From a080553c4818d060b58d867c6e9251baf3040a37 Mon Sep 17 00:00:00 2001 From: Jacques-Henri Jourdan Date: Thu, 5 Dec 2024 17:27:35 +0100 Subject: [PATCH] Add Resolve impls in tests. --- creusot/tests/should_succeed/hashmap.coma | 1099 +++++++++++++---- creusot/tests/should_succeed/hashmap.rs | 37 + .../should_succeed/hashmap/why3session.xml | 76 +- .../should_succeed/hashmap/why3shapes.gz | Bin 7215 -> 7543 bytes .../should_succeed/iterators/02_iter_mut.coma | 364 ++++-- .../should_succeed/iterators/02_iter_mut.rs | 1 + .../iterators/02_iter_mut/why3session.xml | 28 +- .../iterators/02_iter_mut/why3shapes.gz | Bin 2792 -> 2938 bytes .../should_succeed/iterators/04_skip.coma | 171 ++- .../tests/should_succeed/iterators/04_skip.rs | 1 + .../should_succeed/iterators/05_map.coma | 103 +- .../tests/should_succeed/iterators/05_map.rs | 16 +- .../iterators/06_map_precond.coma | 486 +++++--- .../iterators/06_map_precond.rs | 18 +- .../should_succeed/iterators/07_fuse.coma | 241 +++- .../tests/should_succeed/iterators/07_fuse.rs | 1 + .../iterators/07_fuse/why3session.xml | 10 + .../iterators/07_fuse/why3shapes.gz | Bin 965 -> 1065 bytes .../should_succeed/iterators/10_once.coma | 177 ++- .../tests/should_succeed/iterators/10_once.rs | 1 + .../iterators/10_once/why3session.xml | 13 +- .../iterators/10_once/why3shapes.gz | Bin 810 -> 895 bytes .../should_succeed/iterators/11_repeat.coma | 141 ++- .../should_succeed/iterators/11_repeat.rs | 1 + .../iterators/11_repeat/why3session.xml | 13 +- .../iterators/11_repeat/why3shapes.gz | Bin 544 -> 614 bytes .../should_succeed/iterators/12_zip.coma | 151 ++- .../tests/should_succeed/iterators/12_zip.rs | 1 + .../iterators/12_zip/why3session.xml | 10 + .../iterators/12_zip/why3shapes.gz | Bin 2065 -> 2164 bytes .../should_succeed/iterators/13_cloned.coma | 141 ++- .../should_succeed/iterators/13_cloned.rs | 1 + .../iterators/13_cloned/why3session.xml | 10 + .../iterators/13_cloned/why3shapes.gz | Bin 720 -> 815 bytes .../should_succeed/iterators/14_copied.coma | 141 ++- .../should_succeed/iterators/14_copied.rs | 1 + .../iterators/14_copied/why3session.xml | 10 + .../iterators/14_copied/why3shapes.gz | Bin 722 -> 815 bytes .../iterators/15_enumerate.coma | 220 +++- .../should_succeed/iterators/15_enumerate.rs | 1 + .../iterators/15_enumerate/why3session.xml | 10 + .../iterators/15_enumerate/why3shapes.gz | Bin 1383 -> 1467 bytes .../should_succeed/iterators/16_take.coma | 155 ++- .../tests/should_succeed/iterators/16_take.rs | 1 + .../iterators/16_take/why3session.xml | 13 +- .../iterators/16_take/why3shapes.gz | Bin 764 -> 836 bytes .../should_succeed/iterators/17_filter.coma | 297 +++-- .../should_succeed/iterators/17_filter.rs | 1 + .../iterators/17_filter/why3session.xml | 10 + .../iterators/17_filter/why3shapes.gz | Bin 5856 -> 5960 bytes .../tests/should_succeed/sparse_array.coma | 607 +++++++-- creusot/tests/should_succeed/sparse_array.rs | 19 +- .../sparse_array/why3session.xml | 34 +- .../should_succeed/sparse_array/why3shapes.gz | Bin 3279 -> 3437 bytes 54 files changed, 3718 insertions(+), 1114 deletions(-) diff --git a/creusot/tests/should_succeed/hashmap.coma b/creusot/tests/should_succeed/hashmap.coma index cee42e48af..d72549f31a 100644 --- a/creusot/tests/should_succeed/hashmap.coma +++ b/creusot/tests/should_succeed/hashmap.coma @@ -1,7 +1,84 @@ -module M_hashmap__qyi9060063638777358169__hash [#"hashmap.rs" 60 4 60 25] (* *) - let%span shashmap0 = "hashmap.rs" 59 14 59 58 +module M_hashmap__qyi15610519155507183510__resolve_coherence [#"hashmap.rs" 64 4 64 31] (* as creusot_contracts::Resolve> *) + let%span shashmap0 = "hashmap.rs" 62 15 62 39 + let%span shashmap1 = "hashmap.rs" 63 14 63 31 + let%span shashmap2 = "hashmap.rs" 61 4 61 23 + let%span shashmap3 = "hashmap.rs" 56 12 56 59 + let%span shashmap4 = "hashmap.rs" 31 12 34 13 + let%span sresolve5 = "../../../creusot-contracts/src/resolve.rs" 68 8 68 23 + let%span sresolve6 = "../../../creusot-contracts/src/resolve.rs" 40 8 40 44 + let%span sresolve7 = "../../../creusot-contracts/src/resolve.rs" 82 8 85 9 + + use prelude.prelude.Borrow + + type t_K'0 + + type t_V'0 + + type t_List'0 = + | C_Nil'0 + | C_Cons'0 (t_K'0, t_V'0) (t_List'0) + + type t_DeepModelTy'0 + + type t_Option'0 = + | C_None'0 + | C_Some'0 t_V'0 + + function deep_model'0 (self : t_K'0) : t_DeepModelTy'0 + + function get'0 [#"hashmap.rs" 29 4 29 56] (self : t_List'0) (index : t_DeepModelTy'0) : t_Option'0 = + [%#shashmap4] match self with + | C_Nil'0 -> C_None'0 + | C_Cons'0 (k, v) tl -> if deep_model'0 k = index then C_Some'0 v else get'0 tl index + end + + predicate resolve'9 (_1 : t_V'0) + + predicate resolve'6 (self : t_Option'0) = + [%#sresolve7] match self with + | C_Some'0 x -> resolve'9 x + | C_None'0 -> true + end + + predicate resolve'3 (_1 : t_Option'0) = + resolve'6 _1 + + predicate resolve'0 [#"hashmap.rs" 53 4 53 28] (self : t_List'0) = + [%#shashmap3] forall k : t_DeepModelTy'0 . resolve'3 (get'0 self k) + + predicate resolve'7 (_1 : t_List'0) = + resolve'0 _1 + + predicate resolve'4 (self : t_List'0) = + [%#sresolve5] resolve'7 self + + predicate resolve'1 (_1 : t_List'0) = + resolve'4 _1 + + predicate resolve'8 (_1 : t_K'0) + + predicate resolve'5 (self : (t_K'0, t_V'0)) = + [%#sresolve6] resolve'8 (let (a, _) = self in a) /\ resolve'9 (let (_, a) = self in a) + + predicate resolve'2 (_1 : (t_K'0, t_V'0)) = + resolve'5 _1 + + predicate structural_resolve'0 (_1 : t_List'0) = + match _1 with + | C_Nil'0 -> true + | C_Cons'0 x0 x1 -> resolve'1 x1 /\ resolve'2 x0 + end + + constant self : t_List'0 + + function resolve_coherence'0 [#"hashmap.rs" 64 4 64 31] (self : t_List'0) : () + + goal vc_resolve_coherence'0 : ([%#shashmap0] structural_resolve'0 self) -> ([%#shashmap1] resolve'0 self) +end +module M_hashmap__qyi9060063638777358169__hash [#"hashmap.rs" 78 4 78 25] (* *) + let%span shashmap0 = "hashmap.rs" 77 14 77 58 let%span smodel1 = "../../../creusot-contracts/src/model.rs" 79 8 79 28 - let%span shashmap2 = "hashmap.rs" 66 20 66 21 + let%span shashmap2 = "hashmap.rs" 84 20 84 21 let%span snum3 = "../../../creusot-contracts/src/std/num.rs" 21 28 21 33 use prelude.prelude.UIntSize @@ -24,7 +101,7 @@ module M_hashmap__qyi9060063638777358169__hash [#"hashmap.rs" 60 4 60 25] (* *) +module M_hashmap__qyi15467499327297494705__resolve_coherence [#"hashmap.rs" 117 4 117 31] (* as creusot_contracts::Resolve> *) let%span shashmap0 = "hashmap.rs" 114 15 114 24 - let%span shashmap1 = "hashmap.rs" 116 31 116 46 - let%span shashmap2 = "hashmap.rs" 115 14 115 62 + let%span shashmap1 = "hashmap.rs" 115 15 115 39 + let%span shashmap2 = "hashmap.rs" 116 14 116 31 + let%span shashmap3 = "hashmap.rs" 113 4 113 23 + let%span shashmap4 = "hashmap.rs" 108 12 108 60 + let%span shashmap5 = "hashmap.rs" 98 8 98 33 + let%span sinvariant6 = "../../../creusot-contracts/src/invariant.rs" 24 8 24 18 + let%span svec7 = "../../../creusot-contracts/src/std/vec.rs" 49 20 49 83 + let%span shashmap8 = "hashmap.rs" 123 8 123 53 + let%span shashmap9 = "hashmap.rs" 31 12 34 13 + let%span sresolve10 = "../../../creusot-contracts/src/resolve.rs" 82 8 85 9 + let%span svec11 = "../../../creusot-contracts/src/std/vec.rs" 18 14 18 41 + let%span sindex12 = "../../../creusot-contracts/src/logic/ops/index.rs" 23 8 23 31 + let%span shashmap13 = "hashmap.rs" 128 20 128 66 + let%span shashmap14 = "hashmap.rs" 56 12 56 59 + let%span shashmap15 = "hashmap.rs" 144 12 145 139 + let%span shashmap16 = "hashmap.rs" 134 12 134 91 + let%span shashmap17 = "hashmap.rs" 41 12 44 13 + let%span svec18 = "../../../creusot-contracts/src/std/vec.rs" 65 20 65 41 + let%span sseq19 = "../../../creusot-contracts/src/logic/seq.rs" 611 20 611 95 + let%span sboxed20 = "../../../creusot-contracts/src/std/boxed.rs" 28 8 28 18 + + use prelude.prelude.Borrow + + use prelude.prelude.Opaque + + type t_NonNull'0 = + { t_NonNull__pointer'0: opaque_ptr } + + type t_Unique'0 = + { t_Unique__pointer'0: t_NonNull'0; t_Unique__qy95zmarker'0: () } + + use prelude.prelude.UIntSize + + type t_Cap'0 = + { t_Cap__0'0: usize } + + type t_RawVec'0 = + { t_RawVec__ptr'0: t_Unique'0; t_RawVec__cap'0: t_Cap'0; t_RawVec__alloc'0: () } + + type t_Vec'0 = + { t_Vec__buf'0: t_RawVec'0; t_Vec__len'0: usize } + + type t_MyHashMap'0 = + { t_MyHashMap__buckets'0: t_Vec'0 } + + use seq.Seq + + constant v_MAX'0 : usize = (18446744073709551615 : usize) + + use prelude.prelude.UIntSize + + use prelude.prelude.Int + + type t_K'0 + + type t_V'0 + + type t_List'0 = + | C_Nil'0 + | C_Cons'0 (t_K'0, t_V'0) (t_List'0) + + use seq.Seq + + function view'1 (self : t_Vec'0) : Seq.seq (t_List'0) + + axiom view'1_spec : forall self : t_Vec'0 . [%#svec11] Seq.length (view'1 self) <= UIntSize.to_int (v_MAX'0 : usize) + + use seq.Seq + + function index_logic'0 [@inline:trivial] (self : t_Vec'0) (ix : int) : t_List'0 = + [%#sindex12] Seq.get (view'1 self) ix + + type t_DeepModelTy'0 + + type t_Option'0 = + | C_None'0 + | C_Some'0 t_V'0 + + function deep_model'0 (self : t_K'0) : t_DeepModelTy'0 + + function get'0 [#"hashmap.rs" 29 4 29 56] (self : t_List'0) (index : t_DeepModelTy'0) : t_Option'0 = + [%#shashmap9] match self with + | C_Nil'0 -> C_None'0 + | C_Cons'0 (k, v) tl -> if deep_model'0 k = index then C_Some'0 v else get'0 tl index + end + + function hash_log'0 [#"hashmap.rs" 73 4 73 45] (_1 : t_DeepModelTy'0) : int + + use int.EuclideanDivision + + function bucket_ix'0 [#"hashmap.rs" 127 4 127 48] (self : t_MyHashMap'0) (k : t_DeepModelTy'0) : int = + [%#shashmap13] EuclideanDivision.mod (hash_log'0 k) (Seq.length (view'1 self.t_MyHashMap__buckets'0)) + + predicate good_bucket'0 [#"hashmap.rs" 132 4 132 57] (self : t_MyHashMap'0) (l : t_List'0) (h : int) = + [%#shashmap16] forall k : t_DeepModelTy'0, v : t_V'0 . get'0 l k = C_Some'0 v -> bucket_ix'0 self k = h + + predicate no_double_binding'0 [#"hashmap.rs" 39 4 39 38] (self : t_List'0) = + [%#shashmap17] match self with + | C_Nil'0 -> true + | C_Cons'0 (k, _) tl -> get'0 tl (deep_model'0 k) = C_None'0 /\ no_double_binding'0 tl + end + + predicate invariant'1 [#"hashmap.rs" 142 4 142 30] (self : t_MyHashMap'0) = + [%#shashmap15] 0 < Seq.length (view'1 self.t_MyHashMap__buckets'0) + /\ (forall i : int . 0 <= i /\ i < Seq.length (view'1 self.t_MyHashMap__buckets'0) + -> good_bucket'0 self (index_logic'0 self.t_MyHashMap__buckets'0 i) i + /\ no_double_binding'0 (index_logic'0 self.t_MyHashMap__buckets'0 i)) + + use seq.Seq + + predicate inv'7 (_1 : t_K'0) + + predicate inv'8 (_1 : t_V'0) + + predicate inv'6 (_1 : (t_K'0, t_V'0)) + + axiom inv_axiom'6 [@rewrite] : forall x : (t_K'0, t_V'0) [inv'6 x] . inv'6 x + = (let (x0, x1) = x in inv'7 x0 /\ inv'8 x1) + + predicate inv'5 (_1 : t_List'0) + + predicate inv'4 (_1 : t_List'0) + + axiom inv_axiom'5 [@rewrite] : forall x : t_List'0 [inv'5 x] . inv'5 x + = match x with + | C_Nil'0 -> true + | C_Cons'0 a_0 a_1 -> inv'6 a_0 /\ inv'4 a_1 + end + + predicate invariant'4 (self : t_List'0) = + [%#sboxed20] inv'5 self + + axiom inv_axiom'4 [@rewrite] : forall x : t_List'0 [inv'4 x] . inv'4 x = invariant'4 x + + predicate invariant'3 (self : Seq.seq (t_List'0)) = + [%#sseq19] forall i : int . 0 <= i /\ i < Seq.length self -> inv'4 (Seq.get self i) + + predicate inv'3 (_1 : Seq.seq (t_List'0)) + + axiom inv_axiom'3 [@rewrite] : forall x : Seq.seq (t_List'0) [inv'3 x] . inv'3 x = invariant'3 x + + predicate invariant'2 (self : t_Vec'0) = + [%#svec18] inv'3 (view'1 self) + + predicate inv'2 (_1 : t_Vec'0) + + axiom inv_axiom'2 [@rewrite] : forall x : t_Vec'0 [inv'2 x] . inv'2 x = invariant'2 x + + predicate inv'1 (_1 : t_MyHashMap'0) + + axiom inv_axiom'1 [@rewrite] : forall x : t_MyHashMap'0 [inv'1 x] . inv'1 x + = (invariant'1 x + /\ match x with + | {t_MyHashMap__buckets'0 = buckets} -> inv'2 buckets + end) + + predicate invariant'0 (self : t_MyHashMap'0) = + [%#sinvariant6] inv'1 self + + predicate inv'0 (_1 : t_MyHashMap'0) + + axiom inv_axiom'0 [@rewrite] : forall x : t_MyHashMap'0 [inv'0 x] . inv'0 x = invariant'0 x + + predicate resolve'6 (_1 : t_V'0) + + predicate resolve'4 (self : t_Option'0) = + [%#sresolve10] match self with + | C_Some'0 x -> resolve'6 x + | C_None'0 -> true + end + + predicate resolve'2 (_1 : t_Option'0) = + resolve'4 _1 + + predicate resolve'7 [#"hashmap.rs" 53 4 53 28] (self : t_List'0) = + [%#shashmap14] forall k : t_DeepModelTy'0 . resolve'2 (get'0 self k) + + predicate resolve'5 (_1 : t_List'0) = + resolve'7 _1 + + predicate resolve'3 (self : t_Vec'0) = + [%#svec7] forall i : int . 0 <= i /\ i < Seq.length (view'1 self) -> resolve'5 (index_logic'0 self i) + + predicate resolve'1 (_1 : t_Vec'0) = + resolve'3 _1 + + predicate structural_resolve'0 (_1 : t_MyHashMap'0) = + match _1 with + | {t_MyHashMap__buckets'0 = x0} -> resolve'1 x0 + end + + use map.Map + + function bucket'0 [#"hashmap.rs" 122 4 122 54] (self : t_MyHashMap'0) (k : t_DeepModelTy'0) : t_List'0 = + [%#shashmap8] index_logic'0 self.t_MyHashMap__buckets'0 (bucket_ix'0 self k) + + use prelude.prelude.Mapping + + function view'0 [#"hashmap.rs" 97 4 97 33] (self : t_MyHashMap'0) : Map.map t_DeepModelTy'0 (t_Option'0) = + [%#shashmap5] Mapping.from_fn (fun (k : t_DeepModelTy'0) -> get'0 (bucket'0 self k) k) + + use map.Map + + predicate resolve'0 [#"hashmap.rs" 105 4 105 28] (self : t_MyHashMap'0) = + [%#shashmap4] forall k : t_DeepModelTy'0 . resolve'2 (Map.get (view'0 self) k) + + constant self : t_MyHashMap'0 + + function resolve_coherence'0 [#"hashmap.rs" 117 4 117 31] (self : t_MyHashMap'0) : () + + goal vc_resolve_coherence'0 : ([%#shashmap1] structural_resolve'0 self) + -> ([%#shashmap0] inv'0 self) -> ([%#shashmap2] resolve'0 self) +end +module M_hashmap__qyi7664122466964245986__new [#"hashmap.rs" 153 4 153 46] (* MyHashMap *) + let%span shashmap0 = "hashmap.rs" 151 15 151 24 + let%span shashmap1 = "hashmap.rs" 153 31 153 46 + let%span shashmap2 = "hashmap.rs" 152 14 152 62 let%span svec3 = "../../../creusot-contracts/src/std/vec.rs" 180 22 180 41 let%span svec4 = "../../../creusot-contracts/src/std/vec.rs" 181 22 181 76 - let%span shashmap5 = "hashmap.rs" 80 8 80 33 + let%span shashmap5 = "hashmap.rs" 98 8 98 33 let%span svec6 = "../../../creusot-contracts/src/std/vec.rs" 18 14 18 41 let%span sindex7 = "../../../creusot-contracts/src/logic/ops/index.rs" 23 8 23 31 - let%span shashmap8 = "hashmap.rs" 86 8 86 53 + let%span shashmap8 = "hashmap.rs" 123 8 123 53 let%span shashmap9 = "hashmap.rs" 31 12 34 13 - let%span shashmap10 = "hashmap.rs" 107 12 108 139 - let%span shashmap11 = "hashmap.rs" 91 20 91 66 + let%span shashmap10 = "hashmap.rs" 144 12 145 139 + let%span shashmap11 = "hashmap.rs" 128 20 128 66 let%span svec12 = "../../../creusot-contracts/src/std/vec.rs" 65 20 65 41 - let%span shashmap13 = "hashmap.rs" 97 12 97 91 + let%span shashmap13 = "hashmap.rs" 134 12 134 91 let%span shashmap14 = "hashmap.rs" 41 12 44 13 let%span sboxed15 = "../../../creusot-contracts/src/std/boxed.rs" 28 8 28 18 let%span sseq16 = "../../../creusot-contracts/src/logic/seq.rs" 611 20 611 95 @@ -171,14 +463,14 @@ module M_hashmap__qyi7664122466964245986__new [#"hashmap.rs" 116 4 116 46] (* My | C_Cons'0 (k, v) tl -> if deep_model'0 k = index then C_Some'0 v else get'0 tl index end - function hash_log'0 [#"hashmap.rs" 55 4 55 45] (_1 : t_DeepModelTy'0) : int + function hash_log'0 [#"hashmap.rs" 73 4 73 45] (_1 : t_DeepModelTy'0) : int use int.EuclideanDivision - function bucket_ix'0 [#"hashmap.rs" 90 4 90 48] (self : t_MyHashMap'0) (k : t_DeepModelTy'0) : int = + function bucket_ix'0 [#"hashmap.rs" 127 4 127 48] (self : t_MyHashMap'0) (k : t_DeepModelTy'0) : int = [%#shashmap11] EuclideanDivision.mod (hash_log'0 k) (Seq.length (view'1 self.t_MyHashMap__buckets'0)) - predicate good_bucket'0 [#"hashmap.rs" 95 4 95 57] (self : t_MyHashMap'0) (l : t_List'0) (h : int) = + predicate good_bucket'0 [#"hashmap.rs" 132 4 132 57] (self : t_MyHashMap'0) (l : t_List'0) (h : int) = [%#shashmap13] forall k : t_DeepModelTy'0, v : t_V'0 . get'0 l k = C_Some'0 v -> bucket_ix'0 self k = h predicate no_double_binding'0 [#"hashmap.rs" 39 4 39 38] (self : t_List'0) = @@ -187,7 +479,7 @@ module M_hashmap__qyi7664122466964245986__new [#"hashmap.rs" 116 4 116 46] (* My | C_Cons'0 (k, _) tl -> get'0 tl (deep_model'0 k) = C_None'0 /\ no_double_binding'0 tl end - predicate invariant'0 [#"hashmap.rs" 105 4 105 30] (self : t_MyHashMap'0) = + predicate invariant'0 [#"hashmap.rs" 142 4 142 30] (self : t_MyHashMap'0) = [%#shashmap10] 0 < Seq.length (view'1 self.t_MyHashMap__buckets'0) /\ (forall i : int . 0 <= i /\ i < Seq.length (view'1 self.t_MyHashMap__buckets'0) -> good_bucket'0 self (index_logic'0 self.t_MyHashMap__buckets'0 i) i @@ -203,12 +495,12 @@ module M_hashmap__qyi7664122466964245986__new [#"hashmap.rs" 116 4 116 46] (* My use map.Map - function bucket'0 [#"hashmap.rs" 85 4 85 54] (self : t_MyHashMap'0) (k : t_DeepModelTy'0) : t_List'0 = + function bucket'0 [#"hashmap.rs" 122 4 122 54] (self : t_MyHashMap'0) (k : t_DeepModelTy'0) : t_List'0 = [%#shashmap8] index_logic'0 self.t_MyHashMap__buckets'0 (bucket_ix'0 self k) use prelude.prelude.Mapping - function view'0 [#"hashmap.rs" 79 4 79 33] (self : t_MyHashMap'0) : Map.map t_DeepModelTy'0 (t_Option'0) = + function view'0 [#"hashmap.rs" 97 4 97 33] (self : t_MyHashMap'0) : Map.map t_DeepModelTy'0 (t_Option'0) = [%#shashmap5] Mapping.from_fn (fun (k : t_DeepModelTy'0) -> get'0 (bucket'0 self k) k) use map.Map @@ -238,24 +530,24 @@ module M_hashmap__qyi7664122466964245986__new [#"hashmap.rs" 116 4 116 46] (* My (! return' {result}) ] end -module M_hashmap__qyi7664122466964245986__add [#"hashmap.rs" 122 4 122 41] (* MyHashMap *) - let%span shashmap0 = "hashmap.rs" 124 23 124 41 - let%span shashmap1 = "hashmap.rs" 126 27 126 55 - let%span shashmap2 = "hashmap.rs" 128 20 128 35 - let%span shashmap3 = "hashmap.rs" 136 20 137 51 - let%span shashmap4 = "hashmap.rs" 135 20 135 44 - let%span shashmap5 = "hashmap.rs" 134 20 134 96 - let%span shashmap6 = "hashmap.rs" 133 20 133 108 - let%span shashmap7 = "hashmap.rs" 132 20 132 101 - let%span shashmap8 = "hashmap.rs" 131 20 131 52 - let%span shashmap9 = "hashmap.rs" 130 20 130 26 - let%span shashmap10 = "hashmap.rs" 122 20 122 24 - let%span shashmap11 = "hashmap.rs" 122 26 122 29 - let%span shashmap12 = "hashmap.rs" 122 34 122 37 - let%span shashmap13 = "hashmap.rs" 121 14 121 122 +module M_hashmap__qyi7664122466964245986__add [#"hashmap.rs" 159 4 159 41] (* MyHashMap *) + let%span shashmap0 = "hashmap.rs" 161 23 161 41 + let%span shashmap1 = "hashmap.rs" 163 27 163 55 + let%span shashmap2 = "hashmap.rs" 165 20 165 35 + let%span shashmap3 = "hashmap.rs" 173 20 174 51 + let%span shashmap4 = "hashmap.rs" 172 20 172 44 + let%span shashmap5 = "hashmap.rs" 171 20 171 96 + let%span shashmap6 = "hashmap.rs" 170 20 170 108 + let%span shashmap7 = "hashmap.rs" 169 20 169 101 + let%span shashmap8 = "hashmap.rs" 168 20 168 52 + let%span shashmap9 = "hashmap.rs" 167 20 167 26 + let%span shashmap10 = "hashmap.rs" 159 20 159 24 + let%span shashmap11 = "hashmap.rs" 159 26 159 29 + let%span shashmap12 = "hashmap.rs" 159 34 159 37 + let%span shashmap13 = "hashmap.rs" 158 14 158 122 let%span svec14 = "../../../creusot-contracts/src/std/vec.rs" 83 26 83 48 - let%span shashmap15 = "hashmap.rs" 52 13 52 17 - let%span shashmap16 = "hashmap.rs" 51 14 51 58 + let%span shashmap15 = "hashmap.rs" 70 13 70 17 + let%span shashmap16 = "hashmap.rs" 69 14 69 58 let%span svec17 = "../../../creusot-contracts/src/std/vec.rs" 152 27 152 46 let%span svec18 = "../../../creusot-contracts/src/std/vec.rs" 153 26 153 54 let%span svec19 = "../../../creusot-contracts/src/std/vec.rs" 154 26 154 57 @@ -263,9 +555,9 @@ module M_hashmap__qyi7664122466964245986__add [#"hashmap.rs" 122 4 122 41] (* My let%span svec21 = "../../../creusot-contracts/src/std/vec.rs" 156 26 156 55 let%span shashmap22 = "hashmap.rs" 31 12 34 13 let%span shashmap23 = "hashmap.rs" 41 12 44 13 - let%span shashmap24 = "hashmap.rs" 97 12 97 91 + let%span shashmap24 = "hashmap.rs" 134 12 134 91 let%span scmp25 = "../../../creusot-contracts/src/std/cmp.rs" 11 26 11 75 - let%span shashmap26 = "hashmap.rs" 80 8 80 33 + let%span shashmap26 = "hashmap.rs" 98 8 98 33 let%span smodel27 = "../../../creusot-contracts/src/model.rs" 106 8 106 22 let%span smodel28 = "../../../creusot-contracts/src/model.rs" 88 8 88 22 let%span smodel29 = "../../../creusot-contracts/src/model.rs" 79 8 79 28 @@ -274,15 +566,17 @@ module M_hashmap__qyi7664122466964245986__add [#"hashmap.rs" 122 4 122 41] (* My let%span svec32 = "../../../creusot-contracts/src/std/vec.rs" 18 14 18 41 let%span sslice33 = "../../../creusot-contracts/src/std/slice.rs" 136 20 136 94 let%span sresolve34 = "../../../creusot-contracts/src/resolve.rs" 54 20 54 34 - let%span shashmap35 = "hashmap.rs" 91 20 91 66 - let%span shashmap36 = "hashmap.rs" 86 8 86 53 - let%span svec37 = "../../../creusot-contracts/src/std/vec.rs" 65 20 65 41 - let%span sinvariant38 = "../../../creusot-contracts/src/invariant.rs" 34 20 34 44 - let%span sboxed39 = "../../../creusot-contracts/src/std/boxed.rs" 28 8 28 18 - let%span sindex40 = "../../../creusot-contracts/src/logic/ops/index.rs" 23 8 23 31 - let%span sinvariant41 = "../../../creusot-contracts/src/invariant.rs" 24 8 24 18 - let%span sseq42 = "../../../creusot-contracts/src/logic/seq.rs" 611 20 611 95 - let%span shashmap43 = "hashmap.rs" 107 12 108 139 + let%span shashmap35 = "hashmap.rs" 128 20 128 66 + let%span shashmap36 = "hashmap.rs" 56 12 56 59 + let%span shashmap37 = "hashmap.rs" 123 8 123 53 + let%span svec38 = "../../../creusot-contracts/src/std/vec.rs" 65 20 65 41 + let%span sinvariant39 = "../../../creusot-contracts/src/invariant.rs" 34 20 34 44 + let%span sboxed40 = "../../../creusot-contracts/src/std/boxed.rs" 28 8 28 18 + let%span sindex41 = "../../../creusot-contracts/src/logic/ops/index.rs" 23 8 23 31 + let%span sinvariant42 = "../../../creusot-contracts/src/invariant.rs" 24 8 24 18 + let%span sresolve43 = "../../../creusot-contracts/src/resolve.rs" 82 8 85 9 + let%span sseq44 = "../../../creusot-contracts/src/logic/seq.rs" 611 20 611 95 + let%span shashmap45 = "hashmap.rs" 144 12 145 139 use prelude.prelude.Snapshot @@ -354,26 +648,26 @@ module M_hashmap__qyi7664122466964245986__add [#"hashmap.rs" 122 4 122 41] (* My end predicate invariant'2 (self : t_List'0) = - [%#sboxed39] inv'1 self + [%#sboxed40] inv'1 self axiom inv_axiom'3 [@rewrite] : forall x : t_List'0 [inv'5 x] . inv'5 x = invariant'2 x predicate invariant'10 (self : Seq.seq (t_List'0)) = - [%#sseq42] forall i : int . 0 <= i /\ i < Seq.length self -> inv'5 (Seq.get self i) + [%#sseq44] forall i : int . 0 <= i /\ i < Seq.length self -> inv'5 (Seq.get self i) predicate inv'15 (_1 : Seq.seq (t_List'0)) axiom inv_axiom'13 [@rewrite] : forall x : Seq.seq (t_List'0) [inv'15 x] . inv'15 x = invariant'10 x predicate invariant'0 (self : t_Vec'0) = - [%#svec37] inv'15 (view'4 self) + [%#svec38] inv'15 (view'4 self) predicate inv'0 (_1 : t_Vec'0) axiom inv_axiom'0 [@rewrite] : forall x : t_Vec'0 [inv'0 x] . inv'0 x = invariant'0 x predicate invariant'7 (self : t_Vec'0) = - [%#sinvariant41] inv'0 self + [%#sinvariant42] inv'0 self predicate inv'10 (_1 : t_Vec'0) @@ -388,7 +682,7 @@ module M_hashmap__qyi7664122466964245986__add [#"hashmap.rs" 122 4 122 41] (* My predicate invariant'8 (self : t_K'0) = - [%#sinvariant41] inv'3 self + [%#sinvariant42] inv'3 self predicate inv'11 (_1 : t_K'0) @@ -403,7 +697,7 @@ module M_hashmap__qyi7664122466964245986__add [#"hashmap.rs" 122 4 122 41] (* My function deep_model'1 (self : t_K'0) : t_DeepModelTy'0 = [%#smodel29] deep_model'0 self - function hash_log'0 [#"hashmap.rs" 55 4 55 45] (_1 : t_DeepModelTy'0) : int + function hash_log'0 [#"hashmap.rs" 73 4 73 45] (_1 : t_DeepModelTy'0) : int use prelude.prelude.UInt64 @@ -414,7 +708,7 @@ module M_hashmap__qyi7664122466964245986__add [#"hashmap.rs" 122 4 122 41] (* My predicate invariant'9 (self : borrowed (t_Vec'0)) = - [%#sinvariant38] inv'0 self.current /\ inv'0 self.final + [%#sinvariant39] inv'0 self.current /\ inv'0 self.final predicate inv'12 (_1 : borrowed (t_Vec'0)) @@ -431,7 +725,7 @@ module M_hashmap__qyi7664122466964245986__add [#"hashmap.rs" 122 4 122 41] (* My [%#sslice30] UIntSize.to_int self < Seq.length seq predicate invariant'1 (self : borrowed (t_List'0)) = - [%#sinvariant38] inv'1 self.current /\ inv'1 self.final + [%#sinvariant39] inv'1 self.current /\ inv'1 self.final predicate inv'2 (_1 : borrowed (t_List'0)) @@ -458,11 +752,11 @@ module M_hashmap__qyi7664122466964245986__add [#"hashmap.rs" 122 4 122 41] (* My (! return' {result}) ] - predicate resolve'5 (self : borrowed (t_List'0)) = + predicate resolve'6 (self : borrowed (t_List'0)) = [%#sresolve34] self.final = self.current predicate resolve'0 (_1 : borrowed (t_List'0)) = - resolve'5 _1 + resolve'6 _1 use prelude.prelude.Snapshot @@ -488,10 +782,10 @@ module M_hashmap__qyi7664122466964245986__add [#"hashmap.rs" 122 4 122 41] (* My use int.EuclideanDivision - function bucket_ix'0 [#"hashmap.rs" 90 4 90 48] (self : t_MyHashMap'0) (k : t_DeepModelTy'0) : int = + function bucket_ix'0 [#"hashmap.rs" 127 4 127 48] (self : t_MyHashMap'0) (k : t_DeepModelTy'0) : int = [%#shashmap35] EuclideanDivision.mod (hash_log'0 k) (Seq.length (view'4 self.t_MyHashMap__buckets'0)) - predicate good_bucket'0 [#"hashmap.rs" 95 4 95 57] (self : t_MyHashMap'0) (l : t_List'0) (h : int) = + predicate good_bucket'0 [#"hashmap.rs" 132 4 132 57] (self : t_MyHashMap'0) (l : t_List'0) (h : int) = [%#shashmap24] forall k : t_DeepModelTy'0, v : t_V'0 . get'0 l k = C_Some'0 v -> bucket_ix'0 self k = h use prelude.prelude.Snapshot @@ -509,49 +803,66 @@ module M_hashmap__qyi7664122466964245986__add [#"hashmap.rs" 122 4 122 41] (* My any [ return' (result:bool)-> {[%#scmp25] result = (deep_model'1 self = deep_model'1 other)} (! return' {result}) ] predicate invariant'3 (self : borrowed t_K'0) = - [%#sinvariant38] inv'3 self.current /\ inv'3 self.final + [%#sinvariant39] inv'3 self.current /\ inv'3 self.final predicate inv'6 (_1 : borrowed t_K'0) axiom inv_axiom'4 [@rewrite] : forall x : borrowed t_K'0 [inv'6 x] . inv'6 x = invariant'3 x - predicate resolve'6 (self : borrowed t_K'0) = + predicate resolve'7 (self : borrowed t_K'0) = [%#sresolve34] self.final = self.current predicate resolve'1 (_1 : borrowed t_K'0) = - resolve'6 _1 + resolve'7 _1 predicate invariant'4 (self : borrowed t_V'0) = - [%#sinvariant38] inv'4 self.current /\ inv'4 self.final + [%#sinvariant39] inv'4 self.current /\ inv'4 self.final predicate inv'7 (_1 : borrowed t_V'0) axiom inv_axiom'5 [@rewrite] : forall x : borrowed t_V'0 [inv'7 x] . inv'7 x = invariant'4 x - predicate resolve'7 (self : borrowed t_V'0) = + predicate resolve'8 (self : borrowed t_V'0) = [%#sresolve34] self.final = self.current predicate resolve'2 (_1 : borrowed t_V'0) = - resolve'7 _1 + resolve'8 _1 predicate invariant'5 (self : borrowed (t_List'0)) = - [%#sinvariant38] inv'5 self.current /\ inv'5 self.final + [%#sinvariant39] inv'5 self.current /\ inv'5 self.final predicate inv'8 (_1 : borrowed (t_List'0)) axiom inv_axiom'6 [@rewrite] : forall x : borrowed (t_List'0) [inv'8 x] . inv'8 x = invariant'5 x - predicate resolve'8 (self : borrowed (t_List'0)) = + predicate resolve'9 (self : borrowed (t_List'0)) = [%#sresolve34] self.final = self.current predicate resolve'3 (_1 : borrowed (t_List'0)) = - resolve'8 _1 + resolve'9 _1 + + predicate resolve'14 (_1 : t_V'0) + + predicate resolve'13 (self : t_Option'0) = + [%#sresolve43] match self with + | C_Some'0 x -> resolve'14 x + | C_None'0 -> true + end + + predicate resolve'12 (_1 : t_Option'0) = + resolve'13 _1 + + predicate resolve'10 [#"hashmap.rs" 53 4 53 28] (self : t_List'0) = + [%#shashmap36] forall k : t_DeepModelTy'0 . resolve'12 (get'0 self k) + + predicate resolve'4 (_1 : t_List'0) = + resolve'10 _1 function index_logic'0 [@inline:trivial] (self : t_Vec'0) (ix : int) : t_List'0 = - [%#sindex40] Seq.get (view'4 self) ix + [%#sindex41] Seq.get (view'4 self) ix - predicate invariant'11 [#"hashmap.rs" 105 4 105 30] (self : t_MyHashMap'0) = - [%#shashmap43] 0 < Seq.length (view'4 self.t_MyHashMap__buckets'0) + predicate invariant'11 [#"hashmap.rs" 142 4 142 30] (self : t_MyHashMap'0) = + [%#shashmap45] 0 < Seq.length (view'4 self.t_MyHashMap__buckets'0) /\ (forall i : int . 0 <= i /\ i < Seq.length (view'4 self.t_MyHashMap__buckets'0) -> good_bucket'0 self (index_logic'0 self.t_MyHashMap__buckets'0 i) i /\ no_double_binding'0 (index_logic'0 self.t_MyHashMap__buckets'0 i)) @@ -565,17 +876,17 @@ module M_hashmap__qyi7664122466964245986__add [#"hashmap.rs" 122 4 122 41] (* My end) predicate invariant'6 (self : borrowed (t_MyHashMap'0)) = - [%#sinvariant38] inv'16 self.current /\ inv'16 self.final + [%#sinvariant39] inv'16 self.current /\ inv'16 self.final predicate inv'9 (_1 : borrowed (t_MyHashMap'0)) axiom inv_axiom'7 [@rewrite] : forall x : borrowed (t_MyHashMap'0) [inv'9 x] . inv'9 x = invariant'6 x - predicate resolve'9 (self : borrowed (t_MyHashMap'0)) = + predicate resolve'11 (self : borrowed (t_MyHashMap'0)) = [%#sresolve34] self.final = self.current - predicate resolve'4 (_1 : borrowed (t_MyHashMap'0)) = - resolve'9 _1 + predicate resolve'5 (_1 : borrowed (t_MyHashMap'0)) = + resolve'11 _1 use prelude.prelude.Intrinsic @@ -585,12 +896,12 @@ module M_hashmap__qyi7664122466964245986__add [#"hashmap.rs" 122 4 122 41] (* My use map.Map - function bucket'0 [#"hashmap.rs" 85 4 85 54] (self : t_MyHashMap'0) (k : t_DeepModelTy'0) : t_List'0 = - [%#shashmap36] index_logic'0 self.t_MyHashMap__buckets'0 (bucket_ix'0 self k) + function bucket'0 [#"hashmap.rs" 122 4 122 54] (self : t_MyHashMap'0) (k : t_DeepModelTy'0) : t_List'0 = + [%#shashmap37] index_logic'0 self.t_MyHashMap__buckets'0 (bucket_ix'0 self k) use prelude.prelude.Mapping - function view'0 [#"hashmap.rs" 79 4 79 33] (self : t_MyHashMap'0) : Map.map t_DeepModelTy'0 (t_Option'0) = + function view'0 [#"hashmap.rs" 97 4 97 33] (self : t_MyHashMap'0) : Map.map t_DeepModelTy'0 (t_Option'0) = [%#shashmap26] Mapping.from_fn (fun (k : t_DeepModelTy'0) -> get'0 (bucket'0 self k) k) use map.Map @@ -748,14 +1059,19 @@ module M_hashmap__qyi7664122466964245986__add [#"hashmap.rs" 122 4 122 41] (* My | _ -> true end} s1 - | s1 = [ &l <- { l with current = _46 } ] s2 - | s2 = {[@expl:type invariant] inv'2 l} s3 - | s3 = -{resolve'0 l}- s4 - | s4 = {[@expl:type invariant] inv'2 _17} s5 - | s5 = -{resolve'0 _17}- s6 - | s6 = {[@expl:type invariant] inv'9 self} s7 - | s7 = -{resolve'4 self}- s8 - | s8 = bb19 ] + | s1 = -{match l with + | {current = x'1} -> resolve'4 x'1 + | _ -> true + end}- + s2 + | s2 = [ &l <- { l with current = _46 } ] s3 + | s3 = {[@expl:type invariant] inv'2 l} s4 + | s4 = -{resolve'0 l}- s5 + | s5 = {[@expl:type invariant] inv'2 _17} s6 + | s6 = -{resolve'0 _17}- s7 + | s7 = {[@expl:type invariant] inv'9 self} s8 + | s8 = -{resolve'5 self}- s9 + | s9 = bb19 ] | bb19 = bb20 | bb12 = s0 @@ -769,7 +1085,7 @@ module M_hashmap__qyi7664122466964245986__add [#"hashmap.rs" 122 4 122 41] (* My | s7 = {[@expl:type invariant] inv'2 l} s8 | s8 = -{resolve'0 l}- s9 | s9 = {[@expl:type invariant] inv'9 self} s10 - | s10 = -{resolve'4 self}- s11 + | s10 = -{resolve'5 self}- s11 | s11 = bb20 ] | bb20 = return' {_0} ] @@ -806,34 +1122,34 @@ module M_hashmap__qyi7664122466964245986__add [#"hashmap.rs" 122 4 122 41] (* My (! return' {result}) ] end -module M_hashmap__qyi7664122466964245986__get [#"hashmap.rs" 154 4 154 43] (* MyHashMap *) - let%span shashmap0 = "hashmap.rs" 155 27 155 67 - let%span shashmap1 = "hashmap.rs" 159 20 159 101 - let%span shashmap2 = "hashmap.rs" 158 20 158 26 - let%span shashmap3 = "hashmap.rs" 154 16 154 20 - let%span shashmap4 = "hashmap.rs" 154 22 154 25 - let%span shashmap5 = "hashmap.rs" 154 33 154 43 - let%span shashmap6 = "hashmap.rs" 150 14 153 5 - let%span shashmap7 = "hashmap.rs" 52 13 52 17 - let%span shashmap8 = "hashmap.rs" 51 14 51 58 +module M_hashmap__qyi7664122466964245986__get [#"hashmap.rs" 191 4 191 43] (* MyHashMap *) + let%span shashmap0 = "hashmap.rs" 192 27 192 67 + let%span shashmap1 = "hashmap.rs" 196 20 196 101 + let%span shashmap2 = "hashmap.rs" 195 20 195 26 + let%span shashmap3 = "hashmap.rs" 191 16 191 20 + let%span shashmap4 = "hashmap.rs" 191 22 191 25 + let%span shashmap5 = "hashmap.rs" 191 33 191 43 + let%span shashmap6 = "hashmap.rs" 187 14 190 5 + let%span shashmap7 = "hashmap.rs" 70 13 70 17 + let%span shashmap8 = "hashmap.rs" 69 14 69 58 let%span svec9 = "../../../creusot-contracts/src/std/vec.rs" 83 26 83 48 let%span svec10 = "../../../creusot-contracts/src/std/vec.rs" 162 27 162 46 let%span svec11 = "../../../creusot-contracts/src/std/vec.rs" 163 26 163 54 - let%span shashmap12 = "hashmap.rs" 86 8 86 53 + let%span shashmap12 = "hashmap.rs" 123 8 123 53 let%span shashmap13 = "hashmap.rs" 31 12 34 13 let%span scmp14 = "../../../creusot-contracts/src/std/cmp.rs" 11 26 11 75 let%span smodel15 = "../../../creusot-contracts/src/model.rs" 88 8 88 22 let%span smodel16 = "../../../creusot-contracts/src/model.rs" 79 8 79 28 let%span sslice17 = "../../../creusot-contracts/src/std/slice.rs" 122 20 122 37 let%span sslice18 = "../../../creusot-contracts/src/std/slice.rs" 129 20 129 37 - let%span shashmap19 = "hashmap.rs" 91 20 91 66 + let%span shashmap19 = "hashmap.rs" 128 20 128 66 let%span sindex20 = "../../../creusot-contracts/src/logic/ops/index.rs" 23 8 23 31 - let%span shashmap21 = "hashmap.rs" 80 8 80 33 + let%span shashmap21 = "hashmap.rs" 98 8 98 33 let%span svec22 = "../../../creusot-contracts/src/std/vec.rs" 18 14 18 41 let%span sinvariant23 = "../../../creusot-contracts/src/invariant.rs" 24 8 24 18 - let%span shashmap24 = "hashmap.rs" 107 12 108 139 + let%span shashmap24 = "hashmap.rs" 144 12 145 139 let%span svec25 = "../../../creusot-contracts/src/std/vec.rs" 65 20 65 41 - let%span shashmap26 = "hashmap.rs" 97 12 97 91 + let%span shashmap26 = "hashmap.rs" 134 12 134 91 let%span shashmap27 = "hashmap.rs" 41 12 44 13 let%span sboxed28 = "../../../creusot-contracts/src/std/boxed.rs" 28 8 28 18 let%span sseq29 = "../../../creusot-contracts/src/logic/seq.rs" 611 20 611 95 @@ -862,7 +1178,7 @@ module M_hashmap__qyi7664122466964245986__get [#"hashmap.rs" 154 4 154 43] (* My use prelude.prelude.Int - function hash_log'0 [#"hashmap.rs" 55 4 55 45] (_1 : t_DeepModelTy'0) : int + function hash_log'0 [#"hashmap.rs" 73 4 73 45] (_1 : t_DeepModelTy'0) : int use prelude.prelude.UInt64 @@ -993,13 +1309,13 @@ module M_hashmap__qyi7664122466964245986__get [#"hashmap.rs" 154 4 154 43] (* My use int.EuclideanDivision - function bucket_ix'0 [#"hashmap.rs" 90 4 90 48] (self : t_MyHashMap'0) (k : t_DeepModelTy'0) : int = + function bucket_ix'0 [#"hashmap.rs" 127 4 127 48] (self : t_MyHashMap'0) (k : t_DeepModelTy'0) : int = [%#shashmap19] EuclideanDivision.mod (hash_log'0 k) (Seq.length (view'3 self.t_MyHashMap__buckets'0)) function index_logic'0 [@inline:trivial] (self : t_Vec'0) (ix : int) : t_List'0 = [%#sindex20] Seq.get (view'3 self) ix - function bucket'0 [#"hashmap.rs" 85 4 85 54] (self : t_MyHashMap'0) (k : t_DeepModelTy'0) : t_List'0 = + function bucket'0 [#"hashmap.rs" 122 4 122 54] (self : t_MyHashMap'0) (k : t_DeepModelTy'0) : t_List'0 = [%#shashmap12] index_logic'0 self.t_MyHashMap__buckets'0 (bucket_ix'0 self k) type t_Option'1 = @@ -1030,7 +1346,7 @@ module M_hashmap__qyi7664122466964245986__get [#"hashmap.rs" 154 4 154 43] (* My use prelude.prelude.Intrinsic - predicate good_bucket'0 [#"hashmap.rs" 95 4 95 57] (self : t_MyHashMap'0) (l : t_List'0) (h : int) = + predicate good_bucket'0 [#"hashmap.rs" 132 4 132 57] (self : t_MyHashMap'0) (l : t_List'0) (h : int) = [%#shashmap26] forall k : t_DeepModelTy'0, v : t_V'0 . get'1 l k = C_Some'1 v -> bucket_ix'0 self k = h predicate no_double_binding'0 [#"hashmap.rs" 39 4 39 38] (self : t_List'0) = @@ -1039,7 +1355,7 @@ module M_hashmap__qyi7664122466964245986__get [#"hashmap.rs" 154 4 154 43] (* My | C_Cons'0 (k, _) tl -> get'1 tl (deep_model'0 k) = C_None'1 /\ no_double_binding'0 tl end - predicate invariant'5 [#"hashmap.rs" 105 4 105 30] (self : t_MyHashMap'0) = + predicate invariant'5 [#"hashmap.rs" 142 4 142 30] (self : t_MyHashMap'0) = [%#shashmap24] 0 < Seq.length (view'3 self.t_MyHashMap__buckets'0) /\ (forall i : int . 0 <= i /\ i < Seq.length (view'3 self.t_MyHashMap__buckets'0) -> good_bucket'0 self (index_logic'0 self.t_MyHashMap__buckets'0 i) i @@ -1079,7 +1395,7 @@ module M_hashmap__qyi7664122466964245986__get [#"hashmap.rs" 154 4 154 43] (* My use prelude.prelude.Mapping - function view'2 [#"hashmap.rs" 79 4 79 33] (self : t_MyHashMap'0) : Map.map t_DeepModelTy'0 (t_Option'1) = + function view'2 [#"hashmap.rs" 97 4 97 33] (self : t_MyHashMap'0) : Map.map t_DeepModelTy'0 (t_Option'1) = [%#shashmap21] Mapping.from_fn (fun (k : t_DeepModelTy'0) -> get'1 (bucket'0 self k) k) function view'0 (self : t_MyHashMap'0) : Map.map t_DeepModelTy'0 (t_Option'1) = @@ -1157,37 +1473,37 @@ module M_hashmap__qyi7664122466964245986__get [#"hashmap.rs" 154 4 154 43] (* My (! return' {result}) ] end -module M_hashmap__qyi7664122466964245986__resize [#"hashmap.rs" 173 4 173 24] (* MyHashMap *) - let%span shashmap0 = "hashmap.rs" 174 23 174 41 - let%span shashmap1 = "hashmap.rs" 175 53 175 54 - let%span shashmap2 = "hashmap.rs" 177 27 177 28 - let%span shashmap3 = "hashmap.rs" 187 20 187 45 - let%span shashmap4 = "hashmap.rs" 186 20 186 66 - let%span shashmap5 = "hashmap.rs" 185 20 185 117 - let%span shashmap6 = "hashmap.rs" 181 20 183 92 - let%span shashmap7 = "hashmap.rs" 180 20 180 109 - let%span shashmap8 = "hashmap.rs" 179 20 179 28 - let%span shashmap9 = "hashmap.rs" 178 20 178 29 - let%span shashmap10 = "hashmap.rs" 200 24 200 51 - let%span shashmap11 = "hashmap.rs" 199 24 199 45 - let%span shashmap12 = "hashmap.rs" 197 24 198 102 - let%span shashmap13 = "hashmap.rs" 194 24 195 119 - let%span shashmap14 = "hashmap.rs" 193 24 193 113 - let%span shashmap15 = "hashmap.rs" 192 24 192 30 - let%span shashmap16 = "hashmap.rs" 191 24 191 32 - let%span shashmap17 = "hashmap.rs" 205 28 205 119 - let%span shashmap18 = "hashmap.rs" 206 17 206 18 - let%span shashmap19 = "hashmap.rs" 173 19 173 23 - let%span shashmap20 = "hashmap.rs" 170 15 170 41 - let%span shashmap21 = "hashmap.rs" 171 14 171 72 +module M_hashmap__qyi7664122466964245986__resize [#"hashmap.rs" 210 4 210 24] (* MyHashMap *) + let%span shashmap0 = "hashmap.rs" 211 23 211 41 + let%span shashmap1 = "hashmap.rs" 212 53 212 54 + let%span shashmap2 = "hashmap.rs" 214 27 214 28 + let%span shashmap3 = "hashmap.rs" 224 20 224 45 + let%span shashmap4 = "hashmap.rs" 223 20 223 66 + let%span shashmap5 = "hashmap.rs" 222 20 222 117 + let%span shashmap6 = "hashmap.rs" 218 20 220 92 + let%span shashmap7 = "hashmap.rs" 217 20 217 109 + let%span shashmap8 = "hashmap.rs" 216 20 216 28 + let%span shashmap9 = "hashmap.rs" 215 20 215 29 + let%span shashmap10 = "hashmap.rs" 237 24 237 51 + let%span shashmap11 = "hashmap.rs" 236 24 236 45 + let%span shashmap12 = "hashmap.rs" 234 24 235 102 + let%span shashmap13 = "hashmap.rs" 231 24 232 119 + let%span shashmap14 = "hashmap.rs" 230 24 230 113 + let%span shashmap15 = "hashmap.rs" 229 24 229 30 + let%span shashmap16 = "hashmap.rs" 228 24 228 32 + let%span shashmap17 = "hashmap.rs" 242 28 242 119 + let%span shashmap18 = "hashmap.rs" 243 17 243 18 + let%span shashmap19 = "hashmap.rs" 210 19 210 23 + let%span shashmap20 = "hashmap.rs" 207 15 207 41 + let%span shashmap21 = "hashmap.rs" 208 14 208 72 let%span svec22 = "../../../creusot-contracts/src/std/vec.rs" 83 26 83 48 - let%span shashmap23 = "hashmap.rs" 114 15 114 24 - let%span shashmap24 = "hashmap.rs" 116 31 116 46 - let%span shashmap25 = "hashmap.rs" 115 14 115 62 + let%span shashmap23 = "hashmap.rs" 151 15 151 24 + let%span shashmap24 = "hashmap.rs" 153 31 153 46 + let%span shashmap25 = "hashmap.rs" 152 14 152 62 let%span svec26 = "../../../creusot-contracts/src/std/vec.rs" 18 14 18 41 let%span sindex27 = "../../../creusot-contracts/src/logic/ops/index.rs" 23 8 23 31 - let%span shashmap28 = "hashmap.rs" 91 20 91 66 - let%span shashmap29 = "hashmap.rs" 80 8 80 33 + let%span shashmap28 = "hashmap.rs" 128 20 128 66 + let%span shashmap29 = "hashmap.rs" 98 8 98 33 let%span ssnapshot30 = "../../../creusot-contracts/src/snapshot.rs" 52 20 52 39 let%span svec31 = "../../../creusot-contracts/src/std/vec.rs" 152 27 152 46 let%span svec32 = "../../../creusot-contracts/src/std/vec.rs" 153 26 153 54 @@ -1196,26 +1512,29 @@ module M_hashmap__qyi7664122466964245986__resize [#"hashmap.rs" 173 4 173 24] (* let%span svec35 = "../../../creusot-contracts/src/std/vec.rs" 156 26 156 55 let%span smem36 = "../../../creusot-contracts/src/std/mem.rs" 8 22 8 34 let%span smem37 = "../../../creusot-contracts/src/std/mem.rs" 9 22 9 37 - let%span shashmap38 = "hashmap.rs" 97 12 97 91 + let%span shashmap38 = "hashmap.rs" 134 12 134 91 let%span shashmap39 = "hashmap.rs" 41 12 44 13 let%span shashmap40 = "hashmap.rs" 31 12 34 13 - let%span shashmap41 = "hashmap.rs" 122 20 122 24 - let%span shashmap42 = "hashmap.rs" 122 26 122 29 - let%span shashmap43 = "hashmap.rs" 122 34 122 37 - let%span shashmap44 = "hashmap.rs" 121 14 121 122 + let%span shashmap41 = "hashmap.rs" 159 20 159 24 + let%span shashmap42 = "hashmap.rs" 159 26 159 29 + let%span shashmap43 = "hashmap.rs" 159 34 159 37 + let%span shashmap44 = "hashmap.rs" 158 14 158 122 let%span smodel45 = "../../../creusot-contracts/src/model.rs" 106 8 106 22 let%span smodel46 = "../../../creusot-contracts/src/model.rs" 88 8 88 22 - let%span shashmap47 = "hashmap.rs" 86 8 86 53 + let%span shashmap47 = "hashmap.rs" 123 8 123 53 let%span sslice48 = "../../../creusot-contracts/src/std/slice.rs" 122 20 122 37 let%span sslice49 = "../../../creusot-contracts/src/std/slice.rs" 129 20 129 37 let%span sslice50 = "../../../creusot-contracts/src/std/slice.rs" 136 20 136 94 let%span sresolve51 = "../../../creusot-contracts/src/resolve.rs" 54 20 54 34 - let%span shashmap52 = "hashmap.rs" 107 12 108 139 - let%span sinvariant53 = "../../../creusot-contracts/src/invariant.rs" 34 20 34 44 - let%span svec54 = "../../../creusot-contracts/src/std/vec.rs" 65 20 65 41 - let%span sinvariant55 = "../../../creusot-contracts/src/invariant.rs" 24 8 24 18 - let%span sboxed56 = "../../../creusot-contracts/src/std/boxed.rs" 28 8 28 18 - let%span sseq57 = "../../../creusot-contracts/src/logic/seq.rs" 611 20 611 95 + let%span shashmap52 = "hashmap.rs" 56 12 56 59 + let%span shashmap53 = "hashmap.rs" 108 12 108 60 + let%span shashmap54 = "hashmap.rs" 144 12 145 139 + let%span sinvariant55 = "../../../creusot-contracts/src/invariant.rs" 34 20 34 44 + let%span svec56 = "../../../creusot-contracts/src/std/vec.rs" 65 20 65 41 + let%span sinvariant57 = "../../../creusot-contracts/src/invariant.rs" 24 8 24 18 + let%span sresolve58 = "../../../creusot-contracts/src/resolve.rs" 82 8 85 9 + let%span sboxed59 = "../../../creusot-contracts/src/std/boxed.rs" 28 8 28 18 + let%span sseq60 = "../../../creusot-contracts/src/logic/seq.rs" 611 20 611 95 use prelude.prelude.Snapshot @@ -1287,26 +1606,26 @@ module M_hashmap__qyi7664122466964245986__resize [#"hashmap.rs" 173 4 173 24] (* end predicate invariant'6 (self : t_List'0) = - [%#sboxed56] inv'3 self + [%#sboxed59] inv'3 self axiom inv_axiom'9 [@rewrite] : forall x : t_List'0 [inv'11 x] . inv'11 x = invariant'6 x predicate invariant'7 (self : Seq.seq (t_List'0)) = - [%#sseq57] forall i : int . 0 <= i /\ i < Seq.length self -> inv'11 (Seq.get self i) + [%#sseq60] forall i : int . 0 <= i /\ i < Seq.length self -> inv'11 (Seq.get self i) predicate inv'12 (_1 : Seq.seq (t_List'0)) axiom inv_axiom'10 [@rewrite] : forall x : Seq.seq (t_List'0) [inv'12 x] . inv'12 x = invariant'7 x predicate invariant'2 (self : t_Vec'0) = - [%#svec54] inv'12 (view'0 self) + [%#svec56] inv'12 (view'0 self) predicate inv'2 (_1 : t_Vec'0) axiom inv_axiom'2 [@rewrite] : forall x : t_Vec'0 [inv'2 x] . inv'2 x = invariant'2 x predicate invariant'4 (self : t_Vec'0) = - [%#sinvariant55] inv'2 self + [%#sinvariant57] inv'2 self predicate inv'5 (_1 : t_Vec'0) @@ -1339,14 +1658,14 @@ module M_hashmap__qyi7664122466964245986__resize [#"hashmap.rs" 173 4 173 24] (* | C_Cons'0 (k, v) tl -> if deep_model'0 k = index then C_Some'0 v else get'0 tl index end - function hash_log'0 [#"hashmap.rs" 55 4 55 45] (_1 : t_DeepModelTy'0) : int + function hash_log'0 [#"hashmap.rs" 73 4 73 45] (_1 : t_DeepModelTy'0) : int use int.EuclideanDivision - function bucket_ix'0 [#"hashmap.rs" 90 4 90 48] (self : t_MyHashMap'0) (k : t_DeepModelTy'0) : int = + function bucket_ix'0 [#"hashmap.rs" 127 4 127 48] (self : t_MyHashMap'0) (k : t_DeepModelTy'0) : int = [%#shashmap28] EuclideanDivision.mod (hash_log'0 k) (Seq.length (view'0 self.t_MyHashMap__buckets'0)) - predicate good_bucket'0 [#"hashmap.rs" 95 4 95 57] (self : t_MyHashMap'0) (l : t_List'0) (h : int) = + predicate good_bucket'0 [#"hashmap.rs" 132 4 132 57] (self : t_MyHashMap'0) (l : t_List'0) (h : int) = [%#shashmap38] forall k : t_DeepModelTy'0, v : t_V'0 . get'0 l k = C_Some'0 v -> bucket_ix'0 self k = h predicate no_double_binding'0 [#"hashmap.rs" 39 4 39 38] (self : t_List'0) = @@ -1355,8 +1674,8 @@ module M_hashmap__qyi7664122466964245986__resize [#"hashmap.rs" 173 4 173 24] (* | C_Cons'0 (k, _) tl -> get'0 tl (deep_model'0 k) = C_None'0 /\ no_double_binding'0 tl end - predicate invariant'0 [#"hashmap.rs" 105 4 105 30] (self : t_MyHashMap'0) = - [%#shashmap52] 0 < Seq.length (view'0 self.t_MyHashMap__buckets'0) + predicate invariant'0 [#"hashmap.rs" 142 4 142 30] (self : t_MyHashMap'0) = + [%#shashmap54] 0 < Seq.length (view'0 self.t_MyHashMap__buckets'0) /\ (forall i : int . 0 <= i /\ i < Seq.length (view'0 self.t_MyHashMap__buckets'0) -> good_bucket'0 self (index_logic'0 self.t_MyHashMap__buckets'0 i) i /\ no_double_binding'0 (index_logic'0 self.t_MyHashMap__buckets'0 i)) @@ -1371,12 +1690,12 @@ module M_hashmap__qyi7664122466964245986__resize [#"hashmap.rs" 173 4 173 24] (* use map.Map - function bucket'0 [#"hashmap.rs" 85 4 85 54] (self : t_MyHashMap'0) (k : t_DeepModelTy'0) : t_List'0 = + function bucket'0 [#"hashmap.rs" 122 4 122 54] (self : t_MyHashMap'0) (k : t_DeepModelTy'0) : t_List'0 = [%#shashmap47] index_logic'0 self.t_MyHashMap__buckets'0 (bucket_ix'0 self k) use prelude.prelude.Mapping - function view'1 [#"hashmap.rs" 79 4 79 33] (self : t_MyHashMap'0) : Map.map t_DeepModelTy'0 (t_Option'0) = + function view'1 [#"hashmap.rs" 97 4 97 33] (self : t_MyHashMap'0) : Map.map t_DeepModelTy'0 (t_Option'0) = [%#shashmap29] Mapping.from_fn (fun (k : t_DeepModelTy'0) -> get'0 (bucket'0 self k) k) use map.Map @@ -1403,14 +1722,14 @@ module M_hashmap__qyi7664122466964245986__resize [#"hashmap.rs" 173 4 173 24] (* [%#ssnapshot30] view'5 (Snapshot.inner self) predicate invariant'1 (self : borrowed (t_MyHashMap'0)) = - [%#sinvariant53] inv'0 self.current /\ inv'0 self.final + [%#sinvariant55] inv'0 self.current /\ inv'0 self.final predicate inv'1 (_1 : borrowed (t_MyHashMap'0)) axiom inv_axiom'1 [@rewrite] : forall x : borrowed (t_MyHashMap'0) [inv'1 x] . inv'1 x = invariant'1 x predicate invariant'5 (self : borrowed (t_Vec'0)) = - [%#sinvariant53] inv'2 self.current /\ inv'2 self.final + [%#sinvariant55] inv'2 self.current /\ inv'2 self.final predicate inv'6 (_1 : borrowed (t_Vec'0)) @@ -1427,7 +1746,7 @@ module M_hashmap__qyi7664122466964245986__resize [#"hashmap.rs" 173 4 173 24] (* [%#sslice48] UIntSize.to_int self < Seq.length seq predicate invariant'3 (self : borrowed (t_List'0)) = - [%#sinvariant53] inv'3 self.current /\ inv'3 self.final + [%#sinvariant55] inv'3 self.current /\ inv'3 self.final predicate inv'4 (_1 : borrowed (t_List'0)) @@ -1461,11 +1780,11 @@ module M_hashmap__qyi7664122466964245986__resize [#"hashmap.rs" 173 4 173 24] (* (! return' {result}) ] - predicate resolve'2 (self : borrowed (t_List'0)) = + predicate resolve'4 (self : borrowed (t_List'0)) = [%#sresolve51] self.final = self.current predicate resolve'0 (_1 : borrowed (t_List'0)) = - resolve'2 _1 + resolve'4 _1 let rec v_Cons'0 (input:t_List'0) (ret (field_0:(t_K'0, t_V'0)) (field_1:t_List'0))= any [ good (field_0:(t_K'0, t_V'0)) (field_1:t_List'0)-> {C_Cons'0 field_0 field_1 = input} (! ret {field_0} {field_1}) @@ -1484,11 +1803,34 @@ module M_hashmap__qyi7664122466964245986__resize [#"hashmap.rs" 173 4 173 24] (* (! return' {result}) ] - predicate resolve'3 (self : borrowed (t_MyHashMap'0)) = + predicate resolve'10 (_1 : t_V'0) + + predicate resolve'9 (self : t_Option'0) = + [%#sresolve58] match self with + | C_Some'0 x -> resolve'10 x + | C_None'0 -> true + end + + predicate resolve'8 (_1 : t_Option'0) = + resolve'9 _1 + + predicate resolve'5 [#"hashmap.rs" 53 4 53 28] (self : t_List'0) = + [%#shashmap52] forall k : t_DeepModelTy'0 . resolve'8 (get'0 self k) + + predicate resolve'1 (_1 : t_List'0) = + resolve'5 _1 + + predicate resolve'6 [#"hashmap.rs" 105 4 105 28] (self : t_MyHashMap'0) = + [%#shashmap53] forall k : t_DeepModelTy'0 . resolve'8 (Map.get (view'1 self) k) + + predicate resolve'2 (_1 : t_MyHashMap'0) = + resolve'6 _1 + + predicate resolve'7 (self : borrowed (t_MyHashMap'0)) = [%#sresolve51] self.final = self.current - predicate resolve'1 (_1 : borrowed (t_MyHashMap'0)) = - resolve'3 _1 + predicate resolve'3 (_1 : borrowed (t_MyHashMap'0)) = + resolve'7 _1 use prelude.prelude.Intrinsic @@ -1629,10 +1971,11 @@ module M_hashmap__qyi7664122466964245986__resize [#"hashmap.rs" 173 4 173 24] (* | bb28 = s0 [ s0 = {[@expl:type invariant] inv'3 l} s1 - | s1 = {[@expl:assertion] [%#shashmap17] forall k : t_DeepModelTy'0 . bucket_ix'0 (Snapshot.inner old_self).current k + | s1 = -{resolve'1 l}- s2 + | s2 = {[@expl:assertion] [%#shashmap17] forall k : t_DeepModelTy'0 . bucket_ix'0 (Snapshot.inner old_self).current k = UIntSize.to_int i -> Map.get (view'2 old_self) k = Map.get (view'1 new) k} - s2 - | s2 = bb30 ] + s3 + | s3 = bb30 ] | bb30 = s0 [ s0 = UIntSize.add {i} {[%#shashmap18] (1 : usize)} (fun (_ret':usize) -> [ &i <- _ret' ] s1) | s1 = bb31 ] @@ -1647,10 +1990,15 @@ module M_hashmap__qyi7664122466964245986__resize [#"hashmap.rs" 173 4 173 24] (* | _ -> true end} s1 - | s1 = [ &self <- { self with current = new } ] s2 - | s2 = {[@expl:type invariant] inv'1 self} s3 - | s3 = -{resolve'1 self}- s4 - | s4 = bb35 ] + | s1 = -{match self with + | {current = x'1} -> resolve'2 x'1 + | _ -> true + end}- + s2 + | s2 = [ &self <- { self with current = new } ] s3 + | s3 = {[@expl:type invariant] inv'1 self} s4 + | s4 = -{resolve'3 self}- s5 + | s5 = bb35 ] | bb35 = bb36 | bb36 = return' {_0} ] @@ -1682,51 +2030,51 @@ module M_hashmap__qyi7664122466964245986__resize [#"hashmap.rs" 173 4 173 24] (* (! return' {result}) ] end -module M_hashmap__main [#"hashmap.rs" 213 0 213 13] - let%span shashmap0 = "hashmap.rs" 220 57 220 59 - let%span shashmap1 = "hashmap.rs" 221 57 221 59 - let%span shashmap2 = "hashmap.rs" 222 24 222 25 - let%span shashmap3 = "hashmap.rs" 223 24 223 25 - let%span shashmap4 = "hashmap.rs" 224 24 224 25 - let%span shashmap5 = "hashmap.rs" 225 24 225 25 - let%span shashmap6 = "hashmap.rs" 229 11 229 12 - let%span shashmap7 = "hashmap.rs" 229 14 229 16 - let%span shashmap8 = "hashmap.rs" 230 16 230 17 - let%span shashmap9 = "hashmap.rs" 231 16 231 17 - let%span shashmap10 = "hashmap.rs" 232 16 232 17 - let%span shashmap11 = "hashmap.rs" 233 16 233 17 - let%span shashmap12 = "hashmap.rs" 236 11 236 12 - let%span shashmap13 = "hashmap.rs" 236 14 236 16 - let%span shashmap14 = "hashmap.rs" 237 16 237 17 - let%span shashmap15 = "hashmap.rs" 238 16 238 17 - let%span shashmap16 = "hashmap.rs" 239 16 239 17 - let%span shashmap17 = "hashmap.rs" 240 16 240 17 - let%span shashmap18 = "hashmap.rs" 114 15 114 24 - let%span shashmap19 = "hashmap.rs" 116 31 116 46 - let%span shashmap20 = "hashmap.rs" 115 14 115 62 - let%span shashmap21 = "hashmap.rs" 154 16 154 20 - let%span shashmap22 = "hashmap.rs" 154 22 154 25 - let%span shashmap23 = "hashmap.rs" 154 33 154 43 - let%span shashmap24 = "hashmap.rs" 150 14 153 5 - let%span shashmap25 = "hashmap.rs" 122 20 122 24 - let%span shashmap26 = "hashmap.rs" 122 26 122 29 - let%span shashmap27 = "hashmap.rs" 122 34 122 37 - let%span shashmap28 = "hashmap.rs" 121 14 121 122 - let%span shashmap29 = "hashmap.rs" 80 8 80 33 +module M_hashmap__main [#"hashmap.rs" 250 0 250 13] + let%span shashmap0 = "hashmap.rs" 257 57 257 59 + let%span shashmap1 = "hashmap.rs" 258 57 258 59 + let%span shashmap2 = "hashmap.rs" 259 24 259 25 + let%span shashmap3 = "hashmap.rs" 260 24 260 25 + let%span shashmap4 = "hashmap.rs" 261 24 261 25 + let%span shashmap5 = "hashmap.rs" 262 24 262 25 + let%span shashmap6 = "hashmap.rs" 266 11 266 12 + let%span shashmap7 = "hashmap.rs" 266 14 266 16 + let%span shashmap8 = "hashmap.rs" 267 16 267 17 + let%span shashmap9 = "hashmap.rs" 268 16 268 17 + let%span shashmap10 = "hashmap.rs" 269 16 269 17 + let%span shashmap11 = "hashmap.rs" 270 16 270 17 + let%span shashmap12 = "hashmap.rs" 273 11 273 12 + let%span shashmap13 = "hashmap.rs" 273 14 273 16 + let%span shashmap14 = "hashmap.rs" 274 16 274 17 + let%span shashmap15 = "hashmap.rs" 275 16 275 17 + let%span shashmap16 = "hashmap.rs" 276 16 276 17 + let%span shashmap17 = "hashmap.rs" 277 16 277 17 + let%span shashmap18 = "hashmap.rs" 151 15 151 24 + let%span shashmap19 = "hashmap.rs" 153 31 153 46 + let%span shashmap20 = "hashmap.rs" 152 14 152 62 + let%span shashmap21 = "hashmap.rs" 191 16 191 20 + let%span shashmap22 = "hashmap.rs" 191 22 191 25 + let%span shashmap23 = "hashmap.rs" 191 33 191 43 + let%span shashmap24 = "hashmap.rs" 187 14 190 5 + let%span shashmap25 = "hashmap.rs" 159 20 159 24 + let%span shashmap26 = "hashmap.rs" 159 26 159 29 + let%span shashmap27 = "hashmap.rs" 159 34 159 37 + let%span shashmap28 = "hashmap.rs" 158 14 158 122 + let%span shashmap29 = "hashmap.rs" 98 8 98 33 let%span smodel30 = "../../../creusot-contracts/src/model.rs" 88 8 88 22 let%span snum31 = "../../../creusot-contracts/src/std/num.rs" 21 28 21 33 let%span smodel32 = "../../../creusot-contracts/src/model.rs" 106 8 106 22 - let%span shashmap33 = "hashmap.rs" 86 8 86 53 + let%span shashmap33 = "hashmap.rs" 123 8 123 53 let%span shashmap34 = "hashmap.rs" 31 12 34 13 - let%span shashmap35 = "hashmap.rs" 107 12 108 139 - let%span shashmap36 = "hashmap.rs" 91 20 91 66 + let%span shashmap35 = "hashmap.rs" 144 12 145 139 + let%span shashmap36 = "hashmap.rs" 128 20 128 66 let%span sindex37 = "../../../creusot-contracts/src/logic/ops/index.rs" 23 8 23 31 let%span sinvariant38 = "../../../creusot-contracts/src/invariant.rs" 24 8 24 18 let%span svec39 = "../../../creusot-contracts/src/std/vec.rs" 18 14 18 41 - let%span shashmap40 = "hashmap.rs" 97 12 97 91 + let%span shashmap40 = "hashmap.rs" 134 12 134 91 let%span shashmap41 = "hashmap.rs" 41 12 44 13 let%span sinvariant42 = "../../../creusot-contracts/src/invariant.rs" 34 20 34 44 - let%span shashmap43 = "hashmap.rs" 66 20 66 21 + let%span shashmap43 = "hashmap.rs" 84 20 84 21 use prelude.prelude.UIntSize @@ -1788,15 +2136,15 @@ module M_hashmap__main [#"hashmap.rs" 213 0 213 13] | C_Cons'0 (k, v) tl -> if deep_model'0 k = index then C_Some'1 v else get'1 tl index end - function hash_log'0 [#"hashmap.rs" 65 4 65 30] (x : int) : int = + function hash_log'0 [#"hashmap.rs" 83 4 83 30] (x : int) : int = [%#shashmap43] x use int.EuclideanDivision - function bucket_ix'0 [#"hashmap.rs" 90 4 90 48] (self : t_MyHashMap'0) (k : int) : int = + function bucket_ix'0 [#"hashmap.rs" 127 4 127 48] (self : t_MyHashMap'0) (k : int) : int = [%#shashmap36] EuclideanDivision.mod (hash_log'0 k) (Seq.length (view'3 self.t_MyHashMap__buckets'0)) - predicate good_bucket'0 [#"hashmap.rs" 95 4 95 57] (self : t_MyHashMap'0) (l : t_List'0) (h : int) = + predicate good_bucket'0 [#"hashmap.rs" 132 4 132 57] (self : t_MyHashMap'0) (l : t_List'0) (h : int) = [%#shashmap40] forall k : int, v : isize . get'1 l k = C_Some'1 v -> bucket_ix'0 self k = h predicate no_double_binding'0 [#"hashmap.rs" 39 4 39 38] (self : t_List'0) = @@ -1805,7 +2153,7 @@ module M_hashmap__main [#"hashmap.rs" 213 0 213 13] | C_Cons'0 (k, _) tl -> get'1 tl (deep_model'0 k) = C_None'0 /\ no_double_binding'0 tl end - predicate invariant'0 [#"hashmap.rs" 105 4 105 30] (self : t_MyHashMap'0) = + predicate invariant'0 [#"hashmap.rs" 142 4 142 30] (self : t_MyHashMap'0) = [%#shashmap35] 0 < Seq.length (view'3 self.t_MyHashMap__buckets'0) /\ (forall i : int . 0 <= i /\ i < Seq.length (view'3 self.t_MyHashMap__buckets'0) -> good_bucket'0 self (index_logic'0 self.t_MyHashMap__buckets'0 i) i @@ -1821,12 +2169,12 @@ module M_hashmap__main [#"hashmap.rs" 213 0 213 13] use map.Map - function bucket'0 [#"hashmap.rs" 85 4 85 54] (self : t_MyHashMap'0) (k : int) : t_List'0 = + function bucket'0 [#"hashmap.rs" 122 4 122 54] (self : t_MyHashMap'0) (k : int) : t_List'0 = [%#shashmap33] index_logic'0 self.t_MyHashMap__buckets'0 (bucket_ix'0 self k) use prelude.prelude.Mapping - function view'0 [#"hashmap.rs" 79 4 79 33] (self : t_MyHashMap'0) : Map.map int (t_Option'1) = + function view'0 [#"hashmap.rs" 97 4 97 33] (self : t_MyHashMap'0) : Map.map int (t_Option'1) = [%#shashmap29] Mapping.from_fn (fun (k : int) -> get'1 (bucket'0 self k) k) use map.Map @@ -2038,10 +2386,323 @@ module M_hashmap__qyi11479661188956547742__clone__refines [#"hashmap.rs" 17 4 17 goal refines : [%#shashmap0] forall self : t_List'0 . inv'0 self -> inv'0 self /\ (forall result : t_List'0 . result = self /\ inv'1 result -> result = self /\ inv'1 result) end -module M_hashmap__qyi9060063638777358169__hash__refines [#"hashmap.rs" 60 4 60 25] (* *) - let%span shashmap0 = "hashmap.rs" 60 4 60 25 +module M_hashmap__qyi15610519155507183510__resolve_coherence__refines [#"hashmap.rs" 64 4 64 31] (* as creusot_contracts::Resolve> *) + let%span shashmap0 = "hashmap.rs" 64 4 64 31 + let%span shashmap1 = "hashmap.rs" 56 12 56 59 + let%span shashmap2 = "hashmap.rs" 31 12 34 13 + let%span sresolve3 = "../../../creusot-contracts/src/resolve.rs" 68 8 68 23 + let%span sresolve4 = "../../../creusot-contracts/src/resolve.rs" 40 8 40 44 + let%span sinvariant5 = "../../../creusot-contracts/src/invariant.rs" 24 8 24 18 + let%span sresolve6 = "../../../creusot-contracts/src/resolve.rs" 82 8 85 9 + let%span sboxed7 = "../../../creusot-contracts/src/std/boxed.rs" 28 8 28 18 + + use prelude.prelude.Borrow + + type t_K'0 + + type t_V'0 + + type t_List'0 = + | C_Nil'0 + | C_Cons'0 (t_K'0, t_V'0) (t_List'0) + + type t_DeepModelTy'0 + + type t_Option'0 = + | C_None'0 + | C_Some'0 t_V'0 + + function deep_model'0 (self : t_K'0) : t_DeepModelTy'0 + + function get'0 [#"hashmap.rs" 29 4 29 56] (self : t_List'0) (index : t_DeepModelTy'0) : t_Option'0 = + [%#shashmap2] match self with + | C_Nil'0 -> C_None'0 + | C_Cons'0 (k, v) tl -> if deep_model'0 k = index then C_Some'0 v else get'0 tl index + end + + predicate resolve'9 (_1 : t_V'0) + + predicate resolve'6 (self : t_Option'0) = + [%#sresolve6] match self with + | C_Some'0 x -> resolve'9 x + | C_None'0 -> true + end + + predicate resolve'3 (_1 : t_Option'0) = + resolve'6 _1 + + predicate resolve'0 [#"hashmap.rs" 53 4 53 28] (self : t_List'0) = + [%#shashmap1] forall k : t_DeepModelTy'0 . resolve'3 (get'0 self k) + + predicate resolve'7 (_1 : t_List'0) = + resolve'0 _1 + + predicate resolve'4 (self : t_List'0) = + [%#sresolve3] resolve'7 self + + predicate resolve'1 (_1 : t_List'0) = + resolve'4 _1 + + predicate resolve'8 (_1 : t_K'0) + + predicate resolve'5 (self : (t_K'0, t_V'0)) = + [%#sresolve4] resolve'8 (let (a, _) = self in a) /\ resolve'9 (let (_, a) = self in a) + + predicate resolve'2 (_1 : (t_K'0, t_V'0)) = + resolve'5 _1 + + predicate structural_resolve'0 (_1 : t_List'0) = + match _1 with + | C_Nil'0 -> true + | C_Cons'0 x0 x1 -> resolve'1 x1 /\ resolve'2 x0 + end + + predicate inv'4 (_1 : t_K'0) + + predicate inv'5 (_1 : t_V'0) + + predicate inv'2 (_1 : (t_K'0, t_V'0)) + + axiom inv_axiom'2 [@rewrite] : forall x : (t_K'0, t_V'0) [inv'2 x] . inv'2 x + = (let (x0, x1) = x in inv'4 x0 /\ inv'5 x1) + + predicate inv'1 (_1 : t_List'0) + + predicate invariant'1 (self : t_List'0) = + [%#sboxed7] inv'1 self + + predicate inv'3 (_1 : t_List'0) + + axiom inv_axiom'3 [@rewrite] : forall x : t_List'0 [inv'3 x] . inv'3 x = invariant'1 x + + axiom inv_axiom'1 [@rewrite] : forall x : t_List'0 [inv'1 x] . inv'1 x + = match x with + | C_Nil'0 -> true + | C_Cons'0 a_0 a_1 -> inv'2 a_0 /\ inv'3 a_1 + end + + predicate invariant'0 (self : t_List'0) = + [%#sinvariant5] inv'1 self + + predicate inv'0 (_1 : t_List'0) + + axiom inv_axiom'0 [@rewrite] : forall x : t_List'0 [inv'0 x] . inv'0 x = invariant'0 x + + goal refines : [%#shashmap0] forall self : t_List'0 . structural_resolve'0 self /\ inv'0 self + -> structural_resolve'0 self /\ (forall result : () . resolve'0 self -> resolve'0 self) +end +module M_hashmap__qyi15467499327297494705__resolve_coherence__refines [#"hashmap.rs" 117 4 117 31] (* as creusot_contracts::Resolve> *) + let%span shashmap0 = "hashmap.rs" 117 4 117 31 + let%span shashmap1 = "hashmap.rs" 108 12 108 60 + let%span shashmap2 = "hashmap.rs" 98 8 98 33 + let%span svec3 = "../../../creusot-contracts/src/std/vec.rs" 49 20 49 83 + let%span sinvariant4 = "../../../creusot-contracts/src/invariant.rs" 24 8 24 18 + let%span shashmap5 = "hashmap.rs" 123 8 123 53 + let%span shashmap6 = "hashmap.rs" 31 12 34 13 + let%span sresolve7 = "../../../creusot-contracts/src/resolve.rs" 82 8 85 9 + let%span svec8 = "../../../creusot-contracts/src/std/vec.rs" 18 14 18 41 + let%span sindex9 = "../../../creusot-contracts/src/logic/ops/index.rs" 23 8 23 31 + let%span shashmap10 = "hashmap.rs" 128 20 128 66 + let%span shashmap11 = "hashmap.rs" 56 12 56 59 + let%span shashmap12 = "hashmap.rs" 144 12 145 139 + let%span shashmap13 = "hashmap.rs" 134 12 134 91 + let%span shashmap14 = "hashmap.rs" 41 12 44 13 + let%span svec15 = "../../../creusot-contracts/src/std/vec.rs" 65 20 65 41 + let%span sseq16 = "../../../creusot-contracts/src/logic/seq.rs" 611 20 611 95 + let%span sboxed17 = "../../../creusot-contracts/src/std/boxed.rs" 28 8 28 18 + + use prelude.prelude.Borrow + + use prelude.prelude.Opaque + + type t_NonNull'0 = + { t_NonNull__pointer'0: opaque_ptr } + + type t_Unique'0 = + { t_Unique__pointer'0: t_NonNull'0; t_Unique__qy95zmarker'0: () } + + use prelude.prelude.UIntSize + + type t_Cap'0 = + { t_Cap__0'0: usize } + + type t_RawVec'0 = + { t_RawVec__ptr'0: t_Unique'0; t_RawVec__cap'0: t_Cap'0; t_RawVec__alloc'0: () } + + type t_Vec'0 = + { t_Vec__buf'0: t_RawVec'0; t_Vec__len'0: usize } + + type t_MyHashMap'0 = + { t_MyHashMap__buckets'0: t_Vec'0 } + + use prelude.prelude.Int + + use seq.Seq + + constant v_MAX'0 : usize = (18446744073709551615 : usize) + + use prelude.prelude.UIntSize + + type t_K'0 + + type t_V'0 + + type t_List'0 = + | C_Nil'0 + | C_Cons'0 (t_K'0, t_V'0) (t_List'0) + + use seq.Seq + + function view'1 (self : t_Vec'0) : Seq.seq (t_List'0) + + axiom view'1_spec : forall self : t_Vec'0 . [%#svec8] Seq.length (view'1 self) <= UIntSize.to_int (v_MAX'0 : usize) + + use seq.Seq + + function index_logic'0 [@inline:trivial] (self : t_Vec'0) (ix : int) : t_List'0 = + [%#sindex9] Seq.get (view'1 self) ix + + type t_DeepModelTy'0 + + type t_Option'0 = + | C_None'0 + | C_Some'0 t_V'0 + + function deep_model'0 (self : t_K'0) : t_DeepModelTy'0 + + function get'0 [#"hashmap.rs" 29 4 29 56] (self : t_List'0) (index : t_DeepModelTy'0) : t_Option'0 = + [%#shashmap6] match self with + | C_Nil'0 -> C_None'0 + | C_Cons'0 (k, v) tl -> if deep_model'0 k = index then C_Some'0 v else get'0 tl index + end + + predicate resolve'6 (_1 : t_V'0) + + predicate resolve'4 (self : t_Option'0) = + [%#sresolve7] match self with + | C_Some'0 x -> resolve'6 x + | C_None'0 -> true + end + + predicate resolve'2 (_1 : t_Option'0) = + resolve'4 _1 + + predicate resolve'7 [#"hashmap.rs" 53 4 53 28] (self : t_List'0) = + [%#shashmap11] forall k : t_DeepModelTy'0 . resolve'2 (get'0 self k) + + predicate resolve'5 (_1 : t_List'0) = + resolve'7 _1 + + predicate resolve'3 (self : t_Vec'0) = + [%#svec3] forall i : int . 0 <= i /\ i < Seq.length (view'1 self) -> resolve'5 (index_logic'0 self i) + + predicate resolve'1 (_1 : t_Vec'0) = + resolve'3 _1 + + predicate structural_resolve'0 (_1 : t_MyHashMap'0) = + match _1 with + | {t_MyHashMap__buckets'0 = x0} -> resolve'1 x0 + end + + function hash_log'0 [#"hashmap.rs" 73 4 73 45] (_1 : t_DeepModelTy'0) : int + + use int.EuclideanDivision + + function bucket_ix'0 [#"hashmap.rs" 127 4 127 48] (self : t_MyHashMap'0) (k : t_DeepModelTy'0) : int = + [%#shashmap10] EuclideanDivision.mod (hash_log'0 k) (Seq.length (view'1 self.t_MyHashMap__buckets'0)) + + predicate good_bucket'0 [#"hashmap.rs" 132 4 132 57] (self : t_MyHashMap'0) (l : t_List'0) (h : int) = + [%#shashmap13] forall k : t_DeepModelTy'0, v : t_V'0 . get'0 l k = C_Some'0 v -> bucket_ix'0 self k = h + + predicate no_double_binding'0 [#"hashmap.rs" 39 4 39 38] (self : t_List'0) = + [%#shashmap14] match self with + | C_Nil'0 -> true + | C_Cons'0 (k, _) tl -> get'0 tl (deep_model'0 k) = C_None'0 /\ no_double_binding'0 tl + end + + predicate invariant'1 [#"hashmap.rs" 142 4 142 30] (self : t_MyHashMap'0) = + [%#shashmap12] 0 < Seq.length (view'1 self.t_MyHashMap__buckets'0) + /\ (forall i : int . 0 <= i /\ i < Seq.length (view'1 self.t_MyHashMap__buckets'0) + -> good_bucket'0 self (index_logic'0 self.t_MyHashMap__buckets'0 i) i + /\ no_double_binding'0 (index_logic'0 self.t_MyHashMap__buckets'0 i)) + + use seq.Seq + + predicate inv'7 (_1 : t_K'0) + + predicate inv'8 (_1 : t_V'0) + + predicate inv'6 (_1 : (t_K'0, t_V'0)) + + axiom inv_axiom'6 [@rewrite] : forall x : (t_K'0, t_V'0) [inv'6 x] . inv'6 x + = (let (x0, x1) = x in inv'7 x0 /\ inv'8 x1) + + predicate inv'5 (_1 : t_List'0) + + predicate inv'4 (_1 : t_List'0) + + axiom inv_axiom'5 [@rewrite] : forall x : t_List'0 [inv'5 x] . inv'5 x + = match x with + | C_Nil'0 -> true + | C_Cons'0 a_0 a_1 -> inv'6 a_0 /\ inv'4 a_1 + end + + predicate invariant'4 (self : t_List'0) = + [%#sboxed17] inv'5 self + + axiom inv_axiom'4 [@rewrite] : forall x : t_List'0 [inv'4 x] . inv'4 x = invariant'4 x + + predicate invariant'3 (self : Seq.seq (t_List'0)) = + [%#sseq16] forall i : int . 0 <= i /\ i < Seq.length self -> inv'4 (Seq.get self i) + + predicate inv'3 (_1 : Seq.seq (t_List'0)) + + axiom inv_axiom'3 [@rewrite] : forall x : Seq.seq (t_List'0) [inv'3 x] . inv'3 x = invariant'3 x + + predicate invariant'2 (self : t_Vec'0) = + [%#svec15] inv'3 (view'1 self) + + predicate inv'2 (_1 : t_Vec'0) + + axiom inv_axiom'2 [@rewrite] : forall x : t_Vec'0 [inv'2 x] . inv'2 x = invariant'2 x + + predicate inv'1 (_1 : t_MyHashMap'0) + + axiom inv_axiom'1 [@rewrite] : forall x : t_MyHashMap'0 [inv'1 x] . inv'1 x + = (invariant'1 x + /\ match x with + | {t_MyHashMap__buckets'0 = buckets} -> inv'2 buckets + end) + + predicate invariant'0 (self : t_MyHashMap'0) = + [%#sinvariant4] inv'1 self + + predicate inv'0 (_1 : t_MyHashMap'0) + + axiom inv_axiom'0 [@rewrite] : forall x : t_MyHashMap'0 [inv'0 x] . inv'0 x = invariant'0 x + + use map.Map + + function bucket'0 [#"hashmap.rs" 122 4 122 54] (self : t_MyHashMap'0) (k : t_DeepModelTy'0) : t_List'0 = + [%#shashmap5] index_logic'0 self.t_MyHashMap__buckets'0 (bucket_ix'0 self k) + + use prelude.prelude.Mapping + + function view'0 [#"hashmap.rs" 97 4 97 33] (self : t_MyHashMap'0) : Map.map t_DeepModelTy'0 (t_Option'0) = + [%#shashmap2] Mapping.from_fn (fun (k : t_DeepModelTy'0) -> get'0 (bucket'0 self k) k) + + use map.Map + + predicate resolve'0 [#"hashmap.rs" 105 4 105 28] (self : t_MyHashMap'0) = + [%#shashmap1] forall k : t_DeepModelTy'0 . resolve'2 (Map.get (view'0 self) k) + + goal refines : [%#shashmap0] forall self : t_MyHashMap'0 . structural_resolve'0 self /\ inv'0 self + -> structural_resolve'0 self /\ inv'0 self /\ (forall result : () . resolve'0 self -> resolve'0 self) +end +module M_hashmap__qyi9060063638777358169__hash__refines [#"hashmap.rs" 78 4 78 25] (* *) + let%span shashmap0 = "hashmap.rs" 78 4 78 25 let%span smodel1 = "../../../creusot-contracts/src/model.rs" 79 8 79 28 - let%span shashmap2 = "hashmap.rs" 66 20 66 21 + let%span shashmap2 = "hashmap.rs" 84 20 84 21 let%span snum3 = "../../../creusot-contracts/src/std/num.rs" 21 28 21 33 use prelude.prelude.Borrow @@ -2066,7 +2727,7 @@ module M_hashmap__qyi9060063638777358169__hash__refines [#"hashmap.rs" 60 4 60 2 function deep_model'0 (self : usize) : int = [%#smodel1] deep_model'1 self - function hash_log'0 [#"hashmap.rs" 65 4 65 30] (x : int) : int = + function hash_log'0 [#"hashmap.rs" 83 4 83 30] (x : int) : int = [%#shashmap2] x goal refines : [%#shashmap0] forall self : usize . inv'0 self diff --git a/creusot/tests/should_succeed/hashmap.rs b/creusot/tests/should_succeed/hashmap.rs index 924cbed5e7..1c0dc64b8c 100644 --- a/creusot/tests/should_succeed/hashmap.rs +++ b/creusot/tests/should_succeed/hashmap.rs @@ -46,6 +46,24 @@ impl List<(K, V)> { } } + +impl Resolve for List<(K, V)> { + #[open(self)] + #[predicate(prophetic)] + fn resolve(self) -> bool { + // FIXME: we don't resolve keys because we only have access to their deep model. + pearlite! { + forall resolve(&self.get(k)) + } + } + + #[open(self)] + #[logic(prophetic)] + #[requires(structural_resolve(self))] + #[ensures((*self).resolve())] + fn resolve_coherence(&self) {} +} + // A slightly simplified version of the Rust hashing mechanisms, this sufficiently captures the behavior though trait Hash: DeepModel { #[ensures(result@ == Self::hash_log(self.deep_model()))] @@ -80,6 +98,25 @@ impl View for MyHashMap { |k| self.bucket(k).get(k) } } + +impl Resolve for MyHashMap { + #[open(self)] + #[predicate(prophetic)] + fn resolve(self) -> bool { + // FIXME: we don't resolve keys because we only have access to their deep model. + pearlite! { + forall resolve(&self@.get(k)) + } + } + + #[open(self)] + #[logic(prophetic)] + #[requires(inv(self))] + #[requires(structural_resolve(self))] + #[ensures((*self).resolve())] + fn resolve_coherence(&self) {} +} + impl MyHashMap { #[logic] fn bucket(self, k: K::DeepModelTy) -> List<(K, V)> { diff --git a/creusot/tests/should_succeed/hashmap/why3session.xml b/creusot/tests/should_succeed/hashmap/why3session.xml index f49fa7ceee..2b32b96b35 100644 --- a/creusot/tests/should_succeed/hashmap/why3session.xml +++ b/creusot/tests/should_succeed/hashmap/why3session.xml @@ -12,6 +12,16 @@ + + + + + + + + + + @@ -22,6 +32,16 @@ + + + + + + + + + + @@ -73,7 +93,7 @@ - + @@ -85,7 +105,7 @@ - + @@ -94,25 +114,25 @@ - + - + - + - + - + - + @@ -145,7 +165,7 @@ - + @@ -169,16 +189,16 @@ - + - + - + @@ -237,10 +257,10 @@ - + - + @@ -285,7 +305,7 @@ - + @@ -300,22 +320,22 @@ - + - + - + - + @@ -336,34 +356,34 @@ - + - + - + - + - + - + - + - + - + diff --git a/creusot/tests/should_succeed/hashmap/why3shapes.gz b/creusot/tests/should_succeed/hashmap/why3shapes.gz index 015d5c1e7df810f86edb415c9bd123af48b2d3c1..a7767c4a88461de6802c10a709b1bca240e36c33 100644 GIT binary patch literal 7543 zcmV--9f;x|iwFP!00000|LuHBZzQ>{=H9;|fmzhtGaJ4{NrSFMp#Vb$?m4rVi@@v* zJ-dC{ZFjp|{kXq=pva8Kx1DxXxn8|69GOW;Bt=mq^(p@6KNjzPioe!(i{IcxBl@J4{$y`oV~q|Z!iCKb^QufU-6sqfd-0iFW=tY zyn6-1FyOK&4tPF2Z1xRp=%|vGe)-&5CmM3k>G`tp4)r{a=@( zEN5@WugyS9LK!gr*ZW_uD-FXW3r(`n0NcXyBrH$D^1iS-32Qcml}T8cgq3Y!?If(7 zgtce!uD-jy{=L3}!Ch>AIDZr0-QT^>_wVoG_2m}TvaLHtaK6!Ld{?jA#X-XHr?dNs zCzyDGv-mpR-(Ftb+z%9gitm29yuSVM6~t2Oub02vmU{gP2D~_l>U`oB&o{coqYdC< zlWO^Z1B`QinQq_Tly@87p2Z(t$Lo6YVUhmEz@l4!Pz#`Y@6-bmT9(Snr-Q`y(ZwnO{V51Q*)aHH2BF_{ba0u zB@GRT@&59ke}(w&r+>y@U%{(iejWydH(SPxFt0zD7a(jKCDLR8Nayp@rd=XmY<-#+ zAo39t>@6N8Ibfz^n@3Id?KF?myzH;a?{cey4l&*%`oB9f-DLzEkSLoGEsektMdzHtz z9MDWEyof*aPtzKvH}Qwp83r`xz2Ua5kk@nBg`GrL-|?J!Y)Tdi!= z^Z99$#tgVpt{ZTr-Tt(iZ5YrWS|D!AE8>8Y{&m1<0{Y|TP&&{`!G55Xe*4ohI`KWf#}=X7Q>&y;|J=^=n956q*Sp)1WUF`syXZCd-;33eqTQ=D>LQe1IyS^|GQpOuL7IPdj0N?pX%MG=621<+0ItH zxV>zcd8|A4dj2!__UQ2_f0pxz5KtozjUKsMi?8!FCyk6{OryWe`y?EJX^gK zuT~#+xwv|HA$M7Mff4uSR$g4}f$*i}9tgKhW}k;O<@s5>xxFm6@6&a?OjkGM>gLCN z!aYTrv-ol%dgPavn6N!jb=qdHpSb;9e@&a!>E1tHACT+| z_Lw8TU)Y}X1$c$7mVGv^A9o4YpLKa&JTUn6n^T?A^_DwYs)EKU|9bJR3TmtR3=XuF zRt$gqasNlWK6^XI>@tuXqBszwPZhaUS#LDRZijObZ!+7f(mObu6+E$%gINh~XLWHi zw>X-MJk)4eU^yI})mF%X*>(4i< zGe|S_xBhrz=AzovW&Q0)1*QLRd;e3tJ5+Gns;W(L?3UWr1u<8}9fu9&nSNiJ$RYVV4*E zw6gOHjdy6?XG;5ss$YI8PK>CRjh~w<*l#n-*cWRfcC}wxJpYt@|ji@>uq0Pv)OgHpLjpn z4vogh_;ZFuFUP>Y{KxQ4OpC6?;+ymQz-N1h8VPM|xVj_BTC|wx{2eBKO z&FYJzl#`3;3+Z+LVhg%PbbfJS0ydDJJC0XnAbfK|*0_*HLHb}1BE~bCbQdCq zJjev+=@bwc&mb@}W5D{;1n$xq^Q9y3a|=tzGnSBNEFn*tgAwSrkGGOdyp@^pVSdJk z`5k;1&e$)Uv0u1@{gN5`WoPV{9kE~cGi-7C(yv|h4EEv~>(!r*>?u633~UDS2lkTH zk8ch)^@Bin00*0{emvY%%pf|5J=k>m@y+J8M7tH*z9Xze#z7{`<5~;SL&3q|YVj_^ zH;hvbaj3i9&tr?h!0rz-8Xs0ejOCz3xS6HTNb{Jrm}dnDce3{2;zXnZs~T&sI&hI7v=`0Df3O@8->30O`3{6prE z+_8Bicd?0L8pzJk(elTMY!j2eLpK4lY2_WwK%2mRvKvUbo;yrWW(((kgyzk^HhMA{ z`saakLI`d=uBm3A;7DLH{I<74z)=vfpFqU!5QrFN5Hak7h!JNLF&sn@^MoSiZ4|Li zC}PA3M%agJ~{;)k&r{K{t0>D(bKM8R85Z+c!#cWQ-`;Ws&RoWW{ zA0S=h-eeNyN305lHDk6qm(rY(Sem4M-@M;yvya)pT~<$ zKd+IvTV8XMVxP76^AYL+-9bs*#Yyb+<`X~5+XB<4lVllNoFw#m6;mL|W&vSKb zHvPsna}uAu$p1Hp%kI_{G{ z^iDq3jP=V4yJ+91s^ZDMcYFSy(fm;_g`4{WPLA-V{(+~tlur2!e-f|Gch=>yqtCb~ zoLtN*T> zn3HW4EUT2KPvux1JA}tLrHhf-t1=x7Ty5W-xmvRRf!)gCODP}P`NLOUt~Sf&k6(8A zU}n~%?Yo5C8!aEGPd}n$rrpXmtpKRy!Tsz-2O!{gJ^E4x%la1i|xzm2=JnhuW z64zTx=VM`LuOFbEA0_|*K1@HOY-dO3Rw}$w3!k_D3 zhw1#x`I4~XAa)6__99E}HRO$;@+g~~?qK5?o-`}27oxYJHLIV_w?WHDC+%q?2gewMYKUhn>B z@8fyQX)1M(Ih(byJq2<}Yu9ra=VJ!aaY7H^dse?~$@nb6_h z_cI|roKEmb(Km0z(R_0Bz0+!coQ>NqI|2C7K^|=K@%Po$a36DbowJ^k?0u4VbEoY; z9DOUtp_?{1PQ+ZjxFnnlFzdTg;}7~kS~zESk7tm4Y<@1uK4m&DX%7znpo#SsN5O25 z=i9I2CF5El>l-V_V%fd)Zgjlw-qpMNtJ|BS25I)~(VS{uX4Agb=YIcd*AwOadY&Ak zdZg%0n?-MWYHGX<0)HezSSsV`5yEPa%@d$m=;x)t51ffDnfwg##WO@(h8g=UpLfhe zpXG3?#~UAZ7~sak0QZsA-@zy^ek4GLX7hu38Te^-IZ%Hk>NBP8uz+U__LSN0(H%e6 zUThBeZ+hgdIv3781(+>hWVhB9ytXJ*k z;pZ25@&r;^&GODZ)NN%2Jl73a72A0qTLZK*Zeh3%5gZW+cLl;nx8ha1d58@FKF-*4 z9#O=v2cBP1*{`^>JRv+8Xay}CTkc@ECun@fj+a4Xq}c`4FQZp66R>$jwpH*r09rl( zNxMG;>e|6{&5*7c(RJ`8$2iPzE}oEDG|caCoY7l6p_q9a#Z1Et-I|eGIyKsR{pBl~ zFzVRDthZbDEOu)lc>~Y7l>k55Xig@U*vuKS$P;9-GlIt%!EIz@rZpoB#~3-(Xpa#) zGh$~(W{seGjFAnEFrLcDL5=9li0*3y-Nn_emRFGdX~k}ue}~1Jeou$#P^*dMEVNt} z+uW^&H(6+h5ji-@j6OC0dEk1?#+!+8Pn&prTKT9p4>a1-Ce7NU1Jn8_Bb(DIr!sPI zT5)Cs4@~PmBM%t5`5;4wnUU#5!gO|KTjnZ>k(6U;&LXOX=zVG)fOR2(0|g9lX0vrg zj6rom>?Nyp60vzzEmUP8!3P&?&|uCG1VlMz1m-3!2G>{1-XG&bO6);j`WaDg9?*Y_TlcQ1Fg|iUE2GJlU zhy>vv6a<4nU?128wt+RU2`qs*Fr8TzXR7g@u!)V5s5+Z+6OTEH_X|V8U@#EG2XRmC z--$QXSj!p3A_JHNLR?GDsb-rO#snk5@bic85KUpsrm5%35do?z*^p)^%(O5r7#oa! z&?pH}g&b&1HZmIn#(uy4(#vQQ36K`|%<<3Dt`mNFRQv`CIv8W*TFx#}ylq!w|Z zCa8SO5sfr94VVcFr;-6�*%;VALAB8dX2?pklaY5H-q`y>|IHV)iN9hPlE*g1Vsg zV~(kiZ8BJm$EcR9%aCKVC08Ux?+T0h@E6xWE9P0j7_c-%Eb_p`exBv zSU3}$1jjGR6=0LZ3|_!`^oDXFFy1#?#9@MkbHUl*^fU0rg^5irTx_lk7-MTWdS@%g zh@~t%1m`~+d$lQ)s<9S>lzhbMycLJFIGbzC3(vt*@c22IY|e2i6|HwkxFql~gFIpCNoU_gX`;6D%ZTDjVa%~oRP#6txm zBF(c_uih@1_W^tQ@TCgjgs52GoE0UdhOr7pj4r8d8FUnaFksJwzI0*4yO=o^+pJ5# z;9CU+YK~gTj(I5z2PFD>gz~;6$jzgmnp#@L*iflRYeZSo0!af>mrTAs>9D6OEY{_s zAOaDkN>q#0SQld)%K|ySqZR8FeCIva~BR8te#0tqrf%L`-;$R;3vWs+&6 zWSzPOF8b=w#ndZrBpzb)EiI63FUEY8!o}!(_AXL!&TB?fD>lMbv3jyhqX%ankloiO zTrJ{K5rt@tXKzw!!eUG>h}u||+mld0!GHo^ub==i*6b3Ol$@u;=%uN)nn|$vUJpX) zfBbF8>l;*tmQ7LimASO+vUf&`+Df#R*L+)YyJ~weh}8OqO>@nV2#`D}I!b0~&^Dmx zx2XWjCK+d}*9N4Oob#1jO{Eyn7V}a8KA^a7TM^ROY7gZaRLQ*_Dz=Jan^clEH!8wl zKm*^0LaY~uVwIc81XXz2S=3_Hy+)n0w%<}LKo3h!-0E?g;5 zulZpQU%p4>AZ3$$OV(6zi5&HU2zyDH8%6-PAY`_&OE^~FWCTE$FgQ4#^ij8U{D zzbbg5u>p;Kzk0F~a}PHgJ8z1j`hv#hO2S}D!@1y!#s@U+`_@+MAO{c0Wk}Jsj(SjV zO=@l#E9Yg!S23W%-`XOTT8boOvd&dtG0p%rTcK4neqC`^4yg3E=H`%@8)pGq5ix>B zMdNMpH5XxUu8e___CNW$1x<;vBp+LArCM(gT?X|WtBoAJECuZrqThzVVylS|f!RdJ z&PJ<|V?POQ;0(FBlCJLC58HomJJSPI z<<#+o)j-YUjA6jkD?{qPOx{xwNk-xbuw-XbD$HONH8Xqc5KHWq?fQQX=qRAWfDQs$ zAJBHxqzz~_pfv$)$2M|6O93sO6&nFFm!`m4je}^IL=sApYFk$g_i6VgpqGH21NPj< zV?e)zW%gcOhiAHg&IWXP=3{nQZL_vzR|-d?lzIUPnEq_Wrp;xT+>cuZ5e5(77)bijQJ5X^wtDz=41Q_4xhy zj`mUyDhx0dy#xSrFJjpn<>y0{PJKL?uPTJ(_k771dyp?76m9Y)m>< zM7(~?Az7>~j>H-%Cacz(n{@^gdrK+RUTf&XeB@!JidrpRi#lM9*%_y)))+G>VCh*r zfe!@kQw;A^ViIne`^kbrt&(c3zM|J;xby^>u)~`>KpF$#r_q9?RIs(a6`(hfQ)O3O z_SU5gna2E+u=ApU&;&yHRJ>$|Hd$>Y64WFXtr4lwreqpGiDPz0=mVkqlzeyst(uLY zstvP+++p)Zb55WY;+QuP!He+H(AM01Q|U-(MO7$XlM1nQ#&l0f9l_oq>>b12LF^sH zP90j$fjYi^gvfs+cAOY?xro(*6>_z)i3p$vYwdWJK+J)d0x<^a`1+S&EsC+u_>5S< z2_`lPz$o+so`lerto1+nTr3JgGtj8R{V9Vt##1z&9M(h?>w?$?VjGC{bMsmYHRs)U zbcD$y*D7aUkq!9nsruy$fk5nEnzPnoQ^oF~oHTXHNx(o9_tf}^P?}zxidp23b<~z3Q=m?KfJ`Q$yn9Q;N;P@(7oDdSmQLj4xUoXo<3AY1;a2&17#o?l0eaW;|s-xMp|*k3f6))Ms(wKjy|l@uTeVh(Vui6u5@uye$ea^GDvroh)!Mv|B&0r#xuH@Z#jjk_9vchV>RDp8 z>;;KS605#ZM4!hrRLwFCRSBg0l}p?&E=x+;)Z~g)Z4JfcC=8WLZf2SBstcrDbo~ZI zZsJA6wrnFx6XP6fQy{X?_ z#L|pdX}0CYiIY(D2pTzKl3uQ*o*udW2Z5{)WV<44Agh6Tz;8PZ2eLHMew~VNnUcfU zl5JcqK@*Llwf6dWE441jNg&689DOG$iT%w0rWcT7iH1$lcN_`-=S)1bQ$6l`u)d@sXJZFO#tbdGWIV8`Nin4* zFp|7khUxx$R#irkS{qtPF*V=3b=t{L2_E}45x%Jn6vGLZ-3iuXn4SOD z--iD${RMnB7F)z~j@7emm07BX+I$^TdhWLY`gMT6b+?5nfg%`F;)G-hGn2ODicgg~ zlu5=MpZjHszx8*}?QzMN`kTHY`jo8Az{16VGfv;vfHU5|&qggqvl!x;w=VKDLji+`-w{IQi)={B-fJ<>e_1U-5^&K^=vkE`GYc zx;=%i>u}W-J3Jd3^Rc0m6#;Z|Ha1QMO8p`H*y&E4Z+$-dFi;Lppi^fj<+tDO{<`R8 zIk_9hgmFwb2|tFr>x<>pT}R=UaQn-}<@L{}5OOKMU;K8R%jGF_czzVs**Gnp&4$H; z9pHRUwQ67oy%-nq`qNduoqc=qQ$M=tXeFlZF#Ol2-!BVw-QJa$sgpWh5lF{pV`F=% zq$zUMS10&!^a#fz|NG#Xmp%zf(Ay&(ED*4Wc@G zHa0eG$$cEm#GQ?eL1O9&@?yWfKbN}| zm#{kwa);8?aD7!yVYHxqbZxPgSGoMzmU5Ze=-ig##CRh`m?I>M3*irgVp_bvCu;G}58|IK0`Y&!*O#Ms+wS*LFB) zx3z}Vh7R4n7sSqAkS6}9f8F7@0IfNnN_R9U*mX4Mx3yNj*M-}1Syycizm~sNO$mR5 z%hSO8Qbn_3jyL&iA32aG2_ltHx2(Ew4OwJ6T@cm7mMa;`)zrQ!lSS?+8IVUBZt;Gr`BH z&EdapK9!TL&*wWTS$#@y@~`c#H|4k9OWiEuUyJ`PH`hJMM(+eCdHKh(ZR!)zOt#;y z^M2lkk2|u-5nXn?>iug6p)Rk6Wuy?VZ*HzXmwfu$ug470`iAAzFXd)=cd^XP{kMPZ zQEE%oT=;LF?hYBn>TMroo74BreH{kXox-G%-dOo-aeh-iep=p?+ZD4k%&JbB`Cj}H zE6b zkIz>gpEmNNw&{kSF8=TJZ_TJz5yp)8MZ|o7pY2uRx5nZ5lhsRMIeggWV)^nyZnN?N zGw!UdytvpM;Y-Wi5pJ5yE)Q$Uvy*UjeUYy}#mjOLmsfdt_46*_jw01b__3p1WBfnU z#5+^b21j&Y;?)*<;K@rY*p8@r+-5Hyx&2*!OPkg4-alOKk?ak7%%0yjwkN#-uh7)8 z%f{uyF5&W3U(fSC+Ksoq)q;0ynSEpS zwl4P%df!Xgv$V6s^EWeLqP1Y#Z|I9MF_tK1cGHvTS=$`r&xQ%FdV^F?@@DrAvDcTG zp4EN&m`SXjrn)QHuQs~JO}-L8{i(q=FZ%1s&M!3IzIC4{%>$}_`K35AUS4&6Y9?U5 z&m3Y`tXX7g-deQ&m~7)w%$unwGTO<@*JWB<`{JnxZ|ZE#!=Q(b_+Wit*uQ@4NbZUB zr-5W+9ywfgFeiIsnr(0U0-MdY!~M$p$!2KON5-!i7QGw;|N7T%Bi!sMT@TFMF^+`L6T+T3c8SjS8)>rudAfo2 zykjS{#e1{L54-Q=SDfv9ztic2nr0tAjqI6b5XpYM3C^3*ublRWrxvF=hK}#s(RzY$ zE9*^T&rF+WDi{HKFaq{q2LQ$sY;YR@hTO@ByW}+jj3!hRO`s^+Mt~u8=EL|@&mmxH z1R<#rgR}uKspBE#S_F!O$e{n8lhWyLUgs(CdLeT zLJIPP6y#BJ(8Kt4(Nr==Q>h94+^l8vYoh2K~vS<=cD^N@SOD!60DxL9d(DK`JayI>==#rW`}Ea zugq{7c>t$AUESoiAB@0ha%az3N3w_3k?i>#qtua^qNCNrk!%jW-l7{}*ED!X)zKWm zO=gCJYq`VNQX7Eo12iB0H5*AKXrDXMBmQsJTvJUjz@9)Q__(t}z(I(x8zI7WA4C`? zh%oFzgb^o%`sHbFkZEs_ac>w-BTm8(n`?Ot z94#RLjFtVP@Rs+%ZRJ?V=4jpj*bh{tooVnM(lzXTLd#y2&s(U+5i&>{2>%gZOC6du zs=twJhjFu7S1&}vRnE>bei+=(#q!U?)u>+tI;YrWE&O_bx9a>E{+lP+gvvqj}qaPlrzYg7&&i~zv=-bQY+T(E^LE+AFGN-``*pMy%f&( z2OJ&YRr!p^xs*ov1b-5iXIt;(YM@tqDZ}#Um+}erjBm`K!}3)O8c#M9{*?Yl2O_u= zBJkrwk;d?v-_6n1umjn;Wh293|9G2XY~1O6d=MaMq?#{a*_-dsBYD45=(mbGg0S ze;)8+SQ61@iLH9s=hG(-(_F`)jczPCl zLG1>AvLd zI%Pda+50H(e5Y*>4*uN6zDqXPFT_;6xFDEHE9*;8{R4GRS~z8Q4`+~kXnih7KV~^E zX!}yf{U+9W*r(^)KZXm2xk8S~=z3p!ds}Yqme*GYZBXr+pgPv1)ZC=jhj{;M+xev3 z;+!0!dZ2<$^9nXSHXGiAd_NErtd#NipkSC}ew;H2{j{w2o&&BGldlj`JVCToWU<@x zX=g_CDkoJf#CTq1-}aS#`-RotpeHY0-=}@6`K(boew?G~1y0RfsBT1TGI`xGzB415Vxp zJ-ge7&Dw%yO~|YXn6-(^nqXNIDvL+J6?M}uF-{;X9?{CYiB_g=LSRh*EIoGG`4P)g z8nNiu0<51l?o(_RKGF=gx{>WZ*lEffRv63)n#dzGu`z;&8Np2iWTG`A42Kxm*J+0l zGcjT&MkbA*eTb2nMi`G}WUof_#E9P22-@@Iww4EI{`juWUxNmJSM5Fy)4pCK%SmYU zdTeqxOs|sA79+BEmI-C5{&UYY7@k}i;*K`)@UrqjZSLu`qfMH$Nqd&{K}P1wD#tRi zcUf^_1otfKE+h9Cx_XwO!^Ft=bHH?RVrt?dk&!fqT&+RW27+_3Isn!S@$AW?hZ9`^ zf-MG&M4h$DS!@;sPTgIjLey zsue*&Oyq0{(Um9*@u)nCNA^e_(Ia^0?MbewrJus7h*AnAn8b)BxWJ^0={vG#^bDSy zC+o?0(w>wj@x-3U6M6!V&ZG5cJnEAQ(dJ+s8;Z;ZS)64lIh7o2C0eldtUQZn_Dqi+ zKVnGW3`4G{Y^gdaOjxZeCZ!O=f}LmU**txUQrW~RWFm160APwJ%+(QC11c?qyr36& z)+|P&%~V*q1VWAy22n9roehv7UWoCcy(ll@g`YcJk&ukiq#OpD9aUgwLd_CUiHUU~ z&Wrt$GwLdp1BaXmvzAf*XO^ph^@T3(rM$RmRLW+X~z?>^aXJg8#y;_RA z!Y?{!BvW*yV1i8s7>kaOb1jZAR)Y(ryb`bY%TLW!QHjQc#8K5sHmDMW+12a{X<8`b zmHt|@+oFSEs@UE`A~3lqk_^rzb`Wu)oLBZMG7vR7TZ07f=1+i9gP`MUkm5$m3bUZMkUx=NWvbB*_#FSZ)H6?IjACp+Vn}@y5v)-b^};G|#as54UYXU(kpgioNipZB z5vj&(q(lx>8mrb@c824MEq!Sp~|OQXexFt(4QeaO53&2j053!gI)?F=R+FY`!pek4A1WE#JYlwtk&5CpJ2>eDRV3ow$oQUrWvTRv{#vr*^T_aKq;*8S{1IGnI6UBN2^NomPL0N{DZDwZ0D&^+bNk~(u znfsKs&wiWzb!xf(0t zimjM+)C(kNC6jMUDhYwLG1jCgq%E5OMMYh0EHxPgy(1>_Ncas&rF0U>5poi39TZV9 zhMWv5N~921QYnul9*Ms}3Bg4PC6X8ygD$qH6r;;2hH6@As(A`B9!Y=Wf;vnrTw>IQ z0_jk(m7tR@H{S=zt6!$$e*%g9AqeRnAIP z3@Qb!uvCk-6&}kfC}i@;_?>D%LF8IZkV24)0ZSPnrz{C{a5}9t&<-K^JJ$r3qMa?O zNJRo*HV%wd9CR>Lt8PUuWbKjFJJARyQjj>HU^bKhq}Ix+w4B4`R9a~b*}OBYl;j|* z>Vl1;iL?SCB8#OOAyPP0^sohH?@l?Sonz%();46e?RXdb-yLYG{ zQ!D1!N++bKsG5=>u(DJFNGWzGVWN;n!FQ@8W`#~SPaH8hRRSQYs5n)&*;&_$rzlNJ z{EoGR+Br~GJCk&>kx{IIVsp;91eMHCw?)w&Mg6U?6Rs{Qt(cPyl|dECttg1OBo}J2 zeXJwRw9L0Ep$1pM#cYE%If9~?#cGW%nPk$cz^t18{njN7%1|YTx@2vIYG7_48>q!p z#hIppw8HO2VpD`IHq=mR0Ga?HN>!w>QEQJ{dDQJY_Nd9DMvodis^-3} zM`b)J?NKR@N={HzGEO8Usab&&Q5XzcTXkV)nohVavT+_wkzDT+}ZTMlPVV>lJO>FF2=jjsr*S zbYy1*BCu$qCC6BDj;5~&^z(e-d1FXgv;pVX8XW;Gryv@Hi@4b5-00Y&qpvc5u~j8< zDy5vGNJ*G7MmAcBQc!eDYtc0xv`42ry04>$S{##(lC87VA=_BAsZIh`))M>dk)XMs zHm~#O>{sJOG&&(`aytaDIdcv*sfq&Dp;OqBGy?Y2PMp6YAF3ATvQ?xsuua-RHmp?! zXKWBIEe#@&7vTljl_XJe5XI5N7+N@*jf$~B<74xfgzO31E`gp9Jc08BO;^SfXisg+ z{zCjvgydo*YfS}6F1rARq!>#k0Q8X)q49)`FXaj4#drhG)wn>lowR^f4eIDfM=sS8 z*u3J+z8Zfa=x6}5wzilMl+`AZ3(+VE;=}Fm~EoB!K;c|V`u=3s7g|?LA!NT z$~vnR#1@bevnM7`jGkIB-JN|dr7HlErR#OiGeLKO*fQ94ve+Dg%qaxf}Y3+)08>3|%p3Ax?A5RCmkC+JCF;QwvQ6KWBTmQ+?~0d)ezNGU;y+5zE89`+>k zP03{wD3>Ufkc&Zb5mZo$8X`bbb++YGZC(T4qVhHX5|sX& zm0F$8X;0F`*5A6wijhs*1Z;6F_sxZ++ERc(K`OP+eHD6AO+NQMh@70#Nfl-QXq!ka zL7;+(+yJ^N50^+t(f1-TI_IiO%3+jLP1G?o@l%YUI#jh!<`sW$QWFG66gWf3x?L;B z;&M=!vaKej7I!M~q}v~R(&R~_Ck>uj)UT|kmZhjxhgLo9H>wGzT;`ZkR+M9^9HWUf zv^xNrTurzj-OBCSlUDCVC&IBM=`_Pyx^ovFDUZU?3s zib*9@h(#rKPMpLA8T8bIdw;rN#2|&W)e?!Vva!~7nb@FBI^|U`+te}se;;a5HgZPo z3}OVOBee_Pg1HK2)H(J+u;KTp8lq^OEtv>HyLJ_GtQ>Sn7DSHZe@ z*Q%=AetwA2x~d`?*K!)Gg)D-B;!=N(W}BMadsmf9&X|OhK!HR{>=^3kSt)5a16Rs3 zuxB98(7;^{-Q_$v>&Y2UZAW*?lM_#l*Q#k}5Y3r1$K%kG15dWW!tCl<|6hjxgI-$g z!fH=;c1C9#&CB5eG-YggbxMvHlPNWV&LI>e>sZwVLsN*X_UCt|oc6O%T#|A|7Y&9f z1QlGA?ARy`&|ql{#xv-5r<Ro3G_=H<5#F_q6p0E!lP*Pvf{9pLtCKP1*v6H=(&O0o%W3F z7gFhOy|rRtXq#QioMQymj%u-@qKz7<>I5xW=LT*A@Qh7&>TlhRHW!TwRIyTZCDv-h zDyJjF0+^ENuPQP+&uIVF+XmFiF&oZ-Av;8)QfNPgnhnPqrP`LtbNhLlzje1;2H~7A xrmP{Li_w?_ES!zDMl$BwU-xjH$$BQ^nY3q8o~eD`?yu0v{|BZN4oCyG008aEASnO< diff --git a/creusot/tests/should_succeed/iterators/02_iter_mut.coma b/creusot/tests/should_succeed/iterators/02_iter_mut.coma index dbbd5d850c..dddc58149b 100644 --- a/creusot/tests/should_succeed/iterators/02_iter_mut.coma +++ b/creusot/tests/should_succeed/iterators/02_iter_mut.coma @@ -1,7 +1,42 @@ -module M_02_iter_mut__qyi4305820612590367313__produces_refl [#"02_iter_mut.rs" 50 4 50 26] (* as common::Iterator> *) - let%span s02_iter_mut0 = "02_iter_mut.rs" 49 14 49 45 - let%span s02_iter_mut1 = "02_iter_mut.rs" 47 4 47 10 - let%span s02_iter_mut2 = "02_iter_mut.rs" 39 12 43 13 +module M_02_iter_mut__qyi9908912287408438076__resolve_coherence [#"02_iter_mut.rs" 13 9 13 16] (* as creusot_contracts::Resolve> *) + let%span s02_iter_mut0 = "02_iter_mut.rs" 13 9 13 16 + let%span s02_iter_mut1 = "02_iter_mut.rs" 13 9 13 16 + let%span s02_iter_mut2 = "02_iter_mut.rs" 15 4 15 22 + let%span sresolve3 = "../../../../creusot-contracts/src/resolve.rs" 54 20 54 34 + + use prelude.prelude.Borrow + + use prelude.prelude.Slice + + type t_T'0 + + type t_IterMut'0 = + { t_IterMut__inner'0: borrowed (slice t_T'0) } + + predicate resolve'2 (self : borrowed (slice t_T'0)) = + [%#sresolve3] self.final = self.current + + predicate resolve'1 (_1 : borrowed (slice t_T'0)) = + resolve'2 _1 + + predicate structural_resolve'0 (_1 : t_IterMut'0) = + match _1 with + | {t_IterMut__inner'0 = x0} -> resolve'1 x0 + end + + predicate resolve'0 [#"02_iter_mut.rs" 13 9 13 16] (self : t_IterMut'0) = + [%#s02_iter_mut2] resolve'1 self.t_IterMut__inner'0 + + constant self : t_IterMut'0 + + function resolve_coherence'0 [#"02_iter_mut.rs" 13 9 13 16] (self : t_IterMut'0) : () + + goal vc_resolve_coherence'0 : ([%#s02_iter_mut0] structural_resolve'0 self) -> ([%#s02_iter_mut0] resolve'0 self) +end +module M_02_iter_mut__qyi4305820612590367313__produces_refl [#"02_iter_mut.rs" 51 4 51 26] (* as common::Iterator> *) + let%span s02_iter_mut0 = "02_iter_mut.rs" 50 14 50 45 + let%span s02_iter_mut1 = "02_iter_mut.rs" 48 4 48 10 + let%span s02_iter_mut2 = "02_iter_mut.rs" 40 12 44 13 let%span smodel3 = "../../../../creusot-contracts/src/model.rs" 106 8 106 22 let%span sslice4 = "../../../../creusot-contracts/src/std/slice.rs" 87 14 87 41 let%span sslice5 = "../../../../creusot-contracts/src/std/slice.rs" 88 14 88 84 @@ -64,7 +99,7 @@ module M_02_iter_mut__qyi4305820612590367313__produces_refl [#"02_iter_mut.rs" 5 use seq.Seq - predicate produces'0 [#"02_iter_mut.rs" 37 4 37 65] (self : t_IterMut'0) (visited : Seq.seq (borrowed t_T'0)) (tl : t_IterMut'0) + predicate produces'0 [#"02_iter_mut.rs" 38 4 38 65] (self : t_IterMut'0) (visited : Seq.seq (borrowed t_T'0)) (tl : t_IterMut'0) = [%#s02_iter_mut2] Seq.length (view'0 self.t_IterMut__inner'0) @@ -77,16 +112,16 @@ module M_02_iter_mut__qyi4305820612590367313__produces_refl [#"02_iter_mut.rs" 5 constant self : t_IterMut'0 - function produces_refl'0 [#"02_iter_mut.rs" 50 4 50 26] (self : t_IterMut'0) : () + function produces_refl'0 [#"02_iter_mut.rs" 51 4 51 26] (self : t_IterMut'0) : () goal vc_produces_refl'0 : [%#s02_iter_mut0] produces'0 self (Seq.empty : Seq.seq (borrowed t_T'0)) self end -module M_02_iter_mut__qyi4305820612590367313__produces_trans [#"02_iter_mut.rs" 57 4 57 90] (* as common::Iterator> *) - let%span s02_iter_mut0 = "02_iter_mut.rs" 54 15 54 32 - let%span s02_iter_mut1 = "02_iter_mut.rs" 55 15 55 32 - let%span s02_iter_mut2 = "02_iter_mut.rs" 56 14 56 42 - let%span s02_iter_mut3 = "02_iter_mut.rs" 52 4 52 10 - let%span s02_iter_mut4 = "02_iter_mut.rs" 39 12 43 13 +module M_02_iter_mut__qyi4305820612590367313__produces_trans [#"02_iter_mut.rs" 58 4 58 90] (* as common::Iterator> *) + let%span s02_iter_mut0 = "02_iter_mut.rs" 55 15 55 32 + let%span s02_iter_mut1 = "02_iter_mut.rs" 56 15 56 32 + let%span s02_iter_mut2 = "02_iter_mut.rs" 57 14 57 42 + let%span s02_iter_mut3 = "02_iter_mut.rs" 53 4 53 10 + let%span s02_iter_mut4 = "02_iter_mut.rs" 40 12 44 13 let%span smodel5 = "../../../../creusot-contracts/src/model.rs" 106 8 106 22 let%span sslice6 = "../../../../creusot-contracts/src/std/slice.rs" 87 14 87 41 let%span sslice7 = "../../../../creusot-contracts/src/std/slice.rs" 88 14 88 84 @@ -147,7 +182,7 @@ module M_02_iter_mut__qyi4305820612590367313__produces_trans [#"02_iter_mut.rs" use seq.Seq - predicate produces'0 [#"02_iter_mut.rs" 37 4 37 65] (self : t_IterMut'0) (visited : Seq.seq (borrowed t_T'0)) (tl : t_IterMut'0) + predicate produces'0 [#"02_iter_mut.rs" 38 4 38 65] (self : t_IterMut'0) (visited : Seq.seq (borrowed t_T'0)) (tl : t_IterMut'0) = [%#s02_iter_mut4] Seq.length (view'0 self.t_IterMut__inner'0) @@ -168,19 +203,19 @@ module M_02_iter_mut__qyi4305820612590367313__produces_trans [#"02_iter_mut.rs" constant c : t_IterMut'0 - function produces_trans'0 [#"02_iter_mut.rs" 57 4 57 90] (a : t_IterMut'0) (ab : Seq.seq (borrowed t_T'0)) (b : t_IterMut'0) (bc : Seq.seq (borrowed t_T'0)) (c : t_IterMut'0) : () + function produces_trans'0 [#"02_iter_mut.rs" 58 4 58 90] (a : t_IterMut'0) (ab : Seq.seq (borrowed t_T'0)) (b : t_IterMut'0) (bc : Seq.seq (borrowed t_T'0)) (c : t_IterMut'0) : () goal vc_produces_trans'0 : ([%#s02_iter_mut1] produces'0 b bc c) -> ([%#s02_iter_mut0] produces'0 a ab b) -> ([%#s02_iter_mut2] produces'0 a (Seq.(++) ab bc) c) end -module M_02_iter_mut__qyi4305820612590367313__next [#"02_iter_mut.rs" 63 4 63 44] (* as common::Iterator> *) - let%span s02_iter_mut0 = "02_iter_mut.rs" 63 17 63 21 - let%span s02_iter_mut1 = "02_iter_mut.rs" 63 26 63 44 - let%span s02_iter_mut2 = "02_iter_mut.rs" 59 14 62 5 +module M_02_iter_mut__qyi4305820612590367313__next [#"02_iter_mut.rs" 64 4 64 44] (* as common::Iterator> *) + let%span s02_iter_mut0 = "02_iter_mut.rs" 64 17 64 21 + let%span s02_iter_mut1 = "02_iter_mut.rs" 64 26 64 44 + let%span s02_iter_mut2 = "02_iter_mut.rs" 60 14 63 5 let%span sslice3 = "../../../../creusot-contracts/src/std/slice.rs" 291 18 298 9 - let%span s02_iter_mut4 = "02_iter_mut.rs" 32 8 32 76 - let%span s02_iter_mut5 = "02_iter_mut.rs" 39 12 43 13 + let%span s02_iter_mut4 = "02_iter_mut.rs" 33 8 33 76 + let%span s02_iter_mut5 = "02_iter_mut.rs" 40 12 44 13 let%span sindex6 = "../../../../creusot-contracts/src/logic/ops/index.rs" 45 8 45 31 let%span sslice7 = "../../../../creusot-contracts/src/std/slice.rs" 28 14 28 41 let%span sslice8 = "../../../../creusot-contracts/src/std/slice.rs" 29 14 29 42 @@ -191,7 +226,7 @@ module M_02_iter_mut__qyi4305820612590367313__next [#"02_iter_mut.rs" 63 4 63 44 let%span sslice13 = "../../../../creusot-contracts/src/std/slice.rs" 88 14 88 84 let%span sinvariant14 = "../../../../creusot-contracts/src/invariant.rs" 34 20 34 44 let%span sslice15 = "../../../../creusot-contracts/src/std/slice.rs" 18 20 18 30 - let%span s02_iter_mut16 = "02_iter_mut.rs" 22 20 22 64 + let%span s02_iter_mut16 = "02_iter_mut.rs" 23 20 23 64 let%span sseq17 = "../../../../creusot-contracts/src/logic/seq.rs" 611 20 611 95 let%span sboxed18 = "../../../../creusot-contracts/src/std/boxed.rs" 28 8 28 18 @@ -312,7 +347,7 @@ module M_02_iter_mut__qyi4305820612590367313__next [#"02_iter_mut.rs" 63 4 63 44 (! return' {result}) ] - predicate invariant'5 [#"02_iter_mut.rs" 20 4 20 30] (self : t_IterMut'0) = + predicate invariant'5 [#"02_iter_mut.rs" 21 4 21 30] (self : t_IterMut'0) = [%#s02_iter_mut16] Seq.length (view'0 (self.t_IterMut__inner'0).final) = Seq.length (view'0 (self.t_IterMut__inner'0).current) @@ -347,7 +382,7 @@ module M_02_iter_mut__qyi4305820612590367313__next [#"02_iter_mut.rs" 63 4 63 44 use seq.Seq - predicate completed'0 [#"02_iter_mut.rs" 31 4 31 35] (self : borrowed (t_IterMut'0)) = + predicate completed'0 [#"02_iter_mut.rs" 32 4 32 35] (self : borrowed (t_IterMut'0)) = [%#s02_iter_mut4] resolve'2 (self.current).t_IterMut__inner'0 /\ Seq.(==) (view'1 (self.current).t_IterMut__inner'0) (Seq.empty : Seq.seq t_T'0) @@ -369,7 +404,7 @@ module M_02_iter_mut__qyi4305820612590367313__next [#"02_iter_mut.rs" 63 4 63 44 use seq.Seq - predicate produces'0 [#"02_iter_mut.rs" 37 4 37 65] (self : t_IterMut'0) (visited : Seq.seq (borrowed t_T'0)) (tl : t_IterMut'0) + predicate produces'0 [#"02_iter_mut.rs" 38 4 38 65] (self : t_IterMut'0) (visited : Seq.seq (borrowed t_T'0)) (tl : t_IterMut'0) = [%#s02_iter_mut5] Seq.length (view'1 self.t_IterMut__inner'0) @@ -412,11 +447,11 @@ module M_02_iter_mut__qyi4305820612590367313__next [#"02_iter_mut.rs" 63 4 63 44 (! return' {result}) ] end -module M_02_iter_mut__qyi7060081090368749043__into_iter [#"02_iter_mut.rs" 70 4 70 30] (* IterMut<'a, T> *) - let%span s02_iter_mut0 = "02_iter_mut.rs" 70 17 70 21 - let%span s02_iter_mut1 = "02_iter_mut.rs" 70 26 70 30 - let%span s02_iter_mut2 = "02_iter_mut.rs" 69 14 69 28 - let%span s02_iter_mut3 = "02_iter_mut.rs" 22 20 22 64 +module M_02_iter_mut__qyi7060081090368749043__into_iter [#"02_iter_mut.rs" 71 4 71 30] (* IterMut<'a, T> *) + let%span s02_iter_mut0 = "02_iter_mut.rs" 71 17 71 21 + let%span s02_iter_mut1 = "02_iter_mut.rs" 71 26 71 30 + let%span s02_iter_mut2 = "02_iter_mut.rs" 70 14 70 28 + let%span s02_iter_mut3 = "02_iter_mut.rs" 23 20 23 64 let%span sslice4 = "../../../../creusot-contracts/src/std/slice.rs" 28 14 28 41 let%span sslice5 = "../../../../creusot-contracts/src/std/slice.rs" 29 14 29 42 let%span sinvariant6 = "../../../../creusot-contracts/src/invariant.rs" 34 20 34 44 @@ -455,7 +490,7 @@ module M_02_iter_mut__qyi7060081090368749043__into_iter [#"02_iter_mut.rs" 70 4 <= UIntSize.to_int (v_MAX'0 : usize)) && ([%#sslice5] view'0 self = Slice.id self) - predicate invariant'0 [#"02_iter_mut.rs" 20 4 20 30] (self : t_IterMut'0) = + predicate invariant'0 [#"02_iter_mut.rs" 21 4 21 30] (self : t_IterMut'0) = [%#s02_iter_mut3] Seq.length (view'0 (self.t_IterMut__inner'0).final) = Seq.length (view'0 (self.t_IterMut__inner'0).current) @@ -510,12 +545,12 @@ module M_02_iter_mut__qyi7060081090368749043__into_iter [#"02_iter_mut.rs" 70 4 (! return' {result}) ] end -module M_02_iter_mut__iter_mut [#"02_iter_mut.rs" 78 0 78 55] - let%span s02_iter_mut0 = "02_iter_mut.rs" 78 19 78 20 - let%span s02_iter_mut1 = "02_iter_mut.rs" 78 41 78 55 - let%span s02_iter_mut2 = "02_iter_mut.rs" 75 10 75 29 - let%span s02_iter_mut3 = "02_iter_mut.rs" 76 10 76 35 - let%span s02_iter_mut4 = "02_iter_mut.rs" 77 10 77 33 +module M_02_iter_mut__iter_mut [#"02_iter_mut.rs" 79 0 79 55] + let%span s02_iter_mut0 = "02_iter_mut.rs" 79 19 79 20 + let%span s02_iter_mut1 = "02_iter_mut.rs" 79 41 79 55 + let%span s02_iter_mut2 = "02_iter_mut.rs" 76 10 76 29 + let%span s02_iter_mut3 = "02_iter_mut.rs" 77 10 77 35 + let%span s02_iter_mut4 = "02_iter_mut.rs" 78 10 78 33 let%span svec5 = "../../../../creusot-contracts/src/std/vec.rs" 152 27 152 46 let%span svec6 = "../../../../creusot-contracts/src/std/vec.rs" 153 26 153 54 let%span svec7 = "../../../../creusot-contracts/src/std/vec.rs" 154 26 154 57 @@ -532,7 +567,7 @@ module M_02_iter_mut__iter_mut [#"02_iter_mut.rs" 78 0 78 55] let%span svec18 = "../../../../creusot-contracts/src/std/vec.rs" 65 20 65 41 let%span sslice19 = "../../../../creusot-contracts/src/std/slice.rs" 18 20 18 30 let%span sinvariant20 = "../../../../creusot-contracts/src/invariant.rs" 34 20 34 44 - let%span s02_iter_mut21 = "02_iter_mut.rs" 22 20 22 64 + let%span s02_iter_mut21 = "02_iter_mut.rs" 23 20 23 64 let%span sseq22 = "../../../../creusot-contracts/src/logic/seq.rs" 611 20 611 95 let%span sboxed23 = "../../../../creusot-contracts/src/std/boxed.rs" 28 8 28 18 @@ -674,7 +709,7 @@ module M_02_iter_mut__iter_mut [#"02_iter_mut.rs" 78 0 78 55] use prelude.prelude.Intrinsic - predicate invariant'4 [#"02_iter_mut.rs" 20 4 20 30] (self : t_IterMut'0) = + predicate invariant'4 [#"02_iter_mut.rs" 21 4 21 30] (self : t_IterMut'0) = [%#s02_iter_mut21] Seq.length (view'2 (self.t_IterMut__inner'0).final) = Seq.length (view'2 (self.t_IterMut__inner'0).current) @@ -745,47 +780,48 @@ module M_02_iter_mut__iter_mut [#"02_iter_mut.rs" 78 0 78 55] (! return' {result}) ] end -module M_02_iter_mut__all_zero [#"02_iter_mut.rs" 84 0 84 35] - let%span s02_iter_mut0 = "02_iter_mut.rs" 86 19 86 35 - let%span s02_iter_mut1 = "02_iter_mut.rs" 87 23 87 47 - let%span s02_iter_mut2 = "02_iter_mut.rs" 90 16 90 85 - let%span s02_iter_mut3 = "02_iter_mut.rs" 89 16 89 55 - let%span s02_iter_mut4 = "02_iter_mut.rs" 88 16 88 23 - let%span s02_iter_mut5 = "02_iter_mut.rs" 94 27 94 75 - let%span s02_iter_mut6 = "02_iter_mut.rs" 95 21 95 22 - let%span s02_iter_mut7 = "02_iter_mut.rs" 82 10 82 33 - let%span s02_iter_mut8 = "02_iter_mut.rs" 83 10 83 64 - let%span s02_iter_mut9 = "02_iter_mut.rs" 78 19 78 20 - let%span s02_iter_mut10 = "02_iter_mut.rs" 78 41 78 55 - let%span s02_iter_mut11 = "02_iter_mut.rs" 75 10 75 29 - let%span s02_iter_mut12 = "02_iter_mut.rs" 76 10 76 35 - let%span s02_iter_mut13 = "02_iter_mut.rs" 77 10 77 33 - let%span s02_iter_mut14 = "02_iter_mut.rs" 70 17 70 21 - let%span s02_iter_mut15 = "02_iter_mut.rs" 70 26 70 30 - let%span s02_iter_mut16 = "02_iter_mut.rs" 69 14 69 28 +module M_02_iter_mut__all_zero [#"02_iter_mut.rs" 85 0 85 35] + let%span s02_iter_mut0 = "02_iter_mut.rs" 87 19 87 35 + let%span s02_iter_mut1 = "02_iter_mut.rs" 88 23 88 47 + let%span s02_iter_mut2 = "02_iter_mut.rs" 91 16 91 85 + let%span s02_iter_mut3 = "02_iter_mut.rs" 90 16 90 55 + let%span s02_iter_mut4 = "02_iter_mut.rs" 89 16 89 23 + let%span s02_iter_mut5 = "02_iter_mut.rs" 95 27 95 75 + let%span s02_iter_mut6 = "02_iter_mut.rs" 96 21 96 22 + let%span s02_iter_mut7 = "02_iter_mut.rs" 83 10 83 33 + let%span s02_iter_mut8 = "02_iter_mut.rs" 84 10 84 64 + let%span s02_iter_mut9 = "02_iter_mut.rs" 79 19 79 20 + let%span s02_iter_mut10 = "02_iter_mut.rs" 79 41 79 55 + let%span s02_iter_mut11 = "02_iter_mut.rs" 76 10 76 29 + let%span s02_iter_mut12 = "02_iter_mut.rs" 77 10 77 35 + let%span s02_iter_mut13 = "02_iter_mut.rs" 78 10 78 33 + let%span s02_iter_mut14 = "02_iter_mut.rs" 71 17 71 21 + let%span s02_iter_mut15 = "02_iter_mut.rs" 71 26 71 30 + let%span s02_iter_mut16 = "02_iter_mut.rs" 70 14 70 28 let%span sindex17 = "../../../../creusot-contracts/src/logic/ops/index.rs" 89 8 89 33 - let%span s02_iter_mut18 = "02_iter_mut.rs" 39 12 43 13 - let%span s02_iter_mut19 = "02_iter_mut.rs" 63 17 63 21 - let%span s02_iter_mut20 = "02_iter_mut.rs" 63 26 63 44 - let%span s02_iter_mut21 = "02_iter_mut.rs" 59 14 62 5 + let%span s02_iter_mut18 = "02_iter_mut.rs" 40 12 44 13 + let%span s02_iter_mut19 = "02_iter_mut.rs" 64 17 64 21 + let%span s02_iter_mut20 = "02_iter_mut.rs" 64 26 64 44 + let%span s02_iter_mut21 = "02_iter_mut.rs" 60 14 63 5 let%span svec22 = "../../../../creusot-contracts/src/std/vec.rs" 18 14 18 41 let%span smodel23 = "../../../../creusot-contracts/src/model.rs" 106 8 106 22 let%span sindex24 = "../../../../creusot-contracts/src/logic/ops/index.rs" 23 8 23 31 let%span sslice25 = "../../../../creusot-contracts/src/std/slice.rs" 28 14 28 41 let%span sslice26 = "../../../../creusot-contracts/src/std/slice.rs" 29 14 29 42 - let%span s02_iter_mut27 = "02_iter_mut.rs" 49 14 49 45 - let%span s02_iter_mut28 = "02_iter_mut.rs" 47 4 47 10 - let%span s02_iter_mut29 = "02_iter_mut.rs" 54 15 54 32 - let%span s02_iter_mut30 = "02_iter_mut.rs" 55 15 55 32 - let%span s02_iter_mut31 = "02_iter_mut.rs" 56 14 56 42 - let%span s02_iter_mut32 = "02_iter_mut.rs" 52 4 52 10 + let%span s02_iter_mut27 = "02_iter_mut.rs" 50 14 50 45 + let%span s02_iter_mut28 = "02_iter_mut.rs" 48 4 48 10 + let%span s02_iter_mut29 = "02_iter_mut.rs" 55 15 55 32 + let%span s02_iter_mut30 = "02_iter_mut.rs" 56 15 56 32 + let%span s02_iter_mut31 = "02_iter_mut.rs" 57 14 57 42 + let%span s02_iter_mut32 = "02_iter_mut.rs" 53 4 53 10 let%span sslice33 = "../../../../creusot-contracts/src/std/slice.rs" 87 14 87 41 let%span sslice34 = "../../../../creusot-contracts/src/std/slice.rs" 88 14 88 84 - let%span s02_iter_mut35 = "02_iter_mut.rs" 32 8 32 76 + let%span s02_iter_mut35 = "02_iter_mut.rs" 33 8 33 76 let%span sresolve36 = "../../../../creusot-contracts/src/resolve.rs" 54 20 54 34 - let%span sindex37 = "../../../../creusot-contracts/src/logic/ops/index.rs" 45 8 45 31 - let%span s02_iter_mut38 = "02_iter_mut.rs" 22 20 22 64 - let%span sinvariant39 = "../../../../creusot-contracts/src/invariant.rs" 34 20 34 44 + let%span s02_iter_mut37 = "02_iter_mut.rs" 15 4 15 22 + let%span sindex38 = "../../../../creusot-contracts/src/logic/ops/index.rs" 45 8 45 31 + let%span s02_iter_mut39 = "02_iter_mut.rs" 23 20 23 64 + let%span sinvariant40 = "../../../../creusot-contracts/src/invariant.rs" 34 20 34 44 use prelude.prelude.Borrow @@ -835,8 +871,8 @@ module M_02_iter_mut__all_zero [#"02_iter_mut.rs" 84 0 84 35] <= UIntSize.to_int (v_MAX'0 : usize)) && ([%#sslice26] view'3 self = Slice.id self) - predicate invariant'0 [#"02_iter_mut.rs" 20 4 20 30] (self : t_IterMut'0) = - [%#s02_iter_mut38] Seq.length (view'3 (self.t_IterMut__inner'0).final) + predicate invariant'0 [#"02_iter_mut.rs" 21 4 21 30] (self : t_IterMut'0) = + [%#s02_iter_mut39] Seq.length (view'3 (self.t_IterMut__inner'0).final) = Seq.length (view'3 (self.t_IterMut__inner'0).current) predicate inv'0 (_1 : t_IterMut'0) @@ -903,7 +939,7 @@ module M_02_iter_mut__all_zero [#"02_iter_mut.rs" 84 0 84 35] use seq.Seq function index_logic'2 [@inline:trivial] (self : slice usize) (ix : int) : usize = - [%#sindex37] Seq.get (view'3 self) ix + [%#sindex38] Seq.get (view'3 self) ix function to_mut_seq'0 (self : borrowed (slice usize)) : Seq.seq (borrowed usize) @@ -913,7 +949,7 @@ module M_02_iter_mut__all_zero [#"02_iter_mut.rs" 84 0 84 35] -> Seq.get (to_mut_seq'0 self) i = Borrow.borrow_logic (index_logic'2 self.current i) (index_logic'2 self.final i) (Borrow.inherit_id (Borrow.get_id self) i)) - predicate produces'0 [#"02_iter_mut.rs" 37 4 37 65] (self : t_IterMut'0) (visited : Seq.seq (borrowed usize)) (tl : t_IterMut'0) + predicate produces'0 [#"02_iter_mut.rs" 38 4 38 65] (self : t_IterMut'0) (visited : Seq.seq (borrowed usize)) (tl : t_IterMut'0) = [%#s02_iter_mut18] Seq.length (view'2 self.t_IterMut__inner'0) @@ -924,7 +960,7 @@ module M_02_iter_mut__all_zero [#"02_iter_mut.rs" 84 0 84 35] /\ (Seq.get (to_mut_seq'0 self.t_IterMut__inner'0) i).final = (Seq.get (Seq.(++) visited (to_mut_seq'0 tl.t_IterMut__inner'0)) i).final) - function produces_trans'0 [#"02_iter_mut.rs" 57 4 57 90] (a : t_IterMut'0) (ab : Seq.seq (borrowed usize)) (b : t_IterMut'0) (bc : Seq.seq (borrowed usize)) (c : t_IterMut'0) : () + function produces_trans'0 [#"02_iter_mut.rs" 58 4 58 90] (a : t_IterMut'0) (ab : Seq.seq (borrowed usize)) (b : t_IterMut'0) (bc : Seq.seq (borrowed usize)) (c : t_IterMut'0) : () = [%#s02_iter_mut32] () @@ -932,13 +968,13 @@ module M_02_iter_mut__all_zero [#"02_iter_mut.rs" 84 0 84 35] axiom produces_trans'0_spec : forall a : t_IterMut'0, ab : Seq.seq (borrowed usize), b : t_IterMut'0, bc : Seq.seq (borrowed usize), c : t_IterMut'0 . ([%#s02_iter_mut29] produces'0 a ab b) -> ([%#s02_iter_mut30] produces'0 b bc c) -> ([%#s02_iter_mut31] produces'0 a (Seq.(++) ab bc) c) - function produces_refl'0 [#"02_iter_mut.rs" 50 4 50 26] (self : t_IterMut'0) : () = + function produces_refl'0 [#"02_iter_mut.rs" 51 4 51 26] (self : t_IterMut'0) : () = [%#s02_iter_mut28] () axiom produces_refl'0_spec : forall self : t_IterMut'0 . [%#s02_iter_mut27] produces'0 self (Seq.empty : Seq.seq (borrowed usize)) self predicate invariant'1 (self : borrowed (t_IterMut'0)) = - [%#sinvariant39] inv'0 self.current /\ inv'0 self.final + [%#sinvariant40] inv'0 self.current /\ inv'0 self.final predicate inv'2 (_1 : borrowed (t_IterMut'0)) @@ -952,15 +988,15 @@ module M_02_iter_mut__all_zero [#"02_iter_mut.rs" 84 0 84 35] axiom inv_axiom'3 [@rewrite] : forall x : t_Option'0 [inv'3 x] . inv'3 x = true - predicate resolve'4 (self : borrowed (slice usize)) = + predicate resolve'6 (self : borrowed (slice usize)) = [%#sresolve36] self.final = self.current use seq.Seq use seq.Seq - predicate completed'0 [#"02_iter_mut.rs" 31 4 31 35] (self : borrowed (t_IterMut'0)) = - [%#s02_iter_mut35] resolve'4 (self.current).t_IterMut__inner'0 + predicate completed'0 [#"02_iter_mut.rs" 32 4 32 35] (self : borrowed (t_IterMut'0)) = + [%#s02_iter_mut35] resolve'6 (self.current).t_IterMut__inner'0 /\ Seq.(==) (view'2 (self.current).t_IterMut__inner'0) (Seq.empty : Seq.seq usize) use seq.Seq @@ -982,17 +1018,26 @@ module M_02_iter_mut__all_zero [#"02_iter_mut.rs" 84 0 84 35] any) ] - predicate resolve'2 (self : borrowed usize) = + predicate resolve'3 (self : borrowed usize) = [%#sresolve36] self.final = self.current predicate resolve'0 (_1 : borrowed usize) = - resolve'2 _1 + resolve'3 _1 - predicate resolve'3 (self : borrowed (t_Vec'0)) = + predicate resolve'7 (_1 : borrowed (slice usize)) = + resolve'6 _1 + + predicate resolve'4 [#"02_iter_mut.rs" 13 9 13 16] (self : t_IterMut'0) = + [%#s02_iter_mut37] resolve'7 self.t_IterMut__inner'0 + + predicate resolve'1 (_1 : t_IterMut'0) = + resolve'4 _1 + + predicate resolve'5 (self : borrowed (t_Vec'0)) = [%#sresolve36] self.final = self.current - predicate resolve'1 (_1 : borrowed (t_Vec'0)) = - resolve'3 _1 + predicate resolve'2 (_1 : borrowed (t_Vec'0)) = + resolve'5 _1 use prelude.prelude.Intrinsic @@ -1048,7 +1093,12 @@ module M_02_iter_mut__all_zero [#"02_iter_mut.rs" 84 0 84 35] ] ] - | bb10 = s0 [ s0 = {[@expl:type invariant] inv'0 it} s1 | s1 = -{resolve'1 v}- s2 | s2 = return' {_0} ] ] + | bb10 = s0 + [ s0 = {[@expl:type invariant] inv'0 it} s1 + | s1 = -{resolve'1 it}- s2 + | s2 = -{resolve'2 v}- s3 + | s3 = return' {_0} ] + ] ) [ & _0 : () = any_l () | & v : borrowed (t_Vec'0) = v @@ -1069,9 +1119,119 @@ module M_02_iter_mut__all_zero [#"02_iter_mut.rs" 84 0 84 35] (! return' {result}) ] end -module M_02_iter_mut__qyi4305820612590367313__produces_trans__refines [#"02_iter_mut.rs" 57 4 57 90] (* as common::Iterator> *) - let%span s02_iter_mut0 = "02_iter_mut.rs" 57 4 57 90 - let%span s02_iter_mut1 = "02_iter_mut.rs" 39 12 43 13 +module M_02_iter_mut__qyi9908912287408438076__resolve_coherence__refines [#"02_iter_mut.rs" 13 9 13 16] (* as creusot_contracts::Resolve> *) + let%span s02_iter_mut0 = "02_iter_mut.rs" 13 9 13 16 + let%span s02_iter_mut1 = "02_iter_mut.rs" 15 4 15 22 + let%span sresolve2 = "../../../../creusot-contracts/src/resolve.rs" 54 20 54 34 + let%span sinvariant3 = "../../../../creusot-contracts/src/invariant.rs" 24 8 24 18 + let%span s02_iter_mut4 = "02_iter_mut.rs" 23 20 23 64 + let%span sslice5 = "../../../../creusot-contracts/src/std/slice.rs" 28 14 28 41 + let%span sslice6 = "../../../../creusot-contracts/src/std/slice.rs" 29 14 29 42 + let%span sinvariant7 = "../../../../creusot-contracts/src/invariant.rs" 34 20 34 44 + let%span sslice8 = "../../../../creusot-contracts/src/std/slice.rs" 18 20 18 30 + let%span sseq9 = "../../../../creusot-contracts/src/logic/seq.rs" 611 20 611 95 + let%span sboxed10 = "../../../../creusot-contracts/src/std/boxed.rs" 28 8 28 18 + + use prelude.prelude.Borrow + + use prelude.prelude.Slice + + type t_T'0 + + type t_IterMut'0 = + { t_IterMut__inner'0: borrowed (slice t_T'0) } + + predicate resolve'2 (self : borrowed (slice t_T'0)) = + [%#sresolve2] self.final = self.current + + predicate resolve'1 (_1 : borrowed (slice t_T'0)) = + resolve'2 _1 + + predicate structural_resolve'0 (_1 : t_IterMut'0) = + match _1 with + | {t_IterMut__inner'0 = x0} -> resolve'1 x0 + end + + use seq.Seq + + use prelude.prelude.UIntSize + + constant v_MAX'0 : usize = (18446744073709551615 : usize) + + use prelude.prelude.UIntSize + + use prelude.prelude.Int + + use prelude.prelude.Slice + + use seq.Seq + + function view'0 (self : slice t_T'0) : Seq.seq t_T'0 + + axiom view'0_spec : forall self : slice t_T'0 . ([%#sslice5] Seq.length (view'0 self) + <= UIntSize.to_int (v_MAX'0 : usize)) + && ([%#sslice6] view'0 self = Slice.id self) + + predicate invariant'1 [#"02_iter_mut.rs" 21 4 21 30] (self : t_IterMut'0) = + [%#s02_iter_mut4] Seq.length (view'0 (self.t_IterMut__inner'0).final) + = Seq.length (view'0 (self.t_IterMut__inner'0).current) + + use seq.Seq + + predicate inv'6 (_1 : t_T'0) + + predicate invariant'5 (self : t_T'0) = + [%#sboxed10] inv'6 self + + predicate inv'5 (_1 : t_T'0) + + axiom inv_axiom'5 [@rewrite] : forall x : t_T'0 [inv'5 x] . inv'5 x = invariant'5 x + + predicate invariant'4 (self : Seq.seq t_T'0) = + [%#sseq9] forall i : int . 0 <= i /\ i < Seq.length self -> inv'5 (Seq.get self i) + + predicate inv'4 (_1 : Seq.seq t_T'0) + + axiom inv_axiom'4 [@rewrite] : forall x : Seq.seq t_T'0 [inv'4 x] . inv'4 x = invariant'4 x + + predicate invariant'3 (self : slice t_T'0) = + [%#sslice8] inv'4 (view'0 self) + + predicate inv'3 (_1 : slice t_T'0) + + axiom inv_axiom'3 [@rewrite] : forall x : slice t_T'0 [inv'3 x] . inv'3 x = invariant'3 x + + predicate invariant'2 (self : borrowed (slice t_T'0)) = + [%#sinvariant7] inv'3 self.current /\ inv'3 self.final + + predicate inv'2 (_1 : borrowed (slice t_T'0)) + + axiom inv_axiom'2 [@rewrite] : forall x : borrowed (slice t_T'0) [inv'2 x] . inv'2 x = invariant'2 x + + predicate inv'1 (_1 : t_IterMut'0) + + axiom inv_axiom'1 [@rewrite] : forall x : t_IterMut'0 [inv'1 x] . inv'1 x + = (invariant'1 x + /\ match x with + | {t_IterMut__inner'0 = inner} -> inv'2 inner + end) + + predicate invariant'0 (self : t_IterMut'0) = + [%#sinvariant3] inv'1 self + + predicate inv'0 (_1 : t_IterMut'0) + + axiom inv_axiom'0 [@rewrite] : forall x : t_IterMut'0 [inv'0 x] . inv'0 x = invariant'0 x + + predicate resolve'0 [#"02_iter_mut.rs" 13 9 13 16] (self : t_IterMut'0) = + [%#s02_iter_mut1] resolve'1 self.t_IterMut__inner'0 + + goal refines : [%#s02_iter_mut0] forall self : t_IterMut'0 . structural_resolve'0 self /\ inv'0 self + -> structural_resolve'0 self /\ (forall result : () . resolve'0 self -> resolve'0 self) +end +module M_02_iter_mut__qyi4305820612590367313__produces_trans__refines [#"02_iter_mut.rs" 58 4 58 90] (* as common::Iterator> *) + let%span s02_iter_mut0 = "02_iter_mut.rs" 58 4 58 90 + let%span s02_iter_mut1 = "02_iter_mut.rs" 40 12 44 13 let%span smodel2 = "../../../../creusot-contracts/src/model.rs" 106 8 106 22 let%span sslice3 = "../../../../creusot-contracts/src/std/slice.rs" 87 14 87 41 let%span sslice4 = "../../../../creusot-contracts/src/std/slice.rs" 88 14 88 84 @@ -1132,7 +1292,7 @@ module M_02_iter_mut__qyi4305820612590367313__produces_trans__refines [#"02_iter use seq.Seq - predicate produces'0 [#"02_iter_mut.rs" 37 4 37 65] (self : t_IterMut'0) (visited : Seq.seq (borrowed t_T'0)) (tl : t_IterMut'0) + predicate produces'0 [#"02_iter_mut.rs" 38 4 38 65] (self : t_IterMut'0) (visited : Seq.seq (borrowed t_T'0)) (tl : t_IterMut'0) = [%#s02_iter_mut1] Seq.length (view'0 self.t_IterMut__inner'0) @@ -1148,10 +1308,10 @@ module M_02_iter_mut__qyi4305820612590367313__produces_trans__refines [#"02_iter -> produces'0 b bc c /\ produces'0 a ab b /\ (forall result : () . produces'0 a (Seq.(++) ab bc) c -> produces'0 a (Seq.(++) ab bc) c) end -module M_02_iter_mut__qyi4305820612590367313__next__refines [#"02_iter_mut.rs" 63 4 63 44] (* as common::Iterator> *) - let%span s02_iter_mut0 = "02_iter_mut.rs" 63 4 63 44 - let%span s02_iter_mut1 = "02_iter_mut.rs" 32 8 32 76 - let%span s02_iter_mut2 = "02_iter_mut.rs" 39 12 43 13 +module M_02_iter_mut__qyi4305820612590367313__next__refines [#"02_iter_mut.rs" 64 4 64 44] (* as common::Iterator> *) + let%span s02_iter_mut0 = "02_iter_mut.rs" 64 4 64 44 + let%span s02_iter_mut1 = "02_iter_mut.rs" 33 8 33 76 + let%span s02_iter_mut2 = "02_iter_mut.rs" 40 12 44 13 let%span sresolve3 = "../../../../creusot-contracts/src/resolve.rs" 54 20 54 34 let%span smodel4 = "../../../../creusot-contracts/src/model.rs" 106 8 106 22 let%span sslice5 = "../../../../creusot-contracts/src/std/slice.rs" 87 14 87 41 @@ -1160,7 +1320,7 @@ module M_02_iter_mut__qyi4305820612590367313__next__refines [#"02_iter_mut.rs" 6 let%span sslice8 = "../../../../creusot-contracts/src/std/slice.rs" 28 14 28 41 let%span sslice9 = "../../../../creusot-contracts/src/std/slice.rs" 29 14 29 42 let%span sindex10 = "../../../../creusot-contracts/src/logic/ops/index.rs" 45 8 45 31 - let%span s02_iter_mut11 = "02_iter_mut.rs" 22 20 22 64 + let%span s02_iter_mut11 = "02_iter_mut.rs" 23 20 23 64 let%span sslice12 = "../../../../creusot-contracts/src/std/slice.rs" 18 20 18 30 let%span sseq13 = "../../../../creusot-contracts/src/logic/seq.rs" 611 20 611 95 let%span sboxed14 = "../../../../creusot-contracts/src/std/boxed.rs" 28 8 28 18 @@ -1194,7 +1354,7 @@ module M_02_iter_mut__qyi4305820612590367313__next__refines [#"02_iter_mut.rs" 6 <= UIntSize.to_int (v_MAX'0 : usize)) && ([%#sslice9] view'1 self = Slice.id self) - predicate invariant'2 [#"02_iter_mut.rs" 20 4 20 30] (self : t_IterMut'0) = + predicate invariant'2 [#"02_iter_mut.rs" 21 4 21 30] (self : t_IterMut'0) = [%#s02_iter_mut11] Seq.length (view'1 (self.t_IterMut__inner'0).final) = Seq.length (view'1 (self.t_IterMut__inner'0).current) @@ -1259,7 +1419,7 @@ module M_02_iter_mut__qyi4305820612590367313__next__refines [#"02_iter_mut.rs" 6 use seq.Seq - predicate completed'0 [#"02_iter_mut.rs" 31 4 31 35] (self : borrowed (t_IterMut'0)) = + predicate completed'0 [#"02_iter_mut.rs" 32 4 32 35] (self : borrowed (t_IterMut'0)) = [%#s02_iter_mut1] resolve'0 (self.current).t_IterMut__inner'0 /\ Seq.(==) (view'0 (self.current).t_IterMut__inner'0) (Seq.empty : Seq.seq t_T'0) @@ -1286,7 +1446,7 @@ module M_02_iter_mut__qyi4305820612590367313__next__refines [#"02_iter_mut.rs" 6 use seq.Seq - predicate produces'0 [#"02_iter_mut.rs" 37 4 37 65] (self : t_IterMut'0) (visited : Seq.seq (borrowed t_T'0)) (tl : t_IterMut'0) + predicate produces'0 [#"02_iter_mut.rs" 38 4 38 65] (self : t_IterMut'0) (visited : Seq.seq (borrowed t_T'0)) (tl : t_IterMut'0) = [%#s02_iter_mut2] Seq.length (view'0 self.t_IterMut__inner'0) @@ -1325,9 +1485,9 @@ module M_02_iter_mut__qyi4305820612590367313__next__refines [#"02_iter_mut.rs" 6 end /\ inv'1 result) end -module M_02_iter_mut__qyi4305820612590367313__produces_refl__refines [#"02_iter_mut.rs" 50 4 50 26] (* as common::Iterator> *) - let%span s02_iter_mut0 = "02_iter_mut.rs" 50 4 50 26 - let%span s02_iter_mut1 = "02_iter_mut.rs" 39 12 43 13 +module M_02_iter_mut__qyi4305820612590367313__produces_refl__refines [#"02_iter_mut.rs" 51 4 51 26] (* as common::Iterator> *) + let%span s02_iter_mut0 = "02_iter_mut.rs" 51 4 51 26 + let%span s02_iter_mut1 = "02_iter_mut.rs" 40 12 44 13 let%span smodel2 = "../../../../creusot-contracts/src/model.rs" 106 8 106 22 let%span sslice3 = "../../../../creusot-contracts/src/std/slice.rs" 87 14 87 41 let%span sslice4 = "../../../../creusot-contracts/src/std/slice.rs" 88 14 88 84 @@ -1390,7 +1550,7 @@ module M_02_iter_mut__qyi4305820612590367313__produces_refl__refines [#"02_iter_ use seq.Seq - predicate produces'0 [#"02_iter_mut.rs" 37 4 37 65] (self : t_IterMut'0) (visited : Seq.seq (borrowed t_T'0)) (tl : t_IterMut'0) + predicate produces'0 [#"02_iter_mut.rs" 38 4 38 65] (self : t_IterMut'0) (visited : Seq.seq (borrowed t_T'0)) (tl : t_IterMut'0) = [%#s02_iter_mut1] Seq.length (view'0 self.t_IterMut__inner'0) diff --git a/creusot/tests/should_succeed/iterators/02_iter_mut.rs b/creusot/tests/should_succeed/iterators/02_iter_mut.rs index 42e717ee55..371618c57a 100644 --- a/creusot/tests/should_succeed/iterators/02_iter_mut.rs +++ b/creusot/tests/should_succeed/iterators/02_iter_mut.rs @@ -10,6 +10,7 @@ use creusot_contracts::{ mod common; use common::Iterator; +#[derive(Resolve)] struct IterMut<'a, T> { inner: &'a mut [T], } diff --git a/creusot/tests/should_succeed/iterators/02_iter_mut/why3session.xml b/creusot/tests/should_succeed/iterators/02_iter_mut/why3session.xml index bdfcf00fd3..805d159a4f 100644 --- a/creusot/tests/should_succeed/iterators/02_iter_mut/why3session.xml +++ b/creusot/tests/should_succeed/iterators/02_iter_mut/why3session.xml @@ -2,11 +2,21 @@ - + + + + + + + + + + + @@ -24,7 +34,7 @@ - + @@ -36,7 +46,7 @@ - + @@ -55,19 +65,19 @@ - + - + - + @@ -91,10 +101,10 @@ - + - + @@ -103,7 +113,7 @@ - + diff --git a/creusot/tests/should_succeed/iterators/02_iter_mut/why3shapes.gz b/creusot/tests/should_succeed/iterators/02_iter_mut/why3shapes.gz index adb20fede420fee54d3c5d1fac21296b15f2e54e..cc088c0481827c202f0637408b853db8e39c3cde 100644 GIT binary patch literal 2938 zcmV-=3x)I_iwFP!00000|E*a|j~lrWzUx;A$YGN8g;jh9c7TBafdaC7$%4pD;L{dX zmb{W?yqjMiu)EpnZnb7KUe95`CW}>M@vEo){?qdG*?mo?<#Rfowuk*cmty(TKNjwT zd)}sR55y9;jg~yR_aEFY?LVDAUlz`X&31ow&zqkg|NB5z3%A`ryW`gF&kx+f@8z=$ zR&_8WU=~{fW^q*qLjr1POF%7M)xnSeEo%wTvQ-@{K6WGF&YSf)9e;j0Kahtnzgf#4 z2b;n2b~9MMs)HeSVr5G}tX$Q>!X4A;uzOAq#H#i1WA*4x=i^g2KONm}Gootus#^rB zMf&pf{O6{5hJgTgO1r$C-PA1gPXxD~2p?KM)HRoj)9phi{wR z;nOy_?LMYI+VKN%;puox`*TA!Udh|N+jaAw({X#=Y-3@+*~T)vcJD3L6OAR7vj$>u z_2@p#Q%t}HtA+b|JjADvP7lOV*C@@>_3Z3wMBS*XUFtM9+Vk$6WmZ_Zo}XSlj^-^Z zKpM>O>%H?dtMWHGmvislIp>`ZF0983Wp*^xQVkI*s)?y;Vrpz+yqcJ-CML%w#;S>l zYGPt+VzinVt0u;J6JxKL7*-Rb)x>Bqu^9j=tM36|A)5nWJ3j@Wvbq3J&%#S}0Ms`D zs3rhZBliXtNOe9yR{d!4@$5csemU%mm3EWpK5qVV_)?7B0#vU9uT{wLC zx=ZI23+m~G+W-r_MN)U#?mz9)`LMUZt3A@8K(_uN%*8zO)nn)0fUf(|NK>++R9BSh zF-k>6sj4VdH&DteO8FS2q@t8mloHDpuOo4Yb5U_FD$d2#TQaK#mzVYZWqp3xSq8B{ zu1rG@O@muq4Nq6Y(-VB%K+2r|#_}xpc<_dB)`xd1S6&>OmwjJWXWcY*h6MDsE5}Jx z0$g>7@7!^tw2Q_zo9%v|j+cXv$ntjI4(pXueE9O)YrC6!Ufr)*3a~i4-_j;;kEe4v z_wu1kKP=CGeof2%ONUaK+|7W+|J&^JID+hbL@Tt?+oa)M}y#6)z zTK63xkn4?iN-SGHR1C2>Xx+!5N9dHt-RHPi=G?=V&=*EFGdt2#^h;8hQXA06wlK36W_UVuFvOUri{iE2?ZhIkmv;^0|scx)K)m^`l zoA#%tV>&G+QHs4BrPxr4yg+dfrNm@)S z4MrI$=2|#T#%Rr) zXw97HIQL;S^>XDl2kuKF6732S&a*?aWw0x#7cR2d;OIA(D8|9a% znh;}6kg5q%H9>BaU$kn1TDCaXY?#+GHi>1gtj| zI+WU+bQ(N=gpf-d8ikaSEB8uhVhGH*fElVAam@lBiR}X6OC&cru}cNm$ed?(Mb-O} z>UUtElYx_&Tb$bCw33+DbSW_U`&=}$NxRdx&*@k$_UqHvT_SJbayh};eRikKv)esQ z8PUPJ(A#A9$(!m3+X`#D-}uARKAygZX{%!1ZJdiOH+9&>4(wycg>v0FCV*9SO<+lN zBBXas)E2O|t-tBJUb&`^=PQSTV>gf0bz*g$c;&%~Wp_0|xfQp|XYB7<$i^$}Yq#^$ zpv$c&g|nEgiFsExi^5T8ov!PaGEBMx2f z;KN)J{F+<2y3W1;>zs}^ngzSV;p^pd`8P6Z{5I*9+ox~c0S6OpI@qaV$^{k;Y}|I? z-n(r*^<;CoVTbxw3FE~1B4iuLl?1Ghu|3~&;*KIVhfo|jo1Quu4H?jAoh9TcDv30((zEs=mv5FkX#7+XBs{bT;v8a!wkmPYVYj+Xxw}M znYU>dH{_y;*;FE28Z#|8AC(-41>p z;cePGpkxyjbk}Gd!}_K-vIrKL#n~TeEW$v`v``KjUdU@shBfKNS=Q_RSXcEh_Nksl zSicB8i^Njw6pbT*StM1@xLUsqqrwLJR1@LqNT64D*g*FSFzwDmZv@GDEP5BZyHrW_ zzjpPVgz?-o{RDAO!NLn&n^`Ot37qrHQ%D{pC4s8w9M^=A7_=m8sf;wjaKj8WXuyz# z&JeudiU}ksL(s`*86hjkF$3hKGJ1h51M$d66gf~&IE$bGb0#rLF4IyOKm%ZaEGT&9 zy!TE@ryxe<1YiP9srJC6D73Vr4Ut3_UD6z-b1G3t%xA~E0_q`Mk)B~5g(DIHpflJX#6=aMWX!1F5DP>4pC&CF|Duc`*HHZem2!q6cHlPeh z1ER2S$|s@;S0tkb1`GwyL?#9vfW&e%rVM3Qh~5!yzpb}J9sAu zph%=bIq;D&22yIGa#kV)pWKp3!^C&952&=3nu(A(V<7;iL6F2eX2;Q~r81luP7O!H z!Ej=jZcas+R2YbJ6bU7cFt0==#LJ+BFP0&=5zGi`1R4QG5W}_M%5Z78Fq|(Ua3?rX z5(G;@J4PrYi4rYhh*CEe185{Ok{XFdf|0}sZGeaY|_xj%yhLji^A-?350Q zr$}Kbg^~Ov4p|}5f=Pi~XYPgeng$(QBmx;GTq-b98byrMMyfJ?ftzzmCB^~`I%ffq zI2NM-<`^W;Bws3QINZ%J=q$7fkvPdbuB7$QX%X%vbq6*G#yji+}+37x4xMG^s` zgI797mry{Af-RLYN*X1M;%{fJB6pyP!&DmRF$&?F%jlSQh*;pHw9#NRDTDhN1H&vd zQILbDj%F#Ti7zd32JUc3+;}n)aiZ3TdYopbVk;!t-oHORLQbG$y(Ia?IS&mXh zMwdXC0YVKBEU*59#b;1iM^K6}DZJJRAR-eeKuE5MFJ__90Feeri9-CZN)$YWjFG5J za-iG=uCs^WeU8W?7sYOXs2?nqD(506fqBlT7LvN8iE|1xh$KlUmIXiz5Z!9|M<0Ml k5RESds&mvq1uha3;GLFI@z8iw_z{x+4;`%nnFA{T0Fzdl!vFvP literal 2792 zcmVnDoC4rEep;zq~ z+vA>fyL)%@>jPDl%2nlZw|g>k7^qbgDN!HEkMduCSU-LCU-Q%YB_E&mkB7gn<@$%e zt^7y-vd_QYp##594(|PrAN@l<{Brty{&0HS?GGpavis@&KXM>oC$AD@rMd^ojY(=W~b;2-+=&-u7N?e?jt-|bVG z-TEIL)g4VOmc2%Bw7K^mmn9}A0f(EF|9X5(&oMvUfnz>@`Fi@(vF+mQX0vKXyVh~z zmHsI|G@V#GoN4{=!Eq;@+AdFT?kDq(J29CNmur`0Hs#-BU*3QC;C=8R`na8bD6^BP zPHN@%hZld``@`u@I{dBtd8Zw2>R>D&9CZT9(WVZ@0^G4qKsvUmgRuZ}yc6J#Z|Y$6 zsUJyy+HFty_|x<04(`7E>dL9li^+*@F>_*52V?EvR3`vVZR%hVt=gGe&|1Wn(Av$< z(W;#(Xf=yi)ID0wRkZ3ETJ>gpHgpKx;m9FuhSBQN$$#4Y{CLQBP$$WM+WqVCOTGi= zu)kAu*k5WHt?G#1fAaD1%h!i|%Bh41J8K((We8v9pZ14e9`fn&;84`yWn+VU`(2dF zW#yau{$i1BhtX!pV{k2x!BQSOyH{20n~Hri#lEcA*A@Hv3id_CzL;VkD)ymb9~@u3 z2j9%e8a=W`kGuc?cY5S8RY9XFW>g<<;1DhX&Wr<2I8(#f)NnR4P+o!8QiY&$m$%f2 zR&cRO^j|LO1hsJZv3y-D1k^_#vg^fyW_1r~(}zi)<`_r z9yzDGFTcLEx;^K``PxqrS112#-ZlH<)2ZxxeOIRM)~7$e=JjwVol)|~{Pg^AT74P< zqjO>V|HVc?dg}D0ruyYgUH_Pd=51SuaJleCi)HD@iXpxPt=lvV2%YP= zc^~JuyVP^iK*-x9pXY(+ONww7RffRe$`}ZazFcAM?{{R@(UMrHzlRs52Bt zrA^+~`YpFN`Davsd2voDxNqLj!lLawNfep)<%rhw97vaH-o|sQ=)LK|A^*1I&@UWP zgMMdf7}gJe&o$h*hpTC!`0)K%q1^3zbHdV^(M3)ZLW|Lg)}E5xTId||qHv*#^N0hd z6P4(_uIbD*H&Zf(l__CmN;subRJj&au0>Na#wv4Sl{v8~_u-ZL@XCB@D}!&fGEk`= zRH_F()hoomIzj()u0?HDb7IS0C$>XVr>ZB^m8MQsPsph!pn3wTC*Vp`$EqioEk>e=bgl|r%Qt|oagMB zU4D4_{c}E+gZ=yY>qCZjXgTj->p%Oa-HU&Co-1ObdtukbZnHP{5p^Bb{;&&=&xiE% zElN8Vi+2AB5pBG)>WNDn`Voxmkwpm{7n#C-Ai|G@q zDzBc}A+$Fz`d}93RCz(0u1D%$V{0>hes~zlGY<6`S-skl#x}!fsc)$y>ZSEgpAuhI z`%^x4&GpN2XMOI4YOe1m@D+&9tqfr6S=mHG|90?ki3GouRxXZnD8M@9|D#Rk!=KGQKcpR;PrgVU;`t$_6E7$2$G1kshYxeW z4L32U?O?JP7dI@wA!=^fMDga&KaZSL9wmDJY{ru_DN>HaX8ia4?Hh6gBV>|xWV#q5 zbKMv7MfFENGx-_qys&G*-_qiU*WVF{U*VD!5RP<95=n0-uF%C5TmR9K7|nL2@;a0Y zk!8@Go58$=s0Ek7xZ=(q1m=sb(sX%V)6!fqK6JnFF7&ro^Nk~P#2qdEcH;;~eq}{+ z^rS_ivM#E$nif@WhizSSyflzGN4R|zY>vP&>Rn3{NI8P)S=wx02ToB#1DPbe*bd<2E^|r&5(_AlSu-nJ!HhnqpmbCz8Du#$Q7ENi z7AAuLv1S&fMPZR!WEROHS_EsXw#vfF>yW{K(9n=Uj+~@uKxK{r5mMO^M@!0*v?MHX zOUx2kLQ7!LSkxBPO63O82%|uT#87Z4!8eQ;NR%X+;wocF-=GPRd1E4G6^xcT2L!Gg zof$R8H)+ktGPDeCRoKW}{DxUD9V8(mt+n7m@+Rmk!kS6Tgk{_^_71f?h2Xtljij6i zb7KxQvb9 zJVq2OO2|A=;{|zLZe3X}Ef@9W0Sdx7>p897*zsXNoI;ylxVfRLm?TE$q;fb1viGposJZgo4jU9pLb=@^X$83fDVS>TWp_+*4Z5!PB+Ev**csNXjxHYzthDbije zmrOTanG}`hfv6-0Evx~njn(?w4Mp++c%zhQKqrHkP2eIVl^O6T_}VaQ$Qt}U=1@l= zQ~<7{(6Zq|VlpxZ#*ELw$F-5x2y1w`?eAz;0#~4eL=YjwY#OdKQuI8;sB%HBXbl-_ zv^DDgHK!UOIM*R@i4l`dCZO^>QMIbR_n>^WfF!VotqtKZ as common::Iterator> *) - let%span s04_skip0 = "04_skip.rs" 49 14 49 45 - let%span s04_skip1 = "04_skip.rs" 47 4 47 10 - let%span s04_skip2 = "04_skip.rs" 38 12 43 74 +module M_04_skip__qyi11651659076391631465__resolve_coherence [#"04_skip.rs" 9 9 9 16] (* as creusot_contracts::Resolve> *) + let%span s04_skip0 = "04_skip.rs" 9 9 9 16 + let%span s04_skip1 = "04_skip.rs" 9 9 9 16 + let%span s04_skip2 = "04_skip.rs" 11 4 12 12 + + use prelude.prelude.Borrow + + type t_I'0 + + use prelude.prelude.UIntSize + + type t_Skip'0 = + { t_Skip__iter'0: t_I'0; t_Skip__n'0: usize } + + predicate resolve'1 (_1 : usize) = + true + + predicate resolve'2 (_1 : t_I'0) + + predicate structural_resolve'0 (_1 : t_Skip'0) = + match _1 with + | {t_Skip__iter'0 = x0 ; t_Skip__n'0 = x1} -> resolve'1 x1 /\ resolve'2 x0 + end + + predicate resolve'0 [#"04_skip.rs" 9 9 9 16] (self : t_Skip'0) = + [%#s04_skip2] resolve'2 self.t_Skip__iter'0 /\ resolve'1 self.t_Skip__n'0 + + constant self : t_Skip'0 + + function resolve_coherence'0 [#"04_skip.rs" 9 9 9 16] (self : t_Skip'0) : () + + goal vc_resolve_coherence'0 : ([%#s04_skip0] structural_resolve'0 self) -> ([%#s04_skip0] resolve'0 self) +end +module M_04_skip__qyi17349041008065389927__produces_refl [#"04_skip.rs" 51 4 51 26] (* as common::Iterator> *) + let%span s04_skip0 = "04_skip.rs" 50 14 50 45 + let%span s04_skip1 = "04_skip.rs" 48 4 48 10 + let%span s04_skip2 = "04_skip.rs" 39 12 44 74 let%span scommon3 = "common.rs" 14 14 14 45 let%span scommon4 = "common.rs" 18 15 18 32 let%span scommon5 = "common.rs" 19 15 19 32 @@ -46,7 +79,7 @@ module M_04_skip__qyi17349041008065389927__produces_refl [#"04_skip.rs" 50 4 50 predicate resolve'0 (_1 : t_Item'0) - predicate produces'0 [#"04_skip.rs" 36 4 36 64] (self : t_Skip'0) (visited : Seq.seq t_Item'0) (o : t_Skip'0) = + predicate produces'0 [#"04_skip.rs" 37 4 37 64] (self : t_Skip'0) (visited : Seq.seq t_Item'0) (o : t_Skip'0) = [%#s04_skip2] visited = (Seq.empty : Seq.seq t_Item'0) /\ self = o \/ UIntSize.to_int o.t_Skip__n'0 = 0 /\ Seq.length visited > 0 @@ -56,16 +89,16 @@ module M_04_skip__qyi17349041008065389927__produces_refl [#"04_skip.rs" 50 4 50 constant self : t_Skip'0 - function produces_refl'0 [#"04_skip.rs" 50 4 50 26] (self : t_Skip'0) : () + function produces_refl'0 [#"04_skip.rs" 51 4 51 26] (self : t_Skip'0) : () goal vc_produces_refl'0 : [%#s04_skip0] produces'0 self (Seq.empty : Seq.seq t_Item'0) self end -module M_04_skip__qyi17349041008065389927__produces_trans [#"04_skip.rs" 57 4 57 90] (* as common::Iterator> *) - let%span s04_skip0 = "04_skip.rs" 54 15 54 32 - let%span s04_skip1 = "04_skip.rs" 55 15 55 32 - let%span s04_skip2 = "04_skip.rs" 56 14 56 42 - let%span s04_skip3 = "04_skip.rs" 52 4 52 10 - let%span s04_skip4 = "04_skip.rs" 38 12 43 74 +module M_04_skip__qyi17349041008065389927__produces_trans [#"04_skip.rs" 58 4 58 90] (* as common::Iterator> *) + let%span s04_skip0 = "04_skip.rs" 55 15 55 32 + let%span s04_skip1 = "04_skip.rs" 56 15 56 32 + let%span s04_skip2 = "04_skip.rs" 57 14 57 42 + let%span s04_skip3 = "04_skip.rs" 53 4 53 10 + let%span s04_skip4 = "04_skip.rs" 39 12 44 74 let%span scommon5 = "common.rs" 14 14 14 45 let%span scommon6 = "common.rs" 18 15 18 32 let%span scommon7 = "common.rs" 19 15 19 32 @@ -110,7 +143,7 @@ module M_04_skip__qyi17349041008065389927__produces_trans [#"04_skip.rs" 57 4 57 predicate resolve'0 (_1 : t_Item'0) - predicate produces'0 [#"04_skip.rs" 36 4 36 64] (self : t_Skip'0) (visited : Seq.seq t_Item'0) (o : t_Skip'0) = + predicate produces'0 [#"04_skip.rs" 37 4 37 64] (self : t_Skip'0) (visited : Seq.seq t_Item'0) (o : t_Skip'0) = [%#s04_skip4] visited = (Seq.empty : Seq.seq t_Item'0) /\ self = o \/ UIntSize.to_int o.t_Skip__n'0 = 0 /\ Seq.length visited > 0 @@ -128,34 +161,34 @@ module M_04_skip__qyi17349041008065389927__produces_trans [#"04_skip.rs" 57 4 57 constant c : t_Skip'0 - function produces_trans'0 [#"04_skip.rs" 57 4 57 90] (a : t_Skip'0) (ab : Seq.seq t_Item'0) (b : t_Skip'0) (bc : Seq.seq t_Item'0) (c : t_Skip'0) : () + function produces_trans'0 [#"04_skip.rs" 58 4 58 90] (a : t_Skip'0) (ab : Seq.seq t_Item'0) (b : t_Skip'0) (bc : Seq.seq t_Item'0) (c : t_Skip'0) : () goal vc_produces_trans'0 : ([%#s04_skip1] produces'0 b bc c) -> ([%#s04_skip0] produces'0 a ab b) -> ([%#s04_skip2] produces'0 a (Seq.(++) ab bc) c) end -module M_04_skip__qyi17349041008065389927__next [#"04_skip.rs" 63 4 63 41] (* as common::Iterator> *) - let%span s04_skip0 = "04_skip.rs" 64 23 64 41 - let%span s04_skip1 = "04_skip.rs" 66 26 66 50 - let%span s04_skip2 = "04_skip.rs" 72 20 72 35 - let%span s04_skip3 = "04_skip.rs" 71 20 71 87 - let%span s04_skip4 = "04_skip.rs" 68 8 68 31 - let%span s04_skip5 = "04_skip.rs" 69 20 69 53 - let%span s04_skip6 = "04_skip.rs" 68 20 68 29 - let%span s04_skip7 = "04_skip.rs" 75 20 75 21 - let%span s04_skip8 = "04_skip.rs" 79 26 79 73 - let%span s04_skip9 = "04_skip.rs" 80 21 80 22 - let%span s04_skip10 = "04_skip.rs" 63 17 63 21 - let%span s04_skip11 = "04_skip.rs" 63 26 63 41 - let%span s04_skip12 = "04_skip.rs" 59 14 62 5 +module M_04_skip__qyi17349041008065389927__next [#"04_skip.rs" 64 4 64 41] (* as common::Iterator> *) + let%span s04_skip0 = "04_skip.rs" 65 23 65 41 + let%span s04_skip1 = "04_skip.rs" 67 26 67 50 + let%span s04_skip2 = "04_skip.rs" 73 20 73 35 + let%span s04_skip3 = "04_skip.rs" 72 20 72 87 + let%span s04_skip4 = "04_skip.rs" 69 8 69 31 + let%span s04_skip5 = "04_skip.rs" 70 20 70 53 + let%span s04_skip6 = "04_skip.rs" 69 20 69 29 + let%span s04_skip7 = "04_skip.rs" 76 20 76 21 + let%span s04_skip8 = "04_skip.rs" 80 26 80 73 + let%span s04_skip9 = "04_skip.rs" 81 21 81 22 + let%span s04_skip10 = "04_skip.rs" 64 17 64 21 + let%span s04_skip11 = "04_skip.rs" 64 26 64 41 + let%span s04_skip12 = "04_skip.rs" 60 14 63 5 let%span smem13 = "../../../../creusot-contracts/src/std/mem.rs" 17 22 17 37 let%span smem14 = "../../../../creusot-contracts/src/std/mem.rs" 18 22 18 42 let%span sindex15 = "../../../../creusot-contracts/src/logic/ops/index.rs" 89 8 89 33 let%span scommon16 = "common.rs" 27 17 27 21 let%span scommon17 = "common.rs" 27 26 27 44 let%span scommon18 = "common.rs" 23 14 26 5 - let%span s04_skip19 = "04_skip.rs" 24 12 30 37 - let%span s04_skip20 = "04_skip.rs" 38 12 43 74 + let%span s04_skip19 = "04_skip.rs" 25 12 31 37 + let%span s04_skip20 = "04_skip.rs" 39 12 44 74 let%span snum21 = "../../../../creusot-contracts/src/std/num.rs" 29 28 29 32 let%span sresolve22 = "../../../../creusot-contracts/src/resolve.rs" 54 20 54 34 let%span scommon23 = "common.rs" 14 14 14 45 @@ -309,14 +342,14 @@ module M_04_skip__qyi17349041008065389927__next [#"04_skip.rs" 63 4 63 41] (* resolve'1 (Seq.get s i)) /\ completed'1 i /\ i.final = (self.final).t_Skip__iter'0) - predicate produces'1 [#"04_skip.rs" 36 4 36 64] (self : t_Skip'0) (visited : Seq.seq t_Item'0) (o : t_Skip'0) = + predicate produces'1 [#"04_skip.rs" 37 4 37 64] (self : t_Skip'0) (visited : Seq.seq t_Item'0) (o : t_Skip'0) = [%#s04_skip20] visited = (Seq.empty : Seq.seq t_Item'0) /\ self = o \/ UIntSize.to_int o.t_Skip__n'0 = 0 /\ Seq.length visited > 0 @@ -420,10 +453,56 @@ module M_04_skip__qyi17349041008065389927__next [#"04_skip.rs" 63 4 63 41] (* as common::Iterator> *) - let%span s04_skip0 = "04_skip.rs" 63 4 63 41 - let%span s04_skip1 = "04_skip.rs" 24 12 30 37 - let%span s04_skip2 = "04_skip.rs" 38 12 43 74 +module M_04_skip__qyi11651659076391631465__resolve_coherence__refines [#"04_skip.rs" 9 9 9 16] (* as creusot_contracts::Resolve> *) + let%span s04_skip0 = "04_skip.rs" 9 9 9 16 + let%span s04_skip1 = "04_skip.rs" 11 4 12 12 + let%span sinvariant2 = "../../../../creusot-contracts/src/invariant.rs" 24 8 24 18 + + use prelude.prelude.Borrow + + type t_I'0 + + use prelude.prelude.UIntSize + + type t_Skip'0 = + { t_Skip__iter'0: t_I'0; t_Skip__n'0: usize } + + predicate resolve'1 (_1 : usize) = + true + + predicate resolve'2 (_1 : t_I'0) + + predicate structural_resolve'0 (_1 : t_Skip'0) = + match _1 with + | {t_Skip__iter'0 = x0 ; t_Skip__n'0 = x1} -> resolve'1 x1 /\ resolve'2 x0 + end + + predicate inv'2 (_1 : t_I'0) + + predicate inv'1 (_1 : t_Skip'0) + + axiom inv_axiom'1 [@rewrite] : forall x : t_Skip'0 [inv'1 x] . inv'1 x + = match x with + | {t_Skip__iter'0 = iter ; t_Skip__n'0 = n} -> inv'2 iter + end + + predicate invariant'0 (self : t_Skip'0) = + [%#sinvariant2] inv'1 self + + predicate inv'0 (_1 : t_Skip'0) + + axiom inv_axiom'0 [@rewrite] : forall x : t_Skip'0 [inv'0 x] . inv'0 x = invariant'0 x + + predicate resolve'0 [#"04_skip.rs" 9 9 9 16] (self : t_Skip'0) = + [%#s04_skip1] resolve'2 self.t_Skip__iter'0 /\ resolve'1 self.t_Skip__n'0 + + goal refines : [%#s04_skip0] forall self : t_Skip'0 . structural_resolve'0 self /\ inv'0 self + -> structural_resolve'0 self /\ (forall result : () . resolve'0 self -> resolve'0 self) +end +module M_04_skip__qyi17349041008065389927__next__refines [#"04_skip.rs" 64 4 64 41] (* as common::Iterator> *) + let%span s04_skip0 = "04_skip.rs" 64 4 64 41 + let%span s04_skip1 = "04_skip.rs" 25 12 31 37 + let%span s04_skip2 = "04_skip.rs" 39 12 44 74 let%span sinvariant3 = "../../../../creusot-contracts/src/invariant.rs" 34 20 34 44 let%span scommon4 = "common.rs" 14 14 14 45 let%span scommon5 = "common.rs" 18 15 18 32 @@ -491,7 +570,7 @@ module M_04_skip__qyi17349041008065389927__next__refines [#"04_skip.rs" 63 4 63 predicate completed'1 [#"common.rs" 11 4 11 36] (self : borrowed t_I'0) - predicate completed'0 [#"04_skip.rs" 22 4 22 35] (self : borrowed (t_Skip'0)) = + predicate completed'0 [#"04_skip.rs" 23 4 23 35] (self : borrowed (t_Skip'0)) = [%#s04_skip1] UIntSize.to_int (self.final).t_Skip__n'0 = 0 /\ (exists s : Seq.seq t_Item'0, i : borrowed t_I'0 . Seq.length s <= UIntSize.to_int (self.current).t_Skip__n'0 /\ produces'1 (self.current).t_Skip__iter'0 s i.current @@ -500,7 +579,7 @@ module M_04_skip__qyi17349041008065389927__next__refines [#"04_skip.rs" 63 4 63 use seq.Seq - predicate produces'0 [#"04_skip.rs" 36 4 36 64] (self : t_Skip'0) (visited : Seq.seq t_Item'0) (o : t_Skip'0) = + predicate produces'0 [#"04_skip.rs" 37 4 37 64] (self : t_Skip'0) (visited : Seq.seq t_Item'0) (o : t_Skip'0) = [%#s04_skip2] visited = (Seq.empty : Seq.seq t_Item'0) /\ self = o \/ UIntSize.to_int o.t_Skip__n'0 = 0 /\ Seq.length visited > 0 @@ -531,9 +610,9 @@ module M_04_skip__qyi17349041008065389927__next__refines [#"04_skip.rs" 63 4 63 end /\ inv'1 result) end -module M_04_skip__qyi17349041008065389927__produces_refl__refines [#"04_skip.rs" 50 4 50 26] (* as common::Iterator> *) - let%span s04_skip0 = "04_skip.rs" 50 4 50 26 - let%span s04_skip1 = "04_skip.rs" 38 12 43 74 +module M_04_skip__qyi17349041008065389927__produces_refl__refines [#"04_skip.rs" 51 4 51 26] (* as common::Iterator> *) + let%span s04_skip0 = "04_skip.rs" 51 4 51 26 + let%span s04_skip1 = "04_skip.rs" 39 12 44 74 let%span scommon2 = "common.rs" 14 14 14 45 let%span scommon3 = "common.rs" 18 15 18 32 let%span scommon4 = "common.rs" 19 15 19 32 @@ -578,7 +657,7 @@ module M_04_skip__qyi17349041008065389927__produces_refl__refines [#"04_skip.rs" predicate resolve'0 (_1 : t_Item'0) - predicate produces'0 [#"04_skip.rs" 36 4 36 64] (self : t_Skip'0) (visited : Seq.seq t_Item'0) (o : t_Skip'0) = + predicate produces'0 [#"04_skip.rs" 37 4 37 64] (self : t_Skip'0) (visited : Seq.seq t_Item'0) (o : t_Skip'0) = [%#s04_skip1] visited = (Seq.empty : Seq.seq t_Item'0) /\ self = o \/ UIntSize.to_int o.t_Skip__n'0 = 0 /\ Seq.length visited > 0 @@ -589,9 +668,9 @@ module M_04_skip__qyi17349041008065389927__produces_refl__refines [#"04_skip.rs" goal refines : [%#s04_skip0] forall self : t_Skip'0 . forall result : () . produces'0 self (Seq.empty : Seq.seq t_Item'0) self -> produces'0 self (Seq.empty : Seq.seq t_Item'0) self end -module M_04_skip__qyi17349041008065389927__produces_trans__refines [#"04_skip.rs" 57 4 57 90] (* as common::Iterator> *) - let%span s04_skip0 = "04_skip.rs" 57 4 57 90 - let%span s04_skip1 = "04_skip.rs" 38 12 43 74 +module M_04_skip__qyi17349041008065389927__produces_trans__refines [#"04_skip.rs" 58 4 58 90] (* as common::Iterator> *) + let%span s04_skip0 = "04_skip.rs" 58 4 58 90 + let%span s04_skip1 = "04_skip.rs" 39 12 44 74 let%span scommon2 = "common.rs" 14 14 14 45 let%span scommon3 = "common.rs" 18 15 18 32 let%span scommon4 = "common.rs" 19 15 19 32 @@ -636,7 +715,7 @@ module M_04_skip__qyi17349041008065389927__produces_trans__refines [#"04_skip.rs predicate resolve'0 (_1 : t_Item'0) - predicate produces'0 [#"04_skip.rs" 36 4 36 64] (self : t_Skip'0) (visited : Seq.seq t_Item'0) (o : t_Skip'0) = + predicate produces'0 [#"04_skip.rs" 37 4 37 64] (self : t_Skip'0) (visited : Seq.seq t_Item'0) (o : t_Skip'0) = [%#s04_skip1] visited = (Seq.empty : Seq.seq t_Item'0) /\ self = o \/ UIntSize.to_int o.t_Skip__n'0 = 0 /\ Seq.length visited > 0 diff --git a/creusot/tests/should_succeed/iterators/04_skip.rs b/creusot/tests/should_succeed/iterators/04_skip.rs index 7c1f13c47d..4c0c2cda47 100644 --- a/creusot/tests/should_succeed/iterators/04_skip.rs +++ b/creusot/tests/should_succeed/iterators/04_skip.rs @@ -6,6 +6,7 @@ use creusot_contracts::{invariant::inv, *}; mod common; use common::Iterator; +#[derive(Resolve)] pub struct Skip { iter: I, n: usize, diff --git a/creusot/tests/should_succeed/iterators/05_map.coma b/creusot/tests/should_succeed/iterators/05_map.coma index 00f1a6499f..de299031f0 100644 --- a/creusot/tests/should_succeed/iterators/05_map.coma +++ b/creusot/tests/should_succeed/iterators/05_map.coma @@ -1,4 +1,36 @@ -module M_05_map__qyi14910388998417814812__produces_refl [#"05_map.rs" 29 4 29 26] (* as common::Iterator> *) +module M_05_map__qyi4717544419812877023__resolve_coherence [#"05_map.rs" 9 9 9 16] (* as creusot_contracts::Resolve> *) + let%span s05_map0 = "05_map.rs" 9 9 9 16 + let%span s05_map1 = "05_map.rs" 9 9 9 16 + let%span s05_map2 = "05_map.rs" 12 4 14 15 + + use prelude.prelude.Borrow + + type t_I'0 + + type t_F'0 + + type t_Map'0 = + { t_Map__iter'0: t_I'0; t_Map__func'0: t_F'0 } + + predicate resolve'1 (_1 : t_F'0) + + predicate resolve'2 (_1 : t_I'0) + + predicate structural_resolve'0 (_1 : t_Map'0) = + match _1 with + | {t_Map__iter'0 = x0 ; t_Map__func'0 = x1} -> resolve'1 x1 /\ resolve'2 x0 + end + + predicate resolve'0 [#"05_map.rs" 9 9 9 16] (self : t_Map'0) = + [%#s05_map2] resolve'2 self.t_Map__iter'0 /\ resolve'1 self.t_Map__func'0 + + constant self : t_Map'0 + + function resolve_coherence'0 [#"05_map.rs" 9 9 9 16] (self : t_Map'0) : () + + goal vc_resolve_coherence'0 : ([%#s05_map0] structural_resolve'0 self) -> ([%#s05_map0] resolve'0 self) +end +module M_05_map__qyi16807608259409463994__produces_refl [#"05_map.rs" 29 4 29 26] (* as common::Iterator> *) let%span s05_map0 = "05_map.rs" 28 14 28 45 let%span s05_map1 = "05_map.rs" 26 4 26 10 let%span s05_map2 = "05_map.rs" 42 8 55 9 @@ -119,7 +151,7 @@ module M_05_map__qyi14910388998417814812__produces_refl [#"05_map.rs" 29 4 29 26 goal vc_produces_refl'0 : [%#s05_map0] produces'0 self (Seq.empty : Seq.seq t_B'0) self end -module M_05_map__qyi14910388998417814812__produces_trans [#"05_map.rs" 36 4 36 90] (* as common::Iterator> *) +module M_05_map__qyi16807608259409463994__produces_trans [#"05_map.rs" 36 4 36 90] (* as common::Iterator> *) let%span s05_map0 = "05_map.rs" 33 15 33 32 let%span s05_map1 = "05_map.rs" 34 15 34 32 let%span s05_map2 = "05_map.rs" 35 14 35 42 @@ -252,7 +284,7 @@ module M_05_map__qyi14910388998417814812__produces_trans [#"05_map.rs" 36 4 36 9 goal vc_produces_trans'0 : ([%#s05_map1] produces'0 b bc c) -> ([%#s05_map0] produces'0 a ab b) -> ([%#s05_map2] produces'0 a (Seq.(++) ab bc) c) end -module M_05_map__qyi14910388998417814812__next [#"05_map.rs" 62 4 62 44] (* as common::Iterator> *) +module M_05_map__qyi16807608259409463994__next [#"05_map.rs" 62 4 62 44] (* as common::Iterator> *) let%span s05_map0 = "05_map.rs" 65 16 65 62 let%span s05_map1 = "05_map.rs" 66 16 66 58 let%span s05_map2 = "05_map.rs" 62 17 62 21 @@ -606,7 +638,7 @@ module M_05_map__qyi14910388998417814812__next [#"05_map.rs" 62 4 62 44] (* *) +module M_05_map__qyi6570657843506441439__produces_one_invariant [#"05_map.rs" 114 4 114 73] (* Map *) let%span s05_map0 = "05_map.rs" 108 15 108 31 let%span s05_map1 = "05_map.rs" 109 4 109 60 let%span s05_map2 = "05_map.rs" 110 15 110 30 @@ -735,7 +767,7 @@ module M_05_map__qyi9543869049664362474__produces_one_invariant [#"05_map.rs" 11 -> produces'0 self.t_Map__iter'0 (Seq.snoc (Seq.snoc (Seq.(++) (Seq.singleton e) s) e1) e2) i) && (let _ = () in ([%#s05_map4] preservation'0 iter f.final) && ([%#s05_map5] next_precondition'0 iter f.final)) end -module M_05_map__qyi9543869049664362474__produces_one [#"05_map.rs" 124 4 124 57] (* Map *) +module M_05_map__qyi6570657843506441439__produces_one [#"05_map.rs" 124 4 124 57] (* Map *) let%span s05_map0 = "05_map.rs" 123 14 123 68 let%span s05_map1 = "05_map.rs" 126 12 131 60 let%span s05_map2 = "05_map.rs" 42 8 55 9 @@ -890,13 +922,13 @@ module M_05_map__qyi9543869049664362474__produces_one [#"05_map.rs" 124 4 124 57 /\ precondition'0 f.current (e) /\ postcondition_mut'0 f.current (e) f.final visited) = produces'0 self (Seq.singleton visited) succ end -module M_05_map__map [#"05_map.rs" 154 0 154 84] +module M_05_map__map [#"05_map.rs" 154 0 154 81] let%span s05_map0 = "05_map.rs" 154 51 154 55 let%span s05_map1 = "05_map.rs" 154 60 154 64 let%span s05_map2 = "05_map.rs" 148 11 150 39 - let%span s05_map3 = "05_map.rs" 151 11 151 41 - let%span s05_map4 = "05_map.rs" 152 11 152 51 - let%span s05_map5 = "05_map.rs" 154 72 154 84 + let%span s05_map3 = "05_map.rs" 151 11 151 38 + let%span s05_map4 = "05_map.rs" 152 11 152 48 + let%span s05_map5 = "05_map.rs" 154 72 154 81 let%span s05_map6 = "05_map.rs" 153 10 153 38 let%span s05_map7 = "05_map.rs" 101 12 103 87 let%span s05_map8 = "05_map.rs" 88 12 94 41 @@ -1034,7 +1066,54 @@ module M_05_map__map [#"05_map.rs" 154 0 154 84] (! return' {result}) ] end -module M_05_map__qyi14910388998417814812__next__refines [#"05_map.rs" 62 4 62 44] (* as common::Iterator> *) +module M_05_map__qyi4717544419812877023__resolve_coherence__refines [#"05_map.rs" 9 9 9 16] (* as creusot_contracts::Resolve> *) + let%span s05_map0 = "05_map.rs" 9 9 9 16 + let%span s05_map1 = "05_map.rs" 12 4 14 15 + let%span sinvariant2 = "../../../../creusot-contracts/src/invariant.rs" 24 8 24 18 + + use prelude.prelude.Borrow + + type t_I'0 + + type t_F'0 + + type t_Map'0 = + { t_Map__iter'0: t_I'0; t_Map__func'0: t_F'0 } + + predicate resolve'1 (_1 : t_F'0) + + predicate resolve'2 (_1 : t_I'0) + + predicate structural_resolve'0 (_1 : t_Map'0) = + match _1 with + | {t_Map__iter'0 = x0 ; t_Map__func'0 = x1} -> resolve'1 x1 /\ resolve'2 x0 + end + + predicate inv'2 (_1 : t_I'0) + + predicate inv'3 (_1 : t_F'0) + + predicate inv'1 (_1 : t_Map'0) + + axiom inv_axiom'1 : forall x : t_Map'0 [inv'1 x] . inv'1 x + -> match x with + | {t_Map__iter'0 = iter ; t_Map__func'0 = func} -> inv'2 iter /\ inv'3 func + end + + predicate invariant'0 (self : t_Map'0) = + [%#sinvariant2] inv'1 self + + predicate inv'0 (_1 : t_Map'0) + + axiom inv_axiom'0 [@rewrite] : forall x : t_Map'0 [inv'0 x] . inv'0 x = invariant'0 x + + predicate resolve'0 [#"05_map.rs" 9 9 9 16] (self : t_Map'0) = + [%#s05_map1] resolve'2 self.t_Map__iter'0 /\ resolve'1 self.t_Map__func'0 + + goal refines : [%#s05_map0] forall self : t_Map'0 . structural_resolve'0 self /\ inv'0 self + -> structural_resolve'0 self /\ (forall result : () . resolve'0 self -> resolve'0 self) +end +module M_05_map__qyi16807608259409463994__next__refines [#"05_map.rs" 62 4 62 44] (* as common::Iterator> *) let%span s05_map0 = "05_map.rs" 62 4 62 44 let%span s05_map1 = "05_map.rs" 23 8 23 75 let%span s05_map2 = "05_map.rs" 123 14 123 68 @@ -1239,7 +1318,7 @@ module M_05_map__qyi14910388998417814812__next__refines [#"05_map.rs" 62 4 62 44 end /\ inv'1 result) end -module M_05_map__qyi14910388998417814812__produces_refl__refines [#"05_map.rs" 29 4 29 26] (* as common::Iterator> *) +module M_05_map__qyi16807608259409463994__produces_refl__refines [#"05_map.rs" 29 4 29 26] (* as common::Iterator> *) let%span s05_map0 = "05_map.rs" 29 4 29 26 let%span s05_map1 = "05_map.rs" 42 8 55 9 let%span sops2 = "../../../../creusot-contracts/src/std/ops.rs" 109 15 109 59 @@ -1356,7 +1435,7 @@ module M_05_map__qyi14910388998417814812__produces_refl__refines [#"05_map.rs" 2 goal refines : [%#s05_map0] forall self : t_Map'0 . forall result : () . produces'0 self (Seq.empty : Seq.seq t_B'0) self -> produces'0 self (Seq.empty : Seq.seq t_B'0) self end -module M_05_map__qyi14910388998417814812__produces_trans__refines [#"05_map.rs" 36 4 36 90] (* as common::Iterator> *) +module M_05_map__qyi16807608259409463994__produces_trans__refines [#"05_map.rs" 36 4 36 90] (* as common::Iterator> *) let%span s05_map0 = "05_map.rs" 36 4 36 90 let%span s05_map1 = "05_map.rs" 42 8 55 9 let%span sops2 = "../../../../creusot-contracts/src/std/ops.rs" 109 15 109 59 diff --git a/creusot/tests/should_succeed/iterators/05_map.rs b/creusot/tests/should_succeed/iterators/05_map.rs index 3e1478a1e3..56c6948912 100644 --- a/creusot/tests/should_succeed/iterators/05_map.rs +++ b/creusot/tests/should_succeed/iterators/05_map.rs @@ -6,15 +6,15 @@ use creusot_contracts::{invariant::Invariant, *}; mod common; use common::Iterator; -// FIXME: make it Map again -pub struct Map B> { +#[derive(Resolve)] +pub struct Map { // The inner iterator pub iter: I, // The mapper pub func: F, } -impl B> Iterator for Map { +impl B> Iterator for Map { type Item = B; #[open] @@ -71,7 +71,7 @@ impl B> Iterator for Map { } } -impl B> Map { +impl B> Map { #[predicate(prophetic)] fn next_precondition(iter: I, func: F) -> bool { pearlite! { @@ -133,7 +133,7 @@ impl B> Map { } } -impl B> Invariant for Map { +impl B> Invariant for Map { #[predicate(prophetic)] #[open(self)] fn invariant(self) -> bool { @@ -148,9 +148,9 @@ impl B> Invariant for Map { #[requires(forall iter.produces(Seq::singleton(e), i2) ==> func.precondition((e,)))] -#[requires(Map::::reinitialize())] -#[requires(Map::::preservation(iter, func))] +#[requires(Map::::reinitialize())] +#[requires(Map::::preservation(iter, func))] #[ensures(result == Map { iter, func })] -pub fn map B>(iter: I, func: F) -> Map { +pub fn map B>(iter: I, func: F) -> Map { Map { iter, func } } diff --git a/creusot/tests/should_succeed/iterators/06_map_precond.coma b/creusot/tests/should_succeed/iterators/06_map_precond.coma index d50adbc729..fc4f164875 100644 --- a/creusot/tests/should_succeed/iterators/06_map_precond.coma +++ b/creusot/tests/should_succeed/iterators/06_map_precond.coma @@ -1,4 +1,68 @@ -module M_06_map_precond__qyi18374305379273630819__produces_refl [#"06_map_precond.rs" 31 4 31 26] (* as common::Iterator> *) +module M_06_map_precond__qyi12121551022315030028__resolve_coherence [#"06_map_precond.rs" 9 9 9 16] (* as creusot_contracts::Resolve> *) + let%span s06_map_precond0 = "06_map_precond.rs" 9 9 9 16 + let%span s06_map_precond1 = "06_map_precond.rs" 9 9 9 16 + let%span s06_map_precond2 = "06_map_precond.rs" 11 4 13 36 + let%span scommon3 = "common.rs" 14 14 14 45 + let%span scommon4 = "common.rs" 18 15 18 32 + let%span scommon5 = "common.rs" 19 15 19 32 + let%span scommon6 = "common.rs" 20 14 20 42 + + use prelude.prelude.Borrow + + type t_I'0 + + type t_F'0 + + use seq.Seq + + use seq.Seq + + type t_Item'0 + + use seq.Seq + + predicate produces'0 [#"common.rs" 8 4 8 65] (self : t_I'0) (visited : Seq.seq t_Item'0) (o : t_I'0) + + function produces_trans'0 [#"common.rs" 21 4 21 91] (a : t_I'0) (ab : Seq.seq t_Item'0) (b : t_I'0) (bc : Seq.seq t_Item'0) (c : t_I'0) : () + + + axiom produces_trans'0_spec : forall a : t_I'0, ab : Seq.seq t_Item'0, b : t_I'0, bc : Seq.seq t_Item'0, c : t_I'0 . ([%#scommon4] produces'0 a ab b) + -> ([%#scommon5] produces'0 b bc c) -> ([%#scommon6] produces'0 a (Seq.(++) ab bc) c) + + function produces_refl'0 [#"common.rs" 15 4 15 27] (self : t_I'0) : () + + axiom produces_refl'0_spec : forall self : t_I'0 . [%#scommon3] produces'0 self (Seq.empty : Seq.seq t_Item'0) self + + use prelude.prelude.Snapshot + + type t_Map'0 = + { t_Map__iter'0: t_I'0; t_Map__func'0: t_F'0; t_Map__produced'0: Snapshot.snap_ty (Seq.seq t_Item'0) } + + predicate resolve'1 (_1 : Snapshot.snap_ty (Seq.seq t_Item'0)) = + true + + predicate resolve'2 (_1 : t_F'0) + + predicate resolve'3 (_1 : t_I'0) + + predicate structural_resolve'0 (_1 : t_Map'0) = + match _1 with + | {t_Map__iter'0 = x0 ; t_Map__func'0 = x1 ; t_Map__produced'0 = x2} -> resolve'1 x2 + /\ resolve'2 x1 /\ resolve'3 x0 + end + + predicate resolve'0 [#"06_map_precond.rs" 9 9 9 16] (self : t_Map'0) = + [%#s06_map_precond2] resolve'3 self.t_Map__iter'0 + /\ resolve'2 self.t_Map__func'0 /\ resolve'1 self.t_Map__produced'0 + + constant self : t_Map'0 + + function resolve_coherence'0 [#"06_map_precond.rs" 9 9 9 16] (self : t_Map'0) : () + + goal vc_resolve_coherence'0 : ([%#s06_map_precond0] structural_resolve'0 self) + -> ([%#s06_map_precond0] resolve'0 self) +end +module M_06_map_precond__qyi16809708214464407778__produces_refl [#"06_map_precond.rs" 31 4 31 26] (* as common::Iterator> *) let%span s06_map_precond0 = "06_map_precond.rs" 30 14 30 45 let%span s06_map_precond1 = "06_map_precond.rs" 28 4 28 10 let%span s06_map_precond2 = "06_map_precond.rs" 44 8 58 9 @@ -133,7 +197,7 @@ module M_06_map_precond__qyi18374305379273630819__produces_refl [#"06_map_precon goal vc_produces_refl'0 : [%#s06_map_precond0] produces'0 self (Seq.empty : Seq.seq t_B'0) self end -module M_06_map_precond__qyi18374305379273630819__produces_trans [#"06_map_precond.rs" 38 4 38 90] (* as common::Iterator> *) +module M_06_map_precond__qyi16809708214464407778__produces_trans [#"06_map_precond.rs" 38 4 38 90] (* as common::Iterator> *) let%span s06_map_precond0 = "06_map_precond.rs" 35 15 35 32 let%span s06_map_precond1 = "06_map_precond.rs" 36 15 36 32 let%span s06_map_precond2 = "06_map_precond.rs" 37 14 37 42 @@ -280,7 +344,7 @@ module M_06_map_precond__qyi18374305379273630819__produces_trans [#"06_map_preco goal vc_produces_trans'0 : ([%#s06_map_precond1] produces'0 b bc c) -> ([%#s06_map_precond0] produces'0 a ab b) -> ([%#s06_map_precond2] produces'0 a (Seq.(++) ab bc) c) end -module M_06_map_precond__qyi18374305379273630819__next [#"06_map_precond.rs" 65 4 65 44] (* as common::Iterator> *) +module M_06_map_precond__qyi16809708214464407778__next [#"06_map_precond.rs" 65 4 65 44] (* as common::Iterator> *) let%span s06_map_precond0 = "06_map_precond.rs" 68 16 68 76 let%span s06_map_precond1 = "06_map_precond.rs" 69 31 69 71 let%span s06_map_precond2 = "06_map_precond.rs" 72 16 72 58 @@ -693,7 +757,7 @@ module M_06_map_precond__qyi18374305379273630819__next [#"06_map_precond.rs" 65 (! return' {result}) ] end -module M_06_map_precond__qyi16548623944279504987__preservation_inv [#"06_map_precond.rs" 96 4 96 73] (* Map *) +module M_06_map_precond__qyi15984651645423927012__preservation_inv [#"06_map_precond.rs" 96 4 96 73] (* Map *) let%span s06_map_precond0 = "06_map_precond.rs" 95 14 95 81 let%span s06_map_precond1 = "06_map_precond.rs" 98 12 104 88 let%span s06_map_precond2 = "06_map_precond.rs" 111 12 116 71 @@ -799,7 +863,7 @@ module M_06_map_precond__qyi16548623944279504987__preservation_inv [#"06_map_pre -> precondition'0 f.final (e2, Snapshot.new (Seq.snoc (Seq.(++) produced s) e1))) = preservation'0 iter func end -module M_06_map_precond__qyi16548623944279504987__produces_one_invariant [#"06_map_precond.rs" 137 4 137 73] (* Map *) +module M_06_map_precond__qyi15984651645423927012__produces_one_invariant [#"06_map_precond.rs" 137 4 137 73] (* Map *) let%span s06_map_precond0 = "06_map_precond.rs" 131 15 131 31 let%span s06_map_precond1 = "06_map_precond.rs" 132 4 132 60 let%span s06_map_precond2 = "06_map_precond.rs" 133 15 133 30 @@ -957,7 +1021,7 @@ module M_06_map_precond__qyi16548623944279504987__produces_one_invariant [#"06_m && (let _ = () in ([%#s06_map_precond4] preservation_inv'0 iter f.final (Seq.snoc (Snapshot.inner self.t_Map__produced'0) e)) && ([%#s06_map_precond5] next_precondition'0 iter f.final (Seq.snoc (Snapshot.inner self.t_Map__produced'0) e))) end -module M_06_map_precond__qyi16548623944279504987__produces_one [#"06_map_precond.rs" 147 4 147 57] (* Map *) +module M_06_map_precond__qyi15984651645423927012__produces_one [#"06_map_precond.rs" 147 4 147 57] (* Map *) let%span s06_map_precond0 = "06_map_precond.rs" 146 14 146 68 let%span s06_map_precond1 = "06_map_precond.rs" 149 12 155 74 let%span s06_map_precond2 = "06_map_precond.rs" 44 8 58 9 @@ -1130,14 +1194,14 @@ module M_06_map_precond__qyi16548623944279504987__produces_one [#"06_map_precond /\ postcondition_mut'0 f.current (e, self.t_Map__produced'0) f.final visited) = produces'0 self (Seq.singleton visited) succ end -module M_06_map_precond__map [#"06_map_precond.rs" 178 0 181 17] +module M_06_map_precond__map [#"06_map_precond.rs" 178 0 181 14] let%span s06_map_precond0 = "06_map_precond.rs" 182 32 182 54 let%span s06_map_precond1 = "06_map_precond.rs" 179 4 179 8 let%span s06_map_precond2 = "06_map_precond.rs" 180 4 180 8 let%span s06_map_precond3 = "06_map_precond.rs" 172 11 174 65 - let%span s06_map_precond4 = "06_map_precond.rs" 175 11 175 41 - let%span s06_map_precond5 = "06_map_precond.rs" 176 11 176 51 - let%span s06_map_precond6 = "06_map_precond.rs" 181 5 181 17 + let%span s06_map_precond4 = "06_map_precond.rs" 175 11 175 38 + let%span s06_map_precond5 = "06_map_precond.rs" 176 11 176 48 + let%span s06_map_precond6 = "06_map_precond.rs" 181 5 181 14 let%span s06_map_precond7 = "06_map_precond.rs" 177 10 177 75 let%span s06_map_precond8 = "06_map_precond.rs" 123 12 126 47 let%span s06_map_precond9 = "06_map_precond.rs" 111 12 116 71 @@ -1321,36 +1385,37 @@ module M_06_map_precond__identity [#"06_map_precond.rs" 185 0 185 37] let%span s06_map_precond3 = "06_map_precond.rs" 179 4 179 8 let%span s06_map_precond4 = "06_map_precond.rs" 180 4 180 8 let%span s06_map_precond5 = "06_map_precond.rs" 172 11 174 65 - let%span s06_map_precond6 = "06_map_precond.rs" 175 11 175 41 - let%span s06_map_precond7 = "06_map_precond.rs" 176 11 176 51 - let%span s06_map_precond8 = "06_map_precond.rs" 181 5 181 17 + let%span s06_map_precond6 = "06_map_precond.rs" 175 11 175 38 + let%span s06_map_precond7 = "06_map_precond.rs" 176 11 176 48 + let%span s06_map_precond8 = "06_map_precond.rs" 181 5 181 14 let%span s06_map_precond9 = "06_map_precond.rs" 177 10 177 75 let%span s06_map_precond10 = "06_map_precond.rs" 123 12 126 47 let%span s06_map_precond11 = "06_map_precond.rs" 111 12 116 71 - let%span sresolve12 = "../../../../creusot-contracts/src/resolve.rs" 54 20 54 34 - let%span scommon13 = "common.rs" 14 14 14 45 - let%span scommon14 = "common.rs" 18 15 18 32 - let%span scommon15 = "common.rs" 19 15 19 32 - let%span scommon16 = "common.rs" 20 14 20 42 - let%span sops17 = "../../../../creusot-contracts/src/std/ops.rs" 109 15 109 59 - let%span sops18 = "../../../../creusot-contracts/src/std/ops.rs" 110 14 110 36 - let%span sops19 = "../../../../creusot-contracts/src/std/ops.rs" 115 14 115 31 - let%span sops20 = "../../../../creusot-contracts/src/std/ops.rs" 120 15 120 29 - let%span sops21 = "../../../../creusot-contracts/src/std/ops.rs" 121 15 121 26 - let%span sops22 = "../../../../creusot-contracts/src/std/ops.rs" 122 14 122 28 - let%span sops23 = "../../../../creusot-contracts/src/std/ops.rs" 127 14 128 105 - let%span s06_map_precond24 = "06_map_precond.rs" 87 12 90 63 - let%span s06_map_precond25 = "06_map_precond.rs" 165 12 167 73 - let%span s06_map_precond26 = "06_map_precond.rs" 95 14 95 81 - let%span s06_map_precond27 = "06_map_precond.rs" 98 12 104 88 + let%span s06_map_precond12 = "06_map_precond.rs" 11 4 13 36 + let%span sresolve13 = "../../../../creusot-contracts/src/resolve.rs" 54 20 54 34 + let%span scommon14 = "common.rs" 14 14 14 45 + let%span scommon15 = "common.rs" 18 15 18 32 + let%span scommon16 = "common.rs" 19 15 19 32 + let%span scommon17 = "common.rs" 20 14 20 42 + let%span sops18 = "../../../../creusot-contracts/src/std/ops.rs" 109 15 109 59 + let%span sops19 = "../../../../creusot-contracts/src/std/ops.rs" 110 14 110 36 + let%span sops20 = "../../../../creusot-contracts/src/std/ops.rs" 115 14 115 31 + let%span sops21 = "../../../../creusot-contracts/src/std/ops.rs" 120 15 120 29 + let%span sops22 = "../../../../creusot-contracts/src/std/ops.rs" 121 15 121 26 + let%span sops23 = "../../../../creusot-contracts/src/std/ops.rs" 122 14 122 28 + let%span sops24 = "../../../../creusot-contracts/src/std/ops.rs" 127 14 128 105 + let%span s06_map_precond25 = "06_map_precond.rs" 87 12 90 63 + let%span s06_map_precond26 = "06_map_precond.rs" 165 12 167 73 + let%span s06_map_precond27 = "06_map_precond.rs" 95 14 95 81 + let%span s06_map_precond28 = "06_map_precond.rs" 98 12 104 88 use prelude.prelude.Borrow - predicate resolve'1 (self : borrowed ()) = - [%#sresolve12] self.final = self.current + predicate resolve'3 (self : borrowed ()) = + [%#sresolve13] self.final = self.current - predicate resolve'0 (_1 : borrowed ()) = - resolve'1 _1 + predicate resolve'1 (_1 : borrowed ()) = + resolve'3 _1 type t_I'0 @@ -1367,12 +1432,12 @@ module M_06_map_precond__identity [#"06_map_precond.rs" 185 0 185 37] function produces_trans'0 [#"common.rs" 21 4 21 91] (a : t_I'0) (ab : Seq.seq t_Item'0) (b : t_I'0) (bc : Seq.seq t_Item'0) (c : t_I'0) : () - axiom produces_trans'0_spec : forall a : t_I'0, ab : Seq.seq t_Item'0, b : t_I'0, bc : Seq.seq t_Item'0, c : t_I'0 . ([%#scommon14] produces'0 a ab b) - -> ([%#scommon15] produces'0 b bc c) -> ([%#scommon16] produces'0 a (Seq.(++) ab bc) c) + axiom produces_trans'0_spec : forall a : t_I'0, ab : Seq.seq t_Item'0, b : t_I'0, bc : Seq.seq t_Item'0, c : t_I'0 . ([%#scommon15] produces'0 a ab b) + -> ([%#scommon16] produces'0 b bc c) -> ([%#scommon17] produces'0 a (Seq.(++) ab bc) c) function produces_refl'0 [#"common.rs" 15 4 15 27] (self : t_I'0) : () - axiom produces_refl'0_spec : forall self : t_I'0 . [%#scommon13] produces'0 self (Seq.empty : Seq.seq t_Item'0) self + axiom produces_refl'0_spec : forall self : t_I'0 . [%#scommon14] produces'0 self (Seq.empty : Seq.seq t_Item'0) self use prelude.prelude.Intrinsic @@ -1385,7 +1450,7 @@ module M_06_map_precond__identity [#"06_map_precond.rs" 185 0 185 37] = let (x, _3) = args in true - predicate resolve'2 (_1 : ()) = + predicate resolve'5 (_1 : ()) = true predicate unnest'0 (self : ()) (_2 : ()) = @@ -1398,26 +1463,26 @@ module M_06_map_precond__identity [#"06_map_precond.rs" 185 0 185 37] function fn_mut_once'0 (self : ()) (args : (t_Item'0, Snapshot.snap_ty (Seq.seq t_Item'0))) (res : t_Item'0) : () - axiom fn_mut_once'0_spec : forall self : (), args : (t_Item'0, Snapshot.snap_ty (Seq.seq t_Item'0)), res : t_Item'0 . [%#sops23] postcondition_once'0 self args res - = (exists res_state : () . postcondition_mut'0 self args res_state res /\ resolve'2 res_state) + axiom fn_mut_once'0_spec : forall self : (), args : (t_Item'0, Snapshot.snap_ty (Seq.seq t_Item'0)), res : t_Item'0 . [%#sops24] postcondition_once'0 self args res + = (exists res_state : () . postcondition_mut'0 self args res_state res /\ resolve'5 res_state) function unnest_trans'0 (self : ()) (b : ()) (c : ()) : () - axiom unnest_trans'0_spec : forall self : (), b : (), c : () . ([%#sops20] unnest'0 self b) - -> ([%#sops21] unnest'0 b c) -> ([%#sops22] unnest'0 self c) + axiom unnest_trans'0_spec : forall self : (), b : (), c : () . ([%#sops21] unnest'0 self b) + -> ([%#sops22] unnest'0 b c) -> ([%#sops23] unnest'0 self c) function unnest_refl'0 (self : ()) : () - axiom unnest_refl'0_spec : forall self : () . [%#sops19] unnest'0 self self + axiom unnest_refl'0_spec : forall self : () . [%#sops20] unnest'0 self self function postcondition_mut_unnest'0 (self : ()) (args : (t_Item'0, Snapshot.snap_ty (Seq.seq t_Item'0))) (res_state : ()) (res : t_Item'0) : () - axiom postcondition_mut_unnest'0_spec : forall self : (), args : (t_Item'0, Snapshot.snap_ty (Seq.seq t_Item'0)), res_state : (), res : t_Item'0 . ([%#sops17] postcondition_mut'0 self args res_state res) - -> ([%#sops18] unnest'0 self res_state) + axiom postcondition_mut_unnest'0_spec : forall self : (), args : (t_Item'0, Snapshot.snap_ty (Seq.seq t_Item'0)), res_state : (), res : t_Item'0 . ([%#sops18] postcondition_mut'0 self args res_state res) + -> ([%#sops19] unnest'0 self res_state) let rec closure0'0 (_1:borrowed ()) (x:t_Item'0) (_3:Snapshot.snap_ty (Seq.seq t_Item'0)) (return' (ret:t_Item'0))= {[@expl:closure 'x' type invariant] [%#s06_map_precond1] inv'2 x} - (! bb0 [ bb0 = s0 [ s0 = -{resolve'0 _1}- s1 | s1 = [ &_0 <- x ] s2 | s2 = bb1 ] | bb1 = return' {_0} ] ) + (! bb0 [ bb0 = s0 [ s0 = -{resolve'1 _1}- s1 | s1 = [ &_0 <- x ] s2 | s2 = bb1 ] | bb1 = return' {_0} ] ) [ & _0 : t_Item'0 = any_l () | & _1 : borrowed () = _1 | & x : t_Item'0 = x ] [ return' (result:t_Item'0)-> {[@expl:closure result type invariant] [%#s06_map_precond2] inv'2 result} @@ -1443,7 +1508,7 @@ module M_06_map_precond__identity [#"06_map_precond.rs" 185 0 185 37] predicate next_precondition'0 [#"06_map_precond.rs" 85 4 85 74] (iter : t_I'0) (func : ()) (produced : Seq.seq t_Item'0) = - [%#s06_map_precond24] forall e : t_Item'0, i : t_I'0 [produces'0 iter (Seq.singleton e) i] . produces'0 iter (Seq.singleton e) i + [%#s06_map_precond25] forall e : t_Item'0, i : t_I'0 [produces'0 iter (Seq.singleton e) i] . produces'0 iter (Seq.singleton e) i -> precondition'0 func (e, Snapshot.new produced) use seq.Seq @@ -1467,17 +1532,17 @@ module M_06_map_precond__identity [#"06_map_precond.rs" 185 0 185 37] predicate preservation_inv'0 [#"06_map_precond.rs" 96 4 96 73] (iter : t_I'0) (func : ()) (produced : Seq.seq t_Item'0) = - [%#s06_map_precond27] forall s : Seq.seq t_Item'0, e1 : t_Item'0, e2 : t_Item'0, f : borrowed (), b : t_Item'0, i : t_I'0 [produces'0 iter (Seq.snoc (Seq.snoc s e1) e2) i, postcondition_mut'0 f.current (e1, Snapshot.new (Seq.(++) produced s)) f.final b] . unnest'0 func f.current + [%#s06_map_precond28] forall s : Seq.seq t_Item'0, e1 : t_Item'0, e2 : t_Item'0, f : borrowed (), b : t_Item'0, i : t_I'0 [produces'0 iter (Seq.snoc (Seq.snoc s e1) e2) i, postcondition_mut'0 f.current (e1, Snapshot.new (Seq.(++) produced s)) f.final b] . unnest'0 func f.current -> produces'0 iter (Seq.snoc (Seq.snoc s e1) e2) i -> precondition'0 f.current (e1, Snapshot.new (Seq.(++) produced s)) -> postcondition_mut'0 f.current (e1, Snapshot.new (Seq.(++) produced s)) f.final b -> precondition'0 f.final (e2, Snapshot.new (Seq.snoc (Seq.(++) produced s) e1)) - axiom preservation_inv'0_spec : forall iter : t_I'0, func : (), produced : Seq.seq t_Item'0 . [%#s06_map_precond26] produced + axiom preservation_inv'0_spec : forall iter : t_I'0, func : (), produced : Seq.seq t_Item'0 . [%#s06_map_precond27] produced = (Seq.empty : Seq.seq t_Item'0) -> preservation_inv'0 iter func produced = preservation'0 iter func predicate invariant'0 [#"06_map_precond.rs" 163 4 163 30] (self : t_Map'0) = - [%#s06_map_precond25] reinitialize'0 () + [%#s06_map_precond26] reinitialize'0 () /\ preservation_inv'0 self.t_Map__iter'0 self.t_Map__func'0 (Snapshot.inner self.t_Map__produced'0) /\ next_precondition'0 self.t_Map__iter'0 self.t_Map__func'0 (Snapshot.inner self.t_Map__produced'0) @@ -1504,6 +1569,18 @@ module M_06_map_precond__identity [#"06_map_precond.rs" 185 0 185 37] (! return' {result}) ] + predicate resolve'4 (_1 : t_I'0) + + predicate resolve'6 (_1 : Snapshot.snap_ty (Seq.seq t_Item'0)) = + true + + predicate resolve'2 [#"06_map_precond.rs" 9 9 9 16] (self : t_Map'0) = + [%#s06_map_precond12] resolve'4 self.t_Map__iter'0 + /\ resolve'5 self.t_Map__func'0 /\ resolve'6 self.t_Map__produced'0 + + predicate resolve'0 (_1 : t_Map'0) = + resolve'2 _1 + meta "compute_max_steps" 1000000 let rec identity'0 (iter:t_I'0) (return' (ret:()))= {[@expl:identity 'iter' type invariant] [%#s06_map_precond0] inv'1 iter} @@ -1512,7 +1589,8 @@ module M_06_map_precond__identity [#"06_map_precond.rs" 185 0 185 37] [ s0 = [ &_4 <- () ] s1 | s1 = map'0 {iter} {_4} (fun (_ret':t_Map'0) -> [ &_2 <- _ret' ] s2) | s2 = {[@expl:type invariant] inv'0 _2} s3 - | s3 = bb1 ] + | s3 = -{resolve'0 _2}- s4 + | s4 = bb1 ] | bb1 = bb2 | bb2 = bb3 @@ -1532,43 +1610,44 @@ module M_06_map_precond__increment [#"06_map_precond.rs" 193 0 193 50] let%span s06_map_precond7 = "06_map_precond.rs" 179 4 179 8 let%span s06_map_precond8 = "06_map_precond.rs" 180 4 180 8 let%span s06_map_precond9 = "06_map_precond.rs" 172 11 174 65 - let%span s06_map_precond10 = "06_map_precond.rs" 175 11 175 41 - let%span s06_map_precond11 = "06_map_precond.rs" 176 11 176 51 - let%span s06_map_precond12 = "06_map_precond.rs" 181 5 181 17 + let%span s06_map_precond10 = "06_map_precond.rs" 175 11 175 38 + let%span s06_map_precond11 = "06_map_precond.rs" 176 11 176 48 + let%span s06_map_precond12 = "06_map_precond.rs" 181 5 181 14 let%span s06_map_precond13 = "06_map_precond.rs" 177 10 177 75 let%span s06_map_precond14 = "06_map_precond.rs" 44 8 58 9 let%span s06_map_precond15 = "06_map_precond.rs" 123 12 126 47 let%span s06_map_precond16 = "06_map_precond.rs" 111 12 116 71 - let%span s06_map_precond17 = "06_map_precond.rs" 30 14 30 45 - let%span s06_map_precond18 = "06_map_precond.rs" 28 4 28 10 - let%span s06_map_precond19 = "06_map_precond.rs" 35 15 35 32 - let%span s06_map_precond20 = "06_map_precond.rs" 36 15 36 32 - let%span s06_map_precond21 = "06_map_precond.rs" 37 14 37 42 - let%span s06_map_precond22 = "06_map_precond.rs" 33 4 33 10 - let%span scommon23 = "common.rs" 14 14 14 45 - let%span scommon24 = "common.rs" 18 15 18 32 - let%span scommon25 = "common.rs" 19 15 19 32 - let%span scommon26 = "common.rs" 20 14 20 42 - let%span sresolve27 = "../../../../creusot-contracts/src/resolve.rs" 54 20 54 34 - let%span sops28 = "../../../../creusot-contracts/src/std/ops.rs" 109 15 109 59 - let%span sops29 = "../../../../creusot-contracts/src/std/ops.rs" 110 14 110 36 - let%span sops30 = "../../../../creusot-contracts/src/std/ops.rs" 115 14 115 31 - let%span sops31 = "../../../../creusot-contracts/src/std/ops.rs" 120 15 120 29 - let%span sops32 = "../../../../creusot-contracts/src/std/ops.rs" 121 15 121 26 - let%span sops33 = "../../../../creusot-contracts/src/std/ops.rs" 122 14 122 28 - let%span sops34 = "../../../../creusot-contracts/src/std/ops.rs" 127 14 128 105 - let%span s06_map_precond35 = "06_map_precond.rs" 87 12 90 63 - let%span s06_map_precond36 = "06_map_precond.rs" 165 12 167 73 - let%span s06_map_precond37 = "06_map_precond.rs" 95 14 95 81 - let%span s06_map_precond38 = "06_map_precond.rs" 98 12 104 88 + let%span s06_map_precond17 = "06_map_precond.rs" 11 4 13 36 + let%span s06_map_precond18 = "06_map_precond.rs" 30 14 30 45 + let%span s06_map_precond19 = "06_map_precond.rs" 28 4 28 10 + let%span s06_map_precond20 = "06_map_precond.rs" 35 15 35 32 + let%span s06_map_precond21 = "06_map_precond.rs" 36 15 36 32 + let%span s06_map_precond22 = "06_map_precond.rs" 37 14 37 42 + let%span s06_map_precond23 = "06_map_precond.rs" 33 4 33 10 + let%span scommon24 = "common.rs" 14 14 14 45 + let%span scommon25 = "common.rs" 18 15 18 32 + let%span scommon26 = "common.rs" 19 15 19 32 + let%span scommon27 = "common.rs" 20 14 20 42 + let%span sresolve28 = "../../../../creusot-contracts/src/resolve.rs" 54 20 54 34 + let%span sops29 = "../../../../creusot-contracts/src/std/ops.rs" 109 15 109 59 + let%span sops30 = "../../../../creusot-contracts/src/std/ops.rs" 110 14 110 36 + let%span sops31 = "../../../../creusot-contracts/src/std/ops.rs" 115 14 115 31 + let%span sops32 = "../../../../creusot-contracts/src/std/ops.rs" 120 15 120 29 + let%span sops33 = "../../../../creusot-contracts/src/std/ops.rs" 121 15 121 26 + let%span sops34 = "../../../../creusot-contracts/src/std/ops.rs" 122 14 122 28 + let%span sops35 = "../../../../creusot-contracts/src/std/ops.rs" 127 14 128 105 + let%span s06_map_precond36 = "06_map_precond.rs" 87 12 90 63 + let%span s06_map_precond37 = "06_map_precond.rs" 165 12 167 73 + let%span s06_map_precond38 = "06_map_precond.rs" 95 14 95 81 + let%span s06_map_precond39 = "06_map_precond.rs" 98 12 104 88 use prelude.prelude.Borrow - predicate resolve'1 (self : borrowed ()) = - [%#sresolve27] self.final = self.current + predicate resolve'3 (self : borrowed ()) = + [%#sresolve28] self.final = self.current - predicate resolve'0 (_1 : borrowed ()) = - resolve'1 _1 + predicate resolve'1 (_1 : borrowed ()) = + resolve'3 _1 use prelude.prelude.UInt32 @@ -1585,7 +1664,7 @@ module M_06_map_precond__increment [#"06_map_precond.rs" 193 0 193 50] predicate postcondition_once'0 (self : ()) (args : (uint32, Snapshot.snap_ty (Seq.seq uint32))) (result : uint32) = [%#s06_map_precond6] let (x, _3) = args in UInt32.to_int result = UInt32.to_int x + 1 - predicate resolve'2 (_1 : ()) = + predicate resolve'5 (_1 : ()) = true predicate unnest'0 (self : ()) (_2 : ()) = @@ -1598,29 +1677,29 @@ module M_06_map_precond__increment [#"06_map_precond.rs" 193 0 193 50] function fn_mut_once'0 (self : ()) (args : (uint32, Snapshot.snap_ty (Seq.seq uint32))) (res : uint32) : () - axiom fn_mut_once'0_spec : forall self : (), args : (uint32, Snapshot.snap_ty (Seq.seq uint32)), res : uint32 . [%#sops34] postcondition_once'0 self args res - = (exists res_state : () . postcondition_mut'0 self args res_state res /\ resolve'2 res_state) + axiom fn_mut_once'0_spec : forall self : (), args : (uint32, Snapshot.snap_ty (Seq.seq uint32)), res : uint32 . [%#sops35] postcondition_once'0 self args res + = (exists res_state : () . postcondition_mut'0 self args res_state res /\ resolve'5 res_state) function unnest_trans'0 (self : ()) (b : ()) (c : ()) : () - axiom unnest_trans'0_spec : forall self : (), b : (), c : () . ([%#sops31] unnest'0 self b) - -> ([%#sops32] unnest'0 b c) -> ([%#sops33] unnest'0 self c) + axiom unnest_trans'0_spec : forall self : (), b : (), c : () . ([%#sops32] unnest'0 self b) + -> ([%#sops33] unnest'0 b c) -> ([%#sops34] unnest'0 self c) function unnest_refl'0 (self : ()) : () - axiom unnest_refl'0_spec : forall self : () . [%#sops30] unnest'0 self self + axiom unnest_refl'0_spec : forall self : () . [%#sops31] unnest'0 self self function postcondition_mut_unnest'0 (self : ()) (args : (uint32, Snapshot.snap_ty (Seq.seq uint32))) (res_state : ()) (res : uint32) : () - axiom postcondition_mut_unnest'0_spec : forall self : (), args : (uint32, Snapshot.snap_ty (Seq.seq uint32)), res_state : (), res : uint32 . ([%#sops28] postcondition_mut'0 self args res_state res) - -> ([%#sops29] unnest'0 self res_state) + axiom postcondition_mut_unnest'0_spec : forall self : (), args : (uint32, Snapshot.snap_ty (Seq.seq uint32)), res_state : (), res : uint32 . ([%#sops29] postcondition_mut'0 self args res_state res) + -> ([%#sops30] unnest'0 self res_state) let rec closure2'0 (_1:borrowed ()) (x:uint32) (_3:Snapshot.snap_ty (Seq.seq uint32)) (return' (ret:uint32))= {[@expl:closure requires] [%#s06_map_precond5] UInt32.to_int x <= 15} (! bb0 [ bb0 = s0 - [ s0 = -{resolve'0 _1}- s1 + [ s0 = -{resolve'1 _1}- s1 | s1 = UInt32.add {x} {[%#s06_map_precond4] (1 : uint32)} (fun (_ret':uint32) -> [ &res1 <- _ret' ] s2) | s2 = [ &res <- res1 ] s3 | s3 = [ &_0 <- res ] s4 @@ -1658,12 +1737,12 @@ module M_06_map_precond__increment [#"06_map_precond.rs" 193 0 193 50] function produces_trans'1 [#"common.rs" 21 4 21 91] (a : t_U'0) (ab : Seq.seq uint32) (b : t_U'0) (bc : Seq.seq uint32) (c : t_U'0) : () - axiom produces_trans'1_spec : forall a : t_U'0, ab : Seq.seq uint32, b : t_U'0, bc : Seq.seq uint32, c : t_U'0 . ([%#scommon24] produces'1 a ab b) - -> ([%#scommon25] produces'1 b bc c) -> ([%#scommon26] produces'1 a (Seq.(++) ab bc) c) + axiom produces_trans'1_spec : forall a : t_U'0, ab : Seq.seq uint32, b : t_U'0, bc : Seq.seq uint32, c : t_U'0 . ([%#scommon25] produces'1 a ab b) + -> ([%#scommon26] produces'1 b bc c) -> ([%#scommon27] produces'1 a (Seq.(++) ab bc) c) function produces_refl'1 [#"common.rs" 15 4 15 27] (self : t_U'0) : () - axiom produces_refl'1_spec : forall self : t_U'0 . [%#scommon23] produces'1 self (Seq.empty : Seq.seq uint32) self + axiom produces_refl'1_spec : forall self : t_U'0 . [%#scommon24] produces'1 self (Seq.empty : Seq.seq uint32) self use prelude.prelude.Snapshot @@ -1674,7 +1753,7 @@ module M_06_map_precond__increment [#"06_map_precond.rs" 193 0 193 50] predicate next_precondition'0 [#"06_map_precond.rs" 85 4 85 74] (iter : t_U'0) (func : ()) (produced : Seq.seq uint32) = - [%#s06_map_precond35] forall e : uint32, i : t_U'0 [produces'1 iter (Seq.singleton e) i] . produces'1 iter (Seq.singleton e) i + [%#s06_map_precond36] forall e : uint32, i : t_U'0 [produces'1 iter (Seq.singleton e) i] . produces'1 iter (Seq.singleton e) i -> precondition'0 func (e, Snapshot.new produced) use seq.Seq @@ -1697,17 +1776,17 @@ module M_06_map_precond__increment [#"06_map_precond.rs" 193 0 193 50] predicate preservation_inv'0 [#"06_map_precond.rs" 96 4 96 73] (iter : t_U'0) (func : ()) (produced : Seq.seq uint32) = - [%#s06_map_precond38] forall s : Seq.seq uint32, e1 : uint32, e2 : uint32, f : borrowed (), b : uint32, i : t_U'0 [produces'1 iter (Seq.snoc (Seq.snoc s e1) e2) i, postcondition_mut'0 f.current (e1, Snapshot.new (Seq.(++) produced s)) f.final b] . unnest'0 func f.current + [%#s06_map_precond39] forall s : Seq.seq uint32, e1 : uint32, e2 : uint32, f : borrowed (), b : uint32, i : t_U'0 [produces'1 iter (Seq.snoc (Seq.snoc s e1) e2) i, postcondition_mut'0 f.current (e1, Snapshot.new (Seq.(++) produced s)) f.final b] . unnest'0 func f.current -> produces'1 iter (Seq.snoc (Seq.snoc s e1) e2) i -> precondition'0 f.current (e1, Snapshot.new (Seq.(++) produced s)) -> postcondition_mut'0 f.current (e1, Snapshot.new (Seq.(++) produced s)) f.final b -> precondition'0 f.final (e2, Snapshot.new (Seq.snoc (Seq.(++) produced s) e1)) - axiom preservation_inv'0_spec : forall iter : t_U'0, func : (), produced : Seq.seq uint32 . [%#s06_map_precond37] produced + axiom preservation_inv'0_spec : forall iter : t_U'0, func : (), produced : Seq.seq uint32 . [%#s06_map_precond38] produced = (Seq.empty : Seq.seq uint32) -> preservation_inv'0 iter func produced = preservation'0 iter func predicate invariant'0 [#"06_map_precond.rs" 163 4 163 30] (self : t_Map'0) = - [%#s06_map_precond36] reinitialize'0 () + [%#s06_map_precond37] reinitialize'0 () /\ preservation_inv'0 self.t_Map__iter'0 self.t_Map__func'0 (Snapshot.inner self.t_Map__produced'0) /\ next_precondition'0 self.t_Map__iter'0 self.t_Map__func'0 (Snapshot.inner self.t_Map__produced'0) @@ -1732,6 +1811,18 @@ module M_06_map_precond__increment [#"06_map_precond.rs" 193 0 193 50] (! return' {result}) ] + predicate resolve'4 (_1 : t_U'0) + + predicate resolve'6 (_1 : Snapshot.snap_ty (Seq.seq uint32)) = + true + + predicate resolve'2 [#"06_map_precond.rs" 9 9 9 16] (self : t_Map'0) = + [%#s06_map_precond17] resolve'4 self.t_Map__iter'0 + /\ resolve'5 self.t_Map__func'0 /\ resolve'6 self.t_Map__produced'0 + + predicate resolve'0 (_1 : t_Map'0) = + resolve'2 _1 + use seq.Seq use seq.Seq @@ -1769,15 +1860,15 @@ module M_06_map_precond__increment [#"06_map_precond.rs" 193 0 193 50] function produces_trans'0 [#"06_map_precond.rs" 38 4 38 90] (a : t_Map'0) (ab : Seq.seq uint32) (b : t_Map'0) (bc : Seq.seq uint32) (c : t_Map'0) : () = - [%#s06_map_precond22] () + [%#s06_map_precond23] () - axiom produces_trans'0_spec : forall a : t_Map'0, ab : Seq.seq uint32, b : t_Map'0, bc : Seq.seq uint32, c : t_Map'0 . ([%#s06_map_precond19] produces'0 a ab b) - -> ([%#s06_map_precond20] produces'0 b bc c) -> ([%#s06_map_precond21] produces'0 a (Seq.(++) ab bc) c) + axiom produces_trans'0_spec : forall a : t_Map'0, ab : Seq.seq uint32, b : t_Map'0, bc : Seq.seq uint32, c : t_Map'0 . ([%#s06_map_precond20] produces'0 a ab b) + -> ([%#s06_map_precond21] produces'0 b bc c) -> ([%#s06_map_precond22] produces'0 a (Seq.(++) ab bc) c) function produces_refl'0 [#"06_map_precond.rs" 31 4 31 26] (self : t_Map'0) : () = - [%#s06_map_precond18] () + [%#s06_map_precond19] () - axiom produces_refl'0_spec : forall self : t_Map'0 . [%#s06_map_precond17] produces'0 self (Seq.empty : Seq.seq uint32) self + axiom produces_refl'0_spec : forall self : t_Map'0 . [%#s06_map_precond18] produces'0 self (Seq.empty : Seq.seq uint32) self meta "compute_max_steps" 1000000 @@ -1794,10 +1885,11 @@ module M_06_map_precond__increment [#"06_map_precond.rs" 193 0 193 50] | bb2 = s0 [ s0 = {[@expl:type invariant] inv'0 i} s1 - | s1 = {[@expl:assertion] [%#s06_map_precond0] forall prod : Seq.seq uint32, fin : t_Map'0 . produces'0 i prod fin + | s1 = -{resolve'0 i}- s2 + | s2 = {[@expl:assertion] [%#s06_map_precond0] forall prod : Seq.seq uint32, fin : t_Map'0 . produces'0 i prod fin -> (forall x : int . 0 <= x /\ x < Seq.length prod -> Seq.get prod x <= (11 : uint32))} - s2 - | s2 = bb3 ] + s3 + | s3 = bb3 ] | bb3 = bb4 | bb4 = bb5 @@ -1817,28 +1909,29 @@ module M_06_map_precond__counter [#"06_map_precond.rs" 209 0 209 48] let%span s06_map_precond7 = "06_map_precond.rs" 179 4 179 8 let%span s06_map_precond8 = "06_map_precond.rs" 180 4 180 8 let%span s06_map_precond9 = "06_map_precond.rs" 172 11 174 65 - let%span s06_map_precond10 = "06_map_precond.rs" 175 11 175 41 - let%span s06_map_precond11 = "06_map_precond.rs" 176 11 176 51 - let%span s06_map_precond12 = "06_map_precond.rs" 181 5 181 17 + let%span s06_map_precond10 = "06_map_precond.rs" 175 11 175 38 + let%span s06_map_precond11 = "06_map_precond.rs" 176 11 176 48 + let%span s06_map_precond12 = "06_map_precond.rs" 181 5 181 14 let%span s06_map_precond13 = "06_map_precond.rs" 177 10 177 75 let%span s06_map_precond14 = "06_map_precond.rs" 123 12 126 47 let%span s06_map_precond15 = "06_map_precond.rs" 111 12 116 71 - let%span scommon16 = "common.rs" 14 14 14 45 - let%span scommon17 = "common.rs" 18 15 18 32 - let%span scommon18 = "common.rs" 19 15 19 32 - let%span scommon19 = "common.rs" 20 14 20 42 - let%span sresolve20 = "../../../../creusot-contracts/src/resolve.rs" 54 20 54 34 - let%span sops21 = "../../../../creusot-contracts/src/std/ops.rs" 109 15 109 59 - let%span sops22 = "../../../../creusot-contracts/src/std/ops.rs" 110 14 110 36 - let%span sops23 = "../../../../creusot-contracts/src/std/ops.rs" 115 14 115 31 - let%span sops24 = "../../../../creusot-contracts/src/std/ops.rs" 120 15 120 29 - let%span sops25 = "../../../../creusot-contracts/src/std/ops.rs" 121 15 121 26 - let%span sops26 = "../../../../creusot-contracts/src/std/ops.rs" 122 14 122 28 - let%span sops27 = "../../../../creusot-contracts/src/std/ops.rs" 127 14 128 105 - let%span s06_map_precond28 = "06_map_precond.rs" 87 12 90 63 - let%span s06_map_precond29 = "06_map_precond.rs" 165 12 167 73 - let%span s06_map_precond30 = "06_map_precond.rs" 95 14 95 81 - let%span s06_map_precond31 = "06_map_precond.rs" 98 12 104 88 + let%span s06_map_precond16 = "06_map_precond.rs" 11 4 13 36 + let%span scommon17 = "common.rs" 14 14 14 45 + let%span scommon18 = "common.rs" 18 15 18 32 + let%span scommon19 = "common.rs" 19 15 19 32 + let%span scommon20 = "common.rs" 20 14 20 42 + let%span sresolve21 = "../../../../creusot-contracts/src/resolve.rs" 54 20 54 34 + let%span sops22 = "../../../../creusot-contracts/src/std/ops.rs" 109 15 109 59 + let%span sops23 = "../../../../creusot-contracts/src/std/ops.rs" 110 14 110 36 + let%span sops24 = "../../../../creusot-contracts/src/std/ops.rs" 115 14 115 31 + let%span sops25 = "../../../../creusot-contracts/src/std/ops.rs" 120 15 120 29 + let%span sops26 = "../../../../creusot-contracts/src/std/ops.rs" 121 15 121 26 + let%span sops27 = "../../../../creusot-contracts/src/std/ops.rs" 122 14 122 28 + let%span sops28 = "../../../../creusot-contracts/src/std/ops.rs" 127 14 128 105 + let%span s06_map_precond29 = "06_map_precond.rs" 87 12 90 63 + let%span s06_map_precond30 = "06_map_precond.rs" 165 12 167 73 + let%span s06_map_precond31 = "06_map_precond.rs" 95 14 95 81 + let%span s06_map_precond32 = "06_map_precond.rs" 98 12 104 88 use prelude.prelude.UIntSize @@ -1847,11 +1940,11 @@ module M_06_map_precond__counter [#"06_map_precond.rs" 209 0 209 48] type closure2'1 = { field_0'0: borrowed usize } - predicate resolve'1 (self : borrowed closure2'1) = - [%#sresolve20] self.final = self.current + predicate resolve'3 (self : borrowed closure2'1) = + [%#sresolve21] self.final = self.current - predicate resolve'0 (_1 : borrowed closure2'1) = - resolve'1 _1 + predicate resolve'1 (_1 : borrowed closure2'1) = + resolve'3 _1 use prelude.prelude.UInt32 @@ -1877,14 +1970,14 @@ module M_06_map_precond__counter [#"06_map_precond.rs" 209 0 209 48] [%#s06_map_precond6] let (x, _prod) = args in UIntSize.to_int (self.field_0'0).final = UIntSize.to_int (self.field_0'0).current + 1 - predicate resolve'4 (self : borrowed usize) = - [%#sresolve20] self.final = self.current + predicate resolve'8 (self : borrowed usize) = + [%#sresolve21] self.final = self.current - predicate resolve'3 (_1 : borrowed usize) = - resolve'4 _1 + predicate resolve'7 (_1 : borrowed usize) = + resolve'8 _1 - predicate resolve'2 (_1 : closure2'1) = - resolve'3 _1.field_0'0 + predicate resolve'5 (_1 : closure2'1) = + resolve'7 _1.field_0'0 predicate unnest'0 (self : closure2'1) (_2 : closure2'1) = (_2.field_0'0).final = (self.field_0'0).final @@ -1898,23 +1991,23 @@ module M_06_map_precond__counter [#"06_map_precond.rs" 209 0 209 48] function fn_mut_once'0 (self : closure2'1) (args : (uint32, Snapshot.snap_ty (Seq.seq uint32))) (res : uint32) : () - axiom fn_mut_once'0_spec : forall self : closure2'1, args : (uint32, Snapshot.snap_ty (Seq.seq uint32)), res : uint32 . [%#sops27] postcondition_once'0 self args res - = (exists res_state : closure2'1 . postcondition_mut'0 self args res_state res /\ resolve'2 res_state) + axiom fn_mut_once'0_spec : forall self : closure2'1, args : (uint32, Snapshot.snap_ty (Seq.seq uint32)), res : uint32 . [%#sops28] postcondition_once'0 self args res + = (exists res_state : closure2'1 . postcondition_mut'0 self args res_state res /\ resolve'5 res_state) function unnest_trans'0 (self : closure2'1) (b : closure2'1) (c : closure2'1) : () - axiom unnest_trans'0_spec : forall self : closure2'1, b : closure2'1, c : closure2'1 . ([%#sops24] unnest'0 self b) - -> ([%#sops25] unnest'0 b c) -> ([%#sops26] unnest'0 self c) + axiom unnest_trans'0_spec : forall self : closure2'1, b : closure2'1, c : closure2'1 . ([%#sops25] unnest'0 self b) + -> ([%#sops26] unnest'0 b c) -> ([%#sops27] unnest'0 self c) function unnest_refl'0 (self : closure2'1) : () - axiom unnest_refl'0_spec : forall self : closure2'1 . [%#sops23] unnest'0 self self + axiom unnest_refl'0_spec : forall self : closure2'1 . [%#sops24] unnest'0 self self function postcondition_mut_unnest'0 (self : closure2'1) (args : (uint32, Snapshot.snap_ty (Seq.seq uint32))) (res_state : closure2'1) (res : uint32) : () - axiom postcondition_mut_unnest'0_spec : forall self : closure2'1, args : (uint32, Snapshot.snap_ty (Seq.seq uint32)), res_state : closure2'1, res : uint32 . ([%#sops21] postcondition_mut'0 self args res_state res) - -> ([%#sops22] unnest'0 self res_state) + axiom postcondition_mut_unnest'0_spec : forall self : closure2'1, args : (uint32, Snapshot.snap_ty (Seq.seq uint32)), res_state : closure2'1, res : uint32 . ([%#sops22] postcondition_mut'0 self args res_state res) + -> ([%#sops23] unnest'0 self res_state) let rec closure2'0 (_1:borrowed closure2'1) (x:uint32) (_prod:Snapshot.snap_ty (Seq.seq uint32)) (return' (ret:uint32))= {[@expl:closure requires] [%#s06_map_precond5] UIntSize.to_int ((_1.current).field_0'0).current = Seq.length (Snapshot.inner _prod) @@ -1925,7 +2018,7 @@ module M_06_map_precond__counter [#"06_map_precond.rs" 209 0 209 48] (fun (_ret':usize) -> [ &_1 <- { _1 with current = { field_0'0 = { (_1.current).field_0'0 with current = _ret' } } } ] s1) - | s1 = -{resolve'0 _1}- s2 + | s1 = -{resolve'1 _1}- s2 | s2 = [ &res1 <- x ] s3 | s3 = [ &res <- res1 ] s4 | s4 = [ &_0 <- res ] s5 @@ -1963,12 +2056,12 @@ module M_06_map_precond__counter [#"06_map_precond.rs" 209 0 209 48] function produces_trans'0 [#"common.rs" 21 4 21 91] (a : t_I'0) (ab : Seq.seq uint32) (b : t_I'0) (bc : Seq.seq uint32) (c : t_I'0) : () - axiom produces_trans'0_spec : forall a : t_I'0, ab : Seq.seq uint32, b : t_I'0, bc : Seq.seq uint32, c : t_I'0 . ([%#scommon17] produces'0 a ab b) - -> ([%#scommon18] produces'0 b bc c) -> ([%#scommon19] produces'0 a (Seq.(++) ab bc) c) + axiom produces_trans'0_spec : forall a : t_I'0, ab : Seq.seq uint32, b : t_I'0, bc : Seq.seq uint32, c : t_I'0 . ([%#scommon18] produces'0 a ab b) + -> ([%#scommon19] produces'0 b bc c) -> ([%#scommon20] produces'0 a (Seq.(++) ab bc) c) function produces_refl'0 [#"common.rs" 15 4 15 27] (self : t_I'0) : () - axiom produces_refl'0_spec : forall self : t_I'0 . [%#scommon16] produces'0 self (Seq.empty : Seq.seq uint32) self + axiom produces_refl'0_spec : forall self : t_I'0 . [%#scommon17] produces'0 self (Seq.empty : Seq.seq uint32) self use prelude.prelude.Snapshot @@ -1982,7 +2075,7 @@ module M_06_map_precond__counter [#"06_map_precond.rs" 209 0 209 48] predicate next_precondition'0 [#"06_map_precond.rs" 85 4 85 74] (iter : t_I'0) (func : closure2'1) (produced : Seq.seq uint32) = - [%#s06_map_precond28] forall e : uint32, i : t_I'0 [produces'0 iter (Seq.singleton e) i] . produces'0 iter (Seq.singleton e) i + [%#s06_map_precond29] forall e : uint32, i : t_I'0 [produces'0 iter (Seq.singleton e) i] . produces'0 iter (Seq.singleton e) i -> precondition'0 func (e, Snapshot.new produced) use seq.Seq @@ -2004,17 +2097,17 @@ module M_06_map_precond__counter [#"06_map_precond.rs" 209 0 209 48] predicate preservation_inv'0 [#"06_map_precond.rs" 96 4 96 73] (iter : t_I'0) (func : closure2'1) (produced : Seq.seq uint32) = - [%#s06_map_precond31] forall s : Seq.seq uint32, e1 : uint32, e2 : uint32, f : borrowed closure2'1, b : uint32, i : t_I'0 [produces'0 iter (Seq.snoc (Seq.snoc s e1) e2) i, postcondition_mut'0 f.current (e1, Snapshot.new (Seq.(++) produced s)) f.final b] . unnest'0 func f.current + [%#s06_map_precond32] forall s : Seq.seq uint32, e1 : uint32, e2 : uint32, f : borrowed closure2'1, b : uint32, i : t_I'0 [produces'0 iter (Seq.snoc (Seq.snoc s e1) e2) i, postcondition_mut'0 f.current (e1, Snapshot.new (Seq.(++) produced s)) f.final b] . unnest'0 func f.current -> produces'0 iter (Seq.snoc (Seq.snoc s e1) e2) i -> precondition'0 f.current (e1, Snapshot.new (Seq.(++) produced s)) -> postcondition_mut'0 f.current (e1, Snapshot.new (Seq.(++) produced s)) f.final b -> precondition'0 f.final (e2, Snapshot.new (Seq.snoc (Seq.(++) produced s) e1)) - axiom preservation_inv'0_spec : forall iter : t_I'0, func : closure2'1, produced : Seq.seq uint32 . [%#s06_map_precond30] produced + axiom preservation_inv'0_spec : forall iter : t_I'0, func : closure2'1, produced : Seq.seq uint32 . [%#s06_map_precond31] produced = (Seq.empty : Seq.seq uint32) -> preservation_inv'0 iter func produced = preservation'0 iter func predicate invariant'0 [#"06_map_precond.rs" 163 4 163 30] (self : t_Map'0) = - [%#s06_map_precond29] reinitialize'0 () + [%#s06_map_precond30] reinitialize'0 () /\ preservation_inv'0 self.t_Map__iter'0 self.t_Map__func'0 (Snapshot.inner self.t_Map__produced'0) /\ next_precondition'0 self.t_Map__iter'0 self.t_Map__func'0 (Snapshot.inner self.t_Map__produced'0) @@ -2039,6 +2132,18 @@ module M_06_map_precond__counter [#"06_map_precond.rs" 209 0 209 48] (! return' {result}) ] + predicate resolve'4 (_1 : t_I'0) + + predicate resolve'6 (_1 : Snapshot.snap_ty (Seq.seq uint32)) = + true + + predicate resolve'2 [#"06_map_precond.rs" 9 9 9 16] (self : t_Map'0) = + [%#s06_map_precond16] resolve'4 self.t_Map__iter'0 + /\ resolve'5 self.t_Map__func'0 /\ resolve'6 self.t_Map__produced'0 + + predicate resolve'0 (_1 : t_Map'0) = + resolve'2 _1 + meta "compute_max_steps" 1000000 let rec counter'0 (iter:t_I'0) (return' (ret:()))= {[@expl:counter 'iter' type invariant] [%#s06_map_precond1] inv'1 iter} @@ -2056,7 +2161,8 @@ module M_06_map_precond__counter [#"06_map_precond.rs" 209 0 209 48] | s2 = [ &_7 <- { field_0'0 = _8 } ] s3 | s3 = map'0 {iter} {_7} (fun (_ret':t_Map'0) -> [ &_5 <- _ret' ] s4) | s4 = {[@expl:type invariant] inv'0 _5} s5 - | s5 = bb2 ] + | s5 = -{resolve'0 _5}- s6 + | s6 = bb2 ] | bb2 = bb3 | bb3 = bb4 @@ -2070,7 +2176,85 @@ module M_06_map_precond__counter [#"06_map_precond.rs" 209 0 209 48] | & _8 : borrowed usize = any_l () ] [ return' (result:())-> (! return' {result}) ] end -module M_06_map_precond__qyi18374305379273630819__next__refines [#"06_map_precond.rs" 65 4 65 44] (* as common::Iterator> *) +module M_06_map_precond__qyi12121551022315030028__resolve_coherence__refines [#"06_map_precond.rs" 9 9 9 16] (* as creusot_contracts::Resolve> *) + let%span s06_map_precond0 = "06_map_precond.rs" 9 9 9 16 + let%span s06_map_precond1 = "06_map_precond.rs" 11 4 13 36 + let%span scommon2 = "common.rs" 14 14 14 45 + let%span scommon3 = "common.rs" 18 15 18 32 + let%span scommon4 = "common.rs" 19 15 19 32 + let%span scommon5 = "common.rs" 20 14 20 42 + let%span sinvariant6 = "../../../../creusot-contracts/src/invariant.rs" 24 8 24 18 + + use prelude.prelude.Borrow + + type t_I'0 + + type t_F'0 + + use seq.Seq + + use seq.Seq + + type t_Item'0 + + use seq.Seq + + predicate produces'0 [#"common.rs" 8 4 8 65] (self : t_I'0) (visited : Seq.seq t_Item'0) (o : t_I'0) + + function produces_trans'0 [#"common.rs" 21 4 21 91] (a : t_I'0) (ab : Seq.seq t_Item'0) (b : t_I'0) (bc : Seq.seq t_Item'0) (c : t_I'0) : () + + + axiom produces_trans'0_spec : forall a : t_I'0, ab : Seq.seq t_Item'0, b : t_I'0, bc : Seq.seq t_Item'0, c : t_I'0 . ([%#scommon3] produces'0 a ab b) + -> ([%#scommon4] produces'0 b bc c) -> ([%#scommon5] produces'0 a (Seq.(++) ab bc) c) + + function produces_refl'0 [#"common.rs" 15 4 15 27] (self : t_I'0) : () + + axiom produces_refl'0_spec : forall self : t_I'0 . [%#scommon2] produces'0 self (Seq.empty : Seq.seq t_Item'0) self + + use prelude.prelude.Snapshot + + type t_Map'0 = + { t_Map__iter'0: t_I'0; t_Map__func'0: t_F'0; t_Map__produced'0: Snapshot.snap_ty (Seq.seq t_Item'0) } + + predicate resolve'1 (_1 : Snapshot.snap_ty (Seq.seq t_Item'0)) = + true + + predicate resolve'2 (_1 : t_F'0) + + predicate resolve'3 (_1 : t_I'0) + + predicate structural_resolve'0 (_1 : t_Map'0) = + match _1 with + | {t_Map__iter'0 = x0 ; t_Map__func'0 = x1 ; t_Map__produced'0 = x2} -> resolve'1 x2 + /\ resolve'2 x1 /\ resolve'3 x0 + end + + predicate inv'2 (_1 : t_I'0) + + predicate inv'3 (_1 : t_F'0) + + predicate inv'1 (_1 : t_Map'0) + + axiom inv_axiom'1 : forall x : t_Map'0 [inv'1 x] . inv'1 x + -> match x with + | {t_Map__iter'0 = iter ; t_Map__func'0 = func ; t_Map__produced'0 = produced} -> inv'2 iter /\ inv'3 func + end + + predicate invariant'0 (self : t_Map'0) = + [%#sinvariant6] inv'1 self + + predicate inv'0 (_1 : t_Map'0) + + axiom inv_axiom'0 [@rewrite] : forall x : t_Map'0 [inv'0 x] . inv'0 x = invariant'0 x + + predicate resolve'0 [#"06_map_precond.rs" 9 9 9 16] (self : t_Map'0) = + [%#s06_map_precond1] resolve'3 self.t_Map__iter'0 + /\ resolve'2 self.t_Map__func'0 /\ resolve'1 self.t_Map__produced'0 + + goal refines : [%#s06_map_precond0] forall self : t_Map'0 . structural_resolve'0 self /\ inv'0 self + -> structural_resolve'0 self /\ (forall result : () . resolve'0 self -> resolve'0 self) +end +module M_06_map_precond__qyi16809708214464407778__next__refines [#"06_map_precond.rs" 65 4 65 44] (* as common::Iterator> *) let%span s06_map_precond0 = "06_map_precond.rs" 65 4 65 44 let%span s06_map_precond1 = "06_map_precond.rs" 22 8 25 9 let%span s06_map_precond2 = "06_map_precond.rs" 146 14 146 68 @@ -2311,7 +2495,7 @@ module M_06_map_precond__qyi18374305379273630819__next__refines [#"06_map_precon end /\ inv'1 result) end -module M_06_map_precond__qyi18374305379273630819__produces_refl__refines [#"06_map_precond.rs" 31 4 31 26] (* as common::Iterator> *) +module M_06_map_precond__qyi16809708214464407778__produces_refl__refines [#"06_map_precond.rs" 31 4 31 26] (* as common::Iterator> *) let%span s06_map_precond0 = "06_map_precond.rs" 31 4 31 26 let%span s06_map_precond1 = "06_map_precond.rs" 44 8 58 9 let%span scommon2 = "common.rs" 14 14 14 45 @@ -2442,7 +2626,7 @@ module M_06_map_precond__qyi18374305379273630819__produces_refl__refines [#"06_m goal refines : [%#s06_map_precond0] forall self : t_Map'0 . forall result : () . produces'0 self (Seq.empty : Seq.seq t_B'0) self -> produces'0 self (Seq.empty : Seq.seq t_B'0) self end -module M_06_map_precond__qyi18374305379273630819__produces_trans__refines [#"06_map_precond.rs" 38 4 38 90] (* as common::Iterator> *) +module M_06_map_precond__qyi16809708214464407778__produces_trans__refines [#"06_map_precond.rs" 38 4 38 90] (* as common::Iterator> *) let%span s06_map_precond0 = "06_map_precond.rs" 38 4 38 90 let%span s06_map_precond1 = "06_map_precond.rs" 44 8 58 9 let%span scommon2 = "common.rs" 14 14 14 45 diff --git a/creusot/tests/should_succeed/iterators/06_map_precond.rs b/creusot/tests/should_succeed/iterators/06_map_precond.rs index 771b7776e4..d6b99fa2ea 100644 --- a/creusot/tests/should_succeed/iterators/06_map_precond.rs +++ b/creusot/tests/should_succeed/iterators/06_map_precond.rs @@ -6,14 +6,14 @@ use creusot_contracts::{invariant::Invariant, *}; mod common; use common::Iterator; -// FIXME: make it Map again -pub struct Map>) -> B> { +#[derive(Resolve)] +pub struct Map { iter: I, func: F, produced: Snapshot>, } -impl>) -> B> Iterator for Map { +impl>) -> B> Iterator for Map { type Item = B; #[open] @@ -80,7 +80,7 @@ impl>) -> B> Iterator fo } } -impl>) -> B> Map { +impl>) -> B> Map { #[predicate(prophetic)] fn next_precondition(iter: I, func: F, produced: Seq) -> bool { pearlite! { @@ -157,7 +157,7 @@ impl>) -> B> Map>) -> B> Invariant for Map { +impl>) -> B> Invariant for Map { #[predicate(prophetic)] #[open(self)] fn invariant(self) -> bool { @@ -172,13 +172,13 @@ impl>) -> B> Invariant f #[requires(forall iter.produces(Seq::singleton(e), i2) ==> func.precondition((e, Snapshot::new(Seq::EMPTY))))] -#[requires(Map::::reinitialize())] -#[requires(Map::::preservation(iter, func))] +#[requires(Map::::reinitialize())] +#[requires(Map::::preservation(iter, func))] #[ensures(result == Map { iter, func, produced: Snapshot::new(Seq::EMPTY) })] pub fn map>) -> B>( iter: I, func: F, -) -> Map { +) -> Map { Map { iter, func, produced: snapshot! {Seq::EMPTY} } } @@ -199,7 +199,7 @@ pub fn increment>(iter: U) { ); proof_assert! { - forall> i.produces(prod, fin) ==> + forall> i.produces(prod, fin) ==> forall 0 <= x && x < prod.len() ==> prod[x] <= 11u32 }; } diff --git a/creusot/tests/should_succeed/iterators/07_fuse.coma b/creusot/tests/should_succeed/iterators/07_fuse.coma index f7f90637de..0b4fe1aaae 100644 --- a/creusot/tests/should_succeed/iterators/07_fuse.coma +++ b/creusot/tests/should_succeed/iterators/07_fuse.coma @@ -1,12 +1,54 @@ -module M_07_fuse__qyi2452592938496686347__next [#"07_fuse.rs" 39 4 39 44] (* as common::Iterator> *) - let%span s07_fuse0 = "07_fuse.rs" 39 17 39 21 - let%span s07_fuse1 = "07_fuse.rs" 39 26 39 44 - let%span s07_fuse2 = "07_fuse.rs" 35 14 38 5 +module M_07_fuse__qyi9228006394033832720__resolve_coherence [#"07_fuse.rs" 7 9 7 16] (* as creusot_contracts::Resolve> *) + let%span s07_fuse0 = "07_fuse.rs" 7 9 7 16 + let%span s07_fuse1 = "07_fuse.rs" 7 9 7 16 + let%span s07_fuse2 = "07_fuse.rs" 9 4 9 19 + let%span sresolve3 = "../../../../creusot-contracts/src/resolve.rs" 82 8 85 9 + + use prelude.prelude.Borrow + + type t_I'0 + + type t_Option'0 = + | C_None'0 + | C_Some'0 t_I'0 + + type t_Fuse'0 = + { t_Fuse__iter'0: t_Option'0 } + + predicate resolve'3 (_1 : t_I'0) + + predicate resolve'2 (self : t_Option'0) = + [%#sresolve3] match self with + | C_Some'0 x -> resolve'3 x + | C_None'0 -> true + end + + predicate resolve'1 (_1 : t_Option'0) = + resolve'2 _1 + + predicate structural_resolve'0 (_1 : t_Fuse'0) = + match _1 with + | {t_Fuse__iter'0 = x0} -> resolve'1 x0 + end + + predicate resolve'0 [#"07_fuse.rs" 7 9 7 16] (self : t_Fuse'0) = + [%#s07_fuse2] resolve'1 self.t_Fuse__iter'0 + + constant self : t_Fuse'0 + + function resolve_coherence'0 [#"07_fuse.rs" 7 9 7 16] (self : t_Fuse'0) : () + + goal vc_resolve_coherence'0 : ([%#s07_fuse0] structural_resolve'0 self) -> ([%#s07_fuse0] resolve'0 self) +end +module M_07_fuse__qyi2452592938496686347__next [#"07_fuse.rs" 40 4 40 44] (* as common::Iterator> *) + let%span s07_fuse0 = "07_fuse.rs" 40 17 40 21 + let%span s07_fuse1 = "07_fuse.rs" 40 26 40 44 + let%span s07_fuse2 = "07_fuse.rs" 36 14 39 5 let%span scommon3 = "common.rs" 27 17 27 21 let%span scommon4 = "common.rs" 27 26 27 44 let%span scommon5 = "common.rs" 23 14 26 5 - let%span s07_fuse6 = "07_fuse.rs" 18 12 19 35 - let%span s07_fuse7 = "07_fuse.rs" 26 8 32 9 + let%span s07_fuse6 = "07_fuse.rs" 19 12 20 35 + let%span s07_fuse7 = "07_fuse.rs" 27 8 33 9 let%span scommon8 = "common.rs" 14 14 14 45 let%span scommon9 = "common.rs" 18 15 18 32 let%span scommon10 = "common.rs" 19 15 19 32 @@ -159,12 +201,12 @@ module M_07_fuse__qyi2452592938496686347__next [#"07_fuse.rs" 39 4 39 44] (* prod = (Seq.empty : Seq.seq t_Item'0) /\ other.t_Fuse__iter'0 = self.t_Fuse__iter'0 | C_Some'0 i -> match other.t_Fuse__iter'0 with @@ -269,10 +311,10 @@ module M_07_fuse__qyi2452592938496686347__next [#"07_fuse.rs" 39 4 39 44] (* as common::Iterator> *) - let%span s07_fuse0 = "07_fuse.rs" 54 14 54 45 - let%span s07_fuse1 = "07_fuse.rs" 52 4 52 10 - let%span s07_fuse2 = "07_fuse.rs" 26 8 32 9 +module M_07_fuse__qyi2452592938496686347__produces_refl [#"07_fuse.rs" 56 4 56 26] (* as common::Iterator> *) + let%span s07_fuse0 = "07_fuse.rs" 55 14 55 45 + let%span s07_fuse1 = "07_fuse.rs" 53 4 53 10 + let%span s07_fuse2 = "07_fuse.rs" 27 8 33 9 let%span scommon3 = "common.rs" 14 14 14 45 let%span scommon4 = "common.rs" 18 15 18 32 let%span scommon5 = "common.rs" 19 15 19 32 @@ -307,7 +349,7 @@ module M_07_fuse__qyi2452592938496686347__produces_refl [#"07_fuse.rs" 55 4 55 2 type t_Fuse'0 = { t_Fuse__iter'0: t_Option'0 } - predicate produces'0 [#"07_fuse.rs" 25 4 25 65] (self : t_Fuse'0) (prod : Seq.seq t_Item'0) (other : t_Fuse'0) = + predicate produces'0 [#"07_fuse.rs" 26 4 26 65] (self : t_Fuse'0) (prod : Seq.seq t_Item'0) (other : t_Fuse'0) = [%#s07_fuse2] match self.t_Fuse__iter'0 with | C_None'0 -> prod = (Seq.empty : Seq.seq t_Item'0) /\ other.t_Fuse__iter'0 = self.t_Fuse__iter'0 | C_Some'0 i -> match other.t_Fuse__iter'0 with @@ -318,16 +360,16 @@ module M_07_fuse__qyi2452592938496686347__produces_refl [#"07_fuse.rs" 55 4 55 2 constant self : t_Fuse'0 - function produces_refl'0 [#"07_fuse.rs" 55 4 55 26] (self : t_Fuse'0) : () + function produces_refl'0 [#"07_fuse.rs" 56 4 56 26] (self : t_Fuse'0) : () goal vc_produces_refl'0 : [%#s07_fuse0] produces'0 self (Seq.empty : Seq.seq t_Item'0) self end -module M_07_fuse__qyi2452592938496686347__produces_trans [#"07_fuse.rs" 62 4 62 90] (* as common::Iterator> *) - let%span s07_fuse0 = "07_fuse.rs" 59 15 59 32 - let%span s07_fuse1 = "07_fuse.rs" 60 15 60 32 - let%span s07_fuse2 = "07_fuse.rs" 61 14 61 42 - let%span s07_fuse3 = "07_fuse.rs" 57 4 57 10 - let%span s07_fuse4 = "07_fuse.rs" 26 8 32 9 +module M_07_fuse__qyi2452592938496686347__produces_trans [#"07_fuse.rs" 63 4 63 90] (* as common::Iterator> *) + let%span s07_fuse0 = "07_fuse.rs" 60 15 60 32 + let%span s07_fuse1 = "07_fuse.rs" 61 15 61 32 + let%span s07_fuse2 = "07_fuse.rs" 62 14 62 42 + let%span s07_fuse3 = "07_fuse.rs" 58 4 58 10 + let%span s07_fuse4 = "07_fuse.rs" 27 8 33 9 let%span scommon5 = "common.rs" 14 14 14 45 let%span scommon6 = "common.rs" 18 15 18 32 let%span scommon7 = "common.rs" 19 15 19 32 @@ -362,7 +404,7 @@ module M_07_fuse__qyi2452592938496686347__produces_trans [#"07_fuse.rs" 62 4 62 axiom produces_refl'0_spec : forall self : t_I'0 . [%#scommon5] produces'1 self (Seq.empty : Seq.seq t_Item'0) self - predicate produces'0 [#"07_fuse.rs" 25 4 25 65] (self : t_Fuse'0) (prod : Seq.seq t_Item'0) (other : t_Fuse'0) = + predicate produces'0 [#"07_fuse.rs" 26 4 26 65] (self : t_Fuse'0) (prod : Seq.seq t_Item'0) (other : t_Fuse'0) = [%#s07_fuse4] match self.t_Fuse__iter'0 with | C_None'0 -> prod = (Seq.empty : Seq.seq t_Item'0) /\ other.t_Fuse__iter'0 = self.t_Fuse__iter'0 | C_Some'0 i -> match other.t_Fuse__iter'0 with @@ -381,25 +423,25 @@ module M_07_fuse__qyi2452592938496686347__produces_trans [#"07_fuse.rs" 62 4 62 constant c : t_Fuse'0 - function produces_trans'0 [#"07_fuse.rs" 62 4 62 90] (a : t_Fuse'0) (ab : Seq.seq t_Item'0) (b : t_Fuse'0) (bc : Seq.seq t_Item'0) (c : t_Fuse'0) : () + function produces_trans'0 [#"07_fuse.rs" 63 4 63 90] (a : t_Fuse'0) (ab : Seq.seq t_Item'0) (b : t_Fuse'0) (bc : Seq.seq t_Item'0) (c : t_Fuse'0) : () goal vc_produces_trans'0 : ([%#s07_fuse1] produces'0 b bc c) -> ([%#s07_fuse0] produces'0 a ab b) -> ([%#s07_fuse2] produces'0 a (Seq.(++) ab bc) c) end -module M_07_fuse__qyi3347558734837599430__is_fused [#"07_fuse.rs" 81 4 81 62] (* as FusedIterator> *) - let%span s07_fuse0 = "07_fuse.rs" 78 15 78 31 - let%span s07_fuse1 = "07_fuse.rs" 79 15 79 44 - let%span s07_fuse2 = "07_fuse.rs" 80 14 80 50 - let%span s07_fuse3 = "07_fuse.rs" 76 4 76 10 - let%span s07_fuse4 = "07_fuse.rs" 18 12 19 35 - let%span s07_fuse5 = "07_fuse.rs" 26 8 32 9 - let%span s07_fuse6 = "07_fuse.rs" 54 14 54 45 - let%span s07_fuse7 = "07_fuse.rs" 52 4 52 10 - let%span s07_fuse8 = "07_fuse.rs" 59 15 59 32 - let%span s07_fuse9 = "07_fuse.rs" 60 15 60 32 - let%span s07_fuse10 = "07_fuse.rs" 61 14 61 42 - let%span s07_fuse11 = "07_fuse.rs" 57 4 57 10 +module M_07_fuse__qyi3347558734837599430__is_fused [#"07_fuse.rs" 82 4 82 62] (* as FusedIterator> *) + let%span s07_fuse0 = "07_fuse.rs" 79 15 79 31 + let%span s07_fuse1 = "07_fuse.rs" 80 15 80 44 + let%span s07_fuse2 = "07_fuse.rs" 81 14 81 50 + let%span s07_fuse3 = "07_fuse.rs" 77 4 77 10 + let%span s07_fuse4 = "07_fuse.rs" 19 12 20 35 + let%span s07_fuse5 = "07_fuse.rs" 27 8 33 9 + let%span s07_fuse6 = "07_fuse.rs" 55 14 55 45 + let%span s07_fuse7 = "07_fuse.rs" 53 4 53 10 + let%span s07_fuse8 = "07_fuse.rs" 60 15 60 32 + let%span s07_fuse9 = "07_fuse.rs" 61 15 61 32 + let%span s07_fuse10 = "07_fuse.rs" 62 14 62 42 + let%span s07_fuse11 = "07_fuse.rs" 58 4 58 10 let%span scommon12 = "common.rs" 14 14 14 45 let%span scommon13 = "common.rs" 18 15 18 32 let%span scommon14 = "common.rs" 19 15 19 32 @@ -434,7 +476,7 @@ module M_07_fuse__qyi3347558734837599430__is_fused [#"07_fuse.rs" 81 4 81 62] (* axiom produces_refl'1_spec : forall self : t_I'0 . [%#scommon12] produces'1 self (Seq.empty : Seq.seq t_Item'0) self - predicate produces'0 [#"07_fuse.rs" 25 4 25 65] (self : t_Fuse'0) (prod : Seq.seq t_Item'0) (other : t_Fuse'0) = + predicate produces'0 [#"07_fuse.rs" 26 4 26 65] (self : t_Fuse'0) (prod : Seq.seq t_Item'0) (other : t_Fuse'0) = [%#s07_fuse5] match self.t_Fuse__iter'0 with | C_None'0 -> prod = (Seq.empty : Seq.seq t_Item'0) /\ other.t_Fuse__iter'0 = self.t_Fuse__iter'0 | C_Some'0 i -> match other.t_Fuse__iter'0 with @@ -443,7 +485,7 @@ module M_07_fuse__qyi3347558734837599430__is_fused [#"07_fuse.rs" 81 4 81 62] (* end end - function produces_trans'0 [#"07_fuse.rs" 62 4 62 90] (a : t_Fuse'0) (ab : Seq.seq t_Item'0) (b : t_Fuse'0) (bc : Seq.seq t_Item'0) (c : t_Fuse'0) : () + function produces_trans'0 [#"07_fuse.rs" 63 4 63 90] (a : t_Fuse'0) (ab : Seq.seq t_Item'0) (b : t_Fuse'0) (bc : Seq.seq t_Item'0) (c : t_Fuse'0) : () = [%#s07_fuse11] () @@ -451,7 +493,7 @@ module M_07_fuse__qyi3347558734837599430__is_fused [#"07_fuse.rs" 81 4 81 62] (* axiom produces_trans'0_spec : forall a : t_Fuse'0, ab : Seq.seq t_Item'0, b : t_Fuse'0, bc : Seq.seq t_Item'0, c : t_Fuse'0 . ([%#s07_fuse8] produces'0 a ab b) -> ([%#s07_fuse9] produces'0 b bc c) -> ([%#s07_fuse10] produces'0 a (Seq.(++) ab bc) c) - function produces_refl'0 [#"07_fuse.rs" 55 4 55 26] (self : t_Fuse'0) : () = + function produces_refl'0 [#"07_fuse.rs" 56 4 56 26] (self : t_Fuse'0) : () = [%#s07_fuse7] () axiom produces_refl'0_spec : forall self : t_Fuse'0 . [%#s07_fuse6] produces'0 self (Seq.empty : Seq.seq t_Item'0) self @@ -460,7 +502,7 @@ module M_07_fuse__qyi3347558734837599430__is_fused [#"07_fuse.rs" 81 4 81 62] (* predicate completed'1 [#"common.rs" 11 4 11 36] (self : borrowed t_I'0) - predicate completed'0 [#"07_fuse.rs" 16 4 16 35] (self : borrowed (t_Fuse'0)) = + predicate completed'0 [#"07_fuse.rs" 17 4 17 35] (self : borrowed (t_Fuse'0)) = [%#s07_fuse4] ((self.current).t_Fuse__iter'0 = C_None'0 \/ (exists it : borrowed t_I'0 . completed'1 it /\ (self.current).t_Fuse__iter'0 = C_Some'0 (it.current))) /\ (self.final).t_Fuse__iter'0 = C_None'0 @@ -471,15 +513,78 @@ module M_07_fuse__qyi3347558734837599430__is_fused [#"07_fuse.rs" 81 4 81 62] (* constant next : t_Fuse'0 - function is_fused'0 [#"07_fuse.rs" 81 4 81 62] (self : borrowed (t_Fuse'0)) (steps : Seq.seq t_Item'0) (next : t_Fuse'0) : () + function is_fused'0 [#"07_fuse.rs" 82 4 82 62] (self : borrowed (t_Fuse'0)) (steps : Seq.seq t_Item'0) (next : t_Fuse'0) : () goal vc_is_fused'0 : ([%#s07_fuse1] produces'0 self.final steps next) -> ([%#s07_fuse0] completed'0 self) -> ([%#s07_fuse2] steps = (Seq.empty : Seq.seq t_Item'0) /\ self.final = next) end -module M_07_fuse__qyi2452592938496686347__produces_trans__refines [#"07_fuse.rs" 62 4 62 90] (* as common::Iterator> *) - let%span s07_fuse0 = "07_fuse.rs" 62 4 62 90 - let%span s07_fuse1 = "07_fuse.rs" 26 8 32 9 +module M_07_fuse__qyi9228006394033832720__resolve_coherence__refines [#"07_fuse.rs" 7 9 7 16] (* as creusot_contracts::Resolve> *) + let%span s07_fuse0 = "07_fuse.rs" 7 9 7 16 + let%span s07_fuse1 = "07_fuse.rs" 9 4 9 19 + let%span sresolve2 = "../../../../creusot-contracts/src/resolve.rs" 82 8 85 9 + let%span sinvariant3 = "../../../../creusot-contracts/src/invariant.rs" 24 8 24 18 + + use prelude.prelude.Borrow + + type t_I'0 + + type t_Option'0 = + | C_None'0 + | C_Some'0 t_I'0 + + type t_Fuse'0 = + { t_Fuse__iter'0: t_Option'0 } + + predicate resolve'3 (_1 : t_I'0) + + predicate resolve'2 (self : t_Option'0) = + [%#sresolve2] match self with + | C_Some'0 x -> resolve'3 x + | C_None'0 -> true + end + + predicate resolve'1 (_1 : t_Option'0) = + resolve'2 _1 + + predicate structural_resolve'0 (_1 : t_Fuse'0) = + match _1 with + | {t_Fuse__iter'0 = x0} -> resolve'1 x0 + end + + predicate inv'3 (_1 : t_I'0) + + predicate inv'2 (_1 : t_Option'0) + + axiom inv_axiom'2 [@rewrite] : forall x : t_Option'0 [inv'2 x] . inv'2 x + = match x with + | C_None'0 -> true + | C_Some'0 a_0 -> inv'3 a_0 + end + + predicate inv'1 (_1 : t_Fuse'0) + + axiom inv_axiom'1 [@rewrite] : forall x : t_Fuse'0 [inv'1 x] . inv'1 x + = match x with + | {t_Fuse__iter'0 = iter} -> inv'2 iter + end + + predicate invariant'0 (self : t_Fuse'0) = + [%#sinvariant3] inv'1 self + + predicate inv'0 (_1 : t_Fuse'0) + + axiom inv_axiom'0 [@rewrite] : forall x : t_Fuse'0 [inv'0 x] . inv'0 x = invariant'0 x + + predicate resolve'0 [#"07_fuse.rs" 7 9 7 16] (self : t_Fuse'0) = + [%#s07_fuse1] resolve'1 self.t_Fuse__iter'0 + + goal refines : [%#s07_fuse0] forall self : t_Fuse'0 . structural_resolve'0 self /\ inv'0 self + -> structural_resolve'0 self /\ (forall result : () . resolve'0 self -> resolve'0 self) +end +module M_07_fuse__qyi2452592938496686347__produces_trans__refines [#"07_fuse.rs" 63 4 63 90] (* as common::Iterator> *) + let%span s07_fuse0 = "07_fuse.rs" 63 4 63 90 + let%span s07_fuse1 = "07_fuse.rs" 27 8 33 9 let%span scommon2 = "common.rs" 14 14 14 45 let%span scommon3 = "common.rs" 18 15 18 32 let%span scommon4 = "common.rs" 19 15 19 32 @@ -514,7 +619,7 @@ module M_07_fuse__qyi2452592938496686347__produces_trans__refines [#"07_fuse.rs" axiom produces_refl'0_spec : forall self : t_I'0 . [%#scommon2] produces'1 self (Seq.empty : Seq.seq t_Item'0) self - predicate produces'0 [#"07_fuse.rs" 25 4 25 65] (self : t_Fuse'0) (prod : Seq.seq t_Item'0) (other : t_Fuse'0) = + predicate produces'0 [#"07_fuse.rs" 26 4 26 65] (self : t_Fuse'0) (prod : Seq.seq t_Item'0) (other : t_Fuse'0) = [%#s07_fuse1] match self.t_Fuse__iter'0 with | C_None'0 -> prod = (Seq.empty : Seq.seq t_Item'0) /\ other.t_Fuse__iter'0 = self.t_Fuse__iter'0 | C_Some'0 i -> match other.t_Fuse__iter'0 with @@ -528,9 +633,9 @@ module M_07_fuse__qyi2452592938496686347__produces_trans__refines [#"07_fuse.rs" -> produces'0 b bc c /\ produces'0 a ab b /\ (forall result : () . produces'0 a (Seq.(++) ab bc) c -> produces'0 a (Seq.(++) ab bc) c) end -module M_07_fuse__qyi2452592938496686347__produces_refl__refines [#"07_fuse.rs" 55 4 55 26] (* as common::Iterator> *) - let%span s07_fuse0 = "07_fuse.rs" 55 4 55 26 - let%span s07_fuse1 = "07_fuse.rs" 26 8 32 9 +module M_07_fuse__qyi2452592938496686347__produces_refl__refines [#"07_fuse.rs" 56 4 56 26] (* as common::Iterator> *) + let%span s07_fuse0 = "07_fuse.rs" 56 4 56 26 + let%span s07_fuse1 = "07_fuse.rs" 27 8 33 9 let%span scommon2 = "common.rs" 14 14 14 45 let%span scommon3 = "common.rs" 18 15 18 32 let%span scommon4 = "common.rs" 19 15 19 32 @@ -565,7 +670,7 @@ module M_07_fuse__qyi2452592938496686347__produces_refl__refines [#"07_fuse.rs" axiom produces_refl'1_spec : forall self : t_I'0 . [%#scommon2] produces'1 self (Seq.empty : Seq.seq t_Item'0) self - predicate produces'0 [#"07_fuse.rs" 25 4 25 65] (self : t_Fuse'0) (prod : Seq.seq t_Item'0) (other : t_Fuse'0) = + predicate produces'0 [#"07_fuse.rs" 26 4 26 65] (self : t_Fuse'0) (prod : Seq.seq t_Item'0) (other : t_Fuse'0) = [%#s07_fuse1] match self.t_Fuse__iter'0 with | C_None'0 -> prod = (Seq.empty : Seq.seq t_Item'0) /\ other.t_Fuse__iter'0 = self.t_Fuse__iter'0 | C_Some'0 i -> match other.t_Fuse__iter'0 with @@ -577,10 +682,10 @@ module M_07_fuse__qyi2452592938496686347__produces_refl__refines [#"07_fuse.rs" goal refines : [%#s07_fuse0] forall self : t_Fuse'0 . forall result : () . produces'0 self (Seq.empty : Seq.seq t_Item'0) self -> produces'0 self (Seq.empty : Seq.seq t_Item'0) self end -module M_07_fuse__qyi2452592938496686347__next__refines [#"07_fuse.rs" 39 4 39 44] (* as common::Iterator> *) - let%span s07_fuse0 = "07_fuse.rs" 39 4 39 44 - let%span s07_fuse1 = "07_fuse.rs" 18 12 19 35 - let%span s07_fuse2 = "07_fuse.rs" 26 8 32 9 +module M_07_fuse__qyi2452592938496686347__next__refines [#"07_fuse.rs" 40 4 40 44] (* as common::Iterator> *) + let%span s07_fuse0 = "07_fuse.rs" 40 4 40 44 + let%span s07_fuse1 = "07_fuse.rs" 19 12 20 35 + let%span s07_fuse2 = "07_fuse.rs" 27 8 33 9 let%span sinvariant3 = "../../../../creusot-contracts/src/invariant.rs" 34 20 34 44 let%span scommon4 = "common.rs" 14 14 14 45 let%span scommon5 = "common.rs" 18 15 18 32 @@ -648,14 +753,14 @@ module M_07_fuse__qyi2452592938496686347__next__refines [#"07_fuse.rs" 39 4 39 4 predicate completed'1 [#"common.rs" 11 4 11 36] (self : borrowed t_I'0) - predicate completed'0 [#"07_fuse.rs" 16 4 16 35] (self : borrowed (t_Fuse'0)) = + predicate completed'0 [#"07_fuse.rs" 17 4 17 35] (self : borrowed (t_Fuse'0)) = [%#s07_fuse1] ((self.current).t_Fuse__iter'0 = C_None'1 \/ (exists it : borrowed t_I'0 . completed'1 it /\ (self.current).t_Fuse__iter'0 = C_Some'1 (it.current))) /\ (self.final).t_Fuse__iter'0 = C_None'1 use seq.Seq - predicate produces'0 [#"07_fuse.rs" 25 4 25 65] (self : t_Fuse'0) (prod : Seq.seq t_Item'0) (other : t_Fuse'0) = + predicate produces'0 [#"07_fuse.rs" 26 4 26 65] (self : t_Fuse'0) (prod : Seq.seq t_Item'0) (other : t_Fuse'0) = [%#s07_fuse2] match self.t_Fuse__iter'0 with | C_None'1 -> prod = (Seq.empty : Seq.seq t_Item'0) /\ other.t_Fuse__iter'0 = self.t_Fuse__iter'0 | C_Some'1 i -> match other.t_Fuse__iter'0 with @@ -687,20 +792,20 @@ module M_07_fuse__qyi2452592938496686347__next__refines [#"07_fuse.rs" 39 4 39 4 end /\ inv'1 result) end -module M_07_fuse__qyi3347558734837599430__is_fused__refines [#"07_fuse.rs" 81 4 81 62] (* as FusedIterator> *) - let%span s07_fuse0 = "07_fuse.rs" 81 4 81 62 - let%span s07_fuse1 = "07_fuse.rs" 26 8 32 9 - let%span s07_fuse2 = "07_fuse.rs" 18 12 19 35 +module M_07_fuse__qyi3347558734837599430__is_fused__refines [#"07_fuse.rs" 82 4 82 62] (* as FusedIterator> *) + let%span s07_fuse0 = "07_fuse.rs" 82 4 82 62 + let%span s07_fuse1 = "07_fuse.rs" 27 8 33 9 + let%span s07_fuse2 = "07_fuse.rs" 19 12 20 35 let%span scommon3 = "common.rs" 14 14 14 45 let%span scommon4 = "common.rs" 18 15 18 32 let%span scommon5 = "common.rs" 19 15 19 32 let%span scommon6 = "common.rs" 20 14 20 42 - let%span s07_fuse7 = "07_fuse.rs" 54 14 54 45 - let%span s07_fuse8 = "07_fuse.rs" 52 4 52 10 - let%span s07_fuse9 = "07_fuse.rs" 59 15 59 32 - let%span s07_fuse10 = "07_fuse.rs" 60 15 60 32 - let%span s07_fuse11 = "07_fuse.rs" 61 14 61 42 - let%span s07_fuse12 = "07_fuse.rs" 57 4 57 10 + let%span s07_fuse7 = "07_fuse.rs" 55 14 55 45 + let%span s07_fuse8 = "07_fuse.rs" 53 4 53 10 + let%span s07_fuse9 = "07_fuse.rs" 60 15 60 32 + let%span s07_fuse10 = "07_fuse.rs" 61 15 61 32 + let%span s07_fuse11 = "07_fuse.rs" 62 14 62 42 + let%span s07_fuse12 = "07_fuse.rs" 58 4 58 10 use prelude.prelude.Borrow @@ -733,7 +838,7 @@ module M_07_fuse__qyi3347558734837599430__is_fused__refines [#"07_fuse.rs" 81 4 axiom produces_refl'0_spec : forall self : t_I'0 . [%#scommon3] produces'1 self (Seq.empty : Seq.seq t_Item'0) self - predicate produces'0 [#"07_fuse.rs" 25 4 25 65] (self : t_Fuse'0) (prod : Seq.seq t_Item'0) (other : t_Fuse'0) = + predicate produces'0 [#"07_fuse.rs" 26 4 26 65] (self : t_Fuse'0) (prod : Seq.seq t_Item'0) (other : t_Fuse'0) = [%#s07_fuse1] match self.t_Fuse__iter'0 with | C_None'0 -> prod = (Seq.empty : Seq.seq t_Item'0) /\ other.t_Fuse__iter'0 = self.t_Fuse__iter'0 | C_Some'0 i -> match other.t_Fuse__iter'0 with @@ -742,7 +847,7 @@ module M_07_fuse__qyi3347558734837599430__is_fused__refines [#"07_fuse.rs" 81 4 end end - function produces_trans'1 [#"07_fuse.rs" 62 4 62 90] (a : t_Fuse'0) (ab : Seq.seq t_Item'0) (b : t_Fuse'0) (bc : Seq.seq t_Item'0) (c : t_Fuse'0) : () + function produces_trans'1 [#"07_fuse.rs" 63 4 63 90] (a : t_Fuse'0) (ab : Seq.seq t_Item'0) (b : t_Fuse'0) (bc : Seq.seq t_Item'0) (c : t_Fuse'0) : () = [%#s07_fuse12] () @@ -750,14 +855,14 @@ module M_07_fuse__qyi3347558734837599430__is_fused__refines [#"07_fuse.rs" 81 4 axiom produces_trans'1_spec : forall a : t_Fuse'0, ab : Seq.seq t_Item'0, b : t_Fuse'0, bc : Seq.seq t_Item'0, c : t_Fuse'0 . ([%#s07_fuse9] produces'0 a ab b) -> ([%#s07_fuse10] produces'0 b bc c) -> ([%#s07_fuse11] produces'0 a (Seq.(++) ab bc) c) - function produces_refl'1 [#"07_fuse.rs" 55 4 55 26] (self : t_Fuse'0) : () = + function produces_refl'1 [#"07_fuse.rs" 56 4 56 26] (self : t_Fuse'0) : () = [%#s07_fuse8] () axiom produces_refl'1_spec : forall self : t_Fuse'0 . [%#s07_fuse7] produces'0 self (Seq.empty : Seq.seq t_Item'0) self predicate completed'1 [#"common.rs" 11 4 11 36] (self : borrowed t_I'0) - predicate completed'0 [#"07_fuse.rs" 16 4 16 35] (self : borrowed (t_Fuse'0)) = + predicate completed'0 [#"07_fuse.rs" 17 4 17 35] (self : borrowed (t_Fuse'0)) = [%#s07_fuse2] ((self.current).t_Fuse__iter'0 = C_None'0 \/ (exists it : borrowed t_I'0 . completed'1 it /\ (self.current).t_Fuse__iter'0 = C_Some'0 (it.current))) /\ (self.final).t_Fuse__iter'0 = C_None'0 diff --git a/creusot/tests/should_succeed/iterators/07_fuse.rs b/creusot/tests/should_succeed/iterators/07_fuse.rs index 6c983c2f41..01b5033e1e 100644 --- a/creusot/tests/should_succeed/iterators/07_fuse.rs +++ b/creusot/tests/should_succeed/iterators/07_fuse.rs @@ -4,6 +4,7 @@ use creusot_contracts::{logic::Seq, *}; mod common; use common::Iterator; +#[derive(Resolve)] pub struct Fuse { iter: Option, } diff --git a/creusot/tests/should_succeed/iterators/07_fuse/why3session.xml b/creusot/tests/should_succeed/iterators/07_fuse/why3session.xml index e648cf1d62..241639b585 100644 --- a/creusot/tests/should_succeed/iterators/07_fuse/why3session.xml +++ b/creusot/tests/should_succeed/iterators/07_fuse/why3session.xml @@ -7,6 +7,16 @@ + + + + + + + + + + diff --git a/creusot/tests/should_succeed/iterators/07_fuse/why3shapes.gz b/creusot/tests/should_succeed/iterators/07_fuse/why3shapes.gz index 73a702c40375795a842a06d3c393c2013d752739..4f823ef6e10406b962838e0d809ceed2ce9c15af 100644 GIT binary patch literal 1065 zcmV+^1lIc>iwFP!00000|E*TZjv_}8z1LT8!yYaXk-Mcnpq5I-r7xE9in4N6?3tr^QEXPP^mbkA+-(`Mr2<-ShV4c!*1I zyTiwlS#;0aKaa0*3D&}ovyv>7gHSy85_9dgd_Tn{EMLD{OPwiNDhHv+f@^l}&@RF9 z&HyYg2cd9HJRSERIhWW>f0S!?YMXc8zBg{aomq9h;*mjF#Mig>pY6HZNdk9@`?R_1 zbUvCOf#)3Jf&`98@Bs-vBEcUZ!3HE)M&hkGhIb!NOSHnRR#sYV&1R}rHyUB3RprbV z!JXT)2;~iTWRWK1Ar6!vmZMY*5??<%e|&x0$2Nu~SY(%IV@7cPy=mg1&Bv$R;p;xO z$Ad-T((d5)ozs|*Z+=N|c|Ul$?zu;{8Kqkk@ZJQ&z#CYY0ZN$+mZ6?O&u=tjndNgb zRL@1`XgcY7xHWpXHTq_{WTx^mUgk$XbEX`GX-pi+WFwhb>PPU5?`#IKA3|lZpTaCn zLy|>4%rx?Hl!})Z_jCaeO&@r>-Lae z{0^dk()Qwmo)bFiNY?^`Jc*rQm)Es%Z`*;_z1h%fdYkYa;LUwR_4h!ufdf z_~?4O(X{D_6Fa}`pEf`>Hol#PvL^BR|7O<_JLk?RhbW4=7DDLc z2!!w$ybnppsC=w35tDAgD^^j36%}{x0PRezvI{|lrb1nz zs!&!aD&!Ti3aK!uM$KGwiXk&W8KphN=q)kqtg2=9^O^3n0_R`pLFs?>XXIam)=wAB)b>(18IdK$LjKXHCpVzk6vw_8aVvWasWV1D; zB#&}<04U4RDjpyC{@g%xJ@IC-M9Xy20z-J>9PpZ#hHrF+Qd4s5LK`?(V$t&LgZp@RzIE zLH^>-JoZNP2cR zzX+7N2ztg_Zjv06gV2n50y8FT{_R7%Ql(Bv9Q8LKLi n6^TBA8U`05Hjxw9sAX-4RiY#@M4j3S^(^9FG%1memJ0v?u!-Op diff --git a/creusot/tests/should_succeed/iterators/10_once.coma b/creusot/tests/should_succeed/iterators/10_once.coma index d50ae0496e..8d1103405f 100644 --- a/creusot/tests/should_succeed/iterators/10_once.coma +++ b/creusot/tests/should_succeed/iterators/10_once.coma @@ -1,7 +1,49 @@ -module M_10_once__qyi9558967427796228243__produces_refl [#"10_once.rs" 31 4 31 26] (* as common::Iterator> *) - let%span s10_once0 = "10_once.rs" 30 14 30 45 - let%span s10_once1 = "10_once.rs" 28 4 28 10 - let%span s10_once2 = "10_once.rs" 23 12 24 106 +module M_10_once__qyi15715102373948941365__resolve_coherence [#"10_once.rs" 8 9 8 16] (* as creusot_contracts::Resolve> *) + let%span s10_once0 = "10_once.rs" 8 9 8 16 + let%span s10_once1 = "10_once.rs" 8 9 8 16 + let%span s10_once2 = "10_once.rs" 9 19 9 28 + let%span sresolve3 = "../../../../creusot-contracts/src/resolve.rs" 82 8 85 9 + + use prelude.prelude.Borrow + + type t_T'0 + + type t_Option'0 = + | C_None'0 + | C_Some'0 t_T'0 + + type t_Once'0 = + { t_Once__0'0: t_Option'0 } + + predicate resolve'3 (_1 : t_T'0) + + predicate resolve'2 (self : t_Option'0) = + [%#sresolve3] match self with + | C_Some'0 x -> resolve'3 x + | C_None'0 -> true + end + + predicate resolve'1 (_1 : t_Option'0) = + resolve'2 _1 + + predicate structural_resolve'0 (_1 : t_Once'0) = + match _1 with + | {t_Once__0'0 = x0} -> resolve'1 x0 + end + + predicate resolve'0 [#"10_once.rs" 8 9 8 16] (self : t_Once'0) = + [%#s10_once2] resolve'1 self.t_Once__0'0 + + constant self : t_Once'0 + + function resolve_coherence'0 [#"10_once.rs" 8 9 8 16] (self : t_Once'0) : () + + goal vc_resolve_coherence'0 : ([%#s10_once0] structural_resolve'0 self) -> ([%#s10_once0] resolve'0 self) +end +module M_10_once__qyi9558967427796228243__produces_refl [#"10_once.rs" 32 4 32 26] (* as common::Iterator> *) + let%span s10_once0 = "10_once.rs" 31 14 31 45 + let%span s10_once1 = "10_once.rs" 29 4 29 10 + let%span s10_once2 = "10_once.rs" 24 12 25 106 use seq.Seq @@ -18,23 +60,23 @@ module M_10_once__qyi9558967427796228243__produces_refl [#"10_once.rs" 31 4 31 2 use seq.Seq - predicate produces'0 [#"10_once.rs" 21 4 21 64] (self : t_Once'0) (visited : Seq.seq t_T'0) (o : t_Once'0) = + predicate produces'0 [#"10_once.rs" 22 4 22 64] (self : t_Once'0) (visited : Seq.seq t_T'0) (o : t_Once'0) = [%#s10_once2] visited = (Seq.empty : Seq.seq t_T'0) /\ self = o \/ (exists e : t_T'0 . self = { t_Once__0'0 = C_Some'0 e } /\ visited = Seq.singleton e /\ o = { t_Once__0'0 = C_None'0 }) constant self : t_Once'0 - function produces_refl'0 [#"10_once.rs" 31 4 31 26] (self : t_Once'0) : () + function produces_refl'0 [#"10_once.rs" 32 4 32 26] (self : t_Once'0) : () goal vc_produces_refl'0 : [%#s10_once0] produces'0 self (Seq.empty : Seq.seq t_T'0) self end -module M_10_once__qyi9558967427796228243__produces_trans [#"10_once.rs" 38 4 38 90] (* as common::Iterator> *) - let%span s10_once0 = "10_once.rs" 35 15 35 32 - let%span s10_once1 = "10_once.rs" 36 15 36 32 - let%span s10_once2 = "10_once.rs" 37 14 37 42 - let%span s10_once3 = "10_once.rs" 33 4 33 10 - let%span s10_once4 = "10_once.rs" 23 12 24 106 +module M_10_once__qyi9558967427796228243__produces_trans [#"10_once.rs" 39 4 39 90] (* as common::Iterator> *) + let%span s10_once0 = "10_once.rs" 36 15 36 32 + let%span s10_once1 = "10_once.rs" 37 15 37 32 + let%span s10_once2 = "10_once.rs" 38 14 38 42 + let%span s10_once3 = "10_once.rs" 34 4 34 10 + let%span s10_once4 = "10_once.rs" 24 12 25 106 type t_T'0 @@ -51,7 +93,7 @@ module M_10_once__qyi9558967427796228243__produces_trans [#"10_once.rs" 38 4 38 use seq.Seq - predicate produces'0 [#"10_once.rs" 21 4 21 64] (self : t_Once'0) (visited : Seq.seq t_T'0) (o : t_Once'0) = + predicate produces'0 [#"10_once.rs" 22 4 22 64] (self : t_Once'0) (visited : Seq.seq t_T'0) (o : t_Once'0) = [%#s10_once4] visited = (Seq.empty : Seq.seq t_T'0) /\ self = o \/ (exists e : t_T'0 . self = { t_Once__0'0 = C_Some'0 e } /\ visited = Seq.singleton e /\ o = { t_Once__0'0 = C_None'0 }) @@ -68,19 +110,19 @@ module M_10_once__qyi9558967427796228243__produces_trans [#"10_once.rs" 38 4 38 constant c : t_Once'0 - function produces_trans'0 [#"10_once.rs" 38 4 38 90] (a : t_Once'0) (ab : Seq.seq t_T'0) (b : t_Once'0) (bc : Seq.seq t_T'0) (c : t_Once'0) : () + function produces_trans'0 [#"10_once.rs" 39 4 39 90] (a : t_Once'0) (ab : Seq.seq t_T'0) (b : t_Once'0) (bc : Seq.seq t_T'0) (c : t_Once'0) : () goal vc_produces_trans'0 : ([%#s10_once1] produces'0 b bc c) -> ([%#s10_once0] produces'0 a ab b) -> ([%#s10_once2] produces'0 a (Seq.(++) ab bc) c) end -module M_10_once__qyi9558967427796228243__next [#"10_once.rs" 44 4 44 35] (* as common::Iterator> *) - let%span s10_once0 = "10_once.rs" 44 17 44 21 - let%span s10_once1 = "10_once.rs" 44 26 44 35 - let%span s10_once2 = "10_once.rs" 40 14 43 5 +module M_10_once__qyi9558967427796228243__next [#"10_once.rs" 45 4 45 35] (* as common::Iterator> *) + let%span s10_once0 = "10_once.rs" 45 17 45 21 + let%span s10_once1 = "10_once.rs" 45 26 45 35 + let%span s10_once2 = "10_once.rs" 41 14 44 5 let%span soption3 = "../../../../creusot-contracts/src/std/option.rs" 31 0 423 1 - let%span s10_once4 = "10_once.rs" 16 20 16 57 - let%span s10_once5 = "10_once.rs" 23 12 24 106 + let%span s10_once4 = "10_once.rs" 17 20 17 57 + let%span s10_once5 = "10_once.rs" 24 12 25 106 let%span sresolve6 = "../../../../creusot-contracts/src/resolve.rs" 54 20 54 34 let%span sinvariant7 = "../../../../creusot-contracts/src/invariant.rs" 34 20 34 44 @@ -141,7 +183,7 @@ module M_10_once__qyi9558967427796228243__next [#"10_once.rs" 44 4 44 35] (* as common::Iterator> *) - let%span s10_once0 = "10_once.rs" 44 4 44 35 - let%span s10_once1 = "10_once.rs" 16 20 16 57 - let%span s10_once2 = "10_once.rs" 23 12 24 106 +module M_10_once__qyi15715102373948941365__resolve_coherence__refines [#"10_once.rs" 8 9 8 16] (* as creusot_contracts::Resolve> *) + let%span s10_once0 = "10_once.rs" 8 9 8 16 + let%span s10_once1 = "10_once.rs" 9 19 9 28 + let%span sresolve2 = "../../../../creusot-contracts/src/resolve.rs" 82 8 85 9 + let%span sinvariant3 = "../../../../creusot-contracts/src/invariant.rs" 24 8 24 18 + + use prelude.prelude.Borrow + + type t_T'0 + + type t_Option'0 = + | C_None'0 + | C_Some'0 t_T'0 + + type t_Once'0 = + { t_Once__0'0: t_Option'0 } + + predicate resolve'3 (_1 : t_T'0) + + predicate resolve'2 (self : t_Option'0) = + [%#sresolve2] match self with + | C_Some'0 x -> resolve'3 x + | C_None'0 -> true + end + + predicate resolve'1 (_1 : t_Option'0) = + resolve'2 _1 + + predicate structural_resolve'0 (_1 : t_Once'0) = + match _1 with + | {t_Once__0'0 = x0} -> resolve'1 x0 + end + + predicate inv'3 (_1 : t_T'0) + + predicate inv'2 (_1 : t_Option'0) + + axiom inv_axiom'2 [@rewrite] : forall x : t_Option'0 [inv'2 x] . inv'2 x + = match x with + | C_None'0 -> true + | C_Some'0 a_0 -> inv'3 a_0 + end + + predicate inv'1 (_1 : t_Once'0) + + axiom inv_axiom'1 [@rewrite] : forall x : t_Once'0 [inv'1 x] . inv'1 x + = match x with + | {t_Once__0'0 = a_0} -> inv'2 a_0 + end + + predicate invariant'0 (self : t_Once'0) = + [%#sinvariant3] inv'1 self + + predicate inv'0 (_1 : t_Once'0) + + axiom inv_axiom'0 [@rewrite] : forall x : t_Once'0 [inv'0 x] . inv'0 x = invariant'0 x + + predicate resolve'0 [#"10_once.rs" 8 9 8 16] (self : t_Once'0) = + [%#s10_once1] resolve'1 self.t_Once__0'0 + + goal refines : [%#s10_once0] forall self : t_Once'0 . structural_resolve'0 self /\ inv'0 self + -> structural_resolve'0 self /\ (forall result : () . resolve'0 self -> resolve'0 self) +end +module M_10_once__qyi9558967427796228243__next__refines [#"10_once.rs" 45 4 45 35] (* as common::Iterator> *) + let%span s10_once0 = "10_once.rs" 45 4 45 35 + let%span s10_once1 = "10_once.rs" 17 20 17 57 + let%span s10_once2 = "10_once.rs" 24 12 25 106 let%span sresolve3 = "../../../../creusot-contracts/src/resolve.rs" 54 20 54 34 let%span sinvariant4 = "../../../../creusot-contracts/src/invariant.rs" 34 20 34 44 @@ -225,7 +330,7 @@ module M_10_once__qyi9558967427796228243__next__refines [#"10_once.rs" 44 4 44 3 predicate resolve'0 (self : borrowed (t_Once'0)) = [%#sresolve3] self.final = self.current - predicate completed'0 [#"10_once.rs" 15 4 15 35] (self : borrowed (t_Once'0)) = + predicate completed'0 [#"10_once.rs" 16 4 16 35] (self : borrowed (t_Once'0)) = [%#s10_once1] self.current = { t_Once__0'0 = C_None'0 } /\ resolve'0 self use seq.Seq @@ -234,7 +339,7 @@ module M_10_once__qyi9558967427796228243__next__refines [#"10_once.rs" 44 4 44 3 use seq.Seq - predicate produces'0 [#"10_once.rs" 21 4 21 64] (self : t_Once'0) (visited : Seq.seq t_T'0) (o : t_Once'0) = + predicate produces'0 [#"10_once.rs" 22 4 22 64] (self : t_Once'0) (visited : Seq.seq t_T'0) (o : t_Once'0) = [%#s10_once2] visited = (Seq.empty : Seq.seq t_T'0) /\ self = o \/ (exists e : t_T'0 . self = { t_Once__0'0 = C_Some'0 e } /\ visited = Seq.singleton e /\ o = { t_Once__0'0 = C_None'0 }) @@ -252,9 +357,9 @@ module M_10_once__qyi9558967427796228243__next__refines [#"10_once.rs" 44 4 44 3 end /\ inv'1 result) end -module M_10_once__qyi9558967427796228243__produces_refl__refines [#"10_once.rs" 31 4 31 26] (* as common::Iterator> *) - let%span s10_once0 = "10_once.rs" 31 4 31 26 - let%span s10_once1 = "10_once.rs" 23 12 24 106 +module M_10_once__qyi9558967427796228243__produces_refl__refines [#"10_once.rs" 32 4 32 26] (* as common::Iterator> *) + let%span s10_once0 = "10_once.rs" 32 4 32 26 + let%span s10_once1 = "10_once.rs" 24 12 25 106 type t_T'0 @@ -271,7 +376,7 @@ module M_10_once__qyi9558967427796228243__produces_refl__refines [#"10_once.rs" use seq.Seq - predicate produces'0 [#"10_once.rs" 21 4 21 64] (self : t_Once'0) (visited : Seq.seq t_T'0) (o : t_Once'0) = + predicate produces'0 [#"10_once.rs" 22 4 22 64] (self : t_Once'0) (visited : Seq.seq t_T'0) (o : t_Once'0) = [%#s10_once1] visited = (Seq.empty : Seq.seq t_T'0) /\ self = o \/ (exists e : t_T'0 . self = { t_Once__0'0 = C_Some'0 e } /\ visited = Seq.singleton e /\ o = { t_Once__0'0 = C_None'0 }) @@ -279,9 +384,9 @@ module M_10_once__qyi9558967427796228243__produces_refl__refines [#"10_once.rs" goal refines : [%#s10_once0] forall self : t_Once'0 . forall result : () . produces'0 self (Seq.empty : Seq.seq t_T'0) self -> produces'0 self (Seq.empty : Seq.seq t_T'0) self end -module M_10_once__qyi9558967427796228243__produces_trans__refines [#"10_once.rs" 38 4 38 90] (* as common::Iterator> *) - let%span s10_once0 = "10_once.rs" 38 4 38 90 - let%span s10_once1 = "10_once.rs" 23 12 24 106 +module M_10_once__qyi9558967427796228243__produces_trans__refines [#"10_once.rs" 39 4 39 90] (* as common::Iterator> *) + let%span s10_once0 = "10_once.rs" 39 4 39 90 + let%span s10_once1 = "10_once.rs" 24 12 25 106 type t_T'0 @@ -298,7 +403,7 @@ module M_10_once__qyi9558967427796228243__produces_trans__refines [#"10_once.rs" use seq.Seq - predicate produces'0 [#"10_once.rs" 21 4 21 64] (self : t_Once'0) (visited : Seq.seq t_T'0) (o : t_Once'0) = + predicate produces'0 [#"10_once.rs" 22 4 22 64] (self : t_Once'0) (visited : Seq.seq t_T'0) (o : t_Once'0) = [%#s10_once1] visited = (Seq.empty : Seq.seq t_T'0) /\ self = o \/ (exists e : t_T'0 . self = { t_Once__0'0 = C_Some'0 e } /\ visited = Seq.singleton e /\ o = { t_Once__0'0 = C_None'0 }) diff --git a/creusot/tests/should_succeed/iterators/10_once.rs b/creusot/tests/should_succeed/iterators/10_once.rs index 347ccca86f..30d84ef069 100644 --- a/creusot/tests/should_succeed/iterators/10_once.rs +++ b/creusot/tests/should_succeed/iterators/10_once.rs @@ -5,6 +5,7 @@ use creusot_contracts::*; mod common; use common::Iterator; +#[derive(Resolve)] pub struct Once(Option); impl Iterator for Once { diff --git a/creusot/tests/should_succeed/iterators/10_once/why3session.xml b/creusot/tests/should_succeed/iterators/10_once/why3session.xml index e970dfc324..88e851a12f 100644 --- a/creusot/tests/should_succeed/iterators/10_once/why3session.xml +++ b/creusot/tests/should_succeed/iterators/10_once/why3session.xml @@ -7,13 +7,20 @@ + + + + + + + + + + - - - diff --git a/creusot/tests/should_succeed/iterators/10_once/why3shapes.gz b/creusot/tests/should_succeed/iterators/10_once/why3shapes.gz index 58e97fa4fe214d84991d71f5d0e7c57ae87f937e..008e08ec0e39e6d3c7d0b86e5b5a4ab4e4f0a611 100644 GIT binary patch literal 895 zcmV-_1AzP=iwFP!00000|Fu+2Ya>Sxz0a@EP05--b@lfWLxjmNf{;A~`YNist8Ec^ z zFM+o0%TfkGcbh-*i^jsr=1j_1MkXu zHt6_N(Nnk2&xsF92tdaq0oJqLx}Kts;isp$OgA?{1R2zN-d(S*{6Pe~^5EyO^O$=0 zT=f+xCQ4T>qQP6yEv4!DE;q2ETe`WSQ|Mva-tV~Ix8dlgHxcI}fnPsOgN{7BUm$f% zJ=0APwBz=^f1sF{Zt0g{kSz^aehR}O62&0t=fSRj8?hA636eMksh|VYU+s_vD*pGm zzgyPT45?R(yga_$@ax0+^VP3s4&0JK#m$9&l<24!L05m?H`|Z z+;blOr>`X^4W;L<KHpwlRWWL^9Di8%TC?jnIgrcM)4Y~-YV?hD9P>rp! zGg7N$ip5-V_ClH{F`;)wA;ck*tE?sD#0XAFR=OzfVj}0Gl3Es<7OD}Z%El3}+t(l8S zEK-uvD%QpgP;r7HNog{GMN-*Oc3H*(C9;#+Sg!}DJV7NukqL4UGAZq(7t%v2E)|n9 zspCX=?p0tR6|>jUXs;rBon-=4KtifKFeLo2Jl6R;`PvzK!T003&`t0n*d literal 810 zcmV+_1J(Q=iwFP!00000|Fu$0Ya>Sxz0a?ho02tws;>SFF+`XQBM8~ULSIF7ceO1d zj~q$skbfUW(%6zMyn!ThnWFmD>-S#ucc0qb13$^GeU|NRwHbbFZTso_hM%^Z@-@qD z1`${upZ0%6SX}LPU2~|G2cq*y-pRTiVTbY!>&;EXNKr4Yx4Zd8KVnoD9rb?pI;I=H z3tfp*=6um&9=i?Sa_0T=^N?i*v&Y~0Zu#40kQvPRmTzwOIJ#R6_iNd2hIr`nn~5)* zM;Yb(^7(w|ki*9p-1q;+I=>R?#Ufu0-){KzVDWzSiz^T0ZvUc~SHts6MSK+$;g3TT zBXm>I+?^^qHxZ*cLMf_lDw?t2?TUx}45B^)AnI-^niG|s-*MhNKCNXhWd_l_YC2P# zziziO?4vo0({Wu5ygp1!qV3{e)B0<)-Tb86ET*D+mmgir52pMe!g(k-rKYCTR8*&c zA?nM3=?K-4x~aGf*i6eZ)3Qu+8G!vT0DC0>`)cN-X1Rp(nNud$4;Q?Z-DdqfUYIu9 z?dDG@NP4#al8u+v-%Qr356KNM#j#)e6#h7d6hYk}L|mCefzq z;8SKFk|smd z1CRhJWhfOXYvU;(1<2LsYI9*dT5(5>s4DAJf+1^yP7+L^3`zqd=`sd`rbpc)^{ASn oB&bxxGy33)2N_+fFnY@xM)L}K3_bcDU5~c;8|@$5Dqsiz0ND?UN&o-= diff --git a/creusot/tests/should_succeed/iterators/11_repeat.coma b/creusot/tests/should_succeed/iterators/11_repeat.coma index cc5ccd6897..6a07a3c78a 100644 --- a/creusot/tests/should_succeed/iterators/11_repeat.coma +++ b/creusot/tests/should_succeed/iterators/11_repeat.coma @@ -1,7 +1,35 @@ -module M_11_repeat__qyi12237267952628538149__produces_refl [#"11_repeat.rs" 33 4 33 26] (* as common::Iterator> *) - let%span s11_repeat0 = "11_repeat.rs" 32 14 32 45 - let%span s11_repeat1 = "11_repeat.rs" 30 4 30 10 - let%span s11_repeat2 = "11_repeat.rs" 25 12 26 85 +module M_11_repeat__qyi11942443060372818025__resolve_coherence [#"11_repeat.rs" 8 9 8 16] (* as creusot_contracts::Resolve> *) + let%span s11_repeat0 = "11_repeat.rs" 8 9 8 16 + let%span s11_repeat1 = "11_repeat.rs" 8 9 8 16 + let%span s11_repeat2 = "11_repeat.rs" 10 4 10 14 + + use prelude.prelude.Borrow + + type t_A'0 + + type t_Repeat'0 = + { t_Repeat__element'0: t_A'0 } + + predicate resolve'1 (_1 : t_A'0) + + predicate structural_resolve'0 (_1 : t_Repeat'0) = + match _1 with + | {t_Repeat__element'0 = x0} -> resolve'1 x0 + end + + predicate resolve'0 [#"11_repeat.rs" 8 9 8 16] (self : t_Repeat'0) = + [%#s11_repeat2] resolve'1 self.t_Repeat__element'0 + + constant self : t_Repeat'0 + + function resolve_coherence'0 [#"11_repeat.rs" 8 9 8 16] (self : t_Repeat'0) : () + + goal vc_resolve_coherence'0 : ([%#s11_repeat0] structural_resolve'0 self) -> ([%#s11_repeat0] resolve'0 self) +end +module M_11_repeat__qyi12237267952628538149__produces_refl [#"11_repeat.rs" 34 4 34 26] (* as common::Iterator> *) + let%span s11_repeat0 = "11_repeat.rs" 33 14 33 45 + let%span s11_repeat1 = "11_repeat.rs" 31 4 31 10 + let%span s11_repeat2 = "11_repeat.rs" 26 12 27 85 use seq.Seq @@ -18,22 +46,22 @@ module M_11_repeat__qyi12237267952628538149__produces_refl [#"11_repeat.rs" 33 4 use seq.Seq - predicate produces'0 [#"11_repeat.rs" 23 4 23 64] (self : t_Repeat'0) (visited : Seq.seq t_A'0) (o : t_Repeat'0) = + predicate produces'0 [#"11_repeat.rs" 24 4 24 64] (self : t_Repeat'0) (visited : Seq.seq t_A'0) (o : t_Repeat'0) = [%#s11_repeat2] self = o /\ (forall i : int . 0 <= i /\ i < Seq.length visited -> Seq.get visited i = self.t_Repeat__element'0) constant self : t_Repeat'0 - function produces_refl'0 [#"11_repeat.rs" 33 4 33 26] (self : t_Repeat'0) : () + function produces_refl'0 [#"11_repeat.rs" 34 4 34 26] (self : t_Repeat'0) : () goal vc_produces_refl'0 : [%#s11_repeat0] produces'0 self (Seq.empty : Seq.seq t_A'0) self end -module M_11_repeat__qyi12237267952628538149__produces_trans [#"11_repeat.rs" 40 4 40 90] (* as common::Iterator> *) - let%span s11_repeat0 = "11_repeat.rs" 37 15 37 32 - let%span s11_repeat1 = "11_repeat.rs" 38 15 38 32 - let%span s11_repeat2 = "11_repeat.rs" 39 14 39 42 - let%span s11_repeat3 = "11_repeat.rs" 35 4 35 10 - let%span s11_repeat4 = "11_repeat.rs" 25 12 26 85 +module M_11_repeat__qyi12237267952628538149__produces_trans [#"11_repeat.rs" 41 4 41 90] (* as common::Iterator> *) + let%span s11_repeat0 = "11_repeat.rs" 38 15 38 32 + let%span s11_repeat1 = "11_repeat.rs" 39 15 39 32 + let%span s11_repeat2 = "11_repeat.rs" 40 14 40 42 + let%span s11_repeat3 = "11_repeat.rs" 36 4 36 10 + let%span s11_repeat4 = "11_repeat.rs" 26 12 27 85 type t_A'0 @@ -48,7 +76,7 @@ module M_11_repeat__qyi12237267952628538149__produces_trans [#"11_repeat.rs" 40 use seq.Seq - predicate produces'0 [#"11_repeat.rs" 23 4 23 64] (self : t_Repeat'0) (visited : Seq.seq t_A'0) (o : t_Repeat'0) = + predicate produces'0 [#"11_repeat.rs" 24 4 24 64] (self : t_Repeat'0) (visited : Seq.seq t_A'0) (o : t_Repeat'0) = [%#s11_repeat4] self = o /\ (forall i : int . 0 <= i /\ i < Seq.length visited -> Seq.get visited i = self.t_Repeat__element'0) @@ -64,19 +92,19 @@ module M_11_repeat__qyi12237267952628538149__produces_trans [#"11_repeat.rs" 40 constant c : t_Repeat'0 - function produces_trans'0 [#"11_repeat.rs" 40 4 40 90] (a : t_Repeat'0) (ab : Seq.seq t_A'0) (b : t_Repeat'0) (bc : Seq.seq t_A'0) (c : t_Repeat'0) : () + function produces_trans'0 [#"11_repeat.rs" 41 4 41 90] (a : t_Repeat'0) (ab : Seq.seq t_A'0) (b : t_Repeat'0) (bc : Seq.seq t_A'0) (c : t_Repeat'0) : () goal vc_produces_trans'0 : ([%#s11_repeat1] produces'0 b bc c) -> ([%#s11_repeat0] produces'0 a ab b) -> ([%#s11_repeat2] produces'0 a (Seq.(++) ab bc) c) end -module M_11_repeat__qyi12237267952628538149__next [#"11_repeat.rs" 46 4 46 35] (* as common::Iterator> *) - let%span s11_repeat0 = "11_repeat.rs" 46 17 46 21 - let%span s11_repeat1 = "11_repeat.rs" 46 26 46 35 - let%span s11_repeat2 = "11_repeat.rs" 42 14 45 5 +module M_11_repeat__qyi12237267952628538149__next [#"11_repeat.rs" 47 4 47 35] (* as common::Iterator> *) + let%span s11_repeat0 = "11_repeat.rs" 47 17 47 21 + let%span s11_repeat1 = "11_repeat.rs" 47 26 47 35 + let%span s11_repeat2 = "11_repeat.rs" 43 14 46 5 let%span sclone3 = "../../../../creusot-contracts/src/std/clone.rs" 7 0 20 1 - let%span s11_repeat4 = "11_repeat.rs" 18 20 18 25 - let%span s11_repeat5 = "11_repeat.rs" 25 12 26 85 + let%span s11_repeat4 = "11_repeat.rs" 19 20 19 25 + let%span s11_repeat5 = "11_repeat.rs" 26 12 27 85 let%span sresolve6 = "../../../../creusot-contracts/src/resolve.rs" 54 20 54 34 let%span sinvariant7 = "../../../../creusot-contracts/src/invariant.rs" 34 20 34 44 let%span sinvariant8 = "../../../../creusot-contracts/src/invariant.rs" 24 8 24 18 @@ -134,7 +162,7 @@ module M_11_repeat__qyi12237267952628538149__next [#"11_repeat.rs" 46 4 46 35] ( | C_Some'0 a_0 -> inv'3 a_0 end - predicate completed'0 [#"11_repeat.rs" 17 4 17 35] (self : borrowed (t_Repeat'0)) = + predicate completed'0 [#"11_repeat.rs" 18 4 18 35] (self : borrowed (t_Repeat'0)) = [%#s11_repeat4] false use seq.Seq @@ -147,7 +175,7 @@ module M_11_repeat__qyi12237267952628538149__next [#"11_repeat.rs" 46 4 46 35] ( use seq.Seq - predicate produces'0 [#"11_repeat.rs" 23 4 23 64] (self : t_Repeat'0) (visited : Seq.seq t_A'0) (o : t_Repeat'0) = + predicate produces'0 [#"11_repeat.rs" 24 4 24 64] (self : t_Repeat'0) (visited : Seq.seq t_A'0) (o : t_Repeat'0) = [%#s11_repeat5] self = o /\ (forall i : int . 0 <= i /\ i < Seq.length visited -> Seq.get visited i = self.t_Repeat__element'0) @@ -174,9 +202,50 @@ module M_11_repeat__qyi12237267952628538149__next [#"11_repeat.rs" 46 4 46 35] ( (! return' {result}) ] end -module M_11_repeat__qyi12237267952628538149__produces_refl__refines [#"11_repeat.rs" 33 4 33 26] (* as common::Iterator> *) - let%span s11_repeat0 = "11_repeat.rs" 33 4 33 26 - let%span s11_repeat1 = "11_repeat.rs" 25 12 26 85 +module M_11_repeat__qyi11942443060372818025__resolve_coherence__refines [#"11_repeat.rs" 8 9 8 16] (* as creusot_contracts::Resolve> *) + let%span s11_repeat0 = "11_repeat.rs" 8 9 8 16 + let%span s11_repeat1 = "11_repeat.rs" 10 4 10 14 + let%span sinvariant2 = "../../../../creusot-contracts/src/invariant.rs" 24 8 24 18 + + use prelude.prelude.Borrow + + type t_A'0 + + type t_Repeat'0 = + { t_Repeat__element'0: t_A'0 } + + predicate resolve'1 (_1 : t_A'0) + + predicate structural_resolve'0 (_1 : t_Repeat'0) = + match _1 with + | {t_Repeat__element'0 = x0} -> resolve'1 x0 + end + + predicate inv'2 (_1 : t_A'0) + + predicate inv'1 (_1 : t_Repeat'0) + + axiom inv_axiom'1 [@rewrite] : forall x : t_Repeat'0 [inv'1 x] . inv'1 x + = match x with + | {t_Repeat__element'0 = element} -> inv'2 element + end + + predicate invariant'0 (self : t_Repeat'0) = + [%#sinvariant2] inv'1 self + + predicate inv'0 (_1 : t_Repeat'0) + + axiom inv_axiom'0 [@rewrite] : forall x : t_Repeat'0 [inv'0 x] . inv'0 x = invariant'0 x + + predicate resolve'0 [#"11_repeat.rs" 8 9 8 16] (self : t_Repeat'0) = + [%#s11_repeat1] resolve'1 self.t_Repeat__element'0 + + goal refines : [%#s11_repeat0] forall self : t_Repeat'0 . structural_resolve'0 self /\ inv'0 self + -> structural_resolve'0 self /\ (forall result : () . resolve'0 self -> resolve'0 self) +end +module M_11_repeat__qyi12237267952628538149__produces_refl__refines [#"11_repeat.rs" 34 4 34 26] (* as common::Iterator> *) + let%span s11_repeat0 = "11_repeat.rs" 34 4 34 26 + let%span s11_repeat1 = "11_repeat.rs" 26 12 27 85 type t_A'0 @@ -193,17 +262,17 @@ module M_11_repeat__qyi12237267952628538149__produces_refl__refines [#"11_repeat use seq.Seq - predicate produces'0 [#"11_repeat.rs" 23 4 23 64] (self : t_Repeat'0) (visited : Seq.seq t_A'0) (o : t_Repeat'0) = + predicate produces'0 [#"11_repeat.rs" 24 4 24 64] (self : t_Repeat'0) (visited : Seq.seq t_A'0) (o : t_Repeat'0) = [%#s11_repeat1] self = o /\ (forall i : int . 0 <= i /\ i < Seq.length visited -> Seq.get visited i = self.t_Repeat__element'0) goal refines : [%#s11_repeat0] forall self : t_Repeat'0 . forall result : () . produces'0 self (Seq.empty : Seq.seq t_A'0) self -> produces'0 self (Seq.empty : Seq.seq t_A'0) self end -module M_11_repeat__qyi12237267952628538149__next__refines [#"11_repeat.rs" 46 4 46 35] (* as common::Iterator> *) - let%span s11_repeat0 = "11_repeat.rs" 46 4 46 35 - let%span s11_repeat1 = "11_repeat.rs" 18 20 18 25 - let%span s11_repeat2 = "11_repeat.rs" 25 12 26 85 +module M_11_repeat__qyi12237267952628538149__next__refines [#"11_repeat.rs" 47 4 47 35] (* as common::Iterator> *) + let%span s11_repeat0 = "11_repeat.rs" 47 4 47 35 + let%span s11_repeat1 = "11_repeat.rs" 19 20 19 25 + let%span s11_repeat2 = "11_repeat.rs" 26 12 27 85 let%span sinvariant3 = "../../../../creusot-contracts/src/invariant.rs" 34 20 34 44 use prelude.prelude.Borrow @@ -233,7 +302,7 @@ module M_11_repeat__qyi12237267952628538149__next__refines [#"11_repeat.rs" 46 4 | C_None'0 | C_Some'0 t_A'0 - predicate completed'0 [#"11_repeat.rs" 17 4 17 35] (self : borrowed (t_Repeat'0)) = + predicate completed'0 [#"11_repeat.rs" 18 4 18 35] (self : borrowed (t_Repeat'0)) = [%#s11_repeat1] false use seq.Seq @@ -246,7 +315,7 @@ module M_11_repeat__qyi12237267952628538149__next__refines [#"11_repeat.rs" 46 4 use seq.Seq - predicate produces'0 [#"11_repeat.rs" 23 4 23 64] (self : t_Repeat'0) (visited : Seq.seq t_A'0) (o : t_Repeat'0) = + predicate produces'0 [#"11_repeat.rs" 24 4 24 64] (self : t_Repeat'0) (visited : Seq.seq t_A'0) (o : t_Repeat'0) = [%#s11_repeat2] self = o /\ (forall i : int . 0 <= i /\ i < Seq.length visited -> Seq.get visited i = self.t_Repeat__element'0) @@ -271,9 +340,9 @@ module M_11_repeat__qyi12237267952628538149__next__refines [#"11_repeat.rs" 46 4 end /\ inv'1 result) end -module M_11_repeat__qyi12237267952628538149__produces_trans__refines [#"11_repeat.rs" 40 4 40 90] (* as common::Iterator> *) - let%span s11_repeat0 = "11_repeat.rs" 40 4 40 90 - let%span s11_repeat1 = "11_repeat.rs" 25 12 26 85 +module M_11_repeat__qyi12237267952628538149__produces_trans__refines [#"11_repeat.rs" 41 4 41 90] (* as common::Iterator> *) + let%span s11_repeat0 = "11_repeat.rs" 41 4 41 90 + let%span s11_repeat1 = "11_repeat.rs" 26 12 27 85 type t_A'0 @@ -288,7 +357,7 @@ module M_11_repeat__qyi12237267952628538149__produces_trans__refines [#"11_repea use seq.Seq - predicate produces'0 [#"11_repeat.rs" 23 4 23 64] (self : t_Repeat'0) (visited : Seq.seq t_A'0) (o : t_Repeat'0) = + predicate produces'0 [#"11_repeat.rs" 24 4 24 64] (self : t_Repeat'0) (visited : Seq.seq t_A'0) (o : t_Repeat'0) = [%#s11_repeat1] self = o /\ (forall i : int . 0 <= i /\ i < Seq.length visited -> Seq.get visited i = self.t_Repeat__element'0) diff --git a/creusot/tests/should_succeed/iterators/11_repeat.rs b/creusot/tests/should_succeed/iterators/11_repeat.rs index 2d199f6ad9..b406e132cd 100644 --- a/creusot/tests/should_succeed/iterators/11_repeat.rs +++ b/creusot/tests/should_succeed/iterators/11_repeat.rs @@ -5,6 +5,7 @@ use creusot_contracts::*; mod common; use common::Iterator; +#[derive(Resolve)] pub struct Repeat { element: A, } diff --git a/creusot/tests/should_succeed/iterators/11_repeat/why3session.xml b/creusot/tests/should_succeed/iterators/11_repeat/why3session.xml index 622af159d2..579b5ef5e5 100644 --- a/creusot/tests/should_succeed/iterators/11_repeat/why3session.xml +++ b/creusot/tests/should_succeed/iterators/11_repeat/why3session.xml @@ -7,13 +7,20 @@ + + + + + + + + + + - - - diff --git a/creusot/tests/should_succeed/iterators/11_repeat/why3shapes.gz b/creusot/tests/should_succeed/iterators/11_repeat/why3shapes.gz index ac7b8bff00ca1d6b834881fda44e309072f02424..09ca2231715ce72db46e8ad77d4c22df00a9ec46 100644 GIT binary patch literal 614 zcmV-s0-60EiwFP!00000|D{tskJ~T|-SsQHrM)bas4sU50vOKHp#`)Cv_!Q*6DPHu z1N!d^$MId#OM62-(d6SJ^+K8iK%+UJD|l7{UUJ~0go zSR8(Y06#Ag8K9aCF&fnEs2vs%)C7Q_s@V|Kaev%D^8x~HZhxv3^+R`#!?~mV_6{}W z;@<$3;KOP7wY_wIQ-FHj=gq^UOGwbEJEn8wegOgKLK0x}&|6iv=u7$(dc?F`1{pBu z&0}}9y7LDa)SXAY&3%li#_z5#qUDmPp(aw?+y_SQoohn9J6@c}ivh%Xp!N3iu^lCx z(lo8NUyp}z5CP|fz9{dmcC~AedL4o0j6a>$n|)p?=qX+w*X2gQL7_ zX@AL>3)#(o)A~oW)#|!yW?ni|-LABpMNzXTY82%vkNQ(VIe~SM)ok1!2+jwB^MT+S ziSe#QJxi=-iM4q2RQvkWm#(&3-t&RS$~U-420Oi6zLffR*6romS+wg^@ZYHuTD`}A zrL2SiL@vQtXMI#;oQpAPLe)6M?0qhj-6N8Ko!Q-mBdSzji=0&6S0l-w9d(kI<8 zM=YgHijB_P0GW}=2`~!5P*&DO$R=k_B{Cp8Ae;OM@CggN14^RWpoyKv zz5xC9h2!Whz6-8HJv~s5kL1svo{Hfoo@gj8bRPD7_oXn!(`SaKb041r4JCIR>3ACd zIKF*YZ5nn}yKB&WCk}K-v+XM1q^?#DoOEjYxZJE4bq7u?D&l?bV^1@Ei@gw6D@2bz zVAw7nrs|?JyVwTz-K7)`aNK>P6X96$^7zX+{`>kO9dEK=lfd&HyK&lKHgG4JEZAnm z&F*X8QOR$)3OBp&{gF!UoSZwr$tDYS6K1`^&>v3+8Y!0C>DQdQox}6_Ox@@-4*TxM zfyTab6{dZMhigY3WVZhuYahin>)WMzn?-XE1u`{}sR_q#h@}&65yNa&4w@{Mh-F4B zGh+D;v0SXEGGdhxEB5GA^LpybR=XV?=t$G#JKv1K%$LK as common::Iterator> *) - let%span s12_zip0 = "12_zip.rs" 41 14 41 45 - let%span s12_zip1 = "12_zip.rs" 39 4 39 10 - let%span s12_zip2 = "12_zip.rs" 32 12 35 73 +module M_12_zip__qyi11945968049747852488__resolve_coherence [#"12_zip.rs" 9 9 9 16] (* as creusot_contracts::Resolve> *) + let%span s12_zip0 = "12_zip.rs" 9 9 9 16 + let%span s12_zip1 = "12_zip.rs" 9 9 9 16 + let%span s12_zip2 = "12_zip.rs" 11 4 12 8 + + use prelude.prelude.Borrow + + type t_A'0 + + type t_B'0 + + type t_Zip'0 = + { t_Zip__a'0: t_A'0; t_Zip__b'0: t_B'0 } + + predicate resolve'1 (_1 : t_B'0) + + predicate resolve'2 (_1 : t_A'0) + + predicate structural_resolve'0 (_1 : t_Zip'0) = + match _1 with + | {t_Zip__a'0 = x0 ; t_Zip__b'0 = x1} -> resolve'1 x1 /\ resolve'2 x0 + end + + predicate resolve'0 [#"12_zip.rs" 9 9 9 16] (self : t_Zip'0) = + [%#s12_zip2] resolve'2 self.t_Zip__a'0 /\ resolve'1 self.t_Zip__b'0 + + constant self : t_Zip'0 + + function resolve_coherence'0 [#"12_zip.rs" 9 9 9 16] (self : t_Zip'0) : () + + goal vc_resolve_coherence'0 : ([%#s12_zip0] structural_resolve'0 self) -> ([%#s12_zip0] resolve'0 self) +end +module M_12_zip__qyi1592645166739554830__produces_refl [#"12_zip.rs" 43 4 43 26] (* as common::Iterator> *) + let%span s12_zip0 = "12_zip.rs" 42 14 42 45 + let%span s12_zip1 = "12_zip.rs" 40 4 40 10 + let%span s12_zip2 = "12_zip.rs" 33 12 36 73 let%span scommon3 = "common.rs" 14 14 14 45 let%span scommon4 = "common.rs" 18 15 18 32 let%span scommon5 = "common.rs" 19 15 19 32 @@ -72,7 +104,7 @@ module M_12_zip__qyi1592645166739554830__produces_refl [#"12_zip.rs" 42 4 42 26] use seq.Seq - predicate produces'0 [#"12_zip.rs" 29 4 29 65] (self : t_Zip'0) (visited : Seq.seq (t_Item'0, t_Item'1)) (tl : t_Zip'0) + predicate produces'0 [#"12_zip.rs" 30 4 30 65] (self : t_Zip'0) (visited : Seq.seq (t_Item'0, t_Item'1)) (tl : t_Zip'0) = [%#s12_zip2] exists p1 : Seq.seq t_Item'0, p2 : Seq.seq t_Item'1 . Seq.length p1 = Seq.length p2 @@ -82,16 +114,16 @@ module M_12_zip__qyi1592645166739554830__produces_refl [#"12_zip.rs" 42 4 42 26] constant self : t_Zip'0 - function produces_refl'0 [#"12_zip.rs" 42 4 42 26] (self : t_Zip'0) : () + function produces_refl'0 [#"12_zip.rs" 43 4 43 26] (self : t_Zip'0) : () goal vc_produces_refl'0 : [%#s12_zip0] produces'0 self (Seq.empty : Seq.seq (t_Item'0, t_Item'1)) self end -module M_12_zip__qyi1592645166739554830__produces_trans [#"12_zip.rs" 49 4 49 90] (* as common::Iterator> *) - let%span s12_zip0 = "12_zip.rs" 46 15 46 32 - let%span s12_zip1 = "12_zip.rs" 47 15 47 32 - let%span s12_zip2 = "12_zip.rs" 48 14 48 42 - let%span s12_zip3 = "12_zip.rs" 44 4 44 10 - let%span s12_zip4 = "12_zip.rs" 32 12 35 73 +module M_12_zip__qyi1592645166739554830__produces_trans [#"12_zip.rs" 50 4 50 90] (* as common::Iterator> *) + let%span s12_zip0 = "12_zip.rs" 47 15 47 32 + let%span s12_zip1 = "12_zip.rs" 48 15 48 32 + let%span s12_zip2 = "12_zip.rs" 49 14 49 42 + let%span s12_zip3 = "12_zip.rs" 45 4 45 10 + let%span s12_zip4 = "12_zip.rs" 33 12 36 73 let%span scommon5 = "common.rs" 14 14 14 45 let%span scommon6 = "common.rs" 18 15 18 32 let%span scommon7 = "common.rs" 19 15 19 32 @@ -160,7 +192,7 @@ module M_12_zip__qyi1592645166739554830__produces_trans [#"12_zip.rs" 49 4 49 90 use seq.Seq - predicate produces'0 [#"12_zip.rs" 29 4 29 65] (self : t_Zip'0) (visited : Seq.seq (t_Item'0, t_Item'1)) (tl : t_Zip'0) + predicate produces'0 [#"12_zip.rs" 30 4 30 65] (self : t_Zip'0) (visited : Seq.seq (t_Item'0, t_Item'1)) (tl : t_Zip'0) = [%#s12_zip4] exists p1 : Seq.seq t_Item'0, p2 : Seq.seq t_Item'1 . Seq.length p1 = Seq.length p2 @@ -180,21 +212,21 @@ module M_12_zip__qyi1592645166739554830__produces_trans [#"12_zip.rs" 49 4 49 90 constant c : t_Zip'0 - function produces_trans'0 [#"12_zip.rs" 49 4 49 90] (a : t_Zip'0) (ab : Seq.seq (t_Item'0, t_Item'1)) (b : t_Zip'0) (bc : Seq.seq (t_Item'0, t_Item'1)) (c : t_Zip'0) : () + function produces_trans'0 [#"12_zip.rs" 50 4 50 90] (a : t_Zip'0) (ab : Seq.seq (t_Item'0, t_Item'1)) (b : t_Zip'0) (bc : Seq.seq (t_Item'0, t_Item'1)) (c : t_Zip'0) : () goal vc_produces_trans'0 : ([%#s12_zip1] produces'0 b bc c) -> ([%#s12_zip0] produces'0 a ab b) -> ([%#s12_zip2] produces'0 a (Seq.(++) ab bc) c) end -module M_12_zip__qyi1592645166739554830__next [#"12_zip.rs" 55 4 55 44] (* as common::Iterator> *) - let%span s12_zip0 = "12_zip.rs" 55 17 55 21 - let%span s12_zip1 = "12_zip.rs" 55 26 55 44 - let%span s12_zip2 = "12_zip.rs" 51 14 54 5 +module M_12_zip__qyi1592645166739554830__next [#"12_zip.rs" 56 4 56 44] (* as common::Iterator> *) + let%span s12_zip0 = "12_zip.rs" 56 17 56 21 + let%span s12_zip1 = "12_zip.rs" 56 26 56 44 + let%span s12_zip2 = "12_zip.rs" 52 14 55 5 let%span scommon3 = "common.rs" 27 17 27 21 let%span scommon4 = "common.rs" 27 26 27 44 let%span scommon5 = "common.rs" 23 14 26 5 - let%span s12_zip6 = "12_zip.rs" 21 13 23 67 - let%span s12_zip7 = "12_zip.rs" 32 12 35 73 + let%span s12_zip6 = "12_zip.rs" 22 13 24 67 + let%span s12_zip7 = "12_zip.rs" 33 12 36 73 let%span scommon8 = "common.rs" 14 14 14 45 let%span scommon9 = "common.rs" 18 15 18 32 let%span scommon10 = "common.rs" 19 15 19 32 @@ -376,7 +408,7 @@ module M_12_zip__qyi1592645166739554830__next [#"12_zip.rs" 55 4 55 44] (* inv'9 a_0 end - predicate completed'0 [#"12_zip.rs" 19 4 19 35] (self : borrowed (t_Zip'0)) = + predicate completed'0 [#"12_zip.rs" 20 4 20 35] (self : borrowed (t_Zip'0)) = [%#s12_zip6] completed'1 (Borrow.borrow_logic (self.current).t_Zip__a'0 (self.final).t_Zip__a'0 (Borrow.inherit_id (Borrow.get_id self) 1)) /\ (self.current).t_Zip__b'0 = (self.final).t_Zip__b'0 \/ (exists x : t_Item'0 . produces'1 (self.current).t_Zip__a'0 (Seq.singleton x) (self.final).t_Zip__a'0 @@ -401,7 +433,7 @@ module M_12_zip__qyi1592645166739554830__next [#"12_zip.rs" 55 4 55 44] (* as common::Iterator> *) - let%span s12_zip0 = "12_zip.rs" 55 4 55 44 - let%span s12_zip1 = "12_zip.rs" 21 13 23 67 - let%span s12_zip2 = "12_zip.rs" 32 12 35 73 +module M_12_zip__qyi11945968049747852488__resolve_coherence__refines [#"12_zip.rs" 9 9 9 16] (* as creusot_contracts::Resolve> *) + let%span s12_zip0 = "12_zip.rs" 9 9 9 16 + let%span s12_zip1 = "12_zip.rs" 11 4 12 8 + let%span sinvariant2 = "../../../../creusot-contracts/src/invariant.rs" 24 8 24 18 + + use prelude.prelude.Borrow + + type t_A'0 + + type t_B'0 + + type t_Zip'0 = + { t_Zip__a'0: t_A'0; t_Zip__b'0: t_B'0 } + + predicate resolve'1 (_1 : t_B'0) + + predicate resolve'2 (_1 : t_A'0) + + predicate structural_resolve'0 (_1 : t_Zip'0) = + match _1 with + | {t_Zip__a'0 = x0 ; t_Zip__b'0 = x1} -> resolve'1 x1 /\ resolve'2 x0 + end + + predicate inv'2 (_1 : t_A'0) + + predicate inv'3 (_1 : t_B'0) + + predicate inv'1 (_1 : t_Zip'0) + + axiom inv_axiom'1 [@rewrite] : forall x : t_Zip'0 [inv'1 x] . inv'1 x + = match x with + | {t_Zip__a'0 = a ; t_Zip__b'0 = b} -> inv'2 a /\ inv'3 b + end + + predicate invariant'0 (self : t_Zip'0) = + [%#sinvariant2] inv'1 self + + predicate inv'0 (_1 : t_Zip'0) + + axiom inv_axiom'0 [@rewrite] : forall x : t_Zip'0 [inv'0 x] . inv'0 x = invariant'0 x + + predicate resolve'0 [#"12_zip.rs" 9 9 9 16] (self : t_Zip'0) = + [%#s12_zip1] resolve'2 self.t_Zip__a'0 /\ resolve'1 self.t_Zip__b'0 + + goal refines : [%#s12_zip0] forall self : t_Zip'0 . structural_resolve'0 self /\ inv'0 self + -> structural_resolve'0 self /\ (forall result : () . resolve'0 self -> resolve'0 self) +end +module M_12_zip__qyi1592645166739554830__next__refines [#"12_zip.rs" 56 4 56 44] (* as common::Iterator> *) + let%span s12_zip0 = "12_zip.rs" 56 4 56 44 + let%span s12_zip1 = "12_zip.rs" 22 13 24 67 + let%span s12_zip2 = "12_zip.rs" 33 12 36 73 let%span sinvariant3 = "../../../../creusot-contracts/src/invariant.rs" 34 20 34 44 let%span scommon4 = "common.rs" 14 14 14 45 let%span scommon5 = "common.rs" 18 15 18 32 @@ -571,7 +650,7 @@ module M_12_zip__qyi1592645166739554830__next__refines [#"12_zip.rs" 55 4 55 44] predicate completed'2 [#"common.rs" 11 4 11 36] (self : borrowed t_B'0) - predicate completed'0 [#"12_zip.rs" 19 4 19 35] (self : borrowed (t_Zip'0)) = + predicate completed'0 [#"12_zip.rs" 20 4 20 35] (self : borrowed (t_Zip'0)) = [%#s12_zip1] completed'1 (Borrow.borrow_logic (self.current).t_Zip__a'0 (self.final).t_Zip__a'0 (Borrow.inherit_id (Borrow.get_id self) 1)) /\ (self.current).t_Zip__b'0 = (self.final).t_Zip__b'0 \/ (exists x : t_Item'0 . produces'1 (self.current).t_Zip__a'0 (Seq.singleton x) (self.final).t_Zip__a'0 @@ -596,7 +675,7 @@ module M_12_zip__qyi1592645166739554830__next__refines [#"12_zip.rs" 55 4 55 44] use seq.Seq - predicate produces'0 [#"12_zip.rs" 29 4 29 65] (self : t_Zip'0) (visited : Seq.seq (t_Item'0, t_Item'1)) (tl : t_Zip'0) + predicate produces'0 [#"12_zip.rs" 30 4 30 65] (self : t_Zip'0) (visited : Seq.seq (t_Item'0, t_Item'1)) (tl : t_Zip'0) = [%#s12_zip2] exists p1 : Seq.seq t_Item'0, p2 : Seq.seq t_Item'1 . Seq.length p1 = Seq.length p2 @@ -634,9 +713,9 @@ module M_12_zip__qyi1592645166739554830__next__refines [#"12_zip.rs" 55 4 55 44] end /\ inv'1 result) end -module M_12_zip__qyi1592645166739554830__produces_trans__refines [#"12_zip.rs" 49 4 49 90] (* as common::Iterator> *) - let%span s12_zip0 = "12_zip.rs" 49 4 49 90 - let%span s12_zip1 = "12_zip.rs" 32 12 35 73 +module M_12_zip__qyi1592645166739554830__produces_trans__refines [#"12_zip.rs" 50 4 50 90] (* as common::Iterator> *) + let%span s12_zip0 = "12_zip.rs" 50 4 50 90 + let%span s12_zip1 = "12_zip.rs" 33 12 36 73 let%span scommon2 = "common.rs" 14 14 14 45 let%span scommon3 = "common.rs" 18 15 18 32 let%span scommon4 = "common.rs" 19 15 19 32 @@ -705,7 +784,7 @@ module M_12_zip__qyi1592645166739554830__produces_trans__refines [#"12_zip.rs" 4 use seq.Seq - predicate produces'0 [#"12_zip.rs" 29 4 29 65] (self : t_Zip'0) (visited : Seq.seq (t_Item'0, t_Item'1)) (tl : t_Zip'0) + predicate produces'0 [#"12_zip.rs" 30 4 30 65] (self : t_Zip'0) (visited : Seq.seq (t_Item'0, t_Item'1)) (tl : t_Zip'0) = [%#s12_zip1] exists p1 : Seq.seq t_Item'0, p2 : Seq.seq t_Item'1 . Seq.length p1 = Seq.length p2 @@ -720,9 +799,9 @@ module M_12_zip__qyi1592645166739554830__produces_trans__refines [#"12_zip.rs" 4 -> produces'0 b bc c /\ produces'0 a ab b /\ (forall result : () . produces'0 a (Seq.(++) ab bc) c -> produces'0 a (Seq.(++) ab bc) c) end -module M_12_zip__qyi1592645166739554830__produces_refl__refines [#"12_zip.rs" 42 4 42 26] (* as common::Iterator> *) - let%span s12_zip0 = "12_zip.rs" 42 4 42 26 - let%span s12_zip1 = "12_zip.rs" 32 12 35 73 +module M_12_zip__qyi1592645166739554830__produces_refl__refines [#"12_zip.rs" 43 4 43 26] (* as common::Iterator> *) + let%span s12_zip0 = "12_zip.rs" 43 4 43 26 + let%span s12_zip1 = "12_zip.rs" 33 12 36 73 let%span scommon2 = "common.rs" 14 14 14 45 let%span scommon3 = "common.rs" 18 15 18 32 let%span scommon4 = "common.rs" 19 15 19 32 @@ -793,7 +872,7 @@ module M_12_zip__qyi1592645166739554830__produces_refl__refines [#"12_zip.rs" 42 use seq.Seq - predicate produces'0 [#"12_zip.rs" 29 4 29 65] (self : t_Zip'0) (visited : Seq.seq (t_Item'0, t_Item'1)) (tl : t_Zip'0) + predicate produces'0 [#"12_zip.rs" 30 4 30 65] (self : t_Zip'0) (visited : Seq.seq (t_Item'0, t_Item'1)) (tl : t_Zip'0) = [%#s12_zip1] exists p1 : Seq.seq t_Item'0, p2 : Seq.seq t_Item'1 . Seq.length p1 = Seq.length p2 diff --git a/creusot/tests/should_succeed/iterators/12_zip.rs b/creusot/tests/should_succeed/iterators/12_zip.rs index c1e25dea11..fb65f49d1d 100644 --- a/creusot/tests/should_succeed/iterators/12_zip.rs +++ b/creusot/tests/should_succeed/iterators/12_zip.rs @@ -6,6 +6,7 @@ mod common; use common::Iterator; #[allow(dead_code)] +#[derive(Resolve)] struct Zip { a: A, b: B, diff --git a/creusot/tests/should_succeed/iterators/12_zip/why3session.xml b/creusot/tests/should_succeed/iterators/12_zip/why3session.xml index 17c1ce2246..8f10b70a95 100644 --- a/creusot/tests/should_succeed/iterators/12_zip/why3session.xml +++ b/creusot/tests/should_succeed/iterators/12_zip/why3session.xml @@ -7,6 +7,16 @@ + + + + + + + + + + diff --git a/creusot/tests/should_succeed/iterators/12_zip/why3shapes.gz b/creusot/tests/should_succeed/iterators/12_zip/why3shapes.gz index b1e8c7c01ceecdff2050e0577b2adadc1c457b44..e80ed363c1b46247334578de2303b1537e982bee 100644 GIT binary patch literal 2164 zcmV-)2#fb0iwFP!00000|Gii{a~nwx&iN~t>28%YfPQY-0n24pGjVcP9bBU7r_EZK zk}1mP{r6WrFV2udnObYli7{xrKH!@kQ2+RC`Sis<=BMTNynot0?0#R$`rYA%Icg1Ukb!v_l{&D}1o@0Kh zrTg1k2aamKks8l5%z?x8#8>#H04K(3bh3t2&NyJ3v0k66q*G2$y#czY0OJGZ0Q&>n zT+pv49u3&`>=bw7Re_TO;Xs}S938D!)3fG)PnCQ&$_tk3`fuUi`}@56eE8xYVUTdF z#$F1ssz2w053v^b@8`$+jE&+Es-lsw>CL=({_A!+faeN6&FQ zkNzOEhLh(wK`?><6AZ(F4?PGU9MBX5R85PbiVX}pdiF5rA`IWuFvfKWhi{4+1G{W_ zd)pYF0AF3Kq1pqSc68O@zPNhHRVWXmcqoTS|jTQ}FKggo) z3X_#Yo@uxfPEMB;(`^UlWX)(7ALzL|KEgRAYmD(EO1}buSa&Fe1Kq;pM}j%$Kz{4j zNx2@R#fO9caQEq9SC_L^iOhev``5$Qy5l)8{jv#WJxGgALR@|D@!{*^eLm!L!yLjf z+Gq^%dB4xQLp^@l?mpk=!^6%Y`Lf;l`_`#Xh`4!^;Cw##dev>U2%AA#kJo2#U8CwG zd*Q52a8UB*6|y}dXPpXL)+1M zdGtlYkq~+ygl-7Yx1aT`>aU6ZZ2{eJ0vzb|QJnq=LFoC0upXp7Jafob{qGz)vJ|oP zGIdsiG{SlLT+qd?CM>dcINm~@onO_Y#7+nPNhY3 zHkHw3(>gcCdH3|Z&rg$1v`z9qSk(@XWt;EQ9UEHLF#S@o{c+jupq16!?B_7T%<$i& zTM^qzbO!+@+?*Nt|GmEBl{UZBTw=Fw>l$vq0pQQc+&IoL>nf^V^zPX-ys%v@)YIsg z0FJ7$R}01eU@&6gU<*@-e7G+Ag{^06Z@-xNsGjuklIsZI;?t*5F%C^%#(J!rSg|^u z)@nW0ofuJdT#uhu(_ADS@%8w5HM=LMGeC~ek?J=FwVLl(YqgoAR5j(szjwq(+WPBo zvbl^xw)fESPjKJ}`!6Bk5UQob=BFfcs2vTPl=9m&WV^)bS(nXg-gJkmM!5DZuk)P^ za#F+9ulHnzjv6?}#fG{+UFtfU)m2yP-v+2(W{J8==Dr8D{S&5RWqPFonvs^hf>kfj z<*Lem%Al*F3=rDQVe^_z$Dvv*0ty}yV-bmmoFExOpO_X>hs1+il0^%aErd`3RL&`* z;zmauFo&2Di!y^KxFpLL*^u^>fbpCtD(|Dt+Jxjo;Q*d5$r`JzveJr$E~1bMMTBS= zks?%3gg0Jf5hJgufeqH=jf@mE8J$Q;1W~{<%}Oo_LMhc62J29S$)aQ;QVC*_+!S9} zlp!MHtXiWStVQssxC#VGv78}!&M-tzDnld<)mjYJ%y<<^8!u#LWVnP90VR)KnaF~u z*4!dkWEPACZ9!R(7K80h9O-UD+?A9i$ZFn zV?+`tqd*oY$0(7-8Vj$CrAq-W3@C+6bFOmMF({@DNr9T>C0XK@$P!utOU$CNs4ZAj ziy{b0@tR^Go`p)pQ-}pj&_yL#ot3tnTTYgvjYtRxl#k)^Ce zFv3XSK)`eGlrmRK!L1-G&8!c0Japy3jJ$2A{hapkV!IPPKA_DhUFAZ)I4E*OC(weRoaLkeqvSb2Qi&B)Fearn6{TWBCB>{XR_ZrOiL5ZCgqB{_D~AhiOsRb=EczgH zM==F&oj9WpIf_J3?-wnhNG>%f6+HMX(~){_pBuf`q?KmH#8SzVl8~CCWL$&brGi%6 zDzXaSE^7=~39n-9ukeYLn3*J*$slRQOhv53-;fwo3`!{h$a2mGOJFE@(100=CsnUu q`KB4AijgM~7?d1xN=hbQ>IX6g1Jcy*s8W9^^8Wy0_x&Eq9{>R9_BkK` literal 2065 zcmV+s2=4bEiwFP!00000|GigBa~nAhzUx=$rrq&{0Qj6r4ysgC)FqeQ;$bf?J`>eA zvLh?m%)j4aztk283| zE5LYxIlz7aw^#I=&7u+S8`$IB{y9IC)~*rHJ=Y?T1K~iPJ0C4=*3-3Sflrlu*2@np zH}!Af-};BV|9Jf5pJ0%1tj1mnv8q4jqYtqr`0uYz4;dT96I4YbVN<6!^?TU2_HW+C zn$Dz;{&@eN-P8TOUojtQ_|bP9_oiP6t>NT5P7sVBzy!mv;6o3>2M06-0aeqYsA2^M0I9eQ>8K=EAj%QM29a!~_M&)Gzpr4E6KpdjxCHJ%{0J1?3JPDq+UADitwb;4 z>F8k3fx?s7`|Wj5a&m%y07^_Qh4ttPQWH3$DjG>TPz@Y)c>$>j5IHuuY?=dk6+&=e zZt6>LplACMqC+-;psS*hj6+r-AiH=9kWC<%vB62LPX_NNuc{xK=Hqs{P_+|PYqfai zcl&QE<#62y(slS&Z1wpM=N$Xe=*h87FD$Cy4?DjYyxV_#$j8UML-J*}_Ydu+J|N=uRh;vA=bLrcV1(@;ZN_W>*A=REvKKDO zL{5+VsxKY!)TS3EZ8A--yP<8`R+v$mw%cc|=6$RAB;QJcFWmtEu^FUM%FtG{-Y$L8 za3X{r2%#H7^yO!Lsrq}QKTe=KPJjcwIf>IVh0ya2VKYd*d*+a@yGkORSc=&0GPPHO zG{SC%+1C*X5B>9tGjzP4F|T%g?bvD z0>DW%-qk|!-x-WpIM~7zA|I~HexmEy+S@N?9@VotUfVhXxcKm4l#D~ur?D9;CswSs zr?uLQb!SFYH*Ut?>uD^Kj`(K$y`G&D)CC|%=t%VwgIdp5thL%sLaG{a>)$%!BW?Zp zIGJ2VF57!(dupyD>|a8{!BtC%?N3SOP&*nXDdl%*h<1(Dvs<<=Iq42n^>FJcul=2M za+br*$9vL4M-80QU_*S{jWfi%dGBXe>)!^bA7+WVOy=H$TK);su`<0<0nJFuUcjm! z(B-Dgf6AbnybKW9$zl7FNynjDEV3c(DFNd-QB>YXowW(chr$6oUkb}DS+ro;LKjg; zg(5;Uj7SkGD8d^rvWSt(rLb}^CU0bIhl7?yxgEcc=MbgF#nHd=_p+rE* zqgN)fAgVR9pe#rW!UDHI7SIA%VAfbYc;Y2$8B&OvX`VyYKC4)y=TUm1rdVKZ@{|P& ziA5o`(J>+klu;lHlw*|0V)dkN@}x@vE(|DzOmnVs)-foi4M~BT<)yF$mY79jQCn0N zrA1+pTckx11f_UQu@KKfCE_W>0w(C9lB~OxupBIBmW(BBNm-JXge7i?EVWsf#AO!6 zBMM;x8dJbWm01W;M=HM3h%Cn&Tm@1>DwA|pEJhBQxGvrpjXFT~u;kKmVL89qV^$K2 zfyh!;A{b#La3J70cuJY8r2s3K<;HStxq6A~q*&3x#{^yp02Or+3`^i%MZvOI3T_2i zfqyjs)5c4aQ6)^Zrwn6}1tJSnJOEn?X@&T;7?F&CP{<@1F{eVxC&O}zCTgCr9uQ%y z&{n9IJI^ALN{PHj<&#fFa8wXDC8?z-thQ5vmFyQ{c+WtIR7{B_GVVj*MVo}lKrUSB z+F;48BrEaPB5{_J28@#D07)fQOu?9x)>M>=4V9#_Qd%iqDI~JOloDEcRqq=vxG|;H zv9Rca&>h93e(k^+eaKNHf_lMd2}N?LL8;)uXPHjad;Qqxy(X#WX3SK?3jc<{pkh!;2|$)}Hdq2f$%6*W vP&}!64b!VelqyD^L|{;I$SEnAe5r3^3 as common::Iterator> *) - let%span s13_cloned0 = "13_cloned.rs" 39 14 39 45 - let%span s13_cloned1 = "13_cloned.rs" 37 4 37 10 - let%span s13_cloned2 = "13_cloned.rs" 30 12 33 79 +module M_13_cloned__qyi11451544921893159183__resolve_coherence [#"13_cloned.rs" 9 9 9 16] (* as creusot_contracts::Resolve> *) + let%span s13_cloned0 = "13_cloned.rs" 9 9 9 16 + let%span s13_cloned1 = "13_cloned.rs" 9 9 9 16 + let%span s13_cloned2 = "13_cloned.rs" 11 4 11 11 + + use prelude.prelude.Borrow + + type t_I'0 + + type t_Cloned'0 = + { t_Cloned__iter'0: t_I'0 } + + predicate resolve'1 (_1 : t_I'0) + + predicate structural_resolve'0 (_1 : t_Cloned'0) = + match _1 with + | {t_Cloned__iter'0 = x0} -> resolve'1 x0 + end + + predicate resolve'0 [#"13_cloned.rs" 9 9 9 16] (self : t_Cloned'0) = + [%#s13_cloned2] resolve'1 self.t_Cloned__iter'0 + + constant self : t_Cloned'0 + + function resolve_coherence'0 [#"13_cloned.rs" 9 9 9 16] (self : t_Cloned'0) : () + + goal vc_resolve_coherence'0 : ([%#s13_cloned0] structural_resolve'0 self) -> ([%#s13_cloned0] resolve'0 self) +end +module M_13_cloned__qyi7043136317404314719__produces_refl [#"13_cloned.rs" 41 4 41 26] (* as common::Iterator> *) + let%span s13_cloned0 = "13_cloned.rs" 40 14 40 45 + let%span s13_cloned1 = "13_cloned.rs" 38 4 38 10 + let%span s13_cloned2 = "13_cloned.rs" 31 12 34 79 let%span scommon3 = "common.rs" 14 14 14 45 let%span scommon4 = "common.rs" 18 15 18 32 let%span scommon5 = "common.rs" 19 15 19 32 @@ -48,23 +76,23 @@ module M_13_cloned__qyi7043136317404314719__produces_refl [#"13_cloned.rs" 40 4 use seq.Seq - predicate produces'0 [#"13_cloned.rs" 28 4 28 64] (self : t_Cloned'0) (visited : Seq.seq t_T'0) (o : t_Cloned'0) = + predicate produces'0 [#"13_cloned.rs" 29 4 29 64] (self : t_Cloned'0) (visited : Seq.seq t_T'0) (o : t_Cloned'0) = [%#s13_cloned2] exists s : Seq.seq t_T'0 . produces'1 self.t_Cloned__iter'0 s o.t_Cloned__iter'0 /\ Seq.length visited = Seq.length s /\ (forall i : int . 0 <= i /\ i < Seq.length s -> Seq.get visited i = Seq.get s i) constant self : t_Cloned'0 - function produces_refl'0 [#"13_cloned.rs" 40 4 40 26] (self : t_Cloned'0) : () + function produces_refl'0 [#"13_cloned.rs" 41 4 41 26] (self : t_Cloned'0) : () goal vc_produces_refl'0 : [%#s13_cloned0] produces'0 self (Seq.empty : Seq.seq t_T'0) self end -module M_13_cloned__qyi7043136317404314719__produces_trans [#"13_cloned.rs" 47 4 47 90] (* as common::Iterator> *) - let%span s13_cloned0 = "13_cloned.rs" 44 15 44 32 - let%span s13_cloned1 = "13_cloned.rs" 45 15 45 32 - let%span s13_cloned2 = "13_cloned.rs" 46 14 46 42 - let%span s13_cloned3 = "13_cloned.rs" 42 4 42 10 - let%span s13_cloned4 = "13_cloned.rs" 30 12 33 79 +module M_13_cloned__qyi7043136317404314719__produces_trans [#"13_cloned.rs" 48 4 48 90] (* as common::Iterator> *) + let%span s13_cloned0 = "13_cloned.rs" 45 15 45 32 + let%span s13_cloned1 = "13_cloned.rs" 46 15 46 32 + let%span s13_cloned2 = "13_cloned.rs" 47 14 47 42 + let%span s13_cloned3 = "13_cloned.rs" 43 4 43 10 + let%span s13_cloned4 = "13_cloned.rs" 31 12 34 79 let%span scommon5 = "common.rs" 14 14 14 45 let%span scommon6 = "common.rs" 18 15 18 32 let%span scommon7 = "common.rs" 19 15 19 32 @@ -109,7 +137,7 @@ module M_13_cloned__qyi7043136317404314719__produces_trans [#"13_cloned.rs" 47 4 use seq.Seq - predicate produces'0 [#"13_cloned.rs" 28 4 28 64] (self : t_Cloned'0) (visited : Seq.seq t_T'0) (o : t_Cloned'0) = + predicate produces'0 [#"13_cloned.rs" 29 4 29 64] (self : t_Cloned'0) (visited : Seq.seq t_T'0) (o : t_Cloned'0) = [%#s13_cloned4] exists s : Seq.seq t_T'0 . produces'1 self.t_Cloned__iter'0 s o.t_Cloned__iter'0 /\ Seq.length visited = Seq.length s /\ (forall i : int . 0 <= i /\ i < Seq.length s -> Seq.get visited i = Seq.get s i) @@ -126,22 +154,22 @@ module M_13_cloned__qyi7043136317404314719__produces_trans [#"13_cloned.rs" 47 4 constant c : t_Cloned'0 - function produces_trans'0 [#"13_cloned.rs" 47 4 47 90] (a : t_Cloned'0) (ab : Seq.seq t_T'0) (b : t_Cloned'0) (bc : Seq.seq t_T'0) (c : t_Cloned'0) : () + function produces_trans'0 [#"13_cloned.rs" 48 4 48 90] (a : t_Cloned'0) (ab : Seq.seq t_T'0) (b : t_Cloned'0) (bc : Seq.seq t_T'0) (c : t_Cloned'0) : () goal vc_produces_trans'0 : ([%#s13_cloned1] produces'0 b bc c) -> ([%#s13_cloned0] produces'0 a ab b) -> ([%#s13_cloned2] produces'0 a (Seq.(++) ab bc) c) end -module M_13_cloned__qyi7043136317404314719__next [#"13_cloned.rs" 53 4 53 35] (* as common::Iterator> *) - let%span s13_cloned0 = "13_cloned.rs" 53 17 53 21 - let%span s13_cloned1 = "13_cloned.rs" 53 26 53 35 - let%span s13_cloned2 = "13_cloned.rs" 49 14 52 5 +module M_13_cloned__qyi7043136317404314719__next [#"13_cloned.rs" 54 4 54 35] (* as common::Iterator> *) + let%span s13_cloned0 = "13_cloned.rs" 54 17 54 21 + let%span s13_cloned1 = "13_cloned.rs" 54 26 54 35 + let%span s13_cloned2 = "13_cloned.rs" 50 14 53 5 let%span scommon3 = "common.rs" 27 17 27 21 let%span scommon4 = "common.rs" 27 26 27 44 let%span scommon5 = "common.rs" 23 14 26 5 let%span soption6 = "../../../../creusot-contracts/src/std/option.rs" 31 0 423 1 - let%span s13_cloned7 = "13_cloned.rs" 23 8 23 43 - let%span s13_cloned8 = "13_cloned.rs" 30 12 33 79 + let%span s13_cloned7 = "13_cloned.rs" 24 8 24 43 + let%span s13_cloned8 = "13_cloned.rs" 31 12 34 79 let%span scommon9 = "common.rs" 14 14 14 45 let%span scommon10 = "common.rs" 18 15 18 32 let%span scommon11 = "common.rs" 19 15 19 32 @@ -263,7 +291,7 @@ module M_13_cloned__qyi7043136317404314719__next [#"13_cloned.rs" 53 4 53 35] (* use prelude.prelude.Intrinsic - predicate completed'0 [#"13_cloned.rs" 22 4 22 35] (self : borrowed (t_Cloned'0)) = + predicate completed'0 [#"13_cloned.rs" 23 4 23 35] (self : borrowed (t_Cloned'0)) = [%#s13_cloned7] completed'1 (Borrow.borrow_logic (self.current).t_Cloned__iter'0 (self.final).t_Cloned__iter'0 (Borrow.inherit_id (Borrow.get_id self) 1)) use seq.Seq @@ -280,7 +308,7 @@ module M_13_cloned__qyi7043136317404314719__next [#"13_cloned.rs" 53 4 53 35] (* use seq.Seq - predicate produces'0 [#"13_cloned.rs" 28 4 28 64] (self : t_Cloned'0) (visited : Seq.seq t_T'0) (o : t_Cloned'0) = + predicate produces'0 [#"13_cloned.rs" 29 4 29 64] (self : t_Cloned'0) (visited : Seq.seq t_T'0) (o : t_Cloned'0) = [%#s13_cloned8] exists s : Seq.seq t_T'0 . produces'1 self.t_Cloned__iter'0 s o.t_Cloned__iter'0 /\ Seq.length visited = Seq.length s /\ (forall i : int . 0 <= i /\ i < Seq.length s -> Seq.get visited i = Seq.get s i) @@ -321,9 +349,50 @@ module M_13_cloned__qyi7043136317404314719__next [#"13_cloned.rs" 53 4 53 35] (* (! return' {result}) ] end -module M_13_cloned__qyi7043136317404314719__produces_trans__refines [#"13_cloned.rs" 47 4 47 90] (* as common::Iterator> *) - let%span s13_cloned0 = "13_cloned.rs" 47 4 47 90 - let%span s13_cloned1 = "13_cloned.rs" 30 12 33 79 +module M_13_cloned__qyi11451544921893159183__resolve_coherence__refines [#"13_cloned.rs" 9 9 9 16] (* as creusot_contracts::Resolve> *) + let%span s13_cloned0 = "13_cloned.rs" 9 9 9 16 + let%span s13_cloned1 = "13_cloned.rs" 11 4 11 11 + let%span sinvariant2 = "../../../../creusot-contracts/src/invariant.rs" 24 8 24 18 + + use prelude.prelude.Borrow + + type t_I'0 + + type t_Cloned'0 = + { t_Cloned__iter'0: t_I'0 } + + predicate resolve'1 (_1 : t_I'0) + + predicate structural_resolve'0 (_1 : t_Cloned'0) = + match _1 with + | {t_Cloned__iter'0 = x0} -> resolve'1 x0 + end + + predicate inv'2 (_1 : t_I'0) + + predicate inv'1 (_1 : t_Cloned'0) + + axiom inv_axiom'1 [@rewrite] : forall x : t_Cloned'0 [inv'1 x] . inv'1 x + = match x with + | {t_Cloned__iter'0 = iter} -> inv'2 iter + end + + predicate invariant'0 (self : t_Cloned'0) = + [%#sinvariant2] inv'1 self + + predicate inv'0 (_1 : t_Cloned'0) + + axiom inv_axiom'0 [@rewrite] : forall x : t_Cloned'0 [inv'0 x] . inv'0 x = invariant'0 x + + predicate resolve'0 [#"13_cloned.rs" 9 9 9 16] (self : t_Cloned'0) = + [%#s13_cloned1] resolve'1 self.t_Cloned__iter'0 + + goal refines : [%#s13_cloned0] forall self : t_Cloned'0 . structural_resolve'0 self /\ inv'0 self + -> structural_resolve'0 self /\ (forall result : () . resolve'0 self -> resolve'0 self) +end +module M_13_cloned__qyi7043136317404314719__produces_trans__refines [#"13_cloned.rs" 48 4 48 90] (* as common::Iterator> *) + let%span s13_cloned0 = "13_cloned.rs" 48 4 48 90 + let%span s13_cloned1 = "13_cloned.rs" 31 12 34 79 let%span scommon2 = "common.rs" 14 14 14 45 let%span scommon3 = "common.rs" 18 15 18 32 let%span scommon4 = "common.rs" 19 15 19 32 @@ -368,7 +437,7 @@ module M_13_cloned__qyi7043136317404314719__produces_trans__refines [#"13_cloned use seq.Seq - predicate produces'0 [#"13_cloned.rs" 28 4 28 64] (self : t_Cloned'0) (visited : Seq.seq t_T'0) (o : t_Cloned'0) = + predicate produces'0 [#"13_cloned.rs" 29 4 29 64] (self : t_Cloned'0) (visited : Seq.seq t_T'0) (o : t_Cloned'0) = [%#s13_cloned1] exists s : Seq.seq t_T'0 . produces'1 self.t_Cloned__iter'0 s o.t_Cloned__iter'0 /\ Seq.length visited = Seq.length s /\ (forall i : int . 0 <= i /\ i < Seq.length s -> Seq.get visited i = Seq.get s i) @@ -380,9 +449,9 @@ module M_13_cloned__qyi7043136317404314719__produces_trans__refines [#"13_cloned -> produces'0 b bc c /\ produces'0 a ab b /\ (forall result : () . produces'0 a (Seq.(++) ab bc) c -> produces'0 a (Seq.(++) ab bc) c) end -module M_13_cloned__qyi7043136317404314719__produces_refl__refines [#"13_cloned.rs" 40 4 40 26] (* as common::Iterator> *) - let%span s13_cloned0 = "13_cloned.rs" 40 4 40 26 - let%span s13_cloned1 = "13_cloned.rs" 30 12 33 79 +module M_13_cloned__qyi7043136317404314719__produces_refl__refines [#"13_cloned.rs" 41 4 41 26] (* as common::Iterator> *) + let%span s13_cloned0 = "13_cloned.rs" 41 4 41 26 + let%span s13_cloned1 = "13_cloned.rs" 31 12 34 79 let%span scommon2 = "common.rs" 14 14 14 45 let%span scommon3 = "common.rs" 18 15 18 32 let%span scommon4 = "common.rs" 19 15 19 32 @@ -429,7 +498,7 @@ module M_13_cloned__qyi7043136317404314719__produces_refl__refines [#"13_cloned. use seq.Seq - predicate produces'0 [#"13_cloned.rs" 28 4 28 64] (self : t_Cloned'0) (visited : Seq.seq t_T'0) (o : t_Cloned'0) = + predicate produces'0 [#"13_cloned.rs" 29 4 29 64] (self : t_Cloned'0) (visited : Seq.seq t_T'0) (o : t_Cloned'0) = [%#s13_cloned1] exists s : Seq.seq t_T'0 . produces'1 self.t_Cloned__iter'0 s o.t_Cloned__iter'0 /\ Seq.length visited = Seq.length s /\ (forall i : int . 0 <= i /\ i < Seq.length s -> Seq.get visited i = Seq.get s i) @@ -437,10 +506,10 @@ module M_13_cloned__qyi7043136317404314719__produces_refl__refines [#"13_cloned. goal refines : [%#s13_cloned0] forall self : t_Cloned'0 . forall result : () . produces'0 self (Seq.empty : Seq.seq t_T'0) self -> produces'0 self (Seq.empty : Seq.seq t_T'0) self end -module M_13_cloned__qyi7043136317404314719__next__refines [#"13_cloned.rs" 53 4 53 35] (* as common::Iterator> *) - let%span s13_cloned0 = "13_cloned.rs" 53 4 53 35 - let%span s13_cloned1 = "13_cloned.rs" 23 8 23 43 - let%span s13_cloned2 = "13_cloned.rs" 30 12 33 79 +module M_13_cloned__qyi7043136317404314719__next__refines [#"13_cloned.rs" 54 4 54 35] (* as common::Iterator> *) + let%span s13_cloned0 = "13_cloned.rs" 54 4 54 35 + let%span s13_cloned1 = "13_cloned.rs" 24 8 24 43 + let%span s13_cloned2 = "13_cloned.rs" 31 12 34 79 let%span sinvariant3 = "../../../../creusot-contracts/src/invariant.rs" 34 20 34 44 let%span scommon4 = "common.rs" 14 14 14 45 let%span scommon5 = "common.rs" 18 15 18 32 @@ -496,7 +565,7 @@ module M_13_cloned__qyi7043136317404314719__next__refines [#"13_cloned.rs" 53 4 predicate completed'1 [#"common.rs" 11 4 11 36] (self : borrowed t_I'0) - predicate completed'0 [#"13_cloned.rs" 22 4 22 35] (self : borrowed (t_Cloned'0)) = + predicate completed'0 [#"13_cloned.rs" 23 4 23 35] (self : borrowed (t_Cloned'0)) = [%#s13_cloned1] completed'1 (Borrow.borrow_logic (self.current).t_Cloned__iter'0 (self.final).t_Cloned__iter'0 (Borrow.inherit_id (Borrow.get_id self) 1)) use seq.Seq @@ -513,7 +582,7 @@ module M_13_cloned__qyi7043136317404314719__next__refines [#"13_cloned.rs" 53 4 use seq.Seq - predicate produces'0 [#"13_cloned.rs" 28 4 28 64] (self : t_Cloned'0) (visited : Seq.seq t_T'0) (o : t_Cloned'0) = + predicate produces'0 [#"13_cloned.rs" 29 4 29 64] (self : t_Cloned'0) (visited : Seq.seq t_T'0) (o : t_Cloned'0) = [%#s13_cloned2] exists s : Seq.seq t_T'0 . produces'1 self.t_Cloned__iter'0 s o.t_Cloned__iter'0 /\ Seq.length visited = Seq.length s /\ (forall i : int . 0 <= i /\ i < Seq.length s -> Seq.get visited i = Seq.get s i) diff --git a/creusot/tests/should_succeed/iterators/13_cloned.rs b/creusot/tests/should_succeed/iterators/13_cloned.rs index ee25f69511..beb716af08 100644 --- a/creusot/tests/should_succeed/iterators/13_cloned.rs +++ b/creusot/tests/should_succeed/iterators/13_cloned.rs @@ -6,6 +6,7 @@ use creusot_contracts::*; mod common; use common::Iterator; +#[derive(Resolve)] pub struct Cloned { iter: I, } diff --git a/creusot/tests/should_succeed/iterators/13_cloned/why3session.xml b/creusot/tests/should_succeed/iterators/13_cloned/why3session.xml index bc7a331e53..492c1bff44 100644 --- a/creusot/tests/should_succeed/iterators/13_cloned/why3session.xml +++ b/creusot/tests/should_succeed/iterators/13_cloned/why3session.xml @@ -6,6 +6,16 @@ + + + + + + + + + + diff --git a/creusot/tests/should_succeed/iterators/13_cloned/why3shapes.gz b/creusot/tests/should_succeed/iterators/13_cloned/why3shapes.gz index 26dc45149d804dd6feb76dd3b729e183580b7c8f..2a06495367e62c7b30ab2e0332ad054844bf973a 100644 GIT binary patch literal 815 zcmV+~1JL{*iwFP!00000|E*NZj@vj8yz47;b2h%P`Q`#S7{&_HWpfC?tI^^k5n@X- zvSxz({erS&OCHYvi(OybuI?@ttDFAxIY0lvr*O_+Lw|0%_Rn1Apa01A*tD-3Y5|AC z{@As_Z^-8K(^~R8X26nS4zd(r-(Wjzh^3bTVrel48TR4a9bdzSSXM266gxZ*{fir3 zdORLhRhM4&UO|zC)6?+#Fsff1fah?G)x)MSmElw0`4<2uS5KZc=e zEijBti^ogTd>YW|ekC+wLD7*7neC)GW z`fO&O#qt=vo5^*BUo7Zbl9F9Q)Xg1A{`xvY7YDCB7ZufgcIKX@$t|eGA0*aY-*>-) z-<*ElSqt(exA7Llg#i9dOSN?Cap&RC4543nmUx=>N9dd3(0KeF(w7C{;I=on=lK!S z!hH&f_O@ophS`wG8}{D?ULT5_U(ZK8*XJvWEF+8sLxfaPJBmUn=Nv~yYehrQI_9jT zC6pvnDyTq+;DQt9V-V3JQpchvnrazxR`QGqB;G_;2ZGu;h~5!GOjH7EiOlD$RHZCM zMyT*yX%LZVr#T48IAL6Xm&hX~Ha!*!bcD(pUG$+wEhHl2QAMVx_tD6lm1ZoAPD|;P zQ;IS!Ijx0O#MCIg6hSl0SqWsUZlS~jMN+L8E$Bi>OCU#0o3MC~am=bgessuTn_YWm_jdP3$003OSj3NL4 literal 720 zcmV;>0x$g^iwFP!00000|E*I^kJB&^z2{f-R-hM;zm3G9s)&*c9FXQ(O=1Tk+GIBk zi}?4*`Dl~wvJ!$^^7LlrdHiPl=H2GgH)H5vV^NPHhwXmTk}9 z5!vGq5y;XRBoRKP+YuEzstr$N{>IrMZmerlVr zWy3KXfzjdkr9Fo&Lv&*ofG(XuG6CTG1C{Oh;S~CKEd;npEu1KSbX{or7{1ia*Hh@* z20>6&H*^|{=F@=Z|3zHBES~NsCjs&+N|&|+>Ul1Do{L^4a5Q6rMw8B9VIoYNn-2y= z`#3FuO=mFe#c-{=#eiuuOkBY$TJHw%$E#226+N4!icTyH5RdbSMS4ZaozLoZpViW5 zH~XxX$JqTWZgcv8U~fUr_K`6+cR2g_d8S4OuQg*A`F(WOo~9`gOio?6w5O-obkTNQ z`!o3M`TL!+85NX!E;awfP1jytt4Pk5qJiW z0n1!wGn16o8D|_RiammIm1fFt9+Y|2LJ%o CI9uib diff --git a/creusot/tests/should_succeed/iterators/14_copied.coma b/creusot/tests/should_succeed/iterators/14_copied.coma index 944e824a22..1c012f6541 100644 --- a/creusot/tests/should_succeed/iterators/14_copied.coma +++ b/creusot/tests/should_succeed/iterators/14_copied.coma @@ -1,7 +1,35 @@ -module M_14_copied__qyi6387100604932246480__produces_refl [#"14_copied.rs" 40 4 40 26] (* as common::Iterator> *) - let%span s14_copied0 = "14_copied.rs" 39 14 39 45 - let%span s14_copied1 = "14_copied.rs" 37 4 37 10 - let%span s14_copied2 = "14_copied.rs" 30 12 33 79 +module M_14_copied__qyi9674708226815778747__resolve_coherence [#"14_copied.rs" 9 9 9 16] (* as creusot_contracts::Resolve> *) + let%span s14_copied0 = "14_copied.rs" 9 9 9 16 + let%span s14_copied1 = "14_copied.rs" 9 9 9 16 + let%span s14_copied2 = "14_copied.rs" 11 4 11 11 + + use prelude.prelude.Borrow + + type t_I'0 + + type t_Copied'0 = + { t_Copied__iter'0: t_I'0 } + + predicate resolve'1 (_1 : t_I'0) + + predicate structural_resolve'0 (_1 : t_Copied'0) = + match _1 with + | {t_Copied__iter'0 = x0} -> resolve'1 x0 + end + + predicate resolve'0 [#"14_copied.rs" 9 9 9 16] (self : t_Copied'0) = + [%#s14_copied2] resolve'1 self.t_Copied__iter'0 + + constant self : t_Copied'0 + + function resolve_coherence'0 [#"14_copied.rs" 9 9 9 16] (self : t_Copied'0) : () + + goal vc_resolve_coherence'0 : ([%#s14_copied0] structural_resolve'0 self) -> ([%#s14_copied0] resolve'0 self) +end +module M_14_copied__qyi6387100604932246480__produces_refl [#"14_copied.rs" 41 4 41 26] (* as common::Iterator> *) + let%span s14_copied0 = "14_copied.rs" 40 14 40 45 + let%span s14_copied1 = "14_copied.rs" 38 4 38 10 + let%span s14_copied2 = "14_copied.rs" 31 12 34 79 let%span scommon3 = "common.rs" 14 14 14 45 let%span scommon4 = "common.rs" 18 15 18 32 let%span scommon5 = "common.rs" 19 15 19 32 @@ -48,23 +76,23 @@ module M_14_copied__qyi6387100604932246480__produces_refl [#"14_copied.rs" 40 4 use seq.Seq - predicate produces'0 [#"14_copied.rs" 28 4 28 64] (self : t_Copied'0) (visited : Seq.seq t_T'0) (o : t_Copied'0) = + predicate produces'0 [#"14_copied.rs" 29 4 29 64] (self : t_Copied'0) (visited : Seq.seq t_T'0) (o : t_Copied'0) = [%#s14_copied2] exists s : Seq.seq t_T'0 . produces'1 self.t_Copied__iter'0 s o.t_Copied__iter'0 /\ Seq.length visited = Seq.length s /\ (forall i : int . 0 <= i /\ i < Seq.length s -> Seq.get visited i = Seq.get s i) constant self : t_Copied'0 - function produces_refl'0 [#"14_copied.rs" 40 4 40 26] (self : t_Copied'0) : () + function produces_refl'0 [#"14_copied.rs" 41 4 41 26] (self : t_Copied'0) : () goal vc_produces_refl'0 : [%#s14_copied0] produces'0 self (Seq.empty : Seq.seq t_T'0) self end -module M_14_copied__qyi6387100604932246480__produces_trans [#"14_copied.rs" 47 4 47 90] (* as common::Iterator> *) - let%span s14_copied0 = "14_copied.rs" 44 15 44 32 - let%span s14_copied1 = "14_copied.rs" 45 15 45 32 - let%span s14_copied2 = "14_copied.rs" 46 14 46 42 - let%span s14_copied3 = "14_copied.rs" 42 4 42 10 - let%span s14_copied4 = "14_copied.rs" 30 12 33 79 +module M_14_copied__qyi6387100604932246480__produces_trans [#"14_copied.rs" 48 4 48 90] (* as common::Iterator> *) + let%span s14_copied0 = "14_copied.rs" 45 15 45 32 + let%span s14_copied1 = "14_copied.rs" 46 15 46 32 + let%span s14_copied2 = "14_copied.rs" 47 14 47 42 + let%span s14_copied3 = "14_copied.rs" 43 4 43 10 + let%span s14_copied4 = "14_copied.rs" 31 12 34 79 let%span scommon5 = "common.rs" 14 14 14 45 let%span scommon6 = "common.rs" 18 15 18 32 let%span scommon7 = "common.rs" 19 15 19 32 @@ -109,7 +137,7 @@ module M_14_copied__qyi6387100604932246480__produces_trans [#"14_copied.rs" 47 4 use seq.Seq - predicate produces'0 [#"14_copied.rs" 28 4 28 64] (self : t_Copied'0) (visited : Seq.seq t_T'0) (o : t_Copied'0) = + predicate produces'0 [#"14_copied.rs" 29 4 29 64] (self : t_Copied'0) (visited : Seq.seq t_T'0) (o : t_Copied'0) = [%#s14_copied4] exists s : Seq.seq t_T'0 . produces'1 self.t_Copied__iter'0 s o.t_Copied__iter'0 /\ Seq.length visited = Seq.length s /\ (forall i : int . 0 <= i /\ i < Seq.length s -> Seq.get visited i = Seq.get s i) @@ -126,22 +154,22 @@ module M_14_copied__qyi6387100604932246480__produces_trans [#"14_copied.rs" 47 4 constant c : t_Copied'0 - function produces_trans'0 [#"14_copied.rs" 47 4 47 90] (a : t_Copied'0) (ab : Seq.seq t_T'0) (b : t_Copied'0) (bc : Seq.seq t_T'0) (c : t_Copied'0) : () + function produces_trans'0 [#"14_copied.rs" 48 4 48 90] (a : t_Copied'0) (ab : Seq.seq t_T'0) (b : t_Copied'0) (bc : Seq.seq t_T'0) (c : t_Copied'0) : () goal vc_produces_trans'0 : ([%#s14_copied1] produces'0 b bc c) -> ([%#s14_copied0] produces'0 a ab b) -> ([%#s14_copied2] produces'0 a (Seq.(++) ab bc) c) end -module M_14_copied__qyi6387100604932246480__next [#"14_copied.rs" 53 4 53 35] (* as common::Iterator> *) - let%span s14_copied0 = "14_copied.rs" 53 17 53 21 - let%span s14_copied1 = "14_copied.rs" 53 26 53 35 - let%span s14_copied2 = "14_copied.rs" 49 14 52 5 +module M_14_copied__qyi6387100604932246480__next [#"14_copied.rs" 54 4 54 35] (* as common::Iterator> *) + let%span s14_copied0 = "14_copied.rs" 54 17 54 21 + let%span s14_copied1 = "14_copied.rs" 54 26 54 35 + let%span s14_copied2 = "14_copied.rs" 50 14 53 5 let%span scommon3 = "common.rs" 27 17 27 21 let%span scommon4 = "common.rs" 27 26 27 44 let%span scommon5 = "common.rs" 23 14 26 5 let%span soption6 = "../../../../creusot-contracts/src/std/option.rs" 31 0 423 1 - let%span s14_copied7 = "14_copied.rs" 23 8 23 43 - let%span s14_copied8 = "14_copied.rs" 30 12 33 79 + let%span s14_copied7 = "14_copied.rs" 24 8 24 43 + let%span s14_copied8 = "14_copied.rs" 31 12 34 79 let%span scommon9 = "common.rs" 14 14 14 45 let%span scommon10 = "common.rs" 18 15 18 32 let%span scommon11 = "common.rs" 19 15 19 32 @@ -263,7 +291,7 @@ module M_14_copied__qyi6387100604932246480__next [#"14_copied.rs" 53 4 53 35] (* use prelude.prelude.Intrinsic - predicate completed'0 [#"14_copied.rs" 22 4 22 35] (self : borrowed (t_Copied'0)) = + predicate completed'0 [#"14_copied.rs" 23 4 23 35] (self : borrowed (t_Copied'0)) = [%#s14_copied7] completed'1 (Borrow.borrow_logic (self.current).t_Copied__iter'0 (self.final).t_Copied__iter'0 (Borrow.inherit_id (Borrow.get_id self) 1)) use seq.Seq @@ -280,7 +308,7 @@ module M_14_copied__qyi6387100604932246480__next [#"14_copied.rs" 53 4 53 35] (* use seq.Seq - predicate produces'0 [#"14_copied.rs" 28 4 28 64] (self : t_Copied'0) (visited : Seq.seq t_T'0) (o : t_Copied'0) = + predicate produces'0 [#"14_copied.rs" 29 4 29 64] (self : t_Copied'0) (visited : Seq.seq t_T'0) (o : t_Copied'0) = [%#s14_copied8] exists s : Seq.seq t_T'0 . produces'1 self.t_Copied__iter'0 s o.t_Copied__iter'0 /\ Seq.length visited = Seq.length s /\ (forall i : int . 0 <= i /\ i < Seq.length s -> Seq.get visited i = Seq.get s i) @@ -321,9 +349,50 @@ module M_14_copied__qyi6387100604932246480__next [#"14_copied.rs" 53 4 53 35] (* (! return' {result}) ] end -module M_14_copied__qyi6387100604932246480__produces_trans__refines [#"14_copied.rs" 47 4 47 90] (* as common::Iterator> *) - let%span s14_copied0 = "14_copied.rs" 47 4 47 90 - let%span s14_copied1 = "14_copied.rs" 30 12 33 79 +module M_14_copied__qyi9674708226815778747__resolve_coherence__refines [#"14_copied.rs" 9 9 9 16] (* as creusot_contracts::Resolve> *) + let%span s14_copied0 = "14_copied.rs" 9 9 9 16 + let%span s14_copied1 = "14_copied.rs" 11 4 11 11 + let%span sinvariant2 = "../../../../creusot-contracts/src/invariant.rs" 24 8 24 18 + + use prelude.prelude.Borrow + + type t_I'0 + + type t_Copied'0 = + { t_Copied__iter'0: t_I'0 } + + predicate resolve'1 (_1 : t_I'0) + + predicate structural_resolve'0 (_1 : t_Copied'0) = + match _1 with + | {t_Copied__iter'0 = x0} -> resolve'1 x0 + end + + predicate inv'2 (_1 : t_I'0) + + predicate inv'1 (_1 : t_Copied'0) + + axiom inv_axiom'1 [@rewrite] : forall x : t_Copied'0 [inv'1 x] . inv'1 x + = match x with + | {t_Copied__iter'0 = iter} -> inv'2 iter + end + + predicate invariant'0 (self : t_Copied'0) = + [%#sinvariant2] inv'1 self + + predicate inv'0 (_1 : t_Copied'0) + + axiom inv_axiom'0 [@rewrite] : forall x : t_Copied'0 [inv'0 x] . inv'0 x = invariant'0 x + + predicate resolve'0 [#"14_copied.rs" 9 9 9 16] (self : t_Copied'0) = + [%#s14_copied1] resolve'1 self.t_Copied__iter'0 + + goal refines : [%#s14_copied0] forall self : t_Copied'0 . structural_resolve'0 self /\ inv'0 self + -> structural_resolve'0 self /\ (forall result : () . resolve'0 self -> resolve'0 self) +end +module M_14_copied__qyi6387100604932246480__produces_trans__refines [#"14_copied.rs" 48 4 48 90] (* as common::Iterator> *) + let%span s14_copied0 = "14_copied.rs" 48 4 48 90 + let%span s14_copied1 = "14_copied.rs" 31 12 34 79 let%span scommon2 = "common.rs" 14 14 14 45 let%span scommon3 = "common.rs" 18 15 18 32 let%span scommon4 = "common.rs" 19 15 19 32 @@ -368,7 +437,7 @@ module M_14_copied__qyi6387100604932246480__produces_trans__refines [#"14_copied use seq.Seq - predicate produces'0 [#"14_copied.rs" 28 4 28 64] (self : t_Copied'0) (visited : Seq.seq t_T'0) (o : t_Copied'0) = + predicate produces'0 [#"14_copied.rs" 29 4 29 64] (self : t_Copied'0) (visited : Seq.seq t_T'0) (o : t_Copied'0) = [%#s14_copied1] exists s : Seq.seq t_T'0 . produces'1 self.t_Copied__iter'0 s o.t_Copied__iter'0 /\ Seq.length visited = Seq.length s /\ (forall i : int . 0 <= i /\ i < Seq.length s -> Seq.get visited i = Seq.get s i) @@ -380,10 +449,10 @@ module M_14_copied__qyi6387100604932246480__produces_trans__refines [#"14_copied -> produces'0 b bc c /\ produces'0 a ab b /\ (forall result : () . produces'0 a (Seq.(++) ab bc) c -> produces'0 a (Seq.(++) ab bc) c) end -module M_14_copied__qyi6387100604932246480__next__refines [#"14_copied.rs" 53 4 53 35] (* as common::Iterator> *) - let%span s14_copied0 = "14_copied.rs" 53 4 53 35 - let%span s14_copied1 = "14_copied.rs" 23 8 23 43 - let%span s14_copied2 = "14_copied.rs" 30 12 33 79 +module M_14_copied__qyi6387100604932246480__next__refines [#"14_copied.rs" 54 4 54 35] (* as common::Iterator> *) + let%span s14_copied0 = "14_copied.rs" 54 4 54 35 + let%span s14_copied1 = "14_copied.rs" 24 8 24 43 + let%span s14_copied2 = "14_copied.rs" 31 12 34 79 let%span sinvariant3 = "../../../../creusot-contracts/src/invariant.rs" 34 20 34 44 let%span scommon4 = "common.rs" 14 14 14 45 let%span scommon5 = "common.rs" 18 15 18 32 @@ -439,7 +508,7 @@ module M_14_copied__qyi6387100604932246480__next__refines [#"14_copied.rs" 53 4 predicate completed'1 [#"common.rs" 11 4 11 36] (self : borrowed t_I'0) - predicate completed'0 [#"14_copied.rs" 22 4 22 35] (self : borrowed (t_Copied'0)) = + predicate completed'0 [#"14_copied.rs" 23 4 23 35] (self : borrowed (t_Copied'0)) = [%#s14_copied1] completed'1 (Borrow.borrow_logic (self.current).t_Copied__iter'0 (self.final).t_Copied__iter'0 (Borrow.inherit_id (Borrow.get_id self) 1)) use seq.Seq @@ -456,7 +525,7 @@ module M_14_copied__qyi6387100604932246480__next__refines [#"14_copied.rs" 53 4 use seq.Seq - predicate produces'0 [#"14_copied.rs" 28 4 28 64] (self : t_Copied'0) (visited : Seq.seq t_T'0) (o : t_Copied'0) = + predicate produces'0 [#"14_copied.rs" 29 4 29 64] (self : t_Copied'0) (visited : Seq.seq t_T'0) (o : t_Copied'0) = [%#s14_copied2] exists s : Seq.seq t_T'0 . produces'1 self.t_Copied__iter'0 s o.t_Copied__iter'0 /\ Seq.length visited = Seq.length s /\ (forall i : int . 0 <= i /\ i < Seq.length s -> Seq.get visited i = Seq.get s i) @@ -484,9 +553,9 @@ module M_14_copied__qyi6387100604932246480__next__refines [#"14_copied.rs" 53 4 end /\ inv'1 result) end -module M_14_copied__qyi6387100604932246480__produces_refl__refines [#"14_copied.rs" 40 4 40 26] (* as common::Iterator> *) - let%span s14_copied0 = "14_copied.rs" 40 4 40 26 - let%span s14_copied1 = "14_copied.rs" 30 12 33 79 +module M_14_copied__qyi6387100604932246480__produces_refl__refines [#"14_copied.rs" 41 4 41 26] (* as common::Iterator> *) + let%span s14_copied0 = "14_copied.rs" 41 4 41 26 + let%span s14_copied1 = "14_copied.rs" 31 12 34 79 let%span scommon2 = "common.rs" 14 14 14 45 let%span scommon3 = "common.rs" 18 15 18 32 let%span scommon4 = "common.rs" 19 15 19 32 @@ -533,7 +602,7 @@ module M_14_copied__qyi6387100604932246480__produces_refl__refines [#"14_copied. use seq.Seq - predicate produces'0 [#"14_copied.rs" 28 4 28 64] (self : t_Copied'0) (visited : Seq.seq t_T'0) (o : t_Copied'0) = + predicate produces'0 [#"14_copied.rs" 29 4 29 64] (self : t_Copied'0) (visited : Seq.seq t_T'0) (o : t_Copied'0) = [%#s14_copied1] exists s : Seq.seq t_T'0 . produces'1 self.t_Copied__iter'0 s o.t_Copied__iter'0 /\ Seq.length visited = Seq.length s /\ (forall i : int . 0 <= i /\ i < Seq.length s -> Seq.get visited i = Seq.get s i) diff --git a/creusot/tests/should_succeed/iterators/14_copied.rs b/creusot/tests/should_succeed/iterators/14_copied.rs index e574b13bf8..46cc0d8151 100644 --- a/creusot/tests/should_succeed/iterators/14_copied.rs +++ b/creusot/tests/should_succeed/iterators/14_copied.rs @@ -6,6 +6,7 @@ use creusot_contracts::*; mod common; use common::Iterator; +#[derive(Resolve)] pub struct Copied { iter: I, } diff --git a/creusot/tests/should_succeed/iterators/14_copied/why3session.xml b/creusot/tests/should_succeed/iterators/14_copied/why3session.xml index 74a342a803..40bce00bc1 100644 --- a/creusot/tests/should_succeed/iterators/14_copied/why3session.xml +++ b/creusot/tests/should_succeed/iterators/14_copied/why3session.xml @@ -6,6 +6,16 @@ + + + + + + + + + + diff --git a/creusot/tests/should_succeed/iterators/14_copied/why3shapes.gz b/creusot/tests/should_succeed/iterators/14_copied/why3shapes.gz index 5c966b1d6ea8245abae1ba5223478bc343807d7d..9d97f9dd394b351d7a1d60d74914b01168aaa9b5 100644 GIT binary patch literal 815 zcmV+~1JL{*iwFP!00000|E*L_kK#rUz57@A#%8&6^>;_w146OvOLB2f#Hp7e*C0r<8RlR=ws+uof^UDuBhfDqz`b*QbzveRk`b)OQrhVH`3pgD1 z-MI;VLpGVo1C|tXkfi|o2HRmnEWH*GON%+kun(8+_!c(AvTFIG*x_a9U)}K9 zA2lmu*~vm3Db87v0!Pj z>J>N&uwn@lD<@c1PtjskJu14U9>t}e?ba%5ERgC0yx6T0R$0A5^poxnii-4EX+zv@ z5o@d+x@w(B=nA@4O1_FAKD?MFHQUX7>2I3 zz%Vu~9X&K8x|oA$?Blf_<_^=~RobvywEn{Y`f~HBxJB<~DUuTl1K7(vVpiOu?7?U8xzA$h zvzdJs%VYFzCf5~yv!L%uN_GiRcXufH?T;C{I(X~3s;C~bGxs!2Zb2>nAhGWHzWXcq z&FSZZwIJ_u8*f2e3EcODMS5c-v8iKl6QguWRLjmPgHeOV9=?t628o}V!- z+^3Le?`xK9m<^e{VgFs=?V-r|^?b&2d%mK`GQwCeL`WsIqbQVe&T(Y4Rx|{yW6nxi zLP;{Ef(nEPE;w;M1`$0Xbu4s zr6}W)(^_anOpVe@5j4Y`l|aTyu0T>jw2EGWryv9X^`OyfjzAJ6h!S`Stb}xVfXr#5 tj4~)N$pm4dBtnC6+&H6SVyCpEP*PHYDM6Q@N|57u{{ZZ1GOCOS007%_m978) literal 722 zcmV;@0xkU?iwFP!00000|E*I^kJ~s5z57?>mTq$q^{oYZ2!b{2OZTt~>t3D?bQ=&p6!{JGJa&wnIz>01B24A(6n zqumYx1fpC* zdwxb_FGEBiOJ|ToKwV8uzh%hB1cp4F!OD3NFD+yDs~M>`j6k^_51^d}VbkQ$)8Y8F zZNiof$8ZEjhvPr(IcyoC8@m8>=?szy0N)>|Y|ocd=;O5z;4ZarqWs=G=mK~>$*X)Kyg1D^jc;_`j*bU!%>kl#?cv>i~-bJ6o$^fG~?851;`bOs9(VdC6; zFd*8OX$fpPgJ~~@YdtImOq*fi3f|CqH-Nv~d`fTV%`8=PVqt)InMW+r8%iF0Rv-JU zmOi`LXSF=W?q_kE(-#DL4|2ATjJdnR*w?P4hk~rqL_$`k5{7$U zIlU2?8WOA0YVA#F3>Q*MUMOprD@c2-f)%t8nI00Q0nHV&rt%s*2c-bG2TR^c0u~j4 zX8;+n%w;w+Nok#N#*w1fBPdsCrYyKpy3*MyN`uS5W?(YV8K?|o24Xnv2PG{TevStK E0MrCo<^TWy diff --git a/creusot/tests/should_succeed/iterators/15_enumerate.coma b/creusot/tests/should_succeed/iterators/15_enumerate.coma index bf6cf12ccb..ce0b8f79f5 100644 --- a/creusot/tests/should_succeed/iterators/15_enumerate.coma +++ b/creusot/tests/should_succeed/iterators/15_enumerate.coma @@ -1,7 +1,40 @@ -module M_15_enumerate__qyi17057287782225696128__produces_refl [#"15_enumerate.rs" 41 4 41 26] (* as common::Iterator> *) - let%span s15_enumerate0 = "15_enumerate.rs" 40 14 40 45 - let%span s15_enumerate1 = "15_enumerate.rs" 38 4 38 10 - let%span s15_enumerate2 = "15_enumerate.rs" 30 12 34 116 +module M_15_enumerate__qyi1639541584469643790__resolve_coherence [#"15_enumerate.rs" 9 9 9 16] (* as creusot_contracts::Resolve> *) + let%span s15_enumerate0 = "15_enumerate.rs" 9 9 9 16 + let%span s15_enumerate1 = "15_enumerate.rs" 9 9 9 16 + let%span s15_enumerate2 = "15_enumerate.rs" 11 4 12 16 + + use prelude.prelude.Borrow + + type t_I'0 + + use prelude.prelude.UIntSize + + type t_Enumerate'0 = + { t_Enumerate__iter'0: t_I'0; t_Enumerate__count'0: usize } + + predicate resolve'1 (_1 : usize) = + true + + predicate resolve'2 (_1 : t_I'0) + + predicate structural_resolve'0 (_1 : t_Enumerate'0) = + match _1 with + | {t_Enumerate__iter'0 = x0 ; t_Enumerate__count'0 = x1} -> resolve'1 x1 /\ resolve'2 x0 + end + + predicate resolve'0 [#"15_enumerate.rs" 9 9 9 16] (self : t_Enumerate'0) = + [%#s15_enumerate2] resolve'2 self.t_Enumerate__iter'0 /\ resolve'1 self.t_Enumerate__count'0 + + constant self : t_Enumerate'0 + + function resolve_coherence'0 [#"15_enumerate.rs" 9 9 9 16] (self : t_Enumerate'0) : () + + goal vc_resolve_coherence'0 : ([%#s15_enumerate0] structural_resolve'0 self) -> ([%#s15_enumerate0] resolve'0 self) +end +module M_15_enumerate__qyi17057287782225696128__produces_refl [#"15_enumerate.rs" 42 4 42 26] (* as common::Iterator> *) + let%span s15_enumerate0 = "15_enumerate.rs" 41 14 41 45 + let%span s15_enumerate1 = "15_enumerate.rs" 39 4 39 10 + let%span s15_enumerate2 = "15_enumerate.rs" 31 12 35 116 let%span scommon3 = "common.rs" 14 14 14 45 let%span scommon4 = "common.rs" 18 15 18 32 let%span scommon5 = "common.rs" 19 15 19 32 @@ -50,7 +83,7 @@ module M_15_enumerate__qyi17057287782225696128__produces_refl [#"15_enumerate.rs use seq.Seq - predicate produces'0 [#"15_enumerate.rs" 28 4 28 64] (self : t_Enumerate'0) (visited : Seq.seq (usize, t_Item'0)) (o : t_Enumerate'0) + predicate produces'0 [#"15_enumerate.rs" 29 4 29 64] (self : t_Enumerate'0) (visited : Seq.seq (usize, t_Item'0)) (o : t_Enumerate'0) = [%#s15_enumerate2] Seq.length visited @@ -63,16 +96,16 @@ module M_15_enumerate__qyi17057287782225696128__produces_refl [#"15_enumerate.rs constant self : t_Enumerate'0 - function produces_refl'0 [#"15_enumerate.rs" 41 4 41 26] (self : t_Enumerate'0) : () + function produces_refl'0 [#"15_enumerate.rs" 42 4 42 26] (self : t_Enumerate'0) : () goal vc_produces_refl'0 : [%#s15_enumerate0] produces'0 self (Seq.empty : Seq.seq (usize, t_Item'0)) self end -module M_15_enumerate__qyi17057287782225696128__produces_trans [#"15_enumerate.rs" 48 4 48 90] (* as common::Iterator> *) - let%span s15_enumerate0 = "15_enumerate.rs" 45 15 45 32 - let%span s15_enumerate1 = "15_enumerate.rs" 46 15 46 32 - let%span s15_enumerate2 = "15_enumerate.rs" 47 14 47 42 - let%span s15_enumerate3 = "15_enumerate.rs" 43 4 43 10 - let%span s15_enumerate4 = "15_enumerate.rs" 30 12 34 116 +module M_15_enumerate__qyi17057287782225696128__produces_trans [#"15_enumerate.rs" 49 4 49 90] (* as common::Iterator> *) + let%span s15_enumerate0 = "15_enumerate.rs" 46 15 46 32 + let%span s15_enumerate1 = "15_enumerate.rs" 47 15 47 32 + let%span s15_enumerate2 = "15_enumerate.rs" 48 14 48 42 + let%span s15_enumerate3 = "15_enumerate.rs" 44 4 44 10 + let%span s15_enumerate4 = "15_enumerate.rs" 31 12 35 116 let%span scommon5 = "common.rs" 14 14 14 45 let%span scommon6 = "common.rs" 18 15 18 32 let%span scommon7 = "common.rs" 19 15 19 32 @@ -119,7 +152,7 @@ module M_15_enumerate__qyi17057287782225696128__produces_trans [#"15_enumerate.r use seq.Seq - predicate produces'0 [#"15_enumerate.rs" 28 4 28 64] (self : t_Enumerate'0) (visited : Seq.seq (usize, t_Item'0)) (o : t_Enumerate'0) + predicate produces'0 [#"15_enumerate.rs" 29 4 29 64] (self : t_Enumerate'0) (visited : Seq.seq (usize, t_Item'0)) (o : t_Enumerate'0) = [%#s15_enumerate4] Seq.length visited @@ -142,29 +175,29 @@ module M_15_enumerate__qyi17057287782225696128__produces_trans [#"15_enumerate.r constant c : t_Enumerate'0 - function produces_trans'0 [#"15_enumerate.rs" 48 4 48 90] (a : t_Enumerate'0) (ab : Seq.seq (usize, t_Item'0)) (b : t_Enumerate'0) (bc : Seq.seq (usize, t_Item'0)) (c : t_Enumerate'0) : () + function produces_trans'0 [#"15_enumerate.rs" 49 4 49 90] (a : t_Enumerate'0) (ab : Seq.seq (usize, t_Item'0)) (b : t_Enumerate'0) (bc : Seq.seq (usize, t_Item'0)) (c : t_Enumerate'0) : () goal vc_produces_trans'0 : ([%#s15_enumerate1] produces'0 b bc c) -> ([%#s15_enumerate0] produces'0 a ab b) -> ([%#s15_enumerate2] produces'0 a (Seq.(++) ab bc) c) end -module M_15_enumerate__qyi17057287782225696128__next [#"15_enumerate.rs" 54 4 54 44] (* as common::Iterator> *) - let%span s15_enumerate0 = "15_enumerate.rs" 59 30 59 31 - let%span s15_enumerate1 = "15_enumerate.rs" 54 17 54 21 - let%span s15_enumerate2 = "15_enumerate.rs" 54 26 54 44 - let%span s15_enumerate3 = "15_enumerate.rs" 50 14 53 5 +module M_15_enumerate__qyi17057287782225696128__next [#"15_enumerate.rs" 55 4 55 44] (* as common::Iterator> *) + let%span s15_enumerate0 = "15_enumerate.rs" 60 30 60 31 + let%span s15_enumerate1 = "15_enumerate.rs" 55 17 55 21 + let%span s15_enumerate2 = "15_enumerate.rs" 55 26 55 44 + let%span s15_enumerate3 = "15_enumerate.rs" 51 14 54 5 let%span scommon4 = "common.rs" 27 17 27 21 let%span scommon5 = "common.rs" 27 26 27 44 let%span scommon6 = "common.rs" 23 14 26 5 - let%span s15_enumerate7 = "15_enumerate.rs" 23 8 23 74 - let%span s15_enumerate8 = "15_enumerate.rs" 30 12 34 116 + let%span s15_enumerate7 = "15_enumerate.rs" 24 8 24 74 + let%span s15_enumerate8 = "15_enumerate.rs" 31 12 35 116 let%span scommon9 = "common.rs" 14 14 14 45 let%span scommon10 = "common.rs" 18 15 18 32 let%span scommon11 = "common.rs" 19 15 19 32 let%span scommon12 = "common.rs" 20 14 20 42 let%span sresolve13 = "../../../../creusot-contracts/src/resolve.rs" 54 20 54 34 let%span sinvariant14 = "../../../../creusot-contracts/src/invariant.rs" 34 20 34 44 - let%span s15_enumerate15 = "15_enumerate.rs" 74 12 78 79 + let%span s15_enumerate15 = "15_enumerate.rs" 75 12 79 79 use prelude.prelude.Borrow @@ -245,7 +278,7 @@ module M_15_enumerate__qyi17057287782225696128__next [#"15_enumerate.rs" 54 4 54 constant v_MAX'0 : usize = (18446744073709551615 : usize) - predicate invariant'2 [#"15_enumerate.rs" 72 4 72 30] (self : t_Enumerate'0) = + predicate invariant'2 [#"15_enumerate.rs" 73 4 73 30] (self : t_Enumerate'0) = [%#s15_enumerate15] (forall s : Seq.seq t_Item'0, i : t_I'0 [produces'1 self.t_Enumerate__iter'0 s i] . produces'1 self.t_Enumerate__iter'0 s i -> UIntSize.to_int self.t_Enumerate__count'0 + Seq.length s < UIntSize.to_int v_MAX'0) /\ (forall i : borrowed t_I'0 . completed'1 i -> produces'1 i.current (Seq.empty : Seq.seq t_Item'0) i.final) @@ -292,7 +325,7 @@ module M_15_enumerate__qyi17057287782225696128__next [#"15_enumerate.rs" 54 4 54 predicate resolve'2 (self : borrowed usize) = [%#sresolve13] self.final = self.current - predicate completed'0 [#"15_enumerate.rs" 22 4 22 35] (self : borrowed (t_Enumerate'0)) = + predicate completed'0 [#"15_enumerate.rs" 23 4 23 35] (self : borrowed (t_Enumerate'0)) = [%#s15_enumerate7] completed'1 (Borrow.borrow_logic (self.current).t_Enumerate__iter'0 (self.final).t_Enumerate__iter'0 (Borrow.inherit_id (Borrow.get_id self) 1)) /\ resolve'2 (Borrow.borrow_logic (self.current).t_Enumerate__count'0 (self.final).t_Enumerate__count'0 (Borrow.inherit_id (Borrow.get_id self) 2)) @@ -306,7 +339,7 @@ module M_15_enumerate__qyi17057287782225696128__next [#"15_enumerate.rs" 54 4 54 use seq.Seq - predicate produces'0 [#"15_enumerate.rs" 28 4 28 64] (self : t_Enumerate'0) (visited : Seq.seq (usize, t_Item'0)) (o : t_Enumerate'0) + predicate produces'0 [#"15_enumerate.rs" 29 4 29 64] (self : t_Enumerate'0) (visited : Seq.seq (usize, t_Item'0)) (o : t_Enumerate'0) = [%#s15_enumerate8] Seq.length visited @@ -369,18 +402,18 @@ module M_15_enumerate__qyi17057287782225696128__next [#"15_enumerate.rs" 54 4 54 (! return' {result}) ] end -module M_15_enumerate__enumerate [#"15_enumerate.rs" 87 0 87 54] - let%span s15_enumerate0 = "15_enumerate.rs" 88 29 88 30 - let%span s15_enumerate1 = "15_enumerate.rs" 87 30 87 34 - let%span s15_enumerate2 = "15_enumerate.rs" 84 11 84 73 - let%span s15_enumerate3 = "15_enumerate.rs" 85 11 85 91 - let%span s15_enumerate4 = "15_enumerate.rs" 87 42 87 54 - let%span s15_enumerate5 = "15_enumerate.rs" 86 10 86 51 +module M_15_enumerate__enumerate [#"15_enumerate.rs" 88 0 88 54] + let%span s15_enumerate0 = "15_enumerate.rs" 89 29 89 30 + let%span s15_enumerate1 = "15_enumerate.rs" 88 30 88 34 + let%span s15_enumerate2 = "15_enumerate.rs" 85 11 85 73 + let%span s15_enumerate3 = "15_enumerate.rs" 86 11 86 91 + let%span s15_enumerate4 = "15_enumerate.rs" 88 42 88 54 + let%span s15_enumerate5 = "15_enumerate.rs" 87 10 87 51 let%span scommon6 = "common.rs" 14 14 14 45 let%span scommon7 = "common.rs" 18 15 18 32 let%span scommon8 = "common.rs" 19 15 19 32 let%span scommon9 = "common.rs" 20 14 20 42 - let%span s15_enumerate10 = "15_enumerate.rs" 74 12 78 79 + let%span s15_enumerate10 = "15_enumerate.rs" 75 12 79 79 use prelude.prelude.UIntSize @@ -425,7 +458,7 @@ module M_15_enumerate__enumerate [#"15_enumerate.rs" 87 0 87 54] use prelude.prelude.Int - predicate invariant'0 [#"15_enumerate.rs" 72 4 72 30] (self : t_Enumerate'0) = + predicate invariant'0 [#"15_enumerate.rs" 73 4 73 30] (self : t_Enumerate'0) = [%#s15_enumerate10] (forall s : Seq.seq t_Item'0, i : t_I'0 [produces'0 self.t_Enumerate__iter'0 s i] . produces'0 self.t_Enumerate__iter'0 s i -> UIntSize.to_int self.t_Enumerate__count'0 + Seq.length s < UIntSize.to_int v_MAX'0) /\ (forall i : borrowed t_I'0 . completed'0 i -> produces'0 i.current (Seq.empty : Seq.seq t_Item'0) i.final) @@ -461,17 +494,104 @@ module M_15_enumerate__enumerate [#"15_enumerate.rs" 87 0 87 54] (! return' {result}) ] end -module M_15_enumerate__qyi17057287782225696128__next__refines [#"15_enumerate.rs" 54 4 54 44] (* as common::Iterator> *) - let%span s15_enumerate0 = "15_enumerate.rs" 54 4 54 44 - let%span s15_enumerate1 = "15_enumerate.rs" 23 8 23 74 - let%span s15_enumerate2 = "15_enumerate.rs" 30 12 34 116 +module M_15_enumerate__qyi1639541584469643790__resolve_coherence__refines [#"15_enumerate.rs" 9 9 9 16] (* as creusot_contracts::Resolve> *) + let%span s15_enumerate0 = "15_enumerate.rs" 9 9 9 16 + let%span s15_enumerate1 = "15_enumerate.rs" 11 4 12 16 + let%span sinvariant2 = "../../../../creusot-contracts/src/invariant.rs" 24 8 24 18 + let%span s15_enumerate3 = "15_enumerate.rs" 75 12 79 79 + let%span scommon4 = "common.rs" 14 14 14 45 + let%span scommon5 = "common.rs" 18 15 18 32 + let%span scommon6 = "common.rs" 19 15 19 32 + let%span scommon7 = "common.rs" 20 14 20 42 + + use prelude.prelude.Borrow + + type t_I'0 + + use prelude.prelude.UIntSize + + type t_Enumerate'0 = + { t_Enumerate__iter'0: t_I'0; t_Enumerate__count'0: usize } + + predicate resolve'1 (_1 : usize) = + true + + predicate resolve'2 (_1 : t_I'0) + + predicate structural_resolve'0 (_1 : t_Enumerate'0) = + match _1 with + | {t_Enumerate__iter'0 = x0 ; t_Enumerate__count'0 = x1} -> resolve'1 x1 /\ resolve'2 x0 + end + + use seq.Seq + + use seq.Seq + + type t_Item'0 + + use seq.Seq + + predicate produces'0 [#"common.rs" 8 4 8 65] (self : t_I'0) (visited : Seq.seq t_Item'0) (o : t_I'0) + + function produces_trans'0 [#"common.rs" 21 4 21 91] (a : t_I'0) (ab : Seq.seq t_Item'0) (b : t_I'0) (bc : Seq.seq t_Item'0) (c : t_I'0) : () + + + axiom produces_trans'0_spec : forall a : t_I'0, ab : Seq.seq t_Item'0, b : t_I'0, bc : Seq.seq t_Item'0, c : t_I'0 . ([%#scommon5] produces'0 a ab b) + -> ([%#scommon6] produces'0 b bc c) -> ([%#scommon7] produces'0 a (Seq.(++) ab bc) c) + + function produces_refl'0 [#"common.rs" 15 4 15 27] (self : t_I'0) : () + + axiom produces_refl'0_spec : forall self : t_I'0 . [%#scommon4] produces'0 self (Seq.empty : Seq.seq t_Item'0) self + + use prelude.prelude.UIntSize + + use seq.Seq + + use prelude.prelude.Int + + constant v_MAX'0 : usize = (18446744073709551615 : usize) + + predicate completed'0 [#"common.rs" 11 4 11 36] (self : borrowed t_I'0) + + predicate invariant'1 [#"15_enumerate.rs" 73 4 73 30] (self : t_Enumerate'0) = + [%#s15_enumerate3] (forall s : Seq.seq t_Item'0, i : t_I'0 [produces'0 self.t_Enumerate__iter'0 s i] . produces'0 self.t_Enumerate__iter'0 s i + -> UIntSize.to_int self.t_Enumerate__count'0 + Seq.length s < UIntSize.to_int v_MAX'0) + /\ (forall i : borrowed t_I'0 . completed'0 i -> produces'0 i.current (Seq.empty : Seq.seq t_Item'0) i.final) + + predicate inv'2 (_1 : t_I'0) + + predicate inv'1 (_1 : t_Enumerate'0) + + axiom inv_axiom'1 [@rewrite] : forall x : t_Enumerate'0 [inv'1 x] . inv'1 x + = (invariant'1 x + /\ match x with + | {t_Enumerate__iter'0 = iter ; t_Enumerate__count'0 = count} -> inv'2 iter + end) + + predicate invariant'0 (self : t_Enumerate'0) = + [%#sinvariant2] inv'1 self + + predicate inv'0 (_1 : t_Enumerate'0) + + axiom inv_axiom'0 [@rewrite] : forall x : t_Enumerate'0 [inv'0 x] . inv'0 x = invariant'0 x + + predicate resolve'0 [#"15_enumerate.rs" 9 9 9 16] (self : t_Enumerate'0) = + [%#s15_enumerate1] resolve'2 self.t_Enumerate__iter'0 /\ resolve'1 self.t_Enumerate__count'0 + + goal refines : [%#s15_enumerate0] forall self : t_Enumerate'0 . structural_resolve'0 self /\ inv'0 self + -> structural_resolve'0 self /\ (forall result : () . resolve'0 self -> resolve'0 self) +end +module M_15_enumerate__qyi17057287782225696128__next__refines [#"15_enumerate.rs" 55 4 55 44] (* as common::Iterator> *) + let%span s15_enumerate0 = "15_enumerate.rs" 55 4 55 44 + let%span s15_enumerate1 = "15_enumerate.rs" 24 8 24 74 + let%span s15_enumerate2 = "15_enumerate.rs" 31 12 35 116 let%span sresolve3 = "../../../../creusot-contracts/src/resolve.rs" 54 20 54 34 let%span sinvariant4 = "../../../../creusot-contracts/src/invariant.rs" 34 20 34 44 let%span scommon5 = "common.rs" 14 14 14 45 let%span scommon6 = "common.rs" 18 15 18 32 let%span scommon7 = "common.rs" 19 15 19 32 let%span scommon8 = "common.rs" 20 14 20 42 - let%span s15_enumerate9 = "15_enumerate.rs" 74 12 78 79 + let%span s15_enumerate9 = "15_enumerate.rs" 75 12 79 79 use prelude.prelude.Borrow @@ -512,7 +632,7 @@ module M_15_enumerate__qyi17057287782225696128__next__refines [#"15_enumerate.rs predicate completed'1 [#"common.rs" 11 4 11 36] (self : borrowed t_I'0) - predicate invariant'1 [#"15_enumerate.rs" 72 4 72 30] (self : t_Enumerate'0) = + predicate invariant'1 [#"15_enumerate.rs" 73 4 73 30] (self : t_Enumerate'0) = [%#s15_enumerate9] (forall s : Seq.seq t_Item'0, i : t_I'0 [produces'1 self.t_Enumerate__iter'0 s i] . produces'1 self.t_Enumerate__iter'0 s i -> UIntSize.to_int self.t_Enumerate__count'0 + Seq.length s < UIntSize.to_int v_MAX'0) /\ (forall i : borrowed t_I'0 . completed'1 i -> produces'1 i.current (Seq.empty : Seq.seq t_Item'0) i.final) @@ -541,7 +661,7 @@ module M_15_enumerate__qyi17057287782225696128__next__refines [#"15_enumerate.rs predicate resolve'0 (self : borrowed usize) = [%#sresolve3] self.final = self.current - predicate completed'0 [#"15_enumerate.rs" 22 4 22 35] (self : borrowed (t_Enumerate'0)) = + predicate completed'0 [#"15_enumerate.rs" 23 4 23 35] (self : borrowed (t_Enumerate'0)) = [%#s15_enumerate1] completed'1 (Borrow.borrow_logic (self.current).t_Enumerate__iter'0 (self.final).t_Enumerate__iter'0 (Borrow.inherit_id (Borrow.get_id self) 1)) /\ resolve'0 (Borrow.borrow_logic (self.current).t_Enumerate__count'0 (self.final).t_Enumerate__count'0 (Borrow.inherit_id (Borrow.get_id self) 2)) @@ -555,7 +675,7 @@ module M_15_enumerate__qyi17057287782225696128__next__refines [#"15_enumerate.rs use seq.Seq - predicate produces'0 [#"15_enumerate.rs" 28 4 28 64] (self : t_Enumerate'0) (visited : Seq.seq (usize, t_Item'0)) (o : t_Enumerate'0) + predicate produces'0 [#"15_enumerate.rs" 29 4 29 64] (self : t_Enumerate'0) (visited : Seq.seq (usize, t_Item'0)) (o : t_Enumerate'0) = [%#s15_enumerate2] Seq.length visited @@ -593,9 +713,9 @@ module M_15_enumerate__qyi17057287782225696128__next__refines [#"15_enumerate.rs end /\ inv'1 result) end -module M_15_enumerate__qyi17057287782225696128__produces_trans__refines [#"15_enumerate.rs" 48 4 48 90] (* as common::Iterator> *) - let%span s15_enumerate0 = "15_enumerate.rs" 48 4 48 90 - let%span s15_enumerate1 = "15_enumerate.rs" 30 12 34 116 +module M_15_enumerate__qyi17057287782225696128__produces_trans__refines [#"15_enumerate.rs" 49 4 49 90] (* as common::Iterator> *) + let%span s15_enumerate0 = "15_enumerate.rs" 49 4 49 90 + let%span s15_enumerate1 = "15_enumerate.rs" 31 12 35 116 let%span scommon2 = "common.rs" 14 14 14 45 let%span scommon3 = "common.rs" 18 15 18 32 let%span scommon4 = "common.rs" 19 15 19 32 @@ -642,7 +762,7 @@ module M_15_enumerate__qyi17057287782225696128__produces_trans__refines [#"15_en use seq.Seq - predicate produces'0 [#"15_enumerate.rs" 28 4 28 64] (self : t_Enumerate'0) (visited : Seq.seq (usize, t_Item'0)) (o : t_Enumerate'0) + predicate produces'0 [#"15_enumerate.rs" 29 4 29 64] (self : t_Enumerate'0) (visited : Seq.seq (usize, t_Item'0)) (o : t_Enumerate'0) = [%#s15_enumerate1] Seq.length visited @@ -660,9 +780,9 @@ module M_15_enumerate__qyi17057287782225696128__produces_trans__refines [#"15_en -> produces'0 b bc c /\ produces'0 a ab b /\ (forall result : () . produces'0 a (Seq.(++) ab bc) c -> produces'0 a (Seq.(++) ab bc) c) end -module M_15_enumerate__qyi17057287782225696128__produces_refl__refines [#"15_enumerate.rs" 41 4 41 26] (* as common::Iterator> *) - let%span s15_enumerate0 = "15_enumerate.rs" 41 4 41 26 - let%span s15_enumerate1 = "15_enumerate.rs" 30 12 34 116 +module M_15_enumerate__qyi17057287782225696128__produces_refl__refines [#"15_enumerate.rs" 42 4 42 26] (* as common::Iterator> *) + let%span s15_enumerate0 = "15_enumerate.rs" 42 4 42 26 + let%span s15_enumerate1 = "15_enumerate.rs" 31 12 35 116 let%span scommon2 = "common.rs" 14 14 14 45 let%span scommon3 = "common.rs" 18 15 18 32 let%span scommon4 = "common.rs" 19 15 19 32 @@ -711,7 +831,7 @@ module M_15_enumerate__qyi17057287782225696128__produces_refl__refines [#"15_enu use seq.Seq - predicate produces'0 [#"15_enumerate.rs" 28 4 28 64] (self : t_Enumerate'0) (visited : Seq.seq (usize, t_Item'0)) (o : t_Enumerate'0) + predicate produces'0 [#"15_enumerate.rs" 29 4 29 64] (self : t_Enumerate'0) (visited : Seq.seq (usize, t_Item'0)) (o : t_Enumerate'0) = [%#s15_enumerate1] Seq.length visited diff --git a/creusot/tests/should_succeed/iterators/15_enumerate.rs b/creusot/tests/should_succeed/iterators/15_enumerate.rs index f92e16a249..560f87c8ba 100644 --- a/creusot/tests/should_succeed/iterators/15_enumerate.rs +++ b/creusot/tests/should_succeed/iterators/15_enumerate.rs @@ -6,6 +6,7 @@ use creusot_contracts::{invariant::Invariant, *}; mod common; use common::Iterator; +#[derive(Resolve)] pub struct Enumerate { iter: I, count: usize, diff --git a/creusot/tests/should_succeed/iterators/15_enumerate/why3session.xml b/creusot/tests/should_succeed/iterators/15_enumerate/why3session.xml index 1622bf62ca..78f470cc5e 100644 --- a/creusot/tests/should_succeed/iterators/15_enumerate/why3session.xml +++ b/creusot/tests/should_succeed/iterators/15_enumerate/why3session.xml @@ -8,6 +8,16 @@ + + + + + + + + + + diff --git a/creusot/tests/should_succeed/iterators/15_enumerate/why3shapes.gz b/creusot/tests/should_succeed/iterators/15_enumerate/why3shapes.gz index 63e484f10a2c3ecfaa9211d20c4d462c67eda3b6..c483594deb63f64d5a8714b96a312bca0759f8cb 100644 GIT binary patch literal 1467 zcmV;s1w{HEiwFP!00000|Fu`kZsW!h-SaE7Q*ONJs(uH_LNG2tE$(a*G_n(_ADj^) zQyz(OlE1%bzD(Mhv1KIQxLI9~u5(U5^uv#<^A~zd=hag>o%hG)rAYr+(cPT`$DP>D&G^c~95^f&v69lmWBa$0WpPjY=4p*iQ@i_bb9qQ7YSWsnAO3L8 zsZE}x)1I1k4NiUSoWZGb927GL=4|i4oGr&eL8o*+9-h*gIbhqxSGl2cd%A@7a-zd- z>DPw?`=(1-bUo}kpk`I*oDTK&YE(Bh0|Kst2(Lhd*C4_i#5uNVFstoVYq{|5R@6_u zTwIR1yK~yv4v*{hakqyF4BeI_H3W9W)B8oJPfcOZU4^$0qYS7zN$$emy>9eK_EwSb>+*s2E3T zb5G&;@OVgVidj$cIoqtQa5(-dy@}`xn3OZKy!z_^xGu-Rz(L+(*GRN;5^>z|dff3k@A&zV066i06Aw5PQMt=! zq6f<4L|GoqI)Krr#}*(%Gs#0u@=ycO!=~yQns>9??b~#E=3wDh@0)(e$sbRr#S-;ZfEfz;O$`2@Qh+F~vp_~#aI zMS<{k##g$Wq%$s;ei=qnff4#|EWHy_mupcy94}cfuNyk_!=aJlC3eq;`@d7KSJb4y zp2xo9S3J)4d>`C7r{;V)rSk%*9z^z>%b1Zlyln)Cq##=oPTew-WcY#B|0z;`FOFI%?FU{Q*7T!odfGo zOa*Blr?TId&eg!}q})9BF45-LQL^3DdDBjsM{gJW@XXJaesRcV)?8w7;m;uM&y5>^ zdvj$ULiNV1Q;YqXzWvaxlr;nP^_Aqn+*zfq(Ms#Bfnbx)j=%;_R6zh&fW&?9+G|USgfJoaWKH&j&Xc0_-fOf0n2@BD z3YI8=QJ{=uGJ9h0$r2=iN@6rMGO%^1O;FM*!~mwwo~i;_LGB-T7bIjPDM=)obdq3I z@IjH$T!F#FQbx;Eh!sMGtO8qssX%wJ-b*xIQw)~tfVIpmgALjS37lo5QB=sk5w3%% zQKNvG*+fwYVZ0#-mRSy3s}<@BRfTV4NtqUvBnKc+1}sCZywutPaHUopD-IQB71|2T zTj`RK_?RScnM7>?gX9W=vgA!* zH71|Y6uc66OHvU;;7U`_RI|t;pf?_s6qW%(q>QPMl@Pb5mRbr+Xm}JV=qNC9ZoO7k za08q~Mpmc~X9rBdr$nAq&9bVAk!GTfLJ-008|K=Xn4C literal 1383 zcmV-t1(^CDiwFP!00000|Fu_3bK^D)zUx=$=5})-z;~y6$YiRa58X>UoZdVjMeTal zk+Zg(-TwQItVg8SN$kuvm%tG4fxrin;4dHY{TF&j`}{HO_Umo^TdwjCzh?BX+m?rz z_6zWgZf-ny?!|Jd#uE+m;IWwbN=o++&A(nw)y%72t(IrCMUfq))p2c8PuizV)tMc| zXQ($fUVH0-Enm)=6b=!WW-J0rV0bYGO8gs9TLC7Ws%-ha@d0PxZA3%6O`up&( zN$9-?))``(#VBQW4c)CiZR@mPgHq7l>aXp6S}^Z{cV6Iu7o(I7lDfU4xV?Yaq$ZUM z=0QH8P4bS1-7eKl`+2{vKW|dAtvzU})-`Q9r!k;f{uFR?9=y2iiv)5xN=5c&$)A@= zc{9P)-}-{>DD`kapc+D{R(I{j$!Mf+osH~&7Qd@NEIOVBRu51S^NwhsKf1)S+XcpLGgFUQsy zmP;RdX$&xw{)MF<8|jEOiypU!wqH&Y+H_){NcOyTyR_eK9^1VBpLktIjUCwW*kyde z<7Cfw&PU@^?+?4QpH-?WBK=^kcKlhb)23Xpv9#-Y6}E@E+|vy;+ts>mF36!XjF7GC zCVfu3eEXPo)n@y>4b`J`0pMM*m$Ey=I9JmvNP7)tpr$(t`h(;mnvZqP&K$2o=K2e1*7P1_i~KamAY1kW46=Syy7=~fb(!O^Wrqpu z4XAMnH1kKq*>?#$d6%%$cL|%mONQy}?Gc;}^B@fKAhaX+u$3Zz<5ey2^U zKQ~{FlVG=L9#?il43WxkHxMU;+Bcct!tDvN`6(?>JiL$an@tiY<)}gruw34M@ zNv0@687WqkRw78y%yKOl@|>gNa6K-WDgXyl39FTrN~MzNU=p)Rl`^oLE61hd!f}4# zN@FOK1TK@PEMSyeK~$E4iLAmD+G=v+xV{EdL=m~t6g5?>WF=rQ0hJV%0YXV_O$Bq@ zUJos`6qeBNQmCj)fhFfQXk`UAz)7@~74U9!z!XDD6i8L9?P_AAnW(DD7+u+RbKu2j ptP%{-MvgWqX-bV+=!8OPqXYl| diff --git a/creusot/tests/should_succeed/iterators/16_take.coma b/creusot/tests/should_succeed/iterators/16_take.coma index e1f074ef26..03df9c886c 100644 --- a/creusot/tests/should_succeed/iterators/16_take.coma +++ b/creusot/tests/should_succeed/iterators/16_take.coma @@ -1,7 +1,40 @@ -module M_16_take__qyi16574350389265959367__produces_refl [#"16_take.rs" 40 4 40 26] (* as common::Iterator> *) - let%span s16_take0 = "16_take.rs" 39 14 39 45 - let%span s16_take1 = "16_take.rs" 37 4 37 10 - let%span s16_take2 = "16_take.rs" 32 8 34 9 +module M_16_take__qyi16329403265779881678__resolve_coherence [#"16_take.rs" 9 9 9 16] (* as creusot_contracts::Resolve> *) + let%span s16_take0 = "16_take.rs" 9 9 9 16 + let%span s16_take1 = "16_take.rs" 9 9 9 16 + let%span s16_take2 = "16_take.rs" 11 4 12 12 + + use prelude.prelude.Borrow + + type t_I'0 + + use prelude.prelude.UIntSize + + type t_Take'0 = + { t_Take__iter'0: t_I'0; t_Take__n'0: usize } + + predicate resolve'1 (_1 : usize) = + true + + predicate resolve'2 (_1 : t_I'0) + + predicate structural_resolve'0 (_1 : t_Take'0) = + match _1 with + | {t_Take__iter'0 = x0 ; t_Take__n'0 = x1} -> resolve'1 x1 /\ resolve'2 x0 + end + + predicate resolve'0 [#"16_take.rs" 9 9 9 16] (self : t_Take'0) = + [%#s16_take2] resolve'2 self.t_Take__iter'0 /\ resolve'1 self.t_Take__n'0 + + constant self : t_Take'0 + + function resolve_coherence'0 [#"16_take.rs" 9 9 9 16] (self : t_Take'0) : () + + goal vc_resolve_coherence'0 : ([%#s16_take0] structural_resolve'0 self) -> ([%#s16_take0] resolve'0 self) +end +module M_16_take__qyi16574350389265959367__produces_refl [#"16_take.rs" 41 4 41 26] (* as common::Iterator> *) + let%span s16_take0 = "16_take.rs" 40 14 40 45 + let%span s16_take1 = "16_take.rs" 38 4 38 10 + let%span s16_take2 = "16_take.rs" 33 8 35 9 let%span scommon3 = "common.rs" 14 14 14 45 let%span scommon4 = "common.rs" 18 15 18 32 let%span scommon5 = "common.rs" 19 15 19 32 @@ -40,22 +73,22 @@ module M_16_take__qyi16574350389265959367__produces_refl [#"16_take.rs" 40 4 40 use prelude.prelude.Int - predicate produces'0 [#"16_take.rs" 31 4 31 64] (self : t_Take'0) (visited : Seq.seq t_Item'0) (o : t_Take'0) = + predicate produces'0 [#"16_take.rs" 32 4 32 64] (self : t_Take'0) (visited : Seq.seq t_Item'0) (o : t_Take'0) = [%#s16_take2] UIntSize.to_int self.t_Take__n'0 = UIntSize.to_int o.t_Take__n'0 + Seq.length visited /\ produces'1 self.t_Take__iter'0 visited o.t_Take__iter'0 constant self : t_Take'0 - function produces_refl'0 [#"16_take.rs" 40 4 40 26] (self : t_Take'0) : () + function produces_refl'0 [#"16_take.rs" 41 4 41 26] (self : t_Take'0) : () goal vc_produces_refl'0 : [%#s16_take0] produces'0 self (Seq.empty : Seq.seq t_Item'0) self end -module M_16_take__qyi16574350389265959367__produces_trans [#"16_take.rs" 47 4 47 90] (* as common::Iterator> *) - let%span s16_take0 = "16_take.rs" 44 15 44 32 - let%span s16_take1 = "16_take.rs" 45 15 45 32 - let%span s16_take2 = "16_take.rs" 46 14 46 42 - let%span s16_take3 = "16_take.rs" 42 4 42 10 - let%span s16_take4 = "16_take.rs" 32 8 34 9 +module M_16_take__qyi16574350389265959367__produces_trans [#"16_take.rs" 48 4 48 90] (* as common::Iterator> *) + let%span s16_take0 = "16_take.rs" 45 15 45 32 + let%span s16_take1 = "16_take.rs" 46 15 46 32 + let%span s16_take2 = "16_take.rs" 47 14 47 42 + let%span s16_take3 = "16_take.rs" 43 4 43 10 + let%span s16_take4 = "16_take.rs" 33 8 35 9 let%span scommon5 = "common.rs" 14 14 14 45 let%span scommon6 = "common.rs" 18 15 18 32 let%span scommon7 = "common.rs" 19 15 19 32 @@ -94,7 +127,7 @@ module M_16_take__qyi16574350389265959367__produces_trans [#"16_take.rs" 47 4 47 use prelude.prelude.Int - predicate produces'0 [#"16_take.rs" 31 4 31 64] (self : t_Take'0) (visited : Seq.seq t_Item'0) (o : t_Take'0) = + predicate produces'0 [#"16_take.rs" 32 4 32 64] (self : t_Take'0) (visited : Seq.seq t_Item'0) (o : t_Take'0) = [%#s16_take4] UIntSize.to_int self.t_Take__n'0 = UIntSize.to_int o.t_Take__n'0 + Seq.length visited /\ produces'1 self.t_Take__iter'0 visited o.t_Take__iter'0 @@ -108,23 +141,23 @@ module M_16_take__qyi16574350389265959367__produces_trans [#"16_take.rs" 47 4 47 constant c : t_Take'0 - function produces_trans'0 [#"16_take.rs" 47 4 47 90] (a : t_Take'0) (ab : Seq.seq t_Item'0) (b : t_Take'0) (bc : Seq.seq t_Item'0) (c : t_Take'0) : () + function produces_trans'0 [#"16_take.rs" 48 4 48 90] (a : t_Take'0) (ab : Seq.seq t_Item'0) (b : t_Take'0) (bc : Seq.seq t_Item'0) (c : t_Take'0) : () goal vc_produces_trans'0 : ([%#s16_take1] produces'0 b bc c) -> ([%#s16_take0] produces'0 a ab b) -> ([%#s16_take2] produces'0 a (Seq.(++) ab bc) c) end -module M_16_take__qyi16574350389265959367__next [#"16_take.rs" 53 4 53 41] (* as common::Iterator> *) - let%span s16_take0 = "16_take.rs" 54 21 54 22 - let%span s16_take1 = "16_take.rs" 55 22 55 23 - let%span s16_take2 = "16_take.rs" 53 17 53 21 - let%span s16_take3 = "16_take.rs" 53 26 53 41 - let%span s16_take4 = "16_take.rs" 49 14 52 5 +module M_16_take__qyi16574350389265959367__next [#"16_take.rs" 54 4 54 41] (* as common::Iterator> *) + let%span s16_take0 = "16_take.rs" 55 21 55 22 + let%span s16_take1 = "16_take.rs" 56 22 56 23 + let%span s16_take2 = "16_take.rs" 54 17 54 21 + let%span s16_take3 = "16_take.rs" 54 26 54 41 + let%span s16_take4 = "16_take.rs" 50 14 53 5 let%span scommon5 = "common.rs" 27 17 27 21 let%span scommon6 = "common.rs" 27 26 27 44 let%span scommon7 = "common.rs" 23 14 26 5 - let%span s16_take8 = "16_take.rs" 23 8 26 9 - let%span s16_take9 = "16_take.rs" 32 8 34 9 + let%span s16_take8 = "16_take.rs" 24 8 27 9 + let%span s16_take9 = "16_take.rs" 33 8 35 9 let%span scommon10 = "common.rs" 14 14 14 45 let%span scommon11 = "common.rs" 18 15 18 32 let%span scommon12 = "common.rs" 19 15 19 32 @@ -224,7 +257,7 @@ module M_16_take__qyi16574350389265959367__next [#"16_take.rs" 53 4 53 41] (* 0 /\ UIntSize.to_int (self.current).t_Take__n'0 = UIntSize.to_int (self.final).t_Take__n'0 + 1 @@ -232,7 +265,7 @@ module M_16_take__qyi16574350389265959367__next [#"16_take.rs" 53 4 53 41] (* as common::Iterator> *) - let%span s16_take0 = "16_take.rs" 53 4 53 41 - let%span s16_take1 = "16_take.rs" 23 8 26 9 - let%span s16_take2 = "16_take.rs" 32 8 34 9 +module M_16_take__qyi16329403265779881678__resolve_coherence__refines [#"16_take.rs" 9 9 9 16] (* as creusot_contracts::Resolve> *) + let%span s16_take0 = "16_take.rs" 9 9 9 16 + let%span s16_take1 = "16_take.rs" 11 4 12 12 + let%span sinvariant2 = "../../../../creusot-contracts/src/invariant.rs" 24 8 24 18 + + use prelude.prelude.Borrow + + type t_I'0 + + use prelude.prelude.UIntSize + + type t_Take'0 = + { t_Take__iter'0: t_I'0; t_Take__n'0: usize } + + predicate resolve'1 (_1 : usize) = + true + + predicate resolve'2 (_1 : t_I'0) + + predicate structural_resolve'0 (_1 : t_Take'0) = + match _1 with + | {t_Take__iter'0 = x0 ; t_Take__n'0 = x1} -> resolve'1 x1 /\ resolve'2 x0 + end + + predicate inv'2 (_1 : t_I'0) + + predicate inv'1 (_1 : t_Take'0) + + axiom inv_axiom'1 [@rewrite] : forall x : t_Take'0 [inv'1 x] . inv'1 x + = match x with + | {t_Take__iter'0 = iter ; t_Take__n'0 = n} -> inv'2 iter + end + + predicate invariant'0 (self : t_Take'0) = + [%#sinvariant2] inv'1 self + + predicate inv'0 (_1 : t_Take'0) + + axiom inv_axiom'0 [@rewrite] : forall x : t_Take'0 [inv'0 x] . inv'0 x = invariant'0 x + + predicate resolve'0 [#"16_take.rs" 9 9 9 16] (self : t_Take'0) = + [%#s16_take1] resolve'2 self.t_Take__iter'0 /\ resolve'1 self.t_Take__n'0 + + goal refines : [%#s16_take0] forall self : t_Take'0 . structural_resolve'0 self /\ inv'0 self + -> structural_resolve'0 self /\ (forall result : () . resolve'0 self -> resolve'0 self) +end +module M_16_take__qyi16574350389265959367__next__refines [#"16_take.rs" 54 4 54 41] (* as common::Iterator> *) + let%span s16_take0 = "16_take.rs" 54 4 54 41 + let%span s16_take1 = "16_take.rs" 24 8 27 9 + let%span s16_take2 = "16_take.rs" 33 8 35 9 let%span sresolve3 = "../../../../creusot-contracts/src/resolve.rs" 54 20 54 34 let%span sinvariant4 = "../../../../creusot-contracts/src/invariant.rs" 34 20 34 44 let%span scommon5 = "common.rs" 14 14 14 45 @@ -349,7 +428,7 @@ module M_16_take__qyi16574350389265959367__next__refines [#"16_take.rs" 53 4 53 predicate completed'1 [#"common.rs" 11 4 11 36] (self : borrowed t_I'0) - predicate completed'0 [#"16_take.rs" 22 4 22 35] (self : borrowed (t_Take'0)) = + predicate completed'0 [#"16_take.rs" 23 4 23 35] (self : borrowed (t_Take'0)) = [%#s16_take1] UIntSize.to_int (self.current).t_Take__n'0 = 0 /\ resolve'0 self \/ UIntSize.to_int (self.current).t_Take__n'0 > 0 /\ UIntSize.to_int (self.current).t_Take__n'0 = UIntSize.to_int (self.final).t_Take__n'0 + 1 @@ -359,7 +438,7 @@ module M_16_take__qyi16574350389265959367__next__refines [#"16_take.rs" 53 4 53 use seq.Seq - predicate produces'0 [#"16_take.rs" 31 4 31 64] (self : t_Take'0) (visited : Seq.seq t_Item'0) (o : t_Take'0) = + predicate produces'0 [#"16_take.rs" 32 4 32 64] (self : t_Take'0) (visited : Seq.seq t_Item'0) (o : t_Take'0) = [%#s16_take2] UIntSize.to_int self.t_Take__n'0 = UIntSize.to_int o.t_Take__n'0 + Seq.length visited /\ produces'1 self.t_Take__iter'0 visited o.t_Take__iter'0 @@ -386,9 +465,9 @@ module M_16_take__qyi16574350389265959367__next__refines [#"16_take.rs" 53 4 53 end /\ inv'1 result) end -module M_16_take__qyi16574350389265959367__produces_refl__refines [#"16_take.rs" 40 4 40 26] (* as common::Iterator> *) - let%span s16_take0 = "16_take.rs" 40 4 40 26 - let%span s16_take1 = "16_take.rs" 32 8 34 9 +module M_16_take__qyi16574350389265959367__produces_refl__refines [#"16_take.rs" 41 4 41 26] (* as common::Iterator> *) + let%span s16_take0 = "16_take.rs" 41 4 41 26 + let%span s16_take1 = "16_take.rs" 33 8 35 9 let%span scommon2 = "common.rs" 14 14 14 45 let%span scommon3 = "common.rs" 18 15 18 32 let%span scommon4 = "common.rs" 19 15 19 32 @@ -427,16 +506,16 @@ module M_16_take__qyi16574350389265959367__produces_refl__refines [#"16_take.rs" use prelude.prelude.Int - predicate produces'0 [#"16_take.rs" 31 4 31 64] (self : t_Take'0) (visited : Seq.seq t_Item'0) (o : t_Take'0) = + predicate produces'0 [#"16_take.rs" 32 4 32 64] (self : t_Take'0) (visited : Seq.seq t_Item'0) (o : t_Take'0) = [%#s16_take1] UIntSize.to_int self.t_Take__n'0 = UIntSize.to_int o.t_Take__n'0 + Seq.length visited /\ produces'1 self.t_Take__iter'0 visited o.t_Take__iter'0 goal refines : [%#s16_take0] forall self : t_Take'0 . forall result : () . produces'0 self (Seq.empty : Seq.seq t_Item'0) self -> produces'0 self (Seq.empty : Seq.seq t_Item'0) self end -module M_16_take__qyi16574350389265959367__produces_trans__refines [#"16_take.rs" 47 4 47 90] (* as common::Iterator> *) - let%span s16_take0 = "16_take.rs" 47 4 47 90 - let%span s16_take1 = "16_take.rs" 32 8 34 9 +module M_16_take__qyi16574350389265959367__produces_trans__refines [#"16_take.rs" 48 4 48 90] (* as common::Iterator> *) + let%span s16_take0 = "16_take.rs" 48 4 48 90 + let%span s16_take1 = "16_take.rs" 33 8 35 9 let%span scommon2 = "common.rs" 14 14 14 45 let%span scommon3 = "common.rs" 18 15 18 32 let%span scommon4 = "common.rs" 19 15 19 32 @@ -475,7 +554,7 @@ module M_16_take__qyi16574350389265959367__produces_trans__refines [#"16_take.rs use prelude.prelude.Int - predicate produces'0 [#"16_take.rs" 31 4 31 64] (self : t_Take'0) (visited : Seq.seq t_Item'0) (o : t_Take'0) = + predicate produces'0 [#"16_take.rs" 32 4 32 64] (self : t_Take'0) (visited : Seq.seq t_Item'0) (o : t_Take'0) = [%#s16_take1] UIntSize.to_int self.t_Take__n'0 = UIntSize.to_int o.t_Take__n'0 + Seq.length visited /\ produces'1 self.t_Take__iter'0 visited o.t_Take__iter'0 diff --git a/creusot/tests/should_succeed/iterators/16_take.rs b/creusot/tests/should_succeed/iterators/16_take.rs index 7563da5509..0e32ca6655 100644 --- a/creusot/tests/should_succeed/iterators/16_take.rs +++ b/creusot/tests/should_succeed/iterators/16_take.rs @@ -6,6 +6,7 @@ use creusot_contracts::*; mod common; use common::Iterator; +#[derive(Resolve)] pub struct Take { iter: I, n: usize, diff --git a/creusot/tests/should_succeed/iterators/16_take/why3session.xml b/creusot/tests/should_succeed/iterators/16_take/why3session.xml index de13e87063..e76bead8e8 100644 --- a/creusot/tests/should_succeed/iterators/16_take/why3session.xml +++ b/creusot/tests/should_succeed/iterators/16_take/why3session.xml @@ -7,13 +7,20 @@ + + + + + + + + + + - - - diff --git a/creusot/tests/should_succeed/iterators/16_take/why3shapes.gz b/creusot/tests/should_succeed/iterators/16_take/why3shapes.gz index 296224f9e3177e3c99d92fa8c7536f14a348a8ac..74df49be80602fbd63afc85aed1ac0884707363d 100644 GIT binary patch literal 836 zcmV-K1H1emiwFP!00000|HV~JkE2Eqz4I%$Iaw=GSATb;Jy;_lxa=jXzFO5E?4q$@ z2IGnH@1q8r0gt_#NRi@;%T=$cU%h_dUq0oh@Awi=`CIHyP1pXO%ly-?*%LPH+lE@e zVgD7MPTrz`ntD*bvJm0I{sN1{wD8)E(a9hFD%Le-t}B4gJ{< z=N=FH6>93`j{rp$k1xYt`;q+O06fJ*UEOUOOBufOT{!!AO4Me+6svc>|b9^{MNs$iAXtBk(W{Qy*?&x#x3 zc8loHdGyt~kg}`Pgu0l9KQaxwnuaCQEVSflC6Sn|RF@wz+zKn#_h2s4nj(7|@M-_0 zYtvm{+za@$|D!u5%UGDb3$uA)a&L;*?g@Q&d^yA+h7GYm-={5B_2<5i?U2f+ru}w^ zL)Tj1ST`*mrl$EoR{bZ##r@&M?(&cTt>&m$K8;}IRe5<;UVe~?TfLa8UN73I;u>7; zl~^D*7i%W4u%@^M>$d^WS#vsTPO}>^*pJ0vOEL6S47L4qkH|Ei~2E^@DRzi)=vua>bOv1z}@z8UsSz;AKOO>ioz36@JE{+c)Wlz~3(MjBnRMOjQr#+`a40Z8-ho zrV2l&=l^Sej=LLMUrae)%ksZ(Hr&KEjVSPNii>g8mwAhykRTKEF28>z@L z<()BHVPFPo?hGpJYel6rl-JUUoRzeMl4J^53|i4pYaWmZ5hP)f1mTQ}iqV{vJQKi! z5XyO~sb)^;no)rgj8TqL<8xN3QkEjqyymE#;8Fm(;22?n6Cyy>PDf^PR_YPRLhwN= z?a?@lOescvq)IE`k@!e*R+A z1fkT)h*TJ@xsEX;q$q)xz)DEV17rXceO)s_6=Ahf!YLV86hZ`tN+ueVlweBGC8!eQ Oc+%fk$9Xea2><|5R;bAU literal 764 zcmVEVDe{mg$EIv0!Psn-v(Y&;4IkY|F&Txh(U$)ijMpbRM;BC$S5ca%vml4eQ}x zl{FSf{-B;7cL!Eky{qUu(+`@`;j`0*csL*ySU7a~{$Qx?N>f*K!m55txCQLbU-2m< zB)L9WYst%az${4@5Dfs^3hO>0mQ4-BvUCAE z^|wpto7w`$va0bi4Xqcl{68TV_sP@aY$nirMd{XguyTn;F44#jHgT&ryy|84PNfT& zgC`cqP4Z@H7S^N-*e4Hk^_;Gr)9A(w_G2^H)(pLv!M0|oP{TlMG4jx14W9LE^O%XFY7CQB7#hN(&i~3ZpgGA^4bOKr?_0NM as common::Iterator> *) - let%span s17_filter0 = "17_filter.rs" 50 14 50 45 - let%span s17_filter1 = "17_filter.rs" 48 4 48 10 - let%span s17_filter2 = "17_filter.rs" 64 12 76 17 +module M_17_filter__qyi12479562059722535184__resolve_coherence [#"17_filter.rs" 13 9 13 16] (* as creusot_contracts::Resolve> *) + let%span s17_filter0 = "17_filter.rs" 13 9 13 16 + let%span s17_filter1 = "17_filter.rs" 13 9 13 16 + let%span s17_filter2 = "17_filter.rs" 15 4 16 15 + + use prelude.prelude.Borrow + + type t_I'0 + + type t_F'0 + + type t_Filter'0 = + { t_Filter__iter'0: t_I'0; t_Filter__func'0: t_F'0 } + + predicate resolve'1 (_1 : t_F'0) + + predicate resolve'2 (_1 : t_I'0) + + predicate structural_resolve'0 (_1 : t_Filter'0) = + match _1 with + | {t_Filter__iter'0 = x0 ; t_Filter__func'0 = x1} -> resolve'1 x1 /\ resolve'2 x0 + end + + predicate resolve'0 [#"17_filter.rs" 13 9 13 16] (self : t_Filter'0) = + [%#s17_filter2] resolve'2 self.t_Filter__iter'0 /\ resolve'1 self.t_Filter__func'0 + + constant self : t_Filter'0 + + function resolve_coherence'0 [#"17_filter.rs" 13 9 13 16] (self : t_Filter'0) : () + + goal vc_resolve_coherence'0 : ([%#s17_filter0] structural_resolve'0 self) -> ([%#s17_filter0] resolve'0 self) +end +module M_17_filter__qyi17392541228996028033__produces_refl [#"17_filter.rs" 52 4 52 26] (* as common::Iterator> *) + let%span s17_filter0 = "17_filter.rs" 51 14 51 45 + let%span s17_filter1 = "17_filter.rs" 49 4 49 10 + let%span s17_filter2 = "17_filter.rs" 65 12 77 17 let%span scommon3 = "common.rs" 14 14 14 45 let%span scommon4 = "common.rs" 18 15 18 32 let%span scommon5 = "common.rs" 19 15 19 32 let%span scommon6 = "common.rs" 20 14 20 42 - let%span s17_filter7 = "17_filter.rs" 24 12 30 122 + let%span s17_filter7 = "17_filter.rs" 25 12 31 122 let%span sops8 = "../../../../creusot-contracts/src/std/ops.rs" 109 15 109 59 let%span sops9 = "../../../../creusot-contracts/src/std/ops.rs" 110 14 110 36 let%span sops10 = "../../../../creusot-contracts/src/std/ops.rs" 115 14 115 31 @@ -73,7 +105,7 @@ module M_17_filter__qyi17392541228996028033__produces_refl [#"17_filter.rs" 51 4 axiom postcondition_mut_unnest'0_spec : forall self : t_F'0, args : t_Item'0, res_state : t_F'0, res : bool . ([%#sops8] postcondition_mut'0 self args res_state res) -> ([%#sops9] unnest'0 self res_state) - predicate invariant'0 [#"17_filter.rs" 21 4 21 30] (self : t_Filter'0) = + predicate invariant'0 [#"17_filter.rs" 22 4 22 30] (self : t_Filter'0) = [%#s17_filter7] forall f : t_F'0, i : t_Item'0 . precondition'0 f (i) /\ (forall f : t_F'0, g : t_F'0 . unnest'0 f g -> f = g) /\ (forall f1 : t_F'0, f2 : t_F'0, i : t_Item'0 . not (postcondition_mut'0 f1 (i) f2 true @@ -89,7 +121,7 @@ module M_17_filter__qyi17392541228996028033__produces_refl [#"17_filter.rs" 51 4 use seq.Seq - predicate produces'0 [#"17_filter.rs" 62 4 62 67] (self : t_Filter'0) (visited : Seq.seq t_Item'0) (succ : t_Filter'0) + predicate produces'0 [#"17_filter.rs" 63 4 63 67] (self : t_Filter'0) (visited : Seq.seq t_Item'0) (succ : t_Filter'0) = [%#s17_filter2] invariant'0 self -> unnest'0 self.t_Filter__func'0 succ.t_Filter__func'0 @@ -103,17 +135,17 @@ module M_17_filter__qyi17392541228996028033__produces_refl [#"17_filter.rs" 51 4 constant self : t_Filter'0 - function produces_refl'0 [#"17_filter.rs" 51 4 51 26] (self : t_Filter'0) : () + function produces_refl'0 [#"17_filter.rs" 52 4 52 26] (self : t_Filter'0) : () goal vc_produces_refl'0 : [%#s17_filter0] produces'0 self (Seq.empty : Seq.seq t_Item'0) self end -module M_17_filter__qyi17392541228996028033__produces_trans [#"17_filter.rs" 58 4 58 90] (* as common::Iterator> *) - let%span s17_filter0 = "17_filter.rs" 55 15 55 32 - let%span s17_filter1 = "17_filter.rs" 56 15 56 32 - let%span s17_filter2 = "17_filter.rs" 57 14 57 42 - let%span s17_filter3 = "17_filter.rs" 53 4 53 10 - let%span s17_filter4 = "17_filter.rs" 64 12 76 17 - let%span s17_filter5 = "17_filter.rs" 24 12 30 122 +module M_17_filter__qyi17392541228996028033__produces_trans [#"17_filter.rs" 59 4 59 90] (* as common::Iterator> *) + let%span s17_filter0 = "17_filter.rs" 56 15 56 32 + let%span s17_filter1 = "17_filter.rs" 57 15 57 32 + let%span s17_filter2 = "17_filter.rs" 58 14 58 42 + let%span s17_filter3 = "17_filter.rs" 54 4 54 10 + let%span s17_filter4 = "17_filter.rs" 65 12 77 17 + let%span s17_filter5 = "17_filter.rs" 25 12 31 122 let%span scommon6 = "common.rs" 14 14 14 45 let%span scommon7 = "common.rs" 18 15 18 32 let%span scommon8 = "common.rs" 19 15 19 32 @@ -184,7 +216,7 @@ module M_17_filter__qyi17392541228996028033__produces_trans [#"17_filter.rs" 58 axiom postcondition_mut_unnest'0_spec : forall self : t_F'0, args : t_Item'0, res_state : t_F'0, res : bool . ([%#sops10] postcondition_mut'0 self args res_state res) -> ([%#sops11] unnest'0 self res_state) - predicate invariant'0 [#"17_filter.rs" 21 4 21 30] (self : t_Filter'0) = + predicate invariant'0 [#"17_filter.rs" 22 4 22 30] (self : t_Filter'0) = [%#s17_filter5] forall f : t_F'0, i : t_Item'0 . precondition'0 f (i) /\ (forall f : t_F'0, g : t_F'0 . unnest'0 f g -> f = g) /\ (forall f1 : t_F'0, f2 : t_F'0, i : t_Item'0 . not (postcondition_mut'0 f1 (i) f2 true @@ -200,7 +232,7 @@ module M_17_filter__qyi17392541228996028033__produces_trans [#"17_filter.rs" 58 use seq.Seq - predicate produces'0 [#"17_filter.rs" 62 4 62 67] (self : t_Filter'0) (visited : Seq.seq t_Item'0) (succ : t_Filter'0) + predicate produces'0 [#"17_filter.rs" 63 4 63 67] (self : t_Filter'0) (visited : Seq.seq t_Item'0) (succ : t_Filter'0) = [%#s17_filter4] invariant'0 self -> unnest'0 self.t_Filter__func'0 succ.t_Filter__func'0 @@ -222,32 +254,32 @@ module M_17_filter__qyi17392541228996028033__produces_trans [#"17_filter.rs" 58 constant c : t_Filter'0 - function produces_trans'0 [#"17_filter.rs" 58 4 58 90] (a : t_Filter'0) (ab : Seq.seq t_Item'0) (b : t_Filter'0) (bc : Seq.seq t_Item'0) (c : t_Filter'0) : () + function produces_trans'0 [#"17_filter.rs" 59 4 59 90] (a : t_Filter'0) (ab : Seq.seq t_Item'0) (b : t_Filter'0) (bc : Seq.seq t_Item'0) (c : t_Filter'0) : () goal vc_produces_trans'0 : ([%#s17_filter1] produces'0 b bc c) -> ([%#s17_filter0] produces'0 a ab b) -> ([%#s17_filter2] produces'0 a (Seq.(++) ab bc) c) end -module M_17_filter__qyi17392541228996028033__next [#"17_filter.rs" 84 4 84 41] (* as common::Iterator> *) - let%span s17_filter0 = "17_filter.rs" 85 23 85 40 - let%span s17_filter1 = "17_filter.rs" 86 27 86 51 - let%span s17_filter2 = "17_filter.rs" 88 8 88 31 - let%span s17_filter3 = "17_filter.rs" 90 20 90 129 - let%span s17_filter4 = "17_filter.rs" 89 20 89 46 - let%span s17_filter5 = "17_filter.rs" 88 20 88 29 - let%span s17_filter6 = "17_filter.rs" 94 23 94 58 - let%span s17_filter7 = "17_filter.rs" 95 12 95 71 - let%span s17_filter8 = "17_filter.rs" 84 17 84 21 - let%span s17_filter9 = "17_filter.rs" 84 26 84 41 - let%span s17_filter10 = "17_filter.rs" 80 14 83 5 +module M_17_filter__qyi17392541228996028033__next [#"17_filter.rs" 85 4 85 41] (* as common::Iterator> *) + let%span s17_filter0 = "17_filter.rs" 86 23 86 40 + let%span s17_filter1 = "17_filter.rs" 87 27 87 51 + let%span s17_filter2 = "17_filter.rs" 89 8 89 31 + let%span s17_filter3 = "17_filter.rs" 91 20 91 129 + let%span s17_filter4 = "17_filter.rs" 90 20 90 46 + let%span s17_filter5 = "17_filter.rs" 89 20 89 29 + let%span s17_filter6 = "17_filter.rs" 95 23 95 58 + let%span s17_filter7 = "17_filter.rs" 96 12 96 71 + let%span s17_filter8 = "17_filter.rs" 85 17 85 21 + let%span s17_filter9 = "17_filter.rs" 85 26 85 41 + let%span s17_filter10 = "17_filter.rs" 81 14 84 5 let%span sindex11 = "../../../../creusot-contracts/src/logic/ops/index.rs" 89 8 89 33 let%span scommon12 = "common.rs" 27 17 27 21 let%span scommon13 = "common.rs" 27 26 27 44 let%span scommon14 = "common.rs" 23 14 26 5 let%span sops15 = "../../../../creusot-contracts/src/std/ops.rs" 162 27 162 52 let%span sops16 = "../../../../creusot-contracts/src/std/ops.rs" 163 26 163 71 - let%span s17_filter17 = "17_filter.rs" 42 12 44 43 - let%span s17_filter18 = "17_filter.rs" 64 12 76 17 + let%span s17_filter17 = "17_filter.rs" 43 12 45 43 + let%span s17_filter18 = "17_filter.rs" 65 12 77 17 let%span scommon19 = "common.rs" 14 14 14 45 let%span scommon20 = "common.rs" 18 15 18 32 let%span scommon21 = "common.rs" 19 15 19 32 @@ -260,7 +292,7 @@ module M_17_filter__qyi17392541228996028033__next [#"17_filter.rs" 84 4 84 41] ( let%span sops28 = "../../../../creusot-contracts/src/std/ops.rs" 122 14 122 28 let%span sops29 = "../../../../creusot-contracts/src/std/ops.rs" 127 14 128 105 let%span sresolve30 = "../../../../creusot-contracts/src/resolve.rs" 54 20 54 34 - let%span s17_filter31 = "17_filter.rs" 24 12 30 122 + let%span s17_filter31 = "17_filter.rs" 25 12 31 122 let%span sinvariant32 = "../../../../creusot-contracts/src/invariant.rs" 34 20 34 44 let%span sinvariant33 = "../../../../creusot-contracts/src/invariant.rs" 24 8 24 18 @@ -341,7 +373,7 @@ module M_17_filter__qyi17392541228996028033__next [#"17_filter.rs" 84 4 84 41] ( predicate precondition'0 (self : t_F'0) (args : t_Item'0) - predicate invariant'0 [#"17_filter.rs" 21 4 21 30] (self : t_Filter'0) = + predicate invariant'0 [#"17_filter.rs" 22 4 22 30] (self : t_Filter'0) = [%#s17_filter31] forall f : t_F'0, i : t_Item'0 . precondition'0 f (i) /\ (forall f : t_F'0, g : t_F'0 . unnest'0 f g -> f = g) /\ (forall f1 : t_F'0, f2 : t_F'0, i : t_Item'0 . not (postcondition_mut'0 f1 (i) f2 true @@ -451,7 +483,7 @@ module M_17_filter__qyi17392541228996028033__next [#"17_filter.rs" 84 4 84 41] ( use prelude.prelude.Snapshot - predicate completed'0 [#"17_filter.rs" 40 4 40 35] (self : borrowed (t_Filter'0)) = + predicate completed'0 [#"17_filter.rs" 41 4 41 35] (self : borrowed (t_Filter'0)) = [%#s17_filter17] (exists s : Seq.seq t_Item'0, e : borrowed t_I'0 . produces'0 (self.current).t_Filter__iter'0 s e.current /\ completed'1 e /\ (forall i : int . 0 <= i /\ i < Seq.length s @@ -462,7 +494,7 @@ module M_17_filter__qyi17392541228996028033__next [#"17_filter.rs" 84 4 84 41] ( use map.Map - predicate produces'1 [#"17_filter.rs" 62 4 62 67] (self : t_Filter'0) (visited : Seq.seq t_Item'0) (succ : t_Filter'0) + predicate produces'1 [#"17_filter.rs" 63 4 63 67] (self : t_Filter'0) (visited : Seq.seq t_Item'0) (succ : t_Filter'0) = [%#s17_filter18] invariant'0 self -> unnest'0 self.t_Filter__func'0 succ.t_Filter__func'0 @@ -580,17 +612,17 @@ module M_17_filter__qyi17392541228996028033__next [#"17_filter.rs" 84 4 84 41] ( (! return' {result}) ] end -module M_17_filter__filter [#"17_filter.rs" 110 0 112 39] - let%span s17_filter0 = "17_filter.rs" 110 30 110 34 - let%span s17_filter1 = "17_filter.rs" 110 39 110 40 - let%span s17_filter2 = "17_filter.rs" 106 11 106 23 - let%span s17_filter3 = "17_filter.rs" 107 11 107 29 - let%span s17_filter4 = "17_filter.rs" 108 11 108 21 - let%span s17_filter5 = "17_filter.rs" 110 48 110 60 - let%span s17_filter6 = "17_filter.rs" 109 10 109 49 - let%span s17_filter7 = "17_filter.rs" 137 16 137 59 - let%span s17_filter8 = "17_filter.rs" 131 16 131 57 - let%span s17_filter9 = "17_filter.rs" 143 16 143 126 +module M_17_filter__filter [#"17_filter.rs" 111 0 113 39] + let%span s17_filter0 = "17_filter.rs" 111 30 111 34 + let%span s17_filter1 = "17_filter.rs" 111 39 111 40 + let%span s17_filter2 = "17_filter.rs" 107 11 107 23 + let%span s17_filter3 = "17_filter.rs" 108 11 108 29 + let%span s17_filter4 = "17_filter.rs" 109 11 109 21 + let%span s17_filter5 = "17_filter.rs" 111 48 111 60 + let%span s17_filter6 = "17_filter.rs" 110 10 110 49 + let%span s17_filter7 = "17_filter.rs" 138 16 138 59 + let%span s17_filter8 = "17_filter.rs" 132 16 132 57 + let%span s17_filter9 = "17_filter.rs" 144 16 144 126 let%span sops10 = "../../../../creusot-contracts/src/std/ops.rs" 109 15 109 59 let%span sops11 = "../../../../creusot-contracts/src/std/ops.rs" 110 14 110 36 let%span sops12 = "../../../../creusot-contracts/src/std/ops.rs" 115 14 115 31 @@ -602,7 +634,7 @@ module M_17_filter__filter [#"17_filter.rs" 110 0 112 39] let%span scommon18 = "common.rs" 18 15 18 32 let%span scommon19 = "common.rs" 19 15 19 32 let%span scommon20 = "common.rs" 20 14 20 42 - let%span s17_filter21 = "17_filter.rs" 24 12 30 122 + let%span s17_filter21 = "17_filter.rs" 25 12 31 122 type t_I'0 @@ -666,19 +698,19 @@ module M_17_filter__filter [#"17_filter.rs" 110 0 112 39] axiom postcondition_mut_unnest'0_spec : forall self : t_P'0, args : t_Item'0, res_state : t_P'0, res : bool . ([%#sops10] postcondition_mut'0 self args res_state res) -> ([%#sops11] unnest'0 self res_state) - predicate immutable'0 [#"17_filter.rs" 136 0 136 54] (_1 : t_P'0) = + predicate immutable'0 [#"17_filter.rs" 137 0 137 54] (_1 : t_P'0) = [%#s17_filter7] forall f : t_P'0, g : t_P'0 . unnest'0 f g -> f = g predicate precondition'0 (self : t_P'0) (args : t_Item'0) - predicate no_precondition'0 [#"17_filter.rs" 130 0 130 60] (_1 : t_P'0) = + predicate no_precondition'0 [#"17_filter.rs" 131 0 131 60] (_1 : t_P'0) = [%#s17_filter8] forall f : t_P'0, i : t_Item'0 . precondition'0 f (i) - predicate precise'0 [#"17_filter.rs" 142 0 142 52] (_1 : t_P'0) = + predicate precise'0 [#"17_filter.rs" 143 0 143 52] (_1 : t_P'0) = [%#s17_filter9] forall f1 : t_P'0, f2 : t_P'0, i : t_Item'0 . not (postcondition_mut'0 f1 (i) f2 true /\ postcondition_mut'0 f1 (i) f2 false) - predicate invariant'0 [#"17_filter.rs" 21 4 21 30] (self : t_Filter'0) = + predicate invariant'0 [#"17_filter.rs" 22 4 22 30] (self : t_Filter'0) = [%#s17_filter21] forall f : t_P'0, i : t_Item'0 . precondition'0 f (i) /\ (forall f : t_P'0, g : t_P'0 . unnest'0 f g -> f = g) /\ (forall f1 : t_P'0, f2 : t_P'0, i : t_Item'0 . not (postcondition_mut'0 f1 (i) f2 true @@ -715,11 +747,11 @@ module M_17_filter__filter [#"17_filter.rs" 110 0 112 39] (! return' {result}) ] end -module M_17_filter__less_than [#"17_filter.rs" 119 0 119 49] - let%span s17_filter0 = "17_filter.rs" 117 10 117 70 - let%span s17_filter1 = "17_filter.rs" 118 10 118 79 +module M_17_filter__less_than [#"17_filter.rs" 120 0 120 49] + let%span s17_filter0 = "17_filter.rs" 118 10 118 70 + let%span s17_filter1 = "17_filter.rs" 119 10 119 79 let%span siter2 = "../../../../creusot-contracts/src/std/iter.rs" 97 0 205 1 - let%span s17_filter3 = "17_filter.rs" 122 22 122 40 + let%span s17_filter3 = "17_filter.rs" 123 22 123 40 let%span siter4 = "../../../../creusot-contracts/src/std/iter.rs" 140 27 140 47 let%span siter5 = "../../../../creusot-contracts/src/std/iter.rs" 141 27 141 53 let%span siter6 = "../../../../creusot-contracts/src/std/iter.rs" 142 27 142 45 @@ -1072,11 +1104,124 @@ module M_17_filter__less_than [#"17_filter.rs" 119 0 119 49] (! return' {result}) ] end -module M_17_filter__qyi17392541228996028033__next__refines [#"17_filter.rs" 84 4 84 41] (* as common::Iterator> *) - let%span s17_filter0 = "17_filter.rs" 84 4 84 41 - let%span s17_filter1 = "17_filter.rs" 42 12 44 43 - let%span s17_filter2 = "17_filter.rs" 64 12 76 17 - let%span s17_filter3 = "17_filter.rs" 24 12 30 122 +module M_17_filter__qyi12479562059722535184__resolve_coherence__refines [#"17_filter.rs" 13 9 13 16] (* as creusot_contracts::Resolve> *) + let%span s17_filter0 = "17_filter.rs" 13 9 13 16 + let%span s17_filter1 = "17_filter.rs" 15 4 16 15 + let%span sinvariant2 = "../../../../creusot-contracts/src/invariant.rs" 24 8 24 18 + let%span s17_filter3 = "17_filter.rs" 25 12 31 122 + let%span scommon4 = "common.rs" 14 14 14 45 + let%span scommon5 = "common.rs" 18 15 18 32 + let%span scommon6 = "common.rs" 19 15 19 32 + let%span scommon7 = "common.rs" 20 14 20 42 + let%span sops8 = "../../../../creusot-contracts/src/std/ops.rs" 109 15 109 59 + let%span sops9 = "../../../../creusot-contracts/src/std/ops.rs" 110 14 110 36 + let%span sops10 = "../../../../creusot-contracts/src/std/ops.rs" 115 14 115 31 + let%span sops11 = "../../../../creusot-contracts/src/std/ops.rs" 120 15 120 29 + let%span sops12 = "../../../../creusot-contracts/src/std/ops.rs" 121 15 121 26 + let%span sops13 = "../../../../creusot-contracts/src/std/ops.rs" 122 14 122 28 + let%span sops14 = "../../../../creusot-contracts/src/std/ops.rs" 127 14 128 105 + + use prelude.prelude.Borrow + + type t_I'0 + + type t_F'0 + + type t_Filter'0 = + { t_Filter__iter'0: t_I'0; t_Filter__func'0: t_F'0 } + + predicate resolve'1 (_1 : t_F'0) + + predicate resolve'2 (_1 : t_I'0) + + predicate structural_resolve'0 (_1 : t_Filter'0) = + match _1 with + | {t_Filter__iter'0 = x0 ; t_Filter__func'0 = x1} -> resolve'1 x1 /\ resolve'2 x0 + end + + use seq.Seq + + use seq.Seq + + type t_Item'0 + + use seq.Seq + + predicate produces'0 [#"common.rs" 8 4 8 65] (self : t_I'0) (visited : Seq.seq t_Item'0) (o : t_I'0) + + function produces_trans'0 [#"common.rs" 21 4 21 91] (a : t_I'0) (ab : Seq.seq t_Item'0) (b : t_I'0) (bc : Seq.seq t_Item'0) (c : t_I'0) : () + + + axiom produces_trans'0_spec : forall a : t_I'0, ab : Seq.seq t_Item'0, b : t_I'0, bc : Seq.seq t_Item'0, c : t_I'0 . ([%#scommon5] produces'0 a ab b) + -> ([%#scommon6] produces'0 b bc c) -> ([%#scommon7] produces'0 a (Seq.(++) ab bc) c) + + function produces_refl'0 [#"common.rs" 15 4 15 27] (self : t_I'0) : () + + axiom produces_refl'0_spec : forall self : t_I'0 . [%#scommon4] produces'0 self (Seq.empty : Seq.seq t_Item'0) self + + predicate precondition'0 (self : t_F'0) (args : t_Item'0) + + predicate postcondition_once'0 (self : t_F'0) (args : t_Item'0) (result : bool) + + predicate postcondition_mut'0 (self : t_F'0) (args : t_Item'0) (result_state : t_F'0) (result : bool) + + function fn_mut_once'0 (self : t_F'0) (args : t_Item'0) (res : bool) : () + + axiom fn_mut_once'0_spec : forall self : t_F'0, args : t_Item'0, res : bool . [%#sops14] postcondition_once'0 self args res + = (exists res_state : t_F'0 . postcondition_mut'0 self args res_state res /\ resolve'1 res_state) + + predicate unnest'0 (self : t_F'0) (_2 : t_F'0) + + function unnest_trans'0 (self : t_F'0) (b : t_F'0) (c : t_F'0) : () + + axiom unnest_trans'0_spec : forall self : t_F'0, b : t_F'0, c : t_F'0 . ([%#sops11] unnest'0 self b) + -> ([%#sops12] unnest'0 b c) -> ([%#sops13] unnest'0 self c) + + function unnest_refl'0 (self : t_F'0) : () + + axiom unnest_refl'0_spec : forall self : t_F'0 . [%#sops10] unnest'0 self self + + function postcondition_mut_unnest'0 (self : t_F'0) (args : t_Item'0) (res_state : t_F'0) (res : bool) : () + + axiom postcondition_mut_unnest'0_spec : forall self : t_F'0, args : t_Item'0, res_state : t_F'0, res : bool . ([%#sops8] postcondition_mut'0 self args res_state res) + -> ([%#sops9] unnest'0 self res_state) + + predicate invariant'1 [#"17_filter.rs" 22 4 22 30] (self : t_Filter'0) = + [%#s17_filter3] forall f : t_F'0, i : t_Item'0 . precondition'0 f (i) + /\ (forall f : t_F'0, g : t_F'0 . unnest'0 f g -> f = g) + /\ (forall f1 : t_F'0, f2 : t_F'0, i : t_Item'0 . not (postcondition_mut'0 f1 (i) f2 true + /\ postcondition_mut'0 f1 (i) f2 false)) + + predicate inv'2 (_1 : t_I'0) + + predicate inv'3 (_1 : t_F'0) + + predicate inv'1 (_1 : t_Filter'0) + + axiom inv_axiom'1 [@rewrite] : forall x : t_Filter'0 [inv'1 x] . inv'1 x + = (invariant'1 x + /\ match x with + | {t_Filter__iter'0 = iter ; t_Filter__func'0 = func} -> inv'2 iter /\ inv'3 func + end) + + predicate invariant'0 (self : t_Filter'0) = + [%#sinvariant2] inv'1 self + + predicate inv'0 (_1 : t_Filter'0) + + axiom inv_axiom'0 [@rewrite] : forall x : t_Filter'0 [inv'0 x] . inv'0 x = invariant'0 x + + predicate resolve'0 [#"17_filter.rs" 13 9 13 16] (self : t_Filter'0) = + [%#s17_filter1] resolve'2 self.t_Filter__iter'0 /\ resolve'1 self.t_Filter__func'0 + + goal refines : [%#s17_filter0] forall self : t_Filter'0 . structural_resolve'0 self /\ inv'0 self + -> structural_resolve'0 self /\ (forall result : () . resolve'0 self -> resolve'0 self) +end +module M_17_filter__qyi17392541228996028033__next__refines [#"17_filter.rs" 85 4 85 41] (* as common::Iterator> *) + let%span s17_filter0 = "17_filter.rs" 85 4 85 41 + let%span s17_filter1 = "17_filter.rs" 43 12 45 43 + let%span s17_filter2 = "17_filter.rs" 65 12 77 17 + let%span s17_filter3 = "17_filter.rs" 25 12 31 122 let%span sinvariant4 = "../../../../creusot-contracts/src/invariant.rs" 34 20 34 44 let%span scommon5 = "common.rs" 14 14 14 45 let%span scommon6 = "common.rs" 18 15 18 32 @@ -1148,7 +1293,7 @@ module M_17_filter__qyi17392541228996028033__next__refines [#"17_filter.rs" 84 4 axiom postcondition_mut_unnest'0_spec : forall self : t_F'0, args : t_Item'0, res_state : t_F'0, res : bool . ([%#sops9] postcondition_mut'0 self args res_state res) -> ([%#sops10] unnest'0 self res_state) - predicate invariant'0 [#"17_filter.rs" 21 4 21 30] (self : t_Filter'0) = + predicate invariant'0 [#"17_filter.rs" 22 4 22 30] (self : t_Filter'0) = [%#s17_filter3] forall f : t_F'0, i : t_Item'0 . precondition'0 f (i) /\ (forall f : t_F'0, g : t_F'0 . unnest'0 f g -> f = g) /\ (forall f1 : t_F'0, f2 : t_F'0, i : t_Item'0 . not (postcondition_mut'0 f1 (i) f2 true @@ -1185,7 +1330,7 @@ module M_17_filter__qyi17392541228996028033__next__refines [#"17_filter.rs" 84 4 use seq.Seq - predicate completed'0 [#"17_filter.rs" 40 4 40 35] (self : borrowed (t_Filter'0)) = + predicate completed'0 [#"17_filter.rs" 41 4 41 35] (self : borrowed (t_Filter'0)) = [%#s17_filter1] (exists s : Seq.seq t_Item'0, e : borrowed t_I'0 . produces'1 (self.current).t_Filter__iter'0 s e.current /\ completed'1 e /\ (forall i : int . 0 <= i /\ i < Seq.length s @@ -1198,7 +1343,7 @@ module M_17_filter__qyi17392541228996028033__next__refines [#"17_filter.rs" 84 4 use map.Map - predicate produces'0 [#"17_filter.rs" 62 4 62 67] (self : t_Filter'0) (visited : Seq.seq t_Item'0) (succ : t_Filter'0) + predicate produces'0 [#"17_filter.rs" 63 4 63 67] (self : t_Filter'0) (visited : Seq.seq t_Item'0) (succ : t_Filter'0) = [%#s17_filter2] invariant'0 self -> unnest'0 self.t_Filter__func'0 succ.t_Filter__func'0 @@ -1233,14 +1378,14 @@ module M_17_filter__qyi17392541228996028033__next__refines [#"17_filter.rs" 84 4 end /\ inv'1 result) end -module M_17_filter__qyi17392541228996028033__produces_refl__refines [#"17_filter.rs" 51 4 51 26] (* as common::Iterator> *) - let%span s17_filter0 = "17_filter.rs" 51 4 51 26 - let%span s17_filter1 = "17_filter.rs" 64 12 76 17 +module M_17_filter__qyi17392541228996028033__produces_refl__refines [#"17_filter.rs" 52 4 52 26] (* as common::Iterator> *) + let%span s17_filter0 = "17_filter.rs" 52 4 52 26 + let%span s17_filter1 = "17_filter.rs" 65 12 77 17 let%span scommon2 = "common.rs" 14 14 14 45 let%span scommon3 = "common.rs" 18 15 18 32 let%span scommon4 = "common.rs" 19 15 19 32 let%span scommon5 = "common.rs" 20 14 20 42 - let%span s17_filter6 = "17_filter.rs" 24 12 30 122 + let%span s17_filter6 = "17_filter.rs" 25 12 31 122 let%span sops7 = "../../../../creusot-contracts/src/std/ops.rs" 109 15 109 59 let%span sops8 = "../../../../creusot-contracts/src/std/ops.rs" 110 14 110 36 let%span sops9 = "../../../../creusot-contracts/src/std/ops.rs" 115 14 115 31 @@ -1307,7 +1452,7 @@ module M_17_filter__qyi17392541228996028033__produces_refl__refines [#"17_filter axiom postcondition_mut_unnest'0_spec : forall self : t_F'0, args : t_Item'0, res_state : t_F'0, res : bool . ([%#sops7] postcondition_mut'0 self args res_state res) -> ([%#sops8] unnest'0 self res_state) - predicate invariant'0 [#"17_filter.rs" 21 4 21 30] (self : t_Filter'0) = + predicate invariant'0 [#"17_filter.rs" 22 4 22 30] (self : t_Filter'0) = [%#s17_filter6] forall f : t_F'0, i : t_Item'0 . precondition'0 f (i) /\ (forall f : t_F'0, g : t_F'0 . unnest'0 f g -> f = g) /\ (forall f1 : t_F'0, f2 : t_F'0, i : t_Item'0 . not (postcondition_mut'0 f1 (i) f2 true @@ -1323,7 +1468,7 @@ module M_17_filter__qyi17392541228996028033__produces_refl__refines [#"17_filter use seq.Seq - predicate produces'0 [#"17_filter.rs" 62 4 62 67] (self : t_Filter'0) (visited : Seq.seq t_Item'0) (succ : t_Filter'0) + predicate produces'0 [#"17_filter.rs" 63 4 63 67] (self : t_Filter'0) (visited : Seq.seq t_Item'0) (succ : t_Filter'0) = [%#s17_filter1] invariant'0 self -> unnest'0 self.t_Filter__func'0 succ.t_Filter__func'0 @@ -1338,14 +1483,14 @@ module M_17_filter__qyi17392541228996028033__produces_refl__refines [#"17_filter goal refines : [%#s17_filter0] forall self : t_Filter'0 . forall result : () . produces'0 self (Seq.empty : Seq.seq t_Item'0) self -> produces'0 self (Seq.empty : Seq.seq t_Item'0) self end -module M_17_filter__qyi17392541228996028033__produces_trans__refines [#"17_filter.rs" 58 4 58 90] (* as common::Iterator> *) - let%span s17_filter0 = "17_filter.rs" 58 4 58 90 - let%span s17_filter1 = "17_filter.rs" 64 12 76 17 +module M_17_filter__qyi17392541228996028033__produces_trans__refines [#"17_filter.rs" 59 4 59 90] (* as common::Iterator> *) + let%span s17_filter0 = "17_filter.rs" 59 4 59 90 + let%span s17_filter1 = "17_filter.rs" 65 12 77 17 let%span scommon2 = "common.rs" 14 14 14 45 let%span scommon3 = "common.rs" 18 15 18 32 let%span scommon4 = "common.rs" 19 15 19 32 let%span scommon5 = "common.rs" 20 14 20 42 - let%span s17_filter6 = "17_filter.rs" 24 12 30 122 + let%span s17_filter6 = "17_filter.rs" 25 12 31 122 let%span sops7 = "../../../../creusot-contracts/src/std/ops.rs" 109 15 109 59 let%span sops8 = "../../../../creusot-contracts/src/std/ops.rs" 110 14 110 36 let%span sops9 = "../../../../creusot-contracts/src/std/ops.rs" 115 14 115 31 @@ -1412,7 +1557,7 @@ module M_17_filter__qyi17392541228996028033__produces_trans__refines [#"17_filte axiom postcondition_mut_unnest'0_spec : forall self : t_F'0, args : t_Item'0, res_state : t_F'0, res : bool . ([%#sops7] postcondition_mut'0 self args res_state res) -> ([%#sops8] unnest'0 self res_state) - predicate invariant'0 [#"17_filter.rs" 21 4 21 30] (self : t_Filter'0) = + predicate invariant'0 [#"17_filter.rs" 22 4 22 30] (self : t_Filter'0) = [%#s17_filter6] forall f : t_F'0, i : t_Item'0 . precondition'0 f (i) /\ (forall f : t_F'0, g : t_F'0 . unnest'0 f g -> f = g) /\ (forall f1 : t_F'0, f2 : t_F'0, i : t_Item'0 . not (postcondition_mut'0 f1 (i) f2 true @@ -1428,7 +1573,7 @@ module M_17_filter__qyi17392541228996028033__produces_trans__refines [#"17_filte use seq.Seq - predicate produces'0 [#"17_filter.rs" 62 4 62 67] (self : t_Filter'0) (visited : Seq.seq t_Item'0) (succ : t_Filter'0) + predicate produces'0 [#"17_filter.rs" 63 4 63 67] (self : t_Filter'0) (visited : Seq.seq t_Item'0) (succ : t_Filter'0) = [%#s17_filter1] invariant'0 self -> unnest'0 self.t_Filter__func'0 succ.t_Filter__func'0 diff --git a/creusot/tests/should_succeed/iterators/17_filter.rs b/creusot/tests/should_succeed/iterators/17_filter.rs index 4b972b94d3..8cd68c76a9 100644 --- a/creusot/tests/should_succeed/iterators/17_filter.rs +++ b/creusot/tests/should_succeed/iterators/17_filter.rs @@ -10,6 +10,7 @@ use creusot_contracts::{ mod common; use common::Iterator; +#[derive(Resolve)] pub struct Filter bool> { pub iter: I, pub func: F, diff --git a/creusot/tests/should_succeed/iterators/17_filter/why3session.xml b/creusot/tests/should_succeed/iterators/17_filter/why3session.xml index 3b2f98b077..884ef860bb 100644 --- a/creusot/tests/should_succeed/iterators/17_filter/why3session.xml +++ b/creusot/tests/should_succeed/iterators/17_filter/why3session.xml @@ -8,6 +8,16 @@ + + + + + + + + + + diff --git a/creusot/tests/should_succeed/iterators/17_filter/why3shapes.gz b/creusot/tests/should_succeed/iterators/17_filter/why3shapes.gz index f8d9217197b4a221814c088ddcfd1b23dbe5be4f..33e8379902dbb4e4fa76d2eadccd7a417f2e1c79 100644 GIT binary patch literal 5960 zcmV-O7q{piiwFP!00000|Lr{4ZX-F8@A?V>`%t^n7=RIs;IZfe#%Pp~26p>p7Kwc; z@a)!%%dWCi)zg2!AoEbBZoBOEU@?AiD#(U<<-JHrp?3MxAYEL zd*ePoY_{RyKCZXxhx?D8zHZ-%R<*jdt@-d}Z}j0lq<+|}7Vhi)ecF`yAX>oN$!FO6 zTwcupWD9ckf?80wN0})@+=6OBuNFVK_5HVZvPE%IpRfh%wjWpPyKQ=WC*FPfd)u~P z>Y#gEyZh}sXu*7`lgra;d|FKAh!&xnQ=V4i(@s{RMZBGTTHUzK_VH`jetmRzALsLW zcsw~}wW#X&Sam+3;x_3n-yVgkLld3CaeIIRdw@fGfTQ*xzSABi<_4z659ap7`_&Ah zuC5!~UucCYE43{`74ONR)y;gY4v5)H6i2a~nYk)|J6j#i?c>M%^*+24&L6%Cw^QqK zesN5$$1wepwuKu!I`}`2U(*-&zD$B)&Em%W*dn;QbpOltSLefx`|*7!tbe#IBcdOv zUeS$+)lG-Q`OqTvGORg0!YT~%fV5ja0A+;l3_gItk^ z5k0ER`4(+YbBEPdKzoSN?o@`Vl`u!W8xWH@QNcSjzu3s;)dDBEK5+)DyR99(hmq0RHP(scvQ7S#pktrT^O>Sh{LCq#88Uo{s+8BrGn z{KF4rT_=pUh;3c|yS4jUk^0{T5k9 zK`3MMP`~PFy%e$?q8j3Nh^AY>J|YQwd&H_+`3o^M6=0EjLA^c{YHxhQi*7A2D(eNs zJ)_=pR5bdxo{5)P^!jODF|2ca$}?t+Z(z==ZKaqfTbxn0D9WBpSe0~UJx^-}CG3)$ z#rE-QS_ZdCi=X!yd6M(HKTm-#hJnJ=3}Vjcl*L>3;~w&P?41wJ z{jkXHZqp0!X?xKnfgNm1uPCr+SE$Uw{Anu>Cb{)|+SfLSg&7eY}kJ zS~Qo`cf0Q%g}+gfL$kMY09junWw}PoXRo(?1|}Cnh7y; zhL|ac&5W2jvfv4F+tMWH(3zk^CFsyB=t$mSB4`OGnD7iHESPZ4=FQ%YOtPhkjOmPw zsmPe-GOn47dw}&#G8|@S}o+m%v3wq7>)G6)M;Q~BtfTb zv0$N51!c0DlNsOhZpK6fb>zij|2#T8%hYRZqly=-6BSN_vpQe~gqT9_WsqAWen$9VCZf^y(`n`KxjF0BOTGZVn zU4qy6wAglUONzM~pE|(d*24QvS8jcOpB~+P`mO8tcQ5OdPhYpok)g%i!^7v@$K}6? zqm`rHE;?K%N9QyTP{XV!x|>|@B3!xI&lp+X$MlbncMrd;%g~7GSXFigw<^`W1NQI* zSvY#wJmg_^kldHZZg-f)!Na}!sPy--orXKAD|xOXe1hWH1s_nLD{K{}wtc*&Ii+!= z-g?3`pRQ@xQ+2PAcu~`ETGa!N7t!>9?7X7krS;mY=t$ObbXH#9caQA+!{g(_Zz;a} z^!E$E)gsn$ai9LNUA`-?-YvJke@>Gy)&=CU^?beCE~a}OJe|fnZo8BnnsMhC zm~!v?rxE>l$xh;K`u4X0U~h>(O|Fkgc?_U;mSgL!`(@?pg0W7V&#fa2+8b{&z6$nE zd81gWp1U<2=y{UFbgo<{r~A#<$F!NrxD${2N8QoJk9nQ$;zu!x?7JfC=Kdkd zTKZ;_9!rGjmUyHpbHquofcDSogz=sdZk6gHxVyU&)6V&d9vGd>c8|Yo4rhOUOkC1KBg~U*Ht$)Vd({bZ6oq1@@}OgqCw| zLi0#5zjifCX|7=Y_y#)3#;@LD&Z_wUa!O%xD`woKcB`8=<7$8Ac$RW-`{n%H$vm3W z0`}+4@2;Fhxm(3K$C+MtI9zR4VmKJ+*gY%aQs1~zMiUOsaeA#NufLr#vzP8d!r9nx z9zo|>&m#N+bl+bo@p1#~#{C$?Nv(I`CWt+pa?+UC!&w4ay(F>=Y$vd`60faOKSf4I zJ2(eI`Z8b888^Zrjy{^x7k^JVAYxTvvYkf;kS_%h?*z0PXT*0orF}bpE3hVBs z!-a)T5z5ImgabD1bSAf?PLrNgi~ISyrPBham1;U~>fKe3K@@iOO^w&uVqU=k zGg2dD=TWb1M$ZkTr+O1-%;jjC;~u{QUEzs8d$Z9S2v_cl(ociK^4jH%DlfBJHG> zXZqHc99oDIcyoKrv9oH>4rt1Ovvz(jR3MH*-MaTJbtm3ylrkQiYq!~6XAx7Nqo?`m zqTQ{(W4%3T&lVGUXu>jatRL(rXUAZA)25ng7U-+i{X9Y69JVHkIEG2nuP4i{0a=Q; zrq@rutfvIPdYj4A%nfe)&K^N^;;V{p9sEt-DIA`zs~%R^k}}@*4cD48p08I{8NIAI z-OhZ~6kjd!lstJ`g6Xu2J@v}2c6`Dm`${{E&1CVEW-^Y=WE`5w6WMgo<5!(iSZ{`J zr{6z(oGY;V&ibcMU$@TRO~1nq({HoGYUuQeRt)zG#PAMU7{6Oz3o^ayd|RjA3bflk zd|cme-M5ebee=KX#H=B&jyY}pVtcDvKGl#f!#w>F0o~fkj}DmGrz5{uAZ9P11$oRn zp!+q0`jZ7Ttqcw}2i$uglFie>U5bBrXcR%p}gQ3mFVFn<(?+5N)luHN4fAXOW zalHdoe)3^^;1Rgz5jb9s!SQkonxVPZ`F;(MeMl^f^*xOmKkDV@q31RKodhY%?+cVu zoT?embcm0=lwHMR56keg2XgOs5~MBYscaxE$=Pob)atj>d_OehAzUl z#rnP&(>6VxZn*RlN;ud9nfFIv(#soR9;zFB8-{XK(YfXhx^VYUI%4<^O6b2IVLm^m zxDIZcjsWh$(kbwP*LqFlAh=zIg2gUCUY?CZCuh>>>9?Vw_`ipv?A!eYG|cE_79Q^I zQaIZY8(?tZ^5es&sq9M$ryrbcdp(gdJOmHo`4&|^@3y2aED?X0Rf)UEy(2%ysl8OH zpHK>@{rLUjE^Rg+x4*jkp$A%Za{)t3dWWJWVEQ;OL(-*JrSn?%^Rn)K(zjFm9peg) zU}%ZwC|a^D*Bg^8_VzUzZq>6`-JDurg@-ZBQ$3|IoJ0ky+e2lutTU!=Z(5e4iW%oB zE}!>R%=ls0&S^-eWJ@JQ96}+Px%sxFcJ^CHlD-|``c&|U=Txu@zF6m+^zUx;Fl>zP zp=V_tkZNgD-;OitDra%78hD9D=>lNJGFh^}K#$$g+mNkt0AS)oPr zNefQe#h{!?oG~qJgV-Q6C>pR0m*hN|CklWGGVM0ty0Exj@^X zX;3$)jxC9$j3}f*Apnf_LZe_35{a|`UD>JFE~7Fjr5K_Ll#8LU3&~ll9cN(j#fsS$ zOj0%y8wriPg25ml6&0iPLfDvrZHS6QvM$?biUG5EGFHoMk#&e7N6-|EHc3@W_2_bS z9@bCBDz!v(Iwz&QU`a%d$yrJm8Kreg+emsc)<^EJ=*f#N;d}ZLSAhG5` zg0W%xE-I0YGZb8mPC5|?$oQCq@)@R8Z8@*jfR3viyoV@HBV7VgHJYd)Jj6ig&iF+fmTSKX{l|aO{4X7=vdmE zr9sUxp&~$Vih`F?5c{lnX+*_!Jw{$r#0GBe|vF#!zFba-WPndnLdI=Q3eR&XECdh9n{BOg1fzX^d`+dOB(i zQ5um13F4HjagH93}rMJw4i`02n&Ie z(NZo!a07xG5V8S*4G8#dqLxL@iIoo-EHWFBit>YDmCNqk6V(j}_2R@+VhzE?WQ4TQ zs2oY8DA?#&u06UXfM`IJLx*`aCP<8IndBnK{_vn$jAj!I#rw)G`>) zzGNE~8bJGpvZVsMl%sHzWYj*WsFW5~Q;29}gp##@6mP*AN100T2!ggMa8yZ2QZ7Z| zIdk+S{Q(JY#U6QqnIMX6k&O1%VAR5!m_tqkToNgeC3nS=O1&YcT5jElq+6I#-BT4GJs3g;2oat;au8S;vim4o!un=vRLcuXmv1B4(5 zOqL=9DOC_&k+0nXelzyGvuvbHjM+$Z%Gm6)h71%P>)f$NZ^j;HB^0^fIiw&!N@K0i z$)J!bXHoNNf;VGNDrN~@8lgxgjGhG&c_XZ1nQChaNH##&7jWN8(?^APOXCwB?T8q#lW1T&Zv-ywZI@#3MR$%67NgdM2A{7G|7@? zPXdLAn6*r~#(OOqC}fmrKHK1h!8XM4XmZTzEdYLvQuZ6`dW40{Od15Uk+a(xk zz{nRRs)NR;$j3xR`Ff8b8*dy-&sl(2f>8~W^WO^-jtdXL3p=@CvnA zf+^zF4U{8Y{r_^rg{^gENTS?LAadF&%r+|{q|}g?P)=gykoHOp$WrPT95ZH2CV=$9 zX$3h&3rhI71Y2$<;HxqLLK{-vn-JJ2oxlqbJrKnZd`P?m%MDn1bw+Y&-JmHQNaT#A zf0LtSKqtW@GE1E00+tIs{AQ&XUorvJ&`KeElE1_|PToZvX&GIghvi literal 5856 zcmV<679Z&!iwFP!00000|Lr{4ZX`!?@BE4e{4lnK1u`Nd@-Q^O62cHgz}Ab6g5L&t zO1;Y=XV{$4>hF!ry8CVpDGJ645T>d! z@Ben?K0iLhuOV&TK`Y!3KeW)wmTu>tap#L@p~ag8EW7mS^V9Dw-(0!Jw0XGumfnfh zUc1i^o2T$_AJ!qU~u;SZxKgyD06XGE}XECF*HF%;wBhR>unR5wu6%N-<7tr8uE7 zSGe6(elaa3!_PIhQ*h!W*nXtUcZ-RPcVIOsnNY(Hk6IB z6Jm{ioy^>($ADs?&ROgeHW&T7A!WrxF z`KGUQn-hh1wh6 z@S$4^jLLdJaWAO%92JfJt!Lt87QMdAD~5Hh4|&Fd@eM3_wXGC0Ws4)q7Dd^!2{$F3 zSufL?K?zfGbM^H2HLZf%q^qB|8M(;$-CyRwC&NHtY5}oibk5?f`*92TGWIS97xMcq zXDOQRidlddgNet)v;Vbc9(d%+j1$Su;#Oe zj!d$pnT+X(jH$?&mNKrH&SLSSj9bYgy;kz6H2i3)@hp$9Cp@BTTe6t!^&-q~+llya zyKV7vi?;hL8g?wY5`*OlbDI(j7Fj3D0~S>Wahf)1v>T~3`*e`ji#TC9@922Gkg!-^J&$K9~^UU@9B%}wTBU*iX=uk4rnI`Az zQIFrvG-EF3GP17{)FqhrB%BLiGn&TnSw-3m9H|}EXhm*dNyZX`Kn{LiyUMrd_4lRQlAz+ez)+y zr^vXSL7r1;9EE?n;JA(c70Qka;lDufF?_hbup+z_vi5eg{#nz1*_!@^I@<2LoT(#! zEV%h|g4<cIr@yyt^}3l@ zS}mcy+)p2Wez;HXME!`xhkyF`-w&Tk^SDLqplYjg ze7YK*`1&Uo9zK1(OHU~lgfwBBtu1_gd`$Nx1#z48{V#Xv>EXWQOnH6p?mD26Am6?S za=jn<&GoQ!x*eaEo$9@fd$H5F7rTvnvA1zAzprus)1a2#Am9>%u%kiPErY;OwLGe} zJna~S+!CSu(%U7oRS^ij8F49C3Wr%s}|I!$E)$t{AY{0o1{xT9G|Y9 zy00Z`y&0c6K+)e1c;Bhtt?%#Cqq|SPbyoR-g(VpMNx z9j=3;OPV{VVNqwDCRfWjGk;hxvc8Y$A0O`?ep#2H5!Jpz?*i_o6byIR!xv;>@A-9? zhsD`+TO!kjvk0xb+y7qaZ(})q4UeEWpU3GLl&Pe4vPu|1Z$FDqXsjCJOGZXIFJ-avZ4G`|;nr@T=t zRnOg;cJw^Ui#k`Xlhgg?>tot1WZa3z{iE(^<7-~0yZBLzBKxk$y19P{+wM0IsFuFj zq{k9rx+U%@^z3mGETH|fI$*qqgj=P072MrjiD}1tMGuV5X1m8)9`zPQg1F$1y8hcR;;hUIu9iR}_(k)Ogirx_~*u_V@e&O&@xgi zZ*nbCnlqT+zk$xO@w2y>qiWuPoKu)xv>A7)X?4r~UTyj8&r)_S)Eu8Xn@6+q!uGu7 zb(o_lr&SztocRrk-PLwgi=Bav-J>EdC6hB{G~?hHr{{|D{0lD&d+F{t9E}af5p^yt~T^ zGp{~qAM{~)>){Lwm&Yue&$95!W!DAelPvPA>4&AacY%#o2sHys)%pAN9@?cyJFDfHzMCe8 zuH+2f+@5pntQxcfnsVT*&Eyjmh`ms^?tM$$iT50(j0fl1z_#aE#2jevX}-E>cad;k zZ%^8z#e^Q3uuL552iwWnKA7ILsiv9*`mA+7Pte!9t%)LzVbblq65BN(OA*)f`stT- zNdT-Dq)g4+;I{AV5mYBWtN7NzU-zBD;px2UVTCOz<89w?tvTcIdS#W-%bL^e!dFf4 z)gn*Hv#%wX&Ku)%uk32a2VAnRw8Pj;7MC=Wacm~z&`h4mrh^`TJ)OdOQ6wobnlX!rE+aee>f zzJ2_!>;HWx77cl|&uMGRzf~YH*;qP9yNpIWqg{; z7!KTesDB%v+y{dLHy>b_G7})w-`h`rr2qy)Ta3d3Kz2VloIaFG2mAkOK^fwDtxDgN z3lQ5Lfm<6^|_}!(Ua9W_dwH+Jc_S2GWvTTxY4(f$fhqB9<7uz(UlcC%PHB2;Z*O_r;i= z(&OQVOFyB6gDsF{e*|W|ybM4!kAS$@I-BmWrI%Dqkre!&*m~pA%^1iKN z#t*}GPD45+TPi8y5DLjG&9@~r*>539`gVltQ^7r+Q^8L7Vx4o)zq`@hurYpzo|R=l zs-;bRJI<)9T*SF*{JjwP=IY8xA+pHH3B}UnWK7OLEQ}B;6UmisRKpE5vcU!#ag`Ni z>DW3pnbDiX-slvZ*C3OPVWk_h03gZ=JOf9~iM1z-!e(K?dyCSVm2T`3z(pxZn2atU z=AbbIVL2LYy<{!`tQQbql<}4lJBbnnd6Qz&B7h9hbv*HM6_JvP6pXV%i|CUUoV1HU zIg>bJTImM30ct=tfDJ$cVu64aWZ(!4N>h+b8nUvEFovLlDhT)}0w2M9Z$L#Ua%5pp zF{)%TDIq2E3QPmKVo(*s65M1LSSKZ|Mnr2t#Yic#R-Oz+D)gy9bES{iAT%f%usbVZ zDI*GLPzV5{z0fF_ghV1OKvza8suOrjN-2h@0_9>y>_T$ZYR4Ivyeb@FL4&G6Zjc&0 z#aa-MiZ;=DA#BXRHbg}tS(j}z#W)!*Lur{UvJO$?2%3V?CaG$Q9$n5@P>Rb?N-Ytc z&Pi!6SQ3$Aa+VTCMrqwjH>fW|8A+fE(V%l$cx$Y;%A4$?Oa?I&E+sTlG-w+%m*G}X z1tDW32uZ1uz>}29NTH%Nlu_<~zL6L(HtNd=Z9 z#%N-47L>P28E-_;iVJRTBwdVHYGw!qfUNh%mH-er1`M8cmR1zRwvndrEp;Q+#S|zJ z*es1?lgVgA!%RAvtidE{iaH4@k;`#waH(ufsdK~CbC_(SwM zMzk)P1QauP5?Ti5WN;b*R-`I^`Aqy2vT)L&HX_w+g`9ClMQa5TYp(dYA^m(3k&QDH zT#QaS5eUfmn1u2fwakGA67+l$+9VDZboQKVB#|>pF94I$6gkm~Y(wU|R^g?CAgxsF zO%%~YA4IS*d+7puRU*EEMu~=P!^ZHMWbw^ zOrvz8R6(Vxbu$(fXGnCO_(1HT0AS?t`euyEz<1oZ&(@}wm)B1(-~M3*D_5L4MhoKF;@)hj4xuyXJyhp1O#0)tN~I-Sw6 zj$Z1LYa7eP`;wx$6_it0IfK12BP=LcZB$myB_L2l?8>&SP)e|31tljahp|6^nHVsG zc8Z-xLChSrmL@7=xO~-JFseBVHh|DT$yr{JA!(G6nS(8^DXmc&d^rh5ErapwOVVM= zL7Dzgwp3u3aukk|jM@hkmD0j$3K5NrP*N8_ehbz($`p)82->Q^Q6(iwxfF%x%+Z$& z2vEHhd*lUXf+(^@GTK{%Q44Qk4mlBU$)up<$f#?o{C1pjsn2-MT96Yg5T%mfb%++c zWFJaSR_UUBOE#k`NtUAQqO&f!0Xq+=qCnJQ^>`DsbA~D5;*7VHbn=n_3EK-^5tg;~l%}ODp z7@f)}lyx0*vM@w%!XQ~otjSv8JR)1pL17?6Ua_)rkRH4lg93ublma?H2!g<5DMFA^ z1>qI>S~U=F#-4YUjg*No8;MRCn|;=hfudtwYmGqm&Di6tgd!I_hZF=zX{;4G85C0G zENWgY)tj*=6|)2{jZh>LM$ZC?yb)HhOi@+#OaoF6wc590)MRaA1ag9G_A#I!!AXFO zgeGBS)cy$=wT4)*E}9N1pbi|JPAXgB$TP%hkK#|jC|I9`5=Jqj3#2Vs!9J2z%4Sv_ zqoq>=Z^UONJw`vC)ZgcrT|FVS;zk zNvSiJP*52zHDC4CoLUDVN(wHJih(&volzkZYk@)5<|pYt1E<1+l2$QjV>lV-RT8Bv zoXe@0V>Q*%=6u;yP^8GN6!K+o#ySudeT-TrNm%WU%l}hDxexfIZlXi27n)>AvnPQ< zM9f;ITm!!122|C#I!aQJE$vF1lGnmwmN8qF=sdBOlI;q#Z9tnB zC8~qQsL01eM)`UHAscTTOV3$=Sb>2C$^r0&3CCDE(;AgU5hP*|(la?F6L^K%tiVtM z1{)}6y7KP}5*M}>lp%?7&49>ht1#QFjF3`8UO_pEl~dX)F(6B!UvSKrF_{3;3#S$2 z6fG#>;|h#v!01nY}?NMUe_OU}XcAx_@6oH7-Jol&!W! z6$+FNQVCX^Op2&hSdQh^HehRi3#@Lys@LTSimw{*PN>o`7Y<1}D@;-Z$%hpR* *) - let%span ssparse_array0 = "sparse_array.rs" 88 16 88 20 - let%span ssparse_array1 = "sparse_array.rs" 79 15 79 31 - let%span ssparse_array2 = "sparse_array.rs" 88 35 88 45 - let%span ssparse_array3 = "sparse_array.rs" 80 14 83 5 - let%span ssparse_array4 = "sparse_array.rs" 84 14 87 5 +module M_sparse_array__qyi13879026616235705248__resolve_coherence [#"sparse_array.rs" 60 4 60 31] (* as creusot_contracts::Resolve> *) + let%span ssparse_array0 = "sparse_array.rs" 57 15 57 24 + let%span ssparse_array1 = "sparse_array.rs" 58 15 58 39 + let%span ssparse_array2 = "sparse_array.rs" 59 14 59 31 + let%span ssparse_array3 = "sparse_array.rs" 56 4 56 23 + let%span ssparse_array4 = "sparse_array.rs" 51 12 51 72 + let%span ssparse_array5 = "sparse_array.rs" 40 12 41 82 + let%span sinvariant6 = "../../../creusot-contracts/src/invariant.rs" 24 8 24 18 + let%span svec7 = "../../../creusot-contracts/src/std/vec.rs" 49 20 49 83 + let%span ssparse_array8 = "sparse_array.rs" 89 20 90 52 + let%span sindex9 = "../../../creusot-contracts/src/logic/ops/index.rs" 23 8 23 31 + let%span sresolve10 = "../../../creusot-contracts/src/resolve.rs" 82 8 85 9 + let%span svec11 = "../../../creusot-contracts/src/std/vec.rs" 18 14 18 41 + let%span ssparse_array12 = "sparse_array.rs" 68 12 76 17 + let%span svec13 = "../../../creusot-contracts/src/std/vec.rs" 65 20 65 41 + let%span sseq14 = "../../../creusot-contracts/src/logic/seq.rs" 611 20 611 95 + let%span sboxed15 = "../../../creusot-contracts/src/std/boxed.rs" 28 8 28 18 + + use prelude.prelude.Borrow + + use prelude.prelude.UIntSize + + use prelude.prelude.Opaque + + type t_NonNull'0 = + { t_NonNull__pointer'0: opaque_ptr } + + type t_Unique'0 = + { t_Unique__pointer'0: t_NonNull'0; t_Unique__qy95zmarker'0: () } + + type t_Cap'0 = + { t_Cap__0'0: usize } + + type t_RawVec'0 = + { t_RawVec__ptr'0: t_Unique'0; t_RawVec__cap'0: t_Cap'0; t_RawVec__alloc'0: () } + + type t_Vec'0 = + { t_Vec__buf'0: t_RawVec'0; t_Vec__len'0: usize } + + type t_NonNull'1 = + { t_NonNull__pointer'1: opaque_ptr } + + type t_Unique'1 = + { t_Unique__pointer'1: t_NonNull'1; t_Unique__qy95zmarker'1: () } + + type t_RawVec'1 = + { t_RawVec__ptr'1: t_Unique'1; t_RawVec__cap'1: t_Cap'0; t_RawVec__alloc'1: () } + + type t_Vec'1 = + { t_Vec__buf'1: t_RawVec'1; t_Vec__len'1: usize } + + type t_Sparse'0 = + { t_Sparse__size'0: usize; + t_Sparse__n'0: usize; + t_Sparse__values'0: t_Vec'0; + t_Sparse__idx'0: t_Vec'1; + t_Sparse__back'0: t_Vec'1 } + + use prelude.prelude.UIntSize + + use prelude.prelude.Int + + use seq.Seq + + constant v_MAX'0 : usize = (18446744073709551615 : usize) + + type t_T'0 + + use seq.Seq + + function view'2 (self : t_Vec'0) : Seq.seq t_T'0 + + axiom view'2_spec : forall self : t_Vec'0 . [%#svec11] Seq.length (view'2 self) <= UIntSize.to_int (v_MAX'0 : usize) + + use seq.Seq + + use seq.Seq + + function view'1 (self : t_Vec'1) : Seq.seq usize + + axiom view'1_spec : forall self : t_Vec'1 . [%#svec11] Seq.length (view'1 self) <= UIntSize.to_int (v_MAX'0 : usize) + + use seq.Seq + + function index_logic'1 [@inline:trivial] (self : t_Vec'1) (ix : int) : usize = + [%#sindex9] Seq.get (view'1 self) ix + + predicate invariant'1 [#"sparse_array.rs" 66 4 66 30] (self : t_Sparse'0) = + [%#ssparse_array12] UIntSize.to_int self.t_Sparse__n'0 <= UIntSize.to_int self.t_Sparse__size'0 + /\ Seq.length (view'2 self.t_Sparse__values'0) = UIntSize.to_int self.t_Sparse__size'0 + /\ Seq.length (view'1 self.t_Sparse__idx'0) = UIntSize.to_int self.t_Sparse__size'0 + /\ Seq.length (view'1 self.t_Sparse__back'0) = UIntSize.to_int self.t_Sparse__size'0 + /\ (forall i : int . 0 <= i /\ i < UIntSize.to_int self.t_Sparse__n'0 + -> match index_logic'1 self.t_Sparse__back'0 i with + | j -> 0 <= UIntSize.to_int j + /\ UIntSize.to_int j < UIntSize.to_int self.t_Sparse__size'0 + /\ UIntSize.to_int (index_logic'1 self.t_Sparse__idx'0 (UIntSize.to_int j)) = i + end) + + use seq.Seq + + predicate inv'5 (_1 : t_T'0) + + predicate invariant'4 (self : t_T'0) = + [%#sboxed15] inv'5 self + + predicate inv'4 (_1 : t_T'0) + + axiom inv_axiom'4 [@rewrite] : forall x : t_T'0 [inv'4 x] . inv'4 x = invariant'4 x + + predicate invariant'3 (self : Seq.seq t_T'0) = + [%#sseq14] forall i : int . 0 <= i /\ i < Seq.length self -> inv'4 (Seq.get self i) + + predicate inv'3 (_1 : Seq.seq t_T'0) + + axiom inv_axiom'3 [@rewrite] : forall x : Seq.seq t_T'0 [inv'3 x] . inv'3 x = invariant'3 x + + predicate invariant'2 (self : t_Vec'0) = + [%#svec13] inv'3 (view'2 self) + + predicate inv'2 (_1 : t_Vec'0) + + axiom inv_axiom'2 [@rewrite] : forall x : t_Vec'0 [inv'2 x] . inv'2 x = invariant'2 x + + predicate inv'1 (_1 : t_Sparse'0) + + axiom inv_axiom'1 [@rewrite] : forall x : t_Sparse'0 [inv'1 x] . inv'1 x + = (invariant'1 x + /\ match x with + | {t_Sparse__size'0 = size ; t_Sparse__n'0 = n ; t_Sparse__values'0 = values ; t_Sparse__idx'0 = idx ; t_Sparse__back'0 = back} -> inv'2 values + end) + + predicate invariant'0 (self : t_Sparse'0) = + [%#sinvariant6] inv'1 self + + predicate inv'0 (_1 : t_Sparse'0) + + axiom inv_axiom'0 [@rewrite] : forall x : t_Sparse'0 [inv'0 x] . inv'0 x = invariant'0 x + + predicate resolve'3 (_1 : usize) = + true + + predicate resolve'5 (self : t_Vec'1) = + [%#svec7] forall i : int . 0 <= i /\ i < Seq.length (view'1 self) -> resolve'3 (index_logic'1 self i) + + predicate resolve'1 (_1 : t_Vec'1) = + resolve'5 _1 + + use seq.Seq + + function index_logic'0 [@inline:trivial] (self : t_Vec'0) (ix : int) : t_T'0 = + [%#sindex9] Seq.get (view'2 self) ix + + predicate resolve'8 (_1 : t_T'0) + + predicate resolve'6 (self : t_Vec'0) = + [%#svec7] forall i : int . 0 <= i /\ i < Seq.length (view'2 self) -> resolve'8 (index_logic'0 self i) + + predicate resolve'2 (_1 : t_Vec'0) = + resolve'6 _1 + + predicate structural_resolve'0 (_1 : t_Sparse'0) = + match _1 with + | {t_Sparse__size'0 = x0 ; t_Sparse__n'0 = x1 ; t_Sparse__values'0 = x2 ; t_Sparse__idx'0 = x3 ; t_Sparse__back'0 = x4} -> resolve'1 x4 + /\ resolve'1 x3 /\ resolve'2 x2 /\ resolve'3 x1 /\ resolve'3 x0 + end + + type t_Option'0 = + | C_None'0 + | C_Some'0 t_T'0 + + use seq.Seq + + function is_elt'0 [#"sparse_array.rs" 88 4 88 36] (self : t_Sparse'0) (i : int) : bool = + [%#ssparse_array8] UIntSize.to_int (index_logic'1 self.t_Sparse__idx'0 i) < UIntSize.to_int self.t_Sparse__n'0 + /\ UIntSize.to_int (index_logic'1 self.t_Sparse__back'0 (UIntSize.to_int (index_logic'1 self.t_Sparse__idx'0 i))) + = i + + use prelude.prelude.Mapping + + use seq.Seq + + function view'0 [#"sparse_array.rs" 38 4 38 33] (self : t_Sparse'0) : Seq.seq (t_Option'0) = + [%#ssparse_array5] Seq.create (UIntSize.to_int self.t_Sparse__size'0) (Mapping.from_fn (fun (i : int) -> if is_elt'0 self i then + C_Some'0 (index_logic'0 self.t_Sparse__values'0 i) + else + C_None'0 + )) + + use seq.Seq + + predicate resolve'7 (self : t_Option'0) = + [%#sresolve10] match self with + | C_Some'0 x -> resolve'8 x + | C_None'0 -> true + end + + predicate resolve'4 (_1 : t_Option'0) = + resolve'7 _1 + + predicate resolve'0 [#"sparse_array.rs" 49 4 49 28] (self : t_Sparse'0) = + [%#ssparse_array4] forall i : int . 0 <= i /\ i < UIntSize.to_int self.t_Sparse__size'0 + -> resolve'4 (Seq.get (view'0 self) i) + + constant self : t_Sparse'0 + + function resolve_coherence'0 [#"sparse_array.rs" 60 4 60 31] (self : t_Sparse'0) : () + + goal vc_resolve_coherence'0 : ([%#ssparse_array1] structural_resolve'0 self) + -> ([%#ssparse_array0] inv'0 self) -> ([%#ssparse_array2] resolve'0 self) +end +module M_sparse_array__qyi912363311032332466__get [#"sparse_array.rs" 105 4 105 45] (* Sparse *) + let%span ssparse_array0 = "sparse_array.rs" 105 16 105 20 + let%span ssparse_array1 = "sparse_array.rs" 96 15 96 31 + let%span ssparse_array2 = "sparse_array.rs" 105 35 105 45 + let%span ssparse_array3 = "sparse_array.rs" 97 14 100 5 + let%span ssparse_array4 = "sparse_array.rs" 101 14 104 5 let%span svec5 = "../../../creusot-contracts/src/std/vec.rs" 162 27 162 46 let%span svec6 = "../../../creusot-contracts/src/std/vec.rs" 163 26 163 54 let%span smodel7 = "../../../creusot-contracts/src/model.rs" 88 8 88 22 @@ -12,9 +223,9 @@ module M_sparse_array__qyi912363311032332466__get [#"sparse_array.rs" 88 4 88 45 let%span ssparse_array10 = "sparse_array.rs" 40 12 41 82 let%span svec11 = "../../../creusot-contracts/src/std/vec.rs" 18 14 18 41 let%span sinvariant12 = "../../../creusot-contracts/src/invariant.rs" 24 8 24 18 - let%span ssparse_array13 = "sparse_array.rs" 72 20 73 52 + let%span ssparse_array13 = "sparse_array.rs" 89 20 90 52 let%span sindex14 = "../../../creusot-contracts/src/logic/ops/index.rs" 23 8 23 31 - let%span ssparse_array15 = "sparse_array.rs" 51 12 59 17 + let%span ssparse_array15 = "sparse_array.rs" 68 12 76 17 let%span svec16 = "../../../creusot-contracts/src/std/vec.rs" 65 20 65 41 let%span sseq17 = "../../../creusot-contracts/src/logic/seq.rs" 611 20 611 95 let%span sboxed18 = "../../../creusot-contracts/src/std/boxed.rs" 28 8 28 18 @@ -179,7 +390,7 @@ module M_sparse_array__qyi912363311032332466__get [#"sparse_array.rs" 88 4 88 45 function index_logic'1 [@inline:trivial] (self : t_Vec'0) (ix : int) : usize = [%#sindex14] Seq.get (view'4 self) ix - predicate invariant'3 [#"sparse_array.rs" 49 4 49 30] (self : t_Sparse'0) = + predicate invariant'3 [#"sparse_array.rs" 66 4 66 30] (self : t_Sparse'0) = [%#ssparse_array15] UIntSize.to_int self.t_Sparse__n'0 <= UIntSize.to_int self.t_Sparse__size'0 /\ Seq.length (view'5 self.t_Sparse__values'0) = UIntSize.to_int self.t_Sparse__size'0 /\ Seq.length (view'4 self.t_Sparse__idx'0) = UIntSize.to_int self.t_Sparse__size'0 @@ -212,7 +423,7 @@ module M_sparse_array__qyi912363311032332466__get [#"sparse_array.rs" 88 4 88 45 use seq.Seq - function is_elt'0 [#"sparse_array.rs" 71 4 71 36] (self : t_Sparse'0) (i : int) : bool = + function is_elt'0 [#"sparse_array.rs" 88 4 88 36] (self : t_Sparse'0) (i : int) : bool = [%#ssparse_array13] UIntSize.to_int (index_logic'1 self.t_Sparse__idx'0 i) < UIntSize.to_int self.t_Sparse__n'0 /\ UIntSize.to_int (index_logic'1 self.t_Sparse__back'0 (UIntSize.to_int (index_logic'1 self.t_Sparse__idx'0 i))) = i @@ -292,15 +503,15 @@ module M_sparse_array__qyi912363311032332466__get [#"sparse_array.rs" 88 4 88 45 (! return' {result}) ] end -module M_sparse_array__qyi912363311032332466__lemma_permutation [#"sparse_array.rs" 104 4 104 38] (* Sparse *) - let%span ssparse_array0 = "sparse_array.rs" 100 15 100 24 - let%span ssparse_array1 = "sparse_array.rs" 101 15 101 34 - let%span ssparse_array2 = "sparse_array.rs" 102 15 102 39 - let%span ssparse_array3 = "sparse_array.rs" 103 14 103 28 - let%span ssparse_array4 = "sparse_array.rs" 99 4 99 12 - let%span ssparse_array5 = "sparse_array.rs" 72 20 73 52 +module M_sparse_array__qyi912363311032332466__lemma_permutation [#"sparse_array.rs" 121 4 121 38] (* Sparse *) + let%span ssparse_array0 = "sparse_array.rs" 117 15 117 24 + let%span ssparse_array1 = "sparse_array.rs" 118 15 118 34 + let%span ssparse_array2 = "sparse_array.rs" 119 15 119 39 + let%span ssparse_array3 = "sparse_array.rs" 120 14 120 28 + let%span ssparse_array4 = "sparse_array.rs" 116 4 116 12 + let%span ssparse_array5 = "sparse_array.rs" 89 20 90 52 let%span sindex6 = "../../../creusot-contracts/src/logic/ops/index.rs" 23 8 23 31 - let%span ssparse_array7 = "sparse_array.rs" 51 12 59 17 + let%span ssparse_array7 = "sparse_array.rs" 68 12 76 17 let%span svec8 = "../../../creusot-contracts/src/std/vec.rs" 18 14 18 41 let%span svec9 = "../../../creusot-contracts/src/std/vec.rs" 65 20 65 41 let%span sseq10 = "../../../creusot-contracts/src/logic/seq.rs" 611 20 611 95 @@ -373,7 +584,7 @@ module M_sparse_array__qyi912363311032332466__lemma_permutation [#"sparse_array. function index_logic'0 [@inline:trivial] (self : t_Vec'1) (ix : int) : usize = [%#sindex6] Seq.get (view'0 self) ix - predicate invariant'0 [#"sparse_array.rs" 49 4 49 30] (self : t_Sparse'0) = + predicate invariant'0 [#"sparse_array.rs" 66 4 66 30] (self : t_Sparse'0) = [%#ssparse_array7] UIntSize.to_int self.t_Sparse__n'0 <= UIntSize.to_int self.t_Sparse__size'0 /\ Seq.length (view'1 self.t_Sparse__values'0) = UIntSize.to_int self.t_Sparse__size'0 /\ Seq.length (view'0 self.t_Sparse__idx'0) = UIntSize.to_int self.t_Sparse__size'0 @@ -420,7 +631,7 @@ module M_sparse_array__qyi912363311032332466__lemma_permutation [#"sparse_array. use prelude.prelude.Borrow - function is_elt'0 [#"sparse_array.rs" 71 4 71 36] (self : t_Sparse'0) (i : int) : bool = + function is_elt'0 [#"sparse_array.rs" 88 4 88 36] (self : t_Sparse'0) (i : int) : bool = [%#ssparse_array5] UIntSize.to_int (index_logic'0 self.t_Sparse__idx'0 i) < UIntSize.to_int self.t_Sparse__n'0 /\ UIntSize.to_int (index_logic'0 self.t_Sparse__back'0 (UIntSize.to_int (index_logic'0 self.t_Sparse__idx'0 i))) = i @@ -429,22 +640,22 @@ module M_sparse_array__qyi912363311032332466__lemma_permutation [#"sparse_array. constant i : int - function lemma_permutation'0 [#"sparse_array.rs" 104 4 104 38] (self : t_Sparse'0) (i : int) : () + function lemma_permutation'0 [#"sparse_array.rs" 121 4 121 38] (self : t_Sparse'0) (i : int) : () goal vc_lemma_permutation'0 : ([%#ssparse_array2] 0 <= i /\ i < UIntSize.to_int self.t_Sparse__size'0) -> ([%#ssparse_array1] self.t_Sparse__n'0 = self.t_Sparse__size'0) -> ([%#ssparse_array0] inv'0 self) -> ([%#ssparse_array3] is_elt'0 self i) end -module M_sparse_array__qyi912363311032332466__set [#"sparse_array.rs" 112 4 112 41] (* Sparse *) - let%span ssparse_array0 = "sparse_array.rs" 117 12 117 46 - let%span ssparse_array1 = "sparse_array.rs" 118 26 118 46 - let%span ssparse_array2 = "sparse_array.rs" 122 22 122 23 - let%span ssparse_array3 = "sparse_array.rs" 112 20 112 24 - let%span ssparse_array4 = "sparse_array.rs" 112 36 112 37 - let%span ssparse_array5 = "sparse_array.rs" 108 15 108 31 - let%span ssparse_array6 = "sparse_array.rs" 109 14 109 43 - let%span ssparse_array7 = "sparse_array.rs" 110 14 110 93 - let%span ssparse_array8 = "sparse_array.rs" 111 14 111 37 +module M_sparse_array__qyi912363311032332466__set [#"sparse_array.rs" 129 4 129 41] (* Sparse *) + let%span ssparse_array0 = "sparse_array.rs" 134 12 134 46 + let%span ssparse_array1 = "sparse_array.rs" 135 26 135 46 + let%span ssparse_array2 = "sparse_array.rs" 139 22 139 23 + let%span ssparse_array3 = "sparse_array.rs" 129 20 129 24 + let%span ssparse_array4 = "sparse_array.rs" 129 36 129 37 + let%span ssparse_array5 = "sparse_array.rs" 125 15 125 31 + let%span ssparse_array6 = "sparse_array.rs" 126 14 126 43 + let%span ssparse_array7 = "sparse_array.rs" 127 14 127 93 + let%span ssparse_array8 = "sparse_array.rs" 128 14 128 37 let%span svec9 = "../../../creusot-contracts/src/std/vec.rs" 152 27 152 46 let%span svec10 = "../../../creusot-contracts/src/std/vec.rs" 153 26 153 54 let%span svec11 = "../../../creusot-contracts/src/std/vec.rs" 154 26 154 57 @@ -452,11 +663,11 @@ module M_sparse_array__qyi912363311032332466__set [#"sparse_array.rs" 112 4 112 let%span svec13 = "../../../creusot-contracts/src/std/vec.rs" 156 26 156 55 let%span svec14 = "../../../creusot-contracts/src/std/vec.rs" 162 27 162 46 let%span svec15 = "../../../creusot-contracts/src/std/vec.rs" 163 26 163 54 - let%span ssparse_array16 = "sparse_array.rs" 100 15 100 24 - let%span ssparse_array17 = "sparse_array.rs" 101 15 101 34 - let%span ssparse_array18 = "sparse_array.rs" 102 15 102 39 - let%span ssparse_array19 = "sparse_array.rs" 103 14 103 28 - let%span ssparse_array20 = "sparse_array.rs" 99 4 99 12 + let%span ssparse_array16 = "sparse_array.rs" 117 15 117 24 + let%span ssparse_array17 = "sparse_array.rs" 118 15 118 34 + let%span ssparse_array18 = "sparse_array.rs" 119 15 119 39 + let%span ssparse_array19 = "sparse_array.rs" 120 14 120 28 + let%span ssparse_array20 = "sparse_array.rs" 116 4 116 12 let%span smodel21 = "../../../creusot-contracts/src/model.rs" 106 8 106 22 let%span ssparse_array22 = "sparse_array.rs" 40 12 41 82 let%span sslice23 = "../../../creusot-contracts/src/std/slice.rs" 122 20 122 37 @@ -465,11 +676,11 @@ module M_sparse_array__qyi912363311032332466__set [#"sparse_array.rs" 112 4 112 let%span sslice26 = "../../../creusot-contracts/src/std/slice.rs" 136 20 136 94 let%span sresolve27 = "../../../creusot-contracts/src/resolve.rs" 54 20 54 34 let%span smodel28 = "../../../creusot-contracts/src/model.rs" 88 8 88 22 - let%span ssparse_array29 = "sparse_array.rs" 72 20 73 52 + let%span ssparse_array29 = "sparse_array.rs" 89 20 90 52 let%span sindex30 = "../../../creusot-contracts/src/logic/ops/index.rs" 23 8 23 31 let%span svec31 = "../../../creusot-contracts/src/std/vec.rs" 65 20 65 41 let%span sinvariant32 = "../../../creusot-contracts/src/invariant.rs" 34 20 34 44 - let%span ssparse_array33 = "sparse_array.rs" 51 12 59 17 + let%span ssparse_array33 = "sparse_array.rs" 68 12 76 17 let%span sseq34 = "../../../creusot-contracts/src/logic/seq.rs" 611 20 611 95 let%span sboxed35 = "../../../creusot-contracts/src/std/boxed.rs" 28 8 28 18 @@ -644,7 +855,7 @@ module M_sparse_array__qyi912363311032332466__set [#"sparse_array.rs" 112 4 112 function index_logic'1 [@inline:trivial] (self : t_Vec'1) (ix : int) : usize = [%#sindex30] Seq.get (view'6 self) ix - predicate invariant'4 [#"sparse_array.rs" 49 4 49 30] (self : t_Sparse'0) = + predicate invariant'4 [#"sparse_array.rs" 66 4 66 30] (self : t_Sparse'0) = [%#ssparse_array33] UIntSize.to_int self.t_Sparse__n'0 <= UIntSize.to_int self.t_Sparse__size'0 /\ Seq.length (view'3 self.t_Sparse__values'0) = UIntSize.to_int self.t_Sparse__size'0 /\ Seq.length (view'6 self.t_Sparse__idx'0) = UIntSize.to_int self.t_Sparse__size'0 @@ -677,12 +888,12 @@ module M_sparse_array__qyi912363311032332466__set [#"sparse_array.rs" 112 4 112 predicate resolve'2 (_1 : borrowed (t_Sparse'0)) = resolve'5 _1 - function is_elt'0 [#"sparse_array.rs" 71 4 71 36] (self : t_Sparse'0) (i : int) : bool = + function is_elt'0 [#"sparse_array.rs" 88 4 88 36] (self : t_Sparse'0) (i : int) : bool = [%#ssparse_array29] UIntSize.to_int (index_logic'1 self.t_Sparse__idx'0 i) < UIntSize.to_int self.t_Sparse__n'0 /\ UIntSize.to_int (index_logic'1 self.t_Sparse__back'0 (UIntSize.to_int (index_logic'1 self.t_Sparse__idx'0 i))) = i - function lemma_permutation'0 [#"sparse_array.rs" 104 4 104 38] (self : t_Sparse'0) (i : int) : () = + function lemma_permutation'0 [#"sparse_array.rs" 121 4 121 38] (self : t_Sparse'0) (i : int) : () = [%#ssparse_array20] () axiom lemma_permutation'0_spec : forall self : t_Sparse'0, i : int . ([%#ssparse_array16] inv'8 self) @@ -871,21 +1082,21 @@ module M_sparse_array__qyi912363311032332466__set [#"sparse_array.rs" 112 4 112 (! return' {result}) ] end -module M_sparse_array__create [#"sparse_array.rs" 134 0 134 64] - let%span ssparse_array0 = "sparse_array.rs" 135 64 135 65 - let%span ssparse_array1 = "sparse_array.rs" 135 83 135 84 - let%span ssparse_array2 = "sparse_array.rs" 135 26 135 27 - let%span ssparse_array3 = "sparse_array.rs" 134 42 134 47 - let%span ssparse_array4 = "sparse_array.rs" 134 55 134 64 - let%span ssparse_array5 = "sparse_array.rs" 132 10 132 27 - let%span ssparse_array6 = "sparse_array.rs" 133 10 133 65 +module M_sparse_array__create [#"sparse_array.rs" 151 0 151 56] + let%span ssparse_array0 = "sparse_array.rs" 152 64 152 65 + let%span ssparse_array1 = "sparse_array.rs" 152 83 152 84 + let%span ssparse_array2 = "sparse_array.rs" 152 26 152 27 + let%span ssparse_array3 = "sparse_array.rs" 151 34 151 39 + let%span ssparse_array4 = "sparse_array.rs" 151 47 151 56 + let%span ssparse_array5 = "sparse_array.rs" 149 10 149 27 + let%span ssparse_array6 = "sparse_array.rs" 150 10 150 65 let%span svec7 = "../../../creusot-contracts/src/std/vec.rs" 180 22 180 41 let%span svec8 = "../../../creusot-contracts/src/std/vec.rs" 181 22 181 76 let%span ssparse_array9 = "sparse_array.rs" 40 12 41 82 let%span svec10 = "../../../creusot-contracts/src/std/vec.rs" 18 14 18 41 let%span sindex11 = "../../../creusot-contracts/src/logic/ops/index.rs" 23 8 23 31 - let%span ssparse_array12 = "sparse_array.rs" 72 20 73 52 - let%span ssparse_array13 = "sparse_array.rs" 51 12 59 17 + let%span ssparse_array12 = "sparse_array.rs" 89 20 90 52 + let%span ssparse_array13 = "sparse_array.rs" 68 12 76 17 let%span svec14 = "../../../creusot-contracts/src/std/vec.rs" 65 20 65 41 let%span sseq15 = "../../../creusot-contracts/src/logic/seq.rs" 611 20 611 95 let%span sboxed16 = "../../../creusot-contracts/src/std/boxed.rs" 28 8 28 18 @@ -1013,7 +1224,7 @@ module M_sparse_array__create [#"sparse_array.rs" 134 0 134 64] use prelude.prelude.Intrinsic - predicate invariant'0 [#"sparse_array.rs" 49 4 49 30] (self : t_Sparse'0) = + predicate invariant'0 [#"sparse_array.rs" 66 4 66 30] (self : t_Sparse'0) = [%#ssparse_array13] UIntSize.to_int self.t_Sparse__n'0 <= UIntSize.to_int self.t_Sparse__size'0 /\ Seq.length (view'1 self.t_Sparse__values'0) = UIntSize.to_int self.t_Sparse__size'0 /\ Seq.length (view'2 self.t_Sparse__idx'0) = UIntSize.to_int self.t_Sparse__size'0 @@ -1041,7 +1252,7 @@ module M_sparse_array__create [#"sparse_array.rs" 134 0 134 64] use prelude.prelude.Borrow - function is_elt'0 [#"sparse_array.rs" 71 4 71 36] (self : t_Sparse'0) (i : int) : bool = + function is_elt'0 [#"sparse_array.rs" 88 4 88 36] (self : t_Sparse'0) (i : int) : bool = [%#ssparse_array12] UIntSize.to_int (index_logic'1 self.t_Sparse__idx'0 i) < UIntSize.to_int self.t_Sparse__n'0 /\ UIntSize.to_int (index_logic'1 self.t_Sparse__back'0 (UIntSize.to_int (index_logic'1 self.t_Sparse__idx'0 i))) = i @@ -1101,51 +1312,51 @@ module M_sparse_array__create [#"sparse_array.rs" 134 0 134 64] (! return' {result}) ] end -module M_sparse_array__f [#"sparse_array.rs" 140 0 140 10] - let%span ssparse_array0 = "sparse_array.rs" 141 18 141 19 - let%span ssparse_array1 = "sparse_array.rs" 142 23 142 25 - let%span ssparse_array2 = "sparse_array.rs" 143 23 143 25 - let%span ssparse_array3 = "sparse_array.rs" 144 22 144 23 - let%span ssparse_array4 = "sparse_array.rs" 145 22 145 23 - let%span ssparse_array5 = "sparse_array.rs" 146 18 146 40 - let%span ssparse_array6 = "sparse_array.rs" 148 10 148 11 - let%span ssparse_array7 = "sparse_array.rs" 148 13 148 14 - let%span ssparse_array8 = "sparse_array.rs" 149 10 149 11 - let%span ssparse_array9 = "sparse_array.rs" 149 13 149 14 - let%span ssparse_array10 = "sparse_array.rs" 150 14 150 15 - let%span ssparse_array11 = "sparse_array.rs" 151 14 151 15 - let%span ssparse_array12 = "sparse_array.rs" 152 18 155 5 - let%span ssparse_array13 = "sparse_array.rs" 156 18 159 5 - let%span ssparse_array14 = "sparse_array.rs" 161 14 161 15 - let%span ssparse_array15 = "sparse_array.rs" 162 14 162 15 - let%span ssparse_array16 = "sparse_array.rs" 163 18 163 40 - let%span ssparse_array17 = "sparse_array.rs" 165 14 165 15 - let%span ssparse_array18 = "sparse_array.rs" 166 14 166 15 - let%span ssparse_array19 = "sparse_array.rs" 167 18 167 40 - let%span ssparse_array20 = "sparse_array.rs" 169 14 169 15 - let%span ssparse_array21 = "sparse_array.rs" 170 14 170 15 - let%span ssparse_array22 = "sparse_array.rs" 171 18 171 40 - let%span ssparse_array23 = "sparse_array.rs" 134 42 134 47 - let%span ssparse_array24 = "sparse_array.rs" 134 55 134 64 - let%span ssparse_array25 = "sparse_array.rs" 132 10 132 27 - let%span ssparse_array26 = "sparse_array.rs" 133 10 133 65 - let%span ssparse_array27 = "sparse_array.rs" 88 16 88 20 - let%span ssparse_array28 = "sparse_array.rs" 79 15 79 31 - let%span ssparse_array29 = "sparse_array.rs" 88 35 88 45 - let%span ssparse_array30 = "sparse_array.rs" 80 14 83 5 - let%span ssparse_array31 = "sparse_array.rs" 84 14 87 5 - let%span ssparse_array32 = "sparse_array.rs" 112 20 112 24 - let%span ssparse_array33 = "sparse_array.rs" 112 36 112 37 - let%span ssparse_array34 = "sparse_array.rs" 108 15 108 31 - let%span ssparse_array35 = "sparse_array.rs" 109 14 109 43 - let%span ssparse_array36 = "sparse_array.rs" 110 14 110 93 - let%span ssparse_array37 = "sparse_array.rs" 111 14 111 37 +module M_sparse_array__f [#"sparse_array.rs" 157 0 157 10] + let%span ssparse_array0 = "sparse_array.rs" 158 18 158 19 + let%span ssparse_array1 = "sparse_array.rs" 159 23 159 25 + let%span ssparse_array2 = "sparse_array.rs" 160 23 160 25 + let%span ssparse_array3 = "sparse_array.rs" 161 22 161 23 + let%span ssparse_array4 = "sparse_array.rs" 162 22 162 23 + let%span ssparse_array5 = "sparse_array.rs" 163 18 163 40 + let%span ssparse_array6 = "sparse_array.rs" 165 10 165 11 + let%span ssparse_array7 = "sparse_array.rs" 165 13 165 14 + let%span ssparse_array8 = "sparse_array.rs" 166 10 166 11 + let%span ssparse_array9 = "sparse_array.rs" 166 13 166 14 + let%span ssparse_array10 = "sparse_array.rs" 167 14 167 15 + let%span ssparse_array11 = "sparse_array.rs" 168 14 168 15 + let%span ssparse_array12 = "sparse_array.rs" 169 18 172 5 + let%span ssparse_array13 = "sparse_array.rs" 173 18 176 5 + let%span ssparse_array14 = "sparse_array.rs" 178 14 178 15 + let%span ssparse_array15 = "sparse_array.rs" 179 14 179 15 + let%span ssparse_array16 = "sparse_array.rs" 180 18 180 40 + let%span ssparse_array17 = "sparse_array.rs" 182 14 182 15 + let%span ssparse_array18 = "sparse_array.rs" 183 14 183 15 + let%span ssparse_array19 = "sparse_array.rs" 184 18 184 40 + let%span ssparse_array20 = "sparse_array.rs" 186 14 186 15 + let%span ssparse_array21 = "sparse_array.rs" 187 14 187 15 + let%span ssparse_array22 = "sparse_array.rs" 188 18 188 40 + let%span ssparse_array23 = "sparse_array.rs" 151 34 151 39 + let%span ssparse_array24 = "sparse_array.rs" 151 47 151 56 + let%span ssparse_array25 = "sparse_array.rs" 149 10 149 27 + let%span ssparse_array26 = "sparse_array.rs" 150 10 150 65 + let%span ssparse_array27 = "sparse_array.rs" 105 16 105 20 + let%span ssparse_array28 = "sparse_array.rs" 96 15 96 31 + let%span ssparse_array29 = "sparse_array.rs" 105 35 105 45 + let%span ssparse_array30 = "sparse_array.rs" 97 14 100 5 + let%span ssparse_array31 = "sparse_array.rs" 101 14 104 5 + let%span ssparse_array32 = "sparse_array.rs" 129 20 129 24 + let%span ssparse_array33 = "sparse_array.rs" 129 36 129 37 + let%span ssparse_array34 = "sparse_array.rs" 125 15 125 31 + let%span ssparse_array35 = "sparse_array.rs" 126 14 126 43 + let%span ssparse_array36 = "sparse_array.rs" 127 14 127 93 + let%span ssparse_array37 = "sparse_array.rs" 128 14 128 37 let%span smodel38 = "../../../creusot-contracts/src/model.rs" 88 8 88 22 let%span ssparse_array39 = "sparse_array.rs" 40 12 41 82 let%span smodel40 = "../../../creusot-contracts/src/model.rs" 106 8 106 22 - let%span ssparse_array41 = "sparse_array.rs" 72 20 73 52 + let%span ssparse_array41 = "sparse_array.rs" 89 20 90 52 let%span sindex42 = "../../../creusot-contracts/src/logic/ops/index.rs" 23 8 23 31 - let%span ssparse_array43 = "sparse_array.rs" 51 12 59 17 + let%span ssparse_array43 = "sparse_array.rs" 68 12 76 17 let%span svec44 = "../../../creusot-contracts/src/std/vec.rs" 18 14 18 41 let%span sinvariant45 = "../../../creusot-contracts/src/invariant.rs" 24 8 24 18 let%span sinvariant46 = "../../../creusot-contracts/src/invariant.rs" 34 20 34 44 @@ -1221,7 +1432,7 @@ module M_sparse_array__f [#"sparse_array.rs" 140 0 140 10] function index_logic'1 [@inline:trivial] (self : t_Vec'1) (ix : int) : usize = [%#sindex42] Seq.get (view'5 self) ix - predicate invariant'0 [#"sparse_array.rs" 49 4 49 30] (self : t_Sparse'0) = + predicate invariant'0 [#"sparse_array.rs" 66 4 66 30] (self : t_Sparse'0) = [%#ssparse_array43] UIntSize.to_int self.t_Sparse__n'0 <= UIntSize.to_int self.t_Sparse__size'0 /\ Seq.length (view'4 self.t_Sparse__values'0) = UIntSize.to_int self.t_Sparse__size'0 /\ Seq.length (view'5 self.t_Sparse__idx'0) = UIntSize.to_int self.t_Sparse__size'0 @@ -1249,7 +1460,7 @@ module M_sparse_array__f [#"sparse_array.rs" 140 0 140 10] use prelude.prelude.Borrow - function is_elt'0 [#"sparse_array.rs" 71 4 71 36] (self : t_Sparse'0) (i : int) : bool = + function is_elt'0 [#"sparse_array.rs" 88 4 88 36] (self : t_Sparse'0) (i : int) : bool = [%#ssparse_array41] UIntSize.to_int (index_logic'1 self.t_Sparse__idx'0 i) < UIntSize.to_int self.t_Sparse__n'0 /\ UIntSize.to_int (index_logic'1 self.t_Sparse__back'0 (UIntSize.to_int (index_logic'1 self.t_Sparse__idx'0 i))) = i @@ -1456,3 +1667,207 @@ module M_sparse_array__f [#"sparse_array.rs" 140 0 140 10] | & _38 : t_Option'0 = any_l () ] [ return' (result:())-> (! return' {result}) ] end +module M_sparse_array__qyi13879026616235705248__resolve_coherence__refines [#"sparse_array.rs" 60 4 60 31] (* as creusot_contracts::Resolve> *) + let%span ssparse_array0 = "sparse_array.rs" 60 4 60 31 + let%span ssparse_array1 = "sparse_array.rs" 51 12 51 72 + let%span ssparse_array2 = "sparse_array.rs" 40 12 41 82 + let%span svec3 = "../../../creusot-contracts/src/std/vec.rs" 49 20 49 83 + let%span sinvariant4 = "../../../creusot-contracts/src/invariant.rs" 24 8 24 18 + let%span ssparse_array5 = "sparse_array.rs" 89 20 90 52 + let%span sindex6 = "../../../creusot-contracts/src/logic/ops/index.rs" 23 8 23 31 + let%span sresolve7 = "../../../creusot-contracts/src/resolve.rs" 82 8 85 9 + let%span svec8 = "../../../creusot-contracts/src/std/vec.rs" 18 14 18 41 + let%span ssparse_array9 = "sparse_array.rs" 68 12 76 17 + let%span svec10 = "../../../creusot-contracts/src/std/vec.rs" 65 20 65 41 + let%span sseq11 = "../../../creusot-contracts/src/logic/seq.rs" 611 20 611 95 + let%span sboxed12 = "../../../creusot-contracts/src/std/boxed.rs" 28 8 28 18 + + use prelude.prelude.Borrow + + use prelude.prelude.UIntSize + + use prelude.prelude.Opaque + + type t_NonNull'0 = + { t_NonNull__pointer'0: opaque_ptr } + + type t_Unique'0 = + { t_Unique__pointer'0: t_NonNull'0; t_Unique__qy95zmarker'0: () } + + type t_Cap'0 = + { t_Cap__0'0: usize } + + type t_RawVec'0 = + { t_RawVec__ptr'0: t_Unique'0; t_RawVec__cap'0: t_Cap'0; t_RawVec__alloc'0: () } + + type t_Vec'0 = + { t_Vec__buf'0: t_RawVec'0; t_Vec__len'0: usize } + + type t_NonNull'1 = + { t_NonNull__pointer'1: opaque_ptr } + + type t_Unique'1 = + { t_Unique__pointer'1: t_NonNull'1; t_Unique__qy95zmarker'1: () } + + type t_RawVec'1 = + { t_RawVec__ptr'1: t_Unique'1; t_RawVec__cap'1: t_Cap'0; t_RawVec__alloc'1: () } + + type t_Vec'1 = + { t_Vec__buf'1: t_RawVec'1; t_Vec__len'1: usize } + + type t_Sparse'0 = + { t_Sparse__size'0: usize; + t_Sparse__n'0: usize; + t_Sparse__values'0: t_Vec'0; + t_Sparse__idx'0: t_Vec'1; + t_Sparse__back'0: t_Vec'1 } + + use prelude.prelude.Int + + use seq.Seq + + constant v_MAX'0 : usize = (18446744073709551615 : usize) + + use prelude.prelude.UIntSize + + use seq.Seq + + function view'1 (self : t_Vec'1) : Seq.seq usize + + axiom view'1_spec : forall self : t_Vec'1 . [%#svec8] Seq.length (view'1 self) <= UIntSize.to_int (v_MAX'0 : usize) + + use seq.Seq + + function index_logic'1 [@inline:trivial] (self : t_Vec'1) (ix : int) : usize = + [%#sindex6] Seq.get (view'1 self) ix + + predicate resolve'3 (_1 : usize) = + true + + predicate resolve'5 (self : t_Vec'1) = + [%#svec3] forall i : int . 0 <= i /\ i < Seq.length (view'1 self) -> resolve'3 (index_logic'1 self i) + + predicate resolve'1 (_1 : t_Vec'1) = + resolve'5 _1 + + use seq.Seq + + type t_T'0 + + use seq.Seq + + function view'2 (self : t_Vec'0) : Seq.seq t_T'0 + + axiom view'2_spec : forall self : t_Vec'0 . [%#svec8] Seq.length (view'2 self) <= UIntSize.to_int (v_MAX'0 : usize) + + use seq.Seq + + function index_logic'0 [@inline:trivial] (self : t_Vec'0) (ix : int) : t_T'0 = + [%#sindex6] Seq.get (view'2 self) ix + + predicate resolve'8 (_1 : t_T'0) + + predicate resolve'6 (self : t_Vec'0) = + [%#svec3] forall i : int . 0 <= i /\ i < Seq.length (view'2 self) -> resolve'8 (index_logic'0 self i) + + predicate resolve'2 (_1 : t_Vec'0) = + resolve'6 _1 + + predicate structural_resolve'0 (_1 : t_Sparse'0) = + match _1 with + | {t_Sparse__size'0 = x0 ; t_Sparse__n'0 = x1 ; t_Sparse__values'0 = x2 ; t_Sparse__idx'0 = x3 ; t_Sparse__back'0 = x4} -> resolve'1 x4 + /\ resolve'1 x3 /\ resolve'2 x2 /\ resolve'3 x1 /\ resolve'3 x0 + end + + predicate invariant'1 [#"sparse_array.rs" 66 4 66 30] (self : t_Sparse'0) = + [%#ssparse_array9] UIntSize.to_int self.t_Sparse__n'0 <= UIntSize.to_int self.t_Sparse__size'0 + /\ Seq.length (view'2 self.t_Sparse__values'0) = UIntSize.to_int self.t_Sparse__size'0 + /\ Seq.length (view'1 self.t_Sparse__idx'0) = UIntSize.to_int self.t_Sparse__size'0 + /\ Seq.length (view'1 self.t_Sparse__back'0) = UIntSize.to_int self.t_Sparse__size'0 + /\ (forall i : int . 0 <= i /\ i < UIntSize.to_int self.t_Sparse__n'0 + -> match index_logic'1 self.t_Sparse__back'0 i with + | j -> 0 <= UIntSize.to_int j + /\ UIntSize.to_int j < UIntSize.to_int self.t_Sparse__size'0 + /\ UIntSize.to_int (index_logic'1 self.t_Sparse__idx'0 (UIntSize.to_int j)) = i + end) + + use seq.Seq + + predicate inv'5 (_1 : t_T'0) + + predicate invariant'4 (self : t_T'0) = + [%#sboxed12] inv'5 self + + predicate inv'4 (_1 : t_T'0) + + axiom inv_axiom'4 [@rewrite] : forall x : t_T'0 [inv'4 x] . inv'4 x = invariant'4 x + + predicate invariant'3 (self : Seq.seq t_T'0) = + [%#sseq11] forall i : int . 0 <= i /\ i < Seq.length self -> inv'4 (Seq.get self i) + + predicate inv'3 (_1 : Seq.seq t_T'0) + + axiom inv_axiom'3 [@rewrite] : forall x : Seq.seq t_T'0 [inv'3 x] . inv'3 x = invariant'3 x + + predicate invariant'2 (self : t_Vec'0) = + [%#svec10] inv'3 (view'2 self) + + predicate inv'2 (_1 : t_Vec'0) + + axiom inv_axiom'2 [@rewrite] : forall x : t_Vec'0 [inv'2 x] . inv'2 x = invariant'2 x + + predicate inv'1 (_1 : t_Sparse'0) + + axiom inv_axiom'1 [@rewrite] : forall x : t_Sparse'0 [inv'1 x] . inv'1 x + = (invariant'1 x + /\ match x with + | {t_Sparse__size'0 = size ; t_Sparse__n'0 = n ; t_Sparse__values'0 = values ; t_Sparse__idx'0 = idx ; t_Sparse__back'0 = back} -> inv'2 values + end) + + predicate invariant'0 (self : t_Sparse'0) = + [%#sinvariant4] inv'1 self + + predicate inv'0 (_1 : t_Sparse'0) + + axiom inv_axiom'0 [@rewrite] : forall x : t_Sparse'0 [inv'0 x] . inv'0 x = invariant'0 x + + type t_Option'0 = + | C_None'0 + | C_Some'0 t_T'0 + + use seq.Seq + + function is_elt'0 [#"sparse_array.rs" 88 4 88 36] (self : t_Sparse'0) (i : int) : bool = + [%#ssparse_array5] UIntSize.to_int (index_logic'1 self.t_Sparse__idx'0 i) < UIntSize.to_int self.t_Sparse__n'0 + /\ UIntSize.to_int (index_logic'1 self.t_Sparse__back'0 (UIntSize.to_int (index_logic'1 self.t_Sparse__idx'0 i))) + = i + + use prelude.prelude.Mapping + + use seq.Seq + + function view'0 [#"sparse_array.rs" 38 4 38 33] (self : t_Sparse'0) : Seq.seq (t_Option'0) = + [%#ssparse_array2] Seq.create (UIntSize.to_int self.t_Sparse__size'0) (Mapping.from_fn (fun (i : int) -> if is_elt'0 self i then + C_Some'0 (index_logic'0 self.t_Sparse__values'0 i) + else + C_None'0 + )) + + use seq.Seq + + predicate resolve'7 (self : t_Option'0) = + [%#sresolve7] match self with + | C_Some'0 x -> resolve'8 x + | C_None'0 -> true + end + + predicate resolve'4 (_1 : t_Option'0) = + resolve'7 _1 + + predicate resolve'0 [#"sparse_array.rs" 49 4 49 28] (self : t_Sparse'0) = + [%#ssparse_array1] forall i : int . 0 <= i /\ i < UIntSize.to_int self.t_Sparse__size'0 + -> resolve'4 (Seq.get (view'0 self) i) + + goal refines : [%#ssparse_array0] forall self : t_Sparse'0 . structural_resolve'0 self /\ inv'0 self + -> structural_resolve'0 self /\ inv'0 self /\ (forall result : () . resolve'0 self -> resolve'0 self) +end diff --git a/creusot/tests/should_succeed/sparse_array.rs b/creusot/tests/should_succeed/sparse_array.rs index e304cc94a3..3d4bec997f 100644 --- a/creusot/tests/should_succeed/sparse_array.rs +++ b/creusot/tests/should_succeed/sparse_array.rs @@ -43,6 +43,23 @@ impl View for Sparse { } } +impl Resolve for Sparse { + #[open(self)] + #[predicate(prophetic)] + fn resolve(self) -> bool { + pearlite! { + forall 0 <= i && i < self.size@ ==> resolve(&self@[i]) + } + } + + #[open(self)] + #[logic(prophetic)] + #[requires(inv(self))] + #[requires(structural_resolve(self))] + #[ensures((*self).resolve())] + fn resolve_coherence(&self) {} +} + impl Invariant for Sparse { #[open(self)] #[predicate] @@ -131,7 +148,7 @@ impl Sparse { */ #[ensures(result.size == sz)] #[ensures(forall 0 <= i && i < sz@ ==> result@[i] == None)] -pub fn create(sz: usize, dummy: T) -> Sparse { +pub fn create(sz: usize, dummy: T) -> Sparse { Sparse { size: sz, n: 0, values: vec![dummy; sz], idx: vec![0; sz], back: vec![0; sz] } } diff --git a/creusot/tests/should_succeed/sparse_array/why3session.xml b/creusot/tests/should_succeed/sparse_array/why3session.xml index 24ad37c560..c438d10e8c 100644 --- a/creusot/tests/should_succeed/sparse_array/why3session.xml +++ b/creusot/tests/should_succeed/sparse_array/why3session.xml @@ -2,12 +2,22 @@ - + + + + + + + + + + + @@ -31,7 +41,7 @@ - + @@ -48,7 +58,7 @@ - + @@ -65,7 +75,7 @@ - + @@ -76,7 +86,7 @@ - + @@ -96,20 +106,20 @@ - + - + - + - + @@ -130,14 +140,14 @@ - + - + @@ -152,7 +162,7 @@ - + diff --git a/creusot/tests/should_succeed/sparse_array/why3shapes.gz b/creusot/tests/should_succeed/sparse_array/why3shapes.gz index 05dd8cd08bcdb5d93b2a6a1e90e5a2f81e9f90d2..2a742f7004c030a06158d534a3400ed527678d71 100644 GIT binary patch literal 3437 zcmV-z4U+O7iwFP!00000|Lr=d3^s5Iv%Y_Fo3*>&-S7rK zmdCPK*2NHj8rlO;L(94t0${`U0NC(lUCiEeEA4ixzkP6D$SKh1X4%&eN3)pyiD^$nbez#BXfVOO0_)#-GC zCmMb!a%AtfgX4}oCmPv-utqNX)j0mt9z-{4Sr@ZWc<4QVX!No!#_?zN0J1U5y6ECh zH$YPX2y7UE)BxL)Pz`j(Evus-lzkA&J_zOP&Cb19{q%5O+_Yy7+Pzu*?cse1p$1e9 zZcxj9HG7jQ7VIiCd~!dh-QM=B0n-`3LAG$O&;8URH@M$bH*nyN;?})&+tri1du%~i z7r4DmR{P(!E!7r&uLFv92d(_W<9*ydkGklh5BG+>5z}C|?sbFQ{eAP876-$9y$SYY z4*Ku?(Q#Y4yKNe9zICsAWIB*(A&Lec51`AT{aAz0ZR&w`-i2Q}>(OmZpfs}HGl;$I zIt6eFsFe=CtL3m-?p2S`=dy!@_bttj2l0+=#!gjV$A5MvgWhCtY_bb@$I*rpFhjA~ zD6j2*?KZGEP1)>n#iUv>sa8xHS4^xG6Ki(Gam9pMF`-sW=qn~%Q88J~ysRc(R`Twv z*MYh9%)N5!Q#Wnb|LO}#iT|Ph+PCLm54EY_<>X$wzcc_1^hM26oG zTeq=!?)|s~UvHkO;kwW8O z=Cu>xwG-gAI}kOz#JH?OE$djTIySN*$y&!{spCgV%M#twt%$1CTlLkOT~)n#U%ho- zz4cM`#=d$}U%ks}7!M7oQo8ry@Tx4&__YC5BTb(KO9N^O;kJsUdWB6%KK-h`g_8M} zhvj|)(qJ=!dz$sR&8^3&YqV)kORx)%n@zgkjllBye!t|-KWsJ+pHjSe|I2gO1;bY2G_z)-?(1Az-_lg6xZeTh}J! z8wk2dA0OA7w4HS&Ws|m#ce~lJn7usz9`XV=YAKYzyB@3?4OZ!H`{`}kd>h#g+{->0 zC9l0W!&&I%Tv7`m!jNY3>C^60)&D3)-VA0x#IsnPV~2u1jqK{y@z}yQa3y@3@{aqE z@qTM#?aYSgetUKgK=m`fhSxZzRVOSA!|Y0e2h=|GbZ@5X@eudpgn7FD;4~kJ1E-`iyFw& zJM_ns_vrh{5N4v(ZPRX^?zfMdw4MKnbxrWQ5~c5^z<+YD-MhYa&W5AWh|{}aSG#{R zW(8+)%TRfQTt>s6+VQeyU3yuh2@$*20%>_(y1w?;N#8wAk8Q>ozE}Z!v7*q@GgqbJ0$PyZcMNf?oUydF8*N%s~|8;fe{{HykF0n=D^wW2L`2NLxKk!Gp$p*Xjyc`odc|sBBCh7G< z*W8;k{y5d6O*L@F9T50rJ0f0`d>MW^)6itI@^b8sI`C~q+abU6YiHcLwiCxrXLZ4HZw_=|X_;`>0VX_I69i_F;HJRMoVYs3BWWxKy_*2Fo*l;pw<5fxf zKiNd*%FB8jbB7`_Y&+clT;C=In62-3>F2bWKRl&PzI*sIJG9(;+Tt?_e%<^JJ=g2( zJJ^Y1E55*N|AMld4y%Xr!tzz_a4JoUY2b#`@T9VR(az1J4s^=kOzP;suFN*=*i34< znErxLggHjK{VD@C$QzOu4A%l+L%d2*!nr}d_~Q8aVwQt5Z<5bMdqJw9K0K8D47A(n z-Ce?9FBgd-7m3^B>{vwq{M^{8&0i!fwrZT!?-|2i67a|)LEK(lPYcrT!W!eFMW`o& zP)`J5d?<(YoDu6eBaY7*rw-ElD^I+ha$r+hc#usK$rx z{Y{?!B99tny<-|c<%m!;AiJZ*!|jT}@nQqipC&HrJ&X&4ZtLfk)!oC->(E{&YQTg& zRdY(!ERQ!Cwuh7zuHL`^)v>2S>x7AHknNcuJ7I!siiwuESP zW^l=m^+(so$JZu&)UI49k z*M?W-usbcM21`i3I=~;rmtItV>%A`WdR^psUF7w;$SGaSP#4+jA}{J9dtGGfCNcIJ zKk}OR0@^yD z4UfD=U*I)y-fQA{ugzu{Tuw|tj7gBxi6xeuLXDCu$wHoMtE{xba!VF1ST+mZWbov3 zU@RdCh+YE=s14@qb3p+Z;xKDwfrNq_bL3oytfNm-W|mYy?Ue^N*A|6EZjmgaMX<;$ z7z^5hvLG!83)})(z*&+aDz7t36iqOaE60?~5fo<}y_##wnI&e?SkxAkMQPbAGRZU( z=$&SclmtmiWTuU05LGN_WGrz@WC<<7DG5O?n8ag@;DcAhc+?T2r%Wm`Z>}JrGI-52 zBtscRQa%aCFewyCDs6N}LR_YTGNE9cyC6_Al*wswMmm!Ty$>`eWl26u#vn67WG)jJ zPl+HP^M+V3k|N4#k}C*>c zGi4kX%H%52RkQ?)N|TgRIcN01&@qxxiRfG`As~zu+6rZb{5;wuo#Yx>N>MWHf>4lT zc7l2BBt|)xXeC(5zMO^QI!P0<(JE&UEE$F9m}3lu2A1ZMTS;HbMFkU+4vu_w+7Xe* zETRuFdBqU)TuLj&3osHvfRYZKj7-R&wDG|kk-RZpX^eA4R-sj36|>SCY6x>CZfXBe+N?WC@lHY{8 zI5Q5IjugFQp%Y(&yNhXgqUqaw_Km8KFbF!mdW7qe0(p<-kx zWMNc92$2{t#SLgZ2PQ2rVS#ZAjJ|QuD*yo)V_*V;cBG}`QI-xnN`7XU-Zt+&fi`J)KzlHw+YK*=!*UU82pXu}*3 z$c$kQC@dhifMxte3kVjJy<{Gk@}aBOfcnSRB}k!3Q|92a&(8G~ac^GtxQ1hnAJ`BaGT@(qn!;ADZL1r8QCvp~iI P>Dj*l+QY5aSV8~*+)cZI delta 3269 zcmV;$3_A1e8qXPjABzY8000000RQbeO>Y~?v3LFo0`H)_U^l*k8QnD?1onQ?ZYR=SmRaaF{^&kE?-@bDn({}!tHrw_6 z-Jj=j{>T5F?LN8n-QyKDY*`oe88xu1ilGtdYxpH3Z>}+Jopu zE$d=PcW%3Sbhi&J2-}mu-X^R4yKPIg zh2QIdVp*uI{QbjS+&+!E=%NqzhP@KgU^nhFl4&oi#jGd~!j{odT2EEDP*kl**j-w4HV1{C|QC{1>?KZGk z&eDf}kGo%2ZOT2#fzYti9C!r78n~1vsll40u_kF8Corm+ooZ&MaSG%$iSU|3c$eXz z(NhUdEJnFY)YK(v<`PAXz}$M~-njLtTes_fm5jDcw|Q3f%h2EL({r#b`5rGP_tyQT z0cfBvLWf{H3G^1P0bI`9_F?lrh28owxjY$vbsdlGHf?q(&h!1|!^5pBO#k9?$@}Yt zd(-CsbI6O<1P#z%3)XtOO1HbJ-MWqCbI)%EYTkT-d2XIG_Tu1{ag@FOLR}SE~-|0)mMA=tZL8uYOnihuaBxd_SK&HYF}2vcxXVCQoj#}H)VOouMMag zY5F8s8cR0tCluWriEcY9b2AdJw)4X@ctZORPL%?=91=$x7x2{dgD+sztpB~nmw4HS&Xp^=Nx4YS}_`N*;9`XV= zYAKZew>{VNVEC;dH1=0>VFg? z*VP`S&%m=-onwcBK920_*74ZFSMW^uHsu}nE#v*x#@d+;(Y3z12_8`U)YCnguE#^%PZQ?p`h(MaBo3U0T32Q#qMjvGwZ*ZvUqa|W;cZ>Ib=8I@ zBfc$Dr>($<>Um4G(RI-cm*w4m2j{-AiJdKKAW!emA5Y$+hJ6S#QR=p7H&1ulhfUhf z|A%!=@cR;_@29|ja&O)HzIM)rN2w8~_rtDs|76Sx&f=Cs=n--`O8(RyM|;+#mqnTo zv1=`mmglAGYk&PR;2y`);a6?bL6p~Kc?D*FYFxBGWChs&q)NQ}Y%|V(@WBe$ixq{I zo_SU(E}#Vo{v+aj@l*fx!mSSH@pY>(f?I#ei?7dLtNIN>?U!Q*|9{8B-Tk_{b$@^O zc$?UwbNcDC-+lk$z90Cb-DHDZdtQ!-ojjokbSLTceb?NZGyXW$qfIq%#vKs&WIG~W zlzch-bf%%nX65DB9d+P;)9mD)$S~+=q6vQu@do^lYhx$X=o|kFx}i1>(~ZtlV2a#TOF%w(~#qT%Tv(!A=}o@deKIFDT3DVf8Ry zEMMggQ*2sH12?3Glg;))du}Fmpi>Ucq>cu5cb)K7ogot@9q)?d$~vyxk%g`XU8J? zm*>V-ZT=!@u~p-&eoq+wl7L4Z3F7A2^|T=UM_6M#T7)_gggOy~@lX!yoDu7s5yx}J zsX=;wMT*xs9zR@v5_O0vPG*nT$dlRQbw?H0*dF^iqZ$u?-TRwA{ly_0z;bT)o48(oH*x*r+$Q$myqxfvcVM8Gp~9o2f7zP>s`0u6+7&v<TkW*MLu5_d0rR!d|l*}E@r5U>~)bBb& zBFF`kc#IKz@QN6ZI%4#cNk!((vxuk+UNa5JP)3oIPr@-w3PqAi8(oQrC+MI|C>ZB1 z2-FN^a+;ix&SXOG1IS&%yUSEXUaG(l*zqR&!Z+-RGOp=%rgMUK+dt~ zgyX_#uBi<@FqR9;x#eUzS`L;oOU9D6q%28G!VEOs`ryUV_%p&>_lUEEu&xN!?yZ|E+1Ssjy$;gBZ zN*f=%5y>0lmBu)iWF=Y&Rx&G$71|1a^-Ua^OFEHvjxut?GiWb>2?;Vd6N$GRg_Zn; z`3BlCvjG~AGpDn-FvbP0G2d@i+>%1Zev+$DDmbc6(;RAi1K4;->0&m~8r=F${z zzMcS1Ba1*<2AKkLCA72;6l7qTIVa}|tYWV#L&hw4&>C`zA_XP6Qy$0B|{(sWdfS)d{R2{x#m`r)%abdVgVF$1}JC9#vA3L3oJ$!y(h-fTpO#k)yisV zwfGGr6f$V-bBrwTpkg*6X`e%a9D-31<_4_+YuIlfTg*zCgo=@&kcCkZAw*)p6gQyt z+(>JLHQX9{rQp$s&JXG*K9Vs`wF@`~d{@i4d}j z-XsQEY7=uZDkc{IL&(L!z|@Z+tV@cU7y>27D0sy^rl1XTKp-=QIe@Ux9!AJQdlCi< zz$`Fhf$85?dd5;RLbJpS$-sRuOi)lRB4Z&LUCJtyGgmou{fG*fs8q-m(FNC$jRWRPrTX zd*u*g)FBd>QLX>swNbHraLAN|*Wi^dCwJ#CgcK4dm)j2xs4SqgfWiWn-{s>MT0pQ+ zzF~+NZ(AK;QO4ky$vhLFD={p%b3W}qnF$M2{*o01LJI^Ih*>~m0rl+P0uKkc^*;ar D_+DOA