@V zJ0a#=*Av&(itB2F>#A{GH?FI{+>C}m$kE9bzly4x&oIa9)g`;R5Y{{C|sX@|3l#e=#u5YGHy`WCubqxxOW@}|mfi({;TJY9j*`V>} zE>-U$m2hOS4La(94!f3N7AARDsm_#Hr>I$9 z5S;z)gSK^XtOK@L_u5DT!@Mqsr%HjanLu9QcF;D2XO)&^QW#1J@%vc~abwMott`TE>K9t-7cQ?Xy64;f zboW0D$=xuPpV~$?N{+_}R2^51JW=(I==2af{pJ4s+w|z3TMpbTgC|q7N~UI&%py&_sM+CB zsjh^(yaw0vA+gmtrfu4MEn7D0qoa^|l#!M$2R$zbnwI%8%is=K)y3FiTVzvMh%GEc zs9RnNLIAc)m4D|vQSJ`Ag)%wJ4{XYh4qK^-)!E#u0Ah_9bBZLV_#v=ans|&Xj~Ux8=V`_+Z|}I&gjdN~ z(gM3FNhc_h^ zG=Tlwod(<8Jv_WS4)TX($6dtAq{5bq_Er%`j8`*aj%cp19pamkr8+_L46J10)(%V^ z9usj*l=~oT)`S}C&$Fq8%6@RegtkFU+I(G>#nq=wkSDN~yZDsfM_V6|)VgI7Q93%B3ugl&^U$XZi zjba8M8!NK6sHGntyLx zbToC~PclFM8iw8n zS$qz|>gO<6KZn8P=P+15hvD^e7(RUtBf9o*T1+)*S)&J8-Ot|YU9qkSkGh@@`BDU) zJ%DL$xv5^cSp+@6`d9;oAYu_c)q?P{vpq&UjBis~YwBCQ6ai6V4becvDjbnL8EUB8 zZ5H#EopN~V(xh>E3OU6y>jE9L7g4kC0;Z4$>$!H=YE`Nf3tMZdU?Fc`MDeLqhvK@m zW~Dlm*Hd#9Otmj_uzi_>szw-3cZZN_C{&}Jq4O@?pDrYAznJY2YZTG~jDUgt)EpXc ze|vnNcB|i0&MCAk65IWCjTH|c4&?*2z5mDlpXu?Thp2d=zi~A!6%QYllr*>!h@>CV z>7Kyj1Kz{) zkLmH{NbbxO+cBM}&y(ELb!r1I<%t@LMlCcgu_P1b0~0CoXn_VeLA+}3C#zB)WP0cw zF2>vU&lg6U@4 zcq(6srpt&pnPOa%5#VS={G=5x+}{f5Woqam;ed)cL zKQ_2{{zbm}`}ID4^`zx?{}O&IS9&Hx_z^Q6ZFEUu?@ug(xt60}Y2|-=>97MFe+YwZ z-HQ$Th54{!u{p!-k&?-*xI?7#mf%wK3;cvjcJ!i^y(rOl))IX3j<%eRPuSCors~sK z{yDh!qOIG`T$V2usLZ6baJS3YU!%dzGURL)p}4LVQc#zf+0hGa29w zVpq<1b(HSvCmQFi#2{yLPK_35QIq6~IdmR{a7h?% zgd@tXr$~?$Xa!ioEH{>G%a!HQa$z~QoGeGn!E$EFSkji1C22|QQj8`-&?rNsS!t})Rw^r{mBLDHC0U6l7v>p_Lz4o5%3gEN$r%QO0wSo8 z_8P5*&%Z8YO(`c*0fGSr$vBpr2gQKr81h~VtI2BK|NnEZE~Dl#AyZ7nl%0w(K#)<8 zmM)Ppd#$ZjR?9C%0A`3W>Xf`fl)`I+nnQA=WAF;q-Y~1pm!*NbXrhS>Fu7oefgx~0 zdT%Il?c&}DYq&LJ4O#)co`kKY!nF|fEiMTA`0X@2#RqJ3@tF||9nA_^$A2# z;Km6l$Y_z3B&E@^lwa7;1~gfVLCDqOcD`tMo>ojm>ikjwt%qE|4kNp zyABqB74)oJU`}%$bJ8LSW{d`%a>S?snds3~@dlIylon7}KyCp`A6h`LPz-#r@SrUe z`wnual2jOxn zC1-?Tz_m=lbHkj2xCf3FIJ3ZE`1>OlNSK%j!J`hGk@i3mazYik=8(%-aBhLquUf<~ zr4yt`MrlY<>yQ$J@(;5h6EgZeaBYDr3tU>@;*%E==%k>`4HF?aBFRjal7rF_C`ud` z5}#!;RkTim#L#dVe2yL?6WS;b5txM5R+Uwl!gHS=UIRt9(C%Kfe;pivLNKx=D&JftuP~?cU&t?QDNXI zWu>V2ia5B}!&>@_tZyPYDKLi^g6EJq>Ef)oM1pA{*&ZZVkj#QGUzCujwQ>R=xN zm`2Vhi%eQ%!eR+yzBpMi8S*M}X=IE#q9aY9N{7~7k!T0@+mi-7881ju4oRSv!Z>f7 zX6U>_jCyf^zdd%Lt)4v0G0<@69QxMK6AGG%| zk|q!XiXiq_3K^x6fy^S9uYlx8CNo3`9(;x@vJ>Q#1S33Ug{FnuUl-Ys zb6^A}mGoi?-Wjbq%AimgCCv~|7gE1I(j{VyIwVX=hDjM*NG1qJY#_Z9y}nBF zBSr~^WhJ%ZGEme$6Zc9epr7|oGcdSfrCZPERy*HZIQSJ1blkG805!-V7u;ZnylwZ)D3pWGS>L zuS6U(p-=(CfH`XKhv2%9{B3SOQi;x;2nrG<7IL6e3gS!~ zO-QYR_U*EOyp|LqN6~JAk%R-29qWrU zLjpn4pMVv@GsaBJjO8F=&MI;AAi2pRBq`#Mj3|-GpMo8dVit-ElXBLSv*0;E$>n2t zuTF7DY{)+oOOyZzISDPe4vxi)MtV-%IVcqc9Finb{>j+lqF^Fr6CH7x1rJ_A4p})y w(qu_P!bPe-BWnzBjs)336uM+O1WOT|aNt;ZVBDA5|HwQ1AMsbv%glKI0Evx7{r~^~ diff --git a/creusot/tests/should_succeed/iterators/08_collect_extend.coma b/creusot/tests/should_succeed/iterators/08_collect_extend.coma index f871328fb..023e1bffa 100644 --- a/creusot/tests/should_succeed/iterators/08_collect_extend.coma +++ b/creusot/tests/should_succeed/iterators/08_collect_extend.coma @@ -9,28 +9,24 @@ module M_08_collect_extend__extend [#"08_collect_extend.rs" 26 0 26 66] let%span s08_collect_extend7 = "08_collect_extend.rs" 26 40 26 43 let%span s08_collect_extend8 = "08_collect_extend.rs" 26 58 26 62 let%span s08_collect_extend9 = "08_collect_extend.rs" 23 2 24 82 - let%span siter10 = "../../../../creusot-contracts/src/std/iter.rs" 101 0 213 1 + let%span siter10 = "../../../../creusot-contracts/src/std/iter.rs" 97 0 205 1 let%span smodel11 = "../../../../creusot-contracts/src/model.rs" 106 8 106 22 let%span ssnapshot12 = "../../../../creusot-contracts/src/snapshot.rs" 52 20 52 39 - let%span siter13 = "../../../../creusot-contracts/src/std/iter.rs" 107 26 110 17 + let%span siter13 = "../../../../creusot-contracts/src/std/iter.rs" 103 26 106 17 let%span svec14 = "../../../../creusot-contracts/src/std/vec.rs" 87 26 87 56 let%span svec15 = "../../../../creusot-contracts/src/std/vec.rs" 18 14 18 41 - let%span siter16 = "../../../../creusot-contracts/src/std/iter.rs" 86 20 86 24 - let%span siter17 = "../../../../creusot-contracts/src/std/iter.rs" 92 8 92 19 + let%span siter16 = "../../../../creusot-contracts/src/std/iter.rs" 82 20 82 24 + let%span siter17 = "../../../../creusot-contracts/src/std/iter.rs" 88 8 88 19 let%span smodel18 = "../../../../creusot-contracts/src/model.rs" 88 8 88 22 - let%span siter19 = "../../../../creusot-contracts/src/std/iter.rs" 38 15 38 24 - let%span siter20 = "../../../../creusot-contracts/src/std/iter.rs" 39 14 39 45 - let%span siter21 = "../../../../creusot-contracts/src/std/iter.rs" 43 15 43 21 - let%span siter22 = "../../../../creusot-contracts/src/std/iter.rs" 44 15 44 21 - let%span siter23 = "../../../../creusot-contracts/src/std/iter.rs" 45 15 45 21 - let%span siter24 = "../../../../creusot-contracts/src/std/iter.rs" 46 15 46 32 - let%span siter25 = "../../../../creusot-contracts/src/std/iter.rs" 47 15 47 32 - let%span siter26 = "../../../../creusot-contracts/src/std/iter.rs" 48 14 48 42 - let%span sresolve27 = "../../../../creusot-contracts/src/resolve.rs" 54 20 54 34 - let%span sinvariant28 = "../../../../creusot-contracts/src/invariant.rs" 34 20 34 44 - let%span sseq29 = "../../../../creusot-contracts/src/logic/seq.rs" 611 20 611 95 - let%span svec30 = "../../../../creusot-contracts/src/std/vec.rs" 65 20 65 41 - let%span sboxed31 = "../../../../creusot-contracts/src/std/boxed.rs" 28 8 28 18 + let%span siter19 = "../../../../creusot-contracts/src/std/iter.rs" 38 14 38 45 + let%span siter20 = "../../../../creusot-contracts/src/std/iter.rs" 42 15 42 32 + let%span siter21 = "../../../../creusot-contracts/src/std/iter.rs" 43 15 43 32 + let%span siter22 = "../../../../creusot-contracts/src/std/iter.rs" 44 14 44 42 + let%span sresolve23 = "../../../../creusot-contracts/src/resolve.rs" 54 20 54 34 + let%span sinvariant24 = "../../../../creusot-contracts/src/invariant.rs" 34 20 34 44 + let%span sseq25 = "../../../../creusot-contracts/src/logic/seq.rs" 611 20 611 95 + let%span svec26 = "../../../../creusot-contracts/src/std/vec.rs" 65 20 65 41 + let%span sboxed27 = "../../../../creusot-contracts/src/std/boxed.rs" 28 8 28 18 use prelude.prelude.Snapshot @@ -115,28 +111,28 @@ module M_08_collect_extend__extend [#"08_collect_extend.rs" 26 0 26 66] predicate inv'6 (_1 : t_T'0) predicate invariant'4 (self : t_T'0) = - [%#sboxed31] inv'6 self + [%#sboxed27] inv'6 self predicate inv'7 (_1 : t_T'0) axiom inv_axiom'5 [@rewrite] : forall x : t_T'0 [inv'7 x] . inv'7 x = invariant'4 x predicate invariant'1 (self : Seq.seq t_T'0) = - [%#sseq29] forall i : int . 0 <= i /\ i < Seq.length self -> inv'7 (Seq.get self i) + [%#sseq25] forall i : int . 0 <= i /\ i < Seq.length self -> inv'7 (Seq.get self i) predicate inv'2 (_1 : Seq.seq t_T'0) axiom inv_axiom'1 [@rewrite] : forall x : Seq.seq t_T'0 [inv'2 x] . inv'2 x = invariant'1 x predicate invariant'3 (self : t_Vec'0) = - [%#svec30] inv'2 (view'2 self) + [%#svec26] inv'2 (view'2 self) predicate inv'4 (_1 : t_Vec'0) axiom inv_axiom'3 [@rewrite] : forall x : t_Vec'0 [inv'4 x] . inv'4 x = invariant'3 x predicate invariant'0 (self : borrowed (t_Vec'0)) = - [%#sinvariant28] inv'4 self.current /\ inv'4 self.final + [%#sinvariant24] inv'4 self.current /\ inv'4 self.final predicate inv'0 (_1 : borrowed (t_Vec'0)) @@ -150,19 +146,15 @@ module M_08_collect_extend__extend [#"08_collect_extend.rs" 26 0 26 66] function produces_trans'0 (a : t_I'0) (ab : Seq.seq t_T'0) (b : t_I'0) (bc : Seq.seq t_T'0) (c : t_I'0) : () - axiom produces_trans'0_spec : forall a : t_I'0, ab : Seq.seq t_T'0, b : t_I'0, bc : Seq.seq t_T'0, c : t_I'0 . ([%#siter21] inv'1 a) - -> ([%#siter22] inv'1 b) - -> ([%#siter23] inv'1 c) - -> ([%#siter24] produces'0 a ab b) - -> ([%#siter25] produces'0 b bc c) -> ([%#siter26] produces'0 a (Seq.(++) ab bc) c) + axiom produces_trans'0_spec : forall a : t_I'0, ab : Seq.seq t_T'0, b : t_I'0, bc : Seq.seq t_T'0, c : t_I'0 . ([%#siter20] produces'0 a ab b) + -> ([%#siter21] produces'0 b bc c) -> ([%#siter22] produces'0 a (Seq.(++) ab bc) c) function produces_refl'0 (self : t_I'0) : () - axiom produces_refl'0_spec : forall self : t_I'0 . ([%#siter19] inv'1 self) - -> ([%#siter20] produces'0 self (Seq.empty : Seq.seq t_T'0) self) + axiom produces_refl'0_spec : forall self : t_I'0 . [%#siter19] produces'0 self (Seq.empty : Seq.seq t_T'0) self predicate invariant'2 (self : borrowed t_I'0) = - [%#sinvariant28] inv'1 self.current /\ inv'1 self.final + [%#sinvariant24] inv'1 self.current /\ inv'1 self.final predicate inv'3 (_1 : borrowed t_I'0) @@ -195,7 +187,7 @@ module M_08_collect_extend__extend [#"08_collect_extend.rs" 26 0 26 66] predicate resolve'3 (self : borrowed t_I'0) = - [%#sresolve27] self.final = self.current + [%#sresolve23] self.final = self.current predicate resolve'0 (_1 : borrowed t_I'0) = resolve'3 _1 @@ -214,7 +206,7 @@ module M_08_collect_extend__extend [#"08_collect_extend.rs" 26 0 26 66] predicate resolve'1 (_1 : t_I'0) predicate resolve'4 (self : borrowed (t_Vec'0)) = - [%#sresolve27] self.final = self.current + [%#sresolve23] self.final = self.current predicate resolve'2 (_1 : borrowed (t_Vec'0)) = resolve'4 _1 @@ -338,28 +330,24 @@ module M_08_collect_extend__collect [#"08_collect_extend.rs" 44 0 44 52] let%span s08_collect_extend6 = "08_collect_extend.rs" 49 4 49 7 let%span s08_collect_extend7 = "08_collect_extend.rs" 44 28 44 32 let%span s08_collect_extend8 = "08_collect_extend.rs" 44 40 44 52 - let%span s08_collect_extend9 = "08_collect_extend.rs" 41 2 42 69 + let%span s08_collect_extend9 = "08_collect_extend.rs" 41 2 42 88 let%span svec10 = "../../../../creusot-contracts/src/std/vec.rs" 74 26 74 44 - let%span siter11 = "../../../../creusot-contracts/src/std/iter.rs" 101 0 213 1 + let%span siter11 = "../../../../creusot-contracts/src/std/iter.rs" 97 0 205 1 let%span svec12 = "../../../../creusot-contracts/src/std/vec.rs" 18 14 18 41 - let%span siter13 = "../../../../creusot-contracts/src/std/iter.rs" 107 26 110 17 + let%span siter13 = "../../../../creusot-contracts/src/std/iter.rs" 103 26 106 17 let%span svec14 = "../../../../creusot-contracts/src/std/vec.rs" 87 26 87 56 - let%span siter15 = "../../../../creusot-contracts/src/std/iter.rs" 86 20 86 24 - let%span siter16 = "../../../../creusot-contracts/src/std/iter.rs" 92 8 92 19 - let%span siter17 = "../../../../creusot-contracts/src/std/iter.rs" 38 15 38 24 - let%span siter18 = "../../../../creusot-contracts/src/std/iter.rs" 39 14 39 45 - let%span siter19 = "../../../../creusot-contracts/src/std/iter.rs" 43 15 43 21 - let%span siter20 = "../../../../creusot-contracts/src/std/iter.rs" 44 15 44 21 - let%span siter21 = "../../../../creusot-contracts/src/std/iter.rs" 45 15 45 21 - let%span siter22 = "../../../../creusot-contracts/src/std/iter.rs" 46 15 46 32 - let%span siter23 = "../../../../creusot-contracts/src/std/iter.rs" 47 15 47 32 - let%span siter24 = "../../../../creusot-contracts/src/std/iter.rs" 48 14 48 42 - let%span sresolve25 = "../../../../creusot-contracts/src/resolve.rs" 54 20 54 34 - let%span smodel26 = "../../../../creusot-contracts/src/model.rs" 106 8 106 22 - let%span svec27 = "../../../../creusot-contracts/src/std/vec.rs" 65 20 65 41 - let%span sseq28 = "../../../../creusot-contracts/src/logic/seq.rs" 611 20 611 95 - let%span sinvariant29 = "../../../../creusot-contracts/src/invariant.rs" 34 20 34 44 - let%span sboxed30 = "../../../../creusot-contracts/src/std/boxed.rs" 28 8 28 18 + let%span siter15 = "../../../../creusot-contracts/src/std/iter.rs" 82 20 82 24 + let%span siter16 = "../../../../creusot-contracts/src/std/iter.rs" 88 8 88 19 + let%span siter17 = "../../../../creusot-contracts/src/std/iter.rs" 38 14 38 45 + let%span siter18 = "../../../../creusot-contracts/src/std/iter.rs" 42 15 42 32 + let%span siter19 = "../../../../creusot-contracts/src/std/iter.rs" 43 15 43 32 + let%span siter20 = "../../../../creusot-contracts/src/std/iter.rs" 44 14 44 42 + let%span sresolve21 = "../../../../creusot-contracts/src/resolve.rs" 54 20 54 34 + let%span smodel22 = "../../../../creusot-contracts/src/model.rs" 106 8 106 22 + let%span svec23 = "../../../../creusot-contracts/src/std/vec.rs" 65 20 65 41 + let%span sseq24 = "../../../../creusot-contracts/src/logic/seq.rs" 611 20 611 95 + let%span sinvariant25 = "../../../../creusot-contracts/src/invariant.rs" 34 20 34 44 + let%span sboxed26 = "../../../../creusot-contracts/src/std/boxed.rs" 28 8 28 18 use prelude.prelude.Opaque @@ -401,21 +389,21 @@ module M_08_collect_extend__collect [#"08_collect_extend.rs" 44 0 44 52] predicate inv'6 (_1 : t_Item'0) predicate invariant'4 (self : t_Item'0) = - [%#sboxed30] inv'6 self + [%#sboxed26] inv'6 self predicate inv'7 (_1 : t_Item'0) axiom inv_axiom'5 [@rewrite] : forall x : t_Item'0 [inv'7 x] . inv'7 x = invariant'4 x predicate invariant'1 (self : Seq.seq t_Item'0) = - [%#sseq28] forall i : int . 0 <= i /\ i < Seq.length self -> inv'7 (Seq.get self i) + [%#sseq24] forall i : int . 0 <= i /\ i < Seq.length self -> inv'7 (Seq.get self i) predicate inv'2 (_1 : Seq.seq t_Item'0) axiom inv_axiom'1 [@rewrite] : forall x : Seq.seq t_Item'0 [inv'2 x] . inv'2 x = invariant'1 x predicate invariant'0 (self : t_Vec'0) = - [%#svec27] inv'2 (view'0 self) + [%#svec23] inv'2 (view'0 self) predicate inv'0 (_1 : t_Vec'0) @@ -459,21 +447,17 @@ module M_08_collect_extend__collect [#"08_collect_extend.rs" 44 0 44 52] function produces_trans'0 (a : t_I'0) (ab : Seq.seq t_Item'0) (b : t_I'0) (bc : Seq.seq t_Item'0) (c : t_I'0) : () - axiom produces_trans'0_spec : forall a : t_I'0, ab : Seq.seq t_Item'0, b : t_I'0, bc : Seq.seq t_Item'0, c : t_I'0 . ([%#siter19] inv'1 a) - -> ([%#siter20] inv'1 b) - -> ([%#siter21] inv'1 c) - -> ([%#siter22] produces'0 a ab b) - -> ([%#siter23] produces'0 b bc c) -> ([%#siter24] produces'0 a (Seq.(++) ab bc) c) + axiom produces_trans'0_spec : forall a : t_I'0, ab : Seq.seq t_Item'0, b : t_I'0, bc : Seq.seq t_Item'0, c : t_I'0 . ([%#siter18] produces'0 a ab b) + -> ([%#siter19] produces'0 b bc c) -> ([%#siter20] produces'0 a (Seq.(++) ab bc) c) function produces_refl'0 (self : t_I'0) : () - axiom produces_refl'0_spec : forall self : t_I'0 . ([%#siter17] inv'1 self) - -> ([%#siter18] produces'0 self (Seq.empty : Seq.seq t_Item'0) self) + axiom produces_refl'0_spec : forall self : t_I'0 . [%#siter17] produces'0 self (Seq.empty : Seq.seq t_Item'0) self use prelude.prelude.Borrow predicate invariant'2 (self : borrowed t_I'0) = - [%#sinvariant29] inv'1 self.current /\ inv'1 self.final + [%#sinvariant25] inv'1 self.current /\ inv'1 self.final predicate inv'3 (_1 : borrowed t_I'0) @@ -506,7 +490,7 @@ module M_08_collect_extend__collect [#"08_collect_extend.rs" 44 0 44 52] predicate resolve'2 (self : borrowed t_I'0) = - [%#sresolve25] self.final = self.current + [%#sresolve21] self.final = self.current predicate resolve'0 (_1 : borrowed t_I'0) = resolve'2 _1 @@ -517,14 +501,14 @@ module M_08_collect_extend__collect [#"08_collect_extend.rs" 44 0 44 52] predicate invariant'3 (self : borrowed (t_Vec'0)) = - [%#sinvariant29] inv'0 self.current /\ inv'0 self.final + [%#sinvariant25] inv'0 self.current /\ inv'0 self.final predicate inv'5 (_1 : borrowed (t_Vec'0)) axiom inv_axiom'4 [@rewrite] : forall x : borrowed (t_Vec'0) [inv'5 x] . inv'5 x = invariant'3 x function view'1 (self : borrowed (t_Vec'0)) : Seq.seq t_Item'0 = - [%#smodel26] view'0 self.current + [%#smodel22] view'0 self.current use seq.Seq @@ -628,8 +612,8 @@ module M_08_collect_extend__collect [#"08_collect_extend.rs" 44 0 44 52] | & _27 : borrowed (t_Vec'0) = any_l () ] [ return' (result:t_Vec'0)-> {[@expl:collect result type invariant] [%#s08_collect_extend8] inv'0 result} - {[@expl:collect ensures] [%#s08_collect_extend9] exists done' : borrowed t_I'0, prod : Seq.seq t_Item'0 . completed'0 done' - /\ produces'0 iter prod done'.current /\ view'0 result = prod} + {[@expl:collect ensures] [%#s08_collect_extend9] exists done' : borrowed t_I'0, prod : Seq.seq t_Item'0 . resolve'1 done'.final + /\ completed'0 done' /\ produces'0 iter prod done'.current /\ view'0 result = prod} (! return' {result}) ] end @@ -637,7 +621,7 @@ module M_08_collect_extend__extend_index [#"08_collect_extend.rs" 55 0 55 51] let%span s08_collect_extend0 = "08_collect_extend.rs" 56 16 56 32 let%span s08_collect_extend1 = "08_collect_extend.rs" 57 16 57 32 let%span s08_collect_extend2 = "08_collect_extend.rs" 60 20 60 53 - let%span siter3 = "../../../../creusot-contracts/src/std/iter.rs" 101 0 213 1 + let%span siter3 = "../../../../creusot-contracts/src/std/iter.rs" 97 0 205 1 let%span s08_collect_extend4 = "08_collect_extend.rs" 26 40 26 43 let%span s08_collect_extend5 = "08_collect_extend.rs" 26 58 26 62 let%span s08_collect_extend6 = "08_collect_extend.rs" 23 2 24 82 @@ -834,17 +818,13 @@ module M_08_collect_extend__collect_example [#"08_collect_extend.rs" 65 0 65 56] let%span s08_collect_extend2 = "08_collect_extend.rs" 63 11 64 68 let%span s08_collect_extend3 = "08_collect_extend.rs" 44 28 44 32 let%span s08_collect_extend4 = "08_collect_extend.rs" 44 40 44 52 - let%span s08_collect_extend5 = "08_collect_extend.rs" 41 2 42 69 + let%span s08_collect_extend5 = "08_collect_extend.rs" 41 2 42 88 let%span svec6 = "../../../../creusot-contracts/src/std/vec.rs" 18 14 18 41 let%span sindex7 = "../../../../creusot-contracts/src/logic/ops/index.rs" 23 8 23 31 - let%span siter8 = "../../../../creusot-contracts/src/std/iter.rs" 38 15 38 24 - let%span siter9 = "../../../../creusot-contracts/src/std/iter.rs" 39 14 39 45 - let%span siter10 = "../../../../creusot-contracts/src/std/iter.rs" 43 15 43 21 - let%span siter11 = "../../../../creusot-contracts/src/std/iter.rs" 44 15 44 21 - let%span siter12 = "../../../../creusot-contracts/src/std/iter.rs" 45 15 45 21 - let%span siter13 = "../../../../creusot-contracts/src/std/iter.rs" 46 15 46 32 - let%span siter14 = "../../../../creusot-contracts/src/std/iter.rs" 47 15 47 32 - let%span siter15 = "../../../../creusot-contracts/src/std/iter.rs" 48 14 48 42 + let%span siter8 = "../../../../creusot-contracts/src/std/iter.rs" 38 14 38 45 + let%span siter9 = "../../../../creusot-contracts/src/std/iter.rs" 42 15 42 32 + let%span siter10 = "../../../../creusot-contracts/src/std/iter.rs" 43 15 43 32 + let%span siter11 = "../../../../creusot-contracts/src/std/iter.rs" 44 14 44 42 type t_I'0 @@ -879,6 +859,8 @@ module M_08_collect_extend__collect_example [#"08_collect_extend.rs" 65 0 65 56] use seq.Seq + predicate resolve'0 (_1 : t_I'0) + use seq.Seq use seq.Seq @@ -887,16 +869,12 @@ module M_08_collect_extend__collect_example [#"08_collect_extend.rs" 65 0 65 56] function produces_trans'0 (a : t_I'0) (ab : Seq.seq uint32) (b : t_I'0) (bc : Seq.seq uint32) (c : t_I'0) : () - axiom produces_trans'0_spec : forall a : t_I'0, ab : Seq.seq uint32, b : t_I'0, bc : Seq.seq uint32, c : t_I'0 . ([%#siter10] inv'0 a) - -> ([%#siter11] inv'0 b) - -> ([%#siter12] inv'0 c) - -> ([%#siter13] produces'0 a ab b) - -> ([%#siter14] produces'0 b bc c) -> ([%#siter15] produces'0 a (Seq.(++) ab bc) c) + axiom produces_trans'0_spec : forall a : t_I'0, ab : Seq.seq uint32, b : t_I'0, bc : Seq.seq uint32, c : t_I'0 . ([%#siter9] produces'0 a ab b) + -> ([%#siter10] produces'0 b bc c) -> ([%#siter11] produces'0 a (Seq.(++) ab bc) c) function produces_refl'0 (self : t_I'0) : () - axiom produces_refl'0_spec : forall self : t_I'0 . ([%#siter8] inv'0 self) - -> ([%#siter9] produces'0 self (Seq.empty : Seq.seq uint32) self) + axiom produces_refl'0_spec : forall self : t_I'0 . [%#siter8] produces'0 self (Seq.empty : Seq.seq uint32) self predicate completed'0 (self : borrowed t_I'0) @@ -915,8 +893,8 @@ module M_08_collect_extend__collect_example [#"08_collect_extend.rs" 65 0 65 56] let rec collect'0 (iter:t_I'0) (return' (ret:t_Vec'0))= {[@expl:collect 'iter' type invariant] [%#s08_collect_extend3] inv'0 iter} any [ return' (result:t_Vec'0)-> {[%#s08_collect_extend4] inv'1 result} - {[%#s08_collect_extend5] exists done' : borrowed t_I'0, prod : Seq.seq uint32 . completed'0 done' - /\ produces'0 iter prod done'.current /\ view'0 result = prod} + {[%#s08_collect_extend5] exists done' : borrowed t_I'0, prod : Seq.seq uint32 . resolve'0 done'.final + /\ completed'0 done' /\ produces'0 iter prod done'.current /\ view'0 result = prod} (! return' {result}) ] diff --git a/creusot/tests/should_succeed/iterators/08_collect_extend.rs b/creusot/tests/should_succeed/iterators/08_collect_extend.rs index 04a146197..54c8c17cb 100644 --- a/creusot/tests/should_succeed/iterators/08_collect_extend.rs +++ b/creusot/tests/should_succeed/iterators/08_collect_extend.rs @@ -39,7 +39,7 @@ pub fn extend>(vec: &mut Vec, iter: I) { // We prove the specific instance for vector #[ensures( exists> - done.completed() && iter.produces(prod, *done) && result@ == prod + resolve(&^done) && done.completed() && iter.produces(prod, *done) && result@ == prod )] pub fn collect(iter: I) -> Vec { let mut res = Vec::new(); diff --git a/creusot/tests/should_succeed/iterators/08_collect_extend/why3session.xml b/creusot/tests/should_succeed/iterators/08_collect_extend/why3session.xml index c71b6ba1f..ad28824f3 100644 --- a/creusot/tests/should_succeed/iterators/08_collect_extend/why3session.xml +++ b/creusot/tests/should_succeed/iterators/08_collect_extend/why3session.xml @@ -7,12 +7,12 @@ - + - + diff --git a/creusot/tests/should_succeed/iterators/08_collect_extend/why3shapes.gz b/creusot/tests/should_succeed/iterators/08_collect_extend/why3shapes.gz index 2b2d4a82c69d99793ca9fc13cbbe54ee1b565b39..a34ed2b63131e33b5d878f1972093b9ca77bb0d0 100644 GIT binary patch literal 1076 zcmV-41k3v$iwFP!00000|J{~LZ{s!)fbaShxw+k3IKzjeB0d;F1nSUS3JiKPXo=1W zb);0*Chfm3D2X&>J82duTA&w!8V<>Me&i2dZjN8gi#^`F+Wy#d?N2xA=F5+Xxm%lq zZJ&m(=C!eJDIvK zI18s>zA;tz{Bp2^t=)$CLuq<@><+Ki)nPh&F`DD$u!woEX)4T<+F8<(kP*VPkYAlE z?_*;YDv%MPd9uT{sV^qn+EZu5&Sp{4Ik+uO?Sj0Vn*@1r&8)vYv-Cm0!p8%$AY=<+ z=&|=3i6AedaDUhn1bK9pA7Ql7qP~+6G}{ro7o24ubC!8ZGEYh7C>e#>RUAnNy#?~r zg+w?EE+LrD49w3F$N~acKp?w@z&NKKoFahJjh4&@9x%xRCi(YZ(lO!F=p+0u_!a=h zmH>lgA-@kUc~!9tJ{2(;J_o9}F-6o3@55+wV$MuA%pd+wNMhHKB>sIQ{o@2G;)Vek z)$G{tA&c@e-7&wDR4`v%w!*06tZ*zFY`=Z!j>B{Zf(mx3F$6)Sx1+|qZ!&n&F;6g^Ve%xjuKk{0BAXEz!MRCdq^BG~whqb$p(A_qR+lOCB zfLwMKYt>w9?wYzta(a1Bu4fULrmgKC+e7!%RPJ6IU1p`ZbBSGUlW)x3x^mOS!kjE9 zoH77s8Gubx7W0b_9(?%nfMwU;!L%nkjNumqVzfxi77?JgMV#3(<*V>K$ciM{WhTR_ z-qpFXQtpA*-0)pxt29#zOmzcH=Q`7=R$6MIxke3|B~0!`l__B|t8&9_Ez^B%YaueO zY-RRt9b_6(4N8O5AT)3dI4%cBK!B{$-7Xi*9< literal 1108 zcmV-a1grZWiwFP!00000|J{~NZ{s!)hVS|nxw+k3IKvM~MSL)V2=t+QDKO~Gpd>0Q z)R9tKo3#JFpd`|i?PRlP(E_~~^l(TH=bd@PA3oh2znEuxym_&QW7~H>-Kd*SKPKjG zZT7Z%9KM*B*1oQgm>K$A+YRPr_w(l06)O_cb}#18nr>JLg5TZWRZ39!LF@p8lLHbK zeh@ow;**0QUid-mz(`CEj6~rFiFrQs_1DTCSB#{&y(L8%<=fbtURWe4O1I-4;HIWQ zu*hPuEihxBo`*jPnD>C??U7)0d;dpr4o>Fg_k zFm2b_gZtyA#y<>#~~f%?D!glsdX(U0&$ajmBy;`2m^ zYiriNP%$;fuCK0S$W&hs2ipw5Ph(SB`Nb6lmV&vIVM@aBny~i*Dx9D?%^r| zT-|8-@cw((nrl5EA!|CH){+V5y^;byR-d>3mUJ>E$PU zJ)6L^U2Xr^?fb{Ja)mLbg>B896Mwl)zA<;}%1sxGkh9=$QVGsff``+G+GoyTC4}*4 zhfxkO_SK!!Y&x9){kh`o+)2N}-#sgmq&6(Aq?Jn4JkL#|gu=AUWu9eaBlG44n9g;k zQ?0brLUWB8G)pkg8>VtA1jo{vvMhO1nu=vvCepml+&aiKq#Be4sX=Jq8gN_=kbnSL zrDd55X7XA!tZH&>YAywrQdX5)k5Z%1$Tgxy(8x68Nm-jFt17fAg;HgzmbSDOOP-0w a%Eq{boN3H8W*SqCD)|e9b*&~z4*&qH`7>q! diff --git a/creusot/tests/should_succeed/iterators/17_filter.coma b/creusot/tests/should_succeed/iterators/17_filter.coma index 98f954427..7aac854c1 100644 --- a/creusot/tests/should_succeed/iterators/17_filter.coma +++ b/creusot/tests/should_succeed/iterators/17_filter.coma @@ -718,12 +718,12 @@ end module M_17_filter__less_than [#"17_filter.rs" 119 0 119 49] let%span s17_filter0 = "17_filter.rs" 117 10 117 70 let%span s17_filter1 = "17_filter.rs" 118 10 118 79 - let%span siter2 = "../../../../creusot-contracts/src/std/iter.rs" 101 0 213 1 + let%span siter2 = "../../../../creusot-contracts/src/std/iter.rs" 97 0 205 1 let%span s17_filter3 = "17_filter.rs" 122 22 122 40 - let%span siter4 = "../../../../creusot-contracts/src/std/iter.rs" 144 27 144 47 - let%span siter5 = "../../../../creusot-contracts/src/std/iter.rs" 145 27 145 53 - let%span siter6 = "../../../../creusot-contracts/src/std/iter.rs" 146 27 146 45 - let%span siter7 = "../../../../creusot-contracts/src/std/iter.rs" 172 26 174 81 + let%span siter4 = "../../../../creusot-contracts/src/std/iter.rs" 140 27 140 47 + let%span siter5 = "../../../../creusot-contracts/src/std/iter.rs" 141 27 141 53 + let%span siter6 = "../../../../creusot-contracts/src/std/iter.rs" 142 27 142 45 + let%span siter7 = "../../../../creusot-contracts/src/std/iter.rs" 166 26 167 120 let%span svec8 = "../../../../creusot-contracts/src/std/vec.rs" 18 14 18 41 let%span sindex9 = "../../../../creusot-contracts/src/logic/ops/index.rs" 23 8 23 31 let%span sseq10 = "../../../../creusot-contracts/src/logic/seq.rs" 355 20 355 77 @@ -735,7 +735,7 @@ module M_17_filter__less_than [#"17_filter.rs" 119 0 119 49] let%span sfilter16 = "../../../../creusot-contracts/src/std/iter/filter.rs" 15 14 15 39 let%span sfilter17 = "../../../../creusot-contracts/src/std/iter/filter.rs" 22 14 22 39 let%span sfilter18 = "../../../../creusot-contracts/src/std/iter/filter.rs" 77 12 79 47 - let%span sfilter19 = "../../../../creusot-contracts/src/std/iter/filter.rs" 87 12 98 17 + let%span sfilter19 = "../../../../creusot-contracts/src/std/iter/filter.rs" 87 12 99 17 let%span svec20 = "../../../../creusot-contracts/src/std/vec.rs" 285 20 285 32 let%span sresolve21 = "../../../../creusot-contracts/src/resolve.rs" 54 20 54 34 let%span sops22 = "../../../../creusot-contracts/src/std/ops.rs" 109 15 109 59 @@ -745,24 +745,19 @@ module M_17_filter__less_than [#"17_filter.rs" 119 0 119 49] let%span sops26 = "../../../../creusot-contracts/src/std/ops.rs" 121 15 121 26 let%span sops27 = "../../../../creusot-contracts/src/std/ops.rs" 122 14 122 28 let%span sops28 = "../../../../creusot-contracts/src/std/ops.rs" 127 14 128 105 - let%span sfilter29 = "../../../../creusot-contracts/src/std/iter/filter.rs" 104 15 104 24 - let%span sfilter30 = "../../../../creusot-contracts/src/std/iter/filter.rs" 105 14 105 45 - let%span sfilter31 = "../../../../creusot-contracts/src/std/iter/filter.rs" 110 15 110 21 - let%span sfilter32 = "../../../../creusot-contracts/src/std/iter/filter.rs" 111 15 111 21 - let%span sfilter33 = "../../../../creusot-contracts/src/std/iter/filter.rs" 112 15 112 21 - let%span sfilter34 = "../../../../creusot-contracts/src/std/iter/filter.rs" 113 15 113 32 - let%span sfilter35 = "../../../../creusot-contracts/src/std/iter/filter.rs" 114 15 114 32 - let%span sfilter36 = "../../../../creusot-contracts/src/std/iter/filter.rs" 115 14 115 42 - let%span svec37 = "../../../../creusot-contracts/src/std/vec.rs" 264 12 264 41 - let%span svec38 = "../../../../creusot-contracts/src/std/vec.rs" 257 20 257 57 - let%span sinvariant39 = "../../../../creusot-contracts/src/invariant.rs" 34 20 34 44 - let%span svec40 = "../../../../creusot-contracts/src/std/vec.rs" 270 14 270 45 - let%span svec41 = "../../../../creusot-contracts/src/std/vec.rs" 268 4 268 10 - let%span svec42 = "../../../../creusot-contracts/src/std/vec.rs" 275 15 275 32 - let%span svec43 = "../../../../creusot-contracts/src/std/vec.rs" 276 15 276 32 - let%span svec44 = "../../../../creusot-contracts/src/std/vec.rs" 277 14 277 42 - let%span svec45 = "../../../../creusot-contracts/src/std/vec.rs" 273 4 273 10 - let%span smodel46 = "../../../../creusot-contracts/src/model.rs" 106 8 106 22 + let%span sfilter29 = "../../../../creusot-contracts/src/std/iter/filter.rs" 105 14 105 45 + let%span sfilter30 = "../../../../creusot-contracts/src/std/iter/filter.rs" 110 15 110 32 + let%span sfilter31 = "../../../../creusot-contracts/src/std/iter/filter.rs" 111 15 111 32 + let%span sfilter32 = "../../../../creusot-contracts/src/std/iter/filter.rs" 112 14 112 42 + let%span svec33 = "../../../../creusot-contracts/src/std/vec.rs" 264 12 264 41 + let%span svec34 = "../../../../creusot-contracts/src/std/vec.rs" 257 20 257 57 + let%span svec35 = "../../../../creusot-contracts/src/std/vec.rs" 270 14 270 45 + let%span svec36 = "../../../../creusot-contracts/src/std/vec.rs" 268 4 268 10 + let%span svec37 = "../../../../creusot-contracts/src/std/vec.rs" 275 15 275 32 + let%span svec38 = "../../../../creusot-contracts/src/std/vec.rs" 276 15 276 32 + let%span svec39 = "../../../../creusot-contracts/src/std/vec.rs" 277 14 277 42 + let%span svec40 = "../../../../creusot-contracts/src/std/vec.rs" 273 4 273 10 + let%span smodel41 = "../../../../creusot-contracts/src/model.rs" 106 8 106 22 use prelude.prelude.Opaque @@ -966,17 +961,6 @@ module M_17_filter__less_than [#"17_filter.rs" 119 0 119 49] (! return' {result}) ] - predicate invariant'1 (self : borrowed (t_Filter'0)) = - [%#sinvariant39] inv'3 self.current /\ inv'3 self.final - - predicate inv'4 (_1 : borrowed (t_Filter'0)) - - axiom inv_axiom'4 [@rewrite] : forall x : borrowed (t_Filter'0) [inv'4 x] . inv'4 x = invariant'1 x - - predicate inv'5 (_1 : Seq.seq uint32) - - axiom inv_axiom'5 [@rewrite] : forall x : Seq.seq uint32 [inv'5 x] . inv'5 x = true - predicate resolve'1 (_1 : t_Filter'0) = true @@ -987,27 +971,28 @@ module M_17_filter__less_than [#"17_filter.rs" 119 0 119 49] use seq.Seq predicate produces'1 (self : t_IntoIter'0) (visited : Seq.seq uint32) (rhs : t_IntoIter'0) = - [%#svec37] view'1 self = Seq.(++) visited (view'1 rhs) + [%#svec33] view'1 self = Seq.(++) visited (view'1 rhs) function produces_trans'1 (a : t_IntoIter'0) (ab : Seq.seq uint32) (b : t_IntoIter'0) (bc : Seq.seq uint32) (c : t_IntoIter'0) : () = - [%#svec45] () + [%#svec40] () - axiom produces_trans'1_spec : forall a : t_IntoIter'0, ab : Seq.seq uint32, b : t_IntoIter'0, bc : Seq.seq uint32, c : t_IntoIter'0 . ([%#svec42] produces'1 a ab b) - -> ([%#svec43] produces'1 b bc c) -> ([%#svec44] produces'1 a (Seq.(++) ab bc) c) + axiom produces_trans'1_spec : forall a : t_IntoIter'0, ab : Seq.seq uint32, b : t_IntoIter'0, bc : Seq.seq uint32, c : t_IntoIter'0 . ([%#svec37] produces'1 a ab b) + -> ([%#svec38] produces'1 b bc c) -> ([%#svec39] produces'1 a (Seq.(++) ab bc) c) function produces_refl'1 (self : t_IntoIter'0) : () = - [%#svec41] () + [%#svec36] () - axiom produces_refl'1_spec : forall self : t_IntoIter'0 . [%#svec40] produces'1 self (Seq.empty : Seq.seq uint32) self + axiom produces_refl'1_spec : forall self : t_IntoIter'0 . [%#svec35] produces'1 self (Seq.empty : Seq.seq uint32) self use map.Map use seq.Seq predicate produces'0 (self : t_Filter'0) (visited : Seq.seq uint32) (succ : t_Filter'0) = - [%#sfilter19] unnest'1 (func'0 self) (func'0 succ) + [%#sfilter19] invariant'0 self + -> unnest'1 (func'0 self) (func'0 succ) /\ (exists s : Seq.seq uint32, f : Map.map int int . produces'1 (iter'0 self) s (iter'0 succ) /\ (forall i : int, j : int . 0 <= i /\ i <= j /\ j < Seq.length visited -> 0 <= Map.get f i /\ Map.get f i <= Map.get f j /\ Map.get f j < Seq.length s) @@ -1019,25 +1004,21 @@ module M_17_filter__less_than [#"17_filter.rs" 119 0 119 49] function produces_trans'0 (a : t_Filter'0) (ab : Seq.seq uint32) (b : t_Filter'0) (bc : Seq.seq uint32) (c : t_Filter'0) : () - axiom produces_trans'0_spec : forall a : t_Filter'0, ab : Seq.seq uint32, b : t_Filter'0, bc : Seq.seq uint32, c : t_Filter'0 . ([%#sfilter31] inv'3 a) - -> ([%#sfilter32] inv'3 b) - -> ([%#sfilter33] inv'3 c) - -> ([%#sfilter34] produces'0 a ab b) - -> ([%#sfilter35] produces'0 b bc c) -> ([%#sfilter36] produces'0 a (Seq.(++) ab bc) c) + axiom produces_trans'0_spec : forall a : t_Filter'0, ab : Seq.seq uint32, b : t_Filter'0, bc : Seq.seq uint32, c : t_Filter'0 . ([%#sfilter30] produces'0 a ab b) + -> ([%#sfilter31] produces'0 b bc c) -> ([%#sfilter32] produces'0 a (Seq.(++) ab bc) c) function produces_refl'0 (self : t_Filter'0) : () - axiom produces_refl'0_spec : forall self : t_Filter'0 . ([%#sfilter29] inv'3 self) - -> ([%#sfilter30] produces'0 self (Seq.empty : Seq.seq uint32) self) + axiom produces_refl'0_spec : forall self : t_Filter'0 . [%#sfilter29] produces'0 self (Seq.empty : Seq.seq uint32) self predicate resolve'4 (self : borrowed (t_IntoIter'0)) = [%#sresolve21] self.final = self.current function view'2 (self : borrowed (t_IntoIter'0)) : Seq.seq uint32 = - [%#smodel46] view'1 self.current + [%#smodel41] view'1 self.current predicate completed'1 (self : borrowed (t_IntoIter'0)) = - [%#svec38] resolve'4 self /\ view'2 self = (Seq.empty : Seq.seq uint32) + [%#svec34] resolve'4 self /\ view'2 self = (Seq.empty : Seq.seq uint32) predicate completed'0 (self : borrowed (t_Filter'0)) = [%#sfilter18] (exists s : Seq.seq uint32, e : borrowed (t_IntoIter'0) . produces'1 (iter'0 self.current) s e.current @@ -1052,9 +1033,7 @@ module M_17_filter__less_than [#"17_filter.rs" 119 0 119 49] let rec collect'0 (self:t_Filter'0) (return' (ret:t_Vec'0))= {[@expl:collect 'self' type invariant] inv'3 self} any [ return' (result:t_Vec'0)-> {inv'0 result} - {[%#siter7] exists done' : borrowed (t_Filter'0), prod : Seq.seq uint32 . inv'4 done' - /\ inv'5 prod - /\ resolve'1 done'.final + {[%#siter7] exists done' : borrowed (t_Filter'0), prod : Seq.seq uint32 . resolve'1 done'.final /\ completed'0 done' /\ produces'0 self prod done'.current /\ from_iter_post'0 prod result} (! return' {result}) ] diff --git a/creusot/tests/should_succeed/iterators/17_filter/why3session.xml b/creusot/tests/should_succeed/iterators/17_filter/why3session.xml index 1aea4b2ef..3b2f98b07 100644 --- a/creusot/tests/should_succeed/iterators/17_filter/why3session.xml +++ b/creusot/tests/should_succeed/iterators/17_filter/why3session.xml @@ -177,7 +177,7 @@ - + @@ -217,7 +217,7 @@ - + @@ -257,36 +257,36 @@ - + - + - + - + - + - + - + - + - + - + diff --git a/creusot/tests/should_succeed/iterators/17_filter/why3shapes.gz b/creusot/tests/should_succeed/iterators/17_filter/why3shapes.gz index ea9cc5ef88287aaad483652810348bbd479ff147..f8d9217197b4a221814c088ddcfd1b23dbe5be4f 100644 GIT binary patch literal 5856 zcmV<679Z&!iwFP!00000|Lr{4ZX`!?@BE4e{4lnK1u`Nd@-Q^O62cHgz}Ab6g5L&t zO1;Y=XV{$4>hF!ry8CVpDGJ645T>d! z@Ben?K0iLhuOV&TK`Y!3KeW)wmTu>tap#L@p~ag8EW7mS^V9Dw-(0!Jw0XGumfnfh zUc1i^o2T$_AJ!qU~u;SZxKgyD06XGE}XECF*HF%;wBhR>unR5wu6%N-<7tr8uE7 zSGe6(elaa3!_PIhQ*h!W*nXtUcZ-RPcVIOsnNY(Hk6IB z6Jm{ioy^>($ADs?&ROgeHW&T7A!WrxF z`KGUQn-hh1wh6 z@S$4^jLLdJaWAO%92JfJt!Lt87QMdAD~5Hh4|&Fd@eM3_wXGC0Ws4)q7Dd^!2{$F3 zSufL?K?zfGbM^H2HLZf%q^qB|8M(;$-CyRwC&NHtY5}oibk5?f`*92TGWIS97xMcq zXDOQRidlddgNet)v;Vbc9(d%+j1$Su;#Oe zj!d$pnT+X(jH$?&mNKrH&SLSSj9bYgy;kz6H2i3)@hp$9Cp@BTTe6t!^&-q~+llya zyKV7vi?;hL8g?wY5`*OlbDI(j7Fj3D0~S>Wahf)1v>T~3`*e`ji#TC9@922Gkg!-^J&$K9~^UU@9B%}wTBU*iX=uk4rnI`Az zQIFrvG-EF3GP17{)FqhrB%BLiGn&TnSw-3m9H|}EXhm*dNyZX`Kn{LiyUMrd_4lRQlAz+ez)+y zr^vXSL7r1;9EE?n;JA(c70Qka;lDufF?_hbup+z_vi5eg{#nz1*_!@^I@<2LoT(#! zEV%h|g4<cIr@yyt^}3l@ zS}mcy+)p2Wez;HXME!`xhkyF`-w&Tk^SDLqplYjg ze7YK*`1&Uo9zK1(OHU~lgfwBBtu1_gd`$Nx1#z48{V#Xv>EXWQOnH6p?mD26Am6?S za=jn<&GoQ!x*eaEo$9@fd$H5F7rTvnvA1zAzprus)1a2#Am9>%u%kiPErY;OwLGe} zJna~S+!CSu(%U7oRS^ij8F49C3Wr%s}|I!$E)$t{AY{0o1{xT9G|Y9 zy00Z`y&0c6K+)e1c;Bhtt?%#Cqq|SPbyoR-g(VpMNx z9j=3;OPV{VVNqwDCRfWjGk;hxvc8Y$A0O`?ep#2H5!Jpz?*i_o6byIR!xv;>@A-9? zhsD`+TO!kjvk0xb+y7qaZ(})q4UeEWpU3GLl&Pe4vPu|1Z$FDqXsjCJOGZXIFJ-avZ4G`|;nr@T=t zRnOg;cJw^Ui#k`Xlhgg?>tot1WZa3z{iE(^<7-~0yZBLzBKxk$y19P{+wM0IsFuFj zq{k9rx+U%@^z3mGETH|fI$*qqgj=P072MrjiD}1tMGuV5X1m8)9`zPQg1F$1y8hcR;;hUIu9iR}_(k)Ogirx_~*u_V@e&O&@xgi zZ*nbCnlqT+zk$xO@w2y>qiWuPoKu)xv>A7)X?4r~UTyj8&r)_S)Eu8Xn@6+q!uGu7 zb(o_lr&SztocRrk-PLwgi=Bav-J>EdC6hB{G~?hHr{{|D{0lD&d+F{t9E}af5p^yt~T^ zGp{~qAM{~)>){Lwm&Yue&$95!W!DAelPvPA>4&AacY%#o2sHys)%pAN9@?cyJFDfHzMCe8 zuH+2f+@5pntQxcfnsVT*&Eyjmh`ms^?tM$$iT50(j0fl1z_#aE#2jevX}-E>cad;k zZ%^8z#e^Q3uuL552iwWnKA7ILsiv9*`mA+7Pte!9t%)LzVbblq65BN(OA*)f`stT- zNdT-Dq)g4+;I{AV5mYBWtN7NzU-zBD;px2UVTCOz<89w?tvTcIdS#W-%bL^e!dFf4 z)gn*Hv#%wX&Ku)%uk32a2VAnRw8Pj;7MC=Wacm~z&`h4mrh^`TJ)OdOQ6wobnlX!rE+aee>f zzJ2_!>;HWx77cl|&uMGRzf~YH*;qP9yNpIWqg{; z7!KTesDB%v+y{dLHy>b_G7})w-`h`rr2qy)Ta3d3Kz2VloIaFG2mAkOK^fwDtxDgN z3lQ5Lfm<6^|_}!(Ua9W_dwH+Jc_S2GWvTTxY4(f$fhqB9<7uz(UlcC%PHB2;Z*O_r;i= z(&OQVOFyB6gDsF{e*|W|ybM4!kAS$@I-BmWrI%Dqkre!&*m~pA%^1iKN z#t*}GPD45+TPi8y5DLjG&9@~r*>539`gVltQ^7r+Q^8L7Vx4o)zq`@hurYpzo|R=l zs-;bRJI<)9T*SF*{JjwP=IY8xA+pHH3B}UnWK7OLEQ}B;6UmisRKpE5vcU!#ag`Ni z>DW3pnbDiX-slvZ*C3OPVWk_h03gZ=JOf9~iM1z-!e(K?dyCSVm2T`3z(pxZn2atU z=AbbIVL2LYy<{!`tQQbql<}4lJBbnnd6Qz&B7h9hbv*HM6_JvP6pXV%i|CUUoV1HU zIg>bJTImM30ct=tfDJ$cVu64aWZ(!4N>h+b8nUvEFovLlDhT)}0w2M9Z$L#Ua%5pp zF{)%TDIq2E3QPmKVo(*s65M1LSSKZ|Mnr2t#Yic#R-Oz+D)gy9bES{iAT%f%usbVZ zDI*GLPzV5{z0fF_ghV1OKvza8suOrjN-2h@0_9>y>_T$ZYR4Ivyeb@FL4&G6Zjc&0 z#aa-MiZ;=DA#BXRHbg}tS(j}z#W)!*Lur{UvJO$?2%3V?CaG$Q9$n5@P>Rb?N-Ytc z&Pi!6SQ3$Aa+VTCMrqwjH>fW|8A+fE(V%l$cx$Y;%A4$?Oa?I&E+sTlG-w+%m*G}X z1tDW32uZ1uz>}29NTH%Nlu_<~zL6L(HtNd=Z9 z#%N-47L>P28E-_;iVJRTBwdVHYGw!qfUNh%mH-er1`M8cmR1zRwvndrEp;Q+#S|zJ z*es1?lgVgA!%RAvtidE{iaH4@k;`#waH(ufsdK~CbC_(SwM zMzk)P1QauP5?Ti5WN;b*R-`I^`Aqy2vT)L&HX_w+g`9ClMQa5TYp(dYA^m(3k&QDH zT#QaS5eUfmn1u2fwakGA67+l$+9VDZboQKVB#|>pF94I$6gkm~Y(wU|R^g?CAgxsF zO%%~YA4IS*d+7puRU*EEMu~=P!^ZHMWbw^ zOrvz8R6(Vxbu$(fXGnCO_(1HT0AS?t`euyEz<1oZ&(@}wm)B1(-~M3*D_5L4MhoKF;@)hj4xuyXJyhp1O#0)tN~I-Sw6 zj$Z1LYa7eP`;wx$6_it0IfK12BP=LcZB$myB_L2l?8>&SP)e|31tljahp|6^nHVsG zc8Z-xLChSrmL@7=xO~-JFseBVHh|DT$yr{JA!(G6nS(8^DXmc&d^rh5ErapwOVVM= zL7Dzgwp3u3aukk|jM@hkmD0j$3K5NrP*N8_ehbz($`p)82->Q^Q6(iwxfF%x%+Z$& z2vEHhd*lUXf+(^@GTK{%Q44Qk4mlBU$)up<$f#?o{C1pjsn2-MT96Yg5T%mfb%++c zWFJaSR_UUBOE#k`NtUAQqO&f!0Xq+=qCnJQ^>`DsbA~D5;*7VHbn=n_3EK-^5tg;~l%}ODp z7@f)}lyx0*vM@w%!XQ~otjSv8JR)1pL17?6Ua_)rkRH4lg93ublma?H2!g<5DMFA^ z1>qI>S~U=F#-4YUjg*No8;MRCn|;=hfudtwYmGqm&Di6tgd!I_hZF=zX{;4G85C0G zENWgY)tj*=6|)2{jZh>LM$ZC?yb)HhOi@+#OaoF6wc590)MRaA1ag9G_A#I!!AXFO zgeGBS)cy$=wT4)*E}9N1pbi|JPAXgB$TP%hkK#|jC|I9`5=Jqj3#2Vs!9J2z%4Sv_ zqoq>=Z^UONJw`vC)ZgcrT|FVS;zk zNvSiJP*52zHDC4CoLUDVN(wHJih(&volzkZYk@)5<|pYt1E<1+l2$QjV>lV-RT8Bv zoXe@0V>Q*%=6u;yP^8GN6!K+o#ySudeT-TrNm%WU%l}hDxexfIZlXi27n)>AvnPQ< zM9f;ITm!!122|C#I!aQJE$vF1lGnmwmN8qF=sdBOlI;q#Z9tnB zC8~qQsL01eM)`UHAscTTOV3$=Sb>2C$^r0&3CCDE(;AgU5hP*|(la?F6L^K%tiVtM z1{)}6y7KP}5*M}>lp%?7&49>ht1#QFjF3`8UO_pEl~dX)F(6B!UvSKrF_{3;3#S$2 z6fG#>;|h#v!01nY}?NMUe_OU}XcAx_@6oH7-Jol&!W! z6$+FNQVCX^Op2&hSdQh^HehRi3#@Lys@LTSimw{*PN>o`7Y<1}D@;-Z$%hpR*=}7(2i~S$RZ6#+8u~+5FdkUu}MKpVDUaH9cvpA6kx&&TS3n02C9gmPr&P5E!j8~60#W_|aR9zT4@U+%*j;rxDAxOMCM zukLZ}?#mK?wZzILNWZ41LJcks{?Fr=^x3^DlVI4hxOP9a2<|T3|N8Ws^Wob4^ez5b zHcyXV!qe*0WBRz>Or89aDZ9;rC0}*>ce#a8r8mRoORpJ+w;QkhW!u{|y>qGFz27#J zgR)~{^?n`C+@^V zWGhTmV*^{pLa$Waj45m3OqCjWTXdd#PQVC*D-7P(c|MoBZh+aMI$^vOqi#`MPo3%n zsqXlz=By|q>Li2TzAgJYpuB}`>+-K#yT28#|7}3=_N{Z?`C-zp=_$E)?yvP&uxt0$ z{ncgnmzgKuQdb6{jLlvBO^@rPfNcR)7rzBGJpy(CN!U3fZn~Yn5K&VG7QPqI>wTv7 z$~Sa$dx23{FUam0_MW05(ZBUXyv(N8ms!QI&-Ee8m=V5#Ijy#pVj^sDMA)JTdotms zgfr`TSThJ=8{AwyJ$^~6;5O;%mt8_GGJf}$>Ee@apb#}%F(-6N;;s8>2l(9g&If1w z`zB*4lJEFu5An~wzsl}z(=+h0v*;AV_Ku}jWY{^^CwG-Te{px~r$1J|{qgDH>9@35 zZ=Pifh3w<{@iNkD(VPzxysWJ?ns(-9t1;W5p5TqB*?=0_g4l1F^4#`3-Xy6AT(zC(8pGRR?i9Z7b1kq~egv62WnPr~l8D$oq># z(lPp^G;Ax&nR|VlM^zf5v^sw@-pvoVmg0{F6z6({I+^BZ#(ue-F=c-lxt%$pIs4@} zzm=!&rMQ^=xsda6o{?DQJk{h1U(c=y+Y5wxKfBMgD7W{S>*-BM4@gI_`u5PJWXosT z8dnc`>^IvPQ$ClGrA$y4h)&O%6C9Rj-TW_McsXG46vK<2%U0s`K~t?7@_weOooS3p zx~J+i5HO;k!@5|Y&?tg3Sf7jKo~y8(J1Z<(JHQ!! zKjT~{sgY-0^tffb>hW(esKcBoK-4z#Rc4zxn(cs|%$a7s>e%fp2AMNoj|*C_qMH8 zH(^T)=5w7aO9p#vO_T4?B6M?VhInjU{ru#9{_xAgeR?BmCl(w2`NMxdd@RM|7O`7Z zOPyouYH0EG&n`TC{B)O|QY-*z3vIHu@a6F_-Iox=ZPxd{-leC9`w}zd^}W067L5q` z_C8nxc_+&ORo@ci9*;>A?%Jq;3!%i zMO#{X3L$q`C_ndliSlM_O(B=qxtmj>RUa@LIecQYmo8~`T)ZHXq{NdQT zdg^*h)Os_vx`m>DAMmadzgyqmr$=|6e(#Ia(?34kJ^Z>ZLnElAMDJ|fO-UH;k%uox!s7jP zpN84pbeALB183%1_mBTY?(af7ylzoe@>r4i0LG&m-orp==qgNgdpS)y#j%jWJ)oMG zOB!}W-Ag2%lr$U`^#J2VBs~B-E@*gZx%MJj2!s}A<@J5nWal3qA0K{C@y*A-pIBTq zVjZvU(?6b8Z%Wsj)zcrJ(!`B*4!ImXU+$i+rpG5-j%e|;J+X3o0?Q7}cybIxxp#eQ z1m7QVU}uXzPhP}HxwN1+mZkmH^Rm))LRlxq=hhJh=?$otx%sWoJK>FN zsdDc2v?u3DT-2Fzot*ABUmnwD#^a7X?jQ9;8$a_p-Ng@LWZ5@)*3JDx*fqZaLDlrl zCOsAp(`|7f(X(JASeEu}bwGI!F}HH{D!9A5;?s`ViXI4^%yy5zZuVz?dQ79IJnbd- zpgyM0U)EJNHDKu(e{OAa5qP)L5zrv>-qUu7FF#LSlJM+bMbQ%E|`lV2Y)tv)|^u5IZ_m11ubJB5;iJJ?oCCa)k4LES!{II+^@HBeUp<_m;qsV<^H~~RsqCtte3C?-6#cN&_Ab!TxoF&by=)@9G1lyg^)vj?^vPt4FC0F72g9gK3MuaA>+j=@IOWQ|5233 z3YX_zb8e4Zq9(=Exfj_B(kCa*FTYHZI%Nmlb?|1|w>wD}uR8s{Ucg8ojS zs7g-Oo7;1)omGN%08=iUwU~S&1F^X3*1c<~yYZeQl=0$R3)uENjhHT4yv? z)%K)4noQ_d6PAf%{$MvaTUyhrHq}tGtUhbs&tvrUerckxW0-V1&BS&E$dbf0y?pv@ zUE%=i11VD@H@NL9dj!>p&q}^^>#zGt;m|rSdsx?&kny%JxYn5Qc)qgo=w;REc4n)l z*lOXY-vA+h*?2iEg5Ys`M0X&Lk0OV%+ue&>()+wH*aQN3qQISvkquME?Eb3Kgh4Y zx~FMoaL_s6-U6Y#=;^l!EvTV692CRR(*l2X?^@8+W!|1zv&A!6bu%?~;88MIKE~FR z$8g})L;c$Tu9%5x8R!IKH>R@x2Y2p}5!Cesz$&ODu%-HI3>&>U-*;=5;fFrz6J)7IJ)GA?3jD z664*Bt=S)qkX#|pJYl;OcW zk)9ud<$HVRb&jv}b+$rgcuq(9{VX@#oflh@M(?;2!1WVK+O{9Rzq(7C&4;Jo-2G5_ zt@1hnp(VQoQNupFOv@1J*_%@Dtx-hbML+55A^Mi6f&~aI={bm&q2>Axm~rPc<>B2Y zcMpLVH(1xp@o=H~V*{24LCKrjeFb2yGp29qO6Mqcrn%V5_paDWUnh3vLF`QLhroj2 zW(ZbU+>W~5@{Xxgr5W_RkU{o#T-OJs3l>(Fov_(X9}oF~QCsmqKlG%`9al}7+S_qP z-Q~<5js{U$H&<6q3Xw%lPAHZpCu4F3Vqt_(nMkg5qZ)3gkqtJ`h^wq9OUKr+$&B74 z_C}}Ryat(U3@hE3*#e@hz%y{voLGCZC~OuMytgQ=S?R{k7q}=T36s$U#2hq+AS_3t zt(VMY0qfZcFv@sKiJe4=g1kvFX%Rq%=sKEszKcjnMGD4Qp+)pb3r^a_pqxpZF|Bk1 z+yFHo8^8vj0Wkx>3Nmm62Bj%TCJk9xM;Jp;K@|Xe6o8N5y*Hqu6gjdms2Ei;nUs){ zc?G5cT_LCnVZPjC7g#4Htwuy^LB&WZvR0l9MJo8ItmcXzu|a51G+_63!cs;Q(x4Ck zMth-AFbRo7T7a&ER8S}2n3PfsQ3c9HkJyFetksS)FnLud!U6_WgWMoBc#5xsh}+V5ylQ7yz=~8(SPe&Fn0NX~ILbue7R2O5QL}0Ttl1(O~ z5e+lxWU>a6q$%Pgs7Nk{t(6N&r2+;NXz!y?-T+!sLP#T4gatT>XTlHB>lo3xXcAD& z;7Mp1oRh(61Xz)(@Z~e%Q^>+ehuVl#j}>yp85OM+NUXWS=Z5t2QA9S*P;fCi=|mtP z<6{!aXVfwW8c@*lQD~DmSkT#XvXMm2D7^qoN>k)SE3yrlZ`y^I4uZ5&u{Tjf6MYcD z#_XjF>{apj3K}IEwhhmZU@p@!ShVI=!gllLh?*2O^ud~#&ZF(v^h(InqxvmfZ!AbFQp*% zxmY$=XqUhgmPBG*A{p(`8%tzObd1i5?3G(--Dq_&SZ_%X=?IuC1R)tklpz_T7;PlC zGNRG8(WZ#^8St}L0&H+D6Q<-G831QU5|Ykj)5^%kU}NApz%@i^L=q&3Q?kZUHYq5r z9s8uET^Vi+Js*BBF$EX1M{TS(OiT__cE*qd4&@-U*jQ++XpC))X^d`+x&VWbNehTZ zN0%5Jvt$*3jZDH+S8chm)L8kgh`@5ngw9Y#gFy=lsDiK%I2kSF3WR8^ZLDdmZmfC% zl$J%#iIoo-EHWFBiUtJ3Dwngmq6ASQL3m-*DY1s&VlqP7XjG0QQWR`-EH5103IsPG zr~x5gi3F0UgHl#TBbB8DXuKnnL@-jjpjRMt146wr87Y95p*S7Oq?K19h-9IJchLzQ zS5P8(D1s;s`sEM{B+cL?Dv~A{R6aNsXxYS=lFqM&7-e=z=HyD;DpD50g7HXMxKOUc zmss0a zHr|&I&8?u^!pa@&l?h=%$!epraxMXZB4SsLZG}>T6)Pw)LAi{52V!Et4B9Dn9tAOT z)LNRTjN#I&J7-j57Hj~affBR4B0iV=ag-?-j}Wv~ful-Fmh5^Io-;>ZA|OEZqsSvK zFcU3kS5S7`fQNP`RAn|E14KW0tpCR03>At62B{9-Z^W%w$@os*%}kPjjWW?F`1%! zH7qJQz8^pw8;8a@6Lm5|NX@Q;;xLT?o zMxIp661+4*kxUpp3ncPJSj93$Rmn3ANIm3ge-xo6Ya1hw6J)cG0R;(80%RmK2`i!Y zPe7111@b>`v< zD#0b^t9~@4)Ndv4unM?qn1e$R=wl$|F)pqJN%M2(V^xGO|qoflRzONW-U{$ z4qtHts#J7k0}2~Z(0~#Rux)_NRTfM{8PSErfYu5{$U%EWj*TlSge3*0Z3DWLhjjzG zd~*Yu8ql%S5U54249T;@DZ{{7qg7z!jz%_BvC4vM9P;MxN5*q z1LYD`{(S`^$S^xANr$X_Fp^W2F=s>>LjWySU`zu>zd9i@3Q81Iic&iuVXe2w88V;~ zS>Xz-Xu#O-LX0!Xumu-M1#N+o(A*QEBZHu9bO52fLvKYi zKIfG63M@5X<@Y5jfr;8MqtwJ+dmUXi!8t1FOe!MN4Oni#s_x%cB*w^KDLMlJS-5hu zVFdzAvN5BQa)kmL6s687>gi%_1J-;O+CuWqM2aX?d8ne3LhnjlR3lk{v_ioR3L0p` pQfl~)^nnw)yuM;!p*3meqXw-ElvtwFLVqxQ{|9u(lqC3W000TZMt1-J diff --git a/creusot/tests/should_succeed/knapsack_full.coma b/creusot/tests/should_succeed/knapsack_full.coma index 36dcc1c37..8030b62c4 100644 --- a/creusot/tests/should_succeed/knapsack_full.coma +++ b/creusot/tests/should_succeed/knapsack_full.coma @@ -345,7 +345,7 @@ module M_knapsack_full__knapsack01_dyn [#"knapsack_full.rs" 86 0 86 91] let%span svec40 = "../../../creusot-contracts/src/std/vec.rs" 180 22 180 41 let%span svec41 = "../../../creusot-contracts/src/std/vec.rs" 181 22 181 76 let%span svec42 = "../../../creusot-contracts/src/std/vec.rs" 83 26 83 48 - let%span siter43 = "../../../creusot-contracts/src/std/iter.rs" 101 0 213 1 + let%span siter43 = "../../../creusot-contracts/src/std/iter.rs" 97 0 205 1 let%span smodel44 = "../../../creusot-contracts/src/model.rs" 88 8 88 22 let%span sindex45 = "../../../creusot-contracts/src/logic/ops/index.rs" 23 8 23 31 let%span svec46 = "../../../creusot-contracts/src/std/vec.rs" 18 14 18 41 @@ -355,14 +355,14 @@ module M_knapsack_full__knapsack01_dyn [#"knapsack_full.rs" 86 0 86 91] let%span sknapsack_full50 = "knapsack_full.rs" 64 10 65 30 let%span sknapsack_full51 = "knapsack_full.rs" 60 10 60 11 let%span sknapsack_full52 = "knapsack_full.rs" 68 4 75 5 - let%span srange53 = "../../../creusot-contracts/src/std/iter/range.rs" 23 12 27 70 - let%span siter54 = "../../../creusot-contracts/src/std/iter.rs" 107 26 110 17 + let%span srange53 = "../../../creusot-contracts/src/std/iter/range.rs" 22 12 26 70 + let%span siter54 = "../../../creusot-contracts/src/std/iter.rs" 103 26 106 17 let%span svec55 = "../../../creusot-contracts/src/std/vec.rs" 162 27 162 46 let%span svec56 = "../../../creusot-contracts/src/std/vec.rs" 163 26 163 54 let%span sops57 = "../../../creusot-contracts/src/std/ops.rs" 219 26 219 53 let%span sops58 = "../../../creusot-contracts/src/std/ops.rs" 220 26 220 49 let%span sops59 = "../../../creusot-contracts/src/std/ops.rs" 221 26 221 91 - let%span srange60 = "../../../creusot-contracts/src/std/iter/range.rs" 71 12 75 76 + let%span srange60 = "../../../creusot-contracts/src/std/iter/range.rs" 66 12 70 76 let%span sknapsack_full61 = "knapsack_full.rs" 15 10 15 31 let%span svec62 = "../../../creusot-contracts/src/std/vec.rs" 152 27 152 46 let%span svec63 = "../../../creusot-contracts/src/std/vec.rs" 153 26 153 54 @@ -382,38 +382,34 @@ module M_knapsack_full__knapsack01_dyn [#"knapsack_full.rs" 86 0 86 91] let%span sknapsack_full77 = "knapsack_full.rs" 36 10 36 19 let%span sknapsack_full78 = "knapsack_full.rs" 39 4 42 5 let%span svec79 = "../../../creusot-contracts/src/std/vec.rs" 87 26 87 56 - let%span siter80 = "../../../creusot-contracts/src/std/iter.rs" 86 20 86 24 - let%span siter81 = "../../../creusot-contracts/src/std/iter.rs" 92 8 92 19 - let%span srange82 = "../../../creusot-contracts/src/std/iter/range.rs" 33 15 33 24 - let%span srange83 = "../../../creusot-contracts/src/std/iter/range.rs" 34 14 34 45 - let%span srange84 = "../../../creusot-contracts/src/std/iter/range.rs" 39 15 39 21 - let%span srange85 = "../../../creusot-contracts/src/std/iter/range.rs" 40 15 40 21 - let%span srange86 = "../../../creusot-contracts/src/std/iter/range.rs" 41 15 41 21 - let%span srange87 = "../../../creusot-contracts/src/std/iter/range.rs" 42 15 42 32 - let%span srange88 = "../../../creusot-contracts/src/std/iter/range.rs" 43 15 43 32 - let%span srange89 = "../../../creusot-contracts/src/std/iter/range.rs" 44 14 44 42 - let%span snum90 = "../../../creusot-contracts/src/std/num.rs" 21 28 21 33 - let%span srange91 = "../../../creusot-contracts/src/std/iter/range.rs" 15 12 15 78 - let%span sresolve92 = "../../../creusot-contracts/src/resolve.rs" 54 20 54 34 - let%span sslice93 = "../../../creusot-contracts/src/std/slice.rs" 122 20 122 37 - let%span sslice94 = "../../../creusot-contracts/src/std/slice.rs" 129 20 129 37 - let%span sops95 = "../../../creusot-contracts/src/std/ops.rs" 205 14 205 86 - let%span srange96 = "../../../creusot-contracts/src/std/iter/range.rs" 81 14 81 45 + let%span siter80 = "../../../creusot-contracts/src/std/iter.rs" 82 20 82 24 + let%span siter81 = "../../../creusot-contracts/src/std/iter.rs" 88 8 88 19 + let%span srange82 = "../../../creusot-contracts/src/std/iter/range.rs" 32 14 32 45 + let%span srange83 = "../../../creusot-contracts/src/std/iter/range.rs" 37 15 37 32 + let%span srange84 = "../../../creusot-contracts/src/std/iter/range.rs" 38 15 38 32 + let%span srange85 = "../../../creusot-contracts/src/std/iter/range.rs" 39 14 39 42 + let%span snum86 = "../../../creusot-contracts/src/std/num.rs" 21 28 21 33 + let%span srange87 = "../../../creusot-contracts/src/std/iter/range.rs" 14 12 14 78 + let%span sresolve88 = "../../../creusot-contracts/src/resolve.rs" 54 20 54 34 + let%span sslice89 = "../../../creusot-contracts/src/std/slice.rs" 122 20 122 37 + let%span sslice90 = "../../../creusot-contracts/src/std/slice.rs" 129 20 129 37 + let%span sops91 = "../../../creusot-contracts/src/std/ops.rs" 205 14 205 86 + let%span srange92 = "../../../creusot-contracts/src/std/iter/range.rs" 76 14 76 45 + let%span srange93 = "../../../creusot-contracts/src/std/iter/range.rs" 74 4 74 10 + let%span srange94 = "../../../creusot-contracts/src/std/iter/range.rs" 81 15 81 32 + let%span srange95 = "../../../creusot-contracts/src/std/iter/range.rs" 82 15 82 32 + let%span srange96 = "../../../creusot-contracts/src/std/iter/range.rs" 83 14 83 42 let%span srange97 = "../../../creusot-contracts/src/std/iter/range.rs" 79 4 79 10 - let%span srange98 = "../../../creusot-contracts/src/std/iter/range.rs" 86 15 86 32 - let%span srange99 = "../../../creusot-contracts/src/std/iter/range.rs" 87 15 87 32 - let%span srange100 = "../../../creusot-contracts/src/std/iter/range.rs" 88 14 88 42 - let%span srange101 = "../../../creusot-contracts/src/std/iter/range.rs" 84 4 84 10 - let%span srange102 = "../../../creusot-contracts/src/std/iter/range.rs" 50 10 50 43 - let%span srange103 = "../../../creusot-contracts/src/std/iter/range.rs" 52 4 55 5 - let%span srange104 = "../../../creusot-contracts/src/std/iter/range.rs" 63 12 63 57 - let%span smodel105 = "../../../creusot-contracts/src/model.rs" 106 8 106 22 - let%span sslice106 = "../../../creusot-contracts/src/std/slice.rs" 136 20 136 94 - let%span svec107 = "../../../creusot-contracts/src/std/vec.rs" 65 20 65 41 - let%span sinvariant108 = "../../../creusot-contracts/src/invariant.rs" 24 8 24 18 - let%span sinvariant109 = "../../../creusot-contracts/src/invariant.rs" 34 20 34 44 - let%span sseq110 = "../../../creusot-contracts/src/logic/seq.rs" 611 20 611 95 - let%span sboxed111 = "../../../creusot-contracts/src/std/boxed.rs" 28 8 28 18 + let%span srange98 = "../../../creusot-contracts/src/std/iter/range.rs" 45 10 45 43 + let%span srange99 = "../../../creusot-contracts/src/std/iter/range.rs" 47 4 50 5 + let%span srange100 = "../../../creusot-contracts/src/std/iter/range.rs" 58 12 58 57 + let%span smodel101 = "../../../creusot-contracts/src/model.rs" 106 8 106 22 + let%span sslice102 = "../../../creusot-contracts/src/std/slice.rs" 136 20 136 94 + let%span svec103 = "../../../creusot-contracts/src/std/vec.rs" 65 20 65 41 + let%span sinvariant104 = "../../../creusot-contracts/src/invariant.rs" 24 8 24 18 + let%span sinvariant105 = "../../../creusot-contracts/src/invariant.rs" 34 20 34 44 + let%span sseq106 = "../../../creusot-contracts/src/logic/seq.rs" 611 20 611 95 + let%span sboxed107 = "../../../creusot-contracts/src/std/boxed.rs" 28 8 28 18 use prelude.prelude.UIntSize @@ -508,28 +504,28 @@ module M_knapsack_full__knapsack01_dyn [#"knapsack_full.rs" 86 0 86 91] end predicate invariant'8 (self : t_Item'0) = - [%#sboxed111] inv'21 self + [%#sboxed107] inv'21 self predicate inv'25 (_1 : t_Item'0) axiom inv_axiom'24 [@rewrite] : forall x : t_Item'0 [inv'25 x] . inv'25 x = invariant'8 x predicate invariant'7 (self : Seq.seq (t_Item'0)) = - [%#sseq110] forall i : int . 0 <= i /\ i < Seq.length self -> inv'25 (Seq.get self i) + [%#sseq106] forall i : int . 0 <= i /\ i < Seq.length self -> inv'25 (Seq.get self i) predicate inv'24 (_1 : Seq.seq (t_Item'0)) axiom inv_axiom'23 [@rewrite] : forall x : Seq.seq (t_Item'0) [inv'24 x] . inv'24 x = invariant'7 x predicate invariant'5 (self : t_Vec'3) = - [%#svec107] inv'24 (view'4 self) + [%#svec103] inv'24 (view'4 self) predicate inv'20 (_1 : t_Vec'3) axiom inv_axiom'20 [@rewrite] : forall x : t_Vec'3 [inv'20 x] . inv'20 x = invariant'5 x predicate invariant'1 (self : t_Vec'3) = - [%#sinvariant108] inv'20 self + [%#sinvariant104] inv'20 self predicate inv'4 (_1 : t_Vec'3) @@ -684,7 +680,7 @@ module M_knapsack_full__knapsack01_dyn [#"knapsack_full.rs" 86 0 86 91] use seq.Seq function deep_model'0 (self : usize) : int = - [%#snum90] UIntSize.to_int self + [%#snum86] UIntSize.to_int self predicate produces'0 (self : t_Range'0) (visited : Seq.seq usize) (o : t_Range'0) = [%#srange53] self.t_Range__end'0 = o.t_Range__end'0 @@ -697,16 +693,12 @@ module M_knapsack_full__knapsack01_dyn [#"knapsack_full.rs" 86 0 86 91] function produces_trans'0 (a : t_Range'0) (ab : Seq.seq usize) (b : t_Range'0) (bc : Seq.seq usize) (c : t_Range'0) : () - axiom produces_trans'0_spec : forall a : t_Range'0, ab : Seq.seq usize, b : t_Range'0, bc : Seq.seq usize, c : t_Range'0 . ([%#srange84] inv'0 a) - -> ([%#srange85] inv'0 b) - -> ([%#srange86] inv'0 c) - -> ([%#srange87] produces'0 a ab b) - -> ([%#srange88] produces'0 b bc c) -> ([%#srange89] produces'0 a (Seq.(++) ab bc) c) + axiom produces_trans'0_spec : forall a : t_Range'0, ab : Seq.seq usize, b : t_Range'0, bc : Seq.seq usize, c : t_Range'0 . ([%#srange83] produces'0 a ab b) + -> ([%#srange84] produces'0 b bc c) -> ([%#srange85] produces'0 a (Seq.(++) ab bc) c) function produces_refl'0 (self : t_Range'0) : () - axiom produces_refl'0_spec : forall self : t_Range'0 . ([%#srange82] inv'0 self) - -> ([%#srange83] produces'0 self (Seq.empty : Seq.seq usize) self) + axiom produces_refl'0_spec : forall self : t_Range'0 . [%#srange82] produces'0 self (Seq.empty : Seq.seq usize) self predicate inv'1 (_1 : Seq.seq usize) @@ -725,10 +717,10 @@ module M_knapsack_full__knapsack01_dyn [#"knapsack_full.rs" 86 0 86 91] axiom inv_axiom'9 [@rewrite] : forall x : t_Option'0 [inv'9 x] . inv'9 x = true predicate resolve'4 (self : borrowed (t_Range'0)) = - [%#sresolve92] self.final = self.current + [%#sresolve88] self.final = self.current predicate completed'0 (self : borrowed (t_Range'0)) = - [%#srange91] resolve'4 self + [%#srange87] resolve'4 self /\ deep_model'0 (self.current).t_Range__start'0 >= deep_model'0 (self.current).t_Range__end'0 use seq.Seq @@ -752,17 +744,17 @@ module M_knapsack_full__knapsack01_dyn [#"knapsack_full.rs" 86 0 86 91] predicate in_bounds'0 [@inline:trivial] (self : usize) (seq : Seq.seq (t_Item'0)) = - [%#sslice93] UIntSize.to_int self < Seq.length seq + [%#sslice89] UIntSize.to_int self < Seq.length seq predicate invariant'2 (self : t_Item'0) = - [%#sinvariant108] inv'21 self + [%#sinvariant104] inv'21 self predicate inv'10 (_1 : t_Item'0) axiom inv_axiom'10 [@rewrite] : forall x : t_Item'0 [inv'10 x] . inv'10 x = invariant'2 x predicate has_value'0 [@inline:trivial] (self : usize) (seq : Seq.seq (t_Item'0)) (out : t_Item'0) = - [%#sslice94] Seq.get seq (UIntSize.to_int self) = out + [%#sslice90] Seq.get seq (UIntSize.to_int self) = out let rec index'0 (self:t_Vec'3) (index:usize) (return' (ret:t_Item'0))= {[@expl:index 'self' type invariant] inv'4 self} {[@expl:index 'index' type invariant] inv'5 index} @@ -786,7 +778,7 @@ module M_knapsack_full__knapsack01_dyn [#"knapsack_full.rs" 86 0 86 91] function is_empty_log'0 (self : t_RangeInclusive'0) : bool - axiom is_empty_log'0_spec : forall self : t_RangeInclusive'0 . [%#sops95] not is_empty_log'0 self + axiom is_empty_log'0_spec : forall self : t_RangeInclusive'0 . [%#sops91] not is_empty_log'0 self -> deep_model'0 (start_log'0 self) <= deep_model'0 (end_log'0 self) let rec new'0 (start:usize) (end':usize) (return' (ret:t_RangeInclusive'0))= {[@expl:new 'start' type invariant] inv'5 start} @@ -818,9 +810,9 @@ module M_knapsack_full__knapsack01_dyn [#"knapsack_full.rs" 86 0 86 91] use prelude.prelude.Snapshot function range_inclusive_len'0 (r : t_RangeInclusive'0) : int = - [%#srange103] if is_empty_log'0 r then 0 else deep_model'0 (end_log'0 r) - deep_model'0 (start_log'0 r) + 1 + [%#srange99] if is_empty_log'0 r then 0 else deep_model'0 (end_log'0 r) - deep_model'0 (start_log'0 r) + 1 - axiom range_inclusive_len'0_spec : forall r : t_RangeInclusive'0 . [%#srange102] is_empty_log'0 r + axiom range_inclusive_len'0_spec : forall r : t_RangeInclusive'0 . [%#srange98] is_empty_log'0 r = (range_inclusive_len'0 r = 0) predicate produces'1 (self : t_RangeInclusive'0) (visited : Seq.seq usize) (o : t_RangeInclusive'0) = @@ -833,22 +825,22 @@ module M_knapsack_full__knapsack01_dyn [#"knapsack_full.rs" 86 0 86 91] function produces_trans'1 (a : t_RangeInclusive'0) (ab : Seq.seq usize) (b : t_RangeInclusive'0) (bc : Seq.seq usize) (c : t_RangeInclusive'0) : () = - [%#srange101] () + [%#srange97] () - axiom produces_trans'1_spec : forall a : t_RangeInclusive'0, ab : Seq.seq usize, b : t_RangeInclusive'0, bc : Seq.seq usize, c : t_RangeInclusive'0 . ([%#srange98] produces'1 a ab b) - -> ([%#srange99] produces'1 b bc c) -> ([%#srange100] produces'1 a (Seq.(++) ab bc) c) + axiom produces_trans'1_spec : forall a : t_RangeInclusive'0, ab : Seq.seq usize, b : t_RangeInclusive'0, bc : Seq.seq usize, c : t_RangeInclusive'0 . ([%#srange94] produces'1 a ab b) + -> ([%#srange95] produces'1 b bc c) -> ([%#srange96] produces'1 a (Seq.(++) ab bc) c) function produces_refl'1 (self : t_RangeInclusive'0) : () = - [%#srange97] () + [%#srange93] () - axiom produces_refl'1_spec : forall self : t_RangeInclusive'0 . [%#srange96] produces'1 self (Seq.empty : Seq.seq usize) self + axiom produces_refl'1_spec : forall self : t_RangeInclusive'0 . [%#srange92] produces'1 self (Seq.empty : Seq.seq usize) self predicate inv'11 (_1 : borrowed (t_RangeInclusive'0)) axiom inv_axiom'11 [@rewrite] : forall x : borrowed (t_RangeInclusive'0) [inv'11 x] . inv'11 x = true predicate completed'1 (self : borrowed (t_RangeInclusive'0)) = - [%#srange104] is_empty_log'0 self.current /\ is_empty_log'0 self.final + [%#srange100] is_empty_log'0 self.current /\ is_empty_log'0 self.final let rec next'1 (self:borrowed (t_RangeInclusive'0)) (return' (ret:t_Option'0))= {[@expl:next 'self' type invariant] inv'11 self} any @@ -861,7 +853,7 @@ module M_knapsack_full__knapsack01_dyn [#"knapsack_full.rs" 86 0 86 91] predicate resolve'5 (self : borrowed (t_RangeInclusive'0)) = - [%#sresolve92] self.final = self.current + [%#sresolve88] self.final = self.current predicate resolve'1 (_1 : borrowed (t_RangeInclusive'0)) = resolve'5 _1 @@ -874,14 +866,14 @@ module M_knapsack_full__knapsack01_dyn [#"knapsack_full.rs" 86 0 86 91] [%#smodel44] view'2 self predicate in_bounds'1 [@inline:trivial] (self : usize) (seq : Seq.seq (t_Vec'0)) = - [%#sslice93] UIntSize.to_int self < Seq.length seq + [%#sslice89] UIntSize.to_int self < Seq.length seq predicate inv'13 (_1 : t_Vec'0) axiom inv_axiom'13 [@rewrite] : forall x : t_Vec'0 [inv'13 x] . inv'13 x = true predicate has_value'1 [@inline:trivial] (self : usize) (seq : Seq.seq (t_Vec'0)) (out : t_Vec'0) = - [%#sslice94] Seq.get seq (UIntSize.to_int self) = out + [%#sslice90] Seq.get seq (UIntSize.to_int self) = out let rec index'1 (self:t_Vec'1) (index:usize) (return' (ret:t_Vec'0))= {[@expl:index 'self' type invariant] inv'12 self} {[@expl:index 'index' type invariant] inv'5 index} @@ -896,14 +888,14 @@ module M_knapsack_full__knapsack01_dyn [#"knapsack_full.rs" 86 0 86 91] [%#smodel44] view'1 self predicate in_bounds'2 [@inline:trivial] (self : usize) (seq : Seq.seq usize) = - [%#sslice93] UIntSize.to_int self < Seq.length seq + [%#sslice89] UIntSize.to_int self < Seq.length seq predicate inv'14 (_1 : usize) axiom inv_axiom'14 [@rewrite] : forall x : usize [inv'14 x] . inv'14 x = true predicate has_value'2 [@inline:trivial] (self : usize) (seq : Seq.seq usize) (out : usize) = - [%#sslice94] Seq.get seq (UIntSize.to_int self) = out + [%#sslice90] Seq.get seq (UIntSize.to_int self) = out let rec index'2 (self:t_Vec'0) (index:usize) (return' (ret:usize))= {[@expl:index 'self' type invariant] inv'13 self} {[@expl:index 'index' type invariant] inv'5 index} @@ -925,14 +917,14 @@ module M_knapsack_full__knapsack01_dyn [#"knapsack_full.rs" 86 0 86 91] axiom inv_axiom'15 [@rewrite] : forall x : borrowed (t_Vec'1) [inv'15 x] . inv'15 x = true function view'7 (self : borrowed (t_Vec'1)) : Seq.seq (t_Vec'0) = - [%#smodel105] view'2 self.current + [%#smodel101] view'2 self.current predicate inv'16 (_1 : borrowed (t_Vec'0)) axiom inv_axiom'16 [@rewrite] : forall x : borrowed (t_Vec'0) [inv'16 x] . inv'16 x = true predicate resolve_elswhere'0 [@inline:trivial] (self : usize) (old' : Seq.seq (t_Vec'0)) (fin : Seq.seq (t_Vec'0)) = - [%#sslice106] forall i : int . 0 <= i /\ i <> UIntSize.to_int self /\ i < Seq.length old' + [%#sslice102] forall i : int . 0 <= i /\ i <> UIntSize.to_int self /\ i < Seq.length old' -> Seq.get old' i = Seq.get fin i let rec index_mut'0 (self:borrowed (t_Vec'1)) (index:usize) (return' (ret:borrowed (t_Vec'0)))= {[@expl:index_mut 'self' type invariant] inv'15 self} @@ -948,14 +940,14 @@ module M_knapsack_full__knapsack01_dyn [#"knapsack_full.rs" 86 0 86 91] function view'8 (self : borrowed (t_Vec'0)) : Seq.seq usize = - [%#smodel105] view'1 self.current + [%#smodel101] view'1 self.current predicate inv'17 (_1 : borrowed usize) axiom inv_axiom'17 [@rewrite] : forall x : borrowed usize [inv'17 x] . inv'17 x = true predicate resolve_elswhere'1 [@inline:trivial] (self : usize) (old' : Seq.seq usize) (fin : Seq.seq usize) = - [%#sslice106] forall i : int . 0 <= i /\ i <> UIntSize.to_int self /\ i < Seq.length old' + [%#sslice102] forall i : int . 0 <= i /\ i <> UIntSize.to_int self /\ i < Seq.length old' -> Seq.get old' i = Seq.get fin i let rec index_mut'1 (self:borrowed (t_Vec'0)) (index:usize) (return' (ret:borrowed usize))= {[@expl:index_mut 'self' type invariant] inv'16 self} @@ -971,13 +963,13 @@ module M_knapsack_full__knapsack01_dyn [#"knapsack_full.rs" 86 0 86 91] predicate resolve'6 (self : borrowed usize) = - [%#sresolve92] self.final = self.current + [%#sresolve88] self.final = self.current predicate resolve'2 (_1 : borrowed usize) = resolve'6 _1 predicate resolve'7 (self : borrowed (t_Vec'0)) = - [%#sresolve92] self.final = self.current + [%#sresolve88] self.final = self.current predicate resolve'3 (_1 : borrowed (t_Vec'0)) = resolve'7 _1 @@ -1001,21 +993,21 @@ module M_knapsack_full__knapsack01_dyn [#"knapsack_full.rs" 86 0 86 91] use seq.Seq predicate invariant'6 (self : t_Item'0) = - [%#sboxed111] inv'10 self + [%#sboxed107] inv'10 self predicate inv'23 (_1 : t_Item'0) axiom inv_axiom'22 [@rewrite] : forall x : t_Item'0 [inv'23 x] . inv'23 x = invariant'6 x predicate invariant'4 (self : Seq.seq (t_Item'0)) = - [%#sseq110] forall i : int . 0 <= i /\ i < Seq.length self -> inv'23 (Seq.get self i) + [%#sseq106] forall i : int . 0 <= i /\ i < Seq.length self -> inv'23 (Seq.get self i) predicate inv'19 (_1 : Seq.seq (t_Item'0)) axiom inv_axiom'19 [@rewrite] : forall x : Seq.seq (t_Item'0) [inv'19 x] . inv'19 x = invariant'4 x predicate invariant'0 (self : t_Vec'2) = - [%#svec107] inv'19 (view'3 self) + [%#svec103] inv'19 (view'3 self) predicate inv'3 (_1 : t_Vec'2) @@ -1029,14 +1021,14 @@ module M_knapsack_full__knapsack01_dyn [#"knapsack_full.rs" 86 0 86 91] [%#sindex45] Seq.get (view'3 self) ix predicate invariant'3 (self : borrowed (t_Vec'2)) = - [%#sinvariant109] inv'3 self.current /\ inv'3 self.final + [%#sinvariant105] inv'3 self.current /\ inv'3 self.final predicate inv'18 (_1 : borrowed (t_Vec'2)) axiom inv_axiom'18 [@rewrite] : forall x : borrowed (t_Vec'2) [inv'18 x] . inv'18 x = invariant'3 x function view'9 (self : borrowed (t_Vec'2)) : Seq.seq (t_Item'0) = - [%#smodel105] view'3 self.current + [%#smodel101] view'3 self.current use seq.Seq diff --git a/creusot/tests/should_succeed/knapsack_full/why3session.xml b/creusot/tests/should_succeed/knapsack_full/why3session.xml index 25e119d1e..c5a201b4f 100644 --- a/creusot/tests/should_succeed/knapsack_full/why3session.xml +++ b/creusot/tests/should_succeed/knapsack_full/why3session.xml @@ -37,367 +37,367 @@ - + - + - + - + - + - + - + - + - + - + - + - + - + - + - + - + - + - + - + - + - + - + - + - + - + - + - + - + - + - + - + - + - + - + - + - + - + - + - + - + - + - + - + - + - + - + - + - + - + - + - + - + - + - + - + - + - + - + - + - + - + - + - + - + - + - + - + - + - + - + - + - + - + - + - + - + - + - + - + - + - + - + - + - + - + - + - + - + - + - + - + - + - + - + - + - + - + - + - + - + - + - + - + - + - + - + - + - + - + - + - + - + - + - + - + - + - + diff --git a/creusot/tests/should_succeed/knapsack_full/why3shapes.gz b/creusot/tests/should_succeed/knapsack_full/why3shapes.gz index 8d7d6e0dc5476588a2eec454f3d459b01f6448df..16694abec558085c5fe522cada284d558d0e3cd0 100644 GIT binary patch literal 8165 zcmV5qtNCUfbfZau6 z-wM2T*BM#zNU}Zi?+=)_%DSp_Y4(s^C|Mk6pH_-XV)yK#DX|?*6*FXLIc%}SL`O!c4wSV~XX~=xI zQvSie^XmvveXOOAJp15(^gsBUeEZYm&tvX9WBtMZ_&%z=tbuaO9H{!tzrK$uD*xWE zr{^DQk@YV5`eOZ7&HwfN$kF5JhX4BBucNwH_bsn6f?wmAUGKel5JTIJtwf1#-Ud7!0C*63;A~~*8%R|w>-9@yGA!(herAOVsFm3rnNon ztsUvjKyRl`e)TtBa;0{y9Oz^Bc<7>QWv7UL*UHdC8Jloji<_@?2DTE_bvFff8U<(p zTj&SJcJI4K{@aIbiS)Va$NXtf4E5{K6u>9~yzW{B71jUhH1nq`H5B@x(<9&fyS=<0 z{I`<|cTRg8r8(KheSWD0{hF2!0oB#{j5>B9?aFUGudwO~RvKZ|9jveE{lL@^dQ6OYriJS< zaZyVSD12S#Z&y{Z4`bu&>VJRu|5xgIk4Cq&NAtI?M#PqfF?FS`KK-L@+gA6jBDDH? zN?p{HzhC>?$1B&mfrMLkJ*DO(wv~ZIw{ktD<|N#L8fa7t1J_-0P6aJMPo-NJV5q4P z8(US{l-lDQTi9oPDB4ZiDYd(xc4N8)>wjp$?JcUnbyYPHHWcH++E0cqwR!a8)@<$%9v{%r-Yf%mB8LFu{>Dr%X4DF*j zwCp0ZIM_QaPKy(cixcAh+Kbepeq#0QXm*R$9_z8klg7s0G?`~~6B>10hJB}*TI3c@ zi*~&pSI8FG|IlKUH`;!I++@{1_9Uho(o!gI%3|b#rbYu*^--70<<(}tC|{fU8@K6R8wQF zw0h7-H8s~+*lHZ=Q>`Ag{Lw zHcd}H{=IG?9#;JZd7|&O&2=>2``e%LYJD4TzC5hI=G9HUtrT39&3-{13r;9Ot4+mP z+g3}<>f_cUcPP_z#BRG5h5>7a4c5@|h)qpS`PlLRPM4hWspUamcgZPVx6Id@rHaXw=EB=S(n^fOQ>bpUurjEH?0{LG-}Pbpw;A@O1EZM&_G%p5<&I^xedr=lPIkFC*%+8*Y$(H(xPaQEdlJ#2LRrW->}gp2j$>w0tNY)yTJr2BGVnl$iFK+Vf<<&#JDf@ldVG$2uc@V*oe#8GxRdkBB zv!;f8y$b=34|Xct#Xya8t(oBLkT5$1M<{xWW$PIqWBBWp@{g^Q9K^~l+}(`D<4xm`I7yUlMM*|%@|{hE!>y6Zm8?YdS`H-2+* z^x1nr;4^A&jcbkU)!b)y7L<|wu8(N+rkQa^Fc`_)^$u3s6Y$69;_#PgQK(|rWuLZZ z#xMcWIN$0FJ8N2u1&0#nPKl5o9{V-zW#e&E{@9S*P|Qc=(;&`ketW5paP0{F8J)7K zwJ;NIYX_$)9PNwkeM45AunX*9S6w+D?(XmJzU6fF=^vd`eOceuuC3PT;4|>+ba9*i z^>|$Sf4!1n+}Ml1`FQu~^G$xtsdDy$#{Az_f4{q}>&Se7R)UB1?N2xP@$R;@*wys6 z)&ITwl&@4fHD42VH(&Ek+m(3ar5f=)^;F*fOV#Y@Ygy-;v{F;8ow!c%&ts91wEJ_2 zb}%evjch4`zWDa~2xCXwh5y+gk@k|SM#Q8QICLI?5>0Ak$ zebks8JMgAW)R;YQV1H9JQPmC7$KCB(RNFhW`HHb^ZNR2;^S<^juPtL@qMVUzHdK2m z5Y!RV0Mwxc{q0mH3YeK!l&G=YfkA}z(M^@`CyZ#)`-|aM2UC{@SI7s&Drdn&xX{xoRN6wt!d&I~* zcgZ@-9?^&G5f~?JouzQzbezhLg`RJeywFOXRq*r-gZUJD4xaFfPl0Fk=9d_DlL%ii z?4Y%_wQkE)>OHg89Y@FY=-5-Hk{wJXfISlhsu6+544CdI`Sm!gr-cT#tfH4!d%!Xp zX2IMvlD@WG+X!G|9Ko(}gtM-{p9)Ov?eDYSz1!U(Og-4FA^m2f+FfVw!Oy67sPNPh z{Q3$0`b8L8*ZHZOdQwL?wYxcdCeY8D(Qmg}L+hY*xUZ|a>~1zXJUSa)7u?c1coElQ zCGc#`ad5@j9`@6=01oX7U^bNwzVR&QlJ{s?0p3#Nx4byFBL~r&Eux}!X< zz$)J7FAsN*tIzj$vEK^TBMR85Rv%vudjfj#lHHe|q}Y9*x(&}`r>nWI`oqb|wX&v1 zbQoA&`pnt1vgX4$6}$A#0QrwjOkEo@=?$Y`5#PDuo3zc!&cnI8i7_SZoX*+J?5ik~gcwlGR z9=`pY?>D368QqxGzkiI`QO&c?KyHL-PPof!rRH(6ZW|2jziqFw-};u_ODhCBTbSo_ z=;amfQXQ@s`m$R>;{!s2*Ysr8(*8kwS7M&^A`r(tCTZim0j&z(R&)-M(^W)`Zk8M8dv-z&`>5Wt0lUHsT`!2o7 zUh$w`Yup9yyLLBHJvHMGVb&oXCIy%d-=K7FJN2iz_k)iYU$1^c+Z;ZD$1a_Qz z_IjQwv zwP*1j8H7JRmuzn`Z5@m5hE`5tX+!S)?g$;NMyjXjRWIDP7Q0goJY3W0Am5KE_xDHI z-qU6~93Kn_+O9dO{aOwH^>kIO#TVE0alfv&;`qaHu}~L`Zt?JG)1F-D`omMBU=-ew z2K6`&bl09f-JafryKmn8JvI^!kJz2EQJq8AT78J{KwSMX4xS|i?xirCzSZw1QQ>o> zpifD`j8ZUNd**a|bpe^bHE>h{Cr0IN4e{wYvUkMG+ZvMRn(IHGQf)W6Jf6^P-+v7`uFW+|8UQT zwWm=JcH@ZLXA^FxwS4>VtUy z4o*1@r<}8Fx})YYR~Kh5zJngm-S);%n{zfThb*E4hL=-k8eYe`_AGo|f5(igKF^L{ zIL$Adf$!i6KGNXm9O#_1_3O#@@VxEFVRLL+-S)IezqRNizxtOlw>&jtr9+HATzvlW z@bi(Q!TwRN^A5ZpICQhC>EZS+_8D@rxkF3o4+q5h{3sNDVLiKQ6Aqbq`vaq6=(x(P zkDt_+mFOADvTO284YWBf`krd?B|Y4qz&&6LFL!C^MvM`H}j<0>zX{N^R{-eVy6wz-W%Vo(I0oI zw_9t+c#p1d-%#t!9-gh}R=VljifyHv&*Jv#8kiJ!0L$9cfTRpt;B85ZOhckId|)Vu z?AJKZ%i%7A>aXb#sma>unscPrpwtuHuJdg7t|J9o3gwUt=1lDu-*0Zawn->Y@{0W> zG74(CXBLk$i>H|dHB5-9)eRf-d}sFf{V-gaAo`=9m;YfZL&w&o*43f0zc!vO@^M;? zD+5Q?;?`j|in*=fQp2?%Q_>wI{Wx)QJu+3N`1@99xNCF!+8{;GnT()ze0)`NoHH9Q zE(pC#MZgy?XuVM>m88A0Nr6VPm(Zw-lsO0km24nJLrxHNii~0sIB}QI;6*NyQ)aK6 zGoXsGiLwGvU`n(h@+CBMVYP`lDL^quNomdoiic7PaLK6>>5C#9Ae*QJFlvcOu@~ng z`$CdJZB823*v2$`VUsu3Sw;&fDTT#q#nB~(m`o|LHcPr;)o5w7YqV{&X*4%lH<}ua zjfO_6hNL0akZs5`#0}|&s3B|!8d42PgRVi_plOgB)D2RD*dR2h8juED1GWLv05_l; zpa!r3Xh2;AFrtbf?*$|not+VH#aatsY;c!s8s>&|!_+V~48LY?oeD}3tB_;yIsr)x zSw*z0eUTI{SsHc?+uuruRm8+95(D~_sCc7P3Erlh39~7ehH4KDHU=7_enUME-ijy4 z*4WG;Bd~=MZSe^NL3AA$h8v@Qi=DT&Wam9#LQhhhjS@vW(mG@d$<%RTRAbCr0D`g~qDi z1207duhFq50#;575Lk%0q~tjw$*5 z@dbhu>jlO+p-WlC!>t)bEltB4;>*hM0WBpiIoMh&9;WvY1PDV5DyJJ!m2^thHEAi3o?iC1CxSKOH>i9F+o)a-e{MU`u2L-YXkQ zF5RB4;_@ek$V4qrtj3s?%_?O!f=;Yhh03@AqCY)Mo=nuhR7y$#h`kljkR>My${AaC z(UrFastfTsv(uo9)#6M99hK2urx;yGkm{}+s6r)mU%sH$ul^~y5*)hfkXE1~fJRn2 zA__&py3YrqVebosb@L0fjJnayr4)w~k?t-GknEi5eZL%p{jU6*ITxdI7QvjypK2dQ`zF+Q_yzNFizCN(N9WB#6C3 zN4o~JZ9tm_bp5Uy(A0p&1~fFF)t?qX6-ps4I#AAa;m``S&M{fBrae-Yps zfTM+yh{aOLn3F0P>sfFS&7m{<4Q|`51{Ta;<8(xbv`qdl0K)FCrQTl)tNrkO5-k}bv#L}ybdOW*;{dyBxX*LBN zCKpx6CAt!$Xo-qz0C3n?7xmoN(gOBtLakjO8?*|JeaXfc#`?NWE~pEbptr4!1@Kn` zo|6`b?4lUYIYSVWDZ~Up5nz4wY1jH#K!5$=tu5YjF@?n`lga8_O7UJO22*URuh>96 zwXpRsFPOiDnXRqz5|u$Q3cOg1A*kd8$V8*5SK}SnZUO!+1IAUVCnqMUlDrb5SSLX) z&bpw2HG@?s3;4f;@e)gnK-n6=EXGPGUPFCn)t0C`@|BQ94I)&s`$=*HCXRXFW^4c zt5V;|4$2o~aAF;k;;dr!ItFBIx2^RB;O7SsB~6jFbs4iK@*e8_1Cg`Sxrn5F>wE$E z1#h&mF0nu{k|pL~rCzscta8TZqTIf3Z~^)G>mayfd~nGT#&PJusvk4)ESTY><4K83mKSHE{MM@>HRXI2erW94*ld%{ghI(-f z)If#>&hvIFML=0)>$N^?iw@DC=Tbs4PNk@NW4W$!iy{2%p=v|cRID~NrrUC0Rh)ND zXI+dc>JmgXP=i36TL6AZM3YxF^p3Kx263cJ^_C)1qP<|rbO|-qMqmN?HD*MDY@>*R z-~(mLMO9yQ3?X=sgqI+?0igxxS6>oijR}x!jjBN>4mBg??2)V6@Qw|=*24)>quoNYTLzLt|_cFmn zF5i2u)b|oq_7szfkR4=FAr^?is^oL5uZSSfBAZ_$v?WOBZV!;?5fPGACNt!K$&@Hk zUok8y zfizeSDk;k<<=}KMC8q%0rFe*{L69mj1h!PNUOJhRO)M27xV zdc^HllCaji2<}(D^Sp)xV$lYIXD`_*O&WB)=+;2JpRmCS#~+Y&uM8%e3&vFaPbOGP zNo-y~l#cOID(zBPGfa=Zaxx9c#B>)!iUvQZPnY9Vr?W zwKWimkYd9+i|$NREel@bQCR)i2yLB`9HIUIgBBYyC{4}<1=LxHObs$NSoIaF1;4Gg z_H{xNy$QL1h9KZnB1cm1?C1LPH^lW!&LJz7W(ayMFzF|ZCH0EZo%=SWm#|QH=$&dj1Y<^P&xbLq(*NOkH6V~ z)uF#&dD=0^I$4N?L`()1eDoL-3R>#{avze7jut%6^gI}hAyZ(DE_xRMlhOz|yQpkE z$f%Lm==6f=Gca|@>MRB#u*;-Vbb{=(Cs8ho?e%8;aOVqNFg@qY+D0KT+NUgr$=0ZA zc7nx5(xHD78l7vf9t14FoC$w&~^ zS&=dXib~N%MH_e~ZY~UBT-3xVBNZpCkPQ1^Z3&X?pcbTlu>ZRN{5*h- zOVR0QELiKMIA0`-D6!7Qg#ASbD71k5stXUOBv8?FQsj_TLaIMxTq0V)&w>=#~ue(6j0*#&Jfq4t`RcL_t(l#|OuCD}4< z(-yGbzzJ3Y=ajV;gC<6wy(vX=s`o@9mQj7!1@Je!9|e-}9+D6B9Sk;J7n3jv>1?f$ z!Rn|$%kXyr{8hU@2$BN_A(MS^#rx!R4Zrl@f<-;ELKe{9?ib{Nz~_SAXya{Gx}qOl zh%T^+rc*0aIbDE%+c)Y|Rxto7Z=+YH8rm7N1BO!XU+R7)t>Q$g;;$Q0HH{6`_q-Mv zyiG8l)0B&tn6f7wb%21t)}{<46JU)rq8dlK$l;e&LP14S?>ppdBd20=P=v;qXpOM= zE{e%4viL49Js39GTjhbsNJ%AAAe)q}{uk}l7$HSU8d9#I8f(4C<~!Y#p}n)tT1U<% z08r5qWQ!ib`C_K%D}ve_bi$z;7{3VU`|OAX#Kr6|WpE_ICVFQ*XX674!4%m=)v5wL z2#6LTeb--HaH2#52M89UW{oVW-U3?;785Q9!wbwJf?vu-rwfJPB?ZVL$#LL>F{EHi zM8R-LAPs?Q2<#$^U)nL9K~nH0Yrvu@bP;Q;W6p&fkh`Q>MHRpzkndxHQ7KUT??%@9 zTgRBXAQ->3?`Az6l2jTE0c^?3E9YI>t9=}O;&-`b{C=jYC`)j LI&0Yy_VWM$Ca5e% literal 8168 zcmVH7LxUjOv-x=bUHUHQ5BS(*?8~*EizmDo+-M75P2!4%Yf4an&J(j_#4>h}^SZ|)f zSQg&C#y79`zN^9l{H?}As!y` zKd`=*zSGz$bb8=Es;KV{g^)uilKfTngSR_fLC3sprZO;oo4=YsfI#7bb92Qf47(S zga39?;m&D~qckV`xX&-OpkLGSA)vZCpHasyq+R)~=M`2x!Ac{nx`XvK-5=MVT5MGH z8Dwvpzn#I;K1;R* z*Mc14p+4H@q08NxKGRGEJNDlV(?`1La}=m`@bCA7w{HI^ve!b*YU5$w`&$Mtg zCN65p0fn#Y{Oz(T_F-&%z5d@H{{N-A+N04e?a}cX0Hl_AB#}@WkABuLz)mG(9FD`2gA;9ktp(SjdTO=pi1rHlcP*-6Jwr7$=eqXi8AJQ1 z4lTO~Ee`fhi__wSf&uo1L`efzdW*U};Lqa$ib?I_SbyDQhJPnrZwqkst~^*=Q*b(My3F=<^KwJy4= z3;+54E`5o8FUh}q*OG3@v?L$59`T_}>WKN{Fxl(lA+^b)oi?oRyv~;FL}Dk^0WA$$ zt)|9Y+v-7$)zp~lT0Q8knwsl2Y&8z`sa6katV@n%vDI`nr8;?~oIhWGx=Z<{`mT@u z{_*+NUxHcd}H{=K>y57)gTJ<)gWbshEh{`RMQy}pe%Umn(9^Yu->trT39 z(tbf63r=`Jt4)=OmR7r#)yJ(z_E4tji0yVQ30z@L zY`QVzM7UVrKIWhD{p#*(zAra--!{8e{ysl^xp_QYyf?j~x+wQ|pRV&w{#Sl`W%ee6ZbiC7XjmBUx)W_Bil%i4g(5y12==tILOcQ}+9^!y+ES z@*sjE{f7UYs^}DLXLSwvdKUs5AM8}Pi-8*HS~J1fAz^k3j!^WL&DJwM#_-om-A&4KL+YVaQ*o{pHt6${^ytVeV!WbDa=+)cMp$8tC|=1dI^4g zdzA*ab4!RhQO>yZigQZ#i9l`bQ^KU)Hy^ zYuD>^@EQ1Zy132%dOWWEzh1gw+{ne>e7yVg`6fT+R5^P=WBzZ~f4{q}>&Se7R)UB1 z?N2xP@$R-2>}vYk_5Z#5lrL2~HD42VH(&Ek+m(3ar5f=)^;F*fOV#Y@Ygy-;bgiaZ zJ8_-jpT{C2Y4_(4?O<5U8rf0=eevz}5yp<#3;(l!n2g0k6-<=3`P=HUb9#>Tc&3Fr z;(VJ9la333>$V&=e$<#9JMbnaYRsNDu| z+cG95${ESVq1sb{ppKXZpbjnQZ>RFA!SG6@DRu9r6?#f(3Qeoh(AqeRpQTDqFU`-> z%A#B0eXZPO_nMH8YeMcdq2A$Ue5|iVL*$1etM!&$e-7vGcABbN)(4O{NcQTcS~2G| z)r#qnGbi{SF*46xvd*$c^kI7h#z|XeDV#SQr?O+A=Nlz2w325PJUzo;KEmf`%*sLMFvr+A? zvwiS0>K!UPwFJL@g1>$dhSqlbR8~EyBdpqW4xb71^Jetht=7<5Xf5vRsxG^mjTVp2 zM%x9!v=&~(^;ii!TXP&-v9^c(iB`vV2SVO#Tu?R7Vo3>F6J3snBOqn zc1HBZcYtlvpLgl%cK%o;&3%Sb1!o1eJesYRaRWhDgV`wsdd$%Cc8?dEk#F~#pWAPq zZ`=N`i~3Vi+S@1v^O8z>hJbgGlWpXV6`PSC-L8hc!`9JvoUy$<82|qF z*?_OgYaHrV^W0kQ+F|{4r}@{`)z6TY`Wez(KSLVor%#KkpCOI@+So2>rZp4m_iq#Q z{Zl@y9AIBN^aZZteg5)r_jvvJ{x0^eU_GLMooey;a@Z5Re97+1Z&0k?r*6aZ*y(ES ztNw6ua$Sq=5gi6rmp*egU5oxOPQ@<0GeG{MlbEibjr3#~1&jF372l+7u8p0AeRmUM zOj@4PS>DXk;;?Ck+kr|LL1x|u4Qu~E~TRvezM_6{nZacCVqCj&Y~+@CFPNn}1c z%lcOPb;5q1?E2G}le?0Za$-tiWLXU+0^LZ$Ibz&1iW>H)i$kA7ge@^Q<$F8)2Fg?($lxd7P}<1_S$V+pFxi zzGeH;3PENI^L!4yyy9J|!xckcc1vh{Kxpuqp3GX>KZx&2%(Gqu;^<>;YvrouwpsJ* zMEiVR(ylV!fke;C9otsg-dB3=#u7}$&fQw-r^CKSI!=@4`;q*$>?W>?`P_ugWgMh9<9S8uro-S?F=%0C44#rAt zQOvB7N`5$G=UBwfteRuNIyE}y8q{{2&NUp4(Yc-i=?})|Od(WHg~`-+L-XEWgFV2?#b7*N-`%8n=erU_vyRs9`lVg0h51DH zx`4rXY}QsJsWL*v~mhd8*=Y=N9brZQaw$tdf~nm>`pcC za82U|`F`xVzdzFUo;KUz_+UWLcFj@k*Kz=;r>klOUtHJ6{kqTw+Cu04IaJ-rEw-`o*CHWChx*qyRbokQ1(K16sR{{9#T&yoW7 zQW#F(>i3hV@HtY@r=(y;DVVN3bGp5{fXr_f9F@R{QMp?~e0q-T9r5zEhUB^C`p>6S z+f6QyCv@BQpUC^?uNz+W`+RKl@VRrC&zQr!HHY7PQt=h z3a-^r&ji(>P0s`6X7qitGnKZzTR2~Lw$Inp?y($f@7kRx zIV-Wxraa9i9%A!Axf%U=JmD@+bS_W0De?FDN%@#NJJi;@huVEccdu^yAYkXpPwzud zg@%*xT`%ci=+05^XPUf6y&taeLW8|!J3Vht>v?;w_jBBY*q$)kqjT3hv2SSV9O3K* z{XDU3x_;TTt+)&f=;Ja^={!-@F zPR&^95aSOQpT9i(eB@}bf7I)|1NQ@mZgw?2+}_1L!<}sI&{F!t0kJ+m3WZ--&#u~p zLuTIoz~~q{t}^T6C-r3|dWN#>nmkhjZH|k+r<#085BDc8i^rM8)69YzCdAb0hK+f?HGBMi7+#s+^hZB0|HD*b2|k!sZG)zB>gyXay2qlr}+EU(eO^r?biz_dd_47 zwX?@pHOD!#@#2Ee+f*F*;vI@NDy5RNSCSNHBw0bDE>h;;7^q|eF&eTCQK!i0Oakld z3L3n~#pRUQD{Bp?VkA*k018Zr5+bjlp$pL_=A;0fK}t$?`%8f_ab zjW&(uM(ajXqp{J@Xw{Hw$TlPmnTEI_-4Hc|4M9VyLD!&dP#QE1a)Y`-Y7iTQ22}&D z0o#ByU>e{CbOY1?HUJH%3kh0ENiJ*l&N*w5y$TV8kwZXQv1yna)(um`*f9K>y)_au zP}Diw98yV!oES|;2c5uKy<*p}ZCHLQ9VW3EBd44>hz==77aaIVDS4k$SQ)B4G}stu zjQS1r97Gewpj<{*q-gQXSc*3oSYy$3U>I(U{w;Pspz|&jV+}_V6_xTRfjyNZ5P-vKYic=S<{F)=cL6{RJk1*MUS_G%@%5&GS*Q?vj_2ib?@qVbV*uptEu z*$KzI65EJ0VjAJ!2}j^FV=xe$s8l=~vAzTsi|C|F&k_I5m=Y5$gRobIqXpxH!N*LQ z#e`&_W6J&h`0}LKC_qhIoN-?-&B~d^@xZLpm03r>V}5lIE~$w3&iE|Z=jc&U$SB4T#uX@T zK16gXwE z;xeqDRsrtMfCWUwK5HE`7N@9CcFAXxoTZ$M!|K8TLIbE9z*=zl{s+g!lxzfwHYt)~ zUyM)MW?!^pgN#t!K|uafVpFh)Arh;o6pNe#+F~3;!h#Gk_?Ce6WBzpT1W86r^u|!4 z?7>P<#R5vPnVjq3skr=!A=03=N`;kZt%_oARnY9K9U8Ru*hBQEhsm=_&QS4a#H(B^ zI%^;TJ5<4ntzLBHZGq~-A!gwK1kAp;910Tom`JOHC6?-y168P8^~)F3I@D}EV6o1V z$v#*j1ANc0#*%Zx8QkfKw4L_@nV%oO2XFXqA-*ic419&J)U~O^f}5Bgd*vBB|qw0$9Ao--QGs;;SVAC1p3(PNqSrzsv2ML;D-PA;b!DiMefdk>(S@A}VRy@1T zj;foR3*axa7sNOnJ+d<@T27v`Hx3OO3xydvv)|yh-D+UL{53WO6XY1s0B1!uCU)98 zor6R|lXQ2G2d0*;;Bx~;H(+Q1_Z$rpA!P7^&N+stJ$eH%IK?@pY&WNb3&1bjXwfb? zYnft_=tYtciw4fIpw-ItN07!YAipM%Bid*nCN2fDQIBp8Y=z@|vn5ixYZNyXRb z9e`tCXF>$8YzV$OD!D{< z1zf#i1NGEG>R(;)S zAjW2k8MJ1vNJ{jBRp=J*e~DN%M4_!$~5POi8+!kbsPslvNB)8y8KYjrDHz z0`7Ce851L=;>jy-C?v@_C9pxjXYeX*Tk8wJFSw%Oo%IwXc%-a?h&MJzogwK2Iqh5L z3&_vk;dTj&##}Hc(E*JOfg_T{kh5ak-y2*&e*SrH0VbOa2aARrB%QtX99XyzW;(n# zxB&fppkq+pWK7W!fh8S^4c-{>DaJ_Q_}<_G_Va_)9Wz-aniW#L|BA_S5W!f`ptuz@ zPy-njIM36>7M-|y0j)S9gQ6Vy2^S$va$V&XL-^TlIA`mML8lc1W;8|_Mwh+T zngG=boNAy3fmpi${1SjmDc)Jfp(N{5mSi)hV3Ieb5cw69@(+xOUfPVG9g%;+R3TNh`>n62OA*UIrhMIQj0&9@Ha}7A#fRhGl zaFgQ&^q1bAWRUEHf(QjH+B&B~D%u)buP*6Mg`k23_&2|{s@Ml(QLEss%1q)oG1XZh zsGw6Ts21>lkt0a$j6(>P8JyR|4n#^;!WOA`y5ka6uHot~!l=$osvXPQFb}tSNSd_8_Q-oBn zm>|@Tu2)PJG5t!*e<5qN7nO2Oj(tRM5d#qwZG#K-iVA{kUo=NBi@<&@`@nmQ6fpy8 zZ+!}xiYm(0mjf#f-OYAH)gZVkF$BAa>(^9+!Ri=vHmMi^sOK(%qI23=@GZD zBw?+25!|nPxR4QJ0BbTTw#fzrt}hU`N>s9J>ig|09DhL8ZB$|-*=&ngIhovyvE-LCzv z9j`q{{ae8WsaPRz3cHdqSykW0lAW^N1|3tGa4`+)?j7xaI*1f%tuRsuJ{zdlBw`UI z*?9*p=+s%{x>hQGYMjs~RR@q)l%&1}oY6*>P_n@+mOJZM+Xbuc*C&KnXL2z*E+MnB z5R=NxDP$d7XQFDi;5FX11MdxcZ<5nRM_Y0f7ZvDIO7>nl3z4Zo#s;gtVzuBmKYVe> zrVcQVRkxSSB_X3hrOA>&Z?ds8$hC6r0c5>^IDacjr22y~^=C_RHX%p|i9Jd(N+4#v zLW2z&XwX#f+yJ6ofZR34NNbH642sm(pBrZ9T_GPtq9$CSR1m2_Q4Jc`ps@{_+Lme1 zaDx@K`utB0q?i(|a1bW0FKwh80@Vxk5E(Ps6-osW7ckG+HevGFU zH`;o%DhWqr>+5;6*c#b})ibdRjwcW5Df;Mwwk9|*9OjP_(wedJwPx`;0)Q#KtEGzP=sSfz^~taU5OBkn4|!bPCli;J)a^dWsBqXJX1G zA;)B~xcZ9#6iQ~>Yu6f-x&ZvL4dE10sjqmCj-B-d3yXG%qJu6NuU8AMez5<$0Q}5f zwg3tlz-HTdSY&Oqf;qUH6=44&1a!23{3a-gCb)rTyAzu8e?j%2kF9Rm>-pE0JCM4N1k8GeKl zT?N_=e;2@Cb+!m9DVK{xvPP>6L2QmWvcZ(p@Xn5Yaa=%uvjBn^z$@pHu0Nv~Rn#hL zj8SWA1C-pU6{?&rz`w0N=Tx`eMO$Q_I0q)eM7lU%UyvYOG?1Z&RK;I6q-q))s`tDW z8N7|9=mE1W5w(_Fl*Gs=l1;3UYnnohG@=?uy2#;|J$}|&OQI4X#ppcvtV-e!O9(3h*AUo-Ko(*A(yNN7K)PP6*P3F<>`6!hhoCYl8&_1Tr~+67@_j-Jv{%k( zbOscWWX&l+Oo3f-COBV13kb0xghd|TW5LK-v`H3y7GFv*o+T&kEm6!uuDa?~4urJG zNVi(I~Q7^KdOo_tBV{$!Xq@`|k0JE{ diff --git a/creusot/tests/should_succeed/rusthorn/inc_max_repeat.coma b/creusot/tests/should_succeed/rusthorn/inc_max_repeat.coma index c090329a0..c0b381989 100644 --- a/creusot/tests/should_succeed/rusthorn/inc_max_repeat.coma +++ b/creusot/tests/should_succeed/rusthorn/inc_max_repeat.coma @@ -77,23 +77,19 @@ module M_inc_max_repeat__inc_max_repeat [#"inc_max_repeat.rs" 15 0 15 53] let%span sinc_max_repeat7 = "inc_max_repeat.rs" 20 15 20 16 let%span sinc_max_repeat8 = "inc_max_repeat.rs" 22 4 22 37 let%span sinc_max_repeat9 = "inc_max_repeat.rs" 14 11 14 70 - let%span siter10 = "../../../../creusot-contracts/src/std/iter.rs" 101 0 213 1 - let%span srange11 = "../../../../creusot-contracts/src/std/iter/range.rs" 23 12 27 70 - let%span siter12 = "../../../../creusot-contracts/src/std/iter.rs" 107 26 110 17 + let%span siter10 = "../../../../creusot-contracts/src/std/iter.rs" 97 0 205 1 + let%span srange11 = "../../../../creusot-contracts/src/std/iter/range.rs" 22 12 26 70 + let%span siter12 = "../../../../creusot-contracts/src/std/iter.rs" 103 26 106 17 let%span sinc_max_repeat13 = "inc_max_repeat.rs" 4 0 5 56 - let%span siter14 = "../../../../creusot-contracts/src/std/iter.rs" 86 20 86 24 - let%span siter15 = "../../../../creusot-contracts/src/std/iter.rs" 92 8 92 19 - let%span srange16 = "../../../../creusot-contracts/src/std/iter/range.rs" 33 15 33 24 - let%span srange17 = "../../../../creusot-contracts/src/std/iter/range.rs" 34 14 34 45 - let%span srange18 = "../../../../creusot-contracts/src/std/iter/range.rs" 39 15 39 21 - let%span srange19 = "../../../../creusot-contracts/src/std/iter/range.rs" 40 15 40 21 - let%span srange20 = "../../../../creusot-contracts/src/std/iter/range.rs" 41 15 41 21 - let%span srange21 = "../../../../creusot-contracts/src/std/iter/range.rs" 42 15 42 32 - let%span srange22 = "../../../../creusot-contracts/src/std/iter/range.rs" 43 15 43 32 - let%span srange23 = "../../../../creusot-contracts/src/std/iter/range.rs" 44 14 44 42 - let%span snum24 = "../../../../creusot-contracts/src/std/num.rs" 21 28 21 33 - let%span srange25 = "../../../../creusot-contracts/src/std/iter/range.rs" 15 12 15 78 - let%span sresolve26 = "../../../../creusot-contracts/src/resolve.rs" 54 20 54 34 + let%span siter14 = "../../../../creusot-contracts/src/std/iter.rs" 82 20 82 24 + let%span siter15 = "../../../../creusot-contracts/src/std/iter.rs" 88 8 88 19 + let%span srange16 = "../../../../creusot-contracts/src/std/iter/range.rs" 32 14 32 45 + let%span srange17 = "../../../../creusot-contracts/src/std/iter/range.rs" 37 15 37 32 + let%span srange18 = "../../../../creusot-contracts/src/std/iter/range.rs" 38 15 38 32 + let%span srange19 = "../../../../creusot-contracts/src/std/iter/range.rs" 39 14 39 42 + let%span snum20 = "../../../../creusot-contracts/src/std/num.rs" 21 28 21 33 + let%span srange21 = "../../../../creusot-contracts/src/std/iter/range.rs" 14 12 14 78 + let%span sresolve22 = "../../../../creusot-contracts/src/resolve.rs" 54 20 54 34 use prelude.prelude.UInt32 @@ -137,7 +133,7 @@ module M_inc_max_repeat__inc_max_repeat [#"inc_max_repeat.rs" 15 0 15 53] use seq.Seq function deep_model'0 (self : uint32) : int = - [%#snum24] UInt32.to_int self + [%#snum20] UInt32.to_int self use seq.Seq @@ -152,16 +148,12 @@ module M_inc_max_repeat__inc_max_repeat [#"inc_max_repeat.rs" 15 0 15 53] function produces_trans'0 (a : t_Range'0) (ab : Seq.seq uint32) (b : t_Range'0) (bc : Seq.seq uint32) (c : t_Range'0) : () - axiom produces_trans'0_spec : forall a : t_Range'0, ab : Seq.seq uint32, b : t_Range'0, bc : Seq.seq uint32, c : t_Range'0 . ([%#srange18] inv'0 a) - -> ([%#srange19] inv'0 b) - -> ([%#srange20] inv'0 c) - -> ([%#srange21] produces'0 a ab b) - -> ([%#srange22] produces'0 b bc c) -> ([%#srange23] produces'0 a (Seq.(++) ab bc) c) + axiom produces_trans'0_spec : forall a : t_Range'0, ab : Seq.seq uint32, b : t_Range'0, bc : Seq.seq uint32, c : t_Range'0 . ([%#srange17] produces'0 a ab b) + -> ([%#srange18] produces'0 b bc c) -> ([%#srange19] produces'0 a (Seq.(++) ab bc) c) function produces_refl'0 (self : t_Range'0) : () - axiom produces_refl'0_spec : forall self : t_Range'0 . ([%#srange16] inv'0 self) - -> ([%#srange17] produces'0 self (Seq.empty : Seq.seq uint32) self) + axiom produces_refl'0_spec : forall self : t_Range'0 . [%#srange16] produces'0 self (Seq.empty : Seq.seq uint32) self predicate inv'1 (_1 : Seq.seq uint32) @@ -182,10 +174,10 @@ module M_inc_max_repeat__inc_max_repeat [#"inc_max_repeat.rs" 15 0 15 53] axiom inv_axiom'3 [@rewrite] : forall x : t_Option'0 [inv'3 x] . inv'3 x = true predicate resolve'2 (self : borrowed (t_Range'0)) = - [%#sresolve26] self.final = self.current + [%#sresolve22] self.final = self.current predicate completed'0 (self : borrowed (t_Range'0)) = - [%#srange25] resolve'2 self + [%#srange21] resolve'2 self /\ deep_model'0 (self.current).t_Range__start'0 >= deep_model'0 (self.current).t_Range__end'0 use seq.Seq @@ -218,7 +210,7 @@ module M_inc_max_repeat__inc_max_repeat [#"inc_max_repeat.rs" 15 0 15 53] predicate resolve'3 (self : borrowed uint32) = - [%#sresolve26] self.final = self.current + [%#sresolve22] self.final = self.current predicate resolve'1 (_1 : borrowed uint32) = resolve'3 _1 diff --git a/creusot/tests/should_succeed/rusthorn/inc_max_repeat/why3session.xml b/creusot/tests/should_succeed/rusthorn/inc_max_repeat/why3session.xml index 21e7cc020..089434aab 100644 --- a/creusot/tests/should_succeed/rusthorn/inc_max_repeat/why3session.xml +++ b/creusot/tests/should_succeed/rusthorn/inc_max_repeat/why3session.xml @@ -13,7 +13,7 @@ - + diff --git a/creusot/tests/should_succeed/rusthorn/inc_max_repeat/why3shapes.gz b/creusot/tests/should_succeed/rusthorn/inc_max_repeat/why3shapes.gz index 3b7e71a3930d688ace7494fa482db95eac7a2a34..a8edbb3ecf4656f521ef72f76d1b105637b08164 100644 GIT binary patch delta 591 zcmV-V0Qhng>DSV7YSHVrRs9`tme$@gJO7G+ke48OUF0s7Y@0D9NUZr>aJZkgV(@B3`a^pxCzvTZko@^4pcP*`ez zXnrN#--FdWQK6q(DN!F-bg0Vgn5w#+CoLApQKG#v)8a)2kfVr3cOB|Fp%e9O0Ntn$ z`W#0u>VrNf(0`Bmz*?VeMUZ{O#Z$hb;C!UT01`vQqmT-nY|5j~>emq~lYYo^KBni! zW%(w(H0cB6Fd7?o5p3j6*p|i<83R3SuVrzw0}&?cS>)Y2P(8y6@vG5Y`p2- z1u~@1BhD09_q&P{*Kp@8{gXU7I3SSQ;puzmBN&RyHqo|eRFxdcx|y?=rg!r=G00`O zUQ2Wiq`4*u002S%Froke delta 601 zcmV-f0;c`!1oi}wD1UIWXcLnKvQ__m1qEWVOE#@mDyQ+h@tfy2BR<^Css}o%YWA$k zDlhb>nKQflXyp{prYOter^@DsM@mm+sdSAD9onfn$+HRAz7EUlu;^f92q6V$gtob+ zJ+l8UiZlLho8pt?wMT^o`w60o9DRmJ{U&6(K;#qhYMgMU#qeZ_gV2TgUbZ>NZ& zDH1tV)x0b~PCv?%3a54r(7z@D(7O)1eQ)@?WqQZH@3Sq_Q*sB&rrlJPf4gFX!cvE0 z{VQpI4_5s|xqfb>M15efA=|zB2a)818^i_sP1@YR=lDOIrOz zF581cb@Gk$PR-f;@R%|L9!{*-Sw~tNj(b(B?6Tr*Ie+bx20hDVIG&bi`CjQ={Xn_a zszmUsJeIWqpK}2u9oo8{Pae3836^cy*3VLVGlQ5}AXv89@NMe* nt|zjT*(8X8^fTMB$zwB!z1WSN*p6i^Vs8BghB;3`N(le}^$9PF diff --git a/creusot/tests/should_succeed/selection_sort_generic.coma b/creusot/tests/should_succeed/selection_sort_generic.coma index 476968073..64810d5c6 100644 --- a/creusot/tests/should_succeed/selection_sort_generic.coma +++ b/creusot/tests/should_succeed/selection_sort_generic.coma @@ -20,15 +20,15 @@ module M_selection_sort_generic__selection_sort [#"selection_sort_generic.rs" 30 let%span sselection_sort_generic18 = "selection_sort_generic.rs" 28 10 28 35 let%span sselection_sort_generic19 = "selection_sort_generic.rs" 29 10 29 34 let%span svec20 = "../../../creusot-contracts/src/std/vec.rs" 83 26 83 48 - let%span siter21 = "../../../creusot-contracts/src/std/iter.rs" 101 0 213 1 + let%span siter21 = "../../../creusot-contracts/src/std/iter.rs" 97 0 205 1 let%span smodel22 = "../../../creusot-contracts/src/model.rs" 97 8 97 28 let%span sselection_sort_generic23 = "selection_sort_generic.rs" 25 16 25 105 let%span sselection_sort_generic24 = "selection_sort_generic.rs" 12 8 12 72 let%span smodel25 = "../../../creusot-contracts/src/model.rs" 106 8 106 22 let%span ssnapshot26 = "../../../creusot-contracts/src/snapshot.rs" 52 20 52 39 let%span sseq27 = "../../../creusot-contracts/src/logic/seq.rs" 316 8 316 41 - let%span srange28 = "../../../creusot-contracts/src/std/iter/range.rs" 23 12 27 70 - let%span siter29 = "../../../creusot-contracts/src/std/iter.rs" 107 26 110 17 + let%span srange28 = "../../../creusot-contracts/src/std/iter/range.rs" 22 12 26 70 + let%span siter29 = "../../../creusot-contracts/src/std/iter.rs" 103 26 106 17 let%span svec30 = "../../../creusot-contracts/src/std/vec.rs" 162 27 162 46 let%span svec31 = "../../../creusot-contracts/src/std/vec.rs" 163 26 163 54 let%span scmp32 = "../../../creusot-contracts/src/std/cmp.rs" 33 26 33 76 @@ -42,44 +42,40 @@ module M_selection_sort_generic__selection_sort [#"selection_sort_generic.rs" 30 let%span sselection_sort_generic40 = "selection_sort_generic.rs" 19 8 19 35 let%span svec41 = "../../../creusot-contracts/src/std/vec.rs" 18 14 18 41 let%span smodel42 = "../../../creusot-contracts/src/model.rs" 88 8 88 22 - let%span siter43 = "../../../creusot-contracts/src/std/iter.rs" 86 20 86 24 - let%span siter44 = "../../../creusot-contracts/src/std/iter.rs" 92 8 92 19 - let%span srange45 = "../../../creusot-contracts/src/std/iter/range.rs" 33 15 33 24 - let%span srange46 = "../../../creusot-contracts/src/std/iter/range.rs" 34 14 34 45 - let%span srange47 = "../../../creusot-contracts/src/std/iter/range.rs" 39 15 39 21 - let%span srange48 = "../../../creusot-contracts/src/std/iter/range.rs" 40 15 40 21 - let%span srange49 = "../../../creusot-contracts/src/std/iter/range.rs" 41 15 41 21 - let%span srange50 = "../../../creusot-contracts/src/std/iter/range.rs" 42 15 42 32 - let%span srange51 = "../../../creusot-contracts/src/std/iter/range.rs" 43 15 43 32 - let%span srange52 = "../../../creusot-contracts/src/std/iter/range.rs" 44 14 44 42 - let%span snum53 = "../../../creusot-contracts/src/std/num.rs" 21 28 21 33 - let%span srange54 = "../../../creusot-contracts/src/std/iter/range.rs" 15 12 15 78 - let%span sresolve55 = "../../../creusot-contracts/src/resolve.rs" 54 20 54 34 - let%span sord56 = "../../../creusot-contracts/src/logic/ord.rs" 29 14 29 64 - let%span sord57 = "../../../creusot-contracts/src/logic/ord.rs" 40 14 40 61 - let%span sord58 = "../../../creusot-contracts/src/logic/ord.rs" 51 14 51 61 - let%span sord59 = "../../../creusot-contracts/src/logic/ord.rs" 62 14 62 64 - let%span sord60 = "../../../creusot-contracts/src/logic/ord.rs" 67 14 67 45 - let%span sord61 = "../../../creusot-contracts/src/logic/ord.rs" 72 15 72 32 - let%span sord62 = "../../../creusot-contracts/src/logic/ord.rs" 73 15 73 32 - let%span sord63 = "../../../creusot-contracts/src/logic/ord.rs" 74 14 74 31 - let%span sord64 = "../../../creusot-contracts/src/logic/ord.rs" 81 15 81 45 - let%span sord65 = "../../../creusot-contracts/src/logic/ord.rs" 82 14 82 47 - let%span sord66 = "../../../creusot-contracts/src/logic/ord.rs" 89 15 89 48 - let%span sord67 = "../../../creusot-contracts/src/logic/ord.rs" 90 14 90 44 - let%span sord68 = "../../../creusot-contracts/src/logic/ord.rs" 95 14 95 59 - let%span sslice69 = "../../../creusot-contracts/src/std/slice.rs" 122 20 122 37 - let%span sslice70 = "../../../creusot-contracts/src/std/slice.rs" 129 20 129 37 - let%span smodel71 = "../../../creusot-contracts/src/model.rs" 79 8 79 28 - let%span sslice72 = "../../../creusot-contracts/src/std/slice.rs" 28 14 28 41 - let%span sslice73 = "../../../creusot-contracts/src/std/slice.rs" 29 14 29 42 - let%span sindex74 = "../../../creusot-contracts/src/logic/ops/index.rs" 23 8 23 31 - let%span svec75 = "../../../creusot-contracts/src/std/vec.rs" 65 20 65 41 - let%span sslice76 = "../../../creusot-contracts/src/std/slice.rs" 18 20 18 30 - let%span sinvariant77 = "../../../creusot-contracts/src/invariant.rs" 34 20 34 44 - let%span sinvariant78 = "../../../creusot-contracts/src/invariant.rs" 24 8 24 18 - let%span sseq79 = "../../../creusot-contracts/src/logic/seq.rs" 611 20 611 95 - let%span sboxed80 = "../../../creusot-contracts/src/std/boxed.rs" 28 8 28 18 + let%span siter43 = "../../../creusot-contracts/src/std/iter.rs" 82 20 82 24 + let%span siter44 = "../../../creusot-contracts/src/std/iter.rs" 88 8 88 19 + let%span srange45 = "../../../creusot-contracts/src/std/iter/range.rs" 32 14 32 45 + let%span srange46 = "../../../creusot-contracts/src/std/iter/range.rs" 37 15 37 32 + let%span srange47 = "../../../creusot-contracts/src/std/iter/range.rs" 38 15 38 32 + let%span srange48 = "../../../creusot-contracts/src/std/iter/range.rs" 39 14 39 42 + let%span snum49 = "../../../creusot-contracts/src/std/num.rs" 21 28 21 33 + let%span srange50 = "../../../creusot-contracts/src/std/iter/range.rs" 14 12 14 78 + let%span sresolve51 = "../../../creusot-contracts/src/resolve.rs" 54 20 54 34 + let%span sord52 = "../../../creusot-contracts/src/logic/ord.rs" 29 14 29 64 + let%span sord53 = "../../../creusot-contracts/src/logic/ord.rs" 40 14 40 61 + let%span sord54 = "../../../creusot-contracts/src/logic/ord.rs" 51 14 51 61 + let%span sord55 = "../../../creusot-contracts/src/logic/ord.rs" 62 14 62 64 + let%span sord56 = "../../../creusot-contracts/src/logic/ord.rs" 67 14 67 45 + let%span sord57 = "../../../creusot-contracts/src/logic/ord.rs" 72 15 72 32 + let%span sord58 = "../../../creusot-contracts/src/logic/ord.rs" 73 15 73 32 + let%span sord59 = "../../../creusot-contracts/src/logic/ord.rs" 74 14 74 31 + let%span sord60 = "../../../creusot-contracts/src/logic/ord.rs" 81 15 81 45 + let%span sord61 = "../../../creusot-contracts/src/logic/ord.rs" 82 14 82 47 + let%span sord62 = "../../../creusot-contracts/src/logic/ord.rs" 89 15 89 48 + let%span sord63 = "../../../creusot-contracts/src/logic/ord.rs" 90 14 90 44 + let%span sord64 = "../../../creusot-contracts/src/logic/ord.rs" 95 14 95 59 + let%span sslice65 = "../../../creusot-contracts/src/std/slice.rs" 122 20 122 37 + let%span sslice66 = "../../../creusot-contracts/src/std/slice.rs" 129 20 129 37 + let%span smodel67 = "../../../creusot-contracts/src/model.rs" 79 8 79 28 + let%span sslice68 = "../../../creusot-contracts/src/std/slice.rs" 28 14 28 41 + let%span sslice69 = "../../../creusot-contracts/src/std/slice.rs" 29 14 29 42 + let%span sindex70 = "../../../creusot-contracts/src/logic/ops/index.rs" 23 8 23 31 + let%span svec71 = "../../../creusot-contracts/src/std/vec.rs" 65 20 65 41 + let%span sslice72 = "../../../creusot-contracts/src/std/slice.rs" 18 20 18 30 + let%span sinvariant73 = "../../../creusot-contracts/src/invariant.rs" 34 20 34 44 + let%span sinvariant74 = "../../../creusot-contracts/src/invariant.rs" 24 8 24 18 + let%span sseq75 = "../../../creusot-contracts/src/logic/seq.rs" 611 20 611 95 + let%span sboxed76 = "../../../creusot-contracts/src/std/boxed.rs" 28 8 28 18 use prelude.prelude.Snapshot @@ -125,28 +121,28 @@ module M_selection_sort_generic__selection_sort [#"selection_sort_generic.rs" 30 predicate inv'12 (_1 : t_T'0) predicate invariant'7 (self : t_T'0) = - [%#sboxed80] inv'12 self + [%#sboxed76] inv'12 self predicate inv'13 (_1 : t_T'0) axiom inv_axiom'12 [@rewrite] : forall x : t_T'0 [inv'13 x] . inv'13 x = invariant'7 x predicate invariant'6 (self : Seq.seq t_T'0) = - [%#sseq79] forall i : int . 0 <= i /\ i < Seq.length self -> inv'13 (Seq.get self i) + [%#sseq75] forall i : int . 0 <= i /\ i < Seq.length self -> inv'13 (Seq.get self i) predicate inv'11 (_1 : Seq.seq t_T'0) axiom inv_axiom'11 [@rewrite] : forall x : Seq.seq t_T'0 [inv'11 x] . inv'11 x = invariant'6 x predicate invariant'0 (self : t_Vec'0) = - [%#svec75] inv'11 (view'2 self) + [%#svec71] inv'11 (view'2 self) predicate inv'2 (_1 : t_Vec'0) axiom inv_axiom'2 [@rewrite] : forall x : t_Vec'0 [inv'2 x] . inv'2 x = invariant'0 x predicate invariant'4 (self : t_Vec'0) = - [%#sinvariant78] inv'2 self + [%#sinvariant74] inv'2 self predicate inv'6 (_1 : t_Vec'0) @@ -196,7 +192,7 @@ module M_selection_sort_generic__selection_sort [#"selection_sort_generic.rs" 30 use seq.Seq function index_logic'0 [@inline:trivial] (self : t_Vec'0) (ix : int) : t_T'0 = - [%#sindex74] Seq.get (view'2 self) ix + [%#sindex70] Seq.get (view'2 self) ix function deep_model'4 (self : t_T'0) : t_DeepModelTy'0 @@ -223,54 +219,54 @@ module M_selection_sort_generic__selection_sort [#"selection_sort_generic.rs" 30 function eq_cmp'0 (x : t_DeepModelTy'0) (y : t_DeepModelTy'0) : () - axiom eq_cmp'0_spec : forall x : t_DeepModelTy'0, y : t_DeepModelTy'0 . [%#sord68] (x = y) + axiom eq_cmp'0_spec : forall x : t_DeepModelTy'0, y : t_DeepModelTy'0 . [%#sord64] (x = y) = (cmp_log'0 x y = C_Equal'0) function antisym2'0 (x : t_DeepModelTy'0) (y : t_DeepModelTy'0) : () - axiom antisym2'0_spec : forall x : t_DeepModelTy'0, y : t_DeepModelTy'0 . ([%#sord66] cmp_log'0 x y = C_Greater'0) - -> ([%#sord67] cmp_log'0 y x = C_Less'0) + axiom antisym2'0_spec : forall x : t_DeepModelTy'0, y : t_DeepModelTy'0 . ([%#sord62] cmp_log'0 x y = C_Greater'0) + -> ([%#sord63] cmp_log'0 y x = C_Less'0) function antisym1'0 (x : t_DeepModelTy'0) (y : t_DeepModelTy'0) : () - axiom antisym1'0_spec : forall x : t_DeepModelTy'0, y : t_DeepModelTy'0 . ([%#sord64] cmp_log'0 x y = C_Less'0) - -> ([%#sord65] cmp_log'0 y x = C_Greater'0) + axiom antisym1'0_spec : forall x : t_DeepModelTy'0, y : t_DeepModelTy'0 . ([%#sord60] cmp_log'0 x y = C_Less'0) + -> ([%#sord61] cmp_log'0 y x = C_Greater'0) function trans'0 (x : t_DeepModelTy'0) (y : t_DeepModelTy'0) (z : t_DeepModelTy'0) (o : t_Ordering'0) : () - axiom trans'0_spec : forall x : t_DeepModelTy'0, y : t_DeepModelTy'0, z : t_DeepModelTy'0, o : t_Ordering'0 . ([%#sord61] cmp_log'0 x y - = o) -> ([%#sord62] cmp_log'0 y z = o) -> ([%#sord63] cmp_log'0 x z = o) + axiom trans'0_spec : forall x : t_DeepModelTy'0, y : t_DeepModelTy'0, z : t_DeepModelTy'0, o : t_Ordering'0 . ([%#sord57] cmp_log'0 x y + = o) -> ([%#sord58] cmp_log'0 y z = o) -> ([%#sord59] cmp_log'0 x z = o) function refl'0 (x : t_DeepModelTy'0) : () - axiom refl'0_spec : forall x : t_DeepModelTy'0 . [%#sord60] cmp_log'0 x x = C_Equal'0 + axiom refl'0_spec : forall x : t_DeepModelTy'0 . [%#sord56] cmp_log'0 x x = C_Equal'0 function gt_log'0 (self : t_DeepModelTy'0) (o : t_DeepModelTy'0) : bool function cmp_gt_log'0 (x : t_DeepModelTy'0) (y : t_DeepModelTy'0) : () - axiom cmp_gt_log'0_spec : forall x : t_DeepModelTy'0, y : t_DeepModelTy'0 . [%#sord59] gt_log'0 x y + axiom cmp_gt_log'0_spec : forall x : t_DeepModelTy'0, y : t_DeepModelTy'0 . [%#sord55] gt_log'0 x y = (cmp_log'0 x y = C_Greater'0) function ge_log'0 (self : t_DeepModelTy'0) (o : t_DeepModelTy'0) : bool function cmp_ge_log'0 (x : t_DeepModelTy'0) (y : t_DeepModelTy'0) : () - axiom cmp_ge_log'0_spec : forall x : t_DeepModelTy'0, y : t_DeepModelTy'0 . [%#sord58] ge_log'0 x y + axiom cmp_ge_log'0_spec : forall x : t_DeepModelTy'0, y : t_DeepModelTy'0 . [%#sord54] ge_log'0 x y = (cmp_log'0 x y <> C_Less'0) function lt_log'0 (self : t_DeepModelTy'0) (o : t_DeepModelTy'0) : bool function cmp_lt_log'0 (x : t_DeepModelTy'0) (y : t_DeepModelTy'0) : () - axiom cmp_lt_log'0_spec : forall x : t_DeepModelTy'0, y : t_DeepModelTy'0 . [%#sord57] lt_log'0 x y + axiom cmp_lt_log'0_spec : forall x : t_DeepModelTy'0, y : t_DeepModelTy'0 . [%#sord53] lt_log'0 x y = (cmp_log'0 x y = C_Less'0) function le_log'0 (self : t_DeepModelTy'0) (o : t_DeepModelTy'0) : bool function cmp_le_log'0 (x : t_DeepModelTy'0) (y : t_DeepModelTy'0) : () - axiom cmp_le_log'0_spec : forall x : t_DeepModelTy'0, y : t_DeepModelTy'0 . [%#sord56] le_log'0 x y + axiom cmp_le_log'0_spec : forall x : t_DeepModelTy'0, y : t_DeepModelTy'0 . [%#sord52] le_log'0 x y = (cmp_log'0 x y <> C_Greater'0) predicate partition'0 [#"selection_sort_generic.rs" 24 0 24 52] (v : Seq.seq t_DeepModelTy'0) (i : int) = @@ -306,7 +302,7 @@ module M_selection_sort_generic__selection_sort [#"selection_sort_generic.rs" 30 use seq.Seq function deep_model'2 (self : usize) : int = - [%#snum53] UIntSize.to_int self + [%#snum49] UIntSize.to_int self use seq.Seq @@ -321,16 +317,12 @@ module M_selection_sort_generic__selection_sort [#"selection_sort_generic.rs" 30 function produces_trans'0 (a : t_Range'0) (ab : Seq.seq usize) (b : t_Range'0) (bc : Seq.seq usize) (c : t_Range'0) : () - axiom produces_trans'0_spec : forall a : t_Range'0, ab : Seq.seq usize, b : t_Range'0, bc : Seq.seq usize, c : t_Range'0 . ([%#srange47] inv'0 a) - -> ([%#srange48] inv'0 b) - -> ([%#srange49] inv'0 c) - -> ([%#srange50] produces'0 a ab b) - -> ([%#srange51] produces'0 b bc c) -> ([%#srange52] produces'0 a (Seq.(++) ab bc) c) + axiom produces_trans'0_spec : forall a : t_Range'0, ab : Seq.seq usize, b : t_Range'0, bc : Seq.seq usize, c : t_Range'0 . ([%#srange46] produces'0 a ab b) + -> ([%#srange47] produces'0 b bc c) -> ([%#srange48] produces'0 a (Seq.(++) ab bc) c) function produces_refl'0 (self : t_Range'0) : () - axiom produces_refl'0_spec : forall self : t_Range'0 . ([%#srange45] inv'0 self) - -> ([%#srange46] produces'0 self (Seq.empty : Seq.seq usize) self) + axiom produces_refl'0_spec : forall self : t_Range'0 . [%#srange45] produces'0 self (Seq.empty : Seq.seq usize) self predicate inv'1 (_1 : Seq.seq usize) @@ -349,10 +341,10 @@ module M_selection_sort_generic__selection_sort [#"selection_sort_generic.rs" 30 axiom inv_axiom'8 [@rewrite] : forall x : t_Option'0 [inv'8 x] . inv'8 x = true predicate resolve'3 (self : borrowed (t_Range'0)) = - [%#sresolve55] self.final = self.current + [%#sresolve51] self.final = self.current predicate completed'0 (self : borrowed (t_Range'0)) = - [%#srange54] resolve'3 self + [%#srange50] resolve'3 self /\ deep_model'2 (self.current).t_Range__start'0 >= deep_model'2 (self.current).t_Range__end'0 use seq.Seq @@ -380,17 +372,17 @@ module M_selection_sort_generic__selection_sort [#"selection_sort_generic.rs" 30 axiom inv_axiom'9 [@rewrite] : forall x : usize [inv'9 x] . inv'9 x = true predicate in_bounds'0 [@inline:trivial] (self : usize) (seq : Seq.seq t_T'0) = - [%#sslice69] UIntSize.to_int self < Seq.length seq + [%#sslice65] UIntSize.to_int self < Seq.length seq predicate invariant'5 (self : t_T'0) = - [%#sinvariant78] inv'12 self + [%#sinvariant74] inv'12 self predicate inv'10 (_1 : t_T'0) axiom inv_axiom'10 [@rewrite] : forall x : t_T'0 [inv'10 x] . inv'10 x = invariant'5 x predicate has_value'0 [@inline:trivial] (self : usize) (seq : Seq.seq t_T'0) (out : t_T'0) = - [%#sslice70] Seq.get seq (UIntSize.to_int self) = out + [%#sslice66] Seq.get seq (UIntSize.to_int self) = out let rec index'0 (self:t_Vec'0) (index:usize) (return' (ret:t_T'0))= {[@expl:index 'self' type invariant] inv'6 self} {[@expl:index 'index' type invariant] inv'9 index} @@ -402,7 +394,7 @@ module M_selection_sort_generic__selection_sort [#"selection_sort_generic.rs" 30 function deep_model'3 (self : t_T'0) : t_DeepModelTy'0 = - [%#smodel71] deep_model'4 self + [%#smodel67] deep_model'4 self let rec lt'0 (self:t_T'0) (other:t_T'0) (return' (ret:bool))= {[@expl:lt 'self' type invariant] inv'10 self} {[@expl:lt 'other' type invariant] inv'10 other} @@ -412,7 +404,7 @@ module M_selection_sort_generic__selection_sort [#"selection_sort_generic.rs" 30 predicate invariant'3 (self : borrowed (t_Vec'0)) = - [%#sinvariant77] inv'2 self.current /\ inv'2 self.final + [%#sinvariant73] inv'2 self.current /\ inv'2 self.final predicate inv'5 (_1 : borrowed (t_Vec'0)) @@ -424,19 +416,19 @@ module M_selection_sort_generic__selection_sort [#"selection_sort_generic.rs" 30 function view'6 (self : slice t_T'0) : Seq.seq t_T'0 - axiom view'6_spec : forall self : slice t_T'0 . ([%#sslice72] Seq.length (view'6 self) + axiom view'6_spec : forall self : slice t_T'0 . ([%#sslice68] Seq.length (view'6 self) <= UIntSize.to_int (v_MAX'0 : usize)) - && ([%#sslice73] view'6 self = Slice.id self) + && ([%#sslice69] view'6 self = Slice.id self) predicate invariant'1 (self : slice t_T'0) = - [%#sslice76] inv'11 (view'6 self) + [%#sslice72] inv'11 (view'6 self) predicate inv'3 (_1 : slice t_T'0) axiom inv_axiom'3 [@rewrite] : forall x : slice t_T'0 [inv'3 x] . inv'3 x = invariant'1 x predicate invariant'2 (self : borrowed (slice t_T'0)) = - [%#sinvariant77] inv'3 self.current /\ inv'3 self.final + [%#sinvariant73] inv'3 self.current /\ inv'3 self.final predicate inv'4 (_1 : borrowed (slice t_T'0)) @@ -464,13 +456,13 @@ module M_selection_sort_generic__selection_sort [#"selection_sort_generic.rs" 30 predicate resolve'4 (self : borrowed (slice t_T'0)) = - [%#sresolve55] self.final = self.current + [%#sresolve51] self.final = self.current predicate resolve'1 (_1 : borrowed (slice t_T'0)) = resolve'4 _1 predicate resolve'5 (self : borrowed (t_Vec'0)) = - [%#sresolve55] self.final = self.current + [%#sresolve51] self.final = self.current predicate resolve'2 (_1 : borrowed (t_Vec'0)) = resolve'5 _1 diff --git a/creusot/tests/should_succeed/selection_sort_generic/why3session.xml b/creusot/tests/should_succeed/selection_sort_generic/why3session.xml index 1cbf0d28c..c684618ea 100644 --- a/creusot/tests/should_succeed/selection_sort_generic/why3session.xml +++ b/creusot/tests/should_succeed/selection_sort_generic/why3session.xml @@ -15,7 +15,7 @@ - + @@ -24,118 +24,118 @@ - + - + - + - + - + - + - + - + - + - + - + - + - + - + - + - + - + - + - + - + - + - + - + - + - + - + - + - + - + - + - + - + @@ -144,49 +144,49 @@ - + - + - + - + - + - + - + - + - + - + - + - + - + - + diff --git a/creusot/tests/should_succeed/selection_sort_generic/why3shapes.gz b/creusot/tests/should_succeed/selection_sort_generic/why3shapes.gz index 52bbf074ff83eaf244956552201d4488bd4f9b6b..5e5fb179c785fa0864ee622061ba42035b92f5c7 100644 GIT binary patch literal 3735 zcmV;I4ruWoiwFP!00000|Ls~!Z(F&N-uqVwn1yFn-vnNmhpab?AB&{^^>34#-{N(>ncUXJ&1`=4?-QB) z?cdJgFE8U|y?VR+E#A)RALlrjxSUUCSIc-i{jXR5cWy4u;_T`+E@ts+d9DNe-apTQ z2DsR^c1dKwH3=n1NO#IMBtWu}i=MuLxw|i%sKfx#}~6z1TF);>-B9E@P?n zdis7|>g72MGU#px$Jte>e@-vwZ)f@3^x-%0mq8EwmRIqYm)Q(@@hTq1L^j|1dM>*9 z{QkO&J~x9Ke0)9qkKaGU%X9O4eAzn=NB{;f@%8lY_2%Z>yxAY?!}0a>KNmGF>tc-j z-Z%|_yWH-NkI?{L%)Xm*YJz0b^YZ}fi`AL_-~ zuX}t51LD@|k*V$tt(f+CXh7cMxm@lI9aUrpltTkA>)z;E*Y#pvKID4S`!&9JF`ygB z3AHm}WD)SC~N z%ROspN5l#_;&S@m@#<|oH|Ou)WwT~Fn_YDw%epwFWlJ!=wHS*yNZ`_c6C)3@v8n2Z`VDyXYW5O_iemAhaJK(_0HOSu}gH9oja6k zZHK&fR$SM``wz>woXxMM^LB1l;WhDg)qs^@XP5K&^_{ZGznHUlGhZxgnJ!j7?&7G4 zx7lo_>(J^$N!^CHSkAfy_ryF^2tF82*pJ{kP-QcNea@Z~z76As<5cKiKXwmC3Jybc zXWr?!z$umyXJVQ!7V|%9Ie-6dv~>)`+q#_2%F!{1vjS&V_0Q$$RdRdo*5Saj*D=rE zUtiW`E$8Obw8hucU*}gn9J_(<6gRW0x0iJ}zZw`vQLm@}Gk;&t&9K$q8}rNCdZ4@$ zZ@q~xH{@GYTNr|~L;p4cam<$0gzZNiwu|$oUe-L$dZ(MztD6stdNZzx<0*j~)@_EI zlyPA9%JKN8>D}AUHmjFqYVN`@yPBr?hpTcEUu-aQL$mtK&=IV@t&7S0wl3P`{EvJ1 zN)Ip}!ZzIF=2P$t$MAWpa?SiO3?HMugI@ax^d55Gu|2Tl?Fq!RV|jfLrgvxYm-sHe zh%Zjy)d52u!?&qa4y)a9c^_yvM)GbfZoYt|foT-gOK7H#apTqfU<^zbJsbyWKTqhv z=W#fPT|9>;&F+?U!}GLQzF*c|2=Av@!ZE&xUsVcZ_(A)4OW! z1LjJ|exV5)xYM)vTfCXx#>)@&K{0pqD;w7ne`i6@sS{|u)#moK9c9^)UY;r+`oMho zTU{J0@;4{F-Q~0aYdzNK;zhi?srSp`7ccHDjBV!JP0<=9dQLof3wV;`waAlO!PA6% z>Q-?AlsP0dD|}S zUw_>J^6vE-!Y_6^&&IN2I^LZga%^T4cR6UY-%atejy|is>{HJ^UHJp&o~`hnJ5xM; zc$iM}qJFrUFQ?awd0th`^|HQSDcFX1N_=-7ILUK&K-giFM~?zK2bYHm_ijTMw?n?I z?;bAj@OXju)hoPHf!j~#Q&gW+1Ad;$dsU*_IXypE<-zLceX7h`&j7By{+WO4NxBnP`b6n>5jcdSdn=I+=5JPZl4Aoi@KId-%`m=$v66>4gYn8| z2Jsz^U3lc>@c5Z?yn7yH-#)VQJjUG(`2;3hSCcn4bP<;ZE+-;f19$g<7 z(f6%^dEow@JFp#?*AKgFFaCafJH+F6MEFtn{J6bJI&stg=nOpl9pEuhr(Oy0foFn8 z&HEgQgRG&mr^T#{*|95cVE^i=9v_i);O{8y3Da=Qs=G-T7+)PtfPSyE(KE1nwf-@} zrUg4j+YNnUgjIR8bR|*pL%Tl_ux|x`6tn6q;Hs7Di{S5l)2+QgIZ~ zazaV~g6T9v!<0n?U|AQl1}?wLGyJ6{ASKtLYe}SJjSi9$87j5_G|@6) z3XFfX6_wHD;$3!XwTUzAvUf$vI&WC=gl%B{3WgM|mK--9vD#W=^~NiCHCC;fCKJ}c z@^x&fr7(K17&D-^*7{N;MRW~Jtd%ELg0;bNuoNr?3&EPeKCt^M%*oJ_vl0c90Fu}2 zyk`*`wKnVRL@)>hF~Ry^U9kGqOe-RS3A`c73TV8mlsu?3$JA_|hz-I)=vx_xnH*LW z6zgJYrWP_FsX^`)kC=&Q5c#$?lK2FTiZO+am&h7jb%p3Nx)XXfh#~}T@$Das^8X9h*7gi zj8vdRDV1$xEU4C*>RRiTs(vTNwwfzI%ceyISG001)#b`!OiMYB#`^EaUY7pXfE%@3 zn&GMzS-^vf5!+arI1CPg`@Rgf37WJl);A?~E-@mv1_`hfEZD0V$HCEeWi^B5+7z9( zsH`rw0s) zd`hvGTL3*L{qu89EGcJGz*n}VrRbZMB0w#YHm)n@;Q2ae3L0grWUX=HDCbyeQY$|7 zlO3%b#OLj#WdSiNy}~mwx8!1?RJ}=2khAL*Hgq{ay~cj_{;H~`C{!#f*VLjZg6dPU zeyq@YVGdnd7x&zqtzgB15t5|EBA_V+yfflz%B9sU{&bIau@yFosDW#skBHj6UQpJg6V?aF+sPxx)Q|kmQ1+d+J_-Bnl1M=!^ZqN(xmaEAg z8Wt-O!6L8cUjx`K(gv{nPaThH9T{LU(ny+9@kua(5VlwjPN#BgLg+%j&8x z>^ViQg;k=D-cmvp@DmUWAn+r`rie;T+#)l$!qqoNoN^N?rayB}KsbQVj~XA}3gv7$ zvGWE~PE8bwx@i09iTz|u9SI=zM+*&Pquhjnn->Pp6g4ubYp(hRFoAy2s2D&YfSLf} z1BeSC`lH4SdAt|{XAG)G0W~#7Ovn(8O}78ktb45dBS(p{Nv1VTImVon2WcPOtKLxYid&C_$x;3k#h1gSgQ*^VbMyZaz&0%OVm^&s9KwB zjH^3om7f9IuEWNbutrNr8dJ&6NNeK7rApbg@rFY6XVCV4W>g|_uHp()sbZbW+FWUf zjuq;7&7tmR;O^BErBJi3q9?A|)?BeVC62}wM3eikPeJ|9;2jIz{{wpV@{{aT0005k BT6F*b literal 3759 zcmV;g4p8wQiwFP!00000|Ls~!Z(F-|p6gc#=)mpGgzLdYvN#z8L0ty8J%hH`=uF@< zM~G}WlI)!O?+b28TMtXN$|X+hU?XZ>EL7gdjZtJ z<%WY$yfID6jNXM7k#%Q(fQ=PutHb&ufcwbf_mvS?? zn&&dRfKEEI-@##eoy(t-+5G)9U8pwvF8tP+BfsTM`0aI4owpfeLRYe=p1Bg?e{5)`r8|$$u_NSd~Q|`Gaxl z0Qbj_*s%i|L?82V2hxE#V$mmixgRjcB5VhC=il+D>rm|*_p!~)>R|ML7q{hd^!ouH zLWek5-7}Sgp*7PX4|T`~JhRoo&`CwQLpe5ZRt`otx^5Qpe4EO$^_%eORfo1C)e*cq z7;>jNO(RD4Zj+#Gc-`9dp*hq+7|PYn>K`59z=oIGY=@3EYoxWdy{4nh!f35+ukC2F zG+Jxh>pGIlp|!uvbVp{RMRjB@cg=k&>d3CCbVv4bXthb{*N1fE!Zdf}-WtpPLu;P~JKlf}cf0|e)*7uX33uy;gmk-Dl%{AjE7#+TWtr8B@#-HpWjqLL zHgC*Xl;!Pgbzm*+iCE7>SWW&rT)!_D>f-7{QX8hx^tuUImBl$N1Ht5GQJx@XQ9j;I z7iGCsyC#4GLG$J6oTMH7>rkiHVHT#>*JTl|%cpR+>A4$S-L4L8yt{xs!afN{b-vgq z+U4mUegELPKI!96ig6@m|j6AmM|2~^(BV4Jfig>TEaxH zk%Hq;?aVtL7dXe#<4lP2#bW-c2 zZ$p}2-OS3WyEJ(^>*?<^Q&^9xb3ya}(j@*|MIn!>GfsIG1HsQa|gBZd|UHw~Mmu*Tm_Rz%A>L zA!lVA*}Zl={Ha>^@V8FOEKk%f9MkJboZnvOWq7s4%q`9OZ-Rzk<$YO<=XYgMXY)_@ z@Rc55K89_$$Ia*98BXEzpmM|fFbtof-a)T^1bUCTcWe(Vd3^>kbzg=bh3Ug6{1!fh zSK-weygFh?efYK&&2d%SFYhA_r$|2ZMbKA})G_sLavW4SF?UxBX z`g>-}o9H19&p~%TN@1Gua66Dk zwu7fiJ-Z{o{+7UNX~%nlJg_I=p5a??m3?r9Q|JnVMlkew%q4miF(z z?*V!9dIRB?`<# zz{Ar8-Z!uC&IRr;ozGD{s|NfsmG`PdyLWniu*!q=(feGPx0wN4mtkk~_>k=N;2xev zjy>Qw=h1pS;4_!%nwuV5Zt_LuO&>O%@Z_@SIUC`8mSI2ldnT5>iEIB)l>47GWle^C zc)I%Mp?k}{2Qu8=z3dCvDM%c9gtyZ?Nk;NG6$X}H+d!zq7r#qyY*;YNIO zH*>(gZ}JYm2A%8fb+xxP=ajas#QyNHiSbs%@>94u=isp3rw2HCI&_aJ*`6Z$>!|}M z`KrQU6w06JkCvo+aiwQU-$mdUj`%nO>1h6@c`rG(Faw{()!r7v2k0w#2vg{&5&m>;ij5gF3X}_Hh!5At)O}alkB$4Q;)Nci)i~+ z$J}vy_w87B%$o;b)|Y=jy&dA|J0kq7dwv|QlFr=pKRN?Xe+PI>)VWszeBhbjQS-h; zVkaBuY-usgeRk~2>)5?{s>df}9r@c!d%`rFvT8R89pjsm3DEA9wt70YZ#Iv++ZOB@ zaqpdJTdFseZ=SlqPT1L*hu8Q?7919rc@&pU2JiVtcu=2^&8`_3n7jXf)?{j81GLSZ@_g%6fC?v>sXwA$ETr-{Ou%?z8LXu%9gl zj!EBb9?->IzB#Nj`oY8Mq&d6&zD0&XJ#?QecUpdkbYk9Z-r>b=RGs!^M?M-ARbwVw zv`yqNMN3*7XbTjb7D;13^k9`o@u)qrNAids!K3ovJXjCLgLu#$*aLY$58y$0=dCwh zy!PzLqX(}>)p8b>s-dW>kWv~=N)X6mQYDr#I*-<)`C1AY*k-ax*=)446+uT^7#$VJ zPU@J@6L?ZzQKy#Xl+Kl`MIl=?iw1Ey*=Su&V`5MA)zt>pu|mdRa;0dpOA%8n#gNoc zvKo{1WITx{{dF}1WJzR%j1i8ILypnatb-6c>-3nFC-)aA=i)#D*TRUXjY^5c*piF0 zoU~TGa{bro54MC1IV9rhw2DgA99>0iQWB!r^fUaWCa?-pY*aN?l_I#PA=DIE<&-0xid?m5(Wr7LV=Z25ui0zz8odUum1pPK{uSmZuAs73F$PkI zY_l%WF;-)_=E`G1FW^Oa?Yy>Ln{Q^Cvn~aRE*U2+G!7&Na3yFPq&hto?S;M2_cAb| zRL#mpN*1GysiYFLv69<53wA8Vi+o=j!D=Pd5*C7_Y7IH*?3^l;4Li_d1Kubv&WrsH z)>VN3T5-17slX=MTqsso$zVWiyT2iC@Ov4km~>2mh^os@p#c+IL`TY%SRu4(!Dw&z zJK7j@MsXq3+GaK?9aT|PwY5_tSZLLSk?(G1&f;7uDIpSR1XrPyn5@b{IWB2a6Bz4_ z`M#FMTEuWjQZZDJOx6lBQjVaQVsEK2KZvnPln$hWwA#WExKcnlP+AE%7qBRI%(2cR~DNLJK|QFSo9XW{jm&>$fhQfGT4Nv7F!IW4vI3FDlW8Y#s&AV0fnJOf4xHKmw+cSS8Up zDaeGB#!lMS;Iwz_9eIb|!4K#MIh~4$#X;bhU9Q#vB*>MEGa6~^tas)`xDp{jWQb8f zmC$g}u{IKFPKA`VV^GRF_fp)EK&oic!3FKOsu+-y3$9i&*_OJ=Fi_}0!H@4x5UZkg zCX>m)5+Q32noNkw*%DRDG*I-Se6q}JBnG8ziZSMB6I*8@q#8sU?o$pFzc|NYwMw$l zsF6^#san|xHPvilz#PV)Oz#OO@u2j}@yukKpj|eYDhxK)!bK+miw=?|9D}kOk6xg6 z0jkcVY-EZKY(=ATkgQ_lSQXb+ZUMBMbT7|2;aqZ7h=oh8R3lkXkfoF?#yYch4qmQ< z0Lmz=7KF(%hs^D>VkF0FQDtK*u&dxy3<;Q1Ra%0!nvJ%t!iFXXsMXjn z-(Rc=GO@;X&8@}MRAOPRK)a-nTVW1OS`+uuon=c35+xUc*c3^nn79CuRxTvt2K;G4 zUz&5p=#XqGxl~FqL@)&{5-HVo5(o$Q^Aa6ot&K7@gA|RHf zr8|pJgLcLdkPZrrw0j$<&PuYbs)0vWS5PAd=WJh1h^#siComTAl$+6rUzz~G@l3ONsCJ&^H0 z;(@dWYKBmo4IepuD@o^A17!;|hIY|t(1QUFMtKnDL97QcKWogSJ&PF~(Imm3AW*e7nFK0T!vWi; zX3b;6KXa5EMV2fE+EZ;}Rb32@U9Cw)Ds_GRWc05{jUwfOSVW0rSE)+2$p%$R4MpqN zN6N~tVD-UDDkue%N^<0ga!??tiX^I*h}Al+}WIIcvT ZF*u<1^(h$lD|n}Z_y73XHE0x7001muVnYA` diff --git a/creusot/tests/should_succeed/sum.coma b/creusot/tests/should_succeed/sum.coma index 9d6848cfe..15558c7c8 100644 --- a/creusot/tests/should_succeed/sum.coma +++ b/creusot/tests/should_succeed/sum.coma @@ -11,22 +11,22 @@ module M_sum__sum_first_n [#"sum.rs" 6 0 6 33] let%span sops9 = "../../../creusot-contracts/src/std/ops.rs" 219 26 219 53 let%span sops10 = "../../../creusot-contracts/src/std/ops.rs" 220 26 220 49 let%span sops11 = "../../../creusot-contracts/src/std/ops.rs" 221 26 221 91 - let%span siter12 = "../../../creusot-contracts/src/std/iter.rs" 101 0 213 1 - let%span srange13 = "../../../creusot-contracts/src/std/iter/range.rs" 71 12 75 76 - let%span siter14 = "../../../creusot-contracts/src/std/iter.rs" 107 26 110 17 + let%span siter12 = "../../../creusot-contracts/src/std/iter.rs" 97 0 205 1 + let%span srange13 = "../../../creusot-contracts/src/std/iter/range.rs" 66 12 70 76 + let%span siter14 = "../../../creusot-contracts/src/std/iter.rs" 103 26 106 17 let%span snum15 = "../../../creusot-contracts/src/std/num.rs" 21 28 21 33 let%span sops16 = "../../../creusot-contracts/src/std/ops.rs" 205 14 205 86 - let%span siter17 = "../../../creusot-contracts/src/std/iter.rs" 86 20 86 24 - let%span siter18 = "../../../creusot-contracts/src/std/iter.rs" 92 8 92 19 - let%span srange19 = "../../../creusot-contracts/src/std/iter/range.rs" 81 14 81 45 - let%span srange20 = "../../../creusot-contracts/src/std/iter/range.rs" 79 4 79 10 - let%span srange21 = "../../../creusot-contracts/src/std/iter/range.rs" 86 15 86 32 - let%span srange22 = "../../../creusot-contracts/src/std/iter/range.rs" 87 15 87 32 - let%span srange23 = "../../../creusot-contracts/src/std/iter/range.rs" 88 14 88 42 - let%span srange24 = "../../../creusot-contracts/src/std/iter/range.rs" 84 4 84 10 - let%span srange25 = "../../../creusot-contracts/src/std/iter/range.rs" 50 10 50 43 - let%span srange26 = "../../../creusot-contracts/src/std/iter/range.rs" 52 4 55 5 - let%span srange27 = "../../../creusot-contracts/src/std/iter/range.rs" 63 12 63 57 + let%span siter17 = "../../../creusot-contracts/src/std/iter.rs" 82 20 82 24 + let%span siter18 = "../../../creusot-contracts/src/std/iter.rs" 88 8 88 19 + let%span srange19 = "../../../creusot-contracts/src/std/iter/range.rs" 76 14 76 45 + let%span srange20 = "../../../creusot-contracts/src/std/iter/range.rs" 74 4 74 10 + let%span srange21 = "../../../creusot-contracts/src/std/iter/range.rs" 81 15 81 32 + let%span srange22 = "../../../creusot-contracts/src/std/iter/range.rs" 82 15 82 32 + let%span srange23 = "../../../creusot-contracts/src/std/iter/range.rs" 83 14 83 42 + let%span srange24 = "../../../creusot-contracts/src/std/iter/range.rs" 79 4 79 10 + let%span srange25 = "../../../creusot-contracts/src/std/iter/range.rs" 45 10 45 43 + let%span srange26 = "../../../creusot-contracts/src/std/iter/range.rs" 47 4 50 5 + let%span srange27 = "../../../creusot-contracts/src/std/iter/range.rs" 58 12 58 57 let%span sresolve28 = "../../../creusot-contracts/src/resolve.rs" 54 20 54 34 use prelude.prelude.UInt32 diff --git a/creusot/tests/should_succeed/sum_of_odds.coma b/creusot/tests/should_succeed/sum_of_odds.coma index 9f3d60e9f..16c800ba5 100644 --- a/creusot/tests/should_succeed/sum_of_odds.coma +++ b/creusot/tests/should_succeed/sum_of_odds.coma @@ -59,29 +59,25 @@ module M_sum_of_odds__compute_sum_of_odd [#"sum_of_odds.rs" 36 0 36 36] let%span ssum_of_odds9 = "sum_of_odds.rs" 44 21 44 22 let%span ssum_of_odds10 = "sum_of_odds.rs" 34 11 34 23 let%span ssum_of_odds11 = "sum_of_odds.rs" 35 10 35 35 - let%span siter12 = "../../../creusot-contracts/src/std/iter.rs" 101 0 213 1 + let%span siter12 = "../../../creusot-contracts/src/std/iter.rs" 97 0 205 1 let%span ssum_of_odds13 = "sum_of_odds.rs" 17 10 17 11 let%span ssum_of_odds14 = "sum_of_odds.rs" 16 0 16 8 - let%span srange15 = "../../../creusot-contracts/src/std/iter/range.rs" 23 12 27 70 - let%span siter16 = "../../../creusot-contracts/src/std/iter.rs" 107 26 110 17 + let%span srange15 = "../../../creusot-contracts/src/std/iter/range.rs" 22 12 26 70 + let%span siter16 = "../../../creusot-contracts/src/std/iter.rs" 103 26 106 17 let%span ssum_of_odds17 = "sum_of_odds.rs" 27 11 27 17 let%span ssum_of_odds18 = "sum_of_odds.rs" 28 10 28 33 let%span ssum_of_odds19 = "sum_of_odds.rs" 29 10 29 11 let%span ssum_of_odds20 = "sum_of_odds.rs" 31 4 31 65 - let%span siter21 = "../../../creusot-contracts/src/std/iter.rs" 86 20 86 24 - let%span siter22 = "../../../creusot-contracts/src/std/iter.rs" 92 8 92 19 - let%span srange23 = "../../../creusot-contracts/src/std/iter/range.rs" 33 15 33 24 - let%span srange24 = "../../../creusot-contracts/src/std/iter/range.rs" 34 14 34 45 - let%span srange25 = "../../../creusot-contracts/src/std/iter/range.rs" 39 15 39 21 - let%span srange26 = "../../../creusot-contracts/src/std/iter/range.rs" 40 15 40 21 - let%span srange27 = "../../../creusot-contracts/src/std/iter/range.rs" 41 15 41 21 - let%span srange28 = "../../../creusot-contracts/src/std/iter/range.rs" 42 15 42 32 - let%span srange29 = "../../../creusot-contracts/src/std/iter/range.rs" 43 15 43 32 - let%span srange30 = "../../../creusot-contracts/src/std/iter/range.rs" 44 14 44 42 - let%span snum31 = "../../../creusot-contracts/src/std/num.rs" 21 28 21 33 - let%span srange32 = "../../../creusot-contracts/src/std/iter/range.rs" 15 12 15 78 - let%span sresolve33 = "../../../creusot-contracts/src/resolve.rs" 54 20 54 34 - let%span ssum_of_odds34 = "sum_of_odds.rs" 8 4 8 9 + let%span siter21 = "../../../creusot-contracts/src/std/iter.rs" 82 20 82 24 + let%span siter22 = "../../../creusot-contracts/src/std/iter.rs" 88 8 88 19 + let%span srange23 = "../../../creusot-contracts/src/std/iter/range.rs" 32 14 32 45 + let%span srange24 = "../../../creusot-contracts/src/std/iter/range.rs" 37 15 37 32 + let%span srange25 = "../../../creusot-contracts/src/std/iter/range.rs" 38 15 38 32 + let%span srange26 = "../../../creusot-contracts/src/std/iter/range.rs" 39 14 39 42 + let%span snum27 = "../../../creusot-contracts/src/std/num.rs" 21 28 21 33 + let%span srange28 = "../../../creusot-contracts/src/std/iter/range.rs" 14 12 14 78 + let%span sresolve29 = "../../../creusot-contracts/src/resolve.rs" 54 20 54 34 + let%span ssum_of_odds30 = "sum_of_odds.rs" 8 4 8 9 use prelude.prelude.UInt32 @@ -130,7 +126,7 @@ module M_sum_of_odds__compute_sum_of_odd [#"sum_of_odds.rs" 36 0 36 36] use seq.Seq function deep_model'0 (self : uint32) : int = - [%#snum31] UInt32.to_int self + [%#snum27] UInt32.to_int self use seq.Seq @@ -145,16 +141,12 @@ module M_sum_of_odds__compute_sum_of_odd [#"sum_of_odds.rs" 36 0 36 36] function produces_trans'0 (a : t_Range'0) (ab : Seq.seq uint32) (b : t_Range'0) (bc : Seq.seq uint32) (c : t_Range'0) : () - axiom produces_trans'0_spec : forall a : t_Range'0, ab : Seq.seq uint32, b : t_Range'0, bc : Seq.seq uint32, c : t_Range'0 . ([%#srange25] inv'0 a) - -> ([%#srange26] inv'0 b) - -> ([%#srange27] inv'0 c) - -> ([%#srange28] produces'0 a ab b) - -> ([%#srange29] produces'0 b bc c) -> ([%#srange30] produces'0 a (Seq.(++) ab bc) c) + axiom produces_trans'0_spec : forall a : t_Range'0, ab : Seq.seq uint32, b : t_Range'0, bc : Seq.seq uint32, c : t_Range'0 . ([%#srange24] produces'0 a ab b) + -> ([%#srange25] produces'0 b bc c) -> ([%#srange26] produces'0 a (Seq.(++) ab bc) c) function produces_refl'0 (self : t_Range'0) : () - axiom produces_refl'0_spec : forall self : t_Range'0 . ([%#srange23] inv'0 self) - -> ([%#srange24] produces'0 self (Seq.empty : Seq.seq uint32) self) + axiom produces_refl'0_spec : forall self : t_Range'0 . [%#srange23] produces'0 self (Seq.empty : Seq.seq uint32) self predicate inv'1 (_1 : Seq.seq uint32) @@ -175,10 +167,10 @@ module M_sum_of_odds__compute_sum_of_odd [#"sum_of_odds.rs" 36 0 36 36] axiom inv_axiom'3 [@rewrite] : forall x : t_Option'0 [inv'3 x] . inv'3 x = true predicate resolve'1 (self : borrowed (t_Range'0)) = - [%#sresolve33] self.final = self.current + [%#sresolve29] self.final = self.current predicate completed'0 (self : borrowed (t_Range'0)) = - [%#srange32] resolve'1 self + [%#srange28] resolve'1 self /\ deep_model'0 (self.current).t_Range__start'0 >= deep_model'0 (self.current).t_Range__end'0 use seq.Seq @@ -202,7 +194,7 @@ module M_sum_of_odds__compute_sum_of_odd [#"sum_of_odds.rs" 36 0 36 36] function sqr'0 [#"sum_of_odds.rs" 7 0 7 21] (x : int) : int = - [%#ssum_of_odds34] x * x + [%#ssum_of_odds30] x * x function sum_of_odd_is_sqr'0 [#"sum_of_odds.rs" 30 0 30 28] (x : int) : () diff --git a/creusot/tests/should_succeed/sum_of_odds/why3session.xml b/creusot/tests/should_succeed/sum_of_odds/why3session.xml index 5daf89380..f6c00f981 100644 --- a/creusot/tests/should_succeed/sum_of_odds/why3session.xml +++ b/creusot/tests/should_succeed/sum_of_odds/why3session.xml @@ -21,52 +21,52 @@ - + - + - + - + - + - + - + - + - + - + - + - + - + - + diff --git a/creusot/tests/should_succeed/sum_of_odds/why3shapes.gz b/creusot/tests/should_succeed/sum_of_odds/why3shapes.gz index a83f669b82dc87e9b86e6971b6a3b957f22e4bb6..fe88e52085dfeff696457f952e4a992be425c9b8 100644 GIT binary patch delta 1443 zcmV;U1zh^r3(*UZK!2;Rwr2h3Q?>n*9`d$&%A0N7HosM>`t;vfP1p39o+HrnEnVM4 zM$bFCzM<#HX8HbM_xGwdo6!wzAMaOfS+yz6nP)Y9rmG_vefBH@eTvxqMn=~+o<+8p z)hEXEOxy39{`a+u<>}49ak%Zzx97xf>C4R^i;TW>AuKyd7k|p`JJroo$9pjz&O(BV zA;CT*7(;?CBzoAi=`rT*oOz_HE6=_3YB?2)GYNX`#j&lXKFMA$MvCCgVmyp8^mZ{G zMj7|8kEJ^u2eYcTt3Fj8pr$__AJ&;&y6(d3;``G5^vUWEi}TbV?eTEX!d~l|cI~Qe zcJv&Tlw8e*+<($;^*?Iv@|?}@|LO`etD8=7mp9dXo7ZJt?f!nqRoy(%rlw}s+3gip z51afp!X|%ztT%Z(I@{#!@6Of;Y7Ky}mP4K?}4P=Z-$H&aG0MVe?12&bk8 z;G2CuB0KJ)b#Cr|yn4B< zaAb^Bw& za=^hij3*whPObJfa0bZV(!Bt%%U;fWSME=_U1`rZqAh#32Na zuz%cd9XO=*On8xZb=W?gIbP_w?Dz*a+2j0>j1z;?VEn zyx)7B<$F7c2kt=}=np;i`Xcn|lK0+@H>`N$hIeVf8~3|my&JZ>9^sJ&8bh_F^C~WO zFJIgq)gC+!H`ZAg0NXD zsUS%OLF)<}cQ^}C6yiilGLw^J926NDq?DzIV0i^jf&+8_4w$pfIPH{^PRtAe6@e<3 z6eKB$h>DUy$w`EeSOwC7aKJB{N75qlq*UNa$*fD_1yET_BpEYMfp(zYLP*3|&VN!c zROVBW_GOiBQ- z2r^*8qHWNU6boPk2PS$l_#vp0OV%M}X(U2Gkw8S7Lm{$72yH494*5sXl1iZv3eI?x zN|`JYm1I+~95oBN;>@9SXdG&X%73AJFH$Thwaih*Tv9Szfk=qRP03a=QE}zCbX+*j z9Y@FEAApOJ3lu656c{a3(25}jmbf&KMXUsK+&XR?*FS@wieV6?4#lLzW5~h?%Z;^| zQj(E6e1T5D&%3aSShk916@|c5M3I`Ph=5sT%}eh>IKlswmx74`(~%i241Xj<6C^KI z6^JZJ9=d)L$_e>z9T6{vamv7?O`1r6E-G4^wIr!E>mBJ|(K@G4d#MK&!z>;+ZT8(G8lgztSU%oT;Quu>x&DCYaQjb76%7 xC`ES9E&JJMiox#9ieMsI6C8}{d|{TwFsZxu*h%3ecM=`W{tw28+bGr&007xK&o=-7 delta 1423 zcmV;A1#tS&3)l;gK!5vcZPtH2Rog%5A#bavyxG=m^IN5=Pye0ObWNY>IRZW3()CSb z^t_|%8+wjxmhT^Sf3JG88QswK@qX2oRh!bBc~;YBx;m24XU`(gr-T4!8aJ_T2GX`f@YKBBL)|2+K~=g@3a9PIdFt`MnqqXCcAG zkYFDYj3Gf65)>#(*xA>$K%5~vrE@q3c4J8>3;fz_J_rJ`jGZ` zIA~$7bxpf=Rev`-dX7p;u4Y3tv|Ig;n!7w_^ZUQL;?3%&Q{3fEHQ(lSnOD2NA97VU zPqeA2*>!e%h1J6*zm2fT-yiEu-i~COynS3BL$ur71&oR2(;TR7n!KSV{}^g9EA3|L z(Mz=^nghbA=>hm=pO46nJ8hktyWO8>jO(_2I8MTgUq*ZSG)CD4_7SH>yS>5a5pCb_ z=$H#Bw3|))Bd7WOUp)+!x}m$gTh-~}9Z;QSO@7|JUfriT-}?!(uN2$+hjrfN&Xb=Z zllcK3f9ShIyMD?i+@10m3*C&`2d39kIgY@ri|TQgS1-3!Znlqot4;w2hv>P-Jp3(n zUZ)j%akFk#p?z%9mOhPbg(KNsxtof7mp4`Wls9GF{+M_<;NTm^6Nal(tGx}J0rIzW zF92>&%+CPDTe_!{dUbW$=7)k$!+PrT*}zAqfA|Bid%QE}-=6c2`1|eKqzycXu>%%U z;fWSJNJ5K~Dw-#qGs(buPVc>%rXazh&d;QsGX`mPc-no!~(pq-t?{ zp|6fKrXcD?1?8bNFJnv;rV#RcW;}``h)W8~qXLPpKufyu2ootTCUpXN=^^pJ4`##D zf3v*&VtMRR?ZGZzeNa6pkL<#0+FkUvmtIm2YFZ=HK^#Kx2+RG}fkRqPz8LRwE*8tz zlQ3;o4|@4_OM1{A4%^mvg2Uw`-5>iVe`ExP)eXd<-^F>q_d3h>b`lTV!(m5+p~qfd zgkD|p-rMnp6>r?|E-iTDemAUl!*~FQ#!#*4yo!t6%NMtYwb1inEnJ>S7PFZt zR$D1l;E}ZA6a%G@l1U;FFFaS^*i4Cp6a!!|q!Wc8Y}QIDNK!%2x&p@?&R9vrazZN^ z4;YIH5I}dD2+BxSfs^0>9e@MotTRqK<)jm{7*!Fbgd|JE$OQ!^3K^wzF2Yz=e}Qx$ z9PrELL?|(4p{&(R$5M&~#WQ8aZOB?ypdF~U5F}7yT7;4U2g#+DF&LXI*(`GqSRpuM z4y*(7Do9R+gCY&W$k?TrSV6^$HPI?*dJr)0djB}-&B@DfBMz#^0)q@pcmnYhvwSB^`^h2z|DbR7Nxc#yhqTP#FkQBg#z zR8b~Sip3VqD#0ALjvL4I&)^%aIS)nwFWImp1*$;6fe@IXz&m__PQcGoe{f_uX@;n{ z;E@H+G$2UiTofo=_7uVi{;yaPlH^heixiS#05X+gc`{ik8CB`}O(-Yiza_HWbO#kp z4uU6CAxZ&|6e&x^BJ@Q1*KkRzO3D_kLBk4=Oc=pvWfR4i(!gbY8J(64Qc#hVq7wsy zGE1J6v5{wk8M;9e_LnjmJ)vV3fe9?ci$qg$N< ([%#srange30] inv'0 b) - -> ([%#srange31] inv'0 c) - -> ([%#srange32] produces'0 a ab b) - -> ([%#srange33] produces'0 b bc c) -> ([%#srange34] produces'0 a (Seq.(++) ab bc) c) + axiom produces_trans'0_spec : forall a : t_Range'0, ab : Seq.seq usize, b : t_Range'0, bc : Seq.seq usize, c : t_Range'0 . ([%#srange28] produces'0 a ab b) + -> ([%#srange29] produces'0 b bc c) -> ([%#srange30] produces'0 a (Seq.(++) ab bc) c) function produces_refl'0 (self : t_Range'0) : () - axiom produces_refl'0_spec : forall self : t_Range'0 . ([%#srange27] inv'0 self) - -> ([%#srange28] produces'0 self (Seq.empty : Seq.seq usize) self) + axiom produces_refl'0_spec : forall self : t_Range'0 . [%#srange27] produces'0 self (Seq.empty : Seq.seq usize) self predicate inv'1 (_1 : Seq.seq usize) @@ -189,10 +181,10 @@ module M_01__all_zero [#"01.rs" 7 0 7 33] axiom inv_axiom'4 [@rewrite] : forall x : t_Option'0 [inv'4 x] . inv'4 x = true predicate resolve'3 (self : borrowed (t_Range'0)) = - [%#sresolve37] self.final = self.current + [%#sresolve33] self.final = self.current predicate completed'0 (self : borrowed (t_Range'0)) = - [%#srange36] resolve'3 self + [%#srange32] resolve'3 self /\ deep_model'0 (self.current).t_Range__start'0 >= deep_model'0 (self.current).t_Range__end'0 use seq.Seq @@ -224,17 +216,17 @@ module M_01__all_zero [#"01.rs" 7 0 7 33] axiom inv_axiom'6 [@rewrite] : forall x : usize [inv'6 x] . inv'6 x = true predicate in_bounds'0 [@inline:trivial] (self : usize) (seq : Seq.seq uint32) = - [%#sslice38] UIntSize.to_int self < Seq.length seq + [%#sslice34] UIntSize.to_int self < Seq.length seq predicate inv'7 (_1 : borrowed uint32) axiom inv_axiom'7 [@rewrite] : forall x : borrowed uint32 [inv'7 x] . inv'7 x = true predicate has_value'0 [@inline:trivial] (self : usize) (seq : Seq.seq uint32) (out : uint32) = - [%#sslice39] Seq.get seq (UIntSize.to_int self) = out + [%#sslice35] Seq.get seq (UIntSize.to_int self) = out predicate resolve_elswhere'0 [@inline:trivial] (self : usize) (old' : Seq.seq uint32) (fin : Seq.seq uint32) = - [%#sslice40] forall i : int . 0 <= i /\ i <> UIntSize.to_int self /\ i < Seq.length old' + [%#sslice36] forall i : int . 0 <= i /\ i <> UIntSize.to_int self /\ i < Seq.length old' -> Seq.get old' i = Seq.get fin i let rec index_mut'0 (self:borrowed (t_Vec'0)) (index:usize) (return' (ret:borrowed uint32))= {[@expl:index_mut 'self' type invariant] inv'5 self} @@ -250,13 +242,13 @@ module M_01__all_zero [#"01.rs" 7 0 7 33] predicate resolve'4 (self : borrowed uint32) = - [%#sresolve37] self.final = self.current + [%#sresolve33] self.final = self.current predicate resolve'1 (_1 : borrowed uint32) = resolve'4 _1 predicate resolve'5 (self : borrowed (t_Vec'0)) = - [%#sresolve37] self.final = self.current + [%#sresolve33] self.final = self.current predicate resolve'2 (_1 : borrowed (t_Vec'0)) = resolve'5 _1 diff --git a/creusot/tests/should_succeed/vector/01/why3session.xml b/creusot/tests/should_succeed/vector/01/why3session.xml index 92ffd93a2..6d2466876 100644 --- a/creusot/tests/should_succeed/vector/01/why3session.xml +++ b/creusot/tests/should_succeed/vector/01/why3session.xml @@ -7,7 +7,7 @@ - + diff --git a/creusot/tests/should_succeed/vector/01/why3shapes.gz b/creusot/tests/should_succeed/vector/01/why3shapes.gz index 76a52227fec09da640edaa97fe8cb76f98664519..e072a77fd05fea3c8c4dd6caf3400955b83b67ac 100644 GIT binary patch literal 563 zcmV-30?hp%iwFP!00000|BX~Z&ze9Gz4I%)(SBZbc0sU_1No8-9O|XXq&G6cs-(DB zKy3egv&tfBzt#(Ryq(#ZdGoTL-e&Edj;fvYs%gtwf0-?2Z=ap+CzZN)IWlR1L#v1? zrFY$)`cj=;jzC?VmAa!o`x<|DnY4KfxwOEcV^bHWT(vGkLGw9!xWFKt(*6@8&_iF| z<%XmV$L=?VV;R7uw7_x#Vd&W)%X$bPM`T$aVd&E!%PtUv9Fb)M1W%60S+6Og_v~AJ zP-e&la!*eGV~VKMh5D6M^{&hf7ovcirL;l;R>)Fo)sR+an$NF4$QiYz-c_orHS!>) zRg^OnAkCFi{TXfQrm4@Wa1TF_hqNsk|uiwFP!00000|BY17ubMy*zVlajqkUd>c0sVwgL%mY4tkBT+Shs^AK(0*`Lds0CheB?+)j?%v}J9+OlFgp&tCVFN^|rj3hjVLizQWT zHr8)IjWhgJaR+5yKYgnllI92+2j9*|>0gnkx_96Li$dO(hi5CT0Q z@9mA2^qPIEcWf6iLmBAt|B9AWnu332RlO;5%f+Z57bz`Jfm?QI3^!!>MAPZz2c@94 zG@FXM+MtY9v{>c>6=<7sd?P{Yx@qbY7yj-C%9!3uLlr_yWnsT#U$8Y0!qsTA*Ww7# z6P=)hl{gdInTlaM>v{8>W1dCPnnR%!a1j=?4ud$(*D8M(Gy$0aBp{M`5+_kIOTr{bR3Z~dg!cz( K2-^s*1pok`>=ohw diff --git a/creusot/tests/should_succeed/vector/03_knuth_shuffle.coma b/creusot/tests/should_succeed/vector/03_knuth_shuffle.coma index 5ba5b61a1..63c4c17d2 100644 --- a/creusot/tests/should_succeed/vector/03_knuth_shuffle.coma +++ b/creusot/tests/should_succeed/vector/03_knuth_shuffle.coma @@ -11,12 +11,12 @@ module M_03_knuth_shuffle__knuth_shuffle [#"03_knuth_shuffle.rs" 13 0 13 39] let%span s03_knuth_shuffle9 = "03_knuth_shuffle.rs" 13 24 13 25 let%span s03_knuth_shuffle10 = "03_knuth_shuffle.rs" 12 10 12 34 let%span svec11 = "../../../../creusot-contracts/src/std/vec.rs" 83 26 83 48 - let%span siter12 = "../../../../creusot-contracts/src/std/iter.rs" 101 0 213 1 + let%span siter12 = "../../../../creusot-contracts/src/std/iter.rs" 97 0 205 1 let%span smodel13 = "../../../../creusot-contracts/src/model.rs" 106 8 106 22 let%span ssnapshot14 = "../../../../creusot-contracts/src/snapshot.rs" 52 20 52 39 let%span sseq15 = "../../../../creusot-contracts/src/logic/seq.rs" 316 8 316 41 - let%span srange16 = "../../../../creusot-contracts/src/std/iter/range.rs" 23 12 27 70 - let%span siter17 = "../../../../creusot-contracts/src/std/iter.rs" 107 26 110 17 + let%span srange16 = "../../../../creusot-contracts/src/std/iter/range.rs" 22 12 26 70 + let%span siter17 = "../../../../creusot-contracts/src/std/iter.rs" 103 26 106 17 let%span s03_knuth_shuffle18 = "03_knuth_shuffle.rs" 6 11 6 19 let%span s03_knuth_shuffle19 = "03_knuth_shuffle.rs" 7 10 7 40 let%span svec20 = "../../../../creusot-contracts/src/std/vec.rs" 175 26 175 42 @@ -26,27 +26,23 @@ module M_03_knuth_shuffle__knuth_shuffle [#"03_knuth_shuffle.rs" 13 0 13 39] let%span sslice24 = "../../../../creusot-contracts/src/std/slice.rs" 259 18 259 50 let%span svec25 = "../../../../creusot-contracts/src/std/vec.rs" 18 14 18 41 let%span smodel26 = "../../../../creusot-contracts/src/model.rs" 88 8 88 22 - let%span siter27 = "../../../../creusot-contracts/src/std/iter.rs" 86 20 86 24 - let%span siter28 = "../../../../creusot-contracts/src/std/iter.rs" 92 8 92 19 - let%span srange29 = "../../../../creusot-contracts/src/std/iter/range.rs" 33 15 33 24 - let%span srange30 = "../../../../creusot-contracts/src/std/iter/range.rs" 34 14 34 45 - let%span srange31 = "../../../../creusot-contracts/src/std/iter/range.rs" 39 15 39 21 - let%span srange32 = "../../../../creusot-contracts/src/std/iter/range.rs" 40 15 40 21 - let%span srange33 = "../../../../creusot-contracts/src/std/iter/range.rs" 41 15 41 21 - let%span srange34 = "../../../../creusot-contracts/src/std/iter/range.rs" 42 15 42 32 - let%span srange35 = "../../../../creusot-contracts/src/std/iter/range.rs" 43 15 43 32 - let%span srange36 = "../../../../creusot-contracts/src/std/iter/range.rs" 44 14 44 42 - let%span snum37 = "../../../../creusot-contracts/src/std/num.rs" 21 28 21 33 - let%span srange38 = "../../../../creusot-contracts/src/std/iter/range.rs" 15 12 15 78 - let%span sresolve39 = "../../../../creusot-contracts/src/resolve.rs" 54 20 54 34 - let%span sslice40 = "../../../../creusot-contracts/src/std/slice.rs" 28 14 28 41 - let%span sslice41 = "../../../../creusot-contracts/src/std/slice.rs" 29 14 29 42 - let%span svec42 = "../../../../creusot-contracts/src/std/vec.rs" 65 20 65 41 - let%span sslice43 = "../../../../creusot-contracts/src/std/slice.rs" 18 20 18 30 - let%span sinvariant44 = "../../../../creusot-contracts/src/invariant.rs" 34 20 34 44 - let%span sinvariant45 = "../../../../creusot-contracts/src/invariant.rs" 24 8 24 18 - let%span sseq46 = "../../../../creusot-contracts/src/logic/seq.rs" 611 20 611 95 - let%span sboxed47 = "../../../../creusot-contracts/src/std/boxed.rs" 28 8 28 18 + let%span siter27 = "../../../../creusot-contracts/src/std/iter.rs" 82 20 82 24 + let%span siter28 = "../../../../creusot-contracts/src/std/iter.rs" 88 8 88 19 + let%span srange29 = "../../../../creusot-contracts/src/std/iter/range.rs" 32 14 32 45 + let%span srange30 = "../../../../creusot-contracts/src/std/iter/range.rs" 37 15 37 32 + let%span srange31 = "../../../../creusot-contracts/src/std/iter/range.rs" 38 15 38 32 + let%span srange32 = "../../../../creusot-contracts/src/std/iter/range.rs" 39 14 39 42 + let%span snum33 = "../../../../creusot-contracts/src/std/num.rs" 21 28 21 33 + let%span srange34 = "../../../../creusot-contracts/src/std/iter/range.rs" 14 12 14 78 + let%span sresolve35 = "../../../../creusot-contracts/src/resolve.rs" 54 20 54 34 + let%span sslice36 = "../../../../creusot-contracts/src/std/slice.rs" 28 14 28 41 + let%span sslice37 = "../../../../creusot-contracts/src/std/slice.rs" 29 14 29 42 + let%span svec38 = "../../../../creusot-contracts/src/std/vec.rs" 65 20 65 41 + let%span sslice39 = "../../../../creusot-contracts/src/std/slice.rs" 18 20 18 30 + let%span sinvariant40 = "../../../../creusot-contracts/src/invariant.rs" 34 20 34 44 + let%span sinvariant41 = "../../../../creusot-contracts/src/invariant.rs" 24 8 24 18 + let%span sseq42 = "../../../../creusot-contracts/src/logic/seq.rs" 611 20 611 95 + let%span sboxed43 = "../../../../creusot-contracts/src/std/boxed.rs" 28 8 28 18 use prelude.prelude.Snapshot @@ -92,28 +88,28 @@ module M_03_knuth_shuffle__knuth_shuffle [#"03_knuth_shuffle.rs" 13 0 13 39] predicate inv'11 (_1 : t_T'0) predicate invariant'6 (self : t_T'0) = - [%#sboxed47] inv'11 self + [%#sboxed43] inv'11 self predicate inv'10 (_1 : t_T'0) axiom inv_axiom'10 [@rewrite] : forall x : t_T'0 [inv'10 x] . inv'10 x = invariant'6 x predicate invariant'5 (self : Seq.seq t_T'0) = - [%#sseq46] forall i : int . 0 <= i /\ i < Seq.length self -> inv'10 (Seq.get self i) + [%#sseq42] forall i : int . 0 <= i /\ i < Seq.length self -> inv'10 (Seq.get self i) predicate inv'9 (_1 : Seq.seq t_T'0) axiom inv_axiom'9 [@rewrite] : forall x : Seq.seq t_T'0 [inv'9 x] . inv'9 x = invariant'5 x predicate invariant'0 (self : t_Vec'0) = - [%#svec42] inv'9 (view'2 self) + [%#svec38] inv'9 (view'2 self) predicate inv'2 (_1 : t_Vec'0) axiom inv_axiom'2 [@rewrite] : forall x : t_Vec'0 [inv'2 x] . inv'2 x = invariant'0 x predicate invariant'4 (self : t_Vec'0) = - [%#sinvariant45] inv'2 self + [%#sinvariant41] inv'2 self predicate inv'6 (_1 : t_Vec'0) @@ -177,7 +173,7 @@ module M_03_knuth_shuffle__knuth_shuffle [#"03_knuth_shuffle.rs" 13 0 13 39] use seq.Seq function deep_model'0 (self : usize) : int = - [%#snum37] UIntSize.to_int self + [%#snum33] UIntSize.to_int self use seq.Seq @@ -194,16 +190,12 @@ module M_03_knuth_shuffle__knuth_shuffle [#"03_knuth_shuffle.rs" 13 0 13 39] function produces_trans'0 (a : t_Range'0) (ab : Seq.seq usize) (b : t_Range'0) (bc : Seq.seq usize) (c : t_Range'0) : () - axiom produces_trans'0_spec : forall a : t_Range'0, ab : Seq.seq usize, b : t_Range'0, bc : Seq.seq usize, c : t_Range'0 . ([%#srange31] inv'0 a) - -> ([%#srange32] inv'0 b) - -> ([%#srange33] inv'0 c) - -> ([%#srange34] produces'0 a ab b) - -> ([%#srange35] produces'0 b bc c) -> ([%#srange36] produces'0 a (Seq.(++) ab bc) c) + axiom produces_trans'0_spec : forall a : t_Range'0, ab : Seq.seq usize, b : t_Range'0, bc : Seq.seq usize, c : t_Range'0 . ([%#srange30] produces'0 a ab b) + -> ([%#srange31] produces'0 b bc c) -> ([%#srange32] produces'0 a (Seq.(++) ab bc) c) function produces_refl'0 (self : t_Range'0) : () - axiom produces_refl'0_spec : forall self : t_Range'0 . ([%#srange29] inv'0 self) - -> ([%#srange30] produces'0 self (Seq.empty : Seq.seq usize) self) + axiom produces_refl'0_spec : forall self : t_Range'0 . [%#srange29] produces'0 self (Seq.empty : Seq.seq usize) self use prelude.prelude.Snapshot @@ -224,10 +216,10 @@ module M_03_knuth_shuffle__knuth_shuffle [#"03_knuth_shuffle.rs" 13 0 13 39] axiom inv_axiom'8 [@rewrite] : forall x : t_Option'0 [inv'8 x] . inv'8 x = true predicate resolve'3 (self : borrowed (t_Range'0)) = - [%#sresolve39] self.final = self.current + [%#sresolve35] self.final = self.current predicate completed'0 (self : borrowed (t_Range'0)) = - [%#srange38] resolve'3 self + [%#srange34] resolve'3 self /\ deep_model'0 (self.current).t_Range__start'0 >= deep_model'0 (self.current).t_Range__end'0 use seq.Seq @@ -259,7 +251,7 @@ module M_03_knuth_shuffle__knuth_shuffle [#"03_knuth_shuffle.rs" 13 0 13 39] predicate invariant'3 (self : borrowed (t_Vec'0)) = - [%#sinvariant44] inv'2 self.current /\ inv'2 self.final + [%#sinvariant40] inv'2 self.current /\ inv'2 self.final predicate inv'5 (_1 : borrowed (t_Vec'0)) @@ -271,19 +263,19 @@ module M_03_knuth_shuffle__knuth_shuffle [#"03_knuth_shuffle.rs" 13 0 13 39] function view'6 (self : slice t_T'0) : Seq.seq t_T'0 - axiom view'6_spec : forall self : slice t_T'0 . ([%#sslice40] Seq.length (view'6 self) + axiom view'6_spec : forall self : slice t_T'0 . ([%#sslice36] Seq.length (view'6 self) <= UIntSize.to_int (v_MAX'0 : usize)) - && ([%#sslice41] view'6 self = Slice.id self) + && ([%#sslice37] view'6 self = Slice.id self) predicate invariant'1 (self : slice t_T'0) = - [%#sslice43] inv'9 (view'6 self) + [%#sslice39] inv'9 (view'6 self) predicate inv'3 (_1 : slice t_T'0) axiom inv_axiom'3 [@rewrite] : forall x : slice t_T'0 [inv'3 x] . inv'3 x = invariant'1 x predicate invariant'2 (self : borrowed (slice t_T'0)) = - [%#sinvariant44] inv'3 self.current /\ inv'3 self.final + [%#sinvariant40] inv'3 self.current /\ inv'3 self.final predicate inv'4 (_1 : borrowed (slice t_T'0)) @@ -311,13 +303,13 @@ module M_03_knuth_shuffle__knuth_shuffle [#"03_knuth_shuffle.rs" 13 0 13 39] predicate resolve'4 (self : borrowed (slice t_T'0)) = - [%#sresolve39] self.final = self.current + [%#sresolve35] self.final = self.current predicate resolve'1 (_1 : borrowed (slice t_T'0)) = resolve'4 _1 predicate resolve'5 (self : borrowed (t_Vec'0)) = - [%#sresolve39] self.final = self.current + [%#sresolve35] self.final = self.current predicate resolve'2 (_1 : borrowed (t_Vec'0)) = resolve'5 _1 diff --git a/creusot/tests/should_succeed/vector/03_knuth_shuffle/why3session.xml b/creusot/tests/should_succeed/vector/03_knuth_shuffle/why3session.xml index 918991cb9..ccf6e75c6 100644 --- a/creusot/tests/should_succeed/vector/03_knuth_shuffle/why3session.xml +++ b/creusot/tests/should_succeed/vector/03_knuth_shuffle/why3session.xml @@ -10,7 +10,7 @@ - + @@ -25,55 +25,55 @@ - + - + - + - + - + - + - + - + - + - + - + - + - + - + - + @@ -85,10 +85,10 @@ - + - + diff --git a/creusot/tests/should_succeed/vector/03_knuth_shuffle/why3shapes.gz b/creusot/tests/should_succeed/vector/03_knuth_shuffle/why3shapes.gz index 424887960b9d27f5a3601b5e9e5d5ac5edb8e6d6..98f5d836ef7b70bf9291734ac1ccf3124d824e6d 100644 GIT binary patch literal 1932 zcmV;72XpuziwFP!00000|IJrRZyPxhzUx;sum|l!3ZGGhn>SN(Ab;6 zM==p%OCCvfGXH+jYIVCM%ZZc8V^6B4KGyfKSdZ?%|I+N<#XH$G53=2@HtT;jw)y2B zv-sQVcq8k#`*-nSB_HP4s<_`QSL=OzSpMtkzjL*i#nt*DZdY-=pW7Dx=pN^wT3C$M z6k=NJA-=`MU`zq3r5=DSEe2x>(5>zPw$+QlnC<&D)tbd%%;Md4Q|`0u=Bl;v)vK0U z--5cHuDhp8w&m6>PId!CxxL%}*#ayEDrn(&g3cONxrL+b&Kg!-3rDS;H9ZZrV0w&c z;i$c{X7P0&a@&H9tI~qKI=_v>U!S-RXn}j*)B-O?Yl^`ZT#wN$xW#DAdL{9pH*C!J z+pTm&vm04A^PSw(d9(lXPMXnKr}-#nE4%xf{fSzdxahAa?w9|L>$fsj^V|1X9XHKZ z>(0quw$HJQfaTp*Uf^acf84LOvKwf70Gv45?Do%jdc?nub+wK+akXB{Hm>DEd^oN= z%x>@Zry3vTFaaLYXI3}cDd;i7Cdeb(`QAqrce1^`-^cxGvtDlMT=n5q@u4@M7dE@u zZ0=6)=2`J@s`n_X4DsqB^dhmt#$m^ELg7?tUoJ6iw%g4IDf8R+2L}grZ)Lw+m5cvD zTostD<>UVOM0uFIqeh&)iFtE-cO!c#bM@y+u0&AQ9EX*4>-Znb`UBm2#|1%Gh$ zX8E7Zt;|(B@^{AO=0VQLJMeg#_dH)#HiIS_3@k0Q6i7IHcS%ZSL1)7k@q9bbLJW zb)_tCW!r2XWLs}GAD+H%c3tKZ$*zz5b{rpOSQ)PWb3EhRIp)pD z_NnB@%N#lT<+@taCvH~{F?*UV{3&dIzDx24i5>A!!h@#Whj{l~#Gc&mG*>U*$Y-gB z>}md{o)GZ2C4gC!kNI7fw392Nuk`-OT<1&SKR7u}l2xI{Y#6!|e9^A+!TIXd`EVIq z?PGEGbE@m2FCMBd@H;qsW{jPkYHYM{IMDf!`~CMxCv9gLuhTSsGzkxm)^h=zAf`_6@=H*Qcs#@S3f0bL zMww!CktEu>k`##}u}*U?)n}I)IDidcUg8XdUBMzsu}Y|`XH^iSRP<5^xIq=b2XHU+Cj?rIQ9xM1 z#9|C)3#n=qOO|39#DMTcE=$b1vZA7Fv^AlmY@MpbLe`iG8ngjTKpl`??iEb*QM+n{ z5hOa%R#~kqDq#ie8*~BrD;!rVnU%8Mq*$y5Vqr%GHB+py#Din{I^PaORMgRMwrol+ zDB5USg*hu-;o#eUwR=N|)-V~4xmM9$DwP7Lsfr=%8iGLTuP`8!qU=m}pWb)}iCv@& zj6y~E+K>yxfovcXNC%=o_@yM7QbtiuScsBIk;z*wTywO#pl`Genu5llA!rrI|3$)@ zippXbGB`w&vo};Qkupe_qHZ(?ZG$%7mR1|qMR9gwTp|aYRW2IP6_-dy-8BNEg7!hX zZ^db~NOFV)3u`fwz@RT+2z4&baAPPK3zRMJcqd##}+A>a4LjMMtWL z$>0^KhAA-qcwJSY;gm=?dgfYe#+q_+$`tE-Rt=lL`lm>Psw7JWim@=;;+&IG3RLvj zD97E%U=D15u&z{#)5VCG%#o~dtVwC9(Ns3J#_rvRFtGb6>V!Pyq+-sNnOs+iwq&Zr zigd}kdmUl_69ux)F&S%gs-mJb$(vddajChGg~LmpQ$JT@0zk%0RjDi~JC`Y`qDX2< zPAPTJ2tQpW)~-aExmxR0w5%0@N6sZt0*Kwap~L?NrMf_psud=sYhvSFatTljDosG@ S@TEoHknn$s2M2Fv9RL6&r{z!p literal 1942 zcmV;H2Wj{piwFP!00000|IJrRj~mGizUx;skb{yn7ATVS4AzH%0iouQJtROQH=!OZ zTd<}zD`{l!zYkjdn3hJe$FpNQC$ZUIef)~WB3pm|rP_T6_q?kPyxpxf%|9z${qm1l z`0Z_2bMt=xAsklxX^yoB`^|FI?89OCubcnQ#bOp#%^_@8q1n%M4S%$ca}YHwMr#UD zHFgkJ<6wM_mtLGO0|dUi-~U+yjEi6~2!a~=eYV!%H8u2`Ypua+Yv^~> zTGKsK4XVSa8u}f!)-1g34o26Y!z$OHZ_dx``05LX1~r(Dn`$tN(VAkg2HRm|4R$eF zvrb7kbcPP;VY}rv&}_|3HQ({N%&YyM_gsx+t>#|NmUj>9{fSzdP;}W0`{lnw^PcBo ze)lnne$i~zv?P1pUW+mUmiJqJ2F;fLcvx+DH-zl~a6+`%?XNLC;@^g{YQj3KnufQb z;ZNbvdk(X^hyAI>!yG2SV}8psN$ZtcMtopUu~M@rp!f`UJ(wR z0iCefdb7DdJ)5iI;Z$!gD-ZcYB^M2FR z;Eq)9mjBt@@m$nn{MOj44}2E91&_N4ZwL4oYP^XsJKx_xh{q$moNgQrdCdOoWAm{8 zu-tukC}qtRH@k=9<(P)~4b&ro_#p}Ejk2^YR4e+D`(6ttDEV*UeJT!S1em!5* zKlbt3tIY3tTWt=!E$hvvCt>7QDcauIxso_rJKKgPFIUZS+ur?2xA^T8sLs~iT<26> zYH+&W<1Jnuhw<>XtQs7ScUlsUtB#Pc$~eos<+5zM%omDX_VM*NKGfhDj{j?M#<|ni z&B^kqXjf zWo)&Nm%E!&Z5Ms^P<;mPKzL=0o$YFDv~b+e`H=hl_em$MacrWCsq+j)qDH%zKHoe? zO--uPQe%6kq5XN(QiHp>n4}sn<)=nD8EynMs+;~}c(9(c?B?nB$1o{dnYWj#r6$`$ z$Q*Y<=H_W7UO?TRUyT-X{bJN)T0nOrT9&T*Ym%eoZpQ0ell%HjKBt^6moHg6v8n+xrE3b^h6E0A5>oHqNOe>x)CeD(h!NsTYn=)O2}YHZOp>D&G< z2bn(9<#e3F+lL;G6UgmJj>m0X8q_t(#brND^GB2P;AmY--~=%x!OI^(HDbSq@e`_^ z&6rI@qlv6gMd$!g0>~&JxhQ}`rJT3YgY-Zi&;xi7-g)bd*Is$)$)g7^W+l3q!IbD2 zvgWKT$m{~=ECdCSDli_j2lX5>XL89(MnEf-C?q%)&-%gNUjJ(sX+^HDOnvX%Mxvc+N1I)J<{`83nwe1h|y65m(fbWQYN;B9Fk@gj8=x-k(ge_Ed*#Nj*t^c zqhd*<42Z-oApqqgw|g;tP*NpE5ei!y(WD?LTIUpM5tP7+z?1kZ5o}H=$LMU)mJ(+b zvPsHdDZ&zGSCRE(JZVqLlk`NM@SB4eGR7!E5HbfcNESs;tj)^$qKW?=;uAzAB6kyq#yylz-XHeyLR1sk&_3Q607EVOi_ zl?;{AUMa8St4AipluWVKCYRU-E7*WjBG}BJq-*=OvR;|*5nNjBoTjLf5!Q$-l13p( zg5^XabEVO1@LGI72@Xt%25kw_flvWMR!JKjF%-w?IJdO+T6rzKrthl7s+eR}6jKBh zIAR8J45GvmneDOowDsEjFhx!oDAL+eTn>cUxhxYXiCKh_q^JydBfNG$R20e79+NC8 z1}G_tVmS*{EMefll_78N$LnGiDQ2Zp0-F#}+RQqYER1w*6RV8!M*b9OQi&XlL2h$r zWkf|}k`dfq_nfdD8OC^{f3Pm4*w|ELFp!IFKPu2>p{a9WZohp9y|F(BUWD}AL zkWw~D$H2Kbse~~{jquZDhLWQut!)8`;7rz16&oFCp3^ojxh2fQH+;*1>t0MgRP2mk;8 diff --git a/creusot/tests/should_succeed/vector/06_knights_tour.coma b/creusot/tests/should_succeed/vector/06_knights_tour.coma index 23cac5463..b770c08e3 100644 --- a/creusot/tests/should_succeed/vector/06_knights_tour.coma +++ b/creusot/tests/should_succeed/vector/06_knights_tour.coma @@ -98,54 +98,45 @@ module M_06_knights_tour__qyi4580598960913230815__new [#"06_knights_tour.rs" 40 let%span s06_knights_tour3 = "06_knights_tour.rs" 39 14 39 25 let%span s06_knights_tour4 = "06_knights_tour.rs" 44 28 44 29 let%span s06_knights_tour5 = "06_knights_tour.rs" 43 26 43 48 - let%span siter6 = "../../../../creusot-contracts/src/std/iter.rs" 59 21 59 25 - let%span siter7 = "../../../../creusot-contracts/src/std/iter.rs" 59 27 59 31 - let%span siter8 = "../../../../creusot-contracts/src/std/iter.rs" 53 15 55 69 - let%span siter9 = "../../../../creusot-contracts/src/std/iter.rs" 56 15 56 51 - let%span siter10 = "../../../../creusot-contracts/src/std/iter.rs" 57 15 57 70 - let%span siter11 = "../../../../creusot-contracts/src/std/iter.rs" 59 4 62 61 - let%span siter12 = "../../../../creusot-contracts/src/std/iter.rs" 58 14 58 88 - let%span siter13 = "../../../../creusot-contracts/src/std/iter.rs" 172 26 174 81 + let%span siter6 = "../../../../creusot-contracts/src/std/iter.rs" 55 21 55 25 + let%span siter7 = "../../../../creusot-contracts/src/std/iter.rs" 55 27 55 31 + let%span siter8 = "../../../../creusot-contracts/src/std/iter.rs" 49 15 51 69 + let%span siter9 = "../../../../creusot-contracts/src/std/iter.rs" 52 15 52 51 + let%span siter10 = "../../../../creusot-contracts/src/std/iter.rs" 53 15 53 70 + let%span siter11 = "../../../../creusot-contracts/src/std/iter.rs" 55 4 58 61 + let%span siter12 = "../../../../creusot-contracts/src/std/iter.rs" 54 14 54 88 + let%span siter13 = "../../../../creusot-contracts/src/std/iter.rs" 166 26 167 120 let%span s06_knights_tour14 = "06_knights_tour.rs" 32 12 34 93 let%span svec15 = "../../../../creusot-contracts/src/std/vec.rs" 180 22 180 41 let%span svec16 = "../../../../creusot-contracts/src/std/vec.rs" 181 22 181 76 let%span svec17 = "../../../../creusot-contracts/src/std/vec.rs" 18 14 18 41 - let%span srange18 = "../../../../creusot-contracts/src/std/iter/range.rs" 33 15 33 24 - let%span srange19 = "../../../../creusot-contracts/src/std/iter/range.rs" 34 14 34 45 - let%span srange20 = "../../../../creusot-contracts/src/std/iter/range.rs" 39 15 39 21 - let%span srange21 = "../../../../creusot-contracts/src/std/iter/range.rs" 40 15 40 21 - let%span srange22 = "../../../../creusot-contracts/src/std/iter/range.rs" 41 15 41 21 - let%span srange23 = "../../../../creusot-contracts/src/std/iter/range.rs" 42 15 42 32 - let%span srange24 = "../../../../creusot-contracts/src/std/iter/range.rs" 43 15 43 32 - let%span srange25 = "../../../../creusot-contracts/src/std/iter/range.rs" 44 14 44 42 - let%span srange26 = "../../../../creusot-contracts/src/std/iter/range.rs" 23 12 27 70 - let%span smap_inv27 = "../../../../creusot-contracts/src/std/iter/map_inv.rs" 159 12 163 47 - let%span smap_inv28 = "../../../../creusot-contracts/src/std/iter/map_inv.rs" 146 12 151 71 - let%span smap_inv29 = "../../../../creusot-contracts/src/std/iter/map_inv.rs" 15 8 18 9 - let%span smap_inv30 = "../../../../creusot-contracts/src/std/iter/map_inv.rs" 41 8 54 9 - let%span svec31 = "../../../../creusot-contracts/src/std/vec.rs" 285 20 285 32 - let%span sindex32 = "../../../../creusot-contracts/src/logic/ops/index.rs" 23 8 23 31 - let%span sresolve33 = "../../../../creusot-contracts/src/resolve.rs" 54 20 54 34 - let%span sops34 = "../../../../creusot-contracts/src/std/ops.rs" 109 15 109 59 - let%span sops35 = "../../../../creusot-contracts/src/std/ops.rs" 110 14 110 36 - let%span sops36 = "../../../../creusot-contracts/src/std/ops.rs" 115 14 115 31 - let%span sops37 = "../../../../creusot-contracts/src/std/ops.rs" 120 15 120 29 - let%span sops38 = "../../../../creusot-contracts/src/std/ops.rs" 121 15 121 26 - let%span sops39 = "../../../../creusot-contracts/src/std/ops.rs" 122 14 122 28 - let%span sops40 = "../../../../creusot-contracts/src/std/ops.rs" 127 14 128 105 - let%span snum41 = "../../../../creusot-contracts/src/std/num.rs" 21 28 21 33 - let%span srange42 = "../../../../creusot-contracts/src/std/iter/range.rs" 15 12 15 78 - let%span smap_inv43 = "../../../../creusot-contracts/src/std/iter/map_inv.rs" 123 12 125 63 - let%span smap_inv44 = "../../../../creusot-contracts/src/std/iter/map_inv.rs" 62 8 62 50 - let%span smap_inv45 = "../../../../creusot-contracts/src/std/iter/map_inv.rs" 23 15 23 24 - let%span smap_inv46 = "../../../../creusot-contracts/src/std/iter/map_inv.rs" 24 14 24 45 - let%span smap_inv47 = "../../../../creusot-contracts/src/std/iter/map_inv.rs" 29 15 29 21 - let%span smap_inv48 = "../../../../creusot-contracts/src/std/iter/map_inv.rs" 30 15 30 21 - let%span smap_inv49 = "../../../../creusot-contracts/src/std/iter/map_inv.rs" 31 15 31 21 - let%span smap_inv50 = "../../../../creusot-contracts/src/std/iter/map_inv.rs" 32 15 32 32 - let%span smap_inv51 = "../../../../creusot-contracts/src/std/iter/map_inv.rs" 33 15 33 32 - let%span smap_inv52 = "../../../../creusot-contracts/src/std/iter/map_inv.rs" 34 14 34 42 - let%span sinvariant53 = "../../../../creusot-contracts/src/invariant.rs" 34 20 34 44 + let%span srange18 = "../../../../creusot-contracts/src/std/iter/range.rs" 32 14 32 45 + let%span srange19 = "../../../../creusot-contracts/src/std/iter/range.rs" 37 15 37 32 + let%span srange20 = "../../../../creusot-contracts/src/std/iter/range.rs" 38 15 38 32 + let%span srange21 = "../../../../creusot-contracts/src/std/iter/range.rs" 39 14 39 42 + let%span srange22 = "../../../../creusot-contracts/src/std/iter/range.rs" 22 12 26 70 + let%span smap_inv23 = "../../../../creusot-contracts/src/std/iter/map_inv.rs" 153 12 156 47 + let%span smap_inv24 = "../../../../creusot-contracts/src/std/iter/map_inv.rs" 140 12 145 71 + let%span smap_inv25 = "../../../../creusot-contracts/src/std/iter/map_inv.rs" 15 8 18 9 + let%span smap_inv26 = "../../../../creusot-contracts/src/std/iter/map_inv.rs" 37 8 49 9 + let%span svec27 = "../../../../creusot-contracts/src/std/vec.rs" 285 20 285 32 + let%span sindex28 = "../../../../creusot-contracts/src/logic/ops/index.rs" 23 8 23 31 + let%span sresolve29 = "../../../../creusot-contracts/src/resolve.rs" 54 20 54 34 + let%span sops30 = "../../../../creusot-contracts/src/std/ops.rs" 109 15 109 59 + let%span sops31 = "../../../../creusot-contracts/src/std/ops.rs" 110 14 110 36 + let%span sops32 = "../../../../creusot-contracts/src/std/ops.rs" 115 14 115 31 + let%span sops33 = "../../../../creusot-contracts/src/std/ops.rs" 120 15 120 29 + let%span sops34 = "../../../../creusot-contracts/src/std/ops.rs" 121 15 121 26 + let%span sops35 = "../../../../creusot-contracts/src/std/ops.rs" 122 14 122 28 + let%span sops36 = "../../../../creusot-contracts/src/std/ops.rs" 127 14 128 105 + let%span snum37 = "../../../../creusot-contracts/src/std/num.rs" 21 28 21 33 + let%span srange38 = "../../../../creusot-contracts/src/std/iter/range.rs" 14 12 14 78 + let%span smap_inv39 = "../../../../creusot-contracts/src/std/iter/map_inv.rs" 117 12 119 63 + let%span smap_inv40 = "../../../../creusot-contracts/src/std/iter/map_inv.rs" 57 8 57 50 + let%span smap_inv41 = "../../../../creusot-contracts/src/std/iter/map_inv.rs" 23 14 23 45 + let%span smap_inv42 = "../../../../creusot-contracts/src/std/iter/map_inv.rs" 28 15 28 32 + let%span smap_inv43 = "../../../../creusot-contracts/src/std/iter/map_inv.rs" 29 15 29 32 + let%span smap_inv44 = "../../../../creusot-contracts/src/std/iter/map_inv.rs" 30 14 30 42 use prelude.prelude.UIntSize @@ -158,14 +149,14 @@ module M_06_knights_tour__qyi4580598960913230815__new [#"06_knights_tour.rs" 40 { field_0'0: usize } predicate resolve'2 (self : borrowed closure3'1) = - [%#sresolve33] self.final = self.current + [%#sresolve29] self.final = self.current predicate resolve'0 (_1 : borrowed closure3'1) = resolve'2 _1 - predicate inv'2 (_1 : usize) + predicate inv'4 (_1 : usize) - axiom inv_axiom'2 [@rewrite] : forall x : usize [inv'2 x] . inv'2 x = true + axiom inv_axiom'4 [@rewrite] : forall x : usize [inv'4 x] . inv'4 x = true use prelude.prelude.Opaque @@ -184,9 +175,9 @@ module M_06_knights_tour__qyi4580598960913230815__new [#"06_knights_tour.rs" 40 type t_Vec'1 = { t_Vec__buf'1: t_RawVec'1; t_Vec__len'1: usize } - predicate inv'7 (_1 : t_Vec'1) + predicate inv'5 (_1 : t_Vec'1) - axiom inv_axiom'7 [@rewrite] : forall x : t_Vec'1 [inv'7 x] . inv'7 x = true + axiom inv_axiom'5 [@rewrite] : forall x : t_Vec'1 [inv'5 x] . inv'5 x = true use seq.Seq @@ -205,11 +196,11 @@ module M_06_knights_tour__qyi4580598960913230815__new [#"06_knights_tour.rs" 40 use seq.Seq function index_logic'1 [@inline:trivial] (self : t_Vec'1) (ix : int) : usize = - [%#sindex32] Seq.get (view'0 self) ix + [%#sindex28] Seq.get (view'0 self) ix - let rec from_elem'0 (elem:usize) (n:usize) (return' (ret:t_Vec'1))= {[@expl:from_elem 'elem' type invariant] inv'2 elem} + let rec from_elem'0 (elem:usize) (n:usize) (return' (ret:t_Vec'1))= {[@expl:from_elem 'elem' type invariant] inv'4 elem} any - [ return' (result:t_Vec'1)-> {inv'7 result} + [ return' (result:t_Vec'1)-> {inv'5 result} {[%#svec15] Seq.length (view'0 result) = UIntSize.to_int n} {[%#svec16] forall i : int . 0 <= i /\ i < UIntSize.to_int n -> index_logic'1 result i = elem} (! return' {result}) ] @@ -238,23 +229,23 @@ module M_06_knights_tour__qyi4580598960913230815__new [#"06_knights_tour.rs" 40 function fn_mut_once'0 (self : closure3'1) (args : (usize, Snapshot.snap_ty (Seq.seq usize))) (res : t_Vec'1) : () - axiom fn_mut_once'0_spec : forall self : closure3'1, args : (usize, Snapshot.snap_ty (Seq.seq usize)), res : t_Vec'1 . [%#sops40] postcondition_once'0 self args res + axiom fn_mut_once'0_spec : forall self : closure3'1, args : (usize, Snapshot.snap_ty (Seq.seq usize)), res : t_Vec'1 . [%#sops36] postcondition_once'0 self args res = (exists res_state : closure3'1 . postcondition_mut'0 self args res_state res /\ resolve'4 res_state) function unnest_trans'0 (self : closure3'1) (b : closure3'1) (c : closure3'1) : () - axiom unnest_trans'0_spec : forall self : closure3'1, b : closure3'1, c : closure3'1 . ([%#sops37] unnest'0 self b) - -> ([%#sops38] unnest'0 b c) -> ([%#sops39] unnest'0 self c) + axiom unnest_trans'0_spec : forall self : closure3'1, b : closure3'1, c : closure3'1 . ([%#sops33] unnest'0 self b) + -> ([%#sops34] unnest'0 b c) -> ([%#sops35] unnest'0 self c) function unnest_refl'0 (self : closure3'1) : () - axiom unnest_refl'0_spec : forall self : closure3'1 . [%#sops36] unnest'0 self self + axiom unnest_refl'0_spec : forall self : closure3'1 . [%#sops32] unnest'0 self self function postcondition_mut_unnest'0 (self : closure3'1) (args : (usize, Snapshot.snap_ty (Seq.seq usize))) (res_state : closure3'1) (res : t_Vec'1) : () - axiom postcondition_mut_unnest'0_spec : forall self : closure3'1, args : (usize, Snapshot.snap_ty (Seq.seq usize)), res_state : closure3'1, res : t_Vec'1 . ([%#sops34] postcondition_mut'0 self args res_state res) - -> ([%#sops35] unnest'0 self res_state) + axiom postcondition_mut_unnest'0_spec : forall self : closure3'1, args : (usize, Snapshot.snap_ty (Seq.seq usize)), res_state : closure3'1, res : t_Vec'1 . ([%#sops30] postcondition_mut'0 self args res_state res) + -> ([%#sops31] unnest'0 self res_state) let rec closure3'0 (_1:borrowed closure3'1) (_2:usize) (_3:Snapshot.snap_ty (Seq.seq usize)) (return' (ret:t_Vec'1))= (! bb0 [ bb0 = s0 @@ -273,19 +264,15 @@ module M_06_knights_tour__qyi4580598960913230815__new [#"06_knights_tour.rs" 40 (! return' {result}) ] - predicate inv'0 (_1 : t_Range'0) - - axiom inv_axiom'0 [@rewrite] : forall x : t_Range'0 [inv'0 x] . inv'0 x = true - use seq.Seq use seq.Seq function deep_model'0 (self : usize) : int = - [%#snum41] UIntSize.to_int self + [%#snum37] UIntSize.to_int self predicate produces'0 (self : t_Range'0) (visited : Seq.seq usize) (o : t_Range'0) = - [%#srange26] self.t_Range__end'0 = o.t_Range__end'0 + [%#srange22] self.t_Range__end'0 = o.t_Range__end'0 /\ deep_model'0 self.t_Range__start'0 <= deep_model'0 o.t_Range__start'0 /\ (Seq.length visited > 0 -> deep_model'0 o.t_Range__start'0 <= deep_model'0 o.t_Range__end'0) /\ Seq.length visited = deep_model'0 o.t_Range__start'0 - deep_model'0 self.t_Range__start'0 @@ -295,30 +282,26 @@ module M_06_knights_tour__qyi4580598960913230815__new [#"06_knights_tour.rs" 40 function produces_trans'1 (a : t_Range'0) (ab : Seq.seq usize) (b : t_Range'0) (bc : Seq.seq usize) (c : t_Range'0) : () - axiom produces_trans'1_spec : forall a : t_Range'0, ab : Seq.seq usize, b : t_Range'0, bc : Seq.seq usize, c : t_Range'0 . ([%#srange20] inv'0 a) - -> ([%#srange21] inv'0 b) - -> ([%#srange22] inv'0 c) - -> ([%#srange23] produces'0 a ab b) - -> ([%#srange24] produces'0 b bc c) -> ([%#srange25] produces'0 a (Seq.(++) ab bc) c) + axiom produces_trans'1_spec : forall a : t_Range'0, ab : Seq.seq usize, b : t_Range'0, bc : Seq.seq usize, c : t_Range'0 . ([%#srange19] produces'0 a ab b) + -> ([%#srange20] produces'0 b bc c) -> ([%#srange21] produces'0 a (Seq.(++) ab bc) c) function produces_refl'1 (self : t_Range'0) : () - axiom produces_refl'1_spec : forall self : t_Range'0 . ([%#srange18] inv'0 self) - -> ([%#srange19] produces'0 self (Seq.empty : Seq.seq usize) self) + axiom produces_refl'1_spec : forall self : t_Range'0 . [%#srange18] produces'0 self (Seq.empty : Seq.seq usize) self function produces_trans'0 (a : t_Range'0) (ab : Seq.seq usize) (b : t_Range'0) (bc : Seq.seq usize) (c : t_Range'0) : () - axiom produces_trans'0_spec : forall a : t_Range'0, ab : Seq.seq usize, b : t_Range'0, bc : Seq.seq usize, c : t_Range'0 . ([%#srange20] inv'0 a) - -> ([%#srange21] inv'0 b) - -> ([%#srange22] inv'0 c) - -> ([%#srange23] produces'0 a ab b) - -> ([%#srange24] produces'0 b bc c) -> ([%#srange25] produces'0 a (Seq.(++) ab bc) c) + axiom produces_trans'0_spec : forall a : t_Range'0, ab : Seq.seq usize, b : t_Range'0, bc : Seq.seq usize, c : t_Range'0 . ([%#srange19] produces'0 a ab b) + -> ([%#srange20] produces'0 b bc c) -> ([%#srange21] produces'0 a (Seq.(++) ab bc) c) function produces_refl'0 (self : t_Range'0) : () - axiom produces_refl'0_spec : forall self : t_Range'0 . ([%#srange18] inv'0 self) - -> ([%#srange19] produces'0 self (Seq.empty : Seq.seq usize) self) + axiom produces_refl'0_spec : forall self : t_Range'0 . [%#srange18] produces'0 self (Seq.empty : Seq.seq usize) self + + predicate inv'0 (_1 : t_Range'0) + + axiom inv_axiom'0 [@rewrite] : forall x : t_Range'0 [inv'0 x] . inv'0 x = true predicate inv'1 (_1 : closure3'1) @@ -331,42 +314,28 @@ module M_06_knights_tour__qyi4580598960913230815__new [#"06_knights_tour.rs" 40 predicate precondition'0 (self : closure3'1) (args : (usize, Snapshot.snap_ty (Seq.seq usize))) = let (_2, _3) = args in true - predicate inv'8 (_1 : borrowed (t_Range'0)) - - axiom inv_axiom'8 [@rewrite] : forall x : borrowed (t_Range'0) [inv'8 x] . inv'8 x = true - predicate resolve'5 (self : borrowed (t_Range'0)) = - [%#sresolve33] self.final = self.current + [%#sresolve29] self.final = self.current predicate completed'1 (self : borrowed (t_Range'0)) = - [%#srange42] resolve'5 self + [%#srange38] resolve'5 self /\ deep_model'0 (self.current).t_Range__start'0 >= deep_model'0 (self.current).t_Range__end'0 predicate next_precondition'0 (iter : t_Range'0) (func : closure3'1) (produced : Seq.seq usize) = - [%#smap_inv43] forall e : usize, i : t_Range'0 . inv'2 e /\ inv'0 i /\ produces'0 iter (Seq.singleton e) i + [%#smap_inv39] forall e : usize, i : t_Range'0 . produces'0 iter (Seq.singleton e) i -> precondition'0 func (e, Snapshot.new produced) - predicate inv'9 (_1 : Seq.seq usize) - - axiom inv_axiom'9 [@rewrite] : forall x : Seq.seq usize [inv'9 x] . inv'9 x = true - - predicate inv'10 (_1 : borrowed closure3'1) - - axiom inv_axiom'10 [@rewrite] : forall x : borrowed closure3'1 [inv'10 x] . inv'10 x = true - use seq.Seq predicate preservation'0 (iter : t_Range'0) (func : closure3'1) = - [%#smap_inv28] forall s : Seq.seq usize, e1 : usize, e2 : usize, f : borrowed closure3'1, b : t_Vec'1, i : t_Range'0 . inv'9 s - /\ inv'2 e1 /\ inv'2 e2 /\ inv'10 f /\ inv'7 b /\ inv'0 i /\ unnest'0 func f.current + [%#smap_inv24] forall s : Seq.seq usize, e1 : usize, e2 : usize, f : borrowed closure3'1, b : t_Vec'1, i : t_Range'0 . unnest'0 func f.current -> produces'0 iter (Seq.snoc (Seq.snoc s e1) e2) i -> precondition'0 f.current (e1, Snapshot.new s) -> postcondition_mut'0 f.current (e1, Snapshot.new s) f.final b -> precondition'0 f.final (e2, Snapshot.new (Seq.snoc s e1)) predicate reinitialize'0 (_1 : ()) = - [%#smap_inv27] forall iter : borrowed (t_Range'0), func : closure3'1 . inv'8 iter /\ inv'1 func - -> completed'1 iter + [%#smap_inv23] forall iter : borrowed (t_Range'0), func : closure3'1 . completed'1 iter -> next_precondition'0 iter.final func (Seq.empty : Seq.seq usize) /\ preservation'0 iter.final func type t_MapInv'0 = @@ -376,9 +345,9 @@ module M_06_knights_tour__qyi4580598960913230815__new [#"06_knights_tour.rs" 40 predicate invariant'0 (self : t_MapInv'0) - predicate inv'3 (_1 : t_MapInv'0) + predicate inv'2 (_1 : t_MapInv'0) - axiom inv_axiom'3 [@rewrite] : forall x : t_MapInv'0 [inv'3 x] . inv'3 x + axiom inv_axiom'2 [@rewrite] : forall x : t_MapInv'0 [inv'2 x] . inv'2 x = (invariant'0 x /\ match x with | {t_MapInv__iter'0 = iter ; t_MapInv__func'0 = func ; t_MapInv__produced'0 = produced} -> true @@ -386,12 +355,12 @@ module M_06_knights_tour__qyi4580598960913230815__new [#"06_knights_tour.rs" 40 let rec map_inv'0 (self:t_Range'0) (func:closure3'1) (return' (ret:t_MapInv'0))= {[@expl:map_inv 'self' type invariant] [%#siter6] inv'0 self} {[@expl:map_inv 'func' type invariant] [%#siter7] inv'1 func} - {[@expl:map_inv requires #0] [%#siter8] forall e : usize, i2 : t_Range'0 . inv'2 e /\ inv'0 i2 - -> produces'0 self (Seq.singleton e) i2 -> precondition'0 func (e, Snapshot.new (Seq.empty : Seq.seq usize))} + {[@expl:map_inv requires #0] [%#siter8] forall e : usize, i2 : t_Range'0 . produces'0 self (Seq.singleton e) i2 + -> precondition'0 func (e, Snapshot.new (Seq.empty : Seq.seq usize))} {[@expl:map_inv requires #1] [%#siter9] reinitialize'0 ()} {[@expl:map_inv requires #2] [%#siter10] preservation'0 self func} any - [ return' (result:t_MapInv'0)-> {[%#siter11] inv'3 result} + [ return' (result:t_MapInv'0)-> {[%#siter11] inv'2 result} {[%#siter12] result = { t_MapInv__iter'0 = self; t_MapInv__func'0 = func; @@ -411,38 +380,23 @@ module M_06_knights_tour__qyi4580598960913230815__new [#"06_knights_tour.rs" 40 type t_Vec'0 = { t_Vec__buf'0: t_RawVec'0; t_Vec__len'0: usize } - predicate inv'4 (_1 : t_Vec'0) + predicate inv'3 (_1 : t_Vec'0) - axiom inv_axiom'4 [@rewrite] : forall x : t_Vec'0 [inv'4 x] . inv'4 x = true + axiom inv_axiom'3 [@rewrite] : forall x : t_Vec'0 [inv'3 x] . inv'3 x = true use seq.Seq - predicate invariant'1 (self : borrowed (t_MapInv'0)) = - [%#sinvariant53] inv'3 self.current /\ inv'3 self.final - - predicate inv'5 (_1 : borrowed (t_MapInv'0)) - - axiom inv_axiom'5 [@rewrite] : forall x : borrowed (t_MapInv'0) [inv'5 x] . inv'5 x = invariant'1 x - - predicate inv'6 (_1 : Seq.seq (t_Vec'1)) - - axiom inv_axiom'6 [@rewrite] : forall x : Seq.seq (t_Vec'1) [inv'6 x] . inv'6 x = true - predicate resolve'6 (_1 : t_Range'0) = true predicate resolve'3 (self : t_MapInv'0) = - [%#smap_inv44] resolve'6 self.t_MapInv__iter'0 /\ resolve'4 self.t_MapInv__func'0 + [%#smap_inv40] resolve'6 self.t_MapInv__iter'0 /\ resolve'4 self.t_MapInv__func'0 predicate resolve'1 (_1 : t_MapInv'0) = resolve'3 _1 use seq.Seq - predicate inv'11 (_1 : Seq.seq (borrowed closure3'1)) - - axiom inv_axiom'11 [@rewrite] : forall x : Seq.seq (borrowed closure3'1) [inv'11 x] . inv'11 x = true - use seq.Seq use seq.Seq @@ -462,11 +416,9 @@ module M_06_knights_tour__qyi4580598960913230815__new [#"06_knights_tour.rs" 40 use seq.Seq predicate produces'1 [@inline:trivial] (self : t_MapInv'0) (visited : Seq.seq (t_Vec'1)) (succ : t_MapInv'0) = - [%#smap_inv30] unnest'0 self.t_MapInv__func'0 succ.t_MapInv__func'0 - /\ (exists fs : Seq.seq (borrowed closure3'1) . inv'11 fs - /\ Seq.length fs = Seq.length visited - /\ (exists s : Seq.seq usize . inv'9 s - /\ Seq.length s = Seq.length visited + [%#smap_inv26] unnest'0 self.t_MapInv__func'0 succ.t_MapInv__func'0 + /\ (exists fs : Seq.seq (borrowed closure3'1) . Seq.length fs = Seq.length visited + /\ (exists s : Seq.seq usize . Seq.length s = Seq.length visited /\ produces'0 self.t_MapInv__iter'0 s succ.t_MapInv__iter'0 /\ Snapshot.inner succ.t_MapInv__produced'0 = Seq.(++) (Snapshot.inner self.t_MapInv__produced'0) s /\ (forall i : int . 1 <= i /\ i < Seq.length fs -> (Seq.get fs (i - 1)).final = (Seq.get fs i).current) @@ -484,19 +436,15 @@ module M_06_knights_tour__qyi4580598960913230815__new [#"06_knights_tour.rs" 40 function produces_trans'2 (a : t_MapInv'0) (ab : Seq.seq (t_Vec'1)) (b : t_MapInv'0) (bc : Seq.seq (t_Vec'1)) (c : t_MapInv'0) : () - axiom produces_trans'2_spec : forall a : t_MapInv'0, ab : Seq.seq (t_Vec'1), b : t_MapInv'0, bc : Seq.seq (t_Vec'1), c : t_MapInv'0 . ([%#smap_inv47] inv'3 a) - -> ([%#smap_inv48] inv'3 b) - -> ([%#smap_inv49] inv'3 c) - -> ([%#smap_inv50] produces'1 a ab b) - -> ([%#smap_inv51] produces'1 b bc c) -> ([%#smap_inv52] produces'1 a (Seq.(++) ab bc) c) + axiom produces_trans'2_spec : forall a : t_MapInv'0, ab : Seq.seq (t_Vec'1), b : t_MapInv'0, bc : Seq.seq (t_Vec'1), c : t_MapInv'0 . ([%#smap_inv42] produces'1 a ab b) + -> ([%#smap_inv43] produces'1 b bc c) -> ([%#smap_inv44] produces'1 a (Seq.(++) ab bc) c) function produces_refl'2 (self : t_MapInv'0) : () - axiom produces_refl'2_spec : forall self : t_MapInv'0 . ([%#smap_inv45] inv'3 self) - -> ([%#smap_inv46] produces'1 self (Seq.empty : Seq.seq (t_Vec'1)) self) + axiom produces_refl'2_spec : forall self : t_MapInv'0 . [%#smap_inv41] produces'1 self (Seq.empty : Seq.seq (t_Vec'1)) self predicate completed'0 (self : borrowed (t_MapInv'0)) = - [%#smap_inv29] Snapshot.inner (self.final).t_MapInv__produced'0 = (Seq.empty : Seq.seq usize) + [%#smap_inv25] Snapshot.inner (self.final).t_MapInv__produced'0 = (Seq.empty : Seq.seq usize) /\ completed'1 (Borrow.borrow_logic (self.current).t_MapInv__iter'0 (self.final).t_MapInv__iter'0 (Borrow.inherit_id (Borrow.get_id self) 1)) /\ (self.current).t_MapInv__func'0 = (self.final).t_MapInv__func'0 @@ -505,14 +453,12 @@ module M_06_knights_tour__qyi4580598960913230815__new [#"06_knights_tour.rs" 40 axiom view'1_spec : forall self : t_Vec'0 . [%#svec17] Seq.length (view'1 self) <= UIntSize.to_int (v_MAX'0 : usize) predicate from_iter_post'0 (prod : Seq.seq (t_Vec'1)) (res : t_Vec'0) = - [%#svec31] prod = view'1 res + [%#svec27] prod = view'1 res - let rec collect'0 (self:t_MapInv'0) (return' (ret:t_Vec'0))= {[@expl:collect 'self' type invariant] inv'3 self} + let rec collect'0 (self:t_MapInv'0) (return' (ret:t_Vec'0))= {[@expl:collect 'self' type invariant] inv'2 self} any - [ return' (result:t_Vec'0)-> {inv'4 result} - {[%#siter13] exists done' : borrowed (t_MapInv'0), prod : Seq.seq (t_Vec'1) . inv'5 done' - /\ inv'6 prod - /\ resolve'1 done'.final + [ return' (result:t_Vec'0)-> {inv'3 result} + {[%#siter13] exists done' : borrowed (t_MapInv'0), prod : Seq.seq (t_Vec'1) . resolve'1 done'.final /\ completed'0 done' /\ produces'1 self prod done'.current /\ from_iter_post'0 prod result} (! return' {result}) ] @@ -521,7 +467,7 @@ module M_06_knights_tour__qyi4580598960913230815__new [#"06_knights_tour.rs" 40 { t_Board__size'0: usize; t_Board__field'0: t_Vec'0 } function index_logic'0 [@inline:trivial] (self : t_Vec'0) (ix : int) : t_Vec'1 = - [%#sindex32] Seq.get (view'1 self) ix + [%#sindex28] Seq.get (view'1 self) ix predicate wf'0 [#"06_knights_tour.rs" 30 4 30 23] (self : t_Board'0) = [%#s06_knights_tour14] UIntSize.to_int self.t_Board__size'0 <= 1000 @@ -783,9 +729,9 @@ module M_06_knights_tour__qyi4580598960913230815__count_degree [#"06_knights_tou let%span s06_knights_tour9 = "06_knights_tour.rs" 69 15 69 32 let%span s06_knights_tour10 = "06_knights_tour.rs" 93 10 93 28 let%span s06_knights_tour11 = "06_knights_tour.rs" 94 10 94 128 - let%span siter12 = "../../../../creusot-contracts/src/std/iter.rs" 101 0 213 1 + let%span siter12 = "../../../../creusot-contracts/src/std/iter.rs" 97 0 205 1 let%span svec13 = "../../../../creusot-contracts/src/std/vec.rs" 264 12 264 41 - let%span siter14 = "../../../../creusot-contracts/src/std/iter.rs" 107 26 110 17 + let%span siter14 = "../../../../creusot-contracts/src/std/iter.rs" 103 26 106 17 let%span s06_knights_tour15 = "06_knights_tour.rs" 12 15 12 52 let%span s06_knights_tour16 = "06_knights_tour.rs" 13 15 13 52 let%span s06_knights_tour17 = "06_knights_tour.rs" 14 15 14 46 @@ -1391,11 +1337,11 @@ module M_06_knights_tour__min [#"06_knights_tour.rs" 110 0 110 58] let%span s06_knights_tour3 = "06_knights_tour.rs" 114 4 114 7 let%span s06_knights_tour4 = "06_knights_tour.rs" 114 4 114 7 let%span s06_knights_tour5 = "06_knights_tour.rs" 108 10 109 60 - let%span siter6 = "../../../../creusot-contracts/src/std/iter.rs" 101 0 213 1 + let%span siter6 = "../../../../creusot-contracts/src/std/iter.rs" 97 0 205 1 let%span smodel7 = "../../../../creusot-contracts/src/model.rs" 88 8 88 22 let%span sindex8 = "../../../../creusot-contracts/src/logic/ops/index.rs" 23 8 23 31 let%span sslice9 = "../../../../creusot-contracts/src/std/slice.rs" 405 12 405 66 - let%span siter10 = "../../../../creusot-contracts/src/std/iter.rs" 107 26 110 17 + let%span siter10 = "../../../../creusot-contracts/src/std/iter.rs" 103 26 106 17 let%span svec11 = "../../../../creusot-contracts/src/std/vec.rs" 205 20 205 24 let%span svec12 = "../../../../creusot-contracts/src/std/vec.rs" 211 20 211 34 let%span svec13 = "../../../../creusot-contracts/src/std/vec.rs" 18 14 18 41 @@ -1731,11 +1677,11 @@ module M_06_knights_tour__knights_tour [#"06_knights_tour.rs" 135 0 135 69] let%span s06_knights_tour28 = "06_knights_tour.rs" 128 11 128 22 let%span s06_knights_tour29 = "06_knights_tour.rs" 129 10 129 30 let%span s06_knights_tour30 = "06_knights_tour.rs" 127 0 127 8 - let%span siter31 = "../../../../creusot-contracts/src/std/iter.rs" 101 0 213 1 + let%span siter31 = "../../../../creusot-contracts/src/std/iter.rs" 97 0 205 1 let%span s06_knights_tour32 = "06_knights_tour.rs" 63 12 63 75 let%span s06_knights_tour33 = "06_knights_tour.rs" 32 12 34 93 - let%span srange34 = "../../../../creusot-contracts/src/std/iter/range.rs" 23 12 27 70 - let%span siter35 = "../../../../creusot-contracts/src/std/iter.rs" 107 26 110 17 + let%span srange34 = "../../../../creusot-contracts/src/std/iter/range.rs" 22 12 26 70 + let%span siter35 = "../../../../creusot-contracts/src/std/iter.rs" 103 26 106 17 let%span svec36 = "../../../../creusot-contracts/src/std/vec.rs" 74 26 74 44 let%span s06_knights_tour37 = "06_knights_tour.rs" 93 10 93 28 let%span s06_knights_tour38 = "06_knights_tour.rs" 94 10 94 128 @@ -1754,30 +1700,26 @@ module M_06_knights_tour__knights_tour [#"06_knights_tour.rs" 135 0 135 69] let%span s06_knights_tour51 = "06_knights_tour.rs" 69 15 69 32 let%span svec52 = "../../../../creusot-contracts/src/std/vec.rs" 87 26 87 56 let%span s06_knights_tour53 = "06_knights_tour.rs" 108 10 109 60 - let%span siter54 = "../../../../creusot-contracts/src/std/iter.rs" 86 20 86 24 - let%span siter55 = "../../../../creusot-contracts/src/std/iter.rs" 92 8 92 19 - let%span srange56 = "../../../../creusot-contracts/src/std/iter/range.rs" 33 15 33 24 - let%span srange57 = "../../../../creusot-contracts/src/std/iter/range.rs" 34 14 34 45 - let%span srange58 = "../../../../creusot-contracts/src/std/iter/range.rs" 39 15 39 21 - let%span srange59 = "../../../../creusot-contracts/src/std/iter/range.rs" 40 15 40 21 - let%span srange60 = "../../../../creusot-contracts/src/std/iter/range.rs" 41 15 41 21 - let%span srange61 = "../../../../creusot-contracts/src/std/iter/range.rs" 42 15 42 32 - let%span srange62 = "../../../../creusot-contracts/src/std/iter/range.rs" 43 15 43 32 - let%span srange63 = "../../../../creusot-contracts/src/std/iter/range.rs" 44 14 44 42 - let%span snum64 = "../../../../creusot-contracts/src/std/num.rs" 21 28 21 33 - let%span srange65 = "../../../../creusot-contracts/src/std/iter/range.rs" 15 12 15 78 - let%span sresolve66 = "../../../../creusot-contracts/src/resolve.rs" 54 20 54 34 - let%span svec67 = "../../../../creusot-contracts/src/std/vec.rs" 191 20 191 24 - let%span svec68 = "../../../../creusot-contracts/src/std/vec.rs" 197 20 197 33 - let%span svec69 = "../../../../creusot-contracts/src/std/vec.rs" 270 14 270 45 - let%span svec70 = "../../../../creusot-contracts/src/std/vec.rs" 268 4 268 10 - let%span svec71 = "../../../../creusot-contracts/src/std/vec.rs" 275 15 275 32 - let%span svec72 = "../../../../creusot-contracts/src/std/vec.rs" 276 15 276 32 - let%span svec73 = "../../../../creusot-contracts/src/std/vec.rs" 277 14 277 42 - let%span svec74 = "../../../../creusot-contracts/src/std/vec.rs" 273 4 273 10 - let%span svec75 = "../../../../creusot-contracts/src/std/vec.rs" 257 20 257 57 - let%span smodel76 = "../../../../creusot-contracts/src/model.rs" 106 8 106 22 - let%span smodel77 = "../../../../creusot-contracts/src/model.rs" 88 8 88 22 + let%span siter54 = "../../../../creusot-contracts/src/std/iter.rs" 82 20 82 24 + let%span siter55 = "../../../../creusot-contracts/src/std/iter.rs" 88 8 88 19 + let%span srange56 = "../../../../creusot-contracts/src/std/iter/range.rs" 32 14 32 45 + let%span srange57 = "../../../../creusot-contracts/src/std/iter/range.rs" 37 15 37 32 + let%span srange58 = "../../../../creusot-contracts/src/std/iter/range.rs" 38 15 38 32 + let%span srange59 = "../../../../creusot-contracts/src/std/iter/range.rs" 39 14 39 42 + let%span snum60 = "../../../../creusot-contracts/src/std/num.rs" 21 28 21 33 + let%span srange61 = "../../../../creusot-contracts/src/std/iter/range.rs" 14 12 14 78 + let%span sresolve62 = "../../../../creusot-contracts/src/resolve.rs" 54 20 54 34 + let%span svec63 = "../../../../creusot-contracts/src/std/vec.rs" 191 20 191 24 + let%span svec64 = "../../../../creusot-contracts/src/std/vec.rs" 197 20 197 33 + let%span svec65 = "../../../../creusot-contracts/src/std/vec.rs" 270 14 270 45 + let%span svec66 = "../../../../creusot-contracts/src/std/vec.rs" 268 4 268 10 + let%span svec67 = "../../../../creusot-contracts/src/std/vec.rs" 275 15 275 32 + let%span svec68 = "../../../../creusot-contracts/src/std/vec.rs" 276 15 276 32 + let%span svec69 = "../../../../creusot-contracts/src/std/vec.rs" 277 14 277 42 + let%span svec70 = "../../../../creusot-contracts/src/std/vec.rs" 273 4 273 10 + let%span svec71 = "../../../../creusot-contracts/src/std/vec.rs" 257 20 257 57 + let%span smodel72 = "../../../../creusot-contracts/src/model.rs" 106 8 106 22 + let%span smodel73 = "../../../../creusot-contracts/src/model.rs" 88 8 88 22 use prelude.prelude.UIntSize @@ -1914,7 +1856,7 @@ module M_06_knights_tour__knights_tour [#"06_knights_tour.rs" 135 0 135 69] use seq.Seq function deep_model'0 (self : usize) : int = - [%#snum64] UIntSize.to_int self + [%#snum60] UIntSize.to_int self use seq.Seq @@ -1929,16 +1871,12 @@ module M_06_knights_tour__knights_tour [#"06_knights_tour.rs" 135 0 135 69] function produces_trans'0 (a : t_Range'0) (ab : Seq.seq usize) (b : t_Range'0) (bc : Seq.seq usize) (c : t_Range'0) : () - axiom produces_trans'0_spec : forall a : t_Range'0, ab : Seq.seq usize, b : t_Range'0, bc : Seq.seq usize, c : t_Range'0 . ([%#srange58] inv'0 a) - -> ([%#srange59] inv'0 b) - -> ([%#srange60] inv'0 c) - -> ([%#srange61] produces'0 a ab b) - -> ([%#srange62] produces'0 b bc c) -> ([%#srange63] produces'0 a (Seq.(++) ab bc) c) + axiom produces_trans'0_spec : forall a : t_Range'0, ab : Seq.seq usize, b : t_Range'0, bc : Seq.seq usize, c : t_Range'0 . ([%#srange57] produces'0 a ab b) + -> ([%#srange58] produces'0 b bc c) -> ([%#srange59] produces'0 a (Seq.(++) ab bc) c) function produces_refl'0 (self : t_Range'0) : () - axiom produces_refl'0_spec : forall self : t_Range'0 . ([%#srange56] inv'0 self) - -> ([%#srange57] produces'0 self (Seq.empty : Seq.seq usize) self) + axiom produces_refl'0_spec : forall self : t_Range'0 . [%#srange56] produces'0 self (Seq.empty : Seq.seq usize) self use prelude.prelude.Snapshot @@ -1959,10 +1897,10 @@ module M_06_knights_tour__knights_tour [#"06_knights_tour.rs" 135 0 135 69] axiom inv_axiom'5 [@rewrite] : forall x : t_Option'0 [inv'5 x] . inv'5 x = true predicate resolve'2 (self : borrowed (t_Range'0)) = - [%#sresolve66] self.final = self.current + [%#sresolve62] self.final = self.current predicate completed'0 (self : borrowed (t_Range'0)) = - [%#srange65] resolve'2 self + [%#srange61] resolve'2 self /\ deep_model'0 (self.current).t_Range__start'0 >= deep_model'0 (self.current).t_Range__end'0 use seq.Seq @@ -2053,7 +1991,7 @@ module M_06_knights_tour__knights_tour [#"06_knights_tour.rs" 135 0 135 69] axiom inv_axiom'7 [@rewrite] : forall x : t_Vec'1 [inv'7 x] . inv'7 x = true predicate into_iter_pre'1 (self : t_Vec'1) = - [%#svec67] true + [%#svec63] true type t_ManuallyDrop'0 = { t_ManuallyDrop__value'0: () } @@ -2073,7 +2011,7 @@ module M_06_knights_tour__knights_tour [#"06_knights_tour.rs" 135 0 135 69] function view'4 (self : t_IntoIter'0) : Seq.seq (isize, isize) predicate into_iter_post'1 (self : t_Vec'1) (res : t_IntoIter'0) = - [%#svec68] view'3 self = view'4 res + [%#svec64] view'3 self = view'4 res let rec into_iter'1 (self:t_Vec'1) (return' (ret:t_IntoIter'0))= {[@expl:into_iter 'self' type invariant] inv'7 self} {[@expl:into_iter requires] [%#siter31] into_iter_pre'1 self} @@ -2104,15 +2042,15 @@ module M_06_knights_tour__knights_tour [#"06_knights_tour.rs" 135 0 135 69] function produces_trans'1 (a : t_IntoIter'0) (ab : Seq.seq (isize, isize)) (b : t_IntoIter'0) (bc : Seq.seq (isize, isize)) (c : t_IntoIter'0) : () = - [%#svec74] () + [%#svec70] () - axiom produces_trans'1_spec : forall a : t_IntoIter'0, ab : Seq.seq (isize, isize), b : t_IntoIter'0, bc : Seq.seq (isize, isize), c : t_IntoIter'0 . ([%#svec71] produces'1 a ab b) - -> ([%#svec72] produces'1 b bc c) -> ([%#svec73] produces'1 a (Seq.(++) ab bc) c) + axiom produces_trans'1_spec : forall a : t_IntoIter'0, ab : Seq.seq (isize, isize), b : t_IntoIter'0, bc : Seq.seq (isize, isize), c : t_IntoIter'0 . ([%#svec67] produces'1 a ab b) + -> ([%#svec68] produces'1 b bc c) -> ([%#svec69] produces'1 a (Seq.(++) ab bc) c) function produces_refl'1 (self : t_IntoIter'0) : () = - [%#svec70] () + [%#svec66] () - axiom produces_refl'1_spec : forall self : t_IntoIter'0 . [%#svec69] produces'1 self (Seq.empty : Seq.seq (isize, isize)) self + axiom produces_refl'1_spec : forall self : t_IntoIter'0 . [%#svec65] produces'1 self (Seq.empty : Seq.seq (isize, isize)) self use prelude.prelude.Snapshot @@ -2133,13 +2071,13 @@ module M_06_knights_tour__knights_tour [#"06_knights_tour.rs" 135 0 135 69] axiom inv_axiom'9 [@rewrite] : forall x : t_Option'1 [inv'9 x] . inv'9 x = true predicate resolve'3 (self : borrowed (t_IntoIter'0)) = - [%#sresolve66] self.final = self.current + [%#sresolve62] self.final = self.current function view'7 (self : borrowed (t_IntoIter'0)) : Seq.seq (isize, isize) = - [%#smodel76] view'4 self.current + [%#smodel72] view'4 self.current predicate completed'1 (self : borrowed (t_IntoIter'0)) = - [%#svec75] resolve'3 self /\ view'7 self = (Seq.empty : Seq.seq (isize, isize)) + [%#svec71] resolve'3 self /\ view'7 self = (Seq.empty : Seq.seq (isize, isize)) use seq.Seq @@ -2196,7 +2134,7 @@ module M_06_knights_tour__knights_tour [#"06_knights_tour.rs" 135 0 135 69] axiom inv_axiom'11 [@rewrite] : forall x : (usize, t_Point'0) [inv'11 x] . inv'11 x = true function view'5 (self : borrowed (t_Vec'0)) : Seq.seq (usize, t_Point'0) = - [%#smodel76] view'0 self.current + [%#smodel72] view'0 self.current use seq.Seq @@ -2209,7 +2147,7 @@ module M_06_knights_tour__knights_tour [#"06_knights_tour.rs" 135 0 135 69] | C_Some'2 (usize, t_Point'0) function view'6 (self : t_Vec'0) : Seq.seq (usize, t_Point'0) = - [%#smodel77] view'0 self + [%#smodel73] view'0 self let rec min'0 (v:t_Vec'0) (return' (ret:t_Option'2))= any [ return' (result:t_Option'2)-> {[%#s06_knights_tour53] forall r : (usize, t_Point'0) . result = C_Some'2 r diff --git a/creusot/tests/should_succeed/vector/06_knights_tour/why3session.xml b/creusot/tests/should_succeed/vector/06_knights_tour/why3session.xml index 45febe53c..7eae33328 100644 --- a/creusot/tests/should_succeed/vector/06_knights_tour/why3session.xml +++ b/creusot/tests/should_succeed/vector/06_knights_tour/why3session.xml @@ -36,19 +36,19 @@ - + - + - + - + @@ -89,10 +89,10 @@ - + - + @@ -168,7 +168,7 @@ - + @@ -192,7 +192,7 @@ - + @@ -214,11 +214,11 @@ - + - + @@ -230,85 +230,85 @@ - + - + - + - + - + - + - + - + - + - + - + - + - + - + - + - + - + - + - + - + - + - + @@ -317,44 +317,44 @@ - + - - + + - + - + - + - + - + - + - + - + - + - + @@ -363,10 +363,10 @@ - + - + diff --git a/creusot/tests/should_succeed/vector/06_knights_tour/why3shapes.gz b/creusot/tests/should_succeed/vector/06_knights_tour/why3shapes.gz index 075779e855a0318eceb421aca716b3b4691bb129..4bceca0c8ce8f38e0b169cecc24b8eda201c27cc 100644 GIT binary patch literal 7139 zcmV<98yw^xiwFP!00000|LuL*ZzMO9=ez!j0`{SIZ4AIT$RG#q2d&XU3Yht@*c~MH zP2gz@qn6r|`tbbq1LmDoSyJ_7`*SzYc4sBYh+vQm{^CgcfBvw0_|?D354(5y{^9!W z_Fs2q_rw1>d;HB`-@bdHT6Hl#jPIa@i}B%Xc%XCtvZWR;`@b$Ohe3F8mS4Yl{Qat9 za^_$9$E*KycYXW#LcMtXpW~0Ks}GgI{PXwvvsD+}fV->f+sBsukHh0$x3L4B&z)(b z^M_?;xcnH(7w7)^_A1=Hy-g3#cE0==F`l8kFY`|mX^fzhQs@4sm+@b^$AtiMH#pjD zNo{W`$Hwe++a&PeGy+|>i*ZNsxXXCnWqRCYy6&={UizDS`^)36{@rzcUpLlB^4-H6{d?)K{S+s7BGrIuUM>Q}$*wcg#vJT&Wz zGynGXHb2z<(z?s}mtFmm)-Jn3{j+)jEzsqr7_|vopcZ&B!pFDw_qi^N_T~E4-?X6X zj$Th2%sB6Ioo~{WdZDJ?b>m&%ru^aR=I)p4SdXV^L1JB~7UXc?%&}W4)q-4Hp2Tt< zc{#3;>9+E_7hL&`OQBk*8hvwrm)^$w(Eav5{@4j-TX2`FCfRza`&q21pz@trX;JMp zKqZgZBDbhll#sSwLf4u0sF;zwxtJ{>%Ek0F+d{M#)6?0{b&LPIe{)&8y?FhfZQHi! zI>q?=YhTS?i>@DvExL>8X(UK3(Z%$%kP2GjIycfSNlW%})nv9_a@W~htf{zRZsaZw z&K0z*4iDCR%pb1*D|d&xxBJy%|6hOmOYSBcRo8y@+P}HFzJ0fQ@sMxIi{0bzZ}M(Z zz;I#scyssg_CC`KsQ18nTzPvN568{xv&GdvT;Kk3lOOMHefHN_yXWcP)g61l&;Q5U zH#Zr5_P6-+q$`yc9bN-e`o>hffHTZWdgvtQS@*N@l!=K8<#3)K@< z8zMm`(nG#~=LeCt=s%(0nH2WRf$Lp+BE5y);@!o+&~F{jE8&L;~6gZX55b>`ofPMQDv&flk= zZAWwv{5HSe<=e`!Uxb6+{YqYLOpsf~lP6dA(Q0a|jny*G6QjL}(Zw( zaRb0Sj`sqM*8&}kqn3}2qgIa>hd!H8?c>(e1$nvO?UOV&?K+4XLU)}i zvq>gA4Zv~C2h^&DVd$0jZ*^SDS-t|l27#fBMU4b;W-H2XCG7t_;*5r7Rh=HSEw9d_#Oo_g7?PI~vozd75-@WTxj z?E=fe&lQXJ_VInYava9~EpWu%i^Ihz^X#beH5(bt@cWNpW1k(>`86Ev=)F{Ts=u6u z8~ggUl6%be$AQVv;p)wOo=7jojZkUCyL|^(jqL9Dp=H^j-Wu1pxA}enl*--x5llPx z97ybsok>s1jcQ!yeLgpLcW(|sci(GZn#MWRS)3%wIB*y-y9M#??d{`Qlr^6UR5>xUZAfEla#6h3L%>R7#kGtEt36`3u9cDxT zuA}tx)&IMDT`lFres*|Q^lRsFF8<}%dm2A_ARmTH` z`<=bM+w*I-NdA5z$=^3f!iwZDgQEecxyK$E+#+){+%@;uBSUlSa8DJzPUqO%zNQWZ z+@kdR)0BSSqJ(Guoxi^E;U=#v%bo!r$X-rchW&rszs+Zh-xvPoAs-r z$S|Jzx-U;QKqt^02tH{PP8M;0;u|s2p8Q}3p_=UcOTORTz03FI=I;HxW&kU7y!DbkI*`doTP`4YF69@ZOpLmtJJFJ&0mkhWiTukcX zya&M*)NC7@mhgz3sW@(U-;&xK|KaHP59{&hE|%b}rK7R@+P3P7?s(T413hxxw4hJB zZ-y}Su_>H(4-R4S=?1S$%l|eVEZ35%A@COY@YLxV4!+#J>bvN2jU`_mMItS@7HI>9 zwBR-Zu^XPj%Y9dE2=SPM_hW#_^xJCeHw%v|oU#ge9i`Q}iQjcv5`*<@aLh1(#8w0-bSi9Z}9j-YjWPUyytn}RN@U3Pu@Yrenk zj>#aViMX+@%Lviu5uZff4nV=Q^{c+NLsXwBz`Qy~!&-CbLye&iwP845%W!mUy2X0Z zI$wJ=NN-!4Uvh_%?sK_%$iMaBk-ZEfwVf9};g5Cq!7;C!`sH?yy#v3OhwE~Mrq8@C zUdzFoE|RmCXdF|7pcXm2F&!QN zw~x5{r;OS2%U|xrOWt*vRde2Ff!Am9-IV!#RS)p%rFRQvx)_1`MD8+?17E=DhLgN* zyXkeq30^nMuEfmhY;U4|TW8MScPiUAW0T6^%21HqER4LuZHH%j7#xu5Tr9HbtMu*R=N=ep|#z)=n>uPVZiaP3Ng%Emc__ zdQV-`Q=^6@`KXZ{IBapt!>cXln}Y~jqFOnz-EzLaW}Vj{J(zAu_UklwSTK@T$9x^V z<+OlZ95!?xAk?^YcIKl`$rBU3jm>u&1i=+w>OmeCVqrj~hTJPLZmgM0au)dmkZ=WBk-XWOzLWibcIwaKxGcz za0OXwh&5IcxkYMhOoPE94W=i6r56CpOaRMt0P7(42ZyQdjpUd<=rqum&a#eAi@c#s zi9=acMuF{0)7;?5FPl(pyzGkA_A1bzy7)uw7%fusHHL&m;7jc;9zGE7gC zV(0QRSk<2`3edU=w5?*TbN|zne(fuP=6m?Vk@vr^-q+HXIbeMlhZt~4Pos-C%=mZh zH~J6DX!;14=C*_WzaRF;x$Pl8u9F(eVEQ1{s^WO$I3`xs1jeeKQnAW*xMh3lOTm9w zs&1{`y+AWP)pw)3WK3+*p%-$z-|TkQ!}p{Jqam@RpZRWwiHdvG+nqq7zLpIf;PSaetaFcY`32Jp#LM}q(>wRK$< z`6}tD4JR1dNr>%8f8To+d^8DeqA&9z>S4H~P$*7xdyf4RQZ{yO2=o3{_YKKcE`bhHMZI5Y3Z_6drE z!7oR3b*vt4@8XaFcuu6_{5IC24*JMd==rRIYp{y^jCSH;yLla!YiYtA7t5C;*1973 zES%Mw&QAqemHSg5YouP6>x$$k!n(SO_xbI^-Q(4p`@7g*{rM)p?inoMmOciz^cLK@ zVtYE&x?=mWFsmPOD#SX@;3&N6ha7`exCAJBkm-u;vUS26PXi9K4LGLDe7t?np1#Zn zczx_PAE;t~+aA4=an34L)vNgmpUecdk zH;%FW@d>8J%T2lmuj*%|lO#(i$<9)eT_!%}xlwDl&bmVH?xd~TwQEgRakUry*QzzH zHPv>vW}TTdtyaSUFz(eJ-PYJ??;Fz^x#&5|DvmGGYG}pO|7d|W>n7cbY!zvVUX0O` z$>@Gkr*`4`gI&wgJ=k^nWc_Vf-(`+_#!r(c>3s;}cDdokZ)~ zzSY<*+AyScSwa$f4D-}+b_3~vzO)v_L4=U%ZK%&^f1yyi6YOsMuorU5o zNsi(rurtmlS2&AG&UqEU?x^9jlA|r;vbI_Z6(|lV6cmwY4Wimnqt773lnWaS(RwmE z*+{5DW)+EZ@jGgO8o&mi0oAz1Hqw|g7AdNDrL4EaJ{zT32dglrVoZc805`}DQiIqa zG^iSI4cG>x0n>nPfDh?LBSu+dG1?gAEc)bQ(K)A-S$p20G-w*spFlfMwjRKMGC@m5 zu*xLme2fT0h&yx*+D|4A0#UOriHa@cqeI9g7%jdCh}Jv8hM*z!IZTXbVu)I^;%tiX zQJjUGvsai%;*NAf+z@>Z6UpAPDr~Y9P!ggK$?1p|&=3dQku+pJpO1+-C!-X3BP#e5 z3vp2a3Nd+=Xh*IgTmO98f&>?|Q`%)6au!Pj!VZvP_E>b@F*S@0L&NHmndGFjXAJcZ zD6|D^0T!K&64sgOL2wP*hNWTCupWW@xa^EH#(W&j=$u$1VlYP)U5*f=5RfX-Xd%55Xhb!}HO77fS+BAb z2vCeCVk^#NA4Lcgd!HOvvc`T2WzL2Jgrt4c*-+5ni^{e{j5>*noxu2s#KF2;yp-g* z#1f2T<%1RlqR?dHcEXL&r_(nnXPd#-T`3+_4rIxoW@TAxqMcQZxJGOv(uiq9e>{um zT|h`VlL?eVaK@St6ngQJS?#Pe)-+Z(mK#fr#m2&CakQ3=LyDS>hpfrRg2fvHM){lk(p8mGQIUv0FHfmw@IbrCa)66GlP6fD`Y zbJRHeDy*TH5S_7J8>ArYNU^o(y&?BoBpf0nAr~-f%)&Xv6f7|L98K14 z2TC`fsyOsj1c)X^vKEOr#LQ$F6M}XsS&fm+upvR2uOgzBN-x6VhC9Um2$8d)85wnnxbT8XCqS9XvjDc*2;KhO%{{)*zZsI zqr~CJlrTvKB=5E8q>XmUWhFTqq7K2?FUHP@ie9OrQEMPDh5nB|Pk}@bUg>tYJxdOsTw2FkRh?Mm@We6sr ziO!m6qwzU8sGt=PPo|es_SU1Ta6=$C#K2BzojnRzR0CiIq|?MJCQ9;AAWFqAWCLnz zDLIp@A5IYR$B@j5IhklQp<&F1ycEt_jMWyA`}+d*$C72mAz3U&oH2k4@I-1~E2}3dLAvzVn_|edkG(e^S z(qDq9iDE2@56pG5i5Ir2_~6heu(C9*UzD*`8rdpkwPA@q86PRItFYOLWat=^{W{D8 zTCEh@l(Y`$G8=D&wJSo^8A+Y_B=_|MD8(!1&=)CWqs`G7iolA6k}Y~#Yp!Ml8(?UF z)fW_ioL0(G@)h4|aa@A-#&d$8bIePi_w|H`(Xp{ANwyd&upw})34sf0Zx8msR}(}B z?WF)QrBD!@q2eiWNWpsW%J=(WJnVmfK$Ih<0!1^hwN}TVZ74P>EfxCYX@Brn5`bee zCIth*C(l%)n1L`T=SvQv^lE>6Eg=evvfzS3(Ar}PMJMf*qT*62pbz%P*Aj%p3fM#$ zGD5Bf(~9Dvd?4n;am!wOHDO#(k%|+8!KeV_wf6v4B-a}-IyTF=%pr4DlOmtvN*P9~r#s3|BPmC@08L!hZ9b+BV*&)A71saC@#*2ZJb+C+jP zj2d0-hK?FAwtqz`W_oF(11}5XxD(Y4QOegV$S-PZa{Mbni|m9fQAON zYJlAti_J!RL~&Y@$%)D4V65>1h~Do&utrd!ZqSN4jQbj5q>zF*r9c}IXSB{%1qB&& zwi+P!zF}2--Je2VTb>xaBnKcVAyJAd6(rV1bP80A9psS)#Qae*xuSB>E`vpm#01*0 zj})Utt)v1uaf2-OkCdxqWl6;l*o5d^Ml@ifr+SV>g4=S z z^-Q5e(b0CX_85(_)gC!)!2Q+4R$xo9WP%rFh)$F--k6fPP_C(WaD!ZbIne`RDW*C) zh(S~oG8Bw+Vn`*G@(!GC!0}&H{Gx0&1|=jkCI??bqt$n|&M~GWHM@qYrj1<#&Nkqr z0XIRxKYs$6ETjtTT};`;$Vn8cm_bn>Nv_@^2z3&!L1i0M(x5U8D&3&s1{F1^u)!K* z{i{y0Xs0;p9F;brBT= zZV;$Jz<=(^`eKo7vehk0Dk~>Rn}Xh;2WM62CyRfd2^T~aQ!x&UV{MHt^>4w9Nn*~q zpRoRWO`5=9(O$qQR@S&efRw#Xj~Sh#O#ou!CF99EA?vOS*-@F z)n~PItJZG)9kqf<>r#X;xa)=;-g*2RZdtb$tfo5eV+m0wkGB;6qKx1}7TF(P4%nUk_ylCX_B zizz0S09_acYxyuqgJix=hn zC6tWQUNE~P){`%ybaVvCLJ*aA$W=q~ZEGna7R(q}8%CFjvhl`Sqfk?JoOY;HgY3R* z%5i24t{NsmV?43fs!*ViOD(aOFqMXHTT$e#P>w8IKbRtwYuR9dfGL)MLyUL4@xFCs zC94f!utvGyCFo?8E6Mr*WFX{tfUUlDg+a{B$(G~`Dy0IGiC)Fzm9Z%V+unRdy zuvW-b6C|oZgUta?*wBStQlCt4H|0D)OKjls0OubP}fr@4Qlh()toL?GCLob zoYqEVos}bGO5`L3>WaM3@^|fRr*zqR7c@t$gbf6%S=fS(p+-{r>)uL(H9~3icLnY% z&MbNyN()c>o8 Z4k|0(eWZckb+**me*f6xXNC}8Gdu{&t& zH-XPY7+G>8*>UFA57?)l=k$@}#7=Ur4cKv?X0fVRWEJbx`JaE=J^U2jm51Gja{q9B zcl)n9+5PQ*ojv{>u5UlQQk}XOAI5jk!NvG+HayUIc->Klm-~M%E{92YaaP{Gd;ImP zCvp~EhsUe`b9a6F_)5Kc`=8^FtE-QV!2I*q_OnwL{e-)#>)XeU!*|2u0oVwD=QA*E z0DoKp!{w)7zBmupw^#A*{cV1D7Wnd0*mwr>A13bsY_A)1D>_s-w|9x5u*|n%ez)cz4-oy?XnfUDtJl{bq&x>u}p^ z2JRn?;P2K($Z1>my z4Yxm*Ud&1L<7aQfyQ}Nl54%?n<)*&cJ^uQx>?Q#Y*JnsKcMtFH3%!DNE3W6&_qS<# z9)>bfzQ*Mt+hQauAF&Yrp=a}<+y z4U4%gzwF9w<6^%tN6_PrA1zw%_y2_pZs%>a+|>c>^n8!8J6NpSSgacttJSnv_vUgi zjBJMs@ac2$G*6em8^ih2$9!w@`L+_BKdILZ(V*2DUZmA+#;nsCI*p@FYaDf2!yrZ2 zU~|jJc5IgZE}PyUAKP-=@E9lWlSc28j^6z#%_YO}ZW%npJp!O*B=8DXaOY#RHHit9@e7PAgSCThR>8$K$db9{!VXT~ zsEt=wz0cP#2?n>RQC~3&PtKc|SMvrQ!Ymh~jye7K{9-=t7xVpy#?2AOKn+`ov*g)X=W8;PY5wI? z$k=CR^?@WOJBEube%(8w!_9tu+t59h`_oR%0C4s0zD%eW^F}vobZqwku$tNX0>j7> zpxqkRx3}ef;bhgj`z8Iw?KDFUC=Tb&s3+kjHSY5votwM6cgKGH9%>+(CujY!+`ovG zapEvzjy%%c``gDgD{CSY;@$oI-7h6K2ck{yy_g@%DQ+*{knw-&%%dreG}qMSy`3?13sX=oQ@2K|G0l& z&KAEf!p%cDHZtFRcc`j!m_6_?YJEGGFE&6gz&jv((kQ%`#lwYfB&GN02RjJOWS1Yy z{qF8Vxvw{Ozs!3!pwcI&E_fb6e-qb#|NBydhsz85Oy8i!7u&-pW||IdhrBVVjV$ii zj`%dk9jb)|BRJpO^L9x;Kexld`B&4^)+srhwk$!+)s1$;k9)9LcUS`Sg&gWn!*bzZ z|LO~GT=&X)xeCdEJHo}HF3$H(aC2(5jZH^*!p<~5Zg}63+MNIK)nV9ULS^PLn=s)-j9hS*&nMBZe|`=e#$B}b`n?T zCVJO-i44}O!LbC?{GL8e-xir2;kbw6!&(nDRI7Mt#q?D4>9ZJnu`a1ym79lOek%8U znu9(8!%Y1kS3(QEM%K4MUPfnnKh+3;5A!acf^f=h(2$sUnY?CeO52L}lKjI_r4BlG z5QJ`=xGCwfI%U_lKb8CIUQGrzCE>=tE;B^G5BbFMb^;2fqu=DUouc}k49vT8GOe{? zBw))(^kcfird54hy_%%AEz6Ik_lWLGy?Q7=?^7WMd@xMUiES;7Ql|L}>q#IR`QL>x10LhrSRk=lc@-TK_&wW%V~rS>G-rS&-=x1n#Tk zL)<%98P9p4xS`*0j$ob)(^$~*EJI)=M z!zLIWHjK=hQ*n*n3Q)i4Wu6<9$cWw%l;oaK@8z!#``o z`=#tH)+&TT*CGDfDmSqYp^g%r`|hL@OP7vyzjQgdbU8jUdLrDn;>?6cMo&a*Fm!P} z5v`e)nQ7kB-$uI?riXp7sa8FQVd%X%a?*}#SQ~|)O_;w;=kK7;az%M~x$t~wbbM&# zCUJAIbaSaz4wW3e;pSwG)$pm+WqQMF@5>F&mmA03qEt4P#b8ku(~}dX7fzT=PMGvg z*ikJIj!WMg#WH;aGy1x~wmLnv)#vw-uKsx9 z{jaO{tz~9TU?1lt2H$0mqt8IhKJq$_3?G--_0g%C$By8CJ%-15?4dlaiyX`3`oPty z<$I(!7FyN_#%`e6{F&|a%l6WjjQ?#Zy0v%@63_G$>_)rESm>nVNaZx#9Ha0?G_yT# zp74aL$|u4aJ|((-UF%9^+q1(ru-?VJ(4W}C!}<6ku8#t%LylwnwLH@Oi#2b1n0I4! zayt}yB2L1-QrKI@u@>=y$m>~@FNwU+?NJ?uUiyj93uc~2M_tdC{zvsh6r}gdl;NkG z>RFJa4u{6mXb$@s2(~*D#$#++I{UcOfbjWg>yCz&wBPDYc#aT1Kdoh0NKHKrq=rb` zj4+3)4$FbL_rV_N_5`?uXd(V#@4&L3@ladr2_5fuBB^lQu8iyLo!n5BA3A!b2Spmn zC7+|7!noeHLU<9=)6{X!7C$GuTT-~q*Eu|vhmLf=P5NM+GsL)iV;;pGsb;S_Th)Mh zl=n%E{^}oA;#SrGelyn5Aizp&J;plACLp6fpV_2LEue5L_m8`Wk90&U$_BbK@00N@}Y1F&p4pr^7@up!1#SKHxu zv3+?F<^kog(V3NTQ_uOtU9p_lOwXZ2`rd)7Tzrq@isfXLUG*k(mW9c-#jlF1-K5-ZJbXEyC zSY?MsJ8`i+yiVP9H2EDD%a^0Cbw%>K{H(p{{H=~wqyChWHDYhubwzU0!@9ak_vQV= z-Q(4}`@6Ki`pZpuyC<-8xAZA@OK-VbSNsXC))jxUo3)?vQWxtqfs^jle#$A=3YQMb zfy;EoW;r_f8&5kNvh8q8m-%@6o;`h;5AOA;+kC)^``h;9m5eK}*Ar9tY*FFVdD@>t z^BZ+!KifWY%o%H0-ID<7l~uyK>UkWYy6= zC#+U#DaY<6t2gr%ZbrL+9l1HNZrUf1XB$wbeY0t3E;6lLHM4d1%{Tv;K%o<90NReU zw|kax*|hw0|Ked_KSc^BxEQl6t4ssU3t3($IAxvNx1OUMF1ClaX9{$Jowmo5`jPYX z7d*NX9$Lht{|@`;qYd4c4mK+TG_<(&IdUBH|Kk%(gO{6lk6w|zoH@e&31RPu3qjxfa?`N+?xZuo!IH@i*#Zx_LNsT z-5Jw905j75uMt|-L%K6&t7*&V#T-4EjQ%I}VmI7=u45a_iLMNY`d+E zJtzT8J8kU6`Q{DWnL+P6&7INX7i!}ZO@lp0>)XE5*l*e}rGYG65_`($Y4hxsM`Fiw zeRifJnhGpY6iSGyl%l{SV=Grw(e22i2d~azb(Ty?CYZ=hT*$6+F)BM3R0O*t&u6tH zTgeq|wW(C0I;2?97?Z3ZsvUWK1~KJQSuiFWNOZP|P{qP35tkZv5gYh69v z6hv{&nmB+%5^ynbplVP#L!$JK$P;>k&qB?qTuP`AOR^joZ4q!e8=(-{P~4IB#GjKO znG$OP5l6M{cuZhJ5k|q3tlP2jymnsOvueP` zq-tTuXgHI$$+;SwL&C~wXUH4$2E0*ToEQ5HLYCmNF$9GL3Sh3HlvwKm+Yq_#jP`~< z4QF!BSTRPhB$ZrgDqsjm)g;=G-WlhO^~QK3pMW-~Vk$(a5{TFu=SoP%5M~Y`JMPiS zZ^6t(I6}-iBwd7}hEP?pHDS`(xYRIP^&63cb)^PVbKsh46jM})+9)szrHI>E^cH?Q ze#xcS0->Es6Ht{%mIO5`%UTodto7D-E8c2v*<1Q_5-GTdkV_$nRAO{uB}Rq81XEb; zoc4~rBk#~V@J@N_eiub+SsYT*ECGt9kSf+70-{1zq3oRTPChfySahycX#`=VnK>DU zHDOgT7oFnHIq&S}r>jMW6q&Wrs%>IHql|JCLyneg-GOTMM|~0EP$ecOHfTYLh8-!k z7DG^Efr9Knal-!TQ z*yRW+IRIyjPSng5fcm4@;g}#BauJKhVz}g#qXni=k`(QB&>ZOgiiR)6Lz0xpS|s9_ z3X^5b2->M^H71tnoHl3S%dtTsu?7+Y0Vy~zXjCvKz z%n*x;Dwk*r=A-laW!Wjr&L*UyQAiva)=C1iCW|=)+@D$fN3z6;DPuMTkV4Q#XD!+( zSClD5hhAH zK-XLn1JNNyc1r6K(11lXIJH3PC9G9RCWmAondae;ji{}q>?GST=nuim5f;UqC5a{! z#v&9<<)V#PZ4r5Yfe?NgQdS(Z#VW>$WUf?g7F|toMzhOi2Miuqd7y^9p*0>zJdpN4 z?15-F&o3hw*tlvVx~!8#$I38N;Q-002ofek%j|*41LN~LJ7Ws;bXk89+7Yc*ifztXM|6cHSi{;?LoG_l zy}e}lV)Sbb$~g?xRIw(Q@qfbsNWhsZ|^lIa{Mja$@ zhNw#_Yp?GM@sN^Zu_~KlF*dJ;z_BI-uBd}O-v2MehmJa!3dEFSMQ}njP-=-I8z88# zKMRA7{{j3^Nti2C&A`@Louam}+N88;?oOG{27D3voU%xc0x{&kB$6N!M&&{+(I~w> z8()Tp%0^jmQ6Xp@FvqI14oXpVIakofXXDH8LB<-enFlA3g6RV`ak)}~|wTg#Mtr%HbwQd#RP z5miM^QH7*LCl`c3Q!6`RPfG9o2C>cv$EZUP8;pu3OJpv=%8ooK<)L{thCMW2$)E=V z9*puJ&O?jkrKLB;gJ=)J9-2eh9?^q<2T>lh^PsH<-L_QDlx5(mqAf92HYqEelbDcm z$u)(z1LInL6`FTpj0YoMf{lVkDpO&dS=W|6V@lb^TAS;ta32n~V`;&IRbQGPRGg)y z!oU*8s;r?Dt2nFBQYdQRhds2T@W=2JGuv!!a5)ADL4!8ZCwHB3QexSGm4O%iNAg9+ z^xOnZRtW`5z?MsJkkJ;fJFwP+HGc+gIyhTmH7%8I6);j@Z8PNvI&e(;eRSZ#DG%2D z(fk<)0*-R1Ap;7cOJu4^)n>A$N*@)u_80#w7BNH>+ExY^bJa?0Nj4c>jTkCA_2HJ| zKby^rD#e_rSi{K#tV&r3!PcOvlQ0%1z=;Q^|4dG!tu+R6g2^bIYjnww%GmtIR%PzJ z0H^;V+}a#Nu2N%CU<{jVa-ml9`)DS{pDCE9b<3`oo z4oR8{0=NLK0AgQ*=@zRDJOgThC5w+UdJ?{>cOY7zx-&6_qM;birz;h%uCCnPY#&v>v9`#MHW& zS{qaAWBO-UyiHP!vb8G7x@HQwatxtr0SlyIhtyVYJd$`M?U7pV7I`G}Nbt`om6{1u zg36UMGg}N4$wrfFwi1Yk<{KpU^~j{?svs(@5pyY;iBp1900DAITF>o4UzJ$67;+VJ zYPG-A`Zf%@Bqf6QgNxlh+0~;;uFvUzID=XF&Ejmgp5qKZC zvH2#fec;DYXG$C_6lQ`VhAK(Ml8VdRhXmXNX7?e%H^J=%m!MV^F$Pk)mP9rys+uVW zOu{AYP{W>ct-f9<83@fAC<&8`L5jnqLdeh>khn7JP?JZE-y~H_Ks36#N+PBrWEZrx zHMmf?u-Tz*65_90N;+%hglr0-7BWsVfQ{m`ifBN!^JF|~`6emD?NdXDU|YYDGQnwx zSQTSy$;xi>skHsd1qDefF0DwOq&StcC2d@(tfCG3@1CX`?`s#9Mw3-ENlD6%6DKWX zouI2GSP1UOxBA)zhDHjB6s2ki(Fo{>I*AffOmiT5|4Nic?T-DcuU&YxU46Fnogy_D zs}i(!N>Gv{C~i$@DDZX2f=kj7q9L)Vav&}3OVS!SX%({yy)6Eb)K1?G$Yg^v zE@BW2Aix3oHmaU;r##yBQL*)CjmP%hYLAvZTJqR5$bv_!JT~)V+SkX%qmlhdXaz~b z`;*Wrum(LE@Mx4raUR8bl=iu@cogkX*rU*2SaOlHiMFb2(I#b~q^z1*ZcY3-QQzo= z4!%imGmTQUC{9WPf(c-g)1*16Sfi7~)Zbt&J?Y4!!*2pSGRn0;>&sNS^{-P=gslOs zpd!ton!Nz^Hz7V*h^*|YYadNjhTwu_3XY7)$=LP<+g^zBO_0y_8-}cmN(@?x4iGA3 z&^l_iQmqu~yUfs;Z_<2OpKcJ*(7x1WP2#Y9p{6irmsG^Wee>I1a^EESvZ8yjDk_cv z71*3>b}Gi!IqqD59PPd*&)IKM{iLW0Ftom63C#_ztW&h8l!=63jcOliVAK0=GMi=g M-`#?5PkpKVy diff --git a/creusot/tests/should_succeed/vector/08_haystack.coma b/creusot/tests/should_succeed/vector/08_haystack.coma index 35eb99cc2..66c21a928 100644 --- a/creusot/tests/should_succeed/vector/08_haystack.coma +++ b/creusot/tests/should_succeed/vector/08_haystack.coma @@ -19,41 +19,37 @@ module M_08_haystack__search [#"08_haystack.rs" 21 0 21 60] let%span sops17 = "../../../../creusot-contracts/src/std/ops.rs" 219 26 219 53 let%span sops18 = "../../../../creusot-contracts/src/std/ops.rs" 220 26 220 49 let%span sops19 = "../../../../creusot-contracts/src/std/ops.rs" 221 26 221 91 - let%span siter20 = "../../../../creusot-contracts/src/std/iter.rs" 101 0 213 1 + let%span siter20 = "../../../../creusot-contracts/src/std/iter.rs" 97 0 205 1 let%span smodel21 = "../../../../creusot-contracts/src/model.rs" 88 8 88 22 let%span s08_haystack22 = "08_haystack.rs" 8 16 11 62 - let%span srange23 = "../../../../creusot-contracts/src/std/iter/range.rs" 71 12 75 76 - let%span siter24 = "../../../../creusot-contracts/src/std/iter.rs" 107 26 110 17 - let%span srange25 = "../../../../creusot-contracts/src/std/iter/range.rs" 23 12 27 70 + let%span srange23 = "../../../../creusot-contracts/src/std/iter/range.rs" 66 12 70 76 + let%span siter24 = "../../../../creusot-contracts/src/std/iter.rs" 103 26 106 17 + let%span srange25 = "../../../../creusot-contracts/src/std/iter/range.rs" 22 12 26 70 let%span svec26 = "../../../../creusot-contracts/src/std/vec.rs" 162 27 162 46 let%span svec27 = "../../../../creusot-contracts/src/std/vec.rs" 163 26 163 54 let%span snum28 = "../../../../creusot-contracts/src/std/num.rs" 21 28 21 33 let%span sops29 = "../../../../creusot-contracts/src/std/ops.rs" 205 14 205 86 - let%span siter30 = "../../../../creusot-contracts/src/std/iter.rs" 86 20 86 24 - let%span siter31 = "../../../../creusot-contracts/src/std/iter.rs" 92 8 92 19 + let%span siter30 = "../../../../creusot-contracts/src/std/iter.rs" 82 20 82 24 + let%span siter31 = "../../../../creusot-contracts/src/std/iter.rs" 88 8 88 19 let%span svec32 = "../../../../creusot-contracts/src/std/vec.rs" 18 14 18 41 let%span sindex33 = "../../../../creusot-contracts/src/logic/ops/index.rs" 23 8 23 31 - let%span srange34 = "../../../../creusot-contracts/src/std/iter/range.rs" 81 14 81 45 - let%span srange35 = "../../../../creusot-contracts/src/std/iter/range.rs" 79 4 79 10 - let%span srange36 = "../../../../creusot-contracts/src/std/iter/range.rs" 86 15 86 32 - let%span srange37 = "../../../../creusot-contracts/src/std/iter/range.rs" 87 15 87 32 - let%span srange38 = "../../../../creusot-contracts/src/std/iter/range.rs" 88 14 88 42 - let%span srange39 = "../../../../creusot-contracts/src/std/iter/range.rs" 84 4 84 10 - let%span srange40 = "../../../../creusot-contracts/src/std/iter/range.rs" 50 10 50 43 - let%span srange41 = "../../../../creusot-contracts/src/std/iter/range.rs" 52 4 55 5 - let%span srange42 = "../../../../creusot-contracts/src/std/iter/range.rs" 63 12 63 57 + let%span srange34 = "../../../../creusot-contracts/src/std/iter/range.rs" 76 14 76 45 + let%span srange35 = "../../../../creusot-contracts/src/std/iter/range.rs" 74 4 74 10 + let%span srange36 = "../../../../creusot-contracts/src/std/iter/range.rs" 81 15 81 32 + let%span srange37 = "../../../../creusot-contracts/src/std/iter/range.rs" 82 15 82 32 + let%span srange38 = "../../../../creusot-contracts/src/std/iter/range.rs" 83 14 83 42 + let%span srange39 = "../../../../creusot-contracts/src/std/iter/range.rs" 79 4 79 10 + let%span srange40 = "../../../../creusot-contracts/src/std/iter/range.rs" 45 10 45 43 + let%span srange41 = "../../../../creusot-contracts/src/std/iter/range.rs" 47 4 50 5 + let%span srange42 = "../../../../creusot-contracts/src/std/iter/range.rs" 58 12 58 57 let%span sresolve43 = "../../../../creusot-contracts/src/resolve.rs" 54 20 54 34 - let%span srange44 = "../../../../creusot-contracts/src/std/iter/range.rs" 33 15 33 24 - let%span srange45 = "../../../../creusot-contracts/src/std/iter/range.rs" 34 14 34 45 - let%span srange46 = "../../../../creusot-contracts/src/std/iter/range.rs" 39 15 39 21 - let%span srange47 = "../../../../creusot-contracts/src/std/iter/range.rs" 40 15 40 21 - let%span srange48 = "../../../../creusot-contracts/src/std/iter/range.rs" 41 15 41 21 - let%span srange49 = "../../../../creusot-contracts/src/std/iter/range.rs" 42 15 42 32 - let%span srange50 = "../../../../creusot-contracts/src/std/iter/range.rs" 43 15 43 32 - let%span srange51 = "../../../../creusot-contracts/src/std/iter/range.rs" 44 14 44 42 - let%span srange52 = "../../../../creusot-contracts/src/std/iter/range.rs" 15 12 15 78 - let%span sslice53 = "../../../../creusot-contracts/src/std/slice.rs" 122 20 122 37 - let%span sslice54 = "../../../../creusot-contracts/src/std/slice.rs" 129 20 129 37 + let%span srange44 = "../../../../creusot-contracts/src/std/iter/range.rs" 32 14 32 45 + let%span srange45 = "../../../../creusot-contracts/src/std/iter/range.rs" 37 15 37 32 + let%span srange46 = "../../../../creusot-contracts/src/std/iter/range.rs" 38 15 38 32 + let%span srange47 = "../../../../creusot-contracts/src/std/iter/range.rs" 39 14 39 42 + let%span srange48 = "../../../../creusot-contracts/src/std/iter/range.rs" 14 12 14 78 + let%span sslice49 = "../../../../creusot-contracts/src/std/slice.rs" 122 20 122 37 + let%span sslice50 = "../../../../creusot-contracts/src/std/slice.rs" 129 20 129 37 use prelude.prelude.Borrow @@ -281,16 +277,12 @@ module M_08_haystack__search [#"08_haystack.rs" 21 0 21 60] function produces_trans'1 (a : t_Range'0) (ab : Seq.seq usize) (b : t_Range'0) (bc : Seq.seq usize) (c : t_Range'0) : () - axiom produces_trans'1_spec : forall a : t_Range'0, ab : Seq.seq usize, b : t_Range'0, bc : Seq.seq usize, c : t_Range'0 . ([%#srange46] inv'2 a) - -> ([%#srange47] inv'2 b) - -> ([%#srange48] inv'2 c) - -> ([%#srange49] produces'1 a ab b) - -> ([%#srange50] produces'1 b bc c) -> ([%#srange51] produces'1 a (Seq.(++) ab bc) c) + axiom produces_trans'1_spec : forall a : t_Range'0, ab : Seq.seq usize, b : t_Range'0, bc : Seq.seq usize, c : t_Range'0 . ([%#srange45] produces'1 a ab b) + -> ([%#srange46] produces'1 b bc c) -> ([%#srange47] produces'1 a (Seq.(++) ab bc) c) function produces_refl'1 (self : t_Range'0) : () - axiom produces_refl'1_spec : forall self : t_Range'0 . ([%#srange44] inv'2 self) - -> ([%#srange45] produces'1 self (Seq.empty : Seq.seq usize) self) + axiom produces_refl'1_spec : forall self : t_Range'0 . [%#srange44] produces'1 self (Seq.empty : Seq.seq usize) self predicate inv'7 (_1 : borrowed (t_Range'0)) @@ -300,7 +292,7 @@ module M_08_haystack__search [#"08_haystack.rs" 21 0 21 60] [%#sresolve43] self.final = self.current predicate completed'1 (self : borrowed (t_Range'0)) = - [%#srange52] resolve'3 self + [%#srange48] resolve'3 self /\ deep_model'0 (self.current).t_Range__start'0 >= deep_model'0 (self.current).t_Range__end'0 let rec next'1 (self:borrowed (t_Range'0)) (return' (ret:t_Option'0))= {[@expl:next 'self' type invariant] inv'7 self} @@ -317,14 +309,14 @@ module M_08_haystack__search [#"08_haystack.rs" 21 0 21 60] resolve'3 _1 predicate in_bounds'0 [@inline:trivial] (self : usize) (seq : Seq.seq uint8) = - [%#sslice53] UIntSize.to_int self < Seq.length seq + [%#sslice49] UIntSize.to_int self < Seq.length seq predicate inv'8 (_1 : uint8) axiom inv_axiom'8 [@rewrite] : forall x : uint8 [inv'8 x] . inv'8 x = true predicate has_value'0 [@inline:trivial] (self : usize) (seq : Seq.seq uint8) (out : uint8) = - [%#sslice54] Seq.get seq (UIntSize.to_int self) = out + [%#sslice50] Seq.get seq (UIntSize.to_int self) = out let rec index'0 (self:t_Vec'0) (index:usize) (return' (ret:uint8))= {[@expl:index 'self' type invariant] inv'3 self} {[@expl:index 'index' type invariant] inv'4 index} diff --git a/creusot/tests/should_succeed/vector/08_haystack/why3session.xml b/creusot/tests/should_succeed/vector/08_haystack/why3session.xml index cedc5c663..4305457b3 100644 --- a/creusot/tests/should_succeed/vector/08_haystack/why3session.xml +++ b/creusot/tests/should_succeed/vector/08_haystack/why3session.xml @@ -32,64 +32,64 @@ - + - + - + - + - + - + - + - + - + - + - + - + - + - + - + - + - + @@ -98,7 +98,7 @@ - + @@ -107,22 +107,22 @@ - + - + - + - + - + @@ -131,16 +131,16 @@ - + - + - + diff --git a/creusot/tests/should_succeed/vector/08_haystack/why3shapes.gz b/creusot/tests/should_succeed/vector/08_haystack/why3shapes.gz index e377bad55be71e3df31ebfcfd85f9f04039fcc64..2602955bb4702e006f733ff431ac65294b80523c 100644 GIT binary patch literal 2799 zcmVB)8&f3mo_um(?eSG(t9)5lXXEB(aFSMf!hEXVTh{pzkO0-c=d6_}#4ee7@=p7CYVBBBro22&*$l^N+UuFjnx`vST-(7N!}$F|4q)#E7xK%8$wHRL zj_D)O`EqsUgx&~XoXlpjh%@=P3GG3hFAfpxllFjftKw94ulo6m4DszCK96tv@Hw^f zD!z-W{AL_i`)ue#axZlpbkq6#{pnuz9&CY@ej%FcH^J`(HxiG*>PTP2^)fy`m^#*a zw_b~m^!)}H$24Co<{zbu-o0I$jCC@LuVpo!l#6p1CuJ~`Usu+NBEkS&8I!f zq-%0}f&Gbb7IgMX&e*|Y>9F;^UzIBvbuk^Vcc(dkH(}d}_A;M|>;!^63pi{cLD#}@ zJ*(oRm+u$Y9fdf4w$=+_zV-Mp&do;KX`s7(pyO$v(*f{4)ZNZnD~czp_ALH*sdbTemF7lh9%$6S(vK;>9lKCs5k5@u_y%O3J1APg!_jjKjO2-L)>JC0d zlrL{y;+wZ|bD&Pz=1o3lzs{tttS22u?5;TDrRt2kT$s#?{QB7Oq<1ns@A}^*=51Gb zXyzF6M!|94=fBm)036i z)XAHV%bPTBRer%)dZPnp3;MeYajvFsRa;|pbEkcS-mSum&G#*^UcEZV_Esskd47LL z9Bghs>nD*@iCs5(C}9qAXpHpxHF1oW+wCJ3++QA>(!FTExMPIVTizJq^oBRa_J@~l zc5UjWTV0bsx`kc1gf(UTW&D!n>XVIqRx8EVn-o4V&^IZ3Qqs}a=VaajR`&koZmT)3@BBq9N3&-! zeYRm8>BC6Ar1Ej+@9(yc*=xp59lcw0nmRI_#=AD9kEfv1mu_EeVlSh1g=77Rt+I5= z-(4<92llSiyj#p3m(QPnzO=tuUEJS2d0m)0McZB0>i+IxA@7vm@pc;Sw$J(f2zQe| z-<_Qj9oh9-Y<~gp4e8mVJlUI0rHEzINny@d5`d z3eJ}7P=UXYS4Z6fn~wGU;r9uHv7I^WB#gZq42stklXx-(N(EJ@W&@r*shXjRe657i=(rgAOWCzyJgG77bNRnN$H%+7yQ-iLuB@X&j;pXakxX^(BcB z!P%57iZ?|8CXJemL{CZCrjHe0>G&x9Vr(h-U}5kF6qQ#os)t?#X;#W zx097|)@SQ{RwhO5b*(u&TePk!>NHe7C>N9s%6y@zVhj~)!9^w6h|8`*sl|JU$r;LP zQ|4<~6RWC_!fF99SB#k*5{R+drkd8)G<-#a&Z85A)FRg)u@GX^T*0D<)_JIP&?;yO z8o#b(n~_xFVi^csMyY_NLPST=Bk+(RXdko-+6HZc=C5K_TSGC4N+qGNG2S!#s;fyD zGjZHj8Roz`unJ6p@vEb-qS4mms|5vG*<8eMjD$+ac%54|vJGthXduagNJLS#>Xc2f z%nX!33~*)VTE?>bHdvhDj0qf=6bYG2Wp>VZXDVl=KC2A`_TL1KI3f^{oRrr}Vssj; zuf~&7Q8hUHO%b&=#U4-JvQZw*S&l1oryK?NDI5?8BoqKzWw z))mCix5s6x@}_#FRLR*;t8vCifnt@))t6RZj19&F!@=la)Hj2cYgDDgQrX#3bSlW+ zWbF!o$|b3xRl!oQ7%T+igK^&lrXW&OEUILIEUqBvr~nZ#VRd$BO|TrSehOf1VePY4 zz+Pn*O~l?R(JDu_wYZ_9;4nA{)(7i?wNC+cQLM99PEyXM)D{#e7e;EKn~V${x6{b! z;MDg;idh#!PJC3hMpqLQqmx7+aT-h-IvbpMDqyJs6U9`LI8%x*HerofQD!b|hRz4) zo(^7@sYGikBp_`4eo+qE-Ny@5>r}g^cnThae-e1TOE$4BS}Yfm5}A@I2uW(P)sz;t zXoFWz2eR`R6MFP2qM_(x_NCU!CZlyml@`BVKQ+_@0FG;lKo$`!QdNYY=I@7q>{v3oCa#$ zCW8Lc_@fObU9!r_YiqG&C(gB=C6{&^vzxs!0fC>c4}#jKT)=6eO3r2mpHj9;a!!Uf zKG-MkhZNxU8WN$_>Z&rpS?L6-YL&H;jUVn$;Y$G)Of`xJam53%5?f8mu2=_!w(mL! zzCG;xS-eud6eNTg$tR}Fu8R2TnX33qw0Xfs`0hYmavq^Tk<6B30p*ibk_1d;wrLBL z{@8fd**IgJ1GEUQ4Nn7fdw?QT7a?0n$@}ER3WCun%%}z19T-*nJp#THLYFaBR@xQJ4y<9%EP|PQ z@h-;FuD_@nO8U-7qY^D9v&M)qr5KC0+HfqSg`9<>yYCvN(%%{K{{arv=y)15000zu Bfo1>z literal 2813 zcmVXiwFP!00000|J7Mrk6X79e%G%M&qvq?+Z#gx@#kE9DDPySf1frz9DCZL+Y>J4VQ2EgDi&+vRF>$v%e4R@Vmba zRzLG(_ApW%-1mb4|L~HhGJCUn%MTOzG{O#fH6KrAD}EUN^X`8mxbNk3NB8}pr$MLg z`@vdQ5&1BFKQA&J0WVj)SdFLiHzVlu@s!L;Kk@1{zvRhsEbl+8e%*2Zckxl~2mF#3 zJbNSK$t+JlE+-E%p2}!mC5NKPTDFb^cfy zk=F(~#N9$*huf8Cqn>Iy+^$6%^;FxTzTb^{Ds^b?ccTM?*x?#4x(-7}hw!jNe~D<< z%>LC@U7Ox2-qFzBAK9SZDZ-uD-aXgR*1b0BslKDFdu?$D)oE&HI8NtY&t%p-UCH9w4(=Gn9~N=| zdoQ?naJ)gC3J6yfSu$;`^Ol38nb!66>ejNX2{$57V?aa5q zeEJ|Kwi|QrOFN}D+&g*xWu0-m&pMH58N*)dNy)HRi_*i0cs2faI|WBDdjBr>O6+Mi z;Uj!a%jVOaWzsddy}2=v2@t_-ml7)jJlW(*t^plz?-n`M0=ShB0GWL z&H@fwNYJ%#T+b?=^z!`z`=b!YCu_YB=39>sTsNew|5OSx-8S*j;hPOVt^7xiFa(`Q@?WN$+HO z-u1sr%-gQ=(9ALBje_I8$8Vv80l($t_<^S%<*J4~@4kn9ak>%5pLpID!woWrJt@Mm zcRMu~+wtBZ#AA=HN$uHR?{+Zkh(GUWNb3%Da7tL;DmVCXCw}~mcqDbt)1{m@kuP4H zog%wxda^Q`I(hSPd6VX?%HMI8-sr&Dg8t@0oU7?u)z%o@+-cvScdPJX^L-1f*RKz< zy;aI>p5Gr52b-`N)P}yqavgpnW6pQ32nzDrj8Wh;KKr&sTf)?*`o-J0Gz ze-X>k>{(2oZCFS8Fp@8+eBAl_yX~X*nz2(y?-re=j%=s#u1)FVDd_a2+gF>|%cx!9 zSbt)xES(B>mkZK?y(=~E7PH6Y^QWIK?XOlB_jgZT7v@gUc9*rfzq?q-I~8`korb&Z zvwuIr-Q-VqXQxC*ZoL-UUkXA)diHov?xs_zBY$^z(ly;1(&5hy8uUgdW3nXF z9N5?)B1TjuqKT*@s)!UD31Wyox@e<`I;uz!BMd5_57`B>st{Kx)j8!7h9KaRtwZz? zT||4MK4-x)DstKYCR<8qFe{=2L8-3kBZwGoS6K@9cJN8$p$|p8_7h{pR2f_C`>}4SlbLL7jGbGuS?SCOB#}o z7^#X!YC9+S`2aRD^iS+PT_Qe-i;_%9skJo?U(g_D@`|YBREa}?P#hRv1+}mj z=AqV6tEeez{IZr4)uO%k8gk8s6Bk=8I+aRR$*4Ls5Os*!NA04vQJXJf7OM)FRI$ag zN=dP2;{Zi$KuTV1tBf(x=x9_l6b*iP6d`D(Dmd1XJp9F)PI(*&t4GCT$uV^HmY00I40i4pUG@CuU5PQ%QzWF0@8u@hgL}x;nNc zk;zpm6wY2WW?w`I(POJ1mcBkN;damm55Q=v*w(K2>M`gFNP1mgtc%u0YogWBs;>sE zdXs&kz+OwpkSGPv*n&P3V-SZWH|;d?I(qeOk%E$v0Js{@7EN$U0c7R8HOUx)p?A^SX9Bipu^CNh%^SGN z#YiC+2sCCuLqi{;_s<8f6`d+0X>WsNQRqko>pVd!%CTwplt3|H49@~@VFhR;C&#Jv zYncFx*I0@#1iTJgbTO#s1KB$7GzLYSjddney!_mQ~|A1+W4XV6u#tYy-K1m zE6|v%atzLx8dPSfM6qj=LK|zuP9z5u*K&qJjfu2G{@)4b~z2I%Hw%K?=rF`Ru!N!rf_g~p7@){YBMK(l&cMVhN PZw&eW9a!M$LNovXwS09_