diff --git a/creusot-contracts/src/std/array.rs b/creusot-contracts/src/std/array.rs index 09d78167d..a86ac7510 100644 --- a/creusot-contracts/src/std/array.rs +++ b/creusot-contracts/src/std/array.rs @@ -1,4 +1,9 @@ -use crate::{invariant::*, *}; +use crate::{ + invariant::*, + std::iter::{IntoIterator, Iterator}, + *, +}; +use ::std::array::*; impl Invariant for [T; N] { #[predicate(prophetic)] @@ -37,3 +42,54 @@ impl DeepModel for [T; N] { dead } } + +impl View for IntoIter { + type ViewTy = Seq; + + #[logic] + #[trusted] + #[open] + fn view(self) -> Self::ViewTy { + dead + } +} + +impl Iterator for IntoIter { + #[open] + #[predicate(prophetic)] + fn produces(self, visited: Seq, o: Self) -> bool { + pearlite! { self@ == visited.concat(o@) } + } + + #[open] + #[predicate(prophetic)] + fn completed(&mut self) -> bool { + pearlite! { self.resolve() && self@ == Seq::EMPTY } + } + + #[law] + #[open] + #[ensures(self.produces(Seq::EMPTY, self))] + fn produces_refl(self) {} + + #[law] + #[open] + #[requires(a.produces(ab, b))] + #[requires(b.produces(bc, c))] + #[ensures(a.produces(ab.concat(bc), c))] + fn produces_trans(a: Self, ab: Seq, b: Self, bc: Seq, c: Self) {} +} + +impl IntoIterator for [T; N] { + #[predicate] + #[open] + fn into_iter_pre(self) -> bool { + pearlite! { true } + } + + #[predicate(prophetic)] + #[open] + fn into_iter_post(self, res: Self::IntoIter) -> bool { + pearlite! { self@ == res@ } + } +} diff --git a/creusot-contracts/src/std/iter.rs b/creusot-contracts/src/std/iter.rs index 3c1388236..be4286824 100644 --- a/creusot-contracts/src/std/iter.rs +++ b/creusot-contracts/src/std/iter.rs @@ -147,7 +147,7 @@ extern_spec! { #[pure] // These two requirements are here only to prove the absence of overflows - #[requires(forall i.completed() ==> i.produces(Seq::EMPTY, ^i))] + #[requires(forall (*i).completed() ==> (*i).produces(Seq::EMPTY, ^i))] #[requires(forall, i: Self_> self.produces(s, i) ==> s.len() < std::usize::MAX@)] #[ensures(result.iter() == self && result.n() == 0)] fn enumerate(self) -> Enumerate; @@ -203,3 +203,29 @@ extern_spec! { } } } + +impl Iterator for &mut I { + #[open] + #[predicate(prophetic)] + fn produces(self, visited: Seq, o: Self) -> bool { + pearlite! { (*self).produces(visited, *o) && ^self == ^o } + } + + #[open] + #[predicate(prophetic)] + fn completed(&mut self) -> bool { + pearlite! { (*self).completed() && ^*self == ^^self } + } + + #[law] + #[open] + #[ensures(self.produces(Seq::EMPTY, self))] + fn produces_refl(self) {} + + #[law] + #[open] + #[requires(a.produces(ab, b))] + #[requires(b.produces(bc, c))] + #[ensures(a.produces(ab.concat(bc), c))] + fn produces_trans(a: Self, ab: Seq, b: Self, bc: Seq, c: Self) {} +} diff --git a/creusot-contracts/src/std/iter/enumerate.rs b/creusot-contracts/src/std/iter/enumerate.rs index dad51bd34..bfd25a458 100644 --- a/creusot-contracts/src/std/iter/enumerate.rs +++ b/creusot-contracts/src/std/iter/enumerate.rs @@ -46,7 +46,7 @@ impl Invariant for Enumerate { #![trigger self.iter().produces(s, i)] self.iter().produces(s, i) ==> self.n() + s.len() < std::usize::MAX@) - && (forall i.completed() ==> i.produces(Seq::EMPTY, ^i)) + && (forall (*i).completed() ==> (*i).produces(Seq::EMPTY, ^i)) } } } diff --git a/creusot-contracts/src/std/iter/zip.rs b/creusot-contracts/src/std/iter/zip.rs index cd9b1400f..4ec427232 100644 --- a/creusot-contracts/src/std/iter/zip.rs +++ b/creusot-contracts/src/std/iter/zip.rs @@ -33,8 +33,8 @@ impl Iterator for Zip { *a == (*self).itera() && *b == (*self).iterb() && ^a == (^self).itera() && ^b == (^self).iterb() && (a.completed() && resolve(&b) - || exists inv(x) && a.produces(Seq::singleton(x), ^a) && - resolve(&x) && b.completed()) + || exists inv(x) && (*a).produces(Seq::singleton(x), ^a) && + resolve(&x) && (*b).completed()) } } diff --git a/creusot/tests/creusot-contracts/creusot-contracts.coma b/creusot/tests/creusot-contracts/creusot-contracts.coma index 73be482c3..0c2ae723a 100644 --- a/creusot/tests/creusot-contracts/creusot-contracts.coma +++ b/creusot/tests/creusot-contracts/creusot-contracts.coma @@ -1,3 +1,97 @@ +module M_creusot_contracts__stdqy35z1__array__qyi15505960269205342033__produces_refl [#"../../../creusot-contracts/src/std/array.rs" 73 4 73 26] (* as std::iter::Iterator> *) + let%span sarray0 = "../../../creusot-contracts/src/std/array.rs" 72 14 72 45 + let%span sarray1 = "../../../creusot-contracts/src/std/array.rs" 70 4 70 10 + let%span sarray2 = "../../../creusot-contracts/src/std/array.rs" 61 20 61 47 + + use seq.Seq + + type t_T'0 + + use seq.Seq + + use prelude.prelude.Slice + + type t_ManuallyDrop'0 = + { t_ManuallyDrop__value'0: t_T'0 } + + type t_MaybeUninit'0 = + { t_MaybeUninit__uninit'0: (); t_MaybeUninit__value'0: t_ManuallyDrop'0 } + + use prelude.prelude.UIntSize + + type t_IndexRange'0 = + { t_IndexRange__start'0: usize; t_IndexRange__end'0: usize } + + type t_IntoIter'0 = + { t_IntoIter__data'0: array (t_MaybeUninit'0); t_IntoIter__alive'0: t_IndexRange'0 } + + function view'0 [#"../../../creusot-contracts/src/std/array.rs" 52 4 52 33] (self : t_IntoIter'0) : Seq.seq t_T'0 + + use seq.Seq + + predicate produces'0 [#"../../../creusot-contracts/src/std/array.rs" 60 4 60 64] (self : t_IntoIter'0) (visited : Seq.seq t_T'0) (o : t_IntoIter'0) + + = + [%#sarray2] view'0 self = Seq.(++) visited (view'0 o) + + constant self : t_IntoIter'0 + + function produces_refl'0 [#"../../../creusot-contracts/src/std/array.rs" 73 4 73 26] (self : t_IntoIter'0) : () + + goal vc_produces_refl'0 : [%#sarray0] produces'0 self (Seq.empty : Seq.seq t_T'0) self +end +module M_creusot_contracts__stdqy35z1__array__qyi15505960269205342033__produces_trans [#"../../../creusot-contracts/src/std/array.rs" 80 4 80 90] (* as std::iter::Iterator> *) + let%span sarray0 = "../../../creusot-contracts/src/std/array.rs" 77 15 77 32 + let%span sarray1 = "../../../creusot-contracts/src/std/array.rs" 78 15 78 32 + let%span sarray2 = "../../../creusot-contracts/src/std/array.rs" 79 14 79 42 + let%span sarray3 = "../../../creusot-contracts/src/std/array.rs" 75 4 75 10 + let%span sarray4 = "../../../creusot-contracts/src/std/array.rs" 61 20 61 47 + + use prelude.prelude.Slice + + type t_T'0 + + type t_ManuallyDrop'0 = + { t_ManuallyDrop__value'0: t_T'0 } + + type t_MaybeUninit'0 = + { t_MaybeUninit__uninit'0: (); t_MaybeUninit__value'0: t_ManuallyDrop'0 } + + use prelude.prelude.UIntSize + + type t_IndexRange'0 = + { t_IndexRange__start'0: usize; t_IndexRange__end'0: usize } + + type t_IntoIter'0 = + { t_IntoIter__data'0: array (t_MaybeUninit'0); t_IntoIter__alive'0: t_IndexRange'0 } + + use seq.Seq + + function view'0 [#"../../../creusot-contracts/src/std/array.rs" 52 4 52 33] (self : t_IntoIter'0) : Seq.seq t_T'0 + + use seq.Seq + + predicate produces'0 [#"../../../creusot-contracts/src/std/array.rs" 60 4 60 64] (self : t_IntoIter'0) (visited : Seq.seq t_T'0) (o : t_IntoIter'0) + + = + [%#sarray4] view'0 self = Seq.(++) visited (view'0 o) + + constant a : t_IntoIter'0 + + constant ab : Seq.seq t_T'0 + + constant b : t_IntoIter'0 + + constant bc : Seq.seq t_T'0 + + constant c : t_IntoIter'0 + + function produces_trans'0 [#"../../../creusot-contracts/src/std/array.rs" 80 4 80 90] (a : t_IntoIter'0) (ab : Seq.seq t_T'0) (b : t_IntoIter'0) (bc : Seq.seq t_T'0) (c : t_IntoIter'0) : () + + + goal vc_produces_trans'0 : ([%#sarray1] produces'0 b bc c) + -> ([%#sarray0] produces'0 a ab b) -> ([%#sarray2] produces'0 a (Seq.(++) ab bc) c) +end module M_creusot_contracts__stdqy35z1__cmp__qyi16241606109483467814__cmp_le_log [#"../../../creusot-contracts/src/std/cmp.rs" 88 4 88 35] (* as logic::ord::OrdLogic> *) let%span scmp0 = "../../../creusot-contracts/src/std/cmp.rs" 87 14 87 64 let%span scmp1 = "../../../creusot-contracts/src/std/cmp.rs" 85 4 85 10 @@ -1494,7 +1588,7 @@ module M_creusot_contracts__stdqy35z1__iter__enumerate__qyi2718914205750388896__ let%span siter5 = "../../../creusot-contracts/src/std/iter.rs" 42 15 42 32 let%span siter6 = "../../../creusot-contracts/src/std/iter.rs" 43 15 43 32 let%span siter7 = "../../../creusot-contracts/src/std/iter.rs" 44 14 44 42 - let%span senumerate8 = "../../../creusot-contracts/src/std/iter/enumerate.rs" 45 12 49 79 + let%span senumerate8 = "../../../creusot-contracts/src/std/iter/enumerate.rs" 45 12 49 85 use seq.Seq @@ -1595,7 +1689,7 @@ module M_creusot_contracts__stdqy35z1__iter__enumerate__qyi2718914205750388896__ let%span siter7 = "../../../creusot-contracts/src/std/iter.rs" 42 15 42 32 let%span siter8 = "../../../creusot-contracts/src/std/iter.rs" 43 15 43 32 let%span siter9 = "../../../creusot-contracts/src/std/iter.rs" 44 14 44 42 - let%span senumerate10 = "../../../creusot-contracts/src/std/iter/enumerate.rs" 45 12 49 79 + let%span senumerate10 = "../../../creusot-contracts/src/std/iter/enumerate.rs" 45 12 49 85 type t_I'0 @@ -4672,6 +4766,108 @@ module M_creusot_contracts__stdqy35z1__iter__zip__qyi2281060687216883844__produc goal vc_produces_trans'0 : ([%#szip1] produces'0 b bc c) -> ([%#szip0] produces'0 a ab b) -> ([%#szip2] produces'0 a (Seq.(++) ab bc) c) end +module M_creusot_contracts__stdqy35z1__iter__qyi8355237225316942617__produces_refl [#"../../../creusot-contracts/src/std/iter.rs" 223 4 223 26] (* <&mut I as std::iter::Iterator> *) + let%span siter0 = "../../../creusot-contracts/src/std/iter.rs" 222 14 222 45 + let%span siter1 = "../../../creusot-contracts/src/std/iter.rs" 220 4 220 10 + let%span siter2 = "../../../creusot-contracts/src/std/iter.rs" 211 20 211 64 + let%span siter3 = "../../../creusot-contracts/src/std/iter.rs" 38 14 38 45 + let%span siter4 = "../../../creusot-contracts/src/std/iter.rs" 42 15 42 32 + let%span siter5 = "../../../creusot-contracts/src/std/iter.rs" 43 15 43 32 + let%span siter6 = "../../../creusot-contracts/src/std/iter.rs" 44 14 44 42 + + use seq.Seq + + type t_Item'0 + + use seq.Seq + + use prelude.prelude.Borrow + + type t_I'0 + + use seq.Seq + + predicate produces'1 [#"../../../creusot-contracts/src/std/iter.rs" 32 4 32 65] (self : t_I'0) (visited : Seq.seq t_Item'0) (o : t_I'0) + + + function produces_trans'0 [#"../../../creusot-contracts/src/std/iter.rs" 45 4 45 91] (a : t_I'0) (ab : Seq.seq t_Item'0) (b : t_I'0) (bc : Seq.seq t_Item'0) (c : t_I'0) : () + + + axiom produces_trans'0_spec : forall a : t_I'0, ab : Seq.seq t_Item'0, b : t_I'0, bc : Seq.seq t_Item'0, c : t_I'0 . ([%#siter4] produces'1 a ab b) + -> ([%#siter5] produces'1 b bc c) -> ([%#siter6] produces'1 a (Seq.(++) ab bc) c) + + function produces_refl'1 [#"../../../creusot-contracts/src/std/iter.rs" 39 4 39 27] (self : t_I'0) : () + + axiom produces_refl'1_spec : forall self : t_I'0 . [%#siter3] produces'1 self (Seq.empty : Seq.seq t_Item'0) self + + predicate produces'0 [#"../../../creusot-contracts/src/std/iter.rs" 210 4 210 64] (self : borrowed t_I'0) (visited : Seq.seq t_Item'0) (o : borrowed t_I'0) + + = + [%#siter2] produces'1 self.current visited o.current /\ self.final = o.final + + constant self : borrowed t_I'0 + + function produces_refl'0 [#"../../../creusot-contracts/src/std/iter.rs" 223 4 223 26] (self : borrowed t_I'0) : () + + goal vc_produces_refl'0 : [%#siter0] produces'0 self (Seq.empty : Seq.seq t_Item'0) self +end +module M_creusot_contracts__stdqy35z1__iter__qyi8355237225316942617__produces_trans [#"../../../creusot-contracts/src/std/iter.rs" 230 4 230 90] (* <&mut I as std::iter::Iterator> *) + let%span siter0 = "../../../creusot-contracts/src/std/iter.rs" 227 15 227 32 + let%span siter1 = "../../../creusot-contracts/src/std/iter.rs" 228 15 228 32 + let%span siter2 = "../../../creusot-contracts/src/std/iter.rs" 229 14 229 42 + let%span siter3 = "../../../creusot-contracts/src/std/iter.rs" 225 4 225 10 + let%span siter4 = "../../../creusot-contracts/src/std/iter.rs" 211 20 211 64 + let%span siter5 = "../../../creusot-contracts/src/std/iter.rs" 38 14 38 45 + let%span siter6 = "../../../creusot-contracts/src/std/iter.rs" 42 15 42 32 + let%span siter7 = "../../../creusot-contracts/src/std/iter.rs" 43 15 43 32 + let%span siter8 = "../../../creusot-contracts/src/std/iter.rs" 44 14 44 42 + + use prelude.prelude.Borrow + + type t_I'0 + + type t_Item'0 + + use seq.Seq + + use seq.Seq + + use seq.Seq + + predicate produces'1 [#"../../../creusot-contracts/src/std/iter.rs" 32 4 32 65] (self : t_I'0) (visited : Seq.seq t_Item'0) (o : t_I'0) + + + function produces_trans'1 [#"../../../creusot-contracts/src/std/iter.rs" 45 4 45 91] (a : t_I'0) (ab : Seq.seq t_Item'0) (b : t_I'0) (bc : Seq.seq t_Item'0) (c : t_I'0) : () + + + axiom produces_trans'1_spec : forall a : t_I'0, ab : Seq.seq t_Item'0, b : t_I'0, bc : Seq.seq t_Item'0, c : t_I'0 . ([%#siter6] produces'1 a ab b) + -> ([%#siter7] produces'1 b bc c) -> ([%#siter8] produces'1 a (Seq.(++) ab bc) c) + + function produces_refl'0 [#"../../../creusot-contracts/src/std/iter.rs" 39 4 39 27] (self : t_I'0) : () + + axiom produces_refl'0_spec : forall self : t_I'0 . [%#siter5] produces'1 self (Seq.empty : Seq.seq t_Item'0) self + + predicate produces'0 [#"../../../creusot-contracts/src/std/iter.rs" 210 4 210 64] (self : borrowed t_I'0) (visited : Seq.seq t_Item'0) (o : borrowed t_I'0) + + = + [%#siter4] produces'1 self.current visited o.current /\ self.final = o.final + + constant a : borrowed t_I'0 + + constant ab : Seq.seq t_Item'0 + + constant b : borrowed t_I'0 + + constant bc : Seq.seq t_Item'0 + + constant c : borrowed t_I'0 + + function produces_trans'0 [#"../../../creusot-contracts/src/std/iter.rs" 230 4 230 90] (a : borrowed t_I'0) (ab : Seq.seq t_Item'0) (b : borrowed t_I'0) (bc : Seq.seq t_Item'0) (c : borrowed t_I'0) : () + + + goal vc_produces_trans'0 : ([%#siter1] produces'0 b bc c) + -> ([%#siter0] produces'0 a ab b) -> ([%#siter2] produces'0 a (Seq.(++) ab bc) c) +end module M_creusot_contracts__stdqy35z1__option__extern_spec_std_option_T_Option_T_unwrap_or_else_body [#"../../../creusot-contracts/src/std/option.rs" 103 16 105 36] let%span soption0 = "../../../creusot-contracts/src/std/option.rs" 31 0 423 1 let%span soption1 = "../../../creusot-contracts/src/std/option.rs" 103 43 103 44 @@ -14158,4577 +14354,3896 @@ module M_creusot_contracts__util__unwrap [#"../../../creusot-contracts/src/util. /\ (([%#sutil3] false) -> ([%#sutil1] C_Some'0 (unreachable'0 ()) = op)) end end -module M_creusot_contracts__stdqy35z1__cmp__qyi16241606109483467814__cmp_lt_log__refines [#"../../../creusot-contracts/src/std/cmp.rs" 93 4 93 35] (* as logic::ord::OrdLogic> *) - let%span scmp0 = "../../../creusot-contracts/src/std/cmp.rs" 93 4 93 35 - let%span sord1 = "../../../creusot-contracts/src/logic/ord.rs" 36 20 36 53 - let%span scmp2 = "../../../creusot-contracts/src/std/cmp.rs" 78 8 82 9 - let%span sord3 = "../../../creusot-contracts/src/logic/ord.rs" 29 14 29 64 - let%span sord4 = "../../../creusot-contracts/src/logic/ord.rs" 40 14 40 61 - let%span sord5 = "../../../creusot-contracts/src/logic/ord.rs" 51 14 51 61 - let%span sord6 = "../../../creusot-contracts/src/logic/ord.rs" 62 14 62 64 - let%span sord7 = "../../../creusot-contracts/src/logic/ord.rs" 67 14 67 45 - let%span sord8 = "../../../creusot-contracts/src/logic/ord.rs" 72 15 72 32 - let%span sord9 = "../../../creusot-contracts/src/logic/ord.rs" 73 15 73 32 - let%span sord10 = "../../../creusot-contracts/src/logic/ord.rs" 74 14 74 31 - let%span sord11 = "../../../creusot-contracts/src/logic/ord.rs" 81 15 81 45 - let%span sord12 = "../../../creusot-contracts/src/logic/ord.rs" 82 14 82 47 - let%span sord13 = "../../../creusot-contracts/src/logic/ord.rs" 89 15 89 48 - let%span sord14 = "../../../creusot-contracts/src/logic/ord.rs" 90 14 90 44 - let%span sord15 = "../../../creusot-contracts/src/logic/ord.rs" 95 14 95 59 +module M_creusot_contracts__stdqy35z1__array__qyi15505960269205342033__produces_refl__refines [#"../../../creusot-contracts/src/std/array.rs" 73 4 73 26] (* as std::iter::Iterator> *) + let%span sarray0 = "../../../creusot-contracts/src/std/array.rs" 73 4 73 26 + let%span sarray1 = "../../../creusot-contracts/src/std/array.rs" 61 20 61 47 + + use prelude.prelude.Slice type t_T'0 - type t_Reverse'0 = - { t_Reverse__0'0: t_T'0 } + type t_ManuallyDrop'0 = + { t_ManuallyDrop__value'0: t_T'0 } - type t_Ordering'0 = - | C_Less'0 - | C_Equal'0 - | C_Greater'0 + type t_MaybeUninit'0 = + { t_MaybeUninit__uninit'0: (); t_MaybeUninit__value'0: t_ManuallyDrop'0 } - function cmp_log'1 [#"../../../creusot-contracts/src/logic/ord.rs" 19 4 19 46] (self : t_T'0) (other : t_T'0) : t_Ordering'0 - + use prelude.prelude.UIntSize - function eq_cmp'0 [#"../../../creusot-contracts/src/logic/ord.rs" 96 4 96 32] (x : t_T'0) (y : t_T'0) : () + type t_IndexRange'0 = + { t_IndexRange__start'0: usize; t_IndexRange__end'0: usize } - axiom eq_cmp'0_spec : forall x : t_T'0, y : t_T'0 . [%#sord15] (x = y) = (cmp_log'1 x y = C_Equal'0) + type t_IntoIter'0 = + { t_IntoIter__data'0: array (t_MaybeUninit'0); t_IntoIter__alive'0: t_IndexRange'0 } - function antisym2'0 [#"../../../creusot-contracts/src/logic/ord.rs" 91 4 91 34] (x : t_T'0) (y : t_T'0) : () + use seq.Seq - axiom antisym2'0_spec : forall x : t_T'0, y : t_T'0 . ([%#sord13] cmp_log'1 x y = C_Greater'0) - -> ([%#sord14] cmp_log'1 y x = C_Less'0) + use seq.Seq - function antisym1'0 [#"../../../creusot-contracts/src/logic/ord.rs" 83 4 83 34] (x : t_T'0) (y : t_T'0) : () + function view'0 [#"../../../creusot-contracts/src/std/array.rs" 52 4 52 33] (self : t_IntoIter'0) : Seq.seq t_T'0 - axiom antisym1'0_spec : forall x : t_T'0, y : t_T'0 . ([%#sord11] cmp_log'1 x y = C_Less'0) - -> ([%#sord12] cmp_log'1 y x = C_Greater'0) + use seq.Seq - function trans'0 [#"../../../creusot-contracts/src/logic/ord.rs" 75 4 75 53] (x : t_T'0) (y : t_T'0) (z : t_T'0) (o : t_Ordering'0) : () + predicate produces'0 [#"../../../creusot-contracts/src/std/array.rs" 60 4 60 64] (self : t_IntoIter'0) (visited : Seq.seq t_T'0) (o : t_IntoIter'0) + = + [%#sarray1] view'0 self = Seq.(++) visited (view'0 o) - axiom trans'0_spec : forall x : t_T'0, y : t_T'0, z : t_T'0, o : t_Ordering'0 . ([%#sord8] cmp_log'1 x y = o) - -> ([%#sord9] cmp_log'1 y z = o) -> ([%#sord10] cmp_log'1 x z = o) - - function refl'0 [#"../../../creusot-contracts/src/logic/ord.rs" 68 4 68 21] (x : t_T'0) : () - - axiom refl'0_spec : forall x : t_T'0 . [%#sord7] cmp_log'1 x x = C_Equal'0 - - function gt_log'0 [#"../../../creusot-contracts/src/logic/ord.rs" 57 4 57 36] (self : t_T'0) (o : t_T'0) : bool - - function cmp_gt_log'0 [#"../../../creusot-contracts/src/logic/ord.rs" 63 4 63 36] (x : t_T'0) (y : t_T'0) : () - - axiom cmp_gt_log'0_spec : forall x : t_T'0, y : t_T'0 . [%#sord6] gt_log'0 x y = (cmp_log'1 x y = C_Greater'0) + goal refines : [%#sarray0] forall self : t_IntoIter'0 . forall result : () . produces'0 self (Seq.empty : Seq.seq t_T'0) self + -> produces'0 self (Seq.empty : Seq.seq t_T'0) self +end +module M_creusot_contracts__stdqy35z1__array__qyi15505960269205342033__produces_trans__refines [#"../../../creusot-contracts/src/std/array.rs" 80 4 80 90] (* as std::iter::Iterator> *) + let%span sarray0 = "../../../creusot-contracts/src/std/array.rs" 80 4 80 90 + let%span sarray1 = "../../../creusot-contracts/src/std/array.rs" 61 20 61 47 - function ge_log'0 [#"../../../creusot-contracts/src/logic/ord.rs" 46 4 46 36] (self : t_T'0) (o : t_T'0) : bool + use prelude.prelude.Slice - function cmp_ge_log'0 [#"../../../creusot-contracts/src/logic/ord.rs" 52 4 52 36] (x : t_T'0) (y : t_T'0) : () + type t_T'0 - axiom cmp_ge_log'0_spec : forall x : t_T'0, y : t_T'0 . [%#sord5] ge_log'0 x y = (cmp_log'1 x y <> C_Less'0) + type t_ManuallyDrop'0 = + { t_ManuallyDrop__value'0: t_T'0 } - function lt_log'1 [#"../../../creusot-contracts/src/logic/ord.rs" 35 4 35 36] (self : t_T'0) (o : t_T'0) : bool + type t_MaybeUninit'0 = + { t_MaybeUninit__uninit'0: (); t_MaybeUninit__value'0: t_ManuallyDrop'0 } - function cmp_lt_log'1 [#"../../../creusot-contracts/src/logic/ord.rs" 41 4 41 36] (x : t_T'0) (y : t_T'0) : () + use prelude.prelude.UIntSize - axiom cmp_lt_log'1_spec : forall x : t_T'0, y : t_T'0 . [%#sord4] lt_log'1 x y = (cmp_log'1 x y = C_Less'0) + type t_IndexRange'0 = + { t_IndexRange__start'0: usize; t_IndexRange__end'0: usize } - function le_log'0 [#"../../../creusot-contracts/src/logic/ord.rs" 24 4 24 36] (self : t_T'0) (o : t_T'0) : bool + type t_IntoIter'0 = + { t_IntoIter__data'0: array (t_MaybeUninit'0); t_IntoIter__alive'0: t_IndexRange'0 } - function cmp_le_log'0 [#"../../../creusot-contracts/src/logic/ord.rs" 30 4 30 36] (x : t_T'0) (y : t_T'0) : () + use seq.Seq - axiom cmp_le_log'0_spec : forall x : t_T'0, y : t_T'0 . [%#sord3] le_log'0 x y = (cmp_log'1 x y <> C_Greater'0) + function view'0 [#"../../../creusot-contracts/src/std/array.rs" 52 4 52 33] (self : t_IntoIter'0) : Seq.seq t_T'0 - function cmp_log'0 [#"../../../creusot-contracts/src/std/cmp.rs" 77 4 77 41] (self : t_Reverse'0) (o : t_Reverse'0) : t_Ordering'0 - - = - [%#scmp2] match cmp_log'1 self.t_Reverse__0'0 o.t_Reverse__0'0 with - | C_Equal'0 -> C_Equal'0 - | C_Less'0 -> C_Greater'0 - | C_Greater'0 -> C_Less'0 - end + use seq.Seq - function lt_log'0 [#"../../../creusot-contracts/src/logic/ord.rs" 35 4 35 36] (self : t_Reverse'0) (o : t_Reverse'0) : bool + predicate produces'0 [#"../../../creusot-contracts/src/std/array.rs" 60 4 60 64] (self : t_IntoIter'0) (visited : Seq.seq t_T'0) (o : t_IntoIter'0) = - [%#sord1] cmp_log'0 self o = C_Less'0 + [%#sarray1] view'0 self = Seq.(++) visited (view'0 o) - goal refines : [%#scmp0] forall x : t_Reverse'0 . forall y : t_Reverse'0 . forall result : () . lt_log'0 x y - = (cmp_log'0 x y = C_Less'0) -> lt_log'0 x y = (cmp_log'0 x y = C_Less'0) + goal refines : [%#sarray0] forall a : t_IntoIter'0 . forall ab : Seq.seq t_T'0 . forall b : t_IntoIter'0 . forall bc : Seq.seq t_T'0 . forall c : t_IntoIter'0 . produces'0 b bc c + /\ produces'0 a ab b + -> produces'0 b bc c + /\ produces'0 a ab b /\ (forall result : () . produces'0 a (Seq.(++) ab bc) c -> produces'0 a (Seq.(++) ab bc) c) end -module M_creusot_contracts__stdqy35z1__cmp__qyi16241606109483467814__antisym1__refines [#"../../../creusot-contracts/src/std/cmp.rs" 121 4 121 33] (* as logic::ord::OrdLogic> *) - let%span scmp0 = "../../../creusot-contracts/src/std/cmp.rs" 121 4 121 33 - let%span scmp1 = "../../../creusot-contracts/src/std/cmp.rs" 78 8 82 9 - let%span sord2 = "../../../creusot-contracts/src/logic/ord.rs" 29 14 29 64 - let%span sord3 = "../../../creusot-contracts/src/logic/ord.rs" 40 14 40 61 - let%span sord4 = "../../../creusot-contracts/src/logic/ord.rs" 51 14 51 61 - let%span sord5 = "../../../creusot-contracts/src/logic/ord.rs" 62 14 62 64 - let%span sord6 = "../../../creusot-contracts/src/logic/ord.rs" 67 14 67 45 - let%span sord7 = "../../../creusot-contracts/src/logic/ord.rs" 72 15 72 32 - let%span sord8 = "../../../creusot-contracts/src/logic/ord.rs" 73 15 73 32 - let%span sord9 = "../../../creusot-contracts/src/logic/ord.rs" 74 14 74 31 - let%span sord10 = "../../../creusot-contracts/src/logic/ord.rs" 81 15 81 45 - let%span sord11 = "../../../creusot-contracts/src/logic/ord.rs" 82 14 82 47 - let%span sord12 = "../../../creusot-contracts/src/logic/ord.rs" 89 15 89 48 - let%span sord13 = "../../../creusot-contracts/src/logic/ord.rs" 90 14 90 44 - let%span sord14 = "../../../creusot-contracts/src/logic/ord.rs" 95 14 95 59 - - type t_T'0 +module M_creusot_contracts__stdqy35z1__deque__qyi3159098507555769709__produces_refl__refines [#"../../../creusot-contracts/src/std/deque.rs" 178 4 178 26] (* as std::iter::Iterator> *) + let%span sdeque0 = "../../../creusot-contracts/src/std/deque.rs" 178 4 178 26 + let%span sdeque1 = "../../../creusot-contracts/src/std/deque.rs" 171 12 171 66 + let%span sslice2 = "../../../creusot-contracts/src/std/slice.rs" 96 14 96 41 + let%span sslice3 = "../../../creusot-contracts/src/std/slice.rs" 97 14 97 80 + let%span smodel4 = "../../../creusot-contracts/src/model.rs" 92 8 92 22 + let%span sindex5 = "../../../creusot-contracts/src/logic/ops/index.rs" 49 8 49 31 + let%span sslice6 = "../../../creusot-contracts/src/std/slice.rs" 28 14 28 41 + let%span sslice7 = "../../../creusot-contracts/src/std/slice.rs" 29 14 29 42 - type t_Reverse'0 = - { t_Reverse__0'0: t_T'0 } + use prelude.prelude.Opaque - type t_Ordering'0 = - | C_Less'0 - | C_Equal'0 - | C_Greater'0 + type t_NonNull'0 = + { t_NonNull__pointer'0: opaque_ptr } - function cmp_log'1 [#"../../../creusot-contracts/src/logic/ord.rs" 19 4 19 46] (self : t_T'0) (other : t_T'0) : t_Ordering'0 - + type t_Iter'1 = + { t_Iter__ptr'0: t_NonNull'0; t_Iter__end_or_len'0: opaque_ptr; t_Iter__qy95zmarker'0: () } - function eq_cmp'0 [#"../../../creusot-contracts/src/logic/ord.rs" 96 4 96 32] (x : t_T'0) (y : t_T'0) : () + type t_Iter'0 = + { t_Iter__i1'0: t_Iter'1; t_Iter__i2'0: t_Iter'1 } - axiom eq_cmp'0_spec : forall x : t_T'0, y : t_T'0 . [%#sord14] (x = y) = (cmp_log'1 x y = C_Equal'0) + use seq.Seq - function antisym2'0 [#"../../../creusot-contracts/src/logic/ord.rs" 91 4 91 34] (x : t_T'0) (y : t_T'0) : () + use prelude.prelude.Borrow - axiom antisym2'0_spec : forall x : t_T'0, y : t_T'0 . ([%#sord12] cmp_log'1 x y = C_Greater'0) - -> ([%#sord13] cmp_log'1 y x = C_Less'0) + type t_T'0 - function antisym1'1 [#"../../../creusot-contracts/src/logic/ord.rs" 83 4 83 34] (x : t_T'0) (y : t_T'0) : () + use seq.Seq - axiom antisym1'1_spec : forall x : t_T'0, y : t_T'0 . ([%#sord10] cmp_log'1 x y = C_Less'0) - -> ([%#sord11] cmp_log'1 y x = C_Greater'0) + use prelude.prelude.Slice - function trans'0 [#"../../../creusot-contracts/src/logic/ord.rs" 75 4 75 53] (x : t_T'0) (y : t_T'0) (z : t_T'0) (o : t_Ordering'0) : () - + function view'0 [#"../../../creusot-contracts/src/std/deque.rs" 155 4 155 33] (self : t_Iter'0) : slice t_T'0 - axiom trans'0_spec : forall x : t_T'0, y : t_T'0, z : t_T'0, o : t_Ordering'0 . ([%#sord7] cmp_log'1 x y = o) - -> ([%#sord8] cmp_log'1 y z = o) -> ([%#sord9] cmp_log'1 x z = o) + use seq.Seq - function refl'0 [#"../../../creusot-contracts/src/logic/ord.rs" 68 4 68 21] (x : t_T'0) : () + use seq.Seq - axiom refl'0_spec : forall x : t_T'0 . [%#sord6] cmp_log'1 x x = C_Equal'0 + use seq.Seq - function gt_log'0 [#"../../../creusot-contracts/src/logic/ord.rs" 57 4 57 36] (self : t_T'0) (o : t_T'0) : bool + use prelude.prelude.UIntSize - function cmp_gt_log'0 [#"../../../creusot-contracts/src/logic/ord.rs" 63 4 63 36] (x : t_T'0) (y : t_T'0) : () + constant v_MAX'0 : usize = (18446744073709551615 : usize) - axiom cmp_gt_log'0_spec : forall x : t_T'0, y : t_T'0 . [%#sord5] gt_log'0 x y = (cmp_log'1 x y = C_Greater'0) + use prelude.prelude.UIntSize - function ge_log'0 [#"../../../creusot-contracts/src/logic/ord.rs" 46 4 46 36] (self : t_T'0) (o : t_T'0) : bool + use prelude.prelude.Int - function cmp_ge_log'0 [#"../../../creusot-contracts/src/logic/ord.rs" 52 4 52 36] (x : t_T'0) (y : t_T'0) : () + use prelude.prelude.Slice - axiom cmp_ge_log'0_spec : forall x : t_T'0, y : t_T'0 . [%#sord4] ge_log'0 x y = (cmp_log'1 x y <> C_Less'0) + function view'2 [#"../../../creusot-contracts/src/std/slice.rs" 30 4 30 33] (self : slice t_T'0) : Seq.seq t_T'0 - function lt_log'0 [#"../../../creusot-contracts/src/logic/ord.rs" 35 4 35 36] (self : t_T'0) (o : t_T'0) : bool + axiom view'2_spec : forall self : slice t_T'0 . ([%#sslice6] Seq.length (view'2 self) + <= UIntSize.to_int (v_MAX'0 : usize)) + && ([%#sslice7] view'2 self = Slice.id self) - function cmp_lt_log'0 [#"../../../creusot-contracts/src/logic/ord.rs" 41 4 41 36] (x : t_T'0) (y : t_T'0) : () + function view'1 [#"../../../creusot-contracts/src/model.rs" 91 4 91 33] (self : slice t_T'0) : Seq.seq t_T'0 = + [%#smodel4] view'2 self - axiom cmp_lt_log'0_spec : forall x : t_T'0, y : t_T'0 . [%#sord3] lt_log'0 x y = (cmp_log'1 x y = C_Less'0) + use seq.Seq - function le_log'0 [#"../../../creusot-contracts/src/logic/ord.rs" 24 4 24 36] (self : t_T'0) (o : t_T'0) : bool + use seq.Seq - function cmp_le_log'0 [#"../../../creusot-contracts/src/logic/ord.rs" 30 4 30 36] (x : t_T'0) (y : t_T'0) : () + function index_logic'0 [@inline:trivial] [#"../../../creusot-contracts/src/logic/ops/index.rs" 48 4 48 47] (self : slice t_T'0) (ix : int) : t_T'0 + + = + [%#sindex5] Seq.get (view'2 self) ix - axiom cmp_le_log'0_spec : forall x : t_T'0, y : t_T'0 . [%#sord2] le_log'0 x y = (cmp_log'1 x y <> C_Greater'0) + function to_ref_seq'0 [#"../../../creusot-contracts/src/std/slice.rs" 98 4 98 35] (self : slice t_T'0) : Seq.seq t_T'0 - function cmp_log'0 [#"../../../creusot-contracts/src/std/cmp.rs" 77 4 77 41] (self : t_Reverse'0) (o : t_Reverse'0) : t_Ordering'0 + axiom to_ref_seq'0_spec : forall self : slice t_T'0 . ([%#sslice2] Seq.length (to_ref_seq'0 self) + = Seq.length (view'1 self)) + && ([%#sslice3] forall i : int . 0 <= i /\ i < Seq.length (to_ref_seq'0 self) + -> Seq.get (to_ref_seq'0 self) i = index_logic'0 self i) + + use seq.Seq + + predicate produces'0 [#"../../../creusot-contracts/src/std/deque.rs" 169 4 169 65] (self : t_Iter'0) (visited : Seq.seq t_T'0) (tl : t_Iter'0) = - [%#scmp1] match cmp_log'1 self.t_Reverse__0'0 o.t_Reverse__0'0 with - | C_Equal'0 -> C_Equal'0 - | C_Less'0 -> C_Greater'0 - | C_Greater'0 -> C_Less'0 - end + [%#sdeque1] to_ref_seq'0 (view'0 self) = Seq.(++) visited (to_ref_seq'0 (view'0 tl)) - goal refines : [%#scmp0] forall x : t_Reverse'0 . forall y : t_Reverse'0 . cmp_log'0 x y = C_Less'0 - -> cmp_log'0 x y = C_Less'0 /\ (forall result : () . cmp_log'0 y x = C_Greater'0 -> cmp_log'0 y x = C_Greater'0) + goal refines : [%#sdeque0] forall self : t_Iter'0 . forall result : () . produces'0 self (Seq.empty : Seq.seq t_T'0) self + -> produces'0 self (Seq.empty : Seq.seq t_T'0) self end -module M_creusot_contracts__stdqy35z1__cmp__qyi16241606109483467814__eq_cmp__refines [#"../../../creusot-contracts/src/std/cmp.rs" 132 4 132 31] (* as logic::ord::OrdLogic> *) - let%span scmp0 = "../../../creusot-contracts/src/std/cmp.rs" 132 4 132 31 - let%span scmp1 = "../../../creusot-contracts/src/std/cmp.rs" 78 8 82 9 - let%span sord2 = "../../../creusot-contracts/src/logic/ord.rs" 29 14 29 64 - let%span sord3 = "../../../creusot-contracts/src/logic/ord.rs" 40 14 40 61 - let%span sord4 = "../../../creusot-contracts/src/logic/ord.rs" 51 14 51 61 - let%span sord5 = "../../../creusot-contracts/src/logic/ord.rs" 62 14 62 64 - let%span sord6 = "../../../creusot-contracts/src/logic/ord.rs" 67 14 67 45 - let%span sord7 = "../../../creusot-contracts/src/logic/ord.rs" 72 15 72 32 - let%span sord8 = "../../../creusot-contracts/src/logic/ord.rs" 73 15 73 32 - let%span sord9 = "../../../creusot-contracts/src/logic/ord.rs" 74 14 74 31 - let%span sord10 = "../../../creusot-contracts/src/logic/ord.rs" 81 15 81 45 - let%span sord11 = "../../../creusot-contracts/src/logic/ord.rs" 82 14 82 47 - let%span sord12 = "../../../creusot-contracts/src/logic/ord.rs" 89 15 89 48 - let%span sord13 = "../../../creusot-contracts/src/logic/ord.rs" 90 14 90 44 - let%span sord14 = "../../../creusot-contracts/src/logic/ord.rs" 95 14 95 59 +module M_creusot_contracts__stdqy35z1__deque__qyi3159098507555769709__produces_trans__refines [#"../../../creusot-contracts/src/std/deque.rs" 185 4 185 90] (* as std::iter::Iterator> *) + let%span sdeque0 = "../../../creusot-contracts/src/std/deque.rs" 185 4 185 90 + let%span sdeque1 = "../../../creusot-contracts/src/std/deque.rs" 171 12 171 66 + let%span sslice2 = "../../../creusot-contracts/src/std/slice.rs" 96 14 96 41 + let%span sslice3 = "../../../creusot-contracts/src/std/slice.rs" 97 14 97 80 + let%span smodel4 = "../../../creusot-contracts/src/model.rs" 92 8 92 22 + let%span sindex5 = "../../../creusot-contracts/src/logic/ops/index.rs" 49 8 49 31 + let%span sslice6 = "../../../creusot-contracts/src/std/slice.rs" 28 14 28 41 + let%span sslice7 = "../../../creusot-contracts/src/std/slice.rs" 29 14 29 42 - type t_T'0 + use prelude.prelude.Opaque - type t_Reverse'0 = - { t_Reverse__0'0: t_T'0 } + type t_NonNull'0 = + { t_NonNull__pointer'0: opaque_ptr } - type t_Ordering'0 = - | C_Less'0 - | C_Equal'0 - | C_Greater'0 + type t_Iter'1 = + { t_Iter__ptr'0: t_NonNull'0; t_Iter__end_or_len'0: opaque_ptr; t_Iter__qy95zmarker'0: () } - function cmp_log'1 [#"../../../creusot-contracts/src/logic/ord.rs" 19 4 19 46] (self : t_T'0) (other : t_T'0) : t_Ordering'0 - + type t_Iter'0 = + { t_Iter__i1'0: t_Iter'1; t_Iter__i2'0: t_Iter'1 } - function eq_cmp'1 [#"../../../creusot-contracts/src/logic/ord.rs" 96 4 96 32] (x : t_T'0) (y : t_T'0) : () + use prelude.prelude.Borrow - axiom eq_cmp'1_spec : forall x : t_T'0, y : t_T'0 . [%#sord14] (x = y) = (cmp_log'1 x y = C_Equal'0) + type t_T'0 - function antisym2'0 [#"../../../creusot-contracts/src/logic/ord.rs" 91 4 91 34] (x : t_T'0) (y : t_T'0) : () + use seq.Seq - axiom antisym2'0_spec : forall x : t_T'0, y : t_T'0 . ([%#sord12] cmp_log'1 x y = C_Greater'0) - -> ([%#sord13] cmp_log'1 y x = C_Less'0) + use prelude.prelude.Slice - function antisym1'0 [#"../../../creusot-contracts/src/logic/ord.rs" 83 4 83 34] (x : t_T'0) (y : t_T'0) : () + function view'0 [#"../../../creusot-contracts/src/std/deque.rs" 155 4 155 33] (self : t_Iter'0) : slice t_T'0 - axiom antisym1'0_spec : forall x : t_T'0, y : t_T'0 . ([%#sord10] cmp_log'1 x y = C_Less'0) - -> ([%#sord11] cmp_log'1 y x = C_Greater'0) + use seq.Seq - function trans'0 [#"../../../creusot-contracts/src/logic/ord.rs" 75 4 75 53] (x : t_T'0) (y : t_T'0) (z : t_T'0) (o : t_Ordering'0) : () - + use seq.Seq - axiom trans'0_spec : forall x : t_T'0, y : t_T'0, z : t_T'0, o : t_Ordering'0 . ([%#sord7] cmp_log'1 x y = o) - -> ([%#sord8] cmp_log'1 y z = o) -> ([%#sord9] cmp_log'1 x z = o) + use seq.Seq - function refl'0 [#"../../../creusot-contracts/src/logic/ord.rs" 68 4 68 21] (x : t_T'0) : () + use prelude.prelude.UIntSize - axiom refl'0_spec : forall x : t_T'0 . [%#sord6] cmp_log'1 x x = C_Equal'0 + constant v_MAX'0 : usize = (18446744073709551615 : usize) - function gt_log'0 [#"../../../creusot-contracts/src/logic/ord.rs" 57 4 57 36] (self : t_T'0) (o : t_T'0) : bool + use prelude.prelude.UIntSize - function cmp_gt_log'0 [#"../../../creusot-contracts/src/logic/ord.rs" 63 4 63 36] (x : t_T'0) (y : t_T'0) : () + use prelude.prelude.Int - axiom cmp_gt_log'0_spec : forall x : t_T'0, y : t_T'0 . [%#sord5] gt_log'0 x y = (cmp_log'1 x y = C_Greater'0) + use prelude.prelude.Slice - function ge_log'0 [#"../../../creusot-contracts/src/logic/ord.rs" 46 4 46 36] (self : t_T'0) (o : t_T'0) : bool + function view'2 [#"../../../creusot-contracts/src/std/slice.rs" 30 4 30 33] (self : slice t_T'0) : Seq.seq t_T'0 - function cmp_ge_log'0 [#"../../../creusot-contracts/src/logic/ord.rs" 52 4 52 36] (x : t_T'0) (y : t_T'0) : () + axiom view'2_spec : forall self : slice t_T'0 . ([%#sslice6] Seq.length (view'2 self) + <= UIntSize.to_int (v_MAX'0 : usize)) + && ([%#sslice7] view'2 self = Slice.id self) - axiom cmp_ge_log'0_spec : forall x : t_T'0, y : t_T'0 . [%#sord4] ge_log'0 x y = (cmp_log'1 x y <> C_Less'0) + function view'1 [#"../../../creusot-contracts/src/model.rs" 91 4 91 33] (self : slice t_T'0) : Seq.seq t_T'0 = + [%#smodel4] view'2 self - function lt_log'0 [#"../../../creusot-contracts/src/logic/ord.rs" 35 4 35 36] (self : t_T'0) (o : t_T'0) : bool + use seq.Seq - function cmp_lt_log'0 [#"../../../creusot-contracts/src/logic/ord.rs" 41 4 41 36] (x : t_T'0) (y : t_T'0) : () + use seq.Seq - axiom cmp_lt_log'0_spec : forall x : t_T'0, y : t_T'0 . [%#sord3] lt_log'0 x y = (cmp_log'1 x y = C_Less'0) + function index_logic'0 [@inline:trivial] [#"../../../creusot-contracts/src/logic/ops/index.rs" 48 4 48 47] (self : slice t_T'0) (ix : int) : t_T'0 + + = + [%#sindex5] Seq.get (view'2 self) ix - function le_log'0 [#"../../../creusot-contracts/src/logic/ord.rs" 24 4 24 36] (self : t_T'0) (o : t_T'0) : bool + function to_ref_seq'0 [#"../../../creusot-contracts/src/std/slice.rs" 98 4 98 35] (self : slice t_T'0) : Seq.seq t_T'0 - function cmp_le_log'0 [#"../../../creusot-contracts/src/logic/ord.rs" 30 4 30 36] (x : t_T'0) (y : t_T'0) : () + axiom to_ref_seq'0_spec : forall self : slice t_T'0 . ([%#sslice2] Seq.length (to_ref_seq'0 self) + = Seq.length (view'1 self)) + && ([%#sslice3] forall i : int . 0 <= i /\ i < Seq.length (to_ref_seq'0 self) + -> Seq.get (to_ref_seq'0 self) i = index_logic'0 self i) - axiom cmp_le_log'0_spec : forall x : t_T'0, y : t_T'0 . [%#sord2] le_log'0 x y = (cmp_log'1 x y <> C_Greater'0) + use seq.Seq - function cmp_log'0 [#"../../../creusot-contracts/src/std/cmp.rs" 77 4 77 41] (self : t_Reverse'0) (o : t_Reverse'0) : t_Ordering'0 + predicate produces'0 [#"../../../creusot-contracts/src/std/deque.rs" 169 4 169 65] (self : t_Iter'0) (visited : Seq.seq t_T'0) (tl : t_Iter'0) = - [%#scmp1] match cmp_log'1 self.t_Reverse__0'0 o.t_Reverse__0'0 with - | C_Equal'0 -> C_Equal'0 - | C_Less'0 -> C_Greater'0 - | C_Greater'0 -> C_Less'0 - end + [%#sdeque1] to_ref_seq'0 (view'0 self) = Seq.(++) visited (to_ref_seq'0 (view'0 tl)) - goal refines : [%#scmp0] forall x : t_Reverse'0 . forall y : t_Reverse'0 . forall result : () . (x = y) - = (cmp_log'0 x y = C_Equal'0) -> (x = y) = (cmp_log'0 x y = C_Equal'0) + goal refines : [%#sdeque0] forall a : t_Iter'0 . forall ab : Seq.seq t_T'0 . forall b : t_Iter'0 . forall bc : Seq.seq t_T'0 . forall c : t_Iter'0 . produces'0 b bc c + /\ produces'0 a ab b + -> produces'0 b bc c + /\ produces'0 a ab b /\ (forall result : () . produces'0 a (Seq.(++) ab bc) c -> produces'0 a (Seq.(++) ab bc) c) end -module M_creusot_contracts__stdqy35z1__cmp__qyi16241606109483467814__refl__refines [#"../../../creusot-contracts/src/std/cmp.rs" 108 4 108 20] (* as logic::ord::OrdLogic> *) - let%span scmp0 = "../../../creusot-contracts/src/std/cmp.rs" 108 4 108 20 - let%span scmp1 = "../../../creusot-contracts/src/std/cmp.rs" 78 8 82 9 - let%span sord2 = "../../../creusot-contracts/src/logic/ord.rs" 29 14 29 64 - let%span sord3 = "../../../creusot-contracts/src/logic/ord.rs" 40 14 40 61 - let%span sord4 = "../../../creusot-contracts/src/logic/ord.rs" 51 14 51 61 - let%span sord5 = "../../../creusot-contracts/src/logic/ord.rs" 62 14 62 64 - let%span sord6 = "../../../creusot-contracts/src/logic/ord.rs" 67 14 67 45 - let%span sord7 = "../../../creusot-contracts/src/logic/ord.rs" 72 15 72 32 - let%span sord8 = "../../../creusot-contracts/src/logic/ord.rs" 73 15 73 32 - let%span sord9 = "../../../creusot-contracts/src/logic/ord.rs" 74 14 74 31 - let%span sord10 = "../../../creusot-contracts/src/logic/ord.rs" 81 15 81 45 - let%span sord11 = "../../../creusot-contracts/src/logic/ord.rs" 82 14 82 47 - let%span sord12 = "../../../creusot-contracts/src/logic/ord.rs" 89 15 89 48 - let%span sord13 = "../../../creusot-contracts/src/logic/ord.rs" 90 14 90 44 - let%span sord14 = "../../../creusot-contracts/src/logic/ord.rs" 95 14 95 59 +module M_creusot_contracts__stdqy35z1__iter__cloned__qyi10472681371035856984__produces_trans__refines [#"../../../creusot-contracts/src/std/iter/cloned.rs" 65 4 65 90] (* as std::iter::Iterator> *) + let%span scloned0 = "../../../creusot-contracts/src/std/iter/cloned.rs" 65 4 65 90 + let%span scloned1 = "../../../creusot-contracts/src/std/iter/cloned.rs" 48 12 51 79 + let%span scloned2 = "../../../creusot-contracts/src/std/iter/cloned.rs" 11 14 11 39 + let%span siter3 = "../../../creusot-contracts/src/std/iter.rs" 38 14 38 45 + let%span siter4 = "../../../creusot-contracts/src/std/iter.rs" 42 15 42 32 + let%span siter5 = "../../../creusot-contracts/src/std/iter.rs" 43 15 43 32 + let%span siter6 = "../../../creusot-contracts/src/std/iter.rs" 44 14 44 42 + + type t_I'0 + + type t_Cloned'0 = + { t_Cloned__it'0: t_I'0 } type t_T'0 - type t_Reverse'0 = - { t_Reverse__0'0: t_T'0 } + use seq.Seq - type t_Ordering'0 = - | C_Less'0 - | C_Equal'0 - | C_Greater'0 + use prelude.prelude.Borrow - function cmp_log'1 [#"../../../creusot-contracts/src/logic/ord.rs" 19 4 19 46] (self : t_T'0) (other : t_T'0) : t_Ordering'0 - + use seq.Seq - function eq_cmp'0 [#"../../../creusot-contracts/src/logic/ord.rs" 96 4 96 32] (x : t_T'0) (y : t_T'0) : () + predicate inv'1 [#"../../../creusot-contracts/src/invariant.rs" 41 0 41 35] (_1 : t_I'0) - axiom eq_cmp'0_spec : forall x : t_T'0, y : t_T'0 . [%#sord14] (x = y) = (cmp_log'1 x y = C_Equal'0) + predicate inv'0 [#"../../../creusot-contracts/src/invariant.rs" 41 0 41 35] (_1 : t_Cloned'0) - function antisym2'0 [#"../../../creusot-contracts/src/logic/ord.rs" 91 4 91 34] (x : t_T'0) (y : t_T'0) : () + axiom inv_axiom'0 [@rewrite] : forall x : t_Cloned'0 [inv'0 x] . inv'0 x + = match x with + | {t_Cloned__it'0 = it} -> inv'1 it + end - axiom antisym2'0_spec : forall x : t_T'0, y : t_T'0 . ([%#sord12] cmp_log'1 x y = C_Greater'0) - -> ([%#sord13] cmp_log'1 y x = C_Less'0) + function iter'0 [#"../../../creusot-contracts/src/std/iter/cloned.rs" 12 4 12 22] (self : t_Cloned'0) : t_I'0 - function antisym1'0 [#"../../../creusot-contracts/src/logic/ord.rs" 83 4 83 34] (x : t_T'0) (y : t_T'0) : () + axiom iter'0_spec : forall self : t_Cloned'0 . [%#scloned2] inv'0 self -> inv'1 (iter'0 self) - axiom antisym1'0_spec : forall x : t_T'0, y : t_T'0 . ([%#sord10] cmp_log'1 x y = C_Less'0) - -> ([%#sord11] cmp_log'1 y x = C_Greater'0) + use seq.Seq - function trans'0 [#"../../../creusot-contracts/src/logic/ord.rs" 75 4 75 53] (x : t_T'0) (y : t_T'0) (z : t_T'0) (o : t_Ordering'0) : () - + use seq.Seq - axiom trans'0_spec : forall x : t_T'0, y : t_T'0, z : t_T'0, o : t_Ordering'0 . ([%#sord7] cmp_log'1 x y = o) - -> ([%#sord8] cmp_log'1 y z = o) -> ([%#sord9] cmp_log'1 x z = o) - - function refl'1 [#"../../../creusot-contracts/src/logic/ord.rs" 68 4 68 21] (x : t_T'0) : () - - axiom refl'1_spec : forall x : t_T'0 . [%#sord6] cmp_log'1 x x = C_Equal'0 - - function gt_log'0 [#"../../../creusot-contracts/src/logic/ord.rs" 57 4 57 36] (self : t_T'0) (o : t_T'0) : bool - - function cmp_gt_log'0 [#"../../../creusot-contracts/src/logic/ord.rs" 63 4 63 36] (x : t_T'0) (y : t_T'0) : () - - axiom cmp_gt_log'0_spec : forall x : t_T'0, y : t_T'0 . [%#sord5] gt_log'0 x y = (cmp_log'1 x y = C_Greater'0) + predicate produces'1 [#"../../../creusot-contracts/src/std/iter.rs" 32 4 32 65] (self : t_I'0) (visited : Seq.seq t_T'0) (o : t_I'0) + - function ge_log'0 [#"../../../creusot-contracts/src/logic/ord.rs" 46 4 46 36] (self : t_T'0) (o : t_T'0) : bool + function produces_trans'1 [#"../../../creusot-contracts/src/std/iter.rs" 45 4 45 91] (a : t_I'0) (ab : Seq.seq t_T'0) (b : t_I'0) (bc : Seq.seq t_T'0) (c : t_I'0) : () + - function cmp_ge_log'0 [#"../../../creusot-contracts/src/logic/ord.rs" 52 4 52 36] (x : t_T'0) (y : t_T'0) : () + axiom produces_trans'1_spec : forall a : t_I'0, ab : Seq.seq t_T'0, b : t_I'0, bc : Seq.seq t_T'0, c : t_I'0 . ([%#siter4] produces'1 a ab b) + -> ([%#siter5] produces'1 b bc c) -> ([%#siter6] produces'1 a (Seq.(++) ab bc) c) - axiom cmp_ge_log'0_spec : forall x : t_T'0, y : t_T'0 . [%#sord4] ge_log'0 x y = (cmp_log'1 x y <> C_Less'0) + function produces_refl'0 [#"../../../creusot-contracts/src/std/iter.rs" 39 4 39 27] (self : t_I'0) : () - function lt_log'0 [#"../../../creusot-contracts/src/logic/ord.rs" 35 4 35 36] (self : t_T'0) (o : t_T'0) : bool + axiom produces_refl'0_spec : forall self : t_I'0 . [%#siter3] produces'1 self (Seq.empty : Seq.seq t_T'0) self - function cmp_lt_log'0 [#"../../../creusot-contracts/src/logic/ord.rs" 41 4 41 36] (x : t_T'0) (y : t_T'0) : () + use seq.Seq - axiom cmp_lt_log'0_spec : forall x : t_T'0, y : t_T'0 . [%#sord3] lt_log'0 x y = (cmp_log'1 x y = C_Less'0) + use seq.Seq - function le_log'0 [#"../../../creusot-contracts/src/logic/ord.rs" 24 4 24 36] (self : t_T'0) (o : t_T'0) : bool + use prelude.prelude.Int - function cmp_le_log'0 [#"../../../creusot-contracts/src/logic/ord.rs" 30 4 30 36] (x : t_T'0) (y : t_T'0) : () + use seq.Seq - axiom cmp_le_log'0_spec : forall x : t_T'0, y : t_T'0 . [%#sord2] le_log'0 x y = (cmp_log'1 x y <> C_Greater'0) + use seq.Seq - function cmp_log'0 [#"../../../creusot-contracts/src/std/cmp.rs" 77 4 77 41] (self : t_Reverse'0) (o : t_Reverse'0) : t_Ordering'0 + predicate produces'0 [#"../../../creusot-contracts/src/std/iter/cloned.rs" 46 4 46 64] (self : t_Cloned'0) (visited : Seq.seq t_T'0) (o : t_Cloned'0) = - [%#scmp1] match cmp_log'1 self.t_Reverse__0'0 o.t_Reverse__0'0 with - | C_Equal'0 -> C_Equal'0 - | C_Less'0 -> C_Greater'0 - | C_Greater'0 -> C_Less'0 - end - - goal refines : [%#scmp0] forall x : t_Reverse'0 . forall result : () . cmp_log'0 x x = C_Equal'0 - -> cmp_log'0 x x = C_Equal'0 -end -module M_creusot_contracts__stdqy35z1__cmp__qyi16241606109483467814__trans__refines [#"../../../creusot-contracts/src/std/cmp.rs" 115 4 115 52] (* as logic::ord::OrdLogic> *) - let%span scmp0 = "../../../creusot-contracts/src/std/cmp.rs" 115 4 115 52 - let%span scmp1 = "../../../creusot-contracts/src/std/cmp.rs" 78 8 82 9 - let%span sord2 = "../../../creusot-contracts/src/logic/ord.rs" 29 14 29 64 - let%span sord3 = "../../../creusot-contracts/src/logic/ord.rs" 40 14 40 61 - let%span sord4 = "../../../creusot-contracts/src/logic/ord.rs" 51 14 51 61 - let%span sord5 = "../../../creusot-contracts/src/logic/ord.rs" 62 14 62 64 - let%span sord6 = "../../../creusot-contracts/src/logic/ord.rs" 67 14 67 45 - let%span sord7 = "../../../creusot-contracts/src/logic/ord.rs" 72 15 72 32 - let%span sord8 = "../../../creusot-contracts/src/logic/ord.rs" 73 15 73 32 - let%span sord9 = "../../../creusot-contracts/src/logic/ord.rs" 74 14 74 31 - let%span sord10 = "../../../creusot-contracts/src/logic/ord.rs" 81 15 81 45 - let%span sord11 = "../../../creusot-contracts/src/logic/ord.rs" 82 14 82 47 - let%span sord12 = "../../../creusot-contracts/src/logic/ord.rs" 89 15 89 48 - let%span sord13 = "../../../creusot-contracts/src/logic/ord.rs" 90 14 90 44 - let%span sord14 = "../../../creusot-contracts/src/logic/ord.rs" 95 14 95 59 + [%#scloned1] exists s : Seq.seq t_T'0 . produces'1 (iter'0 self) s (iter'0 o) + /\ Seq.length visited = Seq.length s + /\ (forall i : int . 0 <= i /\ i < Seq.length s -> Seq.get visited i = Seq.get s i) - type t_T'0 + use seq.Seq - type t_Reverse'0 = - { t_Reverse__0'0: t_T'0 } + goal refines : [%#scloned0] forall a : t_Cloned'0 . forall ab : Seq.seq t_T'0 . forall b : t_Cloned'0 . forall bc : Seq.seq t_T'0 . forall c : t_Cloned'0 . produces'0 b bc c + /\ produces'0 a ab b + -> produces'0 b bc c + /\ produces'0 a ab b /\ (forall result : () . produces'0 a (Seq.(++) ab bc) c -> produces'0 a (Seq.(++) ab bc) c) +end +module M_creusot_contracts__stdqy35z1__iter__cloned__qyi10472681371035856984__produces_refl__refines [#"../../../creusot-contracts/src/std/iter/cloned.rs" 58 4 58 26] (* as std::iter::Iterator> *) + let%span scloned0 = "../../../creusot-contracts/src/std/iter/cloned.rs" 58 4 58 26 + let%span scloned1 = "../../../creusot-contracts/src/std/iter/cloned.rs" 48 12 51 79 + let%span scloned2 = "../../../creusot-contracts/src/std/iter/cloned.rs" 11 14 11 39 + let%span siter3 = "../../../creusot-contracts/src/std/iter.rs" 38 14 38 45 + let%span siter4 = "../../../creusot-contracts/src/std/iter.rs" 42 15 42 32 + let%span siter5 = "../../../creusot-contracts/src/std/iter.rs" 43 15 43 32 + let%span siter6 = "../../../creusot-contracts/src/std/iter.rs" 44 14 44 42 - type t_Ordering'0 = - | C_Less'0 - | C_Equal'0 - | C_Greater'0 + type t_I'0 - function cmp_log'1 [#"../../../creusot-contracts/src/logic/ord.rs" 19 4 19 46] (self : t_T'0) (other : t_T'0) : t_Ordering'0 - + type t_Cloned'0 = + { t_Cloned__it'0: t_I'0 } - function eq_cmp'0 [#"../../../creusot-contracts/src/logic/ord.rs" 96 4 96 32] (x : t_T'0) (y : t_T'0) : () + use seq.Seq - axiom eq_cmp'0_spec : forall x : t_T'0, y : t_T'0 . [%#sord14] (x = y) = (cmp_log'1 x y = C_Equal'0) + type t_T'0 - function antisym2'0 [#"../../../creusot-contracts/src/logic/ord.rs" 91 4 91 34] (x : t_T'0) (y : t_T'0) : () + use seq.Seq - axiom antisym2'0_spec : forall x : t_T'0, y : t_T'0 . ([%#sord12] cmp_log'1 x y = C_Greater'0) - -> ([%#sord13] cmp_log'1 y x = C_Less'0) + use prelude.prelude.Borrow - function antisym1'0 [#"../../../creusot-contracts/src/logic/ord.rs" 83 4 83 34] (x : t_T'0) (y : t_T'0) : () + use seq.Seq - axiom antisym1'0_spec : forall x : t_T'0, y : t_T'0 . ([%#sord10] cmp_log'1 x y = C_Less'0) - -> ([%#sord11] cmp_log'1 y x = C_Greater'0) + predicate inv'1 [#"../../../creusot-contracts/src/invariant.rs" 41 0 41 35] (_1 : t_I'0) - function trans'1 [#"../../../creusot-contracts/src/logic/ord.rs" 75 4 75 53] (x : t_T'0) (y : t_T'0) (z : t_T'0) (o : t_Ordering'0) : () - + predicate inv'0 [#"../../../creusot-contracts/src/invariant.rs" 41 0 41 35] (_1 : t_Cloned'0) - axiom trans'1_spec : forall x : t_T'0, y : t_T'0, z : t_T'0, o : t_Ordering'0 . ([%#sord7] cmp_log'1 x y = o) - -> ([%#sord8] cmp_log'1 y z = o) -> ([%#sord9] cmp_log'1 x z = o) + axiom inv_axiom'0 [@rewrite] : forall x : t_Cloned'0 [inv'0 x] . inv'0 x + = match x with + | {t_Cloned__it'0 = it} -> inv'1 it + end - function refl'0 [#"../../../creusot-contracts/src/logic/ord.rs" 68 4 68 21] (x : t_T'0) : () + function iter'0 [#"../../../creusot-contracts/src/std/iter/cloned.rs" 12 4 12 22] (self : t_Cloned'0) : t_I'0 - axiom refl'0_spec : forall x : t_T'0 . [%#sord6] cmp_log'1 x x = C_Equal'0 + axiom iter'0_spec : forall self : t_Cloned'0 . [%#scloned2] inv'0 self -> inv'1 (iter'0 self) - function gt_log'0 [#"../../../creusot-contracts/src/logic/ord.rs" 57 4 57 36] (self : t_T'0) (o : t_T'0) : bool + use seq.Seq - function cmp_gt_log'0 [#"../../../creusot-contracts/src/logic/ord.rs" 63 4 63 36] (x : t_T'0) (y : t_T'0) : () + use seq.Seq - axiom cmp_gt_log'0_spec : forall x : t_T'0, y : t_T'0 . [%#sord5] gt_log'0 x y = (cmp_log'1 x y = C_Greater'0) + predicate produces'1 [#"../../../creusot-contracts/src/std/iter.rs" 32 4 32 65] (self : t_I'0) (visited : Seq.seq t_T'0) (o : t_I'0) + - function ge_log'0 [#"../../../creusot-contracts/src/logic/ord.rs" 46 4 46 36] (self : t_T'0) (o : t_T'0) : bool + function produces_trans'0 [#"../../../creusot-contracts/src/std/iter.rs" 45 4 45 91] (a : t_I'0) (ab : Seq.seq t_T'0) (b : t_I'0) (bc : Seq.seq t_T'0) (c : t_I'0) : () + - function cmp_ge_log'0 [#"../../../creusot-contracts/src/logic/ord.rs" 52 4 52 36] (x : t_T'0) (y : t_T'0) : () + axiom produces_trans'0_spec : forall a : t_I'0, ab : Seq.seq t_T'0, b : t_I'0, bc : Seq.seq t_T'0, c : t_I'0 . ([%#siter4] produces'1 a ab b) + -> ([%#siter5] produces'1 b bc c) -> ([%#siter6] produces'1 a (Seq.(++) ab bc) c) - axiom cmp_ge_log'0_spec : forall x : t_T'0, y : t_T'0 . [%#sord4] ge_log'0 x y = (cmp_log'1 x y <> C_Less'0) + function produces_refl'1 [#"../../../creusot-contracts/src/std/iter.rs" 39 4 39 27] (self : t_I'0) : () - function lt_log'0 [#"../../../creusot-contracts/src/logic/ord.rs" 35 4 35 36] (self : t_T'0) (o : t_T'0) : bool + axiom produces_refl'1_spec : forall self : t_I'0 . [%#siter3] produces'1 self (Seq.empty : Seq.seq t_T'0) self - function cmp_lt_log'0 [#"../../../creusot-contracts/src/logic/ord.rs" 41 4 41 36] (x : t_T'0) (y : t_T'0) : () + use seq.Seq - axiom cmp_lt_log'0_spec : forall x : t_T'0, y : t_T'0 . [%#sord3] lt_log'0 x y = (cmp_log'1 x y = C_Less'0) + use seq.Seq - function le_log'0 [#"../../../creusot-contracts/src/logic/ord.rs" 24 4 24 36] (self : t_T'0) (o : t_T'0) : bool + use prelude.prelude.Int - function cmp_le_log'0 [#"../../../creusot-contracts/src/logic/ord.rs" 30 4 30 36] (x : t_T'0) (y : t_T'0) : () + use seq.Seq - axiom cmp_le_log'0_spec : forall x : t_T'0, y : t_T'0 . [%#sord2] le_log'0 x y = (cmp_log'1 x y <> C_Greater'0) + use seq.Seq - function cmp_log'0 [#"../../../creusot-contracts/src/std/cmp.rs" 77 4 77 41] (self : t_Reverse'0) (o : t_Reverse'0) : t_Ordering'0 + predicate produces'0 [#"../../../creusot-contracts/src/std/iter/cloned.rs" 46 4 46 64] (self : t_Cloned'0) (visited : Seq.seq t_T'0) (o : t_Cloned'0) = - [%#scmp1] match cmp_log'1 self.t_Reverse__0'0 o.t_Reverse__0'0 with - | C_Equal'0 -> C_Equal'0 - | C_Less'0 -> C_Greater'0 - | C_Greater'0 -> C_Less'0 - end + [%#scloned1] exists s : Seq.seq t_T'0 . produces'1 (iter'0 self) s (iter'0 o) + /\ Seq.length visited = Seq.length s + /\ (forall i : int . 0 <= i /\ i < Seq.length s -> Seq.get visited i = Seq.get s i) - goal refines : [%#scmp0] forall x : t_Reverse'0 . forall y : t_Reverse'0 . forall z : t_Reverse'0 . forall o : t_Ordering'0 . cmp_log'0 y z - = o - /\ cmp_log'0 x y = o - -> cmp_log'0 y z = o /\ cmp_log'0 x y = o /\ (forall result : () . cmp_log'0 x z = o -> cmp_log'0 x z = o) + goal refines : [%#scloned0] forall self : t_Cloned'0 . forall result : () . produces'0 self (Seq.empty : Seq.seq t_T'0) self + -> produces'0 self (Seq.empty : Seq.seq t_T'0) self end -module M_creusot_contracts__stdqy35z1__cmp__qyi16241606109483467814__antisym2__refines [#"../../../creusot-contracts/src/std/cmp.rs" 127 4 127 33] (* as logic::ord::OrdLogic> *) - let%span scmp0 = "../../../creusot-contracts/src/std/cmp.rs" 127 4 127 33 - let%span scmp1 = "../../../creusot-contracts/src/std/cmp.rs" 78 8 82 9 - let%span sord2 = "../../../creusot-contracts/src/logic/ord.rs" 29 14 29 64 - let%span sord3 = "../../../creusot-contracts/src/logic/ord.rs" 40 14 40 61 - let%span sord4 = "../../../creusot-contracts/src/logic/ord.rs" 51 14 51 61 - let%span sord5 = "../../../creusot-contracts/src/logic/ord.rs" 62 14 62 64 - let%span sord6 = "../../../creusot-contracts/src/logic/ord.rs" 67 14 67 45 - let%span sord7 = "../../../creusot-contracts/src/logic/ord.rs" 72 15 72 32 - let%span sord8 = "../../../creusot-contracts/src/logic/ord.rs" 73 15 73 32 - let%span sord9 = "../../../creusot-contracts/src/logic/ord.rs" 74 14 74 31 - let%span sord10 = "../../../creusot-contracts/src/logic/ord.rs" 81 15 81 45 - let%span sord11 = "../../../creusot-contracts/src/logic/ord.rs" 82 14 82 47 - let%span sord12 = "../../../creusot-contracts/src/logic/ord.rs" 89 15 89 48 - let%span sord13 = "../../../creusot-contracts/src/logic/ord.rs" 90 14 90 44 - let%span sord14 = "../../../creusot-contracts/src/logic/ord.rs" 95 14 95 59 - - type t_T'0 - - type t_Reverse'0 = - { t_Reverse__0'0: t_T'0 } +module M_creusot_contracts__stdqy35z1__iter__copied__qyi18224474876607687026__produces_refl__refines [#"../../../creusot-contracts/src/std/iter/copied.rs" 58 4 58 26] (* as std::iter::Iterator> *) + let%span scopied0 = "../../../creusot-contracts/src/std/iter/copied.rs" 58 4 58 26 + let%span scopied1 = "../../../creusot-contracts/src/std/iter/copied.rs" 48 12 51 79 + let%span scopied2 = "../../../creusot-contracts/src/std/iter/copied.rs" 11 14 11 39 + let%span siter3 = "../../../creusot-contracts/src/std/iter.rs" 38 14 38 45 + let%span siter4 = "../../../creusot-contracts/src/std/iter.rs" 42 15 42 32 + let%span siter5 = "../../../creusot-contracts/src/std/iter.rs" 43 15 43 32 + let%span siter6 = "../../../creusot-contracts/src/std/iter.rs" 44 14 44 42 - type t_Ordering'0 = - | C_Less'0 - | C_Equal'0 - | C_Greater'0 + type t_I'0 - function cmp_log'1 [#"../../../creusot-contracts/src/logic/ord.rs" 19 4 19 46] (self : t_T'0) (other : t_T'0) : t_Ordering'0 - + type t_Copied'0 = + { t_Copied__it'0: t_I'0 } - function eq_cmp'0 [#"../../../creusot-contracts/src/logic/ord.rs" 96 4 96 32] (x : t_T'0) (y : t_T'0) : () + use seq.Seq - axiom eq_cmp'0_spec : forall x : t_T'0, y : t_T'0 . [%#sord14] (x = y) = (cmp_log'1 x y = C_Equal'0) + type t_T'0 - function antisym2'1 [#"../../../creusot-contracts/src/logic/ord.rs" 91 4 91 34] (x : t_T'0) (y : t_T'0) : () + use seq.Seq - axiom antisym2'1_spec : forall x : t_T'0, y : t_T'0 . ([%#sord12] cmp_log'1 x y = C_Greater'0) - -> ([%#sord13] cmp_log'1 y x = C_Less'0) + use prelude.prelude.Borrow - function antisym1'0 [#"../../../creusot-contracts/src/logic/ord.rs" 83 4 83 34] (x : t_T'0) (y : t_T'0) : () + use seq.Seq - axiom antisym1'0_spec : forall x : t_T'0, y : t_T'0 . ([%#sord10] cmp_log'1 x y = C_Less'0) - -> ([%#sord11] cmp_log'1 y x = C_Greater'0) + predicate inv'1 [#"../../../creusot-contracts/src/invariant.rs" 41 0 41 35] (_1 : t_I'0) - function trans'0 [#"../../../creusot-contracts/src/logic/ord.rs" 75 4 75 53] (x : t_T'0) (y : t_T'0) (z : t_T'0) (o : t_Ordering'0) : () - + predicate inv'0 [#"../../../creusot-contracts/src/invariant.rs" 41 0 41 35] (_1 : t_Copied'0) - axiom trans'0_spec : forall x : t_T'0, y : t_T'0, z : t_T'0, o : t_Ordering'0 . ([%#sord7] cmp_log'1 x y = o) - -> ([%#sord8] cmp_log'1 y z = o) -> ([%#sord9] cmp_log'1 x z = o) + axiom inv_axiom'0 [@rewrite] : forall x : t_Copied'0 [inv'0 x] . inv'0 x + = match x with + | {t_Copied__it'0 = it} -> inv'1 it + end - function refl'0 [#"../../../creusot-contracts/src/logic/ord.rs" 68 4 68 21] (x : t_T'0) : () + function iter'0 [#"../../../creusot-contracts/src/std/iter/copied.rs" 12 4 12 22] (self : t_Copied'0) : t_I'0 - axiom refl'0_spec : forall x : t_T'0 . [%#sord6] cmp_log'1 x x = C_Equal'0 + axiom iter'0_spec : forall self : t_Copied'0 . [%#scopied2] inv'0 self -> inv'1 (iter'0 self) - function gt_log'0 [#"../../../creusot-contracts/src/logic/ord.rs" 57 4 57 36] (self : t_T'0) (o : t_T'0) : bool + use seq.Seq - function cmp_gt_log'0 [#"../../../creusot-contracts/src/logic/ord.rs" 63 4 63 36] (x : t_T'0) (y : t_T'0) : () + use seq.Seq - axiom cmp_gt_log'0_spec : forall x : t_T'0, y : t_T'0 . [%#sord5] gt_log'0 x y = (cmp_log'1 x y = C_Greater'0) + predicate produces'1 [#"../../../creusot-contracts/src/std/iter.rs" 32 4 32 65] (self : t_I'0) (visited : Seq.seq t_T'0) (o : t_I'0) + - function ge_log'0 [#"../../../creusot-contracts/src/logic/ord.rs" 46 4 46 36] (self : t_T'0) (o : t_T'0) : bool + function produces_trans'0 [#"../../../creusot-contracts/src/std/iter.rs" 45 4 45 91] (a : t_I'0) (ab : Seq.seq t_T'0) (b : t_I'0) (bc : Seq.seq t_T'0) (c : t_I'0) : () + - function cmp_ge_log'0 [#"../../../creusot-contracts/src/logic/ord.rs" 52 4 52 36] (x : t_T'0) (y : t_T'0) : () + axiom produces_trans'0_spec : forall a : t_I'0, ab : Seq.seq t_T'0, b : t_I'0, bc : Seq.seq t_T'0, c : t_I'0 . ([%#siter4] produces'1 a ab b) + -> ([%#siter5] produces'1 b bc c) -> ([%#siter6] produces'1 a (Seq.(++) ab bc) c) - axiom cmp_ge_log'0_spec : forall x : t_T'0, y : t_T'0 . [%#sord4] ge_log'0 x y = (cmp_log'1 x y <> C_Less'0) + function produces_refl'1 [#"../../../creusot-contracts/src/std/iter.rs" 39 4 39 27] (self : t_I'0) : () - function lt_log'0 [#"../../../creusot-contracts/src/logic/ord.rs" 35 4 35 36] (self : t_T'0) (o : t_T'0) : bool + axiom produces_refl'1_spec : forall self : t_I'0 . [%#siter3] produces'1 self (Seq.empty : Seq.seq t_T'0) self - function cmp_lt_log'0 [#"../../../creusot-contracts/src/logic/ord.rs" 41 4 41 36] (x : t_T'0) (y : t_T'0) : () + use seq.Seq - axiom cmp_lt_log'0_spec : forall x : t_T'0, y : t_T'0 . [%#sord3] lt_log'0 x y = (cmp_log'1 x y = C_Less'0) + use seq.Seq - function le_log'0 [#"../../../creusot-contracts/src/logic/ord.rs" 24 4 24 36] (self : t_T'0) (o : t_T'0) : bool + use prelude.prelude.Int - function cmp_le_log'0 [#"../../../creusot-contracts/src/logic/ord.rs" 30 4 30 36] (x : t_T'0) (y : t_T'0) : () + use seq.Seq - axiom cmp_le_log'0_spec : forall x : t_T'0, y : t_T'0 . [%#sord2] le_log'0 x y = (cmp_log'1 x y <> C_Greater'0) + use seq.Seq - function cmp_log'0 [#"../../../creusot-contracts/src/std/cmp.rs" 77 4 77 41] (self : t_Reverse'0) (o : t_Reverse'0) : t_Ordering'0 + predicate produces'0 [#"../../../creusot-contracts/src/std/iter/copied.rs" 46 4 46 64] (self : t_Copied'0) (visited : Seq.seq t_T'0) (o : t_Copied'0) = - [%#scmp1] match cmp_log'1 self.t_Reverse__0'0 o.t_Reverse__0'0 with - | C_Equal'0 -> C_Equal'0 - | C_Less'0 -> C_Greater'0 - | C_Greater'0 -> C_Less'0 - end + [%#scopied1] exists s : Seq.seq t_T'0 . produces'1 (iter'0 self) s (iter'0 o) + /\ Seq.length visited = Seq.length s + /\ (forall i : int . 0 <= i /\ i < Seq.length s -> Seq.get visited i = Seq.get s i) - goal refines : [%#scmp0] forall x : t_Reverse'0 . forall y : t_Reverse'0 . cmp_log'0 x y = C_Greater'0 - -> cmp_log'0 x y = C_Greater'0 /\ (forall result : () . cmp_log'0 y x = C_Less'0 -> cmp_log'0 y x = C_Less'0) + goal refines : [%#scopied0] forall self : t_Copied'0 . forall result : () . produces'0 self (Seq.empty : Seq.seq t_T'0) self + -> produces'0 self (Seq.empty : Seq.seq t_T'0) self end -module M_creusot_contracts__stdqy35z1__cmp__qyi16241606109483467814__cmp_le_log__refines [#"../../../creusot-contracts/src/std/cmp.rs" 88 4 88 35] (* as logic::ord::OrdLogic> *) - let%span scmp0 = "../../../creusot-contracts/src/std/cmp.rs" 88 4 88 35 - let%span sord1 = "../../../creusot-contracts/src/logic/ord.rs" 25 20 25 56 - let%span scmp2 = "../../../creusot-contracts/src/std/cmp.rs" 78 8 82 9 - let%span sord3 = "../../../creusot-contracts/src/logic/ord.rs" 29 14 29 64 - let%span sord4 = "../../../creusot-contracts/src/logic/ord.rs" 40 14 40 61 - let%span sord5 = "../../../creusot-contracts/src/logic/ord.rs" 51 14 51 61 - let%span sord6 = "../../../creusot-contracts/src/logic/ord.rs" 62 14 62 64 - let%span sord7 = "../../../creusot-contracts/src/logic/ord.rs" 67 14 67 45 - let%span sord8 = "../../../creusot-contracts/src/logic/ord.rs" 72 15 72 32 - let%span sord9 = "../../../creusot-contracts/src/logic/ord.rs" 73 15 73 32 - let%span sord10 = "../../../creusot-contracts/src/logic/ord.rs" 74 14 74 31 - let%span sord11 = "../../../creusot-contracts/src/logic/ord.rs" 81 15 81 45 - let%span sord12 = "../../../creusot-contracts/src/logic/ord.rs" 82 14 82 47 - let%span sord13 = "../../../creusot-contracts/src/logic/ord.rs" 89 15 89 48 - let%span sord14 = "../../../creusot-contracts/src/logic/ord.rs" 90 14 90 44 - let%span sord15 = "../../../creusot-contracts/src/logic/ord.rs" 95 14 95 59 +module M_creusot_contracts__stdqy35z1__iter__copied__qyi18224474876607687026__produces_trans__refines [#"../../../creusot-contracts/src/std/iter/copied.rs" 65 4 65 90] (* as std::iter::Iterator> *) + let%span scopied0 = "../../../creusot-contracts/src/std/iter/copied.rs" 65 4 65 90 + let%span scopied1 = "../../../creusot-contracts/src/std/iter/copied.rs" 48 12 51 79 + let%span scopied2 = "../../../creusot-contracts/src/std/iter/copied.rs" 11 14 11 39 + let%span siter3 = "../../../creusot-contracts/src/std/iter.rs" 38 14 38 45 + let%span siter4 = "../../../creusot-contracts/src/std/iter.rs" 42 15 42 32 + let%span siter5 = "../../../creusot-contracts/src/std/iter.rs" 43 15 43 32 + let%span siter6 = "../../../creusot-contracts/src/std/iter.rs" 44 14 44 42 + + type t_I'0 + + type t_Copied'0 = + { t_Copied__it'0: t_I'0 } type t_T'0 - type t_Reverse'0 = - { t_Reverse__0'0: t_T'0 } + use seq.Seq - type t_Ordering'0 = - | C_Less'0 - | C_Equal'0 - | C_Greater'0 + use prelude.prelude.Borrow - function cmp_log'1 [#"../../../creusot-contracts/src/logic/ord.rs" 19 4 19 46] (self : t_T'0) (other : t_T'0) : t_Ordering'0 - + use seq.Seq - function eq_cmp'0 [#"../../../creusot-contracts/src/logic/ord.rs" 96 4 96 32] (x : t_T'0) (y : t_T'0) : () + predicate inv'1 [#"../../../creusot-contracts/src/invariant.rs" 41 0 41 35] (_1 : t_I'0) - axiom eq_cmp'0_spec : forall x : t_T'0, y : t_T'0 . [%#sord15] (x = y) = (cmp_log'1 x y = C_Equal'0) + predicate inv'0 [#"../../../creusot-contracts/src/invariant.rs" 41 0 41 35] (_1 : t_Copied'0) - function antisym2'0 [#"../../../creusot-contracts/src/logic/ord.rs" 91 4 91 34] (x : t_T'0) (y : t_T'0) : () + axiom inv_axiom'0 [@rewrite] : forall x : t_Copied'0 [inv'0 x] . inv'0 x + = match x with + | {t_Copied__it'0 = it} -> inv'1 it + end - axiom antisym2'0_spec : forall x : t_T'0, y : t_T'0 . ([%#sord13] cmp_log'1 x y = C_Greater'0) - -> ([%#sord14] cmp_log'1 y x = C_Less'0) + function iter'0 [#"../../../creusot-contracts/src/std/iter/copied.rs" 12 4 12 22] (self : t_Copied'0) : t_I'0 - function antisym1'0 [#"../../../creusot-contracts/src/logic/ord.rs" 83 4 83 34] (x : t_T'0) (y : t_T'0) : () + axiom iter'0_spec : forall self : t_Copied'0 . [%#scopied2] inv'0 self -> inv'1 (iter'0 self) - axiom antisym1'0_spec : forall x : t_T'0, y : t_T'0 . ([%#sord11] cmp_log'1 x y = C_Less'0) - -> ([%#sord12] cmp_log'1 y x = C_Greater'0) + use seq.Seq - function trans'0 [#"../../../creusot-contracts/src/logic/ord.rs" 75 4 75 53] (x : t_T'0) (y : t_T'0) (z : t_T'0) (o : t_Ordering'0) : () + use seq.Seq + + predicate produces'1 [#"../../../creusot-contracts/src/std/iter.rs" 32 4 32 65] (self : t_I'0) (visited : Seq.seq t_T'0) (o : t_I'0) - axiom trans'0_spec : forall x : t_T'0, y : t_T'0, z : t_T'0, o : t_Ordering'0 . ([%#sord8] cmp_log'1 x y = o) - -> ([%#sord9] cmp_log'1 y z = o) -> ([%#sord10] cmp_log'1 x z = o) + function produces_trans'1 [#"../../../creusot-contracts/src/std/iter.rs" 45 4 45 91] (a : t_I'0) (ab : Seq.seq t_T'0) (b : t_I'0) (bc : Seq.seq t_T'0) (c : t_I'0) : () + - function refl'0 [#"../../../creusot-contracts/src/logic/ord.rs" 68 4 68 21] (x : t_T'0) : () + axiom produces_trans'1_spec : forall a : t_I'0, ab : Seq.seq t_T'0, b : t_I'0, bc : Seq.seq t_T'0, c : t_I'0 . ([%#siter4] produces'1 a ab b) + -> ([%#siter5] produces'1 b bc c) -> ([%#siter6] produces'1 a (Seq.(++) ab bc) c) - axiom refl'0_spec : forall x : t_T'0 . [%#sord7] cmp_log'1 x x = C_Equal'0 + function produces_refl'0 [#"../../../creusot-contracts/src/std/iter.rs" 39 4 39 27] (self : t_I'0) : () - function gt_log'0 [#"../../../creusot-contracts/src/logic/ord.rs" 57 4 57 36] (self : t_T'0) (o : t_T'0) : bool + axiom produces_refl'0_spec : forall self : t_I'0 . [%#siter3] produces'1 self (Seq.empty : Seq.seq t_T'0) self - function cmp_gt_log'0 [#"../../../creusot-contracts/src/logic/ord.rs" 63 4 63 36] (x : t_T'0) (y : t_T'0) : () + use seq.Seq - axiom cmp_gt_log'0_spec : forall x : t_T'0, y : t_T'0 . [%#sord6] gt_log'0 x y = (cmp_log'1 x y = C_Greater'0) + use seq.Seq - function ge_log'0 [#"../../../creusot-contracts/src/logic/ord.rs" 46 4 46 36] (self : t_T'0) (o : t_T'0) : bool + use prelude.prelude.Int - function cmp_ge_log'0 [#"../../../creusot-contracts/src/logic/ord.rs" 52 4 52 36] (x : t_T'0) (y : t_T'0) : () + use seq.Seq - axiom cmp_ge_log'0_spec : forall x : t_T'0, y : t_T'0 . [%#sord5] ge_log'0 x y = (cmp_log'1 x y <> C_Less'0) + use seq.Seq - function lt_log'0 [#"../../../creusot-contracts/src/logic/ord.rs" 35 4 35 36] (self : t_T'0) (o : t_T'0) : bool + predicate produces'0 [#"../../../creusot-contracts/src/std/iter/copied.rs" 46 4 46 64] (self : t_Copied'0) (visited : Seq.seq t_T'0) (o : t_Copied'0) + + = + [%#scopied1] exists s : Seq.seq t_T'0 . produces'1 (iter'0 self) s (iter'0 o) + /\ Seq.length visited = Seq.length s + /\ (forall i : int . 0 <= i /\ i < Seq.length s -> Seq.get visited i = Seq.get s i) - function cmp_lt_log'0 [#"../../../creusot-contracts/src/logic/ord.rs" 41 4 41 36] (x : t_T'0) (y : t_T'0) : () + use seq.Seq - axiom cmp_lt_log'0_spec : forall x : t_T'0, y : t_T'0 . [%#sord4] lt_log'0 x y = (cmp_log'1 x y = C_Less'0) + goal refines : [%#scopied0] forall a : t_Copied'0 . forall ab : Seq.seq t_T'0 . forall b : t_Copied'0 . forall bc : Seq.seq t_T'0 . forall c : t_Copied'0 . produces'0 b bc c + /\ produces'0 a ab b + -> produces'0 b bc c + /\ produces'0 a ab b /\ (forall result : () . produces'0 a (Seq.(++) ab bc) c -> produces'0 a (Seq.(++) ab bc) c) +end +module M_creusot_contracts__stdqy35z1__iter__empty__qyi10605201058978801838__produces_refl__refines [#"../../../creusot-contracts/src/std/iter/empty.rs" 19 4 19 26] (* as std::iter::Iterator> *) + let%span sempty0 = "../../../creusot-contracts/src/std/iter/empty.rs" 19 4 19 26 + let%span sempty1 = "../../../creusot-contracts/src/std/iter/empty.rs" 13 20 13 54 - function le_log'1 [#"../../../creusot-contracts/src/logic/ord.rs" 24 4 24 36] (self : t_T'0) (o : t_T'0) : bool + type t_Empty'0 = + { t_Empty__0'0: () } - function cmp_le_log'1 [#"../../../creusot-contracts/src/logic/ord.rs" 30 4 30 36] (x : t_T'0) (y : t_T'0) : () + use seq.Seq - axiom cmp_le_log'1_spec : forall x : t_T'0, y : t_T'0 . [%#sord3] le_log'1 x y = (cmp_log'1 x y <> C_Greater'0) + type t_T'0 - function cmp_log'0 [#"../../../creusot-contracts/src/std/cmp.rs" 77 4 77 41] (self : t_Reverse'0) (o : t_Reverse'0) : t_Ordering'0 - - = - [%#scmp2] match cmp_log'1 self.t_Reverse__0'0 o.t_Reverse__0'0 with - | C_Equal'0 -> C_Equal'0 - | C_Less'0 -> C_Greater'0 - | C_Greater'0 -> C_Less'0 - end + use seq.Seq - function le_log'0 [#"../../../creusot-contracts/src/logic/ord.rs" 24 4 24 36] (self : t_Reverse'0) (o : t_Reverse'0) : bool + predicate produces'0 [#"../../../creusot-contracts/src/std/iter/empty.rs" 12 4 12 64] (self : t_Empty'0) (visited : Seq.seq t_T'0) (o : t_Empty'0) = - [%#sord1] cmp_log'0 self o <> C_Greater'0 + [%#sempty1] visited = (Seq.empty : Seq.seq t_T'0) /\ self = o - goal refines : [%#scmp0] forall x : t_Reverse'0 . forall y : t_Reverse'0 . forall result : () . le_log'0 x y - = (cmp_log'0 x y <> C_Greater'0) -> le_log'0 x y = (cmp_log'0 x y <> C_Greater'0) + goal refines : [%#sempty0] forall self : t_Empty'0 . forall result : () . produces'0 self (Seq.empty : Seq.seq t_T'0) self + -> produces'0 self (Seq.empty : Seq.seq t_T'0) self end -module M_creusot_contracts__stdqy35z1__cmp__qyi16241606109483467814__cmp_ge_log__refines [#"../../../creusot-contracts/src/std/cmp.rs" 98 4 98 35] (* as logic::ord::OrdLogic> *) - let%span scmp0 = "../../../creusot-contracts/src/std/cmp.rs" 98 4 98 35 - let%span sord1 = "../../../creusot-contracts/src/logic/ord.rs" 47 20 47 53 - let%span scmp2 = "../../../creusot-contracts/src/std/cmp.rs" 78 8 82 9 - let%span sord3 = "../../../creusot-contracts/src/logic/ord.rs" 29 14 29 64 - let%span sord4 = "../../../creusot-contracts/src/logic/ord.rs" 40 14 40 61 - let%span sord5 = "../../../creusot-contracts/src/logic/ord.rs" 51 14 51 61 - let%span sord6 = "../../../creusot-contracts/src/logic/ord.rs" 62 14 62 64 - let%span sord7 = "../../../creusot-contracts/src/logic/ord.rs" 67 14 67 45 - let%span sord8 = "../../../creusot-contracts/src/logic/ord.rs" 72 15 72 32 - let%span sord9 = "../../../creusot-contracts/src/logic/ord.rs" 73 15 73 32 - let%span sord10 = "../../../creusot-contracts/src/logic/ord.rs" 74 14 74 31 - let%span sord11 = "../../../creusot-contracts/src/logic/ord.rs" 81 15 81 45 - let%span sord12 = "../../../creusot-contracts/src/logic/ord.rs" 82 14 82 47 - let%span sord13 = "../../../creusot-contracts/src/logic/ord.rs" 89 15 89 48 - let%span sord14 = "../../../creusot-contracts/src/logic/ord.rs" 90 14 90 44 - let%span sord15 = "../../../creusot-contracts/src/logic/ord.rs" 95 14 95 59 +module M_creusot_contracts__stdqy35z1__iter__empty__qyi10605201058978801838__produces_trans__refines [#"../../../creusot-contracts/src/std/iter/empty.rs" 26 4 26 90] (* as std::iter::Iterator> *) + let%span sempty0 = "../../../creusot-contracts/src/std/iter/empty.rs" 26 4 26 90 + let%span sempty1 = "../../../creusot-contracts/src/std/iter/empty.rs" 13 20 13 54 + + type t_Empty'0 = + { t_Empty__0'0: () } type t_T'0 - type t_Reverse'0 = - { t_Reverse__0'0: t_T'0 } + use seq.Seq - type t_Ordering'0 = - | C_Less'0 - | C_Equal'0 - | C_Greater'0 + use seq.Seq - function cmp_log'1 [#"../../../creusot-contracts/src/logic/ord.rs" 19 4 19 46] (self : t_T'0) (other : t_T'0) : t_Ordering'0 + predicate produces'0 [#"../../../creusot-contracts/src/std/iter/empty.rs" 12 4 12 64] (self : t_Empty'0) (visited : Seq.seq t_T'0) (o : t_Empty'0) + = + [%#sempty1] visited = (Seq.empty : Seq.seq t_T'0) /\ self = o - function eq_cmp'0 [#"../../../creusot-contracts/src/logic/ord.rs" 96 4 96 32] (x : t_T'0) (y : t_T'0) : () + use seq.Seq - axiom eq_cmp'0_spec : forall x : t_T'0, y : t_T'0 . [%#sord15] (x = y) = (cmp_log'1 x y = C_Equal'0) + goal refines : [%#sempty0] forall a : t_Empty'0 . forall ab : Seq.seq t_T'0 . forall b : t_Empty'0 . forall bc : Seq.seq t_T'0 . forall c : t_Empty'0 . produces'0 b bc c + /\ produces'0 a ab b + -> produces'0 b bc c + /\ produces'0 a ab b /\ (forall result : () . produces'0 a (Seq.(++) ab bc) c -> produces'0 a (Seq.(++) ab bc) c) +end +module M_creusot_contracts__stdqy35z1__iter__enumerate__qyi2718914205750388896__produces_trans__refines [#"../../../creusot-contracts/src/std/iter/enumerate.rs" 90 4 90 90] (* as std::iter::Iterator> *) + let%span senumerate0 = "../../../creusot-contracts/src/std/iter/enumerate.rs" 90 4 90 90 + let%span senumerate1 = "../../../creusot-contracts/src/std/iter/enumerate.rs" 72 12 76 113 + let%span senumerate2 = "../../../creusot-contracts/src/std/iter/enumerate.rs" 14 14 14 39 + let%span siter3 = "../../../creusot-contracts/src/std/iter.rs" 38 14 38 45 + let%span siter4 = "../../../creusot-contracts/src/std/iter.rs" 42 15 42 32 + let%span siter5 = "../../../creusot-contracts/src/std/iter.rs" 43 15 43 32 + let%span siter6 = "../../../creusot-contracts/src/std/iter.rs" 44 14 44 42 + let%span senumerate7 = "../../../creusot-contracts/src/std/iter/enumerate.rs" 45 12 49 85 - function antisym2'0 [#"../../../creusot-contracts/src/logic/ord.rs" 91 4 91 34] (x : t_T'0) (y : t_T'0) : () + type t_I'0 - axiom antisym2'0_spec : forall x : t_T'0, y : t_T'0 . ([%#sord13] cmp_log'1 x y = C_Greater'0) - -> ([%#sord14] cmp_log'1 y x = C_Less'0) + use prelude.prelude.UIntSize - function antisym1'0 [#"../../../creusot-contracts/src/logic/ord.rs" 83 4 83 34] (x : t_T'0) (y : t_T'0) : () + type t_Enumerate'0 = + { t_Enumerate__iter'0: t_I'0; t_Enumerate__count'0: usize } - axiom antisym1'0_spec : forall x : t_T'0, y : t_T'0 . ([%#sord11] cmp_log'1 x y = C_Less'0) - -> ([%#sord12] cmp_log'1 y x = C_Greater'0) + type t_Item'0 - function trans'0 [#"../../../creusot-contracts/src/logic/ord.rs" 75 4 75 53] (x : t_T'0) (y : t_T'0) (z : t_T'0) (o : t_Ordering'0) : () - + use seq.Seq - axiom trans'0_spec : forall x : t_T'0, y : t_T'0, z : t_T'0, o : t_Ordering'0 . ([%#sord8] cmp_log'1 x y = o) - -> ([%#sord9] cmp_log'1 y z = o) -> ([%#sord10] cmp_log'1 x z = o) + use seq.Seq - function refl'0 [#"../../../creusot-contracts/src/logic/ord.rs" 68 4 68 21] (x : t_T'0) : () + use prelude.prelude.Int - axiom refl'0_spec : forall x : t_T'0 . [%#sord7] cmp_log'1 x x = C_Equal'0 + function n'0 [#"../../../creusot-contracts/src/std/iter/enumerate.rs" 21 4 21 21] (self : t_Enumerate'0) : int - function gt_log'0 [#"../../../creusot-contracts/src/logic/ord.rs" 57 4 57 36] (self : t_T'0) (o : t_T'0) : bool + use seq.Seq - function cmp_gt_log'0 [#"../../../creusot-contracts/src/logic/ord.rs" 63 4 63 36] (x : t_T'0) (y : t_T'0) : () + use seq.Seq - axiom cmp_gt_log'0_spec : forall x : t_T'0, y : t_T'0 . [%#sord6] gt_log'0 x y = (cmp_log'1 x y = C_Greater'0) + use seq.Seq - function ge_log'1 [#"../../../creusot-contracts/src/logic/ord.rs" 46 4 46 36] (self : t_T'0) (o : t_T'0) : bool + predicate produces'1 [#"../../../creusot-contracts/src/std/iter.rs" 32 4 32 65] (self : t_I'0) (visited : Seq.seq t_Item'0) (o : t_I'0) + - function cmp_ge_log'1 [#"../../../creusot-contracts/src/logic/ord.rs" 52 4 52 36] (x : t_T'0) (y : t_T'0) : () + function produces_trans'1 [#"../../../creusot-contracts/src/std/iter.rs" 45 4 45 91] (a : t_I'0) (ab : Seq.seq t_Item'0) (b : t_I'0) (bc : Seq.seq t_Item'0) (c : t_I'0) : () + - axiom cmp_ge_log'1_spec : forall x : t_T'0, y : t_T'0 . [%#sord5] ge_log'1 x y = (cmp_log'1 x y <> C_Less'0) + axiom produces_trans'1_spec : forall a : t_I'0, ab : Seq.seq t_Item'0, b : t_I'0, bc : Seq.seq t_Item'0, c : t_I'0 . ([%#siter4] produces'1 a ab b) + -> ([%#siter5] produces'1 b bc c) -> ([%#siter6] produces'1 a (Seq.(++) ab bc) c) - function lt_log'0 [#"../../../creusot-contracts/src/logic/ord.rs" 35 4 35 36] (self : t_T'0) (o : t_T'0) : bool + function produces_refl'0 [#"../../../creusot-contracts/src/std/iter.rs" 39 4 39 27] (self : t_I'0) : () - function cmp_lt_log'0 [#"../../../creusot-contracts/src/logic/ord.rs" 41 4 41 36] (x : t_T'0) (y : t_T'0) : () + axiom produces_refl'0_spec : forall self : t_I'0 . [%#siter3] produces'1 self (Seq.empty : Seq.seq t_Item'0) self - axiom cmp_lt_log'0_spec : forall x : t_T'0, y : t_T'0 . [%#sord4] lt_log'0 x y = (cmp_log'1 x y = C_Less'0) + use seq.Seq - function le_log'0 [#"../../../creusot-contracts/src/logic/ord.rs" 24 4 24 36] (self : t_T'0) (o : t_T'0) : bool + constant v_MAX'0 : usize = (18446744073709551615 : usize) - function cmp_le_log'0 [#"../../../creusot-contracts/src/logic/ord.rs" 30 4 30 36] (x : t_T'0) (y : t_T'0) : () + use prelude.prelude.UIntSize - axiom cmp_le_log'0_spec : forall x : t_T'0, y : t_T'0 . [%#sord3] le_log'0 x y = (cmp_log'1 x y <> C_Greater'0) + use prelude.prelude.Borrow - function cmp_log'0 [#"../../../creusot-contracts/src/std/cmp.rs" 77 4 77 41] (self : t_Reverse'0) (o : t_Reverse'0) : t_Ordering'0 - - = - [%#scmp2] match cmp_log'1 self.t_Reverse__0'0 o.t_Reverse__0'0 with - | C_Equal'0 -> C_Equal'0 - | C_Less'0 -> C_Greater'0 - | C_Greater'0 -> C_Less'0 - end + predicate completed'0 [#"../../../creusot-contracts/src/std/iter.rs" 35 4 35 36] (self : borrowed t_I'0) - function ge_log'0 [#"../../../creusot-contracts/src/logic/ord.rs" 46 4 46 36] (self : t_Reverse'0) (o : t_Reverse'0) : bool - - = - [%#sord1] cmp_log'0 self o <> C_Less'0 + predicate inv'1 [#"../../../creusot-contracts/src/invariant.rs" 41 0 41 35] (_1 : t_I'0) - goal refines : [%#scmp0] forall x : t_Reverse'0 . forall y : t_Reverse'0 . forall result : () . ge_log'0 x y - = (cmp_log'0 x y <> C_Less'0) -> ge_log'0 x y = (cmp_log'0 x y <> C_Less'0) -end -module M_creusot_contracts__stdqy35z1__cmp__qyi16241606109483467814__cmp_gt_log__refines [#"../../../creusot-contracts/src/std/cmp.rs" 103 4 103 35] (* as logic::ord::OrdLogic> *) - let%span scmp0 = "../../../creusot-contracts/src/std/cmp.rs" 103 4 103 35 - let%span sord1 = "../../../creusot-contracts/src/logic/ord.rs" 58 20 58 56 - let%span scmp2 = "../../../creusot-contracts/src/std/cmp.rs" 78 8 82 9 - let%span sord3 = "../../../creusot-contracts/src/logic/ord.rs" 29 14 29 64 - let%span sord4 = "../../../creusot-contracts/src/logic/ord.rs" 40 14 40 61 - let%span sord5 = "../../../creusot-contracts/src/logic/ord.rs" 51 14 51 61 - let%span sord6 = "../../../creusot-contracts/src/logic/ord.rs" 62 14 62 64 - let%span sord7 = "../../../creusot-contracts/src/logic/ord.rs" 67 14 67 45 - let%span sord8 = "../../../creusot-contracts/src/logic/ord.rs" 72 15 72 32 - let%span sord9 = "../../../creusot-contracts/src/logic/ord.rs" 73 15 73 32 - let%span sord10 = "../../../creusot-contracts/src/logic/ord.rs" 74 14 74 31 - let%span sord11 = "../../../creusot-contracts/src/logic/ord.rs" 81 15 81 45 - let%span sord12 = "../../../creusot-contracts/src/logic/ord.rs" 82 14 82 47 - let%span sord13 = "../../../creusot-contracts/src/logic/ord.rs" 89 15 89 48 - let%span sord14 = "../../../creusot-contracts/src/logic/ord.rs" 90 14 90 44 - let%span sord15 = "../../../creusot-contracts/src/logic/ord.rs" 95 14 95 59 + predicate inv'0 [#"../../../creusot-contracts/src/invariant.rs" 41 0 41 35] (_1 : t_Enumerate'0) - type t_T'0 + function iter'0 [#"../../../creusot-contracts/src/std/iter/enumerate.rs" 15 4 15 22] (self : t_Enumerate'0) : t_I'0 - type t_Reverse'0 = - { t_Reverse__0'0: t_T'0 } + axiom iter'0_spec : forall self : t_Enumerate'0 . [%#senumerate2] inv'0 self -> inv'1 (iter'0 self) - type t_Ordering'0 = - | C_Less'0 - | C_Equal'0 - | C_Greater'0 + predicate invariant'0 [#"../../../creusot-contracts/src/std/iter/enumerate.rs" 43 4 43 30] (self : t_Enumerate'0) = + [%#senumerate7] (forall s : Seq.seq t_Item'0, i : t_I'0 [produces'1 (iter'0 self) s i] . produces'1 (iter'0 self) s i + -> n'0 self + Seq.length s < UIntSize.to_int v_MAX'0) + /\ (forall i : borrowed t_I'0 . completed'0 i -> produces'1 i.current (Seq.empty : Seq.seq t_Item'0) i.final) - function cmp_log'1 [#"../../../creusot-contracts/src/logic/ord.rs" 19 4 19 46] (self : t_T'0) (other : t_T'0) : t_Ordering'0 - + axiom inv_axiom'0 [@rewrite] : forall x : t_Enumerate'0 [inv'0 x] . inv'0 x + = (invariant'0 x + /\ match x with + | {t_Enumerate__iter'0 = iter ; t_Enumerate__count'0 = count} -> inv'1 iter + end) - function eq_cmp'0 [#"../../../creusot-contracts/src/logic/ord.rs" 96 4 96 32] (x : t_T'0) (y : t_T'0) : () + use seq.Seq - axiom eq_cmp'0_spec : forall x : t_T'0, y : t_T'0 . [%#sord15] (x = y) = (cmp_log'1 x y = C_Equal'0) + use seq.Seq - function antisym2'0 [#"../../../creusot-contracts/src/logic/ord.rs" 91 4 91 34] (x : t_T'0) (y : t_T'0) : () + predicate produces'0 [#"../../../creusot-contracts/src/std/iter/enumerate.rs" 70 4 70 64] (self : t_Enumerate'0) (visited : Seq.seq (usize, t_Item'0)) (o : t_Enumerate'0) + + = + [%#senumerate1] Seq.length visited = n'0 o - n'0 self + /\ (exists s : Seq.seq t_Item'0 . produces'1 (iter'0 self) s (iter'0 o) + /\ Seq.length visited = Seq.length s + /\ (forall i : int . 0 <= i /\ i < Seq.length s + -> UIntSize.to_int (let (a, _) = Seq.get visited i in a) = n'0 self + i + /\ (let (_, a) = Seq.get visited i in a) = Seq.get s i)) - axiom antisym2'0_spec : forall x : t_T'0, y : t_T'0 . ([%#sord13] cmp_log'1 x y = C_Greater'0) - -> ([%#sord14] cmp_log'1 y x = C_Less'0) + use seq.Seq - function antisym1'0 [#"../../../creusot-contracts/src/logic/ord.rs" 83 4 83 34] (x : t_T'0) (y : t_T'0) : () + goal refines : [%#senumerate0] forall a : t_Enumerate'0 . forall ab : Seq.seq (usize, t_Item'0) . forall b : t_Enumerate'0 . forall bc : Seq.seq (usize, t_Item'0) . forall c : t_Enumerate'0 . produces'0 b bc c + /\ produces'0 a ab b + -> produces'0 b bc c + /\ produces'0 a ab b /\ (forall result : () . produces'0 a (Seq.(++) ab bc) c -> produces'0 a (Seq.(++) ab bc) c) +end +module M_creusot_contracts__stdqy35z1__iter__enumerate__qyi2718914205750388896__produces_refl__refines [#"../../../creusot-contracts/src/std/iter/enumerate.rs" 83 4 83 26] (* as std::iter::Iterator> *) + let%span senumerate0 = "../../../creusot-contracts/src/std/iter/enumerate.rs" 83 4 83 26 + let%span senumerate1 = "../../../creusot-contracts/src/std/iter/enumerate.rs" 72 12 76 113 + let%span senumerate2 = "../../../creusot-contracts/src/std/iter/enumerate.rs" 14 14 14 39 + let%span siter3 = "../../../creusot-contracts/src/std/iter.rs" 38 14 38 45 + let%span siter4 = "../../../creusot-contracts/src/std/iter.rs" 42 15 42 32 + let%span siter5 = "../../../creusot-contracts/src/std/iter.rs" 43 15 43 32 + let%span siter6 = "../../../creusot-contracts/src/std/iter.rs" 44 14 44 42 + let%span senumerate7 = "../../../creusot-contracts/src/std/iter/enumerate.rs" 45 12 49 85 - axiom antisym1'0_spec : forall x : t_T'0, y : t_T'0 . ([%#sord11] cmp_log'1 x y = C_Less'0) - -> ([%#sord12] cmp_log'1 y x = C_Greater'0) + type t_I'0 - function trans'0 [#"../../../creusot-contracts/src/logic/ord.rs" 75 4 75 53] (x : t_T'0) (y : t_T'0) (z : t_T'0) (o : t_Ordering'0) : () - + use prelude.prelude.UIntSize - axiom trans'0_spec : forall x : t_T'0, y : t_T'0, z : t_T'0, o : t_Ordering'0 . ([%#sord8] cmp_log'1 x y = o) - -> ([%#sord9] cmp_log'1 y z = o) -> ([%#sord10] cmp_log'1 x z = o) + type t_Enumerate'0 = + { t_Enumerate__iter'0: t_I'0; t_Enumerate__count'0: usize } - function refl'0 [#"../../../creusot-contracts/src/logic/ord.rs" 68 4 68 21] (x : t_T'0) : () + use seq.Seq - axiom refl'0_spec : forall x : t_T'0 . [%#sord7] cmp_log'1 x x = C_Equal'0 + type t_Item'0 - function gt_log'1 [#"../../../creusot-contracts/src/logic/ord.rs" 57 4 57 36] (self : t_T'0) (o : t_T'0) : bool + use seq.Seq - function cmp_gt_log'1 [#"../../../creusot-contracts/src/logic/ord.rs" 63 4 63 36] (x : t_T'0) (y : t_T'0) : () + use seq.Seq - axiom cmp_gt_log'1_spec : forall x : t_T'0, y : t_T'0 . [%#sord6] gt_log'1 x y = (cmp_log'1 x y = C_Greater'0) + use prelude.prelude.Int - function ge_log'0 [#"../../../creusot-contracts/src/logic/ord.rs" 46 4 46 36] (self : t_T'0) (o : t_T'0) : bool + function n'0 [#"../../../creusot-contracts/src/std/iter/enumerate.rs" 21 4 21 21] (self : t_Enumerate'0) : int - function cmp_ge_log'0 [#"../../../creusot-contracts/src/logic/ord.rs" 52 4 52 36] (x : t_T'0) (y : t_T'0) : () + use seq.Seq - axiom cmp_ge_log'0_spec : forall x : t_T'0, y : t_T'0 . [%#sord5] ge_log'0 x y = (cmp_log'1 x y <> C_Less'0) + use seq.Seq - function lt_log'0 [#"../../../creusot-contracts/src/logic/ord.rs" 35 4 35 36] (self : t_T'0) (o : t_T'0) : bool + use seq.Seq - function cmp_lt_log'0 [#"../../../creusot-contracts/src/logic/ord.rs" 41 4 41 36] (x : t_T'0) (y : t_T'0) : () + predicate produces'1 [#"../../../creusot-contracts/src/std/iter.rs" 32 4 32 65] (self : t_I'0) (visited : Seq.seq t_Item'0) (o : t_I'0) + - axiom cmp_lt_log'0_spec : forall x : t_T'0, y : t_T'0 . [%#sord4] lt_log'0 x y = (cmp_log'1 x y = C_Less'0) + function produces_trans'0 [#"../../../creusot-contracts/src/std/iter.rs" 45 4 45 91] (a : t_I'0) (ab : Seq.seq t_Item'0) (b : t_I'0) (bc : Seq.seq t_Item'0) (c : t_I'0) : () + - function le_log'0 [#"../../../creusot-contracts/src/logic/ord.rs" 24 4 24 36] (self : t_T'0) (o : t_T'0) : bool + axiom produces_trans'0_spec : forall a : t_I'0, ab : Seq.seq t_Item'0, b : t_I'0, bc : Seq.seq t_Item'0, c : t_I'0 . ([%#siter4] produces'1 a ab b) + -> ([%#siter5] produces'1 b bc c) -> ([%#siter6] produces'1 a (Seq.(++) ab bc) c) - function cmp_le_log'0 [#"../../../creusot-contracts/src/logic/ord.rs" 30 4 30 36] (x : t_T'0) (y : t_T'0) : () + function produces_refl'1 [#"../../../creusot-contracts/src/std/iter.rs" 39 4 39 27] (self : t_I'0) : () - axiom cmp_le_log'0_spec : forall x : t_T'0, y : t_T'0 . [%#sord3] le_log'0 x y = (cmp_log'1 x y <> C_Greater'0) + axiom produces_refl'1_spec : forall self : t_I'0 . [%#siter3] produces'1 self (Seq.empty : Seq.seq t_Item'0) self - function cmp_log'0 [#"../../../creusot-contracts/src/std/cmp.rs" 77 4 77 41] (self : t_Reverse'0) (o : t_Reverse'0) : t_Ordering'0 - - = - [%#scmp2] match cmp_log'1 self.t_Reverse__0'0 o.t_Reverse__0'0 with - | C_Equal'0 -> C_Equal'0 - | C_Less'0 -> C_Greater'0 - | C_Greater'0 -> C_Less'0 - end + use seq.Seq - function gt_log'0 [#"../../../creusot-contracts/src/logic/ord.rs" 57 4 57 36] (self : t_Reverse'0) (o : t_Reverse'0) : bool - - = - [%#sord1] cmp_log'0 self o = C_Greater'0 + constant v_MAX'0 : usize = (18446744073709551615 : usize) - goal refines : [%#scmp0] forall x : t_Reverse'0 . forall y : t_Reverse'0 . forall result : () . gt_log'0 x y - = (cmp_log'0 x y = C_Greater'0) -> gt_log'0 x y = (cmp_log'0 x y = C_Greater'0) -end -module M_creusot_contracts__stdqy35z1__option__qyi10751279649878241649__cmp_ge_log__refines [#"../../../creusot-contracts/src/logic/ord.rs" 140 8 140 39] (* as logic::ord::OrdLogic> *) - let%span sord0 = "../../../creusot-contracts/src/logic/ord.rs" 140 8 140 39 - let%span sord1 = "../../../creusot-contracts/src/logic/ord.rs" 47 20 47 53 - let%span soption2 = "../../../creusot-contracts/src/std/option.rs" 437 8 442 9 - let%span sord3 = "../../../creusot-contracts/src/logic/ord.rs" 29 14 29 64 - let%span sord4 = "../../../creusot-contracts/src/logic/ord.rs" 40 14 40 61 - let%span sord5 = "../../../creusot-contracts/src/logic/ord.rs" 51 14 51 61 - let%span sord6 = "../../../creusot-contracts/src/logic/ord.rs" 62 14 62 64 - let%span sord7 = "../../../creusot-contracts/src/logic/ord.rs" 67 14 67 45 - let%span sord8 = "../../../creusot-contracts/src/logic/ord.rs" 72 15 72 32 - let%span sord9 = "../../../creusot-contracts/src/logic/ord.rs" 73 15 73 32 - let%span sord10 = "../../../creusot-contracts/src/logic/ord.rs" 74 14 74 31 - let%span sord11 = "../../../creusot-contracts/src/logic/ord.rs" 81 15 81 45 - let%span sord12 = "../../../creusot-contracts/src/logic/ord.rs" 82 14 82 47 - let%span sord13 = "../../../creusot-contracts/src/logic/ord.rs" 89 15 89 48 - let%span sord14 = "../../../creusot-contracts/src/logic/ord.rs" 90 14 90 44 - let%span sord15 = "../../../creusot-contracts/src/logic/ord.rs" 95 14 95 59 + use prelude.prelude.UIntSize - type t_T'0 + use prelude.prelude.Borrow - type t_Option'0 = - | C_None'0 - | C_Some'0 t_T'0 + predicate completed'0 [#"../../../creusot-contracts/src/std/iter.rs" 35 4 35 36] (self : borrowed t_I'0) - type t_Ordering'0 = - | C_Less'0 - | C_Equal'0 - | C_Greater'0 + predicate inv'1 [#"../../../creusot-contracts/src/invariant.rs" 41 0 41 35] (_1 : t_I'0) - function cmp_log'1 [#"../../../creusot-contracts/src/logic/ord.rs" 19 4 19 46] (self : t_T'0) (other : t_T'0) : t_Ordering'0 - + predicate inv'0 [#"../../../creusot-contracts/src/invariant.rs" 41 0 41 35] (_1 : t_Enumerate'0) - function eq_cmp'0 [#"../../../creusot-contracts/src/logic/ord.rs" 96 4 96 32] (x : t_T'0) (y : t_T'0) : () + function iter'0 [#"../../../creusot-contracts/src/std/iter/enumerate.rs" 15 4 15 22] (self : t_Enumerate'0) : t_I'0 - axiom eq_cmp'0_spec : forall x : t_T'0, y : t_T'0 . [%#sord15] (x = y) = (cmp_log'1 x y = C_Equal'0) + axiom iter'0_spec : forall self : t_Enumerate'0 . [%#senumerate2] inv'0 self -> inv'1 (iter'0 self) - function antisym2'0 [#"../../../creusot-contracts/src/logic/ord.rs" 91 4 91 34] (x : t_T'0) (y : t_T'0) : () + predicate invariant'0 [#"../../../creusot-contracts/src/std/iter/enumerate.rs" 43 4 43 30] (self : t_Enumerate'0) = + [%#senumerate7] (forall s : Seq.seq t_Item'0, i : t_I'0 [produces'1 (iter'0 self) s i] . produces'1 (iter'0 self) s i + -> n'0 self + Seq.length s < UIntSize.to_int v_MAX'0) + /\ (forall i : borrowed t_I'0 . completed'0 i -> produces'1 i.current (Seq.empty : Seq.seq t_Item'0) i.final) - axiom antisym2'0_spec : forall x : t_T'0, y : t_T'0 . ([%#sord13] cmp_log'1 x y = C_Greater'0) - -> ([%#sord14] cmp_log'1 y x = C_Less'0) + axiom inv_axiom'0 [@rewrite] : forall x : t_Enumerate'0 [inv'0 x] . inv'0 x + = (invariant'0 x + /\ match x with + | {t_Enumerate__iter'0 = iter ; t_Enumerate__count'0 = count} -> inv'1 iter + end) - function antisym1'0 [#"../../../creusot-contracts/src/logic/ord.rs" 83 4 83 34] (x : t_T'0) (y : t_T'0) : () + use seq.Seq - axiom antisym1'0_spec : forall x : t_T'0, y : t_T'0 . ([%#sord11] cmp_log'1 x y = C_Less'0) - -> ([%#sord12] cmp_log'1 y x = C_Greater'0) + use seq.Seq - function trans'0 [#"../../../creusot-contracts/src/logic/ord.rs" 75 4 75 53] (x : t_T'0) (y : t_T'0) (z : t_T'0) (o : t_Ordering'0) : () + predicate produces'0 [#"../../../creusot-contracts/src/std/iter/enumerate.rs" 70 4 70 64] (self : t_Enumerate'0) (visited : Seq.seq (usize, t_Item'0)) (o : t_Enumerate'0) + = + [%#senumerate1] Seq.length visited = n'0 o - n'0 self + /\ (exists s : Seq.seq t_Item'0 . produces'1 (iter'0 self) s (iter'0 o) + /\ Seq.length visited = Seq.length s + /\ (forall i : int . 0 <= i /\ i < Seq.length s + -> UIntSize.to_int (let (a, _) = Seq.get visited i in a) = n'0 self + i + /\ (let (_, a) = Seq.get visited i in a) = Seq.get s i)) - axiom trans'0_spec : forall x : t_T'0, y : t_T'0, z : t_T'0, o : t_Ordering'0 . ([%#sord8] cmp_log'1 x y = o) - -> ([%#sord9] cmp_log'1 y z = o) -> ([%#sord10] cmp_log'1 x z = o) + goal refines : [%#senumerate0] forall self : t_Enumerate'0 . forall result : () . produces'0 self (Seq.empty : Seq.seq (usize, t_Item'0)) self + -> produces'0 self (Seq.empty : Seq.seq (usize, t_Item'0)) self +end +module M_creusot_contracts__stdqy35z1__iter__filter__qyi9573749579793237160__produces_refl__refines [#"../../../creusot-contracts/src/std/iter/filter.rs" 106 4 106 26] (* as std::iter::Iterator> *) + let%span sfilter0 = "../../../creusot-contracts/src/std/iter/filter.rs" 106 4 106 26 + let%span sfilter1 = "../../../creusot-contracts/src/std/iter/filter.rs" 87 12 99 17 + let%span sfilter2 = "../../../creusot-contracts/src/std/iter/filter.rs" 34 12 40 124 + let%span sfilter3 = "../../../creusot-contracts/src/std/iter/filter.rs" 22 14 22 39 + let%span sfilter4 = "../../../creusot-contracts/src/std/iter/filter.rs" 15 14 15 39 + let%span sops5 = "../../../creusot-contracts/src/std/ops.rs" 109 15 109 59 + let%span sops6 = "../../../creusot-contracts/src/std/ops.rs" 110 14 110 36 + let%span sops7 = "../../../creusot-contracts/src/std/ops.rs" 115 14 115 31 + let%span sops8 = "../../../creusot-contracts/src/std/ops.rs" 120 15 120 29 + let%span sops9 = "../../../creusot-contracts/src/std/ops.rs" 121 15 121 26 + let%span sops10 = "../../../creusot-contracts/src/std/ops.rs" 122 14 122 28 + let%span sops11 = "../../../creusot-contracts/src/std/ops.rs" 127 14 128 105 + let%span siter12 = "../../../creusot-contracts/src/std/iter.rs" 38 14 38 45 + let%span siter13 = "../../../creusot-contracts/src/std/iter.rs" 42 15 42 32 + let%span siter14 = "../../../creusot-contracts/src/std/iter.rs" 43 15 43 32 + let%span siter15 = "../../../creusot-contracts/src/std/iter.rs" 44 14 44 42 - function refl'0 [#"../../../creusot-contracts/src/logic/ord.rs" 68 4 68 21] (x : t_T'0) : () + type t_I'0 - axiom refl'0_spec : forall x : t_T'0 . [%#sord7] cmp_log'1 x x = C_Equal'0 + type t_F'0 - function gt_log'0 [#"../../../creusot-contracts/src/logic/ord.rs" 57 4 57 36] (self : t_T'0) (o : t_T'0) : bool + type t_Filter'0 = + { t_Filter__iter'0: t_I'0; t_Filter__predicate'0: t_F'0 } - function cmp_gt_log'0 [#"../../../creusot-contracts/src/logic/ord.rs" 63 4 63 36] (x : t_T'0) (y : t_T'0) : () + use seq.Seq - axiom cmp_gt_log'0_spec : forall x : t_T'0, y : t_T'0 . [%#sord6] gt_log'0 x y = (cmp_log'1 x y = C_Greater'0) + type t_Item'0 - function ge_log'1 [#"../../../creusot-contracts/src/logic/ord.rs" 46 4 46 36] (self : t_T'0) (o : t_T'0) : bool + use seq.Seq - function cmp_ge_log'1 [#"../../../creusot-contracts/src/logic/ord.rs" 52 4 52 36] (x : t_T'0) (y : t_T'0) : () + use prelude.prelude.Borrow - axiom cmp_ge_log'1_spec : forall x : t_T'0, y : t_T'0 . [%#sord5] ge_log'1 x y = (cmp_log'1 x y <> C_Less'0) + predicate precondition'0 [#"../../../creusot-contracts/src/std/ops.rs" 77 4 77 45] (self : t_F'0) (args : t_Item'0) - function lt_log'0 [#"../../../creusot-contracts/src/logic/ord.rs" 35 4 35 36] (self : t_T'0) (o : t_T'0) : bool + predicate postcondition_once'0 [#"../../../creusot-contracts/src/std/ops.rs" 85 4 85 73] (self : t_F'0) (args : t_Item'0) (result : bool) + - function cmp_lt_log'0 [#"../../../creusot-contracts/src/logic/ord.rs" 41 4 41 36] (x : t_T'0) (y : t_T'0) : () + predicate resolve'0 [#"../../../creusot-contracts/src/resolve.rs" 19 0 19 40] (_1 : t_F'0) - axiom cmp_lt_log'0_spec : forall x : t_T'0, y : t_T'0 . [%#sord4] lt_log'0 x y = (cmp_log'1 x y = C_Less'0) + predicate postcondition_mut'0 [#"../../../creusot-contracts/src/std/ops.rs" 95 4 95 92] (self : t_F'0) (args : t_Item'0) (result_state : t_F'0) (result : bool) + - function le_log'0 [#"../../../creusot-contracts/src/logic/ord.rs" 24 4 24 36] (self : t_T'0) (o : t_T'0) : bool + function fn_mut_once'0 [#"../../../creusot-contracts/src/std/ops.rs" 129 4 129 55] (self : t_F'0) (args : t_Item'0) (res : bool) : () + - function cmp_le_log'0 [#"../../../creusot-contracts/src/logic/ord.rs" 30 4 30 36] (x : t_T'0) (y : t_T'0) : () + axiom fn_mut_once'0_spec : forall self : t_F'0, args : t_Item'0, res : bool . [%#sops11] postcondition_once'0 self args res + = (exists res_state : t_F'0 . postcondition_mut'0 self args res_state res /\ resolve'0 res_state) - axiom cmp_le_log'0_spec : forall x : t_T'0, y : t_T'0 . [%#sord3] le_log'0 x y = (cmp_log'1 x y <> C_Greater'0) + predicate unnest'0 [#"../../../creusot-contracts/src/std/ops.rs" 103 4 103 36] (self : t_F'0) (_2 : t_F'0) - function cmp_log'0 [#"../../../creusot-contracts/src/std/option.rs" 436 4 436 41] (self : t_Option'0) (o : t_Option'0) : t_Ordering'0 + function unnest_trans'0 [#"../../../creusot-contracts/src/std/ops.rs" 123 4 123 43] (self : t_F'0) (b : t_F'0) (c : t_F'0) : () - = - [%#soption2] match (self, o) with - | (C_None'0, C_None'0) -> C_Equal'0 - | (C_None'0, C_Some'0 _) -> C_Less'0 - | (C_Some'0 _, C_None'0) -> C_Greater'0 - | (C_Some'0 x, C_Some'0 y) -> cmp_log'1 x y - end - function ge_log'0 [#"../../../creusot-contracts/src/logic/ord.rs" 46 4 46 36] (self : t_Option'0) (o : t_Option'0) : bool - - = - [%#sord1] cmp_log'0 self o <> C_Less'0 + axiom unnest_trans'0_spec : forall self : t_F'0, b : t_F'0, c : t_F'0 . ([%#sops8] unnest'0 self b) + -> ([%#sops9] unnest'0 b c) -> ([%#sops10] unnest'0 self c) - goal refines : [%#sord0] forall x : t_Option'0 . forall y : t_Option'0 . forall result : () . ge_log'0 x y - = (cmp_log'0 x y <> C_Less'0) -> ge_log'0 x y = (cmp_log'0 x y <> C_Less'0) -end -module M_creusot_contracts__stdqy35z1__option__qyi10751279649878241649__cmp_le_log__refines [#"../../../creusot-contracts/src/logic/ord.rs" 130 8 130 39] (* as logic::ord::OrdLogic> *) - let%span sord0 = "../../../creusot-contracts/src/logic/ord.rs" 130 8 130 39 - let%span sord1 = "../../../creusot-contracts/src/logic/ord.rs" 25 20 25 56 - let%span soption2 = "../../../creusot-contracts/src/std/option.rs" 437 8 442 9 - let%span sord3 = "../../../creusot-contracts/src/logic/ord.rs" 29 14 29 64 - let%span sord4 = "../../../creusot-contracts/src/logic/ord.rs" 40 14 40 61 - let%span sord5 = "../../../creusot-contracts/src/logic/ord.rs" 51 14 51 61 - let%span sord6 = "../../../creusot-contracts/src/logic/ord.rs" 62 14 62 64 - let%span sord7 = "../../../creusot-contracts/src/logic/ord.rs" 67 14 67 45 - let%span sord8 = "../../../creusot-contracts/src/logic/ord.rs" 72 15 72 32 - let%span sord9 = "../../../creusot-contracts/src/logic/ord.rs" 73 15 73 32 - let%span sord10 = "../../../creusot-contracts/src/logic/ord.rs" 74 14 74 31 - let%span sord11 = "../../../creusot-contracts/src/logic/ord.rs" 81 15 81 45 - let%span sord12 = "../../../creusot-contracts/src/logic/ord.rs" 82 14 82 47 - let%span sord13 = "../../../creusot-contracts/src/logic/ord.rs" 89 15 89 48 - let%span sord14 = "../../../creusot-contracts/src/logic/ord.rs" 90 14 90 44 - let%span sord15 = "../../../creusot-contracts/src/logic/ord.rs" 95 14 95 59 + function unnest_refl'0 [#"../../../creusot-contracts/src/std/ops.rs" 116 4 116 24] (self : t_F'0) : () - type t_T'0 + axiom unnest_refl'0_spec : forall self : t_F'0 . [%#sops7] unnest'0 self self - type t_Option'0 = - | C_None'0 - | C_Some'0 t_T'0 + function postcondition_mut_unnest'0 [#"../../../creusot-contracts/src/std/ops.rs" 111 4 111 85] (self : t_F'0) (args : t_Item'0) (res_state : t_F'0) (res : bool) : () + - type t_Ordering'0 = - | C_Less'0 - | C_Equal'0 - | C_Greater'0 + axiom postcondition_mut_unnest'0_spec : forall self : t_F'0, args : t_Item'0, res_state : t_F'0, res : bool . ([%#sops5] postcondition_mut'0 self args res_state res) + -> ([%#sops6] unnest'0 self res_state) - function cmp_log'1 [#"../../../creusot-contracts/src/logic/ord.rs" 19 4 19 46] (self : t_T'0) (other : t_T'0) : t_Ordering'0 - + predicate invariant'0 [#"../../../creusot-contracts/src/std/iter/filter.rs" 31 4 31 30] (self : t_Filter'0) = + [%#sfilter2] forall f : t_F'0, i : t_Item'0 . precondition'0 f (i) + /\ (forall f : t_F'0, g : t_F'0 . unnest'0 f g -> f = g) + /\ (forall f1 : t_F'0, f2 : t_F'0, i : t_Item'0 . not (postcondition_mut'0 f1 (i) f2 true + /\ postcondition_mut'0 f1 (i) f2 false)) - function eq_cmp'0 [#"../../../creusot-contracts/src/logic/ord.rs" 96 4 96 32] (x : t_T'0) (y : t_T'0) : () + predicate inv'2 [#"../../../creusot-contracts/src/invariant.rs" 41 0 41 35] (_1 : t_I'0) - axiom eq_cmp'0_spec : forall x : t_T'0, y : t_T'0 . [%#sord15] (x = y) = (cmp_log'1 x y = C_Equal'0) + predicate inv'1 [#"../../../creusot-contracts/src/invariant.rs" 41 0 41 35] (_1 : t_F'0) - function antisym2'0 [#"../../../creusot-contracts/src/logic/ord.rs" 91 4 91 34] (x : t_T'0) (y : t_T'0) : () + predicate inv'0 [#"../../../creusot-contracts/src/invariant.rs" 41 0 41 35] (_1 : t_Filter'0) - axiom antisym2'0_spec : forall x : t_T'0, y : t_T'0 . ([%#sord13] cmp_log'1 x y = C_Greater'0) - -> ([%#sord14] cmp_log'1 y x = C_Less'0) + axiom inv_axiom'0 [@rewrite] : forall x : t_Filter'0 [inv'0 x] . inv'0 x + = (invariant'0 x + /\ match x with + | {t_Filter__iter'0 = iter ; t_Filter__predicate'0 = predicate'} -> inv'2 iter /\ inv'1 predicate' + end) - function antisym1'0 [#"../../../creusot-contracts/src/logic/ord.rs" 83 4 83 34] (x : t_T'0) (y : t_T'0) : () + function func'0 [#"../../../creusot-contracts/src/std/iter/filter.rs" 23 4 23 22] (self : t_Filter'0) : t_F'0 - axiom antisym1'0_spec : forall x : t_T'0, y : t_T'0 . ([%#sord11] cmp_log'1 x y = C_Less'0) - -> ([%#sord12] cmp_log'1 y x = C_Greater'0) + axiom func'0_spec : forall self : t_Filter'0 . [%#sfilter3] inv'0 self -> inv'1 (func'0 self) - function trans'0 [#"../../../creusot-contracts/src/logic/ord.rs" 75 4 75 53] (x : t_T'0) (y : t_T'0) (z : t_T'0) (o : t_Ordering'0) : () + use prelude.prelude.Int + + use map.Map + + function iter'0 [#"../../../creusot-contracts/src/std/iter/filter.rs" 16 4 16 22] (self : t_Filter'0) : t_I'0 + + axiom iter'0_spec : forall self : t_Filter'0 . [%#sfilter4] inv'0 self -> inv'2 (iter'0 self) + + use seq.Seq + + predicate produces'1 [#"../../../creusot-contracts/src/std/iter.rs" 32 4 32 65] (self : t_I'0) (visited : Seq.seq t_Item'0) (o : t_I'0) - axiom trans'0_spec : forall x : t_T'0, y : t_T'0, z : t_T'0, o : t_Ordering'0 . ([%#sord8] cmp_log'1 x y = o) - -> ([%#sord9] cmp_log'1 y z = o) -> ([%#sord10] cmp_log'1 x z = o) + function produces_trans'0 [#"../../../creusot-contracts/src/std/iter.rs" 45 4 45 91] (a : t_I'0) (ab : Seq.seq t_Item'0) (b : t_I'0) (bc : Seq.seq t_Item'0) (c : t_I'0) : () + - function refl'0 [#"../../../creusot-contracts/src/logic/ord.rs" 68 4 68 21] (x : t_T'0) : () + axiom produces_trans'0_spec : forall a : t_I'0, ab : Seq.seq t_Item'0, b : t_I'0, bc : Seq.seq t_Item'0, c : t_I'0 . ([%#siter13] produces'1 a ab b) + -> ([%#siter14] produces'1 b bc c) -> ([%#siter15] produces'1 a (Seq.(++) ab bc) c) - axiom refl'0_spec : forall x : t_T'0 . [%#sord7] cmp_log'1 x x = C_Equal'0 + function produces_refl'1 [#"../../../creusot-contracts/src/std/iter.rs" 39 4 39 27] (self : t_I'0) : () - function gt_log'0 [#"../../../creusot-contracts/src/logic/ord.rs" 57 4 57 36] (self : t_T'0) (o : t_T'0) : bool + axiom produces_refl'1_spec : forall self : t_I'0 . [%#siter12] produces'1 self (Seq.empty : Seq.seq t_Item'0) self - function cmp_gt_log'0 [#"../../../creusot-contracts/src/logic/ord.rs" 63 4 63 36] (x : t_T'0) (y : t_T'0) : () + use seq.Seq - axiom cmp_gt_log'0_spec : forall x : t_T'0, y : t_T'0 . [%#sord6] gt_log'0 x y = (cmp_log'1 x y = C_Greater'0) + use map.Map - function ge_log'0 [#"../../../creusot-contracts/src/logic/ord.rs" 46 4 46 36] (self : t_T'0) (o : t_T'0) : bool + use seq.Seq - function cmp_ge_log'0 [#"../../../creusot-contracts/src/logic/ord.rs" 52 4 52 36] (x : t_T'0) (y : t_T'0) : () + predicate produces'0 [#"../../../creusot-contracts/src/std/iter/filter.rs" 85 4 85 67] (self : t_Filter'0) (visited : Seq.seq t_Item'0) (succ : t_Filter'0) + + = + [%#sfilter1] invariant'0 self + -> unnest'0 (func'0 self) (func'0 succ) + /\ (exists s : Seq.seq t_Item'0, f : Map.map int int . produces'1 (iter'0 self) s (iter'0 succ) + /\ (forall i : int, j : int . 0 <= i /\ i <= j /\ j < Seq.length visited + -> 0 <= Map.get f i /\ Map.get f i <= Map.get f j /\ Map.get f j < Seq.length s) + /\ (forall i : int . 0 <= i /\ i < Seq.length visited -> Seq.get visited i = Seq.get s (Map.get f i)) + /\ (forall i : int . 0 <= i /\ i < Seq.length s + -> (exists j : int . 0 <= j /\ j < Seq.length visited /\ Map.get f j = i) + = postcondition_mut'0 (func'0 self) (Seq.get s i) (func'0 self) true)) - axiom cmp_ge_log'0_spec : forall x : t_T'0, y : t_T'0 . [%#sord5] ge_log'0 x y = (cmp_log'1 x y <> C_Less'0) + goal refines : [%#sfilter0] forall self : t_Filter'0 . forall result : () . produces'0 self (Seq.empty : Seq.seq t_Item'0) self + -> produces'0 self (Seq.empty : Seq.seq t_Item'0) self +end +module M_creusot_contracts__stdqy35z1__iter__filter__qyi9573749579793237160__produces_trans__refines [#"../../../creusot-contracts/src/std/iter/filter.rs" 113 4 113 90] (* as std::iter::Iterator> *) + let%span sfilter0 = "../../../creusot-contracts/src/std/iter/filter.rs" 113 4 113 90 + let%span sfilter1 = "../../../creusot-contracts/src/std/iter/filter.rs" 87 12 99 17 + let%span sfilter2 = "../../../creusot-contracts/src/std/iter/filter.rs" 34 12 40 124 + let%span sfilter3 = "../../../creusot-contracts/src/std/iter/filter.rs" 22 14 22 39 + let%span sfilter4 = "../../../creusot-contracts/src/std/iter/filter.rs" 15 14 15 39 + let%span sops5 = "../../../creusot-contracts/src/std/ops.rs" 109 15 109 59 + let%span sops6 = "../../../creusot-contracts/src/std/ops.rs" 110 14 110 36 + let%span sops7 = "../../../creusot-contracts/src/std/ops.rs" 115 14 115 31 + let%span sops8 = "../../../creusot-contracts/src/std/ops.rs" 120 15 120 29 + let%span sops9 = "../../../creusot-contracts/src/std/ops.rs" 121 15 121 26 + let%span sops10 = "../../../creusot-contracts/src/std/ops.rs" 122 14 122 28 + let%span sops11 = "../../../creusot-contracts/src/std/ops.rs" 127 14 128 105 + let%span siter12 = "../../../creusot-contracts/src/std/iter.rs" 38 14 38 45 + let%span siter13 = "../../../creusot-contracts/src/std/iter.rs" 42 15 42 32 + let%span siter14 = "../../../creusot-contracts/src/std/iter.rs" 43 15 43 32 + let%span siter15 = "../../../creusot-contracts/src/std/iter.rs" 44 14 44 42 - function lt_log'0 [#"../../../creusot-contracts/src/logic/ord.rs" 35 4 35 36] (self : t_T'0) (o : t_T'0) : bool + type t_I'0 - function cmp_lt_log'0 [#"../../../creusot-contracts/src/logic/ord.rs" 41 4 41 36] (x : t_T'0) (y : t_T'0) : () + type t_F'0 - axiom cmp_lt_log'0_spec : forall x : t_T'0, y : t_T'0 . [%#sord4] lt_log'0 x y = (cmp_log'1 x y = C_Less'0) + type t_Filter'0 = + { t_Filter__iter'0: t_I'0; t_Filter__predicate'0: t_F'0 } - function le_log'1 [#"../../../creusot-contracts/src/logic/ord.rs" 24 4 24 36] (self : t_T'0) (o : t_T'0) : bool + type t_Item'0 - function cmp_le_log'1 [#"../../../creusot-contracts/src/logic/ord.rs" 30 4 30 36] (x : t_T'0) (y : t_T'0) : () + use seq.Seq - axiom cmp_le_log'1_spec : forall x : t_T'0, y : t_T'0 . [%#sord3] le_log'1 x y = (cmp_log'1 x y <> C_Greater'0) + use prelude.prelude.Borrow - function cmp_log'0 [#"../../../creusot-contracts/src/std/option.rs" 436 4 436 41] (self : t_Option'0) (o : t_Option'0) : t_Ordering'0 + predicate precondition'0 [#"../../../creusot-contracts/src/std/ops.rs" 77 4 77 45] (self : t_F'0) (args : t_Item'0) + + predicate postcondition_once'0 [#"../../../creusot-contracts/src/std/ops.rs" 85 4 85 73] (self : t_F'0) (args : t_Item'0) (result : bool) - = - [%#soption2] match (self, o) with - | (C_None'0, C_None'0) -> C_Equal'0 - | (C_None'0, C_Some'0 _) -> C_Less'0 - | (C_Some'0 _, C_None'0) -> C_Greater'0 - | (C_Some'0 x, C_Some'0 y) -> cmp_log'1 x y - end - function le_log'0 [#"../../../creusot-contracts/src/logic/ord.rs" 24 4 24 36] (self : t_Option'0) (o : t_Option'0) : bool + predicate resolve'0 [#"../../../creusot-contracts/src/resolve.rs" 19 0 19 40] (_1 : t_F'0) + + predicate postcondition_mut'0 [#"../../../creusot-contracts/src/std/ops.rs" 95 4 95 92] (self : t_F'0) (args : t_Item'0) (result_state : t_F'0) (result : bool) - = - [%#sord1] cmp_log'0 self o <> C_Greater'0 - goal refines : [%#sord0] forall x : t_Option'0 . forall y : t_Option'0 . forall result : () . le_log'0 x y - = (cmp_log'0 x y <> C_Greater'0) -> le_log'0 x y = (cmp_log'0 x y <> C_Greater'0) -end -module M_creusot_contracts__stdqy35z1__option__qyi10751279649878241649__cmp_gt_log__refines [#"../../../creusot-contracts/src/logic/ord.rs" 145 8 145 39] (* as logic::ord::OrdLogic> *) - let%span sord0 = "../../../creusot-contracts/src/logic/ord.rs" 145 8 145 39 - let%span sord1 = "../../../creusot-contracts/src/logic/ord.rs" 58 20 58 56 - let%span soption2 = "../../../creusot-contracts/src/std/option.rs" 437 8 442 9 - let%span sord3 = "../../../creusot-contracts/src/logic/ord.rs" 29 14 29 64 - let%span sord4 = "../../../creusot-contracts/src/logic/ord.rs" 40 14 40 61 - let%span sord5 = "../../../creusot-contracts/src/logic/ord.rs" 51 14 51 61 - let%span sord6 = "../../../creusot-contracts/src/logic/ord.rs" 62 14 62 64 - let%span sord7 = "../../../creusot-contracts/src/logic/ord.rs" 67 14 67 45 - let%span sord8 = "../../../creusot-contracts/src/logic/ord.rs" 72 15 72 32 - let%span sord9 = "../../../creusot-contracts/src/logic/ord.rs" 73 15 73 32 - let%span sord10 = "../../../creusot-contracts/src/logic/ord.rs" 74 14 74 31 - let%span sord11 = "../../../creusot-contracts/src/logic/ord.rs" 81 15 81 45 - let%span sord12 = "../../../creusot-contracts/src/logic/ord.rs" 82 14 82 47 - let%span sord13 = "../../../creusot-contracts/src/logic/ord.rs" 89 15 89 48 - let%span sord14 = "../../../creusot-contracts/src/logic/ord.rs" 90 14 90 44 - let%span sord15 = "../../../creusot-contracts/src/logic/ord.rs" 95 14 95 59 + function fn_mut_once'0 [#"../../../creusot-contracts/src/std/ops.rs" 129 4 129 55] (self : t_F'0) (args : t_Item'0) (res : bool) : () + - type t_T'0 + axiom fn_mut_once'0_spec : forall self : t_F'0, args : t_Item'0, res : bool . [%#sops11] postcondition_once'0 self args res + = (exists res_state : t_F'0 . postcondition_mut'0 self args res_state res /\ resolve'0 res_state) - type t_Option'0 = - | C_None'0 - | C_Some'0 t_T'0 + predicate unnest'0 [#"../../../creusot-contracts/src/std/ops.rs" 103 4 103 36] (self : t_F'0) (_2 : t_F'0) - type t_Ordering'0 = - | C_Less'0 - | C_Equal'0 - | C_Greater'0 + function unnest_trans'0 [#"../../../creusot-contracts/src/std/ops.rs" 123 4 123 43] (self : t_F'0) (b : t_F'0) (c : t_F'0) : () + - function cmp_log'1 [#"../../../creusot-contracts/src/logic/ord.rs" 19 4 19 46] (self : t_T'0) (other : t_T'0) : t_Ordering'0 + axiom unnest_trans'0_spec : forall self : t_F'0, b : t_F'0, c : t_F'0 . ([%#sops8] unnest'0 self b) + -> ([%#sops9] unnest'0 b c) -> ([%#sops10] unnest'0 self c) + + function unnest_refl'0 [#"../../../creusot-contracts/src/std/ops.rs" 116 4 116 24] (self : t_F'0) : () + + axiom unnest_refl'0_spec : forall self : t_F'0 . [%#sops7] unnest'0 self self + + function postcondition_mut_unnest'0 [#"../../../creusot-contracts/src/std/ops.rs" 111 4 111 85] (self : t_F'0) (args : t_Item'0) (res_state : t_F'0) (res : bool) : () - function eq_cmp'0 [#"../../../creusot-contracts/src/logic/ord.rs" 96 4 96 32] (x : t_T'0) (y : t_T'0) : () + axiom postcondition_mut_unnest'0_spec : forall self : t_F'0, args : t_Item'0, res_state : t_F'0, res : bool . ([%#sops5] postcondition_mut'0 self args res_state res) + -> ([%#sops6] unnest'0 self res_state) - axiom eq_cmp'0_spec : forall x : t_T'0, y : t_T'0 . [%#sord15] (x = y) = (cmp_log'1 x y = C_Equal'0) + predicate invariant'0 [#"../../../creusot-contracts/src/std/iter/filter.rs" 31 4 31 30] (self : t_Filter'0) = + [%#sfilter2] forall f : t_F'0, i : t_Item'0 . precondition'0 f (i) + /\ (forall f : t_F'0, g : t_F'0 . unnest'0 f g -> f = g) + /\ (forall f1 : t_F'0, f2 : t_F'0, i : t_Item'0 . not (postcondition_mut'0 f1 (i) f2 true + /\ postcondition_mut'0 f1 (i) f2 false)) - function antisym2'0 [#"../../../creusot-contracts/src/logic/ord.rs" 91 4 91 34] (x : t_T'0) (y : t_T'0) : () + predicate inv'2 [#"../../../creusot-contracts/src/invariant.rs" 41 0 41 35] (_1 : t_I'0) - axiom antisym2'0_spec : forall x : t_T'0, y : t_T'0 . ([%#sord13] cmp_log'1 x y = C_Greater'0) - -> ([%#sord14] cmp_log'1 y x = C_Less'0) + predicate inv'1 [#"../../../creusot-contracts/src/invariant.rs" 41 0 41 35] (_1 : t_F'0) - function antisym1'0 [#"../../../creusot-contracts/src/logic/ord.rs" 83 4 83 34] (x : t_T'0) (y : t_T'0) : () + predicate inv'0 [#"../../../creusot-contracts/src/invariant.rs" 41 0 41 35] (_1 : t_Filter'0) - axiom antisym1'0_spec : forall x : t_T'0, y : t_T'0 . ([%#sord11] cmp_log'1 x y = C_Less'0) - -> ([%#sord12] cmp_log'1 y x = C_Greater'0) + axiom inv_axiom'0 [@rewrite] : forall x : t_Filter'0 [inv'0 x] . inv'0 x + = (invariant'0 x + /\ match x with + | {t_Filter__iter'0 = iter ; t_Filter__predicate'0 = predicate'} -> inv'2 iter /\ inv'1 predicate' + end) - function trans'0 [#"../../../creusot-contracts/src/logic/ord.rs" 75 4 75 53] (x : t_T'0) (y : t_T'0) (z : t_T'0) (o : t_Ordering'0) : () - + function func'0 [#"../../../creusot-contracts/src/std/iter/filter.rs" 23 4 23 22] (self : t_Filter'0) : t_F'0 - axiom trans'0_spec : forall x : t_T'0, y : t_T'0, z : t_T'0, o : t_Ordering'0 . ([%#sord8] cmp_log'1 x y = o) - -> ([%#sord9] cmp_log'1 y z = o) -> ([%#sord10] cmp_log'1 x z = o) + axiom func'0_spec : forall self : t_Filter'0 . [%#sfilter3] inv'0 self -> inv'1 (func'0 self) - function refl'0 [#"../../../creusot-contracts/src/logic/ord.rs" 68 4 68 21] (x : t_T'0) : () + use prelude.prelude.Int - axiom refl'0_spec : forall x : t_T'0 . [%#sord7] cmp_log'1 x x = C_Equal'0 + use map.Map - function gt_log'1 [#"../../../creusot-contracts/src/logic/ord.rs" 57 4 57 36] (self : t_T'0) (o : t_T'0) : bool + function iter'0 [#"../../../creusot-contracts/src/std/iter/filter.rs" 16 4 16 22] (self : t_Filter'0) : t_I'0 - function cmp_gt_log'1 [#"../../../creusot-contracts/src/logic/ord.rs" 63 4 63 36] (x : t_T'0) (y : t_T'0) : () + axiom iter'0_spec : forall self : t_Filter'0 . [%#sfilter4] inv'0 self -> inv'2 (iter'0 self) - axiom cmp_gt_log'1_spec : forall x : t_T'0, y : t_T'0 . [%#sord6] gt_log'1 x y = (cmp_log'1 x y = C_Greater'0) + use seq.Seq - function ge_log'0 [#"../../../creusot-contracts/src/logic/ord.rs" 46 4 46 36] (self : t_T'0) (o : t_T'0) : bool + use seq.Seq - function cmp_ge_log'0 [#"../../../creusot-contracts/src/logic/ord.rs" 52 4 52 36] (x : t_T'0) (y : t_T'0) : () + predicate produces'1 [#"../../../creusot-contracts/src/std/iter.rs" 32 4 32 65] (self : t_I'0) (visited : Seq.seq t_Item'0) (o : t_I'0) + - axiom cmp_ge_log'0_spec : forall x : t_T'0, y : t_T'0 . [%#sord5] ge_log'0 x y = (cmp_log'1 x y <> C_Less'0) + function produces_trans'1 [#"../../../creusot-contracts/src/std/iter.rs" 45 4 45 91] (a : t_I'0) (ab : Seq.seq t_Item'0) (b : t_I'0) (bc : Seq.seq t_Item'0) (c : t_I'0) : () + - function lt_log'0 [#"../../../creusot-contracts/src/logic/ord.rs" 35 4 35 36] (self : t_T'0) (o : t_T'0) : bool + axiom produces_trans'1_spec : forall a : t_I'0, ab : Seq.seq t_Item'0, b : t_I'0, bc : Seq.seq t_Item'0, c : t_I'0 . ([%#siter13] produces'1 a ab b) + -> ([%#siter14] produces'1 b bc c) -> ([%#siter15] produces'1 a (Seq.(++) ab bc) c) - function cmp_lt_log'0 [#"../../../creusot-contracts/src/logic/ord.rs" 41 4 41 36] (x : t_T'0) (y : t_T'0) : () + function produces_refl'0 [#"../../../creusot-contracts/src/std/iter.rs" 39 4 39 27] (self : t_I'0) : () - axiom cmp_lt_log'0_spec : forall x : t_T'0, y : t_T'0 . [%#sord4] lt_log'0 x y = (cmp_log'1 x y = C_Less'0) + axiom produces_refl'0_spec : forall self : t_I'0 . [%#siter12] produces'1 self (Seq.empty : Seq.seq t_Item'0) self - function le_log'0 [#"../../../creusot-contracts/src/logic/ord.rs" 24 4 24 36] (self : t_T'0) (o : t_T'0) : bool + use seq.Seq - function cmp_le_log'0 [#"../../../creusot-contracts/src/logic/ord.rs" 30 4 30 36] (x : t_T'0) (y : t_T'0) : () + use map.Map - axiom cmp_le_log'0_spec : forall x : t_T'0, y : t_T'0 . [%#sord3] le_log'0 x y = (cmp_log'1 x y <> C_Greater'0) + use seq.Seq - function cmp_log'0 [#"../../../creusot-contracts/src/std/option.rs" 436 4 436 41] (self : t_Option'0) (o : t_Option'0) : t_Ordering'0 + predicate produces'0 [#"../../../creusot-contracts/src/std/iter/filter.rs" 85 4 85 67] (self : t_Filter'0) (visited : Seq.seq t_Item'0) (succ : t_Filter'0) = - [%#soption2] match (self, o) with - | (C_None'0, C_None'0) -> C_Equal'0 - | (C_None'0, C_Some'0 _) -> C_Less'0 - | (C_Some'0 _, C_None'0) -> C_Greater'0 - | (C_Some'0 x, C_Some'0 y) -> cmp_log'1 x y - end - - function gt_log'0 [#"../../../creusot-contracts/src/logic/ord.rs" 57 4 57 36] (self : t_Option'0) (o : t_Option'0) : bool - - = - [%#sord1] cmp_log'0 self o = C_Greater'0 + [%#sfilter1] invariant'0 self + -> unnest'0 (func'0 self) (func'0 succ) + /\ (exists s : Seq.seq t_Item'0, f : Map.map int int . produces'1 (iter'0 self) s (iter'0 succ) + /\ (forall i : int, j : int . 0 <= i /\ i <= j /\ j < Seq.length visited + -> 0 <= Map.get f i /\ Map.get f i <= Map.get f j /\ Map.get f j < Seq.length s) + /\ (forall i : int . 0 <= i /\ i < Seq.length visited -> Seq.get visited i = Seq.get s (Map.get f i)) + /\ (forall i : int . 0 <= i /\ i < Seq.length s + -> (exists j : int . 0 <= j /\ j < Seq.length visited /\ Map.get f j = i) + = postcondition_mut'0 (func'0 self) (Seq.get s i) (func'0 self) true)) - goal refines : [%#sord0] forall x : t_Option'0 . forall y : t_Option'0 . forall result : () . gt_log'0 x y - = (cmp_log'0 x y = C_Greater'0) -> gt_log'0 x y = (cmp_log'0 x y = C_Greater'0) + goal refines : [%#sfilter0] forall a : t_Filter'0 . forall ab : Seq.seq t_Item'0 . forall b : t_Filter'0 . forall bc : Seq.seq t_Item'0 . forall c : t_Filter'0 . produces'0 b bc c + /\ produces'0 a ab b + -> produces'0 b bc c + /\ produces'0 a ab b /\ (forall result : () . produces'0 a (Seq.(++) ab bc) c -> produces'0 a (Seq.(++) ab bc) c) end -module M_creusot_contracts__stdqy35z1__option__qyi10751279649878241649__eq_cmp__refines [#"../../../creusot-contracts/src/logic/ord.rs" 174 8 174 35] (* as logic::ord::OrdLogic> *) - let%span sord0 = "../../../creusot-contracts/src/logic/ord.rs" 174 8 174 35 - let%span soption1 = "../../../creusot-contracts/src/std/option.rs" 437 8 442 9 - let%span sord2 = "../../../creusot-contracts/src/logic/ord.rs" 29 14 29 64 - let%span sord3 = "../../../creusot-contracts/src/logic/ord.rs" 40 14 40 61 - let%span sord4 = "../../../creusot-contracts/src/logic/ord.rs" 51 14 51 61 - let%span sord5 = "../../../creusot-contracts/src/logic/ord.rs" 62 14 62 64 - let%span sord6 = "../../../creusot-contracts/src/logic/ord.rs" 67 14 67 45 - let%span sord7 = "../../../creusot-contracts/src/logic/ord.rs" 72 15 72 32 - let%span sord8 = "../../../creusot-contracts/src/logic/ord.rs" 73 15 73 32 - let%span sord9 = "../../../creusot-contracts/src/logic/ord.rs" 74 14 74 31 - let%span sord10 = "../../../creusot-contracts/src/logic/ord.rs" 81 15 81 45 - let%span sord11 = "../../../creusot-contracts/src/logic/ord.rs" 82 14 82 47 - let%span sord12 = "../../../creusot-contracts/src/logic/ord.rs" 89 15 89 48 - let%span sord13 = "../../../creusot-contracts/src/logic/ord.rs" 90 14 90 44 - let%span sord14 = "../../../creusot-contracts/src/logic/ord.rs" 95 14 95 59 +module M_creusot_contracts__stdqy35z1__iter__fuse__qyi10730559947553418603__produces_trans__refines [#"../../../creusot-contracts/src/std/iter/fuse.rs" 49 4 49 90] (* as std::iter::Iterator> *) + let%span sfuse0 = "../../../creusot-contracts/src/std/iter/fuse.rs" 49 4 49 90 + let%span sfuse1 = "../../../creusot-contracts/src/std/iter/fuse.rs" 29 12 35 13 + let%span sfuse2 = "../../../creusot-contracts/src/std/iter/fuse.rs" 8 14 8 39 + let%span sfuse3 = "../../../creusot-contracts/src/std/iter/fuse.rs" 9 14 9 71 + let%span siter4 = "../../../creusot-contracts/src/std/iter.rs" 38 14 38 45 + let%span siter5 = "../../../creusot-contracts/src/std/iter.rs" 42 15 42 32 + let%span siter6 = "../../../creusot-contracts/src/std/iter.rs" 43 15 43 32 + let%span siter7 = "../../../creusot-contracts/src/std/iter.rs" 44 14 44 42 - type t_T'0 + type t_I'0 type t_Option'0 = | C_None'0 - | C_Some'0 t_T'0 - - type t_Ordering'0 = - | C_Less'0 - | C_Equal'0 - | C_Greater'0 - - function cmp_log'1 [#"../../../creusot-contracts/src/logic/ord.rs" 19 4 19 46] (self : t_T'0) (other : t_T'0) : t_Ordering'0 - - - function eq_cmp'1 [#"../../../creusot-contracts/src/logic/ord.rs" 96 4 96 32] (x : t_T'0) (y : t_T'0) : () - - axiom eq_cmp'1_spec : forall x : t_T'0, y : t_T'0 . [%#sord14] (x = y) = (cmp_log'1 x y = C_Equal'0) - - function antisym2'0 [#"../../../creusot-contracts/src/logic/ord.rs" 91 4 91 34] (x : t_T'0) (y : t_T'0) : () - - axiom antisym2'0_spec : forall x : t_T'0, y : t_T'0 . ([%#sord12] cmp_log'1 x y = C_Greater'0) - -> ([%#sord13] cmp_log'1 y x = C_Less'0) - - function antisym1'0 [#"../../../creusot-contracts/src/logic/ord.rs" 83 4 83 34] (x : t_T'0) (y : t_T'0) : () + | C_Some'0 t_I'0 - axiom antisym1'0_spec : forall x : t_T'0, y : t_T'0 . ([%#sord10] cmp_log'1 x y = C_Less'0) - -> ([%#sord11] cmp_log'1 y x = C_Greater'0) + type t_Fuse'0 = + { t_Fuse__iter'0: t_Option'0 } - function trans'0 [#"../../../creusot-contracts/src/logic/ord.rs" 75 4 75 53] (x : t_T'0) (y : t_T'0) (z : t_T'0) (o : t_Ordering'0) : () - + type t_Item'0 - axiom trans'0_spec : forall x : t_T'0, y : t_T'0, z : t_T'0, o : t_Ordering'0 . ([%#sord7] cmp_log'1 x y = o) - -> ([%#sord8] cmp_log'1 y z = o) -> ([%#sord9] cmp_log'1 x z = o) + use seq.Seq - function refl'0 [#"../../../creusot-contracts/src/logic/ord.rs" 68 4 68 21] (x : t_T'0) : () + use seq.Seq - axiom refl'0_spec : forall x : t_T'0 . [%#sord6] cmp_log'1 x x = C_Equal'0 + predicate inv'2 [#"../../../creusot-contracts/src/invariant.rs" 41 0 41 35] (_1 : t_I'0) - function gt_log'0 [#"../../../creusot-contracts/src/logic/ord.rs" 57 4 57 36] (self : t_T'0) (o : t_T'0) : bool + predicate inv'1 [#"../../../creusot-contracts/src/invariant.rs" 41 0 41 35] (_1 : t_Option'0) - function cmp_gt_log'0 [#"../../../creusot-contracts/src/logic/ord.rs" 63 4 63 36] (x : t_T'0) (y : t_T'0) : () + axiom inv_axiom'1 [@rewrite] : forall x : t_Option'0 [inv'1 x] . inv'1 x + = match x with + | C_None'0 -> true + | C_Some'0 a_0 -> inv'2 a_0 + end - axiom cmp_gt_log'0_spec : forall x : t_T'0, y : t_T'0 . [%#sord5] gt_log'0 x y = (cmp_log'1 x y = C_Greater'0) + predicate inv'0 [#"../../../creusot-contracts/src/invariant.rs" 41 0 41 35] (_1 : t_Fuse'0) - function ge_log'0 [#"../../../creusot-contracts/src/logic/ord.rs" 46 4 46 36] (self : t_T'0) (o : t_T'0) : bool + axiom inv_axiom'0 [@rewrite] : forall x : t_Fuse'0 [inv'0 x] . inv'0 x + = match x with + | {t_Fuse__iter'0 = iter} -> inv'1 iter + end - function cmp_ge_log'0 [#"../../../creusot-contracts/src/logic/ord.rs" 52 4 52 36] (x : t_T'0) (y : t_T'0) : () + function view'0 [#"../../../creusot-contracts/src/std/iter/fuse.rs" 10 4 10 30] (self : t_Fuse'0) : t_Option'0 - axiom cmp_ge_log'0_spec : forall x : t_T'0, y : t_T'0 . [%#sord4] ge_log'0 x y = (cmp_log'1 x y <> C_Less'0) + axiom view'0_spec : forall self : t_Fuse'0 . ([%#sfuse2] inv'0 self -> inv'1 (view'0 self)) + && ([%#sfuse3] forall other : t_Fuse'0 . view'0 self = view'0 other -> self = other) - function lt_log'0 [#"../../../creusot-contracts/src/logic/ord.rs" 35 4 35 36] (self : t_T'0) (o : t_T'0) : bool + use seq.Seq - function cmp_lt_log'0 [#"../../../creusot-contracts/src/logic/ord.rs" 41 4 41 36] (x : t_T'0) (y : t_T'0) : () + predicate produces'1 [#"../../../creusot-contracts/src/std/iter.rs" 32 4 32 65] (self : t_I'0) (visited : Seq.seq t_Item'0) (o : t_I'0) + - axiom cmp_lt_log'0_spec : forall x : t_T'0, y : t_T'0 . [%#sord3] lt_log'0 x y = (cmp_log'1 x y = C_Less'0) + function produces_trans'1 [#"../../../creusot-contracts/src/std/iter.rs" 45 4 45 91] (a : t_I'0) (ab : Seq.seq t_Item'0) (b : t_I'0) (bc : Seq.seq t_Item'0) (c : t_I'0) : () + - function le_log'0 [#"../../../creusot-contracts/src/logic/ord.rs" 24 4 24 36] (self : t_T'0) (o : t_T'0) : bool + axiom produces_trans'1_spec : forall a : t_I'0, ab : Seq.seq t_Item'0, b : t_I'0, bc : Seq.seq t_Item'0, c : t_I'0 . ([%#siter5] produces'1 a ab b) + -> ([%#siter6] produces'1 b bc c) -> ([%#siter7] produces'1 a (Seq.(++) ab bc) c) - function cmp_le_log'0 [#"../../../creusot-contracts/src/logic/ord.rs" 30 4 30 36] (x : t_T'0) (y : t_T'0) : () + function produces_refl'0 [#"../../../creusot-contracts/src/std/iter.rs" 39 4 39 27] (self : t_I'0) : () - axiom cmp_le_log'0_spec : forall x : t_T'0, y : t_T'0 . [%#sord2] le_log'0 x y = (cmp_log'1 x y <> C_Greater'0) + axiom produces_refl'0_spec : forall self : t_I'0 . [%#siter4] produces'1 self (Seq.empty : Seq.seq t_Item'0) self - function cmp_log'0 [#"../../../creusot-contracts/src/std/option.rs" 436 4 436 41] (self : t_Option'0) (o : t_Option'0) : t_Ordering'0 + predicate produces'0 [#"../../../creusot-contracts/src/std/iter/fuse.rs" 27 4 27 65] (self : t_Fuse'0) (prod : Seq.seq t_Item'0) (other : t_Fuse'0) = - [%#soption1] match (self, o) with - | (C_None'0, C_None'0) -> C_Equal'0 - | (C_None'0, C_Some'0 _) -> C_Less'0 - | (C_Some'0 _, C_None'0) -> C_Greater'0 - | (C_Some'0 x, C_Some'0 y) -> cmp_log'1 x y + [%#sfuse1] match view'0 self with + | C_None'0 -> prod = (Seq.empty : Seq.seq t_Item'0) /\ view'0 other = view'0 self + | C_Some'0 i -> match view'0 other with + | C_Some'0 i2 -> produces'1 i prod i2 + | C_None'0 -> false + end end - goal refines : [%#sord0] forall x : t_Option'0 . forall y : t_Option'0 . forall result : () . (x = y) - = (cmp_log'0 x y = C_Equal'0) -> (x = y) = (cmp_log'0 x y = C_Equal'0) + goal refines : [%#sfuse0] forall a : t_Fuse'0 . forall ab : Seq.seq t_Item'0 . forall b : t_Fuse'0 . forall bc : Seq.seq t_Item'0 . forall c : t_Fuse'0 . produces'0 b bc c + /\ produces'0 a ab b + -> produces'0 b bc c + /\ produces'0 a ab b /\ (forall result : () . produces'0 a (Seq.(++) ab bc) c -> produces'0 a (Seq.(++) ab bc) c) end -module M_creusot_contracts__stdqy35z1__option__qyi10751279649878241649__cmp_lt_log__refines [#"../../../creusot-contracts/src/logic/ord.rs" 135 8 135 39] (* as logic::ord::OrdLogic> *) - let%span sord0 = "../../../creusot-contracts/src/logic/ord.rs" 135 8 135 39 - let%span sord1 = "../../../creusot-contracts/src/logic/ord.rs" 36 20 36 53 - let%span soption2 = "../../../creusot-contracts/src/std/option.rs" 437 8 442 9 - let%span sord3 = "../../../creusot-contracts/src/logic/ord.rs" 29 14 29 64 - let%span sord4 = "../../../creusot-contracts/src/logic/ord.rs" 40 14 40 61 - let%span sord5 = "../../../creusot-contracts/src/logic/ord.rs" 51 14 51 61 - let%span sord6 = "../../../creusot-contracts/src/logic/ord.rs" 62 14 62 64 - let%span sord7 = "../../../creusot-contracts/src/logic/ord.rs" 67 14 67 45 - let%span sord8 = "../../../creusot-contracts/src/logic/ord.rs" 72 15 72 32 - let%span sord9 = "../../../creusot-contracts/src/logic/ord.rs" 73 15 73 32 - let%span sord10 = "../../../creusot-contracts/src/logic/ord.rs" 74 14 74 31 - let%span sord11 = "../../../creusot-contracts/src/logic/ord.rs" 81 15 81 45 - let%span sord12 = "../../../creusot-contracts/src/logic/ord.rs" 82 14 82 47 - let%span sord13 = "../../../creusot-contracts/src/logic/ord.rs" 89 15 89 48 - let%span sord14 = "../../../creusot-contracts/src/logic/ord.rs" 90 14 90 44 - let%span sord15 = "../../../creusot-contracts/src/logic/ord.rs" 95 14 95 59 +module M_creusot_contracts__stdqy35z1__iter__fuse__qyi10730559947553418603__produces_refl__refines [#"../../../creusot-contracts/src/std/iter/fuse.rs" 42 4 42 26] (* as std::iter::Iterator> *) + let%span sfuse0 = "../../../creusot-contracts/src/std/iter/fuse.rs" 42 4 42 26 + let%span sfuse1 = "../../../creusot-contracts/src/std/iter/fuse.rs" 29 12 35 13 + let%span sfuse2 = "../../../creusot-contracts/src/std/iter/fuse.rs" 8 14 8 39 + let%span sfuse3 = "../../../creusot-contracts/src/std/iter/fuse.rs" 9 14 9 71 + let%span siter4 = "../../../creusot-contracts/src/std/iter.rs" 38 14 38 45 + let%span siter5 = "../../../creusot-contracts/src/std/iter.rs" 42 15 42 32 + let%span siter6 = "../../../creusot-contracts/src/std/iter.rs" 43 15 43 32 + let%span siter7 = "../../../creusot-contracts/src/std/iter.rs" 44 14 44 42 - type t_T'0 + type t_I'0 type t_Option'0 = | C_None'0 - | C_Some'0 t_T'0 - - type t_Ordering'0 = - | C_Less'0 - | C_Equal'0 - | C_Greater'0 - - function cmp_log'1 [#"../../../creusot-contracts/src/logic/ord.rs" 19 4 19 46] (self : t_T'0) (other : t_T'0) : t_Ordering'0 - - - function eq_cmp'0 [#"../../../creusot-contracts/src/logic/ord.rs" 96 4 96 32] (x : t_T'0) (y : t_T'0) : () - - axiom eq_cmp'0_spec : forall x : t_T'0, y : t_T'0 . [%#sord15] (x = y) = (cmp_log'1 x y = C_Equal'0) - - function antisym2'0 [#"../../../creusot-contracts/src/logic/ord.rs" 91 4 91 34] (x : t_T'0) (y : t_T'0) : () - - axiom antisym2'0_spec : forall x : t_T'0, y : t_T'0 . ([%#sord13] cmp_log'1 x y = C_Greater'0) - -> ([%#sord14] cmp_log'1 y x = C_Less'0) - - function antisym1'0 [#"../../../creusot-contracts/src/logic/ord.rs" 83 4 83 34] (x : t_T'0) (y : t_T'0) : () + | C_Some'0 t_I'0 - axiom antisym1'0_spec : forall x : t_T'0, y : t_T'0 . ([%#sord11] cmp_log'1 x y = C_Less'0) - -> ([%#sord12] cmp_log'1 y x = C_Greater'0) + type t_Fuse'0 = + { t_Fuse__iter'0: t_Option'0 } - function trans'0 [#"../../../creusot-contracts/src/logic/ord.rs" 75 4 75 53] (x : t_T'0) (y : t_T'0) (z : t_T'0) (o : t_Ordering'0) : () - + use seq.Seq - axiom trans'0_spec : forall x : t_T'0, y : t_T'0, z : t_T'0, o : t_Ordering'0 . ([%#sord8] cmp_log'1 x y = o) - -> ([%#sord9] cmp_log'1 y z = o) -> ([%#sord10] cmp_log'1 x z = o) + type t_Item'0 - function refl'0 [#"../../../creusot-contracts/src/logic/ord.rs" 68 4 68 21] (x : t_T'0) : () + use seq.Seq - axiom refl'0_spec : forall x : t_T'0 . [%#sord7] cmp_log'1 x x = C_Equal'0 + predicate inv'2 [#"../../../creusot-contracts/src/invariant.rs" 41 0 41 35] (_1 : t_I'0) - function gt_log'0 [#"../../../creusot-contracts/src/logic/ord.rs" 57 4 57 36] (self : t_T'0) (o : t_T'0) : bool + predicate inv'1 [#"../../../creusot-contracts/src/invariant.rs" 41 0 41 35] (_1 : t_Option'0) - function cmp_gt_log'0 [#"../../../creusot-contracts/src/logic/ord.rs" 63 4 63 36] (x : t_T'0) (y : t_T'0) : () + axiom inv_axiom'1 [@rewrite] : forall x : t_Option'0 [inv'1 x] . inv'1 x + = match x with + | C_None'0 -> true + | C_Some'0 a_0 -> inv'2 a_0 + end - axiom cmp_gt_log'0_spec : forall x : t_T'0, y : t_T'0 . [%#sord6] gt_log'0 x y = (cmp_log'1 x y = C_Greater'0) + predicate inv'0 [#"../../../creusot-contracts/src/invariant.rs" 41 0 41 35] (_1 : t_Fuse'0) - function ge_log'0 [#"../../../creusot-contracts/src/logic/ord.rs" 46 4 46 36] (self : t_T'0) (o : t_T'0) : bool + axiom inv_axiom'0 [@rewrite] : forall x : t_Fuse'0 [inv'0 x] . inv'0 x + = match x with + | {t_Fuse__iter'0 = iter} -> inv'1 iter + end - function cmp_ge_log'0 [#"../../../creusot-contracts/src/logic/ord.rs" 52 4 52 36] (x : t_T'0) (y : t_T'0) : () + function view'0 [#"../../../creusot-contracts/src/std/iter/fuse.rs" 10 4 10 30] (self : t_Fuse'0) : t_Option'0 - axiom cmp_ge_log'0_spec : forall x : t_T'0, y : t_T'0 . [%#sord5] ge_log'0 x y = (cmp_log'1 x y <> C_Less'0) + axiom view'0_spec : forall self : t_Fuse'0 . ([%#sfuse2] inv'0 self -> inv'1 (view'0 self)) + && ([%#sfuse3] forall other : t_Fuse'0 . view'0 self = view'0 other -> self = other) - function lt_log'1 [#"../../../creusot-contracts/src/logic/ord.rs" 35 4 35 36] (self : t_T'0) (o : t_T'0) : bool + use seq.Seq - function cmp_lt_log'1 [#"../../../creusot-contracts/src/logic/ord.rs" 41 4 41 36] (x : t_T'0) (y : t_T'0) : () + predicate produces'1 [#"../../../creusot-contracts/src/std/iter.rs" 32 4 32 65] (self : t_I'0) (visited : Seq.seq t_Item'0) (o : t_I'0) + - axiom cmp_lt_log'1_spec : forall x : t_T'0, y : t_T'0 . [%#sord4] lt_log'1 x y = (cmp_log'1 x y = C_Less'0) + function produces_trans'0 [#"../../../creusot-contracts/src/std/iter.rs" 45 4 45 91] (a : t_I'0) (ab : Seq.seq t_Item'0) (b : t_I'0) (bc : Seq.seq t_Item'0) (c : t_I'0) : () + - function le_log'0 [#"../../../creusot-contracts/src/logic/ord.rs" 24 4 24 36] (self : t_T'0) (o : t_T'0) : bool + axiom produces_trans'0_spec : forall a : t_I'0, ab : Seq.seq t_Item'0, b : t_I'0, bc : Seq.seq t_Item'0, c : t_I'0 . ([%#siter5] produces'1 a ab b) + -> ([%#siter6] produces'1 b bc c) -> ([%#siter7] produces'1 a (Seq.(++) ab bc) c) - function cmp_le_log'0 [#"../../../creusot-contracts/src/logic/ord.rs" 30 4 30 36] (x : t_T'0) (y : t_T'0) : () + function produces_refl'1 [#"../../../creusot-contracts/src/std/iter.rs" 39 4 39 27] (self : t_I'0) : () - axiom cmp_le_log'0_spec : forall x : t_T'0, y : t_T'0 . [%#sord3] le_log'0 x y = (cmp_log'1 x y <> C_Greater'0) + axiom produces_refl'1_spec : forall self : t_I'0 . [%#siter4] produces'1 self (Seq.empty : Seq.seq t_Item'0) self - function cmp_log'0 [#"../../../creusot-contracts/src/std/option.rs" 436 4 436 41] (self : t_Option'0) (o : t_Option'0) : t_Ordering'0 + predicate produces'0 [#"../../../creusot-contracts/src/std/iter/fuse.rs" 27 4 27 65] (self : t_Fuse'0) (prod : Seq.seq t_Item'0) (other : t_Fuse'0) = - [%#soption2] match (self, o) with - | (C_None'0, C_None'0) -> C_Equal'0 - | (C_None'0, C_Some'0 _) -> C_Less'0 - | (C_Some'0 _, C_None'0) -> C_Greater'0 - | (C_Some'0 x, C_Some'0 y) -> cmp_log'1 x y + [%#sfuse1] match view'0 self with + | C_None'0 -> prod = (Seq.empty : Seq.seq t_Item'0) /\ view'0 other = view'0 self + | C_Some'0 i -> match view'0 other with + | C_Some'0 i2 -> produces'1 i prod i2 + | C_None'0 -> false + end end - function lt_log'0 [#"../../../creusot-contracts/src/logic/ord.rs" 35 4 35 36] (self : t_Option'0) (o : t_Option'0) : bool - - = - [%#sord1] cmp_log'0 self o = C_Less'0 - - goal refines : [%#sord0] forall x : t_Option'0 . forall y : t_Option'0 . forall result : () . lt_log'0 x y - = (cmp_log'0 x y = C_Less'0) -> lt_log'0 x y = (cmp_log'0 x y = C_Less'0) + goal refines : [%#sfuse0] forall self : t_Fuse'0 . forall result : () . produces'0 self (Seq.empty : Seq.seq t_Item'0) self + -> produces'0 self (Seq.empty : Seq.seq t_Item'0) self end -module M_creusot_contracts__stdqy35z1__option__qyi10751279649878241649__antisym2__refines [#"../../../creusot-contracts/src/logic/ord.rs" 169 8 169 37] (* as logic::ord::OrdLogic> *) - let%span sord0 = "../../../creusot-contracts/src/logic/ord.rs" 169 8 169 37 - let%span soption1 = "../../../creusot-contracts/src/std/option.rs" 437 8 442 9 - let%span sord2 = "../../../creusot-contracts/src/logic/ord.rs" 29 14 29 64 - let%span sord3 = "../../../creusot-contracts/src/logic/ord.rs" 40 14 40 61 - let%span sord4 = "../../../creusot-contracts/src/logic/ord.rs" 51 14 51 61 - let%span sord5 = "../../../creusot-contracts/src/logic/ord.rs" 62 14 62 64 - let%span sord6 = "../../../creusot-contracts/src/logic/ord.rs" 67 14 67 45 - let%span sord7 = "../../../creusot-contracts/src/logic/ord.rs" 72 15 72 32 - let%span sord8 = "../../../creusot-contracts/src/logic/ord.rs" 73 15 73 32 - let%span sord9 = "../../../creusot-contracts/src/logic/ord.rs" 74 14 74 31 - let%span sord10 = "../../../creusot-contracts/src/logic/ord.rs" 81 15 81 45 - let%span sord11 = "../../../creusot-contracts/src/logic/ord.rs" 82 14 82 47 - let%span sord12 = "../../../creusot-contracts/src/logic/ord.rs" 89 15 89 48 - let%span sord13 = "../../../creusot-contracts/src/logic/ord.rs" 90 14 90 44 - let%span sord14 = "../../../creusot-contracts/src/logic/ord.rs" 95 14 95 59 +module M_creusot_contracts__stdqy35z1__iter__map__qyi6597778842032428791__produces_refl__refines [#"../../../creusot-contracts/src/std/iter/map.rs" 81 4 81 26] (* as std::iter::Iterator> *) + let%span smap0 = "../../../creusot-contracts/src/std/iter/map.rs" 81 4 81 26 + let%span smap1 = "../../../creusot-contracts/src/std/iter/map.rs" 63 12 74 75 + let%span smap2 = "../../../creusot-contracts/src/std/iter/map.rs" 22 14 22 39 + let%span smap3 = "../../../creusot-contracts/src/std/iter/map.rs" 15 14 15 39 + let%span sops4 = "../../../creusot-contracts/src/std/ops.rs" 109 15 109 59 + let%span sops5 = "../../../creusot-contracts/src/std/ops.rs" 110 14 110 36 + let%span sops6 = "../../../creusot-contracts/src/std/ops.rs" 115 14 115 31 + let%span sops7 = "../../../creusot-contracts/src/std/ops.rs" 120 15 120 29 + let%span sops8 = "../../../creusot-contracts/src/std/ops.rs" 121 15 121 26 + let%span sops9 = "../../../creusot-contracts/src/std/ops.rs" 122 14 122 28 + let%span sops10 = "../../../creusot-contracts/src/std/ops.rs" 127 14 128 105 + let%span siter11 = "../../../creusot-contracts/src/std/iter.rs" 38 14 38 45 + let%span siter12 = "../../../creusot-contracts/src/std/iter.rs" 42 15 42 32 + let%span siter13 = "../../../creusot-contracts/src/std/iter.rs" 43 15 43 32 + let%span siter14 = "../../../creusot-contracts/src/std/iter.rs" 44 14 44 42 - type t_T'0 + type t_I'0 - type t_Option'0 = - | C_None'0 - | C_Some'0 t_T'0 + type t_F'0 - type t_Ordering'0 = - | C_Less'0 - | C_Equal'0 - | C_Greater'0 + type t_Map'0 = + { t_Map__iter'0: t_I'0; t_Map__f'0: t_F'0 } - function cmp_log'1 [#"../../../creusot-contracts/src/logic/ord.rs" 19 4 19 46] (self : t_T'0) (other : t_T'0) : t_Ordering'0 - + use seq.Seq - function eq_cmp'0 [#"../../../creusot-contracts/src/logic/ord.rs" 96 4 96 32] (x : t_T'0) (y : t_T'0) : () + type t_B'0 - axiom eq_cmp'0_spec : forall x : t_T'0, y : t_T'0 . [%#sord14] (x = y) = (cmp_log'1 x y = C_Equal'0) + use seq.Seq - function antisym2'1 [#"../../../creusot-contracts/src/logic/ord.rs" 91 4 91 34] (x : t_T'0) (y : t_T'0) : () + predicate inv'2 [#"../../../creusot-contracts/src/invariant.rs" 41 0 41 35] (_1 : t_I'0) - axiom antisym2'1_spec : forall x : t_T'0, y : t_T'0 . ([%#sord12] cmp_log'1 x y = C_Greater'0) - -> ([%#sord13] cmp_log'1 y x = C_Less'0) + predicate inv'1 [#"../../../creusot-contracts/src/invariant.rs" 41 0 41 35] (_1 : t_F'0) - function antisym1'0 [#"../../../creusot-contracts/src/logic/ord.rs" 83 4 83 34] (x : t_T'0) (y : t_T'0) : () + predicate inv'0 [#"../../../creusot-contracts/src/invariant.rs" 41 0 41 35] (_1 : t_Map'0) - axiom antisym1'0_spec : forall x : t_T'0, y : t_T'0 . ([%#sord10] cmp_log'1 x y = C_Less'0) - -> ([%#sord11] cmp_log'1 y x = C_Greater'0) + axiom inv_axiom'0 [@rewrite] : forall x : t_Map'0 [inv'0 x] . inv'0 x + = match x with + | {t_Map__iter'0 = iter ; t_Map__f'0 = f} -> inv'2 iter /\ inv'1 f + end - function trans'0 [#"../../../creusot-contracts/src/logic/ord.rs" 75 4 75 53] (x : t_T'0) (y : t_T'0) (z : t_T'0) (o : t_Ordering'0) : () + function func'0 [#"../../../creusot-contracts/src/std/iter/map.rs" 23 4 23 22] (self : t_Map'0) : t_F'0 + + axiom func'0_spec : forall self : t_Map'0 . [%#smap2] inv'0 self -> inv'1 (func'0 self) + + type t_Item'0 + + predicate postcondition_once'0 [#"../../../creusot-contracts/src/std/ops.rs" 85 4 85 73] (self : t_F'0) (args : t_Item'0) (result : t_B'0) - axiom trans'0_spec : forall x : t_T'0, y : t_T'0, z : t_T'0, o : t_Ordering'0 . ([%#sord7] cmp_log'1 x y = o) - -> ([%#sord8] cmp_log'1 y z = o) -> ([%#sord9] cmp_log'1 x z = o) + use prelude.prelude.Borrow - function refl'0 [#"../../../creusot-contracts/src/logic/ord.rs" 68 4 68 21] (x : t_T'0) : () + predicate resolve'0 [#"../../../creusot-contracts/src/resolve.rs" 19 0 19 40] (_1 : t_F'0) - axiom refl'0_spec : forall x : t_T'0 . [%#sord6] cmp_log'1 x x = C_Equal'0 + predicate postcondition_mut'0 [#"../../../creusot-contracts/src/std/ops.rs" 95 4 95 92] (self : t_F'0) (args : t_Item'0) (result_state : t_F'0) (result : t_B'0) + - function gt_log'0 [#"../../../creusot-contracts/src/logic/ord.rs" 57 4 57 36] (self : t_T'0) (o : t_T'0) : bool + function fn_mut_once'0 [#"../../../creusot-contracts/src/std/ops.rs" 129 4 129 55] (self : t_F'0) (args : t_Item'0) (res : t_B'0) : () + - function cmp_gt_log'0 [#"../../../creusot-contracts/src/logic/ord.rs" 63 4 63 36] (x : t_T'0) (y : t_T'0) : () + axiom fn_mut_once'0_spec : forall self : t_F'0, args : t_Item'0, res : t_B'0 . [%#sops10] postcondition_once'0 self args res + = (exists res_state : t_F'0 . postcondition_mut'0 self args res_state res /\ resolve'0 res_state) - axiom cmp_gt_log'0_spec : forall x : t_T'0, y : t_T'0 . [%#sord5] gt_log'0 x y = (cmp_log'1 x y = C_Greater'0) + predicate unnest'0 [#"../../../creusot-contracts/src/std/ops.rs" 103 4 103 36] (self : t_F'0) (_2 : t_F'0) - function ge_log'0 [#"../../../creusot-contracts/src/logic/ord.rs" 46 4 46 36] (self : t_T'0) (o : t_T'0) : bool + function unnest_trans'0 [#"../../../creusot-contracts/src/std/ops.rs" 123 4 123 43] (self : t_F'0) (b : t_F'0) (c : t_F'0) : () + - function cmp_ge_log'0 [#"../../../creusot-contracts/src/logic/ord.rs" 52 4 52 36] (x : t_T'0) (y : t_T'0) : () + axiom unnest_trans'0_spec : forall self : t_F'0, b : t_F'0, c : t_F'0 . ([%#sops7] unnest'0 self b) + -> ([%#sops8] unnest'0 b c) -> ([%#sops9] unnest'0 self c) - axiom cmp_ge_log'0_spec : forall x : t_T'0, y : t_T'0 . [%#sord4] ge_log'0 x y = (cmp_log'1 x y <> C_Less'0) + function unnest_refl'0 [#"../../../creusot-contracts/src/std/ops.rs" 116 4 116 24] (self : t_F'0) : () - function lt_log'0 [#"../../../creusot-contracts/src/logic/ord.rs" 35 4 35 36] (self : t_T'0) (o : t_T'0) : bool + axiom unnest_refl'0_spec : forall self : t_F'0 . [%#sops6] unnest'0 self self - function cmp_lt_log'0 [#"../../../creusot-contracts/src/logic/ord.rs" 41 4 41 36] (x : t_T'0) (y : t_T'0) : () + function postcondition_mut_unnest'0 [#"../../../creusot-contracts/src/std/ops.rs" 111 4 111 85] (self : t_F'0) (args : t_Item'0) (res_state : t_F'0) (res : t_B'0) : () + - axiom cmp_lt_log'0_spec : forall x : t_T'0, y : t_T'0 . [%#sord3] lt_log'0 x y = (cmp_log'1 x y = C_Less'0) + axiom postcondition_mut_unnest'0_spec : forall self : t_F'0, args : t_Item'0, res_state : t_F'0, res : t_B'0 . ([%#sops4] postcondition_mut'0 self args res_state res) + -> ([%#sops5] unnest'0 self res_state) - function le_log'0 [#"../../../creusot-contracts/src/logic/ord.rs" 24 4 24 36] (self : t_T'0) (o : t_T'0) : bool + use seq.Seq - function cmp_le_log'0 [#"../../../creusot-contracts/src/logic/ord.rs" 30 4 30 36] (x : t_T'0) (y : t_T'0) : () + use seq.Seq - axiom cmp_le_log'0_spec : forall x : t_T'0, y : t_T'0 . [%#sord2] le_log'0 x y = (cmp_log'1 x y <> C_Greater'0) + use seq.Seq - function cmp_log'0 [#"../../../creusot-contracts/src/std/option.rs" 436 4 436 41] (self : t_Option'0) (o : t_Option'0) : t_Ordering'0 - - = - [%#soption1] match (self, o) with - | (C_None'0, C_None'0) -> C_Equal'0 - | (C_None'0, C_Some'0 _) -> C_Less'0 - | (C_Some'0 _, C_None'0) -> C_Greater'0 - | (C_Some'0 x, C_Some'0 y) -> cmp_log'1 x y - end + use seq.Seq - goal refines : [%#sord0] forall x : t_Option'0 . forall y : t_Option'0 . cmp_log'0 x y = C_Greater'0 - -> cmp_log'0 x y = C_Greater'0 /\ (forall result : () . cmp_log'0 y x = C_Less'0 -> cmp_log'0 y x = C_Less'0) -end -module M_creusot_contracts__stdqy35z1__option__qyi10751279649878241649__antisym1__refines [#"../../../creusot-contracts/src/logic/ord.rs" 163 8 163 37] (* as logic::ord::OrdLogic> *) - let%span sord0 = "../../../creusot-contracts/src/logic/ord.rs" 163 8 163 37 - let%span soption1 = "../../../creusot-contracts/src/std/option.rs" 437 8 442 9 - let%span sord2 = "../../../creusot-contracts/src/logic/ord.rs" 29 14 29 64 - let%span sord3 = "../../../creusot-contracts/src/logic/ord.rs" 40 14 40 61 - let%span sord4 = "../../../creusot-contracts/src/logic/ord.rs" 51 14 51 61 - let%span sord5 = "../../../creusot-contracts/src/logic/ord.rs" 62 14 62 64 - let%span sord6 = "../../../creusot-contracts/src/logic/ord.rs" 67 14 67 45 - let%span sord7 = "../../../creusot-contracts/src/logic/ord.rs" 72 15 72 32 - let%span sord8 = "../../../creusot-contracts/src/logic/ord.rs" 73 15 73 32 - let%span sord9 = "../../../creusot-contracts/src/logic/ord.rs" 74 14 74 31 - let%span sord10 = "../../../creusot-contracts/src/logic/ord.rs" 81 15 81 45 - let%span sord11 = "../../../creusot-contracts/src/logic/ord.rs" 82 14 82 47 - let%span sord12 = "../../../creusot-contracts/src/logic/ord.rs" 89 15 89 48 - let%span sord13 = "../../../creusot-contracts/src/logic/ord.rs" 90 14 90 44 - let%span sord14 = "../../../creusot-contracts/src/logic/ord.rs" 95 14 95 59 + use seq.Seq - type t_T'0 + function iter'0 [#"../../../creusot-contracts/src/std/iter/map.rs" 16 4 16 22] (self : t_Map'0) : t_I'0 - type t_Option'0 = - | C_None'0 - | C_Some'0 t_T'0 + axiom iter'0_spec : forall self : t_Map'0 . [%#smap3] inv'0 self -> inv'2 (iter'0 self) - type t_Ordering'0 = - | C_Less'0 - | C_Equal'0 - | C_Greater'0 + use seq.Seq - function cmp_log'1 [#"../../../creusot-contracts/src/logic/ord.rs" 19 4 19 46] (self : t_T'0) (other : t_T'0) : t_Ordering'0 + use seq.Seq + + predicate produces'1 [#"../../../creusot-contracts/src/std/iter.rs" 32 4 32 65] (self : t_I'0) (visited : Seq.seq t_Item'0) (o : t_I'0) - function eq_cmp'0 [#"../../../creusot-contracts/src/logic/ord.rs" 96 4 96 32] (x : t_T'0) (y : t_T'0) : () + function produces_trans'0 [#"../../../creusot-contracts/src/std/iter.rs" 45 4 45 91] (a : t_I'0) (ab : Seq.seq t_Item'0) (b : t_I'0) (bc : Seq.seq t_Item'0) (c : t_I'0) : () + - axiom eq_cmp'0_spec : forall x : t_T'0, y : t_T'0 . [%#sord14] (x = y) = (cmp_log'1 x y = C_Equal'0) + axiom produces_trans'0_spec : forall a : t_I'0, ab : Seq.seq t_Item'0, b : t_I'0, bc : Seq.seq t_Item'0, c : t_I'0 . ([%#siter12] produces'1 a ab b) + -> ([%#siter13] produces'1 b bc c) -> ([%#siter14] produces'1 a (Seq.(++) ab bc) c) - function antisym2'0 [#"../../../creusot-contracts/src/logic/ord.rs" 91 4 91 34] (x : t_T'0) (y : t_T'0) : () + function produces_refl'1 [#"../../../creusot-contracts/src/std/iter.rs" 39 4 39 27] (self : t_I'0) : () - axiom antisym2'0_spec : forall x : t_T'0, y : t_T'0 . ([%#sord12] cmp_log'1 x y = C_Greater'0) - -> ([%#sord13] cmp_log'1 y x = C_Less'0) + axiom produces_refl'1_spec : forall self : t_I'0 . [%#siter11] produces'1 self (Seq.empty : Seq.seq t_Item'0) self - function antisym1'1 [#"../../../creusot-contracts/src/logic/ord.rs" 83 4 83 34] (x : t_T'0) (y : t_T'0) : () + use prelude.prelude.Int - axiom antisym1'1_spec : forall x : t_T'0, y : t_T'0 . ([%#sord10] cmp_log'1 x y = C_Less'0) - -> ([%#sord11] cmp_log'1 y x = C_Greater'0) + use seq.Seq - function trans'0 [#"../../../creusot-contracts/src/logic/ord.rs" 75 4 75 53] (x : t_T'0) (y : t_T'0) (z : t_T'0) (o : t_Ordering'0) : () - + use seq.Seq - axiom trans'0_spec : forall x : t_T'0, y : t_T'0, z : t_T'0, o : t_Ordering'0 . ([%#sord7] cmp_log'1 x y = o) - -> ([%#sord8] cmp_log'1 y z = o) -> ([%#sord9] cmp_log'1 x z = o) + predicate precondition'0 [#"../../../creusot-contracts/src/std/ops.rs" 77 4 77 45] (self : t_F'0) (args : t_Item'0) - function refl'0 [#"../../../creusot-contracts/src/logic/ord.rs" 68 4 68 21] (x : t_T'0) : () + use seq.Seq - axiom refl'0_spec : forall x : t_T'0 . [%#sord6] cmp_log'1 x x = C_Equal'0 + predicate produces'0 [@inline:trivial] [#"../../../creusot-contracts/src/std/iter/map.rs" 61 4 61 67] (self : t_Map'0) (visited : Seq.seq t_B'0) (succ : t_Map'0) + + = + [%#smap1] unnest'0 (func'0 self) (func'0 succ) + /\ (exists fs : Seq.seq (borrowed t_F'0) . Seq.length fs = Seq.length visited + /\ (exists s : Seq.seq t_Item'0 [produces'1 (iter'0 self) s (iter'0 succ)] . Seq.length s = Seq.length visited + /\ produces'1 (iter'0 self) s (iter'0 succ) + /\ (forall i : int . 1 <= i /\ i < Seq.length fs -> (Seq.get fs (i - 1)).final = (Seq.get fs i).current) + /\ (if Seq.length visited = 0 then + func'0 self = func'0 succ + else + (Seq.get fs 0).current = func'0 self /\ (Seq.get fs (Seq.length visited - 1)).final = func'0 succ + ) + /\ (forall i : int . 0 <= i /\ i < Seq.length visited + -> unnest'0 (func'0 self) (Seq.get fs i).current + /\ precondition'0 (Seq.get fs i).current (Seq.get s i) + /\ postcondition_mut'0 (Seq.get fs i).current (Seq.get s i) (Seq.get fs i).final (Seq.get visited i)))) - function gt_log'0 [#"../../../creusot-contracts/src/logic/ord.rs" 57 4 57 36] (self : t_T'0) (o : t_T'0) : bool + goal refines : [%#smap0] forall self : t_Map'0 . forall result : () . produces'0 self (Seq.empty : Seq.seq t_B'0) self + -> produces'0 self (Seq.empty : Seq.seq t_B'0) self +end +module M_creusot_contracts__stdqy35z1__iter__map__qyi6597778842032428791__produces_trans__refines [#"../../../creusot-contracts/src/std/iter/map.rs" 88 4 88 90] (* as std::iter::Iterator> *) + let%span smap0 = "../../../creusot-contracts/src/std/iter/map.rs" 88 4 88 90 + let%span smap1 = "../../../creusot-contracts/src/std/iter/map.rs" 63 12 74 75 + let%span smap2 = "../../../creusot-contracts/src/std/iter/map.rs" 22 14 22 39 + let%span smap3 = "../../../creusot-contracts/src/std/iter/map.rs" 15 14 15 39 + let%span sops4 = "../../../creusot-contracts/src/std/ops.rs" 109 15 109 59 + let%span sops5 = "../../../creusot-contracts/src/std/ops.rs" 110 14 110 36 + let%span sops6 = "../../../creusot-contracts/src/std/ops.rs" 115 14 115 31 + let%span sops7 = "../../../creusot-contracts/src/std/ops.rs" 120 15 120 29 + let%span sops8 = "../../../creusot-contracts/src/std/ops.rs" 121 15 121 26 + let%span sops9 = "../../../creusot-contracts/src/std/ops.rs" 122 14 122 28 + let%span sops10 = "../../../creusot-contracts/src/std/ops.rs" 127 14 128 105 + let%span siter11 = "../../../creusot-contracts/src/std/iter.rs" 38 14 38 45 + let%span siter12 = "../../../creusot-contracts/src/std/iter.rs" 42 15 42 32 + let%span siter13 = "../../../creusot-contracts/src/std/iter.rs" 43 15 43 32 + let%span siter14 = "../../../creusot-contracts/src/std/iter.rs" 44 14 44 42 - function cmp_gt_log'0 [#"../../../creusot-contracts/src/logic/ord.rs" 63 4 63 36] (x : t_T'0) (y : t_T'0) : () + type t_I'0 - axiom cmp_gt_log'0_spec : forall x : t_T'0, y : t_T'0 . [%#sord5] gt_log'0 x y = (cmp_log'1 x y = C_Greater'0) + type t_F'0 - function ge_log'0 [#"../../../creusot-contracts/src/logic/ord.rs" 46 4 46 36] (self : t_T'0) (o : t_T'0) : bool + type t_Map'0 = + { t_Map__iter'0: t_I'0; t_Map__f'0: t_F'0 } - function cmp_ge_log'0 [#"../../../creusot-contracts/src/logic/ord.rs" 52 4 52 36] (x : t_T'0) (y : t_T'0) : () + type t_B'0 - axiom cmp_ge_log'0_spec : forall x : t_T'0, y : t_T'0 . [%#sord4] ge_log'0 x y = (cmp_log'1 x y <> C_Less'0) + use seq.Seq - function lt_log'0 [#"../../../creusot-contracts/src/logic/ord.rs" 35 4 35 36] (self : t_T'0) (o : t_T'0) : bool + predicate inv'2 [#"../../../creusot-contracts/src/invariant.rs" 41 0 41 35] (_1 : t_I'0) - function cmp_lt_log'0 [#"../../../creusot-contracts/src/logic/ord.rs" 41 4 41 36] (x : t_T'0) (y : t_T'0) : () + predicate inv'1 [#"../../../creusot-contracts/src/invariant.rs" 41 0 41 35] (_1 : t_F'0) - axiom cmp_lt_log'0_spec : forall x : t_T'0, y : t_T'0 . [%#sord3] lt_log'0 x y = (cmp_log'1 x y = C_Less'0) + predicate inv'0 [#"../../../creusot-contracts/src/invariant.rs" 41 0 41 35] (_1 : t_Map'0) - function le_log'0 [#"../../../creusot-contracts/src/logic/ord.rs" 24 4 24 36] (self : t_T'0) (o : t_T'0) : bool + axiom inv_axiom'0 [@rewrite] : forall x : t_Map'0 [inv'0 x] . inv'0 x + = match x with + | {t_Map__iter'0 = iter ; t_Map__f'0 = f} -> inv'2 iter /\ inv'1 f + end - function cmp_le_log'0 [#"../../../creusot-contracts/src/logic/ord.rs" 30 4 30 36] (x : t_T'0) (y : t_T'0) : () + function func'0 [#"../../../creusot-contracts/src/std/iter/map.rs" 23 4 23 22] (self : t_Map'0) : t_F'0 - axiom cmp_le_log'0_spec : forall x : t_T'0, y : t_T'0 . [%#sord2] le_log'0 x y = (cmp_log'1 x y <> C_Greater'0) + axiom func'0_spec : forall self : t_Map'0 . [%#smap2] inv'0 self -> inv'1 (func'0 self) - function cmp_log'0 [#"../../../creusot-contracts/src/std/option.rs" 436 4 436 41] (self : t_Option'0) (o : t_Option'0) : t_Ordering'0 + type t_Item'0 + + predicate postcondition_once'0 [#"../../../creusot-contracts/src/std/ops.rs" 85 4 85 73] (self : t_F'0) (args : t_Item'0) (result : t_B'0) - = - [%#soption1] match (self, o) with - | (C_None'0, C_None'0) -> C_Equal'0 - | (C_None'0, C_Some'0 _) -> C_Less'0 - | (C_Some'0 _, C_None'0) -> C_Greater'0 - | (C_Some'0 x, C_Some'0 y) -> cmp_log'1 x y - end - - goal refines : [%#sord0] forall x : t_Option'0 . forall y : t_Option'0 . cmp_log'0 x y = C_Less'0 - -> cmp_log'0 x y = C_Less'0 /\ (forall result : () . cmp_log'0 y x = C_Greater'0 -> cmp_log'0 y x = C_Greater'0) -end -module M_creusot_contracts__stdqy35z1__option__qyi10751279649878241649__refl__refines [#"../../../creusot-contracts/src/logic/ord.rs" 150 8 150 24] (* as logic::ord::OrdLogic> *) - let%span sord0 = "../../../creusot-contracts/src/logic/ord.rs" 150 8 150 24 - let%span soption1 = "../../../creusot-contracts/src/std/option.rs" 437 8 442 9 - let%span sord2 = "../../../creusot-contracts/src/logic/ord.rs" 29 14 29 64 - let%span sord3 = "../../../creusot-contracts/src/logic/ord.rs" 40 14 40 61 - let%span sord4 = "../../../creusot-contracts/src/logic/ord.rs" 51 14 51 61 - let%span sord5 = "../../../creusot-contracts/src/logic/ord.rs" 62 14 62 64 - let%span sord6 = "../../../creusot-contracts/src/logic/ord.rs" 67 14 67 45 - let%span sord7 = "../../../creusot-contracts/src/logic/ord.rs" 72 15 72 32 - let%span sord8 = "../../../creusot-contracts/src/logic/ord.rs" 73 15 73 32 - let%span sord9 = "../../../creusot-contracts/src/logic/ord.rs" 74 14 74 31 - let%span sord10 = "../../../creusot-contracts/src/logic/ord.rs" 81 15 81 45 - let%span sord11 = "../../../creusot-contracts/src/logic/ord.rs" 82 14 82 47 - let%span sord12 = "../../../creusot-contracts/src/logic/ord.rs" 89 15 89 48 - let%span sord13 = "../../../creusot-contracts/src/logic/ord.rs" 90 14 90 44 - let%span sord14 = "../../../creusot-contracts/src/logic/ord.rs" 95 14 95 59 - type t_T'0 + use prelude.prelude.Borrow - type t_Option'0 = - | C_None'0 - | C_Some'0 t_T'0 + predicate resolve'0 [#"../../../creusot-contracts/src/resolve.rs" 19 0 19 40] (_1 : t_F'0) - type t_Ordering'0 = - | C_Less'0 - | C_Equal'0 - | C_Greater'0 + predicate postcondition_mut'0 [#"../../../creusot-contracts/src/std/ops.rs" 95 4 95 92] (self : t_F'0) (args : t_Item'0) (result_state : t_F'0) (result : t_B'0) + - function cmp_log'1 [#"../../../creusot-contracts/src/logic/ord.rs" 19 4 19 46] (self : t_T'0) (other : t_T'0) : t_Ordering'0 + function fn_mut_once'0 [#"../../../creusot-contracts/src/std/ops.rs" 129 4 129 55] (self : t_F'0) (args : t_Item'0) (res : t_B'0) : () - function eq_cmp'0 [#"../../../creusot-contracts/src/logic/ord.rs" 96 4 96 32] (x : t_T'0) (y : t_T'0) : () + axiom fn_mut_once'0_spec : forall self : t_F'0, args : t_Item'0, res : t_B'0 . [%#sops10] postcondition_once'0 self args res + = (exists res_state : t_F'0 . postcondition_mut'0 self args res_state res /\ resolve'0 res_state) - axiom eq_cmp'0_spec : forall x : t_T'0, y : t_T'0 . [%#sord14] (x = y) = (cmp_log'1 x y = C_Equal'0) + predicate unnest'0 [#"../../../creusot-contracts/src/std/ops.rs" 103 4 103 36] (self : t_F'0) (_2 : t_F'0) - function antisym2'0 [#"../../../creusot-contracts/src/logic/ord.rs" 91 4 91 34] (x : t_T'0) (y : t_T'0) : () + function unnest_trans'0 [#"../../../creusot-contracts/src/std/ops.rs" 123 4 123 43] (self : t_F'0) (b : t_F'0) (c : t_F'0) : () + - axiom antisym2'0_spec : forall x : t_T'0, y : t_T'0 . ([%#sord12] cmp_log'1 x y = C_Greater'0) - -> ([%#sord13] cmp_log'1 y x = C_Less'0) + axiom unnest_trans'0_spec : forall self : t_F'0, b : t_F'0, c : t_F'0 . ([%#sops7] unnest'0 self b) + -> ([%#sops8] unnest'0 b c) -> ([%#sops9] unnest'0 self c) - function antisym1'0 [#"../../../creusot-contracts/src/logic/ord.rs" 83 4 83 34] (x : t_T'0) (y : t_T'0) : () + function unnest_refl'0 [#"../../../creusot-contracts/src/std/ops.rs" 116 4 116 24] (self : t_F'0) : () - axiom antisym1'0_spec : forall x : t_T'0, y : t_T'0 . ([%#sord10] cmp_log'1 x y = C_Less'0) - -> ([%#sord11] cmp_log'1 y x = C_Greater'0) + axiom unnest_refl'0_spec : forall self : t_F'0 . [%#sops6] unnest'0 self self - function trans'0 [#"../../../creusot-contracts/src/logic/ord.rs" 75 4 75 53] (x : t_T'0) (y : t_T'0) (z : t_T'0) (o : t_Ordering'0) : () + function postcondition_mut_unnest'0 [#"../../../creusot-contracts/src/std/ops.rs" 111 4 111 85] (self : t_F'0) (args : t_Item'0) (res_state : t_F'0) (res : t_B'0) : () - axiom trans'0_spec : forall x : t_T'0, y : t_T'0, z : t_T'0, o : t_Ordering'0 . ([%#sord7] cmp_log'1 x y = o) - -> ([%#sord8] cmp_log'1 y z = o) -> ([%#sord9] cmp_log'1 x z = o) + axiom postcondition_mut_unnest'0_spec : forall self : t_F'0, args : t_Item'0, res_state : t_F'0, res : t_B'0 . ([%#sops4] postcondition_mut'0 self args res_state res) + -> ([%#sops5] unnest'0 self res_state) - function refl'1 [#"../../../creusot-contracts/src/logic/ord.rs" 68 4 68 21] (x : t_T'0) : () + use seq.Seq - axiom refl'1_spec : forall x : t_T'0 . [%#sord6] cmp_log'1 x x = C_Equal'0 + use seq.Seq - function gt_log'0 [#"../../../creusot-contracts/src/logic/ord.rs" 57 4 57 36] (self : t_T'0) (o : t_T'0) : bool + use seq.Seq - function cmp_gt_log'0 [#"../../../creusot-contracts/src/logic/ord.rs" 63 4 63 36] (x : t_T'0) (y : t_T'0) : () + use seq.Seq - axiom cmp_gt_log'0_spec : forall x : t_T'0, y : t_T'0 . [%#sord5] gt_log'0 x y = (cmp_log'1 x y = C_Greater'0) + use seq.Seq - function ge_log'0 [#"../../../creusot-contracts/src/logic/ord.rs" 46 4 46 36] (self : t_T'0) (o : t_T'0) : bool + function iter'0 [#"../../../creusot-contracts/src/std/iter/map.rs" 16 4 16 22] (self : t_Map'0) : t_I'0 - function cmp_ge_log'0 [#"../../../creusot-contracts/src/logic/ord.rs" 52 4 52 36] (x : t_T'0) (y : t_T'0) : () + axiom iter'0_spec : forall self : t_Map'0 . [%#smap3] inv'0 self -> inv'2 (iter'0 self) - axiom cmp_ge_log'0_spec : forall x : t_T'0, y : t_T'0 . [%#sord4] ge_log'0 x y = (cmp_log'1 x y <> C_Less'0) + use seq.Seq - function lt_log'0 [#"../../../creusot-contracts/src/logic/ord.rs" 35 4 35 36] (self : t_T'0) (o : t_T'0) : bool + use seq.Seq - function cmp_lt_log'0 [#"../../../creusot-contracts/src/logic/ord.rs" 41 4 41 36] (x : t_T'0) (y : t_T'0) : () + predicate produces'1 [#"../../../creusot-contracts/src/std/iter.rs" 32 4 32 65] (self : t_I'0) (visited : Seq.seq t_Item'0) (o : t_I'0) + - axiom cmp_lt_log'0_spec : forall x : t_T'0, y : t_T'0 . [%#sord3] lt_log'0 x y = (cmp_log'1 x y = C_Less'0) + function produces_trans'1 [#"../../../creusot-contracts/src/std/iter.rs" 45 4 45 91] (a : t_I'0) (ab : Seq.seq t_Item'0) (b : t_I'0) (bc : Seq.seq t_Item'0) (c : t_I'0) : () + - function le_log'0 [#"../../../creusot-contracts/src/logic/ord.rs" 24 4 24 36] (self : t_T'0) (o : t_T'0) : bool + axiom produces_trans'1_spec : forall a : t_I'0, ab : Seq.seq t_Item'0, b : t_I'0, bc : Seq.seq t_Item'0, c : t_I'0 . ([%#siter12] produces'1 a ab b) + -> ([%#siter13] produces'1 b bc c) -> ([%#siter14] produces'1 a (Seq.(++) ab bc) c) - function cmp_le_log'0 [#"../../../creusot-contracts/src/logic/ord.rs" 30 4 30 36] (x : t_T'0) (y : t_T'0) : () + function produces_refl'0 [#"../../../creusot-contracts/src/std/iter.rs" 39 4 39 27] (self : t_I'0) : () - axiom cmp_le_log'0_spec : forall x : t_T'0, y : t_T'0 . [%#sord2] le_log'0 x y = (cmp_log'1 x y <> C_Greater'0) + axiom produces_refl'0_spec : forall self : t_I'0 . [%#siter11] produces'1 self (Seq.empty : Seq.seq t_Item'0) self - function cmp_log'0 [#"../../../creusot-contracts/src/std/option.rs" 436 4 436 41] (self : t_Option'0) (o : t_Option'0) : t_Ordering'0 - - = - [%#soption1] match (self, o) with - | (C_None'0, C_None'0) -> C_Equal'0 - | (C_None'0, C_Some'0 _) -> C_Less'0 - | (C_Some'0 _, C_None'0) -> C_Greater'0 - | (C_Some'0 x, C_Some'0 y) -> cmp_log'1 x y - end + use prelude.prelude.Int - goal refines : [%#sord0] forall x : t_Option'0 . forall result : () . cmp_log'0 x x = C_Equal'0 - -> cmp_log'0 x x = C_Equal'0 -end -module M_creusot_contracts__stdqy35z1__option__qyi10751279649878241649__trans__refines [#"../../../creusot-contracts/src/logic/ord.rs" 157 8 157 56] (* as logic::ord::OrdLogic> *) - let%span sord0 = "../../../creusot-contracts/src/logic/ord.rs" 157 8 157 56 - let%span soption1 = "../../../creusot-contracts/src/std/option.rs" 437 8 442 9 - let%span sord2 = "../../../creusot-contracts/src/logic/ord.rs" 29 14 29 64 - let%span sord3 = "../../../creusot-contracts/src/logic/ord.rs" 40 14 40 61 - let%span sord4 = "../../../creusot-contracts/src/logic/ord.rs" 51 14 51 61 - let%span sord5 = "../../../creusot-contracts/src/logic/ord.rs" 62 14 62 64 - let%span sord6 = "../../../creusot-contracts/src/logic/ord.rs" 67 14 67 45 - let%span sord7 = "../../../creusot-contracts/src/logic/ord.rs" 72 15 72 32 - let%span sord8 = "../../../creusot-contracts/src/logic/ord.rs" 73 15 73 32 - let%span sord9 = "../../../creusot-contracts/src/logic/ord.rs" 74 14 74 31 - let%span sord10 = "../../../creusot-contracts/src/logic/ord.rs" 81 15 81 45 - let%span sord11 = "../../../creusot-contracts/src/logic/ord.rs" 82 14 82 47 - let%span sord12 = "../../../creusot-contracts/src/logic/ord.rs" 89 15 89 48 - let%span sord13 = "../../../creusot-contracts/src/logic/ord.rs" 90 14 90 44 - let%span sord14 = "../../../creusot-contracts/src/logic/ord.rs" 95 14 95 59 + use seq.Seq - type t_T'0 + use seq.Seq - type t_Option'0 = - | C_None'0 - | C_Some'0 t_T'0 + predicate precondition'0 [#"../../../creusot-contracts/src/std/ops.rs" 77 4 77 45] (self : t_F'0) (args : t_Item'0) - type t_Ordering'0 = - | C_Less'0 - | C_Equal'0 - | C_Greater'0 + use seq.Seq - function cmp_log'1 [#"../../../creusot-contracts/src/logic/ord.rs" 19 4 19 46] (self : t_T'0) (other : t_T'0) : t_Ordering'0 + predicate produces'0 [@inline:trivial] [#"../../../creusot-contracts/src/std/iter/map.rs" 61 4 61 67] (self : t_Map'0) (visited : Seq.seq t_B'0) (succ : t_Map'0) + = + [%#smap1] unnest'0 (func'0 self) (func'0 succ) + /\ (exists fs : Seq.seq (borrowed t_F'0) . Seq.length fs = Seq.length visited + /\ (exists s : Seq.seq t_Item'0 [produces'1 (iter'0 self) s (iter'0 succ)] . Seq.length s = Seq.length visited + /\ produces'1 (iter'0 self) s (iter'0 succ) + /\ (forall i : int . 1 <= i /\ i < Seq.length fs -> (Seq.get fs (i - 1)).final = (Seq.get fs i).current) + /\ (if Seq.length visited = 0 then + func'0 self = func'0 succ + else + (Seq.get fs 0).current = func'0 self /\ (Seq.get fs (Seq.length visited - 1)).final = func'0 succ + ) + /\ (forall i : int . 0 <= i /\ i < Seq.length visited + -> unnest'0 (func'0 self) (Seq.get fs i).current + /\ precondition'0 (Seq.get fs i).current (Seq.get s i) + /\ postcondition_mut'0 (Seq.get fs i).current (Seq.get s i) (Seq.get fs i).final (Seq.get visited i)))) - function eq_cmp'0 [#"../../../creusot-contracts/src/logic/ord.rs" 96 4 96 32] (x : t_T'0) (y : t_T'0) : () + use seq.Seq - axiom eq_cmp'0_spec : forall x : t_T'0, y : t_T'0 . [%#sord14] (x = y) = (cmp_log'1 x y = C_Equal'0) + goal refines : [%#smap0] forall a : t_Map'0 . forall ab : Seq.seq t_B'0 . forall b : t_Map'0 . forall bc : Seq.seq t_B'0 . forall c : t_Map'0 . produces'0 b bc c + /\ produces'0 a ab b + -> produces'0 b bc c + /\ produces'0 a ab b /\ (forall result : () . produces'0 a (Seq.(++) ab bc) c -> produces'0 a (Seq.(++) ab bc) c) +end +module M_creusot_contracts__stdqy35z1__iter__map_inv__qyi9026772487048432788__produces_refl__refines [#"../../../creusot-contracts/src/std/iter/map_inv.rs" 24 4 24 26] (* ::Item, F> as std::iter::Iterator> *) + let%span smap_inv0 = "../../../creusot-contracts/src/std/iter/map_inv.rs" 24 4 24 26 + let%span smap_inv1 = "../../../creusot-contracts/src/std/iter/map_inv.rs" 37 8 49 9 + let%span sops2 = "../../../creusot-contracts/src/std/ops.rs" 109 15 109 59 + let%span sops3 = "../../../creusot-contracts/src/std/ops.rs" 110 14 110 36 + let%span sops4 = "../../../creusot-contracts/src/std/ops.rs" 115 14 115 31 + let%span sops5 = "../../../creusot-contracts/src/std/ops.rs" 120 15 120 29 + let%span sops6 = "../../../creusot-contracts/src/std/ops.rs" 121 15 121 26 + let%span sops7 = "../../../creusot-contracts/src/std/ops.rs" 122 14 122 28 + let%span sops8 = "../../../creusot-contracts/src/std/ops.rs" 127 14 128 105 + let%span siter9 = "../../../creusot-contracts/src/std/iter.rs" 38 14 38 45 + let%span siter10 = "../../../creusot-contracts/src/std/iter.rs" 42 15 42 32 + let%span siter11 = "../../../creusot-contracts/src/std/iter.rs" 43 15 43 32 + let%span siter12 = "../../../creusot-contracts/src/std/iter.rs" 44 14 44 42 - function antisym2'0 [#"../../../creusot-contracts/src/logic/ord.rs" 91 4 91 34] (x : t_T'0) (y : t_T'0) : () + type t_I'0 - axiom antisym2'0_spec : forall x : t_T'0, y : t_T'0 . ([%#sord12] cmp_log'1 x y = C_Greater'0) - -> ([%#sord13] cmp_log'1 y x = C_Less'0) + type t_F'0 - function antisym1'0 [#"../../../creusot-contracts/src/logic/ord.rs" 83 4 83 34] (x : t_T'0) (y : t_T'0) : () + type t_Item'0 - axiom antisym1'0_spec : forall x : t_T'0, y : t_T'0 . ([%#sord10] cmp_log'1 x y = C_Less'0) - -> ([%#sord11] cmp_log'1 y x = C_Greater'0) + use seq.Seq - function trans'1 [#"../../../creusot-contracts/src/logic/ord.rs" 75 4 75 53] (x : t_T'0) (y : t_T'0) (z : t_T'0) (o : t_Ordering'0) : () - + use prelude.prelude.Snapshot - axiom trans'1_spec : forall x : t_T'0, y : t_T'0, z : t_T'0, o : t_Ordering'0 . ([%#sord7] cmp_log'1 x y = o) - -> ([%#sord8] cmp_log'1 y z = o) -> ([%#sord9] cmp_log'1 x z = o) + type t_MapInv'0 = + { t_MapInv__iter'0: t_I'0; t_MapInv__func'0: t_F'0; t_MapInv__produced'0: Snapshot.snap_ty (Seq.seq t_Item'0) } - function refl'0 [#"../../../creusot-contracts/src/logic/ord.rs" 68 4 68 21] (x : t_T'0) : () + use seq.Seq - axiom refl'0_spec : forall x : t_T'0 . [%#sord6] cmp_log'1 x x = C_Equal'0 + type t_B'0 - function gt_log'0 [#"../../../creusot-contracts/src/logic/ord.rs" 57 4 57 36] (self : t_T'0) (o : t_T'0) : bool + use seq.Seq - function cmp_gt_log'0 [#"../../../creusot-contracts/src/logic/ord.rs" 63 4 63 36] (x : t_T'0) (y : t_T'0) : () + predicate postcondition_once'0 [#"../../../creusot-contracts/src/std/ops.rs" 85 4 85 73] (self : t_F'0) (args : (t_Item'0, Snapshot.snap_ty (Seq.seq t_Item'0))) (result : t_B'0) + - axiom cmp_gt_log'0_spec : forall x : t_T'0, y : t_T'0 . [%#sord5] gt_log'0 x y = (cmp_log'1 x y = C_Greater'0) + use prelude.prelude.Borrow - function ge_log'0 [#"../../../creusot-contracts/src/logic/ord.rs" 46 4 46 36] (self : t_T'0) (o : t_T'0) : bool + predicate resolve'0 [#"../../../creusot-contracts/src/resolve.rs" 19 0 19 40] (_1 : t_F'0) - function cmp_ge_log'0 [#"../../../creusot-contracts/src/logic/ord.rs" 52 4 52 36] (x : t_T'0) (y : t_T'0) : () + predicate postcondition_mut'0 [#"../../../creusot-contracts/src/std/ops.rs" 95 4 95 92] (self : t_F'0) (args : (t_Item'0, Snapshot.snap_ty (Seq.seq t_Item'0))) (result_state : t_F'0) (result : t_B'0) + - axiom cmp_ge_log'0_spec : forall x : t_T'0, y : t_T'0 . [%#sord4] ge_log'0 x y = (cmp_log'1 x y <> C_Less'0) + function fn_mut_once'0 [#"../../../creusot-contracts/src/std/ops.rs" 129 4 129 55] (self : t_F'0) (args : (t_Item'0, Snapshot.snap_ty (Seq.seq t_Item'0))) (res : t_B'0) : () + - function lt_log'0 [#"../../../creusot-contracts/src/logic/ord.rs" 35 4 35 36] (self : t_T'0) (o : t_T'0) : bool + axiom fn_mut_once'0_spec : forall self : t_F'0, args : (t_Item'0, Snapshot.snap_ty (Seq.seq t_Item'0)), res : t_B'0 . [%#sops8] postcondition_once'0 self args res + = (exists res_state : t_F'0 . postcondition_mut'0 self args res_state res /\ resolve'0 res_state) - function cmp_lt_log'0 [#"../../../creusot-contracts/src/logic/ord.rs" 41 4 41 36] (x : t_T'0) (y : t_T'0) : () + predicate unnest'0 [#"../../../creusot-contracts/src/std/ops.rs" 103 4 103 36] (self : t_F'0) (_2 : t_F'0) - axiom cmp_lt_log'0_spec : forall x : t_T'0, y : t_T'0 . [%#sord3] lt_log'0 x y = (cmp_log'1 x y = C_Less'0) + function unnest_trans'0 [#"../../../creusot-contracts/src/std/ops.rs" 123 4 123 43] (self : t_F'0) (b : t_F'0) (c : t_F'0) : () + - function le_log'0 [#"../../../creusot-contracts/src/logic/ord.rs" 24 4 24 36] (self : t_T'0) (o : t_T'0) : bool + axiom unnest_trans'0_spec : forall self : t_F'0, b : t_F'0, c : t_F'0 . ([%#sops5] unnest'0 self b) + -> ([%#sops6] unnest'0 b c) -> ([%#sops7] unnest'0 self c) - function cmp_le_log'0 [#"../../../creusot-contracts/src/logic/ord.rs" 30 4 30 36] (x : t_T'0) (y : t_T'0) : () + function unnest_refl'0 [#"../../../creusot-contracts/src/std/ops.rs" 116 4 116 24] (self : t_F'0) : () - axiom cmp_le_log'0_spec : forall x : t_T'0, y : t_T'0 . [%#sord2] le_log'0 x y = (cmp_log'1 x y <> C_Greater'0) + axiom unnest_refl'0_spec : forall self : t_F'0 . [%#sops4] unnest'0 self self - function cmp_log'0 [#"../../../creusot-contracts/src/std/option.rs" 436 4 436 41] (self : t_Option'0) (o : t_Option'0) : t_Ordering'0 + function postcondition_mut_unnest'0 [#"../../../creusot-contracts/src/std/ops.rs" 111 4 111 85] (self : t_F'0) (args : (t_Item'0, Snapshot.snap_ty (Seq.seq t_Item'0))) (res_state : t_F'0) (res : t_B'0) : () - = - [%#soption1] match (self, o) with - | (C_None'0, C_None'0) -> C_Equal'0 - | (C_None'0, C_Some'0 _) -> C_Less'0 - | (C_Some'0 _, C_None'0) -> C_Greater'0 - | (C_Some'0 x, C_Some'0 y) -> cmp_log'1 x y - end - goal refines : [%#sord0] forall x : t_Option'0 . forall y : t_Option'0 . forall z : t_Option'0 . forall o : t_Ordering'0 . cmp_log'0 y z - = o - /\ cmp_log'0 x y = o - -> cmp_log'0 y z = o /\ cmp_log'0 x y = o /\ (forall result : () . cmp_log'0 x z = o -> cmp_log'0 x z = o) -end -module M_creusot_contracts__num_rational__qyi7156484438548626841__cmp_le_log__refines [#"../../../creusot-contracts/src/logic/ord.rs" 130 8 130 39] (* *) - let%span sord0 = "../../../creusot-contracts/src/logic/ord.rs" 130 8 130 39 - let%span snum_rational1 = "../../../creusot-contracts/src/num_rational.rs" 29 4 29 12 + axiom postcondition_mut_unnest'0_spec : forall self : t_F'0, args : (t_Item'0, Snapshot.snap_ty (Seq.seq t_Item'0)), res_state : t_F'0, res : t_B'0 . ([%#sops2] postcondition_mut'0 self args res_state res) + -> ([%#sops3] unnest'0 self res_state) - use prelude.prelude.Real + use seq.Seq - use prelude.prelude.Real + use seq.Seq - type t_Ordering'0 = - | C_Less'0 - | C_Equal'0 - | C_Greater'0 + use seq.Seq - use prelude.prelude.Real + use seq.Seq - function cmp_log'0 [#"../../../creusot-contracts/src/num_rational.rs" 31 4 31 41] (self : Real.real) (o : Real.real) : t_Ordering'0 - - = - [%#snum_rational1] if Real.(<) self o then C_Less'0 else if self = o then C_Equal'0 else C_Greater'0 + use seq.Seq - goal refines : [%#sord0] forall x : Real.real . forall y : Real.real . forall result : () . Real.(<=) x y - = (cmp_log'0 x y <> C_Greater'0) -> Real.(<=) x y = (cmp_log'0 x y <> C_Greater'0) -end -module M_creusot_contracts__num_rational__qyi7156484438548626841__eq_cmp__refines [#"../../../creusot-contracts/src/logic/ord.rs" 174 8 174 35] (* *) - let%span sord0 = "../../../creusot-contracts/src/logic/ord.rs" 174 8 174 35 - let%span snum_rational1 = "../../../creusot-contracts/src/num_rational.rs" 29 4 29 12 + use seq.Seq - use prelude.prelude.Real + predicate produces'1 [#"../../../creusot-contracts/src/std/iter.rs" 32 4 32 65] (self : t_I'0) (visited : Seq.seq t_Item'0) (o : t_I'0) + - type t_Ordering'0 = - | C_Less'0 - | C_Equal'0 - | C_Greater'0 + function produces_trans'0 [#"../../../creusot-contracts/src/std/iter.rs" 45 4 45 91] (a : t_I'0) (ab : Seq.seq t_Item'0) (b : t_I'0) (bc : Seq.seq t_Item'0) (c : t_I'0) : () + - use prelude.prelude.Real + axiom produces_trans'0_spec : forall a : t_I'0, ab : Seq.seq t_Item'0, b : t_I'0, bc : Seq.seq t_Item'0, c : t_I'0 . ([%#siter10] produces'1 a ab b) + -> ([%#siter11] produces'1 b bc c) -> ([%#siter12] produces'1 a (Seq.(++) ab bc) c) - function cmp_log'0 [#"../../../creusot-contracts/src/num_rational.rs" 31 4 31 41] (self : Real.real) (o : Real.real) : t_Ordering'0 - - = - [%#snum_rational1] if Real.(<) self o then C_Less'0 else if self = o then C_Equal'0 else C_Greater'0 + function produces_refl'1 [#"../../../creusot-contracts/src/std/iter.rs" 39 4 39 27] (self : t_I'0) : () - goal refines : [%#sord0] forall x : Real.real . forall y : Real.real . forall result : () . (x = y) - = (cmp_log'0 x y = C_Equal'0) -> (x = y) = (cmp_log'0 x y = C_Equal'0) -end -module M_creusot_contracts__num_rational__qyi7156484438548626841__cmp_lt_log__refines [#"../../../creusot-contracts/src/logic/ord.rs" 135 8 135 39] (* *) - let%span sord0 = "../../../creusot-contracts/src/logic/ord.rs" 135 8 135 39 - let%span snum_rational1 = "../../../creusot-contracts/src/num_rational.rs" 29 4 29 12 + axiom produces_refl'1_spec : forall self : t_I'0 . [%#siter9] produces'1 self (Seq.empty : Seq.seq t_Item'0) self - use prelude.prelude.Real + use prelude.prelude.Snapshot - use prelude.prelude.Real + use prelude.prelude.Snapshot - type t_Ordering'0 = - | C_Less'0 - | C_Equal'0 - | C_Greater'0 + use prelude.prelude.Int - function cmp_log'0 [#"../../../creusot-contracts/src/num_rational.rs" 31 4 31 41] (self : Real.real) (o : Real.real) : t_Ordering'0 - - = - [%#snum_rational1] if Real.(<) self o then C_Less'0 else if self = o then C_Equal'0 else C_Greater'0 + use seq.Seq - goal refines : [%#sord0] forall x : Real.real . forall y : Real.real . forall result : () . Real.(<) x y - = (cmp_log'0 x y = C_Less'0) -> Real.(<) x y = (cmp_log'0 x y = C_Less'0) -end -module M_creusot_contracts__num_rational__qyi7156484438548626841__cmp_ge_log__refines [#"../../../creusot-contracts/src/logic/ord.rs" 140 8 140 39] (* *) - let%span sord0 = "../../../creusot-contracts/src/logic/ord.rs" 140 8 140 39 - let%span snum_rational1 = "../../../creusot-contracts/src/num_rational.rs" 29 4 29 12 + use seq.Seq - use prelude.prelude.Real + use seq.Seq - use prelude.prelude.Real + use prelude.prelude.Snapshot - type t_Ordering'0 = - | C_Less'0 - | C_Equal'0 - | C_Greater'0 + predicate precondition'0 [#"../../../creusot-contracts/src/std/ops.rs" 77 4 77 45] (self : t_F'0) (args : (t_Item'0, Snapshot.snap_ty (Seq.seq t_Item'0))) + - use prelude.prelude.Real + use seq.Seq - function cmp_log'0 [#"../../../creusot-contracts/src/num_rational.rs" 31 4 31 41] (self : Real.real) (o : Real.real) : t_Ordering'0 + predicate produces'0 [@inline:trivial] [#"../../../creusot-contracts/src/std/iter/map_inv.rs" 36 4 36 67] (self : t_MapInv'0) (visited : Seq.seq t_B'0) (succ : t_MapInv'0) = - [%#snum_rational1] if Real.(<) self o then C_Less'0 else if self = o then C_Equal'0 else C_Greater'0 + [%#smap_inv1] unnest'0 self.t_MapInv__func'0 succ.t_MapInv__func'0 + /\ (exists fs : Seq.seq (borrowed t_F'0) . Seq.length fs = Seq.length visited + /\ (exists s : Seq.seq t_Item'0 . Seq.length s = Seq.length visited + /\ produces'1 self.t_MapInv__iter'0 s succ.t_MapInv__iter'0 + /\ Snapshot.inner succ.t_MapInv__produced'0 = Seq.(++) (Snapshot.inner self.t_MapInv__produced'0) s + /\ (forall i : int . 1 <= i /\ i < Seq.length fs -> (Seq.get fs (i - 1)).final = (Seq.get fs i).current) + /\ (if Seq.length visited = 0 then + self.t_MapInv__func'0 = succ.t_MapInv__func'0 + else + (Seq.get fs 0).current = self.t_MapInv__func'0 + /\ (Seq.get fs (Seq.length visited - 1)).final = succ.t_MapInv__func'0 + ) + /\ (forall i : int . 0 <= i /\ i < Seq.length visited + -> unnest'0 self.t_MapInv__func'0 (Seq.get fs i).current + /\ precondition'0 (Seq.get fs i).current (Seq.get s i, Snapshot.new (Seq.(++) (Snapshot.inner self.t_MapInv__produced'0) (Seq.([..]) s 0 i))) + /\ postcondition_mut'0 (Seq.get fs i).current (Seq.get s i, Snapshot.new (Seq.(++) (Snapshot.inner self.t_MapInv__produced'0) (Seq.([..]) s 0 i))) (Seq.get fs i).final (Seq.get visited i)))) - goal refines : [%#sord0] forall x : Real.real . forall y : Real.real . forall result : () . Real.(>=) x y - = (cmp_log'0 x y <> C_Less'0) -> Real.(>=) x y = (cmp_log'0 x y <> C_Less'0) + goal refines : [%#smap_inv0] forall self : t_MapInv'0 . forall result : () . produces'0 self (Seq.empty : Seq.seq t_B'0) self + -> produces'0 self (Seq.empty : Seq.seq t_B'0) self end -module M_creusot_contracts__num_rational__qyi7156484438548626841__cmp_gt_log__refines [#"../../../creusot-contracts/src/logic/ord.rs" 145 8 145 39] (* *) - let%span sord0 = "../../../creusot-contracts/src/logic/ord.rs" 145 8 145 39 - let%span snum_rational1 = "../../../creusot-contracts/src/num_rational.rs" 29 4 29 12 - - use prelude.prelude.Real +module M_creusot_contracts__stdqy35z1__iter__map_inv__qyi9026772487048432788__produces_trans__refines [#"../../../creusot-contracts/src/std/iter/map_inv.rs" 31 4 31 90] (* ::Item, F> as std::iter::Iterator> *) + let%span smap_inv0 = "../../../creusot-contracts/src/std/iter/map_inv.rs" 31 4 31 90 + let%span smap_inv1 = "../../../creusot-contracts/src/std/iter/map_inv.rs" 37 8 49 9 + let%span sops2 = "../../../creusot-contracts/src/std/ops.rs" 109 15 109 59 + let%span sops3 = "../../../creusot-contracts/src/std/ops.rs" 110 14 110 36 + let%span sops4 = "../../../creusot-contracts/src/std/ops.rs" 115 14 115 31 + let%span sops5 = "../../../creusot-contracts/src/std/ops.rs" 120 15 120 29 + let%span sops6 = "../../../creusot-contracts/src/std/ops.rs" 121 15 121 26 + let%span sops7 = "../../../creusot-contracts/src/std/ops.rs" 122 14 122 28 + let%span sops8 = "../../../creusot-contracts/src/std/ops.rs" 127 14 128 105 + let%span siter9 = "../../../creusot-contracts/src/std/iter.rs" 38 14 38 45 + let%span siter10 = "../../../creusot-contracts/src/std/iter.rs" 42 15 42 32 + let%span siter11 = "../../../creusot-contracts/src/std/iter.rs" 43 15 43 32 + let%span siter12 = "../../../creusot-contracts/src/std/iter.rs" 44 14 44 42 - use prelude.prelude.Real + type t_I'0 - type t_Ordering'0 = - | C_Less'0 - | C_Equal'0 - | C_Greater'0 + type t_F'0 - use prelude.prelude.Real + type t_Item'0 - function cmp_log'0 [#"../../../creusot-contracts/src/num_rational.rs" 31 4 31 41] (self : Real.real) (o : Real.real) : t_Ordering'0 - - = - [%#snum_rational1] if Real.(<) self o then C_Less'0 else if self = o then C_Equal'0 else C_Greater'0 + use seq.Seq - goal refines : [%#sord0] forall x : Real.real . forall y : Real.real . forall result : () . Real.(>) x y - = (cmp_log'0 x y = C_Greater'0) -> Real.(>) x y = (cmp_log'0 x y = C_Greater'0) -end -module M_creusot_contracts__num_rational__qyi7156484438548626841__antisym2__refines [#"../../../creusot-contracts/src/logic/ord.rs" 169 8 169 37] (* *) - let%span sord0 = "../../../creusot-contracts/src/logic/ord.rs" 169 8 169 37 - let%span snum_rational1 = "../../../creusot-contracts/src/num_rational.rs" 29 4 29 12 + use prelude.prelude.Snapshot - use prelude.prelude.Real + type t_MapInv'0 = + { t_MapInv__iter'0: t_I'0; t_MapInv__func'0: t_F'0; t_MapInv__produced'0: Snapshot.snap_ty (Seq.seq t_Item'0) } - type t_Ordering'0 = - | C_Less'0 - | C_Equal'0 - | C_Greater'0 + type t_B'0 - use prelude.prelude.Real + use seq.Seq - function cmp_log'0 [#"../../../creusot-contracts/src/num_rational.rs" 31 4 31 41] (self : Real.real) (o : Real.real) : t_Ordering'0 + predicate postcondition_once'0 [#"../../../creusot-contracts/src/std/ops.rs" 85 4 85 73] (self : t_F'0) (args : (t_Item'0, Snapshot.snap_ty (Seq.seq t_Item'0))) (result : t_B'0) - = - [%#snum_rational1] if Real.(<) self o then C_Less'0 else if self = o then C_Equal'0 else C_Greater'0 - - goal refines : [%#sord0] forall x : Real.real . forall y : Real.real . cmp_log'0 x y = C_Greater'0 - -> cmp_log'0 x y = C_Greater'0 /\ (forall result : () . cmp_log'0 y x = C_Less'0 -> cmp_log'0 y x = C_Less'0) -end -module M_creusot_contracts__num_rational__qyi7156484438548626841__trans__refines [#"../../../creusot-contracts/src/logic/ord.rs" 157 8 157 56] (* *) - let%span sord0 = "../../../creusot-contracts/src/logic/ord.rs" 157 8 157 56 - let%span snum_rational1 = "../../../creusot-contracts/src/num_rational.rs" 29 4 29 12 - - use prelude.prelude.Real - type t_Ordering'0 = - | C_Less'0 - | C_Equal'0 - | C_Greater'0 + use prelude.prelude.Borrow - use prelude.prelude.Real + predicate resolve'0 [#"../../../creusot-contracts/src/resolve.rs" 19 0 19 40] (_1 : t_F'0) - function cmp_log'0 [#"../../../creusot-contracts/src/num_rational.rs" 31 4 31 41] (self : Real.real) (o : Real.real) : t_Ordering'0 + predicate postcondition_mut'0 [#"../../../creusot-contracts/src/std/ops.rs" 95 4 95 92] (self : t_F'0) (args : (t_Item'0, Snapshot.snap_ty (Seq.seq t_Item'0))) (result_state : t_F'0) (result : t_B'0) - = - [%#snum_rational1] if Real.(<) self o then C_Less'0 else if self = o then C_Equal'0 else C_Greater'0 - - goal refines : [%#sord0] forall x : Real.real . forall y : Real.real . forall z : Real.real . forall o : t_Ordering'0 . cmp_log'0 y z - = o - /\ cmp_log'0 x y = o - -> cmp_log'0 y z = o /\ cmp_log'0 x y = o /\ (forall result : () . cmp_log'0 x z = o -> cmp_log'0 x z = o) -end -module M_creusot_contracts__num_rational__qyi7156484438548626841__antisym1__refines [#"../../../creusot-contracts/src/logic/ord.rs" 163 8 163 37] (* *) - let%span sord0 = "../../../creusot-contracts/src/logic/ord.rs" 163 8 163 37 - let%span snum_rational1 = "../../../creusot-contracts/src/num_rational.rs" 29 4 29 12 - use prelude.prelude.Real + function fn_mut_once'0 [#"../../../creusot-contracts/src/std/ops.rs" 129 4 129 55] (self : t_F'0) (args : (t_Item'0, Snapshot.snap_ty (Seq.seq t_Item'0))) (res : t_B'0) : () + - type t_Ordering'0 = - | C_Less'0 - | C_Equal'0 - | C_Greater'0 + axiom fn_mut_once'0_spec : forall self : t_F'0, args : (t_Item'0, Snapshot.snap_ty (Seq.seq t_Item'0)), res : t_B'0 . [%#sops8] postcondition_once'0 self args res + = (exists res_state : t_F'0 . postcondition_mut'0 self args res_state res /\ resolve'0 res_state) - use prelude.prelude.Real + predicate unnest'0 [#"../../../creusot-contracts/src/std/ops.rs" 103 4 103 36] (self : t_F'0) (_2 : t_F'0) - function cmp_log'0 [#"../../../creusot-contracts/src/num_rational.rs" 31 4 31 41] (self : Real.real) (o : Real.real) : t_Ordering'0 + function unnest_trans'0 [#"../../../creusot-contracts/src/std/ops.rs" 123 4 123 43] (self : t_F'0) (b : t_F'0) (c : t_F'0) : () - = - [%#snum_rational1] if Real.(<) self o then C_Less'0 else if self = o then C_Equal'0 else C_Greater'0 - - goal refines : [%#sord0] forall x : Real.real . forall y : Real.real . cmp_log'0 x y = C_Less'0 - -> cmp_log'0 x y = C_Less'0 /\ (forall result : () . cmp_log'0 y x = C_Greater'0 -> cmp_log'0 y x = C_Greater'0) -end -module M_creusot_contracts__num_rational__qyi7156484438548626841__refl__refines [#"../../../creusot-contracts/src/logic/ord.rs" 150 8 150 24] (* *) - let%span sord0 = "../../../creusot-contracts/src/logic/ord.rs" 150 8 150 24 - let%span snum_rational1 = "../../../creusot-contracts/src/num_rational.rs" 29 4 29 12 - use prelude.prelude.Real + axiom unnest_trans'0_spec : forall self : t_F'0, b : t_F'0, c : t_F'0 . ([%#sops5] unnest'0 self b) + -> ([%#sops6] unnest'0 b c) -> ([%#sops7] unnest'0 self c) - type t_Ordering'0 = - | C_Less'0 - | C_Equal'0 - | C_Greater'0 + function unnest_refl'0 [#"../../../creusot-contracts/src/std/ops.rs" 116 4 116 24] (self : t_F'0) : () - use prelude.prelude.Real + axiom unnest_refl'0_spec : forall self : t_F'0 . [%#sops4] unnest'0 self self - function cmp_log'0 [#"../../../creusot-contracts/src/num_rational.rs" 31 4 31 41] (self : Real.real) (o : Real.real) : t_Ordering'0 + function postcondition_mut_unnest'0 [#"../../../creusot-contracts/src/std/ops.rs" 111 4 111 85] (self : t_F'0) (args : (t_Item'0, Snapshot.snap_ty (Seq.seq t_Item'0))) (res_state : t_F'0) (res : t_B'0) : () - = - [%#snum_rational1] if Real.(<) self o then C_Less'0 else if self = o then C_Equal'0 else C_Greater'0 - goal refines : [%#sord0] forall x : Real.real . forall result : () . cmp_log'0 x x = C_Equal'0 - -> cmp_log'0 x x = C_Equal'0 -end -module M_creusot_contracts__logic__ord__qyi8355372356285216375__cmp_ge_log__refines [#"../../../creusot-contracts/src/logic/ord.rs" 140 8 140 39] (* *) - let%span sord0 = "../../../creusot-contracts/src/logic/ord.rs" 140 8 140 39 - let%span sord1 = "../../../creusot-contracts/src/logic/ord.rs" 186 16 192 17 + axiom postcondition_mut_unnest'0_spec : forall self : t_F'0, args : (t_Item'0, Snapshot.snap_ty (Seq.seq t_Item'0)), res_state : t_F'0, res : t_B'0 . ([%#sops2] postcondition_mut'0 self args res_state res) + -> ([%#sops3] unnest'0 self res_state) - use prelude.prelude.Int + use seq.Seq - type t_Ordering'0 = - | C_Less'0 - | C_Equal'0 - | C_Greater'0 + use seq.Seq - function cmp_log'0 [#"../../../creusot-contracts/src/logic/ord.rs" 185 12 185 49] (self : int) (o : int) : t_Ordering'0 - - = - [%#sord1] if self < o then C_Less'0 else if self = o then C_Equal'0 else C_Greater'0 + use seq.Seq - goal refines : [%#sord0] forall x : int . forall y : int . forall result : () . (x >= y) = (cmp_log'0 x y <> C_Less'0) - -> (x >= y) = (cmp_log'0 x y <> C_Less'0) -end -module M_creusot_contracts__logic__ord__qyi8355372356285216375__refl__refines [#"../../../creusot-contracts/src/logic/ord.rs" 150 8 150 24] (* *) - let%span sord0 = "../../../creusot-contracts/src/logic/ord.rs" 150 8 150 24 - let%span sord1 = "../../../creusot-contracts/src/logic/ord.rs" 186 16 192 17 + use seq.Seq - use prelude.prelude.Int + use seq.Seq - type t_Ordering'0 = - | C_Less'0 - | C_Equal'0 - | C_Greater'0 + use seq.Seq - function cmp_log'0 [#"../../../creusot-contracts/src/logic/ord.rs" 185 12 185 49] (self : int) (o : int) : t_Ordering'0 + predicate produces'1 [#"../../../creusot-contracts/src/std/iter.rs" 32 4 32 65] (self : t_I'0) (visited : Seq.seq t_Item'0) (o : t_I'0) - = - [%#sord1] if self < o then C_Less'0 else if self = o then C_Equal'0 else C_Greater'0 - goal refines : [%#sord0] forall x : int . forall result : () . cmp_log'0 x x = C_Equal'0 -> cmp_log'0 x x = C_Equal'0 -end -module M_creusot_contracts__logic__ord__qyi8355372356285216375__cmp_gt_log__refines [#"../../../creusot-contracts/src/logic/ord.rs" 145 8 145 39] (* *) - let%span sord0 = "../../../creusot-contracts/src/logic/ord.rs" 145 8 145 39 - let%span sord1 = "../../../creusot-contracts/src/logic/ord.rs" 186 16 192 17 + function produces_trans'1 [#"../../../creusot-contracts/src/std/iter.rs" 45 4 45 91] (a : t_I'0) (ab : Seq.seq t_Item'0) (b : t_I'0) (bc : Seq.seq t_Item'0) (c : t_I'0) : () + - use prelude.prelude.Int + axiom produces_trans'1_spec : forall a : t_I'0, ab : Seq.seq t_Item'0, b : t_I'0, bc : Seq.seq t_Item'0, c : t_I'0 . ([%#siter10] produces'1 a ab b) + -> ([%#siter11] produces'1 b bc c) -> ([%#siter12] produces'1 a (Seq.(++) ab bc) c) - type t_Ordering'0 = - | C_Less'0 - | C_Equal'0 - | C_Greater'0 + function produces_refl'0 [#"../../../creusot-contracts/src/std/iter.rs" 39 4 39 27] (self : t_I'0) : () - function cmp_log'0 [#"../../../creusot-contracts/src/logic/ord.rs" 185 12 185 49] (self : int) (o : int) : t_Ordering'0 - - = - [%#sord1] if self < o then C_Less'0 else if self = o then C_Equal'0 else C_Greater'0 + axiom produces_refl'0_spec : forall self : t_I'0 . [%#siter9] produces'1 self (Seq.empty : Seq.seq t_Item'0) self - goal refines : [%#sord0] forall x : int . forall y : int . forall result : () . (x > y) - = (cmp_log'0 x y = C_Greater'0) -> (x > y) = (cmp_log'0 x y = C_Greater'0) -end -module M_creusot_contracts__logic__ord__qyi8355372356285216375__cmp_lt_log__refines [#"../../../creusot-contracts/src/logic/ord.rs" 135 8 135 39] (* *) - let%span sord0 = "../../../creusot-contracts/src/logic/ord.rs" 135 8 135 39 - let%span sord1 = "../../../creusot-contracts/src/logic/ord.rs" 186 16 192 17 + use prelude.prelude.Snapshot + + use prelude.prelude.Snapshot use prelude.prelude.Int - type t_Ordering'0 = - | C_Less'0 - | C_Equal'0 - | C_Greater'0 + use seq.Seq - function cmp_log'0 [#"../../../creusot-contracts/src/logic/ord.rs" 185 12 185 49] (self : int) (o : int) : t_Ordering'0 - - = - [%#sord1] if self < o then C_Less'0 else if self = o then C_Equal'0 else C_Greater'0 + use seq.Seq - goal refines : [%#sord0] forall x : int . forall y : int . forall result : () . (x < y) = (cmp_log'0 x y = C_Less'0) - -> (x < y) = (cmp_log'0 x y = C_Less'0) -end -module M_creusot_contracts__logic__ord__qyi8355372356285216375__eq_cmp__refines [#"../../../creusot-contracts/src/logic/ord.rs" 174 8 174 35] (* *) - let%span sord0 = "../../../creusot-contracts/src/logic/ord.rs" 174 8 174 35 - let%span sord1 = "../../../creusot-contracts/src/logic/ord.rs" 186 16 192 17 + use seq.Seq - use prelude.prelude.Int + use prelude.prelude.Snapshot - type t_Ordering'0 = - | C_Less'0 - | C_Equal'0 - | C_Greater'0 + predicate precondition'0 [#"../../../creusot-contracts/src/std/ops.rs" 77 4 77 45] (self : t_F'0) (args : (t_Item'0, Snapshot.snap_ty (Seq.seq t_Item'0))) + - function cmp_log'0 [#"../../../creusot-contracts/src/logic/ord.rs" 185 12 185 49] (self : int) (o : int) : t_Ordering'0 + use seq.Seq + + predicate produces'0 [@inline:trivial] [#"../../../creusot-contracts/src/std/iter/map_inv.rs" 36 4 36 67] (self : t_MapInv'0) (visited : Seq.seq t_B'0) (succ : t_MapInv'0) = - [%#sord1] if self < o then C_Less'0 else if self = o then C_Equal'0 else C_Greater'0 + [%#smap_inv1] unnest'0 self.t_MapInv__func'0 succ.t_MapInv__func'0 + /\ (exists fs : Seq.seq (borrowed t_F'0) . Seq.length fs = Seq.length visited + /\ (exists s : Seq.seq t_Item'0 . Seq.length s = Seq.length visited + /\ produces'1 self.t_MapInv__iter'0 s succ.t_MapInv__iter'0 + /\ Snapshot.inner succ.t_MapInv__produced'0 = Seq.(++) (Snapshot.inner self.t_MapInv__produced'0) s + /\ (forall i : int . 1 <= i /\ i < Seq.length fs -> (Seq.get fs (i - 1)).final = (Seq.get fs i).current) + /\ (if Seq.length visited = 0 then + self.t_MapInv__func'0 = succ.t_MapInv__func'0 + else + (Seq.get fs 0).current = self.t_MapInv__func'0 + /\ (Seq.get fs (Seq.length visited - 1)).final = succ.t_MapInv__func'0 + ) + /\ (forall i : int . 0 <= i /\ i < Seq.length visited + -> unnest'0 self.t_MapInv__func'0 (Seq.get fs i).current + /\ precondition'0 (Seq.get fs i).current (Seq.get s i, Snapshot.new (Seq.(++) (Snapshot.inner self.t_MapInv__produced'0) (Seq.([..]) s 0 i))) + /\ postcondition_mut'0 (Seq.get fs i).current (Seq.get s i, Snapshot.new (Seq.(++) (Snapshot.inner self.t_MapInv__produced'0) (Seq.([..]) s 0 i))) (Seq.get fs i).final (Seq.get visited i)))) - goal refines : [%#sord0] forall x : int . forall y : int . forall result : () . (x = y) = (cmp_log'0 x y = C_Equal'0) - -> (x = y) = (cmp_log'0 x y = C_Equal'0) -end -module M_creusot_contracts__logic__ord__qyi8355372356285216375__antisym1__refines [#"../../../creusot-contracts/src/logic/ord.rs" 163 8 163 37] (* *) - let%span sord0 = "../../../creusot-contracts/src/logic/ord.rs" 163 8 163 37 - let%span sord1 = "../../../creusot-contracts/src/logic/ord.rs" 186 16 192 17 + use seq.Seq - use prelude.prelude.Int + goal refines : [%#smap_inv0] forall a : t_MapInv'0 . forall ab : Seq.seq t_B'0 . forall b : t_MapInv'0 . forall bc : Seq.seq t_B'0 . forall c : t_MapInv'0 . produces'0 b bc c + /\ produces'0 a ab b + -> produces'0 b bc c + /\ produces'0 a ab b /\ (forall result : () . produces'0 a (Seq.(++) ab bc) c -> produces'0 a (Seq.(++) ab bc) c) +end +module M_creusot_contracts__stdqy35z1__iter__once__qyi8116812009287608646__produces_trans__refines [#"../../../creusot-contracts/src/std/iter/once.rs" 39 4 39 90] (* as std::iter::Iterator> *) + let%span sonce0 = "../../../creusot-contracts/src/std/iter/once.rs" 39 4 39 90 + let%span sonce1 = "../../../creusot-contracts/src/std/iter/once.rs" 24 12 25 96 - type t_Ordering'0 = - | C_Less'0 - | C_Equal'0 - | C_Greater'0 + type t_T'0 - function cmp_log'0 [#"../../../creusot-contracts/src/logic/ord.rs" 185 12 185 49] (self : int) (o : int) : t_Ordering'0 - - = - [%#sord1] if self < o then C_Less'0 else if self = o then C_Equal'0 else C_Greater'0 + type t_Option'0 = + | C_None'0 + | C_Some'0 t_T'0 - goal refines : [%#sord0] forall x : int . forall y : int . cmp_log'0 x y = C_Less'0 - -> cmp_log'0 x y = C_Less'0 /\ (forall result : () . cmp_log'0 y x = C_Greater'0 -> cmp_log'0 y x = C_Greater'0) -end -module M_creusot_contracts__logic__ord__qyi8355372356285216375__antisym2__refines [#"../../../creusot-contracts/src/logic/ord.rs" 169 8 169 37] (* *) - let%span sord0 = "../../../creusot-contracts/src/logic/ord.rs" 169 8 169 37 - let%span sord1 = "../../../creusot-contracts/src/logic/ord.rs" 186 16 192 17 + type t_Item'0 = + { t_Item__opt'0: t_Option'0 } - use prelude.prelude.Int + type t_IntoIter'0 = + { t_IntoIter__inner'0: t_Item'0 } - type t_Ordering'0 = - | C_Less'0 - | C_Equal'0 - | C_Greater'0 + type t_Once'0 = + { t_Once__inner'0: t_IntoIter'0 } - function cmp_log'0 [#"../../../creusot-contracts/src/logic/ord.rs" 185 12 185 49] (self : int) (o : int) : t_Ordering'0 - - = - [%#sord1] if self < o then C_Less'0 else if self = o then C_Equal'0 else C_Greater'0 + use seq.Seq - goal refines : [%#sord0] forall x : int . forall y : int . cmp_log'0 x y = C_Greater'0 - -> cmp_log'0 x y = C_Greater'0 /\ (forall result : () . cmp_log'0 y x = C_Less'0 -> cmp_log'0 y x = C_Less'0) -end -module M_creusot_contracts__logic__ord__qyi8355372356285216375__cmp_le_log__refines [#"../../../creusot-contracts/src/logic/ord.rs" 130 8 130 39] (* *) - let%span sord0 = "../../../creusot-contracts/src/logic/ord.rs" 130 8 130 39 - let%span sord1 = "../../../creusot-contracts/src/logic/ord.rs" 186 16 192 17 + use seq.Seq - use prelude.prelude.Int + function view'0 [#"../../../creusot-contracts/src/std/iter/once.rs" 8 4 8 30] (self : t_Once'0) : t_Option'0 - type t_Ordering'0 = - | C_Less'0 - | C_Equal'0 - | C_Greater'0 + use seq.Seq - function cmp_log'0 [#"../../../creusot-contracts/src/logic/ord.rs" 185 12 185 49] (self : int) (o : int) : t_Ordering'0 + predicate produces'0 [#"../../../creusot-contracts/src/std/iter/once.rs" 22 4 22 64] (self : t_Once'0) (visited : Seq.seq t_T'0) (o : t_Once'0) = - [%#sord1] if self < o then C_Less'0 else if self = o then C_Equal'0 else C_Greater'0 + [%#sonce1] visited = (Seq.empty : Seq.seq t_T'0) /\ self = o + \/ (exists e : t_T'0 . view'0 self = C_Some'0 e /\ visited = Seq.singleton e /\ view'0 o = C_None'0) - goal refines : [%#sord0] forall x : int . forall y : int . forall result : () . (x <= y) - = (cmp_log'0 x y <> C_Greater'0) -> (x <= y) = (cmp_log'0 x y <> C_Greater'0) + use seq.Seq + + goal refines : [%#sonce0] forall a : t_Once'0 . forall ab : Seq.seq t_T'0 . forall b : t_Once'0 . forall bc : Seq.seq t_T'0 . forall c : t_Once'0 . produces'0 b bc c + /\ produces'0 a ab b + -> produces'0 b bc c + /\ produces'0 a ab b /\ (forall result : () . produces'0 a (Seq.(++) ab bc) c -> produces'0 a (Seq.(++) ab bc) c) end -module M_creusot_contracts__logic__ord__qyi8355372356285216375__trans__refines [#"../../../creusot-contracts/src/logic/ord.rs" 157 8 157 56] (* *) - let%span sord0 = "../../../creusot-contracts/src/logic/ord.rs" 157 8 157 56 - let%span sord1 = "../../../creusot-contracts/src/logic/ord.rs" 186 16 192 17 +module M_creusot_contracts__stdqy35z1__iter__once__qyi8116812009287608646__produces_refl__refines [#"../../../creusot-contracts/src/std/iter/once.rs" 32 4 32 26] (* as std::iter::Iterator> *) + let%span sonce0 = "../../../creusot-contracts/src/std/iter/once.rs" 32 4 32 26 + let%span sonce1 = "../../../creusot-contracts/src/std/iter/once.rs" 24 12 25 96 - use prelude.prelude.Int + type t_T'0 - type t_Ordering'0 = - | C_Less'0 - | C_Equal'0 - | C_Greater'0 + type t_Option'0 = + | C_None'0 + | C_Some'0 t_T'0 - function cmp_log'0 [#"../../../creusot-contracts/src/logic/ord.rs" 185 12 185 49] (self : int) (o : int) : t_Ordering'0 - - = - [%#sord1] if self < o then C_Less'0 else if self = o then C_Equal'0 else C_Greater'0 + type t_Item'0 = + { t_Item__opt'0: t_Option'0 } - goal refines : [%#sord0] forall x : int . forall y : int . forall z : int . forall o : t_Ordering'0 . cmp_log'0 y z - = o - /\ cmp_log'0 x y = o - -> cmp_log'0 y z = o /\ cmp_log'0 x y = o /\ (forall result : () . cmp_log'0 x z = o -> cmp_log'0 x z = o) -end -module M_creusot_contracts__logic__ord__qyi15418235539824427604__eq_cmp__refines [#"../../../creusot-contracts/src/logic/ord.rs" 174 8 174 35] (* *) - let%span sord0 = "../../../creusot-contracts/src/logic/ord.rs" 174 8 174 35 - let%span sord1 = "../../../creusot-contracts/src/logic/ord.rs" 186 16 192 17 + type t_IntoIter'0 = + { t_IntoIter__inner'0: t_Item'0 } - use prelude.prelude.UInt8 + type t_Once'0 = + { t_Once__inner'0: t_IntoIter'0 } - type t_Ordering'0 = - | C_Less'0 - | C_Equal'0 - | C_Greater'0 + use seq.Seq - use prelude.prelude.Int + use seq.Seq - function cmp_log'0 [#"../../../creusot-contracts/src/logic/ord.rs" 185 12 185 49] (self : uint8) (o : uint8) : t_Ordering'0 + function view'0 [#"../../../creusot-contracts/src/std/iter/once.rs" 8 4 8 30] (self : t_Once'0) : t_Option'0 + + use seq.Seq + + predicate produces'0 [#"../../../creusot-contracts/src/std/iter/once.rs" 22 4 22 64] (self : t_Once'0) (visited : Seq.seq t_T'0) (o : t_Once'0) = - [%#sord1] if self < o then C_Less'0 else if self = o then C_Equal'0 else C_Greater'0 + [%#sonce1] visited = (Seq.empty : Seq.seq t_T'0) /\ self = o + \/ (exists e : t_T'0 . view'0 self = C_Some'0 e /\ visited = Seq.singleton e /\ view'0 o = C_None'0) - goal refines : [%#sord0] forall x : uint8 . forall y : uint8 . forall result : () . (x = y) - = (cmp_log'0 x y = C_Equal'0) -> (x = y) = (cmp_log'0 x y = C_Equal'0) + goal refines : [%#sonce0] forall self : t_Once'0 . forall result : () . produces'0 self (Seq.empty : Seq.seq t_T'0) self + -> produces'0 self (Seq.empty : Seq.seq t_T'0) self end -module M_creusot_contracts__logic__ord__qyi15418235539824427604__cmp_gt_log__refines [#"../../../creusot-contracts/src/logic/ord.rs" 145 8 145 39] (* *) - let%span sord0 = "../../../creusot-contracts/src/logic/ord.rs" 145 8 145 39 - let%span sord1 = "../../../creusot-contracts/src/logic/ord.rs" 186 16 192 17 +module M_creusot_contracts__stdqy35z1__iter__range__qyi16860283617022118777__produces_refl__refines [#"../../../creusot-contracts/src/std/iter/range.rs" 33 4 33 26] (* as std::iter::Iterator> *) + let%span srange0 = "../../../creusot-contracts/src/std/iter/range.rs" 33 4 33 26 + let%span srange1 = "../../../creusot-contracts/src/std/iter/range.rs" 22 12 26 70 - use prelude.prelude.UInt8 + type t_Idx'0 - use prelude.prelude.Int + type t_Range'0 = + { t_Range__start'0: t_Idx'0; t_Range__end'0: t_Idx'0 } - type t_Ordering'0 = - | C_Less'0 - | C_Equal'0 - | C_Greater'0 + use seq.Seq - function cmp_log'0 [#"../../../creusot-contracts/src/logic/ord.rs" 185 12 185 49] (self : uint8) (o : uint8) : t_Ordering'0 - - = - [%#sord1] if self < o then C_Less'0 else if self = o then C_Equal'0 else C_Greater'0 + use seq.Seq - goal refines : [%#sord0] forall x : uint8 . forall y : uint8 . forall result : () . (x > y) - = (cmp_log'0 x y = C_Greater'0) -> (x > y) = (cmp_log'0 x y = C_Greater'0) -end -module M_creusot_contracts__logic__ord__qyi15418235539824427604__trans__refines [#"../../../creusot-contracts/src/logic/ord.rs" 157 8 157 56] (* *) - let%span sord0 = "../../../creusot-contracts/src/logic/ord.rs" 157 8 157 56 - let%span sord1 = "../../../creusot-contracts/src/logic/ord.rs" 186 16 192 17 + use prelude.prelude.Int - use prelude.prelude.UInt8 + function deep_model'0 [#"../../../creusot-contracts/src/model.rs" 29 4 29 45] (self : t_Idx'0) : int - type t_Ordering'0 = - | C_Less'0 - | C_Equal'0 - | C_Greater'0 + use seq.Seq - use prelude.prelude.Int + use seq.Seq - function cmp_log'0 [#"../../../creusot-contracts/src/logic/ord.rs" 185 12 185 49] (self : uint8) (o : uint8) : t_Ordering'0 + predicate produces'0 [#"../../../creusot-contracts/src/std/iter/range.rs" 20 4 20 64] (self : t_Range'0) (visited : Seq.seq t_Idx'0) (o : t_Range'0) = - [%#sord1] if self < o then C_Less'0 else if self = o then C_Equal'0 else C_Greater'0 + [%#srange1] self.t_Range__end'0 = o.t_Range__end'0 + /\ deep_model'0 self.t_Range__start'0 <= deep_model'0 o.t_Range__start'0 + /\ (Seq.length visited > 0 -> deep_model'0 o.t_Range__start'0 <= deep_model'0 o.t_Range__end'0) + /\ Seq.length visited = deep_model'0 o.t_Range__start'0 - deep_model'0 self.t_Range__start'0 + /\ (forall i : int . 0 <= i /\ i < Seq.length visited + -> deep_model'0 (Seq.get visited i) = deep_model'0 self.t_Range__start'0 + i) - goal refines : [%#sord0] forall x : uint8 . forall y : uint8 . forall z : uint8 . forall o : t_Ordering'0 . cmp_log'0 y z - = o - /\ cmp_log'0 x y = o - -> cmp_log'0 y z = o /\ cmp_log'0 x y = o /\ (forall result : () . cmp_log'0 x z = o -> cmp_log'0 x z = o) + goal refines : [%#srange0] forall self : t_Range'0 . forall result : () . produces'0 self (Seq.empty : Seq.seq t_Idx'0) self + -> produces'0 self (Seq.empty : Seq.seq t_Idx'0) self end -module M_creusot_contracts__logic__ord__qyi15418235539824427604__antisym2__refines [#"../../../creusot-contracts/src/logic/ord.rs" 169 8 169 37] (* *) - let%span sord0 = "../../../creusot-contracts/src/logic/ord.rs" 169 8 169 37 - let%span sord1 = "../../../creusot-contracts/src/logic/ord.rs" 186 16 192 17 +module M_creusot_contracts__stdqy35z1__iter__range__qyi16860283617022118777__produces_trans__refines [#"../../../creusot-contracts/src/std/iter/range.rs" 40 4 40 90] (* as std::iter::Iterator> *) + let%span srange0 = "../../../creusot-contracts/src/std/iter/range.rs" 40 4 40 90 + let%span srange1 = "../../../creusot-contracts/src/std/iter/range.rs" 22 12 26 70 - use prelude.prelude.UInt8 + type t_Idx'0 - type t_Ordering'0 = - | C_Less'0 - | C_Equal'0 - | C_Greater'0 + type t_Range'0 = + { t_Range__start'0: t_Idx'0; t_Range__end'0: t_Idx'0 } + + use seq.Seq use prelude.prelude.Int - function cmp_log'0 [#"../../../creusot-contracts/src/logic/ord.rs" 185 12 185 49] (self : uint8) (o : uint8) : t_Ordering'0 + function deep_model'0 [#"../../../creusot-contracts/src/model.rs" 29 4 29 45] (self : t_Idx'0) : int + + use seq.Seq + + use seq.Seq + + predicate produces'0 [#"../../../creusot-contracts/src/std/iter/range.rs" 20 4 20 64] (self : t_Range'0) (visited : Seq.seq t_Idx'0) (o : t_Range'0) = - [%#sord1] if self < o then C_Less'0 else if self = o then C_Equal'0 else C_Greater'0 + [%#srange1] self.t_Range__end'0 = o.t_Range__end'0 + /\ deep_model'0 self.t_Range__start'0 <= deep_model'0 o.t_Range__start'0 + /\ (Seq.length visited > 0 -> deep_model'0 o.t_Range__start'0 <= deep_model'0 o.t_Range__end'0) + /\ Seq.length visited = deep_model'0 o.t_Range__start'0 - deep_model'0 self.t_Range__start'0 + /\ (forall i : int . 0 <= i /\ i < Seq.length visited + -> deep_model'0 (Seq.get visited i) = deep_model'0 self.t_Range__start'0 + i) - goal refines : [%#sord0] forall x : uint8 . forall y : uint8 . cmp_log'0 x y = C_Greater'0 - -> cmp_log'0 x y = C_Greater'0 /\ (forall result : () . cmp_log'0 y x = C_Less'0 -> cmp_log'0 y x = C_Less'0) -end -module M_creusot_contracts__logic__ord__qyi15418235539824427604__cmp_le_log__refines [#"../../../creusot-contracts/src/logic/ord.rs" 130 8 130 39] (* *) - let%span sord0 = "../../../creusot-contracts/src/logic/ord.rs" 130 8 130 39 - let%span sord1 = "../../../creusot-contracts/src/logic/ord.rs" 186 16 192 17 + use seq.Seq - use prelude.prelude.UInt8 + goal refines : [%#srange0] forall a : t_Range'0 . forall ab : Seq.seq t_Idx'0 . forall b : t_Range'0 . forall bc : Seq.seq t_Idx'0 . forall c : t_Range'0 . produces'0 b bc c + /\ produces'0 a ab b + -> produces'0 b bc c + /\ produces'0 a ab b /\ (forall result : () . produces'0 a (Seq.(++) ab bc) c -> produces'0 a (Seq.(++) ab bc) c) +end +module M_creusot_contracts__stdqy35z1__iter__range__qyi11108913944999844411__produces_trans__refines [#"../../../creusot-contracts/src/std/iter/range.rs" 84 4 84 90] (* as std::iter::Iterator> *) + let%span srange0 = "../../../creusot-contracts/src/std/iter/range.rs" 84 4 84 90 + let%span srange1 = "../../../creusot-contracts/src/std/iter/range.rs" 66 12 70 76 + let%span srange2 = "../../../creusot-contracts/src/std/iter/range.rs" 45 10 45 43 + let%span srange3 = "../../../creusot-contracts/src/std/iter/range.rs" 47 4 50 5 + let%span sops4 = "../../../creusot-contracts/src/std/ops.rs" 205 14 205 86 - use prelude.prelude.Int + type t_Idx'0 - type t_Ordering'0 = - | C_Less'0 - | C_Equal'0 - | C_Greater'0 + type t_RangeInclusive'0 = + { t_RangeInclusive__start'0: t_Idx'0; t_RangeInclusive__end'0: t_Idx'0; t_RangeInclusive__exhausted'0: bool } - function cmp_log'0 [#"../../../creusot-contracts/src/logic/ord.rs" 185 12 185 49] (self : uint8) (o : uint8) : t_Ordering'0 - - = - [%#sord1] if self < o then C_Less'0 else if self = o then C_Equal'0 else C_Greater'0 + use seq.Seq - goal refines : [%#sord0] forall x : uint8 . forall y : uint8 . forall result : () . (x <= y) - = (cmp_log'0 x y <> C_Greater'0) -> (x <= y) = (cmp_log'0 x y <> C_Greater'0) -end -module M_creusot_contracts__logic__ord__qyi15418235539824427604__cmp_lt_log__refines [#"../../../creusot-contracts/src/logic/ord.rs" 135 8 135 39] (* *) - let%span sord0 = "../../../creusot-contracts/src/logic/ord.rs" 135 8 135 39 - let%span sord1 = "../../../creusot-contracts/src/logic/ord.rs" 186 16 192 17 + use seq.Seq - use prelude.prelude.UInt8 + function start_log'0 [#"../../../creusot-contracts/src/std/ops.rs" 193 4 193 29] (self : t_RangeInclusive'0) : t_Idx'0 use prelude.prelude.Int - type t_Ordering'0 = - | C_Less'0 - | C_Equal'0 - | C_Greater'0 + function deep_model'0 [#"../../../creusot-contracts/src/model.rs" 29 4 29 45] (self : t_Idx'0) : int - function cmp_log'0 [#"../../../creusot-contracts/src/logic/ord.rs" 185 12 185 49] (self : uint8) (o : uint8) : t_Ordering'0 - - = - [%#sord1] if self < o then C_Less'0 else if self = o then C_Equal'0 else C_Greater'0 + function end_log'0 [#"../../../creusot-contracts/src/std/ops.rs" 199 4 199 27] (self : t_RangeInclusive'0) : t_Idx'0 - goal refines : [%#sord0] forall x : uint8 . forall y : uint8 . forall result : () . (x < y) - = (cmp_log'0 x y = C_Less'0) -> (x < y) = (cmp_log'0 x y = C_Less'0) -end -module M_creusot_contracts__logic__ord__qyi15418235539824427604__cmp_ge_log__refines [#"../../../creusot-contracts/src/logic/ord.rs" 140 8 140 39] (* *) - let%span sord0 = "../../../creusot-contracts/src/logic/ord.rs" 140 8 140 39 - let%span sord1 = "../../../creusot-contracts/src/logic/ord.rs" 186 16 192 17 + function is_empty_log'0 [#"../../../creusot-contracts/src/std/ops.rs" 206 4 209 35] (self : t_RangeInclusive'0) : bool - use prelude.prelude.UInt8 + axiom is_empty_log'0_spec : forall self : t_RangeInclusive'0 . [%#sops4] not is_empty_log'0 self + -> deep_model'0 (start_log'0 self) <= deep_model'0 (end_log'0 self) - use prelude.prelude.Int + function range_inclusive_len'0 [#"../../../creusot-contracts/src/std/iter/range.rs" 46 0 46 92] (r : t_RangeInclusive'0) : int + + = + [%#srange3] if is_empty_log'0 r then 0 else deep_model'0 (end_log'0 r) - deep_model'0 (start_log'0 r) + 1 - type t_Ordering'0 = - | C_Less'0 - | C_Equal'0 - | C_Greater'0 + axiom range_inclusive_len'0_spec : forall r : t_RangeInclusive'0 . [%#srange2] is_empty_log'0 r + = (range_inclusive_len'0 r = 0) - function cmp_log'0 [#"../../../creusot-contracts/src/logic/ord.rs" 185 12 185 49] (self : uint8) (o : uint8) : t_Ordering'0 + use seq.Seq + + predicate produces'0 [#"../../../creusot-contracts/src/std/iter/range.rs" 64 4 64 64] (self : t_RangeInclusive'0) (visited : Seq.seq t_Idx'0) (o : t_RangeInclusive'0) = - [%#sord1] if self < o then C_Less'0 else if self = o then C_Equal'0 else C_Greater'0 + [%#srange1] Seq.length visited = range_inclusive_len'0 self - range_inclusive_len'0 o + /\ (is_empty_log'0 self -> is_empty_log'0 o) + /\ (is_empty_log'0 o \/ end_log'0 self = end_log'0 o) + /\ (forall i : int . 0 <= i /\ i < Seq.length visited + -> deep_model'0 (Seq.get visited i) = deep_model'0 (start_log'0 self) + i) - goal refines : [%#sord0] forall x : uint8 . forall y : uint8 . forall result : () . (x >= y) - = (cmp_log'0 x y <> C_Less'0) -> (x >= y) = (cmp_log'0 x y <> C_Less'0) -end -module M_creusot_contracts__logic__ord__qyi15418235539824427604__antisym1__refines [#"../../../creusot-contracts/src/logic/ord.rs" 163 8 163 37] (* *) - let%span sord0 = "../../../creusot-contracts/src/logic/ord.rs" 163 8 163 37 - let%span sord1 = "../../../creusot-contracts/src/logic/ord.rs" 186 16 192 17 + use seq.Seq - use prelude.prelude.UInt8 + goal refines : [%#srange0] forall a : t_RangeInclusive'0 . forall ab : Seq.seq t_Idx'0 . forall b : t_RangeInclusive'0 . forall bc : Seq.seq t_Idx'0 . forall c : t_RangeInclusive'0 . produces'0 b bc c + /\ produces'0 a ab b + -> produces'0 b bc c + /\ produces'0 a ab b /\ (forall result : () . produces'0 a (Seq.(++) ab bc) c -> produces'0 a (Seq.(++) ab bc) c) +end +module M_creusot_contracts__stdqy35z1__iter__range__qyi11108913944999844411__produces_refl__refines [#"../../../creusot-contracts/src/std/iter/range.rs" 77 4 77 26] (* as std::iter::Iterator> *) + let%span srange0 = "../../../creusot-contracts/src/std/iter/range.rs" 77 4 77 26 + let%span srange1 = "../../../creusot-contracts/src/std/iter/range.rs" 66 12 70 76 + let%span srange2 = "../../../creusot-contracts/src/std/iter/range.rs" 45 10 45 43 + let%span srange3 = "../../../creusot-contracts/src/std/iter/range.rs" 47 4 50 5 + let%span sops4 = "../../../creusot-contracts/src/std/ops.rs" 205 14 205 86 - type t_Ordering'0 = - | C_Less'0 - | C_Equal'0 - | C_Greater'0 + type t_Idx'0 - use prelude.prelude.Int + type t_RangeInclusive'0 = + { t_RangeInclusive__start'0: t_Idx'0; t_RangeInclusive__end'0: t_Idx'0; t_RangeInclusive__exhausted'0: bool } - function cmp_log'0 [#"../../../creusot-contracts/src/logic/ord.rs" 185 12 185 49] (self : uint8) (o : uint8) : t_Ordering'0 - - = - [%#sord1] if self < o then C_Less'0 else if self = o then C_Equal'0 else C_Greater'0 + use seq.Seq - goal refines : [%#sord0] forall x : uint8 . forall y : uint8 . cmp_log'0 x y = C_Less'0 - -> cmp_log'0 x y = C_Less'0 /\ (forall result : () . cmp_log'0 y x = C_Greater'0 -> cmp_log'0 y x = C_Greater'0) -end -module M_creusot_contracts__logic__ord__qyi15418235539824427604__refl__refines [#"../../../creusot-contracts/src/logic/ord.rs" 150 8 150 24] (* *) - let%span sord0 = "../../../creusot-contracts/src/logic/ord.rs" 150 8 150 24 - let%span sord1 = "../../../creusot-contracts/src/logic/ord.rs" 186 16 192 17 + use seq.Seq - use prelude.prelude.UInt8 + use seq.Seq - type t_Ordering'0 = - | C_Less'0 - | C_Equal'0 - | C_Greater'0 + function start_log'0 [#"../../../creusot-contracts/src/std/ops.rs" 193 4 193 29] (self : t_RangeInclusive'0) : t_Idx'0 use prelude.prelude.Int - function cmp_log'0 [#"../../../creusot-contracts/src/logic/ord.rs" 185 12 185 49] (self : uint8) (o : uint8) : t_Ordering'0 - - = - [%#sord1] if self < o then C_Less'0 else if self = o then C_Equal'0 else C_Greater'0 - - goal refines : [%#sord0] forall x : uint8 . forall result : () . cmp_log'0 x x = C_Equal'0 - -> cmp_log'0 x x = C_Equal'0 -end -module M_creusot_contracts__logic__ord__qyi7305497527599188430__antisym2__refines [#"../../../creusot-contracts/src/logic/ord.rs" 169 8 169 37] (* *) - let%span sord0 = "../../../creusot-contracts/src/logic/ord.rs" 169 8 169 37 - let%span sord1 = "../../../creusot-contracts/src/logic/ord.rs" 186 16 192 17 + function deep_model'0 [#"../../../creusot-contracts/src/model.rs" 29 4 29 45] (self : t_Idx'0) : int - use prelude.prelude.UInt16 + function end_log'0 [#"../../../creusot-contracts/src/std/ops.rs" 199 4 199 27] (self : t_RangeInclusive'0) : t_Idx'0 - type t_Ordering'0 = - | C_Less'0 - | C_Equal'0 - | C_Greater'0 + function is_empty_log'0 [#"../../../creusot-contracts/src/std/ops.rs" 206 4 209 35] (self : t_RangeInclusive'0) : bool - use prelude.prelude.Int + axiom is_empty_log'0_spec : forall self : t_RangeInclusive'0 . [%#sops4] not is_empty_log'0 self + -> deep_model'0 (start_log'0 self) <= deep_model'0 (end_log'0 self) - function cmp_log'0 [#"../../../creusot-contracts/src/logic/ord.rs" 185 12 185 49] (self : uint16) (o : uint16) : t_Ordering'0 + function range_inclusive_len'0 [#"../../../creusot-contracts/src/std/iter/range.rs" 46 0 46 92] (r : t_RangeInclusive'0) : int = - [%#sord1] if self < o then C_Less'0 else if self = o then C_Equal'0 else C_Greater'0 - - goal refines : [%#sord0] forall x : uint16 . forall y : uint16 . cmp_log'0 x y = C_Greater'0 - -> cmp_log'0 x y = C_Greater'0 /\ (forall result : () . cmp_log'0 y x = C_Less'0 -> cmp_log'0 y x = C_Less'0) -end -module M_creusot_contracts__logic__ord__qyi7305497527599188430__cmp_ge_log__refines [#"../../../creusot-contracts/src/logic/ord.rs" 140 8 140 39] (* *) - let%span sord0 = "../../../creusot-contracts/src/logic/ord.rs" 140 8 140 39 - let%span sord1 = "../../../creusot-contracts/src/logic/ord.rs" 186 16 192 17 - - use prelude.prelude.UInt16 + [%#srange3] if is_empty_log'0 r then 0 else deep_model'0 (end_log'0 r) - deep_model'0 (start_log'0 r) + 1 - use prelude.prelude.Int + axiom range_inclusive_len'0_spec : forall r : t_RangeInclusive'0 . [%#srange2] is_empty_log'0 r + = (range_inclusive_len'0 r = 0) - type t_Ordering'0 = - | C_Less'0 - | C_Equal'0 - | C_Greater'0 + use seq.Seq - function cmp_log'0 [#"../../../creusot-contracts/src/logic/ord.rs" 185 12 185 49] (self : uint16) (o : uint16) : t_Ordering'0 + predicate produces'0 [#"../../../creusot-contracts/src/std/iter/range.rs" 64 4 64 64] (self : t_RangeInclusive'0) (visited : Seq.seq t_Idx'0) (o : t_RangeInclusive'0) = - [%#sord1] if self < o then C_Less'0 else if self = o then C_Equal'0 else C_Greater'0 + [%#srange1] Seq.length visited = range_inclusive_len'0 self - range_inclusive_len'0 o + /\ (is_empty_log'0 self -> is_empty_log'0 o) + /\ (is_empty_log'0 o \/ end_log'0 self = end_log'0 o) + /\ (forall i : int . 0 <= i /\ i < Seq.length visited + -> deep_model'0 (Seq.get visited i) = deep_model'0 (start_log'0 self) + i) - goal refines : [%#sord0] forall x : uint16 . forall y : uint16 . forall result : () . (x >= y) - = (cmp_log'0 x y <> C_Less'0) -> (x >= y) = (cmp_log'0 x y <> C_Less'0) + goal refines : [%#srange0] forall self : t_RangeInclusive'0 . forall result : () . produces'0 self (Seq.empty : Seq.seq t_Idx'0) self + -> produces'0 self (Seq.empty : Seq.seq t_Idx'0) self end -module M_creusot_contracts__logic__ord__qyi7305497527599188430__refl__refines [#"../../../creusot-contracts/src/logic/ord.rs" 150 8 150 24] (* *) - let%span sord0 = "../../../creusot-contracts/src/logic/ord.rs" 150 8 150 24 - let%span sord1 = "../../../creusot-contracts/src/logic/ord.rs" 186 16 192 17 +module M_creusot_contracts__stdqy35z1__iter__repeat__qyi8658929399712466629__produces_refl__refines [#"../../../creusot-contracts/src/std/iter/repeat.rs" 32 4 32 26] (* as std::iter::Iterator> *) + let%span srepeat0 = "../../../creusot-contracts/src/std/iter/repeat.rs" 32 4 32 26 + let%span srepeat1 = "../../../creusot-contracts/src/std/iter/repeat.rs" 24 12 25 78 - use prelude.prelude.UInt16 + type t_T'0 - type t_Ordering'0 = - | C_Less'0 - | C_Equal'0 - | C_Greater'0 + type t_Repeat'0 = + { t_Repeat__element'0: t_T'0 } + + use seq.Seq + + use seq.Seq use prelude.prelude.Int - function cmp_log'0 [#"../../../creusot-contracts/src/logic/ord.rs" 185 12 185 49] (self : uint16) (o : uint16) : t_Ordering'0 + use seq.Seq + + use seq.Seq + + function view'0 [#"../../../creusot-contracts/src/std/iter/repeat.rs" 8 4 8 22] (self : t_Repeat'0) : t_T'0 + + predicate produces'0 [#"../../../creusot-contracts/src/std/iter/repeat.rs" 22 4 22 64] (self : t_Repeat'0) (visited : Seq.seq t_T'0) (o : t_Repeat'0) = - [%#sord1] if self < o then C_Less'0 else if self = o then C_Equal'0 else C_Greater'0 + [%#srepeat1] self = o /\ (forall i : int . 0 <= i /\ i < Seq.length visited -> Seq.get visited i = view'0 self) - goal refines : [%#sord0] forall x : uint16 . forall result : () . cmp_log'0 x x = C_Equal'0 - -> cmp_log'0 x x = C_Equal'0 + goal refines : [%#srepeat0] forall self : t_Repeat'0 . forall result : () . produces'0 self (Seq.empty : Seq.seq t_T'0) self + -> produces'0 self (Seq.empty : Seq.seq t_T'0) self end -module M_creusot_contracts__logic__ord__qyi7305497527599188430__cmp_lt_log__refines [#"../../../creusot-contracts/src/logic/ord.rs" 135 8 135 39] (* *) - let%span sord0 = "../../../creusot-contracts/src/logic/ord.rs" 135 8 135 39 - let%span sord1 = "../../../creusot-contracts/src/logic/ord.rs" 186 16 192 17 +module M_creusot_contracts__stdqy35z1__iter__repeat__qyi8658929399712466629__produces_trans__refines [#"../../../creusot-contracts/src/std/iter/repeat.rs" 39 4 39 90] (* as std::iter::Iterator> *) + let%span srepeat0 = "../../../creusot-contracts/src/std/iter/repeat.rs" 39 4 39 90 + let%span srepeat1 = "../../../creusot-contracts/src/std/iter/repeat.rs" 24 12 25 78 - use prelude.prelude.UInt16 + type t_T'0 + + type t_Repeat'0 = + { t_Repeat__element'0: t_T'0 } + + use seq.Seq use prelude.prelude.Int - type t_Ordering'0 = - | C_Less'0 - | C_Equal'0 - | C_Greater'0 + use seq.Seq - function cmp_log'0 [#"../../../creusot-contracts/src/logic/ord.rs" 185 12 185 49] (self : uint16) (o : uint16) : t_Ordering'0 + use seq.Seq + + function view'0 [#"../../../creusot-contracts/src/std/iter/repeat.rs" 8 4 8 22] (self : t_Repeat'0) : t_T'0 + + predicate produces'0 [#"../../../creusot-contracts/src/std/iter/repeat.rs" 22 4 22 64] (self : t_Repeat'0) (visited : Seq.seq t_T'0) (o : t_Repeat'0) = - [%#sord1] if self < o then C_Less'0 else if self = o then C_Equal'0 else C_Greater'0 + [%#srepeat1] self = o /\ (forall i : int . 0 <= i /\ i < Seq.length visited -> Seq.get visited i = view'0 self) - goal refines : [%#sord0] forall x : uint16 . forall y : uint16 . forall result : () . (x < y) - = (cmp_log'0 x y = C_Less'0) -> (x < y) = (cmp_log'0 x y = C_Less'0) -end -module M_creusot_contracts__logic__ord__qyi7305497527599188430__cmp_le_log__refines [#"../../../creusot-contracts/src/logic/ord.rs" 130 8 130 39] (* *) - let%span sord0 = "../../../creusot-contracts/src/logic/ord.rs" 130 8 130 39 - let%span sord1 = "../../../creusot-contracts/src/logic/ord.rs" 186 16 192 17 + use seq.Seq - use prelude.prelude.UInt16 + goal refines : [%#srepeat0] forall a : t_Repeat'0 . forall ab : Seq.seq t_T'0 . forall b : t_Repeat'0 . forall bc : Seq.seq t_T'0 . forall c : t_Repeat'0 . produces'0 b bc c + /\ produces'0 a ab b + -> produces'0 b bc c + /\ produces'0 a ab b /\ (forall result : () . produces'0 a (Seq.(++) ab bc) c -> produces'0 a (Seq.(++) ab bc) c) +end +module M_creusot_contracts__stdqy35z1__iter__skip__qyi3195031491774060502__produces_trans__refines [#"../../../creusot-contracts/src/std/iter/skip.rs" 81 4 81 90] (* as std::iter::Iterator> *) + let%span sskip0 = "../../../creusot-contracts/src/std/iter/skip.rs" 81 4 81 90 + let%span sskip1 = "../../../creusot-contracts/src/std/iter/skip.rs" 62 12 67 74 + let%span sskip2 = "../../../creusot-contracts/src/std/iter/skip.rs" 21 14 21 50 + let%span sskip3 = "../../../creusot-contracts/src/std/iter/skip.rs" 14 14 14 39 + let%span siter4 = "../../../creusot-contracts/src/std/iter.rs" 38 14 38 45 + let%span siter5 = "../../../creusot-contracts/src/std/iter.rs" 42 15 42 32 + let%span siter6 = "../../../creusot-contracts/src/std/iter.rs" 43 15 43 32 + let%span siter7 = "../../../creusot-contracts/src/std/iter.rs" 44 14 44 42 - use prelude.prelude.Int + type t_I'0 - type t_Ordering'0 = - | C_Less'0 - | C_Equal'0 - | C_Greater'0 + use prelude.prelude.UIntSize - function cmp_log'0 [#"../../../creusot-contracts/src/logic/ord.rs" 185 12 185 49] (self : uint16) (o : uint16) : t_Ordering'0 - - = - [%#sord1] if self < o then C_Less'0 else if self = o then C_Equal'0 else C_Greater'0 + type t_Skip'0 = + { t_Skip__iter'0: t_I'0; t_Skip__n'0: usize } - goal refines : [%#sord0] forall x : uint16 . forall y : uint16 . forall result : () . (x <= y) - = (cmp_log'0 x y <> C_Greater'0) -> (x <= y) = (cmp_log'0 x y <> C_Greater'0) -end -module M_creusot_contracts__logic__ord__qyi7305497527599188430__antisym1__refines [#"../../../creusot-contracts/src/logic/ord.rs" 163 8 163 37] (* *) - let%span sord0 = "../../../creusot-contracts/src/logic/ord.rs" 163 8 163 37 - let%span sord1 = "../../../creusot-contracts/src/logic/ord.rs" 186 16 192 17 + type t_Item'0 - use prelude.prelude.UInt16 + use seq.Seq - type t_Ordering'0 = - | C_Less'0 - | C_Equal'0 - | C_Greater'0 + use seq.Seq use prelude.prelude.Int - function cmp_log'0 [#"../../../creusot-contracts/src/logic/ord.rs" 185 12 185 49] (self : uint16) (o : uint16) : t_Ordering'0 - - = - [%#sord1] if self < o then C_Less'0 else if self = o then C_Equal'0 else C_Greater'0 - - goal refines : [%#sord0] forall x : uint16 . forall y : uint16 . cmp_log'0 x y = C_Less'0 - -> cmp_log'0 x y = C_Less'0 /\ (forall result : () . cmp_log'0 y x = C_Greater'0 -> cmp_log'0 y x = C_Greater'0) -end -module M_creusot_contracts__logic__ord__qyi7305497527599188430__trans__refines [#"../../../creusot-contracts/src/logic/ord.rs" 157 8 157 56] (* *) - let%span sord0 = "../../../creusot-contracts/src/logic/ord.rs" 157 8 157 56 - let%span sord1 = "../../../creusot-contracts/src/logic/ord.rs" 186 16 192 17 + constant v_MAX'0 : usize = (18446744073709551615 : usize) - use prelude.prelude.UInt16 + use prelude.prelude.UIntSize - type t_Ordering'0 = - | C_Less'0 - | C_Equal'0 - | C_Greater'0 + function n'0 [#"../../../creusot-contracts/src/std/iter/skip.rs" 22 4 22 21] (self : t_Skip'0) : int - use prelude.prelude.Int + axiom n'0_spec : forall self : t_Skip'0 . [%#sskip2] n'0 self >= 0 /\ n'0 self <= UIntSize.to_int (v_MAX'0 : usize) - function cmp_log'0 [#"../../../creusot-contracts/src/logic/ord.rs" 185 12 185 49] (self : uint16) (o : uint16) : t_Ordering'0 - - = - [%#sord1] if self < o then C_Less'0 else if self = o then C_Equal'0 else C_Greater'0 + use seq.Seq - goal refines : [%#sord0] forall x : uint16 . forall y : uint16 . forall z : uint16 . forall o : t_Ordering'0 . cmp_log'0 y z - = o - /\ cmp_log'0 x y = o - -> cmp_log'0 y z = o /\ cmp_log'0 x y = o /\ (forall result : () . cmp_log'0 x z = o -> cmp_log'0 x z = o) -end -module M_creusot_contracts__logic__ord__qyi7305497527599188430__eq_cmp__refines [#"../../../creusot-contracts/src/logic/ord.rs" 174 8 174 35] (* *) - let%span sord0 = "../../../creusot-contracts/src/logic/ord.rs" 174 8 174 35 - let%span sord1 = "../../../creusot-contracts/src/logic/ord.rs" 186 16 192 17 + predicate inv'1 [#"../../../creusot-contracts/src/invariant.rs" 41 0 41 35] (_1 : t_I'0) - use prelude.prelude.UInt16 + predicate inv'0 [#"../../../creusot-contracts/src/invariant.rs" 41 0 41 35] (_1 : t_Skip'0) - type t_Ordering'0 = - | C_Less'0 - | C_Equal'0 - | C_Greater'0 + axiom inv_axiom'0 [@rewrite] : forall x : t_Skip'0 [inv'0 x] . inv'0 x + = match x with + | {t_Skip__iter'0 = iter ; t_Skip__n'0 = n} -> inv'1 iter + end - use prelude.prelude.Int + function iter'0 [#"../../../creusot-contracts/src/std/iter/skip.rs" 15 4 15 22] (self : t_Skip'0) : t_I'0 - function cmp_log'0 [#"../../../creusot-contracts/src/logic/ord.rs" 185 12 185 49] (self : uint16) (o : uint16) : t_Ordering'0 - - = - [%#sord1] if self < o then C_Less'0 else if self = o then C_Equal'0 else C_Greater'0 + axiom iter'0_spec : forall self : t_Skip'0 . [%#sskip3] inv'0 self -> inv'1 (iter'0 self) - goal refines : [%#sord0] forall x : uint16 . forall y : uint16 . forall result : () . (x = y) - = (cmp_log'0 x y = C_Equal'0) -> (x = y) = (cmp_log'0 x y = C_Equal'0) -end -module M_creusot_contracts__logic__ord__qyi7305497527599188430__cmp_gt_log__refines [#"../../../creusot-contracts/src/logic/ord.rs" 145 8 145 39] (* *) - let%span sord0 = "../../../creusot-contracts/src/logic/ord.rs" 145 8 145 39 - let%span sord1 = "../../../creusot-contracts/src/logic/ord.rs" 186 16 192 17 + use seq.Seq - use prelude.prelude.UInt16 + predicate produces'1 [#"../../../creusot-contracts/src/std/iter.rs" 32 4 32 65] (self : t_I'0) (visited : Seq.seq t_Item'0) (o : t_I'0) + - use prelude.prelude.Int + function produces_trans'1 [#"../../../creusot-contracts/src/std/iter.rs" 45 4 45 91] (a : t_I'0) (ab : Seq.seq t_Item'0) (b : t_I'0) (bc : Seq.seq t_Item'0) (c : t_I'0) : () + - type t_Ordering'0 = - | C_Less'0 - | C_Equal'0 - | C_Greater'0 + axiom produces_trans'1_spec : forall a : t_I'0, ab : Seq.seq t_Item'0, b : t_I'0, bc : Seq.seq t_Item'0, c : t_I'0 . ([%#siter5] produces'1 a ab b) + -> ([%#siter6] produces'1 b bc c) -> ([%#siter7] produces'1 a (Seq.(++) ab bc) c) - function cmp_log'0 [#"../../../creusot-contracts/src/logic/ord.rs" 185 12 185 49] (self : uint16) (o : uint16) : t_Ordering'0 - - = - [%#sord1] if self < o then C_Less'0 else if self = o then C_Equal'0 else C_Greater'0 + function produces_refl'0 [#"../../../creusot-contracts/src/std/iter.rs" 39 4 39 27] (self : t_I'0) : () - goal refines : [%#sord0] forall x : uint16 . forall y : uint16 . forall result : () . (x > y) - = (cmp_log'0 x y = C_Greater'0) -> (x > y) = (cmp_log'0 x y = C_Greater'0) -end -module M_creusot_contracts__logic__ord__qyi4526525114627399862__cmp_gt_log__refines [#"../../../creusot-contracts/src/logic/ord.rs" 145 8 145 39] (* *) - let%span sord0 = "../../../creusot-contracts/src/logic/ord.rs" 145 8 145 39 - let%span sord1 = "../../../creusot-contracts/src/logic/ord.rs" 186 16 192 17 + axiom produces_refl'0_spec : forall self : t_I'0 . [%#siter4] produces'1 self (Seq.empty : Seq.seq t_Item'0) self - use prelude.prelude.UInt32 + use seq.Seq - use prelude.prelude.Int + use prelude.prelude.Borrow - type t_Ordering'0 = - | C_Less'0 - | C_Equal'0 - | C_Greater'0 + predicate resolve'0 [#"../../../creusot-contracts/src/resolve.rs" 19 0 19 40] (_1 : t_Item'0) - function cmp_log'0 [#"../../../creusot-contracts/src/logic/ord.rs" 185 12 185 49] (self : uint32) (o : uint32) : t_Ordering'0 + predicate produces'0 [#"../../../creusot-contracts/src/std/iter/skip.rs" 60 4 60 64] (self : t_Skip'0) (visited : Seq.seq t_Item'0) (o : t_Skip'0) = - [%#sord1] if self < o then C_Less'0 else if self = o then C_Equal'0 else C_Greater'0 + [%#sskip1] visited = (Seq.empty : Seq.seq t_Item'0) /\ self = o + \/ n'0 o = 0 + /\ Seq.length visited > 0 + /\ (exists s : Seq.seq t_Item'0 . Seq.length s = n'0 self + /\ produces'1 (iter'0 self) (Seq.(++) s visited) (iter'0 o) + /\ (forall i : int . 0 <= i /\ i < Seq.length s -> resolve'0 (Seq.get s i))) - goal refines : [%#sord0] forall x : uint32 . forall y : uint32 . forall result : () . (x > y) - = (cmp_log'0 x y = C_Greater'0) -> (x > y) = (cmp_log'0 x y = C_Greater'0) + goal refines : [%#sskip0] forall a : t_Skip'0 . forall ab : Seq.seq t_Item'0 . forall b : t_Skip'0 . forall bc : Seq.seq t_Item'0 . forall c : t_Skip'0 . produces'0 b bc c + /\ produces'0 a ab b + -> produces'0 b bc c + /\ produces'0 a ab b /\ (forall result : () . produces'0 a (Seq.(++) ab bc) c -> produces'0 a (Seq.(++) ab bc) c) end -module M_creusot_contracts__logic__ord__qyi4526525114627399862__trans__refines [#"../../../creusot-contracts/src/logic/ord.rs" 157 8 157 56] (* *) - let%span sord0 = "../../../creusot-contracts/src/logic/ord.rs" 157 8 157 56 - let%span sord1 = "../../../creusot-contracts/src/logic/ord.rs" 186 16 192 17 +module M_creusot_contracts__stdqy35z1__iter__skip__qyi3195031491774060502__produces_refl__refines [#"../../../creusot-contracts/src/std/iter/skip.rs" 74 4 74 26] (* as std::iter::Iterator> *) + let%span sskip0 = "../../../creusot-contracts/src/std/iter/skip.rs" 74 4 74 26 + let%span sskip1 = "../../../creusot-contracts/src/std/iter/skip.rs" 62 12 67 74 + let%span sskip2 = "../../../creusot-contracts/src/std/iter/skip.rs" 21 14 21 50 + let%span sskip3 = "../../../creusot-contracts/src/std/iter/skip.rs" 14 14 14 39 + let%span siter4 = "../../../creusot-contracts/src/std/iter.rs" 38 14 38 45 + let%span siter5 = "../../../creusot-contracts/src/std/iter.rs" 42 15 42 32 + let%span siter6 = "../../../creusot-contracts/src/std/iter.rs" 43 15 43 32 + let%span siter7 = "../../../creusot-contracts/src/std/iter.rs" 44 14 44 42 - use prelude.prelude.UInt32 + type t_I'0 - type t_Ordering'0 = - | C_Less'0 - | C_Equal'0 - | C_Greater'0 + use prelude.prelude.UIntSize - use prelude.prelude.Int + type t_Skip'0 = + { t_Skip__iter'0: t_I'0; t_Skip__n'0: usize } - function cmp_log'0 [#"../../../creusot-contracts/src/logic/ord.rs" 185 12 185 49] (self : uint32) (o : uint32) : t_Ordering'0 - - = - [%#sord1] if self < o then C_Less'0 else if self = o then C_Equal'0 else C_Greater'0 + use seq.Seq - goal refines : [%#sord0] forall x : uint32 . forall y : uint32 . forall z : uint32 . forall o : t_Ordering'0 . cmp_log'0 y z - = o - /\ cmp_log'0 x y = o - -> cmp_log'0 y z = o /\ cmp_log'0 x y = o /\ (forall result : () . cmp_log'0 x z = o -> cmp_log'0 x z = o) -end -module M_creusot_contracts__logic__ord__qyi4526525114627399862__cmp_lt_log__refines [#"../../../creusot-contracts/src/logic/ord.rs" 135 8 135 39] (* *) - let%span sord0 = "../../../creusot-contracts/src/logic/ord.rs" 135 8 135 39 - let%span sord1 = "../../../creusot-contracts/src/logic/ord.rs" 186 16 192 17 + type t_Item'0 - use prelude.prelude.UInt32 + use seq.Seq use prelude.prelude.Int - type t_Ordering'0 = - | C_Less'0 - | C_Equal'0 - | C_Greater'0 + constant v_MAX'0 : usize = (18446744073709551615 : usize) - function cmp_log'0 [#"../../../creusot-contracts/src/logic/ord.rs" 185 12 185 49] (self : uint32) (o : uint32) : t_Ordering'0 - - = - [%#sord1] if self < o then C_Less'0 else if self = o then C_Equal'0 else C_Greater'0 + use prelude.prelude.UIntSize - goal refines : [%#sord0] forall x : uint32 . forall y : uint32 . forall result : () . (x < y) - = (cmp_log'0 x y = C_Less'0) -> (x < y) = (cmp_log'0 x y = C_Less'0) -end -module M_creusot_contracts__logic__ord__qyi4526525114627399862__cmp_ge_log__refines [#"../../../creusot-contracts/src/logic/ord.rs" 140 8 140 39] (* *) - let%span sord0 = "../../../creusot-contracts/src/logic/ord.rs" 140 8 140 39 - let%span sord1 = "../../../creusot-contracts/src/logic/ord.rs" 186 16 192 17 + function n'0 [#"../../../creusot-contracts/src/std/iter/skip.rs" 22 4 22 21] (self : t_Skip'0) : int - use prelude.prelude.UInt32 + axiom n'0_spec : forall self : t_Skip'0 . [%#sskip2] n'0 self >= 0 /\ n'0 self <= UIntSize.to_int (v_MAX'0 : usize) - use prelude.prelude.Int + use seq.Seq - type t_Ordering'0 = - | C_Less'0 - | C_Equal'0 - | C_Greater'0 + predicate inv'1 [#"../../../creusot-contracts/src/invariant.rs" 41 0 41 35] (_1 : t_I'0) - function cmp_log'0 [#"../../../creusot-contracts/src/logic/ord.rs" 185 12 185 49] (self : uint32) (o : uint32) : t_Ordering'0 - - = - [%#sord1] if self < o then C_Less'0 else if self = o then C_Equal'0 else C_Greater'0 + predicate inv'0 [#"../../../creusot-contracts/src/invariant.rs" 41 0 41 35] (_1 : t_Skip'0) - goal refines : [%#sord0] forall x : uint32 . forall y : uint32 . forall result : () . (x >= y) - = (cmp_log'0 x y <> C_Less'0) -> (x >= y) = (cmp_log'0 x y <> C_Less'0) -end -module M_creusot_contracts__logic__ord__qyi4526525114627399862__cmp_le_log__refines [#"../../../creusot-contracts/src/logic/ord.rs" 130 8 130 39] (* *) - let%span sord0 = "../../../creusot-contracts/src/logic/ord.rs" 130 8 130 39 - let%span sord1 = "../../../creusot-contracts/src/logic/ord.rs" 186 16 192 17 + axiom inv_axiom'0 [@rewrite] : forall x : t_Skip'0 [inv'0 x] . inv'0 x + = match x with + | {t_Skip__iter'0 = iter ; t_Skip__n'0 = n} -> inv'1 iter + end - use prelude.prelude.UInt32 + function iter'0 [#"../../../creusot-contracts/src/std/iter/skip.rs" 15 4 15 22] (self : t_Skip'0) : t_I'0 - use prelude.prelude.Int + axiom iter'0_spec : forall self : t_Skip'0 . [%#sskip3] inv'0 self -> inv'1 (iter'0 self) - type t_Ordering'0 = - | C_Less'0 - | C_Equal'0 - | C_Greater'0 + use seq.Seq - function cmp_log'0 [#"../../../creusot-contracts/src/logic/ord.rs" 185 12 185 49] (self : uint32) (o : uint32) : t_Ordering'0 + predicate produces'1 [#"../../../creusot-contracts/src/std/iter.rs" 32 4 32 65] (self : t_I'0) (visited : Seq.seq t_Item'0) (o : t_I'0) - = - [%#sord1] if self < o then C_Less'0 else if self = o then C_Equal'0 else C_Greater'0 - goal refines : [%#sord0] forall x : uint32 . forall y : uint32 . forall result : () . (x <= y) - = (cmp_log'0 x y <> C_Greater'0) -> (x <= y) = (cmp_log'0 x y <> C_Greater'0) -end -module M_creusot_contracts__logic__ord__qyi4526525114627399862__antisym2__refines [#"../../../creusot-contracts/src/logic/ord.rs" 169 8 169 37] (* *) - let%span sord0 = "../../../creusot-contracts/src/logic/ord.rs" 169 8 169 37 - let%span sord1 = "../../../creusot-contracts/src/logic/ord.rs" 186 16 192 17 + function produces_trans'0 [#"../../../creusot-contracts/src/std/iter.rs" 45 4 45 91] (a : t_I'0) (ab : Seq.seq t_Item'0) (b : t_I'0) (bc : Seq.seq t_Item'0) (c : t_I'0) : () + - use prelude.prelude.UInt32 + axiom produces_trans'0_spec : forall a : t_I'0, ab : Seq.seq t_Item'0, b : t_I'0, bc : Seq.seq t_Item'0, c : t_I'0 . ([%#siter5] produces'1 a ab b) + -> ([%#siter6] produces'1 b bc c) -> ([%#siter7] produces'1 a (Seq.(++) ab bc) c) - type t_Ordering'0 = - | C_Less'0 - | C_Equal'0 - | C_Greater'0 + function produces_refl'1 [#"../../../creusot-contracts/src/std/iter.rs" 39 4 39 27] (self : t_I'0) : () - use prelude.prelude.Int + axiom produces_refl'1_spec : forall self : t_I'0 . [%#siter4] produces'1 self (Seq.empty : Seq.seq t_Item'0) self - function cmp_log'0 [#"../../../creusot-contracts/src/logic/ord.rs" 185 12 185 49] (self : uint32) (o : uint32) : t_Ordering'0 + use seq.Seq + + use prelude.prelude.Borrow + + predicate resolve'0 [#"../../../creusot-contracts/src/resolve.rs" 19 0 19 40] (_1 : t_Item'0) + + predicate produces'0 [#"../../../creusot-contracts/src/std/iter/skip.rs" 60 4 60 64] (self : t_Skip'0) (visited : Seq.seq t_Item'0) (o : t_Skip'0) = - [%#sord1] if self < o then C_Less'0 else if self = o then C_Equal'0 else C_Greater'0 + [%#sskip1] visited = (Seq.empty : Seq.seq t_Item'0) /\ self = o + \/ n'0 o = 0 + /\ Seq.length visited > 0 + /\ (exists s : Seq.seq t_Item'0 . Seq.length s = n'0 self + /\ produces'1 (iter'0 self) (Seq.(++) s visited) (iter'0 o) + /\ (forall i : int . 0 <= i /\ i < Seq.length s -> resolve'0 (Seq.get s i))) - goal refines : [%#sord0] forall x : uint32 . forall y : uint32 . cmp_log'0 x y = C_Greater'0 - -> cmp_log'0 x y = C_Greater'0 /\ (forall result : () . cmp_log'0 y x = C_Less'0 -> cmp_log'0 y x = C_Less'0) + goal refines : [%#sskip0] forall self : t_Skip'0 . forall result : () . produces'0 self (Seq.empty : Seq.seq t_Item'0) self + -> produces'0 self (Seq.empty : Seq.seq t_Item'0) self end -module M_creusot_contracts__logic__ord__qyi4526525114627399862__refl__refines [#"../../../creusot-contracts/src/logic/ord.rs" 150 8 150 24] (* *) - let%span sord0 = "../../../creusot-contracts/src/logic/ord.rs" 150 8 150 24 - let%span sord1 = "../../../creusot-contracts/src/logic/ord.rs" 186 16 192 17 - - use prelude.prelude.UInt32 +module M_creusot_contracts__stdqy35z1__iter__take__qyi12344256497067751022__produces_refl__refines [#"../../../creusot-contracts/src/std/iter/take.rs" 72 4 72 26] (* as std::iter::Iterator> *) + let%span stake0 = "../../../creusot-contracts/src/std/iter/take.rs" 72 4 72 26 + let%span stake1 = "../../../creusot-contracts/src/std/iter/take.rs" 65 12 65 88 + let%span stake2 = "../../../creusot-contracts/src/std/iter/take.rs" 31 14 31 50 + let%span stake3 = "../../../creusot-contracts/src/std/iter/take.rs" 17 14 17 39 + let%span siter4 = "../../../creusot-contracts/src/std/iter.rs" 38 14 38 45 + let%span siter5 = "../../../creusot-contracts/src/std/iter.rs" 42 15 42 32 + let%span siter6 = "../../../creusot-contracts/src/std/iter.rs" 43 15 43 32 + let%span siter7 = "../../../creusot-contracts/src/std/iter.rs" 44 14 44 42 - type t_Ordering'0 = - | C_Less'0 - | C_Equal'0 - | C_Greater'0 + type t_I'0 - use prelude.prelude.Int + use prelude.prelude.UIntSize - function cmp_log'0 [#"../../../creusot-contracts/src/logic/ord.rs" 185 12 185 49] (self : uint32) (o : uint32) : t_Ordering'0 - - = - [%#sord1] if self < o then C_Less'0 else if self = o then C_Equal'0 else C_Greater'0 + type t_Take'0 = + { t_Take__iter'0: t_I'0; t_Take__n'0: usize } - goal refines : [%#sord0] forall x : uint32 . forall result : () . cmp_log'0 x x = C_Equal'0 - -> cmp_log'0 x x = C_Equal'0 -end -module M_creusot_contracts__logic__ord__qyi4526525114627399862__eq_cmp__refines [#"../../../creusot-contracts/src/logic/ord.rs" 174 8 174 35] (* *) - let%span sord0 = "../../../creusot-contracts/src/logic/ord.rs" 174 8 174 35 - let%span sord1 = "../../../creusot-contracts/src/logic/ord.rs" 186 16 192 17 + use seq.Seq - use prelude.prelude.UInt32 + type t_Item'0 - type t_Ordering'0 = - | C_Less'0 - | C_Equal'0 - | C_Greater'0 + use seq.Seq use prelude.prelude.Int - function cmp_log'0 [#"../../../creusot-contracts/src/logic/ord.rs" 185 12 185 49] (self : uint32) (o : uint32) : t_Ordering'0 - - = - [%#sord1] if self < o then C_Less'0 else if self = o then C_Equal'0 else C_Greater'0 + constant v_MAX'0 : usize = (18446744073709551615 : usize) - goal refines : [%#sord0] forall x : uint32 . forall y : uint32 . forall result : () . (x = y) - = (cmp_log'0 x y = C_Equal'0) -> (x = y) = (cmp_log'0 x y = C_Equal'0) -end -module M_creusot_contracts__logic__ord__qyi4526525114627399862__antisym1__refines [#"../../../creusot-contracts/src/logic/ord.rs" 163 8 163 37] (* *) - let%span sord0 = "../../../creusot-contracts/src/logic/ord.rs" 163 8 163 37 - let%span sord1 = "../../../creusot-contracts/src/logic/ord.rs" 186 16 192 17 + use prelude.prelude.UIntSize - use prelude.prelude.UInt32 + function n'0 [#"../../../creusot-contracts/src/std/iter/take.rs" 32 4 32 21] (self : t_Take'0) : int - type t_Ordering'0 = - | C_Less'0 - | C_Equal'0 - | C_Greater'0 + axiom n'0_spec : forall self : t_Take'0 . [%#stake2] n'0 self >= 0 /\ n'0 self <= UIntSize.to_int (v_MAX'0 : usize) - use prelude.prelude.Int + use seq.Seq - function cmp_log'0 [#"../../../creusot-contracts/src/logic/ord.rs" 185 12 185 49] (self : uint32) (o : uint32) : t_Ordering'0 - - = - [%#sord1] if self < o then C_Less'0 else if self = o then C_Equal'0 else C_Greater'0 + predicate inv'1 [#"../../../creusot-contracts/src/invariant.rs" 41 0 41 35] (_1 : t_I'0) - goal refines : [%#sord0] forall x : uint32 . forall y : uint32 . cmp_log'0 x y = C_Less'0 - -> cmp_log'0 x y = C_Less'0 /\ (forall result : () . cmp_log'0 y x = C_Greater'0 -> cmp_log'0 y x = C_Greater'0) -end -module M_creusot_contracts__logic__ord__qyi11489483489418918928__trans__refines [#"../../../creusot-contracts/src/logic/ord.rs" 157 8 157 56] (* *) - let%span sord0 = "../../../creusot-contracts/src/logic/ord.rs" 157 8 157 56 - let%span sord1 = "../../../creusot-contracts/src/logic/ord.rs" 186 16 192 17 + predicate inv'0 [#"../../../creusot-contracts/src/invariant.rs" 41 0 41 35] (_1 : t_Take'0) - use prelude.prelude.UInt64 + axiom inv_axiom'0 [@rewrite] : forall x : t_Take'0 [inv'0 x] . inv'0 x + = match x with + | {t_Take__iter'0 = iter ; t_Take__n'0 = n} -> inv'1 iter + end - type t_Ordering'0 = - | C_Less'0 - | C_Equal'0 - | C_Greater'0 + function iter'0 [#"../../../creusot-contracts/src/std/iter/take.rs" 18 4 18 22] (self : t_Take'0) : t_I'0 - use prelude.prelude.Int + axiom iter'0_spec : forall self : t_Take'0 . [%#stake3] inv'0 self -> inv'1 (iter'0 self) - function cmp_log'0 [#"../../../creusot-contracts/src/logic/ord.rs" 185 12 185 49] (self : uint64) (o : uint64) : t_Ordering'0 + use seq.Seq + + predicate produces'1 [#"../../../creusot-contracts/src/std/iter.rs" 32 4 32 65] (self : t_I'0) (visited : Seq.seq t_Item'0) (o : t_I'0) - = - [%#sord1] if self < o then C_Less'0 else if self = o then C_Equal'0 else C_Greater'0 - goal refines : [%#sord0] forall x : uint64 . forall y : uint64 . forall z : uint64 . forall o : t_Ordering'0 . cmp_log'0 y z - = o - /\ cmp_log'0 x y = o - -> cmp_log'0 y z = o /\ cmp_log'0 x y = o /\ (forall result : () . cmp_log'0 x z = o -> cmp_log'0 x z = o) -end -module M_creusot_contracts__logic__ord__qyi11489483489418918928__eq_cmp__refines [#"../../../creusot-contracts/src/logic/ord.rs" 174 8 174 35] (* *) - let%span sord0 = "../../../creusot-contracts/src/logic/ord.rs" 174 8 174 35 - let%span sord1 = "../../../creusot-contracts/src/logic/ord.rs" 186 16 192 17 + function produces_trans'0 [#"../../../creusot-contracts/src/std/iter.rs" 45 4 45 91] (a : t_I'0) (ab : Seq.seq t_Item'0) (b : t_I'0) (bc : Seq.seq t_Item'0) (c : t_I'0) : () + - use prelude.prelude.UInt64 + axiom produces_trans'0_spec : forall a : t_I'0, ab : Seq.seq t_Item'0, b : t_I'0, bc : Seq.seq t_Item'0, c : t_I'0 . ([%#siter5] produces'1 a ab b) + -> ([%#siter6] produces'1 b bc c) -> ([%#siter7] produces'1 a (Seq.(++) ab bc) c) - type t_Ordering'0 = - | C_Less'0 - | C_Equal'0 - | C_Greater'0 + function produces_refl'1 [#"../../../creusot-contracts/src/std/iter.rs" 39 4 39 27] (self : t_I'0) : () - use prelude.prelude.Int + axiom produces_refl'1_spec : forall self : t_I'0 . [%#siter4] produces'1 self (Seq.empty : Seq.seq t_Item'0) self - function cmp_log'0 [#"../../../creusot-contracts/src/logic/ord.rs" 185 12 185 49] (self : uint64) (o : uint64) : t_Ordering'0 + predicate produces'0 [#"../../../creusot-contracts/src/std/iter/take.rs" 63 4 63 64] (self : t_Take'0) (visited : Seq.seq t_Item'0) (o : t_Take'0) = - [%#sord1] if self < o then C_Less'0 else if self = o then C_Equal'0 else C_Greater'0 + [%#stake1] n'0 self = n'0 o + Seq.length visited /\ produces'1 (iter'0 self) visited (iter'0 o) - goal refines : [%#sord0] forall x : uint64 . forall y : uint64 . forall result : () . (x = y) - = (cmp_log'0 x y = C_Equal'0) -> (x = y) = (cmp_log'0 x y = C_Equal'0) + goal refines : [%#stake0] forall self : t_Take'0 . forall result : () . produces'0 self (Seq.empty : Seq.seq t_Item'0) self + -> produces'0 self (Seq.empty : Seq.seq t_Item'0) self end -module M_creusot_contracts__logic__ord__qyi11489483489418918928__antisym1__refines [#"../../../creusot-contracts/src/logic/ord.rs" 163 8 163 37] (* *) - let%span sord0 = "../../../creusot-contracts/src/logic/ord.rs" 163 8 163 37 - let%span sord1 = "../../../creusot-contracts/src/logic/ord.rs" 186 16 192 17 +module M_creusot_contracts__stdqy35z1__iter__take__qyi12344256497067751022__produces_trans__refines [#"../../../creusot-contracts/src/std/iter/take.rs" 79 4 79 90] (* as std::iter::Iterator> *) + let%span stake0 = "../../../creusot-contracts/src/std/iter/take.rs" 79 4 79 90 + let%span stake1 = "../../../creusot-contracts/src/std/iter/take.rs" 65 12 65 88 + let%span stake2 = "../../../creusot-contracts/src/std/iter/take.rs" 31 14 31 50 + let%span stake3 = "../../../creusot-contracts/src/std/iter/take.rs" 17 14 17 39 + let%span siter4 = "../../../creusot-contracts/src/std/iter.rs" 38 14 38 45 + let%span siter5 = "../../../creusot-contracts/src/std/iter.rs" 42 15 42 32 + let%span siter6 = "../../../creusot-contracts/src/std/iter.rs" 43 15 43 32 + let%span siter7 = "../../../creusot-contracts/src/std/iter.rs" 44 14 44 42 - use prelude.prelude.UInt64 + type t_I'0 - type t_Ordering'0 = - | C_Less'0 - | C_Equal'0 - | C_Greater'0 + use prelude.prelude.UIntSize + + type t_Take'0 = + { t_Take__iter'0: t_I'0; t_Take__n'0: usize } + + type t_Item'0 + + use seq.Seq use prelude.prelude.Int - function cmp_log'0 [#"../../../creusot-contracts/src/logic/ord.rs" 185 12 185 49] (self : uint64) (o : uint64) : t_Ordering'0 - - = - [%#sord1] if self < o then C_Less'0 else if self = o then C_Equal'0 else C_Greater'0 + constant v_MAX'0 : usize = (18446744073709551615 : usize) - goal refines : [%#sord0] forall x : uint64 . forall y : uint64 . cmp_log'0 x y = C_Less'0 - -> cmp_log'0 x y = C_Less'0 /\ (forall result : () . cmp_log'0 y x = C_Greater'0 -> cmp_log'0 y x = C_Greater'0) -end -module M_creusot_contracts__logic__ord__qyi11489483489418918928__refl__refines [#"../../../creusot-contracts/src/logic/ord.rs" 150 8 150 24] (* *) - let%span sord0 = "../../../creusot-contracts/src/logic/ord.rs" 150 8 150 24 - let%span sord1 = "../../../creusot-contracts/src/logic/ord.rs" 186 16 192 17 + use prelude.prelude.UIntSize - use prelude.prelude.UInt64 + function n'0 [#"../../../creusot-contracts/src/std/iter/take.rs" 32 4 32 21] (self : t_Take'0) : int - type t_Ordering'0 = - | C_Less'0 - | C_Equal'0 - | C_Greater'0 + axiom n'0_spec : forall self : t_Take'0 . [%#stake2] n'0 self >= 0 /\ n'0 self <= UIntSize.to_int (v_MAX'0 : usize) - use prelude.prelude.Int + use seq.Seq - function cmp_log'0 [#"../../../creusot-contracts/src/logic/ord.rs" 185 12 185 49] (self : uint64) (o : uint64) : t_Ordering'0 - - = - [%#sord1] if self < o then C_Less'0 else if self = o then C_Equal'0 else C_Greater'0 + predicate inv'1 [#"../../../creusot-contracts/src/invariant.rs" 41 0 41 35] (_1 : t_I'0) - goal refines : [%#sord0] forall x : uint64 . forall result : () . cmp_log'0 x x = C_Equal'0 - -> cmp_log'0 x x = C_Equal'0 -end -module M_creusot_contracts__logic__ord__qyi11489483489418918928__cmp_le_log__refines [#"../../../creusot-contracts/src/logic/ord.rs" 130 8 130 39] (* *) - let%span sord0 = "../../../creusot-contracts/src/logic/ord.rs" 130 8 130 39 - let%span sord1 = "../../../creusot-contracts/src/logic/ord.rs" 186 16 192 17 + predicate inv'0 [#"../../../creusot-contracts/src/invariant.rs" 41 0 41 35] (_1 : t_Take'0) - use prelude.prelude.UInt64 + axiom inv_axiom'0 [@rewrite] : forall x : t_Take'0 [inv'0 x] . inv'0 x + = match x with + | {t_Take__iter'0 = iter ; t_Take__n'0 = n} -> inv'1 iter + end - use prelude.prelude.Int + function iter'0 [#"../../../creusot-contracts/src/std/iter/take.rs" 18 4 18 22] (self : t_Take'0) : t_I'0 - type t_Ordering'0 = - | C_Less'0 - | C_Equal'0 - | C_Greater'0 + axiom iter'0_spec : forall self : t_Take'0 . [%#stake3] inv'0 self -> inv'1 (iter'0 self) - function cmp_log'0 [#"../../../creusot-contracts/src/logic/ord.rs" 185 12 185 49] (self : uint64) (o : uint64) : t_Ordering'0 + use seq.Seq + + use seq.Seq + + predicate produces'1 [#"../../../creusot-contracts/src/std/iter.rs" 32 4 32 65] (self : t_I'0) (visited : Seq.seq t_Item'0) (o : t_I'0) - = - [%#sord1] if self < o then C_Less'0 else if self = o then C_Equal'0 else C_Greater'0 - goal refines : [%#sord0] forall x : uint64 . forall y : uint64 . forall result : () . (x <= y) - = (cmp_log'0 x y <> C_Greater'0) -> (x <= y) = (cmp_log'0 x y <> C_Greater'0) -end -module M_creusot_contracts__logic__ord__qyi11489483489418918928__cmp_ge_log__refines [#"../../../creusot-contracts/src/logic/ord.rs" 140 8 140 39] (* *) - let%span sord0 = "../../../creusot-contracts/src/logic/ord.rs" 140 8 140 39 - let%span sord1 = "../../../creusot-contracts/src/logic/ord.rs" 186 16 192 17 + function produces_trans'1 [#"../../../creusot-contracts/src/std/iter.rs" 45 4 45 91] (a : t_I'0) (ab : Seq.seq t_Item'0) (b : t_I'0) (bc : Seq.seq t_Item'0) (c : t_I'0) : () + - use prelude.prelude.UInt64 + axiom produces_trans'1_spec : forall a : t_I'0, ab : Seq.seq t_Item'0, b : t_I'0, bc : Seq.seq t_Item'0, c : t_I'0 . ([%#siter5] produces'1 a ab b) + -> ([%#siter6] produces'1 b bc c) -> ([%#siter7] produces'1 a (Seq.(++) ab bc) c) - use prelude.prelude.Int + function produces_refl'0 [#"../../../creusot-contracts/src/std/iter.rs" 39 4 39 27] (self : t_I'0) : () - type t_Ordering'0 = - | C_Less'0 - | C_Equal'0 - | C_Greater'0 + axiom produces_refl'0_spec : forall self : t_I'0 . [%#siter4] produces'1 self (Seq.empty : Seq.seq t_Item'0) self - function cmp_log'0 [#"../../../creusot-contracts/src/logic/ord.rs" 185 12 185 49] (self : uint64) (o : uint64) : t_Ordering'0 + predicate produces'0 [#"../../../creusot-contracts/src/std/iter/take.rs" 63 4 63 64] (self : t_Take'0) (visited : Seq.seq t_Item'0) (o : t_Take'0) = - [%#sord1] if self < o then C_Less'0 else if self = o then C_Equal'0 else C_Greater'0 + [%#stake1] n'0 self = n'0 o + Seq.length visited /\ produces'1 (iter'0 self) visited (iter'0 o) - goal refines : [%#sord0] forall x : uint64 . forall y : uint64 . forall result : () . (x >= y) - = (cmp_log'0 x y <> C_Less'0) -> (x >= y) = (cmp_log'0 x y <> C_Less'0) + goal refines : [%#stake0] forall a : t_Take'0 . forall ab : Seq.seq t_Item'0 . forall b : t_Take'0 . forall bc : Seq.seq t_Item'0 . forall c : t_Take'0 . produces'0 b bc c + /\ produces'0 a ab b + -> produces'0 b bc c + /\ produces'0 a ab b /\ (forall result : () . produces'0 a (Seq.(++) ab bc) c -> produces'0 a (Seq.(++) ab bc) c) end -module M_creusot_contracts__logic__ord__qyi11489483489418918928__antisym2__refines [#"../../../creusot-contracts/src/logic/ord.rs" 169 8 169 37] (* *) - let%span sord0 = "../../../creusot-contracts/src/logic/ord.rs" 169 8 169 37 - let%span sord1 = "../../../creusot-contracts/src/logic/ord.rs" 186 16 192 17 +module M_creusot_contracts__stdqy35z1__iter__zip__qyi2281060687216883844__produces_trans__refines [#"../../../creusot-contracts/src/std/iter/zip.rs" 63 4 63 90] (* as std::iter::Iterator> *) + let%span szip0 = "../../../creusot-contracts/src/std/iter/zip.rs" 63 4 63 90 + let%span szip1 = "../../../creusot-contracts/src/std/iter/zip.rs" 46 12 49 95 + let%span szip2 = "../../../creusot-contracts/src/std/iter/zip.rs" 14 14 14 39 + let%span szip3 = "../../../creusot-contracts/src/std/iter/zip.rs" 21 14 21 39 + let%span siter4 = "../../../creusot-contracts/src/std/iter.rs" 38 14 38 45 + let%span siter5 = "../../../creusot-contracts/src/std/iter.rs" 42 15 42 32 + let%span siter6 = "../../../creusot-contracts/src/std/iter.rs" 43 15 43 32 + let%span siter7 = "../../../creusot-contracts/src/std/iter.rs" 44 14 44 42 - use prelude.prelude.UInt64 + type t_A'0 - type t_Ordering'0 = - | C_Less'0 - | C_Equal'0 - | C_Greater'0 + type t_B'0 - use prelude.prelude.Int + use prelude.prelude.UIntSize - function cmp_log'0 [#"../../../creusot-contracts/src/logic/ord.rs" 185 12 185 49] (self : uint64) (o : uint64) : t_Ordering'0 - - = - [%#sord1] if self < o then C_Less'0 else if self = o then C_Equal'0 else C_Greater'0 + type t_Zip'0 = + { t_Zip__a'0: t_A'0; t_Zip__b'0: t_B'0; t_Zip__index'0: usize; t_Zip__len'0: usize; t_Zip__a_len'0: usize } - goal refines : [%#sord0] forall x : uint64 . forall y : uint64 . cmp_log'0 x y = C_Greater'0 - -> cmp_log'0 x y = C_Greater'0 /\ (forall result : () . cmp_log'0 y x = C_Less'0 -> cmp_log'0 y x = C_Less'0) -end -module M_creusot_contracts__logic__ord__qyi11489483489418918928__cmp_gt_log__refines [#"../../../creusot-contracts/src/logic/ord.rs" 145 8 145 39] (* *) - let%span sord0 = "../../../creusot-contracts/src/logic/ord.rs" 145 8 145 39 - let%span sord1 = "../../../creusot-contracts/src/logic/ord.rs" 186 16 192 17 + type t_Item'0 - use prelude.prelude.UInt64 + type t_Item'1 - use prelude.prelude.Int + use seq.Seq - type t_Ordering'0 = - | C_Less'0 - | C_Equal'0 - | C_Greater'0 + use seq.Seq - function cmp_log'0 [#"../../../creusot-contracts/src/logic/ord.rs" 185 12 185 49] (self : uint64) (o : uint64) : t_Ordering'0 - - = - [%#sord1] if self < o then C_Less'0 else if self = o then C_Equal'0 else C_Greater'0 + use seq.Seq - goal refines : [%#sord0] forall x : uint64 . forall y : uint64 . forall result : () . (x > y) - = (cmp_log'0 x y = C_Greater'0) -> (x > y) = (cmp_log'0 x y = C_Greater'0) -end -module M_creusot_contracts__logic__ord__qyi11489483489418918928__cmp_lt_log__refines [#"../../../creusot-contracts/src/logic/ord.rs" 135 8 135 39] (* *) - let%span sord0 = "../../../creusot-contracts/src/logic/ord.rs" 135 8 135 39 - let%span sord1 = "../../../creusot-contracts/src/logic/ord.rs" 186 16 192 17 + use seq.Seq - use prelude.prelude.UInt64 + use seq.Seq + + use seq.Seq use prelude.prelude.Int - type t_Ordering'0 = - | C_Less'0 - | C_Equal'0 - | C_Greater'0 + use seq.Seq - function cmp_log'0 [#"../../../creusot-contracts/src/logic/ord.rs" 185 12 185 49] (self : uint64) (o : uint64) : t_Ordering'0 - - = - [%#sord1] if self < o then C_Less'0 else if self = o then C_Equal'0 else C_Greater'0 + use seq.Seq - goal refines : [%#sord0] forall x : uint64 . forall y : uint64 . forall result : () . (x < y) - = (cmp_log'0 x y = C_Less'0) -> (x < y) = (cmp_log'0 x y = C_Less'0) -end -module M_creusot_contracts__logic__ord__qyi13757098721041279861__antisym2__refines [#"../../../creusot-contracts/src/logic/ord.rs" 169 8 169 37] (* *) - let%span sord0 = "../../../creusot-contracts/src/logic/ord.rs" 169 8 169 37 - let%span sord1 = "../../../creusot-contracts/src/logic/ord.rs" 186 16 192 17 + use seq.Seq - use prelude.prelude.UInt128 + predicate inv'1 [#"../../../creusot-contracts/src/invariant.rs" 41 0 41 35] (_1 : t_A'0) - type t_Ordering'0 = - | C_Less'0 - | C_Equal'0 - | C_Greater'0 + predicate inv'2 [#"../../../creusot-contracts/src/invariant.rs" 41 0 41 35] (_1 : t_B'0) - use prelude.prelude.Int + predicate inv'0 [#"../../../creusot-contracts/src/invariant.rs" 41 0 41 35] (_1 : t_Zip'0) - function cmp_log'0 [#"../../../creusot-contracts/src/logic/ord.rs" 185 12 185 49] (self : uint128) (o : uint128) : t_Ordering'0 - - = - [%#sord1] if self < o then C_Less'0 else if self = o then C_Equal'0 else C_Greater'0 + axiom inv_axiom'0 [@rewrite] : forall x : t_Zip'0 [inv'0 x] . inv'0 x + = match x with + | {t_Zip__a'0 = a ; t_Zip__b'0 = b ; t_Zip__index'0 = index ; t_Zip__len'0 = len ; t_Zip__a_len'0 = a_len} -> inv'1 a + /\ inv'2 b + end - goal refines : [%#sord0] forall x : uint128 . forall y : uint128 . cmp_log'0 x y = C_Greater'0 - -> cmp_log'0 x y = C_Greater'0 /\ (forall result : () . cmp_log'0 y x = C_Less'0 -> cmp_log'0 y x = C_Less'0) -end -module M_creusot_contracts__logic__ord__qyi13757098721041279861__cmp_le_log__refines [#"../../../creusot-contracts/src/logic/ord.rs" 130 8 130 39] (* *) - let%span sord0 = "../../../creusot-contracts/src/logic/ord.rs" 130 8 130 39 - let%span sord1 = "../../../creusot-contracts/src/logic/ord.rs" 186 16 192 17 + function itera'0 [#"../../../creusot-contracts/src/std/iter/zip.rs" 15 4 15 23] (self : t_Zip'0) : t_A'0 - use prelude.prelude.UInt128 + axiom itera'0_spec : forall self : t_Zip'0 . [%#szip2] inv'0 self -> inv'1 (itera'0 self) - use prelude.prelude.Int + use seq.Seq - type t_Ordering'0 = - | C_Less'0 - | C_Equal'0 - | C_Greater'0 + use seq.Seq - function cmp_log'0 [#"../../../creusot-contracts/src/logic/ord.rs" 185 12 185 49] (self : uint128) (o : uint128) : t_Ordering'0 + predicate produces'1 [#"../../../creusot-contracts/src/std/iter.rs" 32 4 32 65] (self : t_A'0) (visited : Seq.seq t_Item'0) (o : t_A'0) - = - [%#sord1] if self < o then C_Less'0 else if self = o then C_Equal'0 else C_Greater'0 - goal refines : [%#sord0] forall x : uint128 . forall y : uint128 . forall result : () . (x <= y) - = (cmp_log'0 x y <> C_Greater'0) -> (x <= y) = (cmp_log'0 x y <> C_Greater'0) -end -module M_creusot_contracts__logic__ord__qyi13757098721041279861__antisym1__refines [#"../../../creusot-contracts/src/logic/ord.rs" 163 8 163 37] (* *) - let%span sord0 = "../../../creusot-contracts/src/logic/ord.rs" 163 8 163 37 - let%span sord1 = "../../../creusot-contracts/src/logic/ord.rs" 186 16 192 17 + function produces_trans'1 [#"../../../creusot-contracts/src/std/iter.rs" 45 4 45 91] (a : t_A'0) (ab : Seq.seq t_Item'0) (b : t_A'0) (bc : Seq.seq t_Item'0) (c : t_A'0) : () + - use prelude.prelude.UInt128 + axiom produces_trans'1_spec : forall a : t_A'0, ab : Seq.seq t_Item'0, b : t_A'0, bc : Seq.seq t_Item'0, c : t_A'0 . ([%#siter5] produces'1 a ab b) + -> ([%#siter6] produces'1 b bc c) -> ([%#siter7] produces'1 a (Seq.(++) ab bc) c) - type t_Ordering'0 = - | C_Less'0 - | C_Equal'0 - | C_Greater'0 + function produces_refl'0 [#"../../../creusot-contracts/src/std/iter.rs" 39 4 39 27] (self : t_A'0) : () - use prelude.prelude.Int + axiom produces_refl'0_spec : forall self : t_A'0 . [%#siter4] produces'1 self (Seq.empty : Seq.seq t_Item'0) self - function cmp_log'0 [#"../../../creusot-contracts/src/logic/ord.rs" 185 12 185 49] (self : uint128) (o : uint128) : t_Ordering'0 + function iterb'0 [#"../../../creusot-contracts/src/std/iter/zip.rs" 22 4 22 23] (self : t_Zip'0) : t_B'0 + + axiom iterb'0_spec : forall self : t_Zip'0 . [%#szip3] inv'0 self -> inv'2 (iterb'0 self) + + use seq.Seq + + use seq.Seq + + predicate produces'2 [#"../../../creusot-contracts/src/std/iter.rs" 32 4 32 65] (self : t_B'0) (visited : Seq.seq t_Item'1) (o : t_B'0) - = - [%#sord1] if self < o then C_Less'0 else if self = o then C_Equal'0 else C_Greater'0 - goal refines : [%#sord0] forall x : uint128 . forall y : uint128 . cmp_log'0 x y = C_Less'0 - -> cmp_log'0 x y = C_Less'0 /\ (forall result : () . cmp_log'0 y x = C_Greater'0 -> cmp_log'0 y x = C_Greater'0) -end -module M_creusot_contracts__logic__ord__qyi13757098721041279861__trans__refines [#"../../../creusot-contracts/src/logic/ord.rs" 157 8 157 56] (* *) - let%span sord0 = "../../../creusot-contracts/src/logic/ord.rs" 157 8 157 56 - let%span sord1 = "../../../creusot-contracts/src/logic/ord.rs" 186 16 192 17 + function produces_trans'2 [#"../../../creusot-contracts/src/std/iter.rs" 45 4 45 91] (a : t_B'0) (ab : Seq.seq t_Item'1) (b : t_B'0) (bc : Seq.seq t_Item'1) (c : t_B'0) : () + - use prelude.prelude.UInt128 + axiom produces_trans'2_spec : forall a : t_B'0, ab : Seq.seq t_Item'1, b : t_B'0, bc : Seq.seq t_Item'1, c : t_B'0 . ([%#siter5] produces'2 a ab b) + -> ([%#siter6] produces'2 b bc c) -> ([%#siter7] produces'2 a (Seq.(++) ab bc) c) - type t_Ordering'0 = - | C_Less'0 - | C_Equal'0 - | C_Greater'0 + function produces_refl'1 [#"../../../creusot-contracts/src/std/iter.rs" 39 4 39 27] (self : t_B'0) : () - use prelude.prelude.Int + axiom produces_refl'1_spec : forall self : t_B'0 . [%#siter4] produces'2 self (Seq.empty : Seq.seq t_Item'1) self - function cmp_log'0 [#"../../../creusot-contracts/src/logic/ord.rs" 185 12 185 49] (self : uint128) (o : uint128) : t_Ordering'0 + predicate produces'0 [#"../../../creusot-contracts/src/std/iter/zip.rs" 43 4 43 64] (self : t_Zip'0) (visited : Seq.seq (t_Item'0, t_Item'1)) (o : t_Zip'0) = - [%#sord1] if self < o then C_Less'0 else if self = o then C_Equal'0 else C_Greater'0 + [%#szip1] exists p1 : Seq.seq t_Item'0, p2 : Seq.seq t_Item'1 . Seq.length p1 = Seq.length p2 + /\ Seq.length p2 = Seq.length visited + /\ (forall i : int . 0 <= i /\ i < Seq.length visited -> Seq.get visited i = (Seq.get p1 i, Seq.get p2 i)) + /\ produces'1 (itera'0 self) p1 (itera'0 o) /\ produces'2 (iterb'0 self) p2 (iterb'0 o) - goal refines : [%#sord0] forall x : uint128 . forall y : uint128 . forall z : uint128 . forall o : t_Ordering'0 . cmp_log'0 y z - = o - /\ cmp_log'0 x y = o - -> cmp_log'0 y z = o /\ cmp_log'0 x y = o /\ (forall result : () . cmp_log'0 x z = o -> cmp_log'0 x z = o) + use seq.Seq + + goal refines : [%#szip0] forall a : t_Zip'0 . forall ab : Seq.seq (t_Item'0, t_Item'1) . forall b : t_Zip'0 . forall bc : Seq.seq (t_Item'0, t_Item'1) . forall c : t_Zip'0 . produces'0 b bc c + /\ produces'0 a ab b + -> produces'0 b bc c + /\ produces'0 a ab b /\ (forall result : () . produces'0 a (Seq.(++) ab bc) c -> produces'0 a (Seq.(++) ab bc) c) end -module M_creusot_contracts__logic__ord__qyi13757098721041279861__refl__refines [#"../../../creusot-contracts/src/logic/ord.rs" 150 8 150 24] (* *) - let%span sord0 = "../../../creusot-contracts/src/logic/ord.rs" 150 8 150 24 - let%span sord1 = "../../../creusot-contracts/src/logic/ord.rs" 186 16 192 17 +module M_creusot_contracts__stdqy35z1__iter__zip__qyi2281060687216883844__produces_refl__refines [#"../../../creusot-contracts/src/std/iter/zip.rs" 56 4 56 26] (* as std::iter::Iterator> *) + let%span szip0 = "../../../creusot-contracts/src/std/iter/zip.rs" 56 4 56 26 + let%span szip1 = "../../../creusot-contracts/src/std/iter/zip.rs" 46 12 49 95 + let%span szip2 = "../../../creusot-contracts/src/std/iter/zip.rs" 14 14 14 39 + let%span szip3 = "../../../creusot-contracts/src/std/iter/zip.rs" 21 14 21 39 + let%span siter4 = "../../../creusot-contracts/src/std/iter.rs" 38 14 38 45 + let%span siter5 = "../../../creusot-contracts/src/std/iter.rs" 42 15 42 32 + let%span siter6 = "../../../creusot-contracts/src/std/iter.rs" 43 15 43 32 + let%span siter7 = "../../../creusot-contracts/src/std/iter.rs" 44 14 44 42 - use prelude.prelude.UInt128 + type t_A'0 - type t_Ordering'0 = - | C_Less'0 - | C_Equal'0 - | C_Greater'0 + type t_B'0 - use prelude.prelude.Int + use prelude.prelude.UIntSize - function cmp_log'0 [#"../../../creusot-contracts/src/logic/ord.rs" 185 12 185 49] (self : uint128) (o : uint128) : t_Ordering'0 - - = - [%#sord1] if self < o then C_Less'0 else if self = o then C_Equal'0 else C_Greater'0 + type t_Zip'0 = + { t_Zip__a'0: t_A'0; t_Zip__b'0: t_B'0; t_Zip__index'0: usize; t_Zip__len'0: usize; t_Zip__a_len'0: usize } - goal refines : [%#sord0] forall x : uint128 . forall result : () . cmp_log'0 x x = C_Equal'0 - -> cmp_log'0 x x = C_Equal'0 -end -module M_creusot_contracts__logic__ord__qyi13757098721041279861__cmp_ge_log__refines [#"../../../creusot-contracts/src/logic/ord.rs" 140 8 140 39] (* *) - let%span sord0 = "../../../creusot-contracts/src/logic/ord.rs" 140 8 140 39 - let%span sord1 = "../../../creusot-contracts/src/logic/ord.rs" 186 16 192 17 + use seq.Seq - use prelude.prelude.UInt128 + type t_Item'0 - use prelude.prelude.Int + type t_Item'1 - type t_Ordering'0 = - | C_Less'0 - | C_Equal'0 - | C_Greater'0 + use seq.Seq - function cmp_log'0 [#"../../../creusot-contracts/src/logic/ord.rs" 185 12 185 49] (self : uint128) (o : uint128) : t_Ordering'0 - - = - [%#sord1] if self < o then C_Less'0 else if self = o then C_Equal'0 else C_Greater'0 + use seq.Seq - goal refines : [%#sord0] forall x : uint128 . forall y : uint128 . forall result : () . (x >= y) - = (cmp_log'0 x y <> C_Less'0) -> (x >= y) = (cmp_log'0 x y <> C_Less'0) -end -module M_creusot_contracts__logic__ord__qyi13757098721041279861__eq_cmp__refines [#"../../../creusot-contracts/src/logic/ord.rs" 174 8 174 35] (* *) - let%span sord0 = "../../../creusot-contracts/src/logic/ord.rs" 174 8 174 35 - let%span sord1 = "../../../creusot-contracts/src/logic/ord.rs" 186 16 192 17 + use seq.Seq - use prelude.prelude.UInt128 + use seq.Seq - type t_Ordering'0 = - | C_Less'0 - | C_Equal'0 - | C_Greater'0 + use seq.Seq + + use seq.Seq use prelude.prelude.Int - function cmp_log'0 [#"../../../creusot-contracts/src/logic/ord.rs" 185 12 185 49] (self : uint128) (o : uint128) : t_Ordering'0 - - = - [%#sord1] if self < o then C_Less'0 else if self = o then C_Equal'0 else C_Greater'0 + use seq.Seq - goal refines : [%#sord0] forall x : uint128 . forall y : uint128 . forall result : () . (x = y) - = (cmp_log'0 x y = C_Equal'0) -> (x = y) = (cmp_log'0 x y = C_Equal'0) -end -module M_creusot_contracts__logic__ord__qyi13757098721041279861__cmp_gt_log__refines [#"../../../creusot-contracts/src/logic/ord.rs" 145 8 145 39] (* *) - let%span sord0 = "../../../creusot-contracts/src/logic/ord.rs" 145 8 145 39 - let%span sord1 = "../../../creusot-contracts/src/logic/ord.rs" 186 16 192 17 + use seq.Seq - use prelude.prelude.UInt128 + use seq.Seq - use prelude.prelude.Int + predicate inv'1 [#"../../../creusot-contracts/src/invariant.rs" 41 0 41 35] (_1 : t_A'0) - type t_Ordering'0 = - | C_Less'0 - | C_Equal'0 - | C_Greater'0 + predicate inv'2 [#"../../../creusot-contracts/src/invariant.rs" 41 0 41 35] (_1 : t_B'0) - function cmp_log'0 [#"../../../creusot-contracts/src/logic/ord.rs" 185 12 185 49] (self : uint128) (o : uint128) : t_Ordering'0 - - = - [%#sord1] if self < o then C_Less'0 else if self = o then C_Equal'0 else C_Greater'0 + predicate inv'0 [#"../../../creusot-contracts/src/invariant.rs" 41 0 41 35] (_1 : t_Zip'0) - goal refines : [%#sord0] forall x : uint128 . forall y : uint128 . forall result : () . (x > y) - = (cmp_log'0 x y = C_Greater'0) -> (x > y) = (cmp_log'0 x y = C_Greater'0) -end -module M_creusot_contracts__logic__ord__qyi13757098721041279861__cmp_lt_log__refines [#"../../../creusot-contracts/src/logic/ord.rs" 135 8 135 39] (* *) - let%span sord0 = "../../../creusot-contracts/src/logic/ord.rs" 135 8 135 39 - let%span sord1 = "../../../creusot-contracts/src/logic/ord.rs" 186 16 192 17 + axiom inv_axiom'0 [@rewrite] : forall x : t_Zip'0 [inv'0 x] . inv'0 x + = match x with + | {t_Zip__a'0 = a ; t_Zip__b'0 = b ; t_Zip__index'0 = index ; t_Zip__len'0 = len ; t_Zip__a_len'0 = a_len} -> inv'1 a + /\ inv'2 b + end - use prelude.prelude.UInt128 + function itera'0 [#"../../../creusot-contracts/src/std/iter/zip.rs" 15 4 15 23] (self : t_Zip'0) : t_A'0 - use prelude.prelude.Int + axiom itera'0_spec : forall self : t_Zip'0 . [%#szip2] inv'0 self -> inv'1 (itera'0 self) - type t_Ordering'0 = - | C_Less'0 - | C_Equal'0 - | C_Greater'0 + use seq.Seq - function cmp_log'0 [#"../../../creusot-contracts/src/logic/ord.rs" 185 12 185 49] (self : uint128) (o : uint128) : t_Ordering'0 - - = - [%#sord1] if self < o then C_Less'0 else if self = o then C_Equal'0 else C_Greater'0 + use seq.Seq - goal refines : [%#sord0] forall x : uint128 . forall y : uint128 . forall result : () . (x < y) - = (cmp_log'0 x y = C_Less'0) -> (x < y) = (cmp_log'0 x y = C_Less'0) -end -module M_creusot_contracts__logic__ord__qyi8186105652185060096__antisym1__refines [#"../../../creusot-contracts/src/logic/ord.rs" 163 8 163 37] (* *) - let%span sord0 = "../../../creusot-contracts/src/logic/ord.rs" 163 8 163 37 - let%span sord1 = "../../../creusot-contracts/src/logic/ord.rs" 186 16 192 17 + predicate produces'1 [#"../../../creusot-contracts/src/std/iter.rs" 32 4 32 65] (self : t_A'0) (visited : Seq.seq t_Item'0) (o : t_A'0) + - use prelude.prelude.UIntSize + function produces_trans'0 [#"../../../creusot-contracts/src/std/iter.rs" 45 4 45 91] (a : t_A'0) (ab : Seq.seq t_Item'0) (b : t_A'0) (bc : Seq.seq t_Item'0) (c : t_A'0) : () + - type t_Ordering'0 = - | C_Less'0 - | C_Equal'0 - | C_Greater'0 + axiom produces_trans'0_spec : forall a : t_A'0, ab : Seq.seq t_Item'0, b : t_A'0, bc : Seq.seq t_Item'0, c : t_A'0 . ([%#siter5] produces'1 a ab b) + -> ([%#siter6] produces'1 b bc c) -> ([%#siter7] produces'1 a (Seq.(++) ab bc) c) - use prelude.prelude.Int + function produces_refl'1 [#"../../../creusot-contracts/src/std/iter.rs" 39 4 39 27] (self : t_A'0) : () - function cmp_log'0 [#"../../../creusot-contracts/src/logic/ord.rs" 185 12 185 49] (self : usize) (o : usize) : t_Ordering'0 - - = - [%#sord1] if self < o then C_Less'0 else if self = o then C_Equal'0 else C_Greater'0 + axiom produces_refl'1_spec : forall self : t_A'0 . [%#siter4] produces'1 self (Seq.empty : Seq.seq t_Item'0) self - goal refines : [%#sord0] forall x : usize . forall y : usize . cmp_log'0 x y = C_Less'0 - -> cmp_log'0 x y = C_Less'0 /\ (forall result : () . cmp_log'0 y x = C_Greater'0 -> cmp_log'0 y x = C_Greater'0) -end -module M_creusot_contracts__logic__ord__qyi8186105652185060096__cmp_ge_log__refines [#"../../../creusot-contracts/src/logic/ord.rs" 140 8 140 39] (* *) - let%span sord0 = "../../../creusot-contracts/src/logic/ord.rs" 140 8 140 39 - let%span sord1 = "../../../creusot-contracts/src/logic/ord.rs" 186 16 192 17 + function iterb'0 [#"../../../creusot-contracts/src/std/iter/zip.rs" 22 4 22 23] (self : t_Zip'0) : t_B'0 - use prelude.prelude.UIntSize + axiom iterb'0_spec : forall self : t_Zip'0 . [%#szip3] inv'0 self -> inv'2 (iterb'0 self) - use prelude.prelude.Int + use seq.Seq - type t_Ordering'0 = - | C_Less'0 - | C_Equal'0 - | C_Greater'0 + use seq.Seq - function cmp_log'0 [#"../../../creusot-contracts/src/logic/ord.rs" 185 12 185 49] (self : usize) (o : usize) : t_Ordering'0 + predicate produces'2 [#"../../../creusot-contracts/src/std/iter.rs" 32 4 32 65] (self : t_B'0) (visited : Seq.seq t_Item'1) (o : t_B'0) - = - [%#sord1] if self < o then C_Less'0 else if self = o then C_Equal'0 else C_Greater'0 - goal refines : [%#sord0] forall x : usize . forall y : usize . forall result : () . (x >= y) - = (cmp_log'0 x y <> C_Less'0) -> (x >= y) = (cmp_log'0 x y <> C_Less'0) -end -module M_creusot_contracts__logic__ord__qyi8186105652185060096__cmp_le_log__refines [#"../../../creusot-contracts/src/logic/ord.rs" 130 8 130 39] (* *) - let%span sord0 = "../../../creusot-contracts/src/logic/ord.rs" 130 8 130 39 - let%span sord1 = "../../../creusot-contracts/src/logic/ord.rs" 186 16 192 17 + function produces_trans'1 [#"../../../creusot-contracts/src/std/iter.rs" 45 4 45 91] (a : t_B'0) (ab : Seq.seq t_Item'1) (b : t_B'0) (bc : Seq.seq t_Item'1) (c : t_B'0) : () + - use prelude.prelude.UIntSize + axiom produces_trans'1_spec : forall a : t_B'0, ab : Seq.seq t_Item'1, b : t_B'0, bc : Seq.seq t_Item'1, c : t_B'0 . ([%#siter5] produces'2 a ab b) + -> ([%#siter6] produces'2 b bc c) -> ([%#siter7] produces'2 a (Seq.(++) ab bc) c) - use prelude.prelude.Int + function produces_refl'2 [#"../../../creusot-contracts/src/std/iter.rs" 39 4 39 27] (self : t_B'0) : () - type t_Ordering'0 = - | C_Less'0 - | C_Equal'0 - | C_Greater'0 + axiom produces_refl'2_spec : forall self : t_B'0 . [%#siter4] produces'2 self (Seq.empty : Seq.seq t_Item'1) self - function cmp_log'0 [#"../../../creusot-contracts/src/logic/ord.rs" 185 12 185 49] (self : usize) (o : usize) : t_Ordering'0 + predicate produces'0 [#"../../../creusot-contracts/src/std/iter/zip.rs" 43 4 43 64] (self : t_Zip'0) (visited : Seq.seq (t_Item'0, t_Item'1)) (o : t_Zip'0) = - [%#sord1] if self < o then C_Less'0 else if self = o then C_Equal'0 else C_Greater'0 + [%#szip1] exists p1 : Seq.seq t_Item'0, p2 : Seq.seq t_Item'1 . Seq.length p1 = Seq.length p2 + /\ Seq.length p2 = Seq.length visited + /\ (forall i : int . 0 <= i /\ i < Seq.length visited -> Seq.get visited i = (Seq.get p1 i, Seq.get p2 i)) + /\ produces'1 (itera'0 self) p1 (itera'0 o) /\ produces'2 (iterb'0 self) p2 (iterb'0 o) - goal refines : [%#sord0] forall x : usize . forall y : usize . forall result : () . (x <= y) - = (cmp_log'0 x y <> C_Greater'0) -> (x <= y) = (cmp_log'0 x y <> C_Greater'0) + goal refines : [%#szip0] forall self : t_Zip'0 . forall result : () . produces'0 self (Seq.empty : Seq.seq (t_Item'0, t_Item'1)) self + -> produces'0 self (Seq.empty : Seq.seq (t_Item'0, t_Item'1)) self end -module M_creusot_contracts__logic__ord__qyi8186105652185060096__cmp_lt_log__refines [#"../../../creusot-contracts/src/logic/ord.rs" 135 8 135 39] (* *) - let%span sord0 = "../../../creusot-contracts/src/logic/ord.rs" 135 8 135 39 - let%span sord1 = "../../../creusot-contracts/src/logic/ord.rs" 186 16 192 17 +module M_creusot_contracts__stdqy35z1__iter__qyi8355237225316942617__produces_refl__refines [#"../../../creusot-contracts/src/std/iter.rs" 223 4 223 26] (* <&mut I as std::iter::Iterator> *) + let%span siter0 = "../../../creusot-contracts/src/std/iter.rs" 223 4 223 26 + let%span siter1 = "../../../creusot-contracts/src/std/iter.rs" 211 20 211 64 + let%span siter2 = "../../../creusot-contracts/src/std/iter.rs" 38 14 38 45 + let%span siter3 = "../../../creusot-contracts/src/std/iter.rs" 42 15 42 32 + let%span siter4 = "../../../creusot-contracts/src/std/iter.rs" 43 15 43 32 + let%span siter5 = "../../../creusot-contracts/src/std/iter.rs" 44 14 44 42 - use prelude.prelude.UIntSize + use prelude.prelude.Borrow - use prelude.prelude.Int + type t_I'0 - type t_Ordering'0 = - | C_Less'0 - | C_Equal'0 - | C_Greater'0 + use seq.Seq - function cmp_log'0 [#"../../../creusot-contracts/src/logic/ord.rs" 185 12 185 49] (self : usize) (o : usize) : t_Ordering'0 + type t_Item'0 + + use seq.Seq + + use seq.Seq + + predicate produces'1 [#"../../../creusot-contracts/src/std/iter.rs" 32 4 32 65] (self : t_I'0) (visited : Seq.seq t_Item'0) (o : t_I'0) - = - [%#sord1] if self < o then C_Less'0 else if self = o then C_Equal'0 else C_Greater'0 - goal refines : [%#sord0] forall x : usize . forall y : usize . forall result : () . (x < y) - = (cmp_log'0 x y = C_Less'0) -> (x < y) = (cmp_log'0 x y = C_Less'0) -end -module M_creusot_contracts__logic__ord__qyi8186105652185060096__cmp_gt_log__refines [#"../../../creusot-contracts/src/logic/ord.rs" 145 8 145 39] (* *) - let%span sord0 = "../../../creusot-contracts/src/logic/ord.rs" 145 8 145 39 - let%span sord1 = "../../../creusot-contracts/src/logic/ord.rs" 186 16 192 17 + function produces_trans'0 [#"../../../creusot-contracts/src/std/iter.rs" 45 4 45 91] (a : t_I'0) (ab : Seq.seq t_Item'0) (b : t_I'0) (bc : Seq.seq t_Item'0) (c : t_I'0) : () + - use prelude.prelude.UIntSize + axiom produces_trans'0_spec : forall a : t_I'0, ab : Seq.seq t_Item'0, b : t_I'0, bc : Seq.seq t_Item'0, c : t_I'0 . ([%#siter3] produces'1 a ab b) + -> ([%#siter4] produces'1 b bc c) -> ([%#siter5] produces'1 a (Seq.(++) ab bc) c) - use prelude.prelude.Int + function produces_refl'1 [#"../../../creusot-contracts/src/std/iter.rs" 39 4 39 27] (self : t_I'0) : () - type t_Ordering'0 = - | C_Less'0 - | C_Equal'0 - | C_Greater'0 + axiom produces_refl'1_spec : forall self : t_I'0 . [%#siter2] produces'1 self (Seq.empty : Seq.seq t_Item'0) self - function cmp_log'0 [#"../../../creusot-contracts/src/logic/ord.rs" 185 12 185 49] (self : usize) (o : usize) : t_Ordering'0 + predicate produces'0 [#"../../../creusot-contracts/src/std/iter.rs" 210 4 210 64] (self : borrowed t_I'0) (visited : Seq.seq t_Item'0) (o : borrowed t_I'0) = - [%#sord1] if self < o then C_Less'0 else if self = o then C_Equal'0 else C_Greater'0 + [%#siter1] produces'1 self.current visited o.current /\ self.final = o.final - goal refines : [%#sord0] forall x : usize . forall y : usize . forall result : () . (x > y) - = (cmp_log'0 x y = C_Greater'0) -> (x > y) = (cmp_log'0 x y = C_Greater'0) + goal refines : [%#siter0] forall self : borrowed t_I'0 . forall result : () . produces'0 self (Seq.empty : Seq.seq t_Item'0) self + -> produces'0 self (Seq.empty : Seq.seq t_Item'0) self end -module M_creusot_contracts__logic__ord__qyi8186105652185060096__trans__refines [#"../../../creusot-contracts/src/logic/ord.rs" 157 8 157 56] (* *) - let%span sord0 = "../../../creusot-contracts/src/logic/ord.rs" 157 8 157 56 - let%span sord1 = "../../../creusot-contracts/src/logic/ord.rs" 186 16 192 17 +module M_creusot_contracts__stdqy35z1__iter__qyi8355237225316942617__produces_trans__refines [#"../../../creusot-contracts/src/std/iter.rs" 230 4 230 90] (* <&mut I as std::iter::Iterator> *) + let%span siter0 = "../../../creusot-contracts/src/std/iter.rs" 230 4 230 90 + let%span siter1 = "../../../creusot-contracts/src/std/iter.rs" 211 20 211 64 + let%span siter2 = "../../../creusot-contracts/src/std/iter.rs" 38 14 38 45 + let%span siter3 = "../../../creusot-contracts/src/std/iter.rs" 42 15 42 32 + let%span siter4 = "../../../creusot-contracts/src/std/iter.rs" 43 15 43 32 + let%span siter5 = "../../../creusot-contracts/src/std/iter.rs" 44 14 44 42 - use prelude.prelude.UIntSize + use prelude.prelude.Borrow - type t_Ordering'0 = - | C_Less'0 - | C_Equal'0 - | C_Greater'0 + type t_I'0 - use prelude.prelude.Int + type t_Item'0 - function cmp_log'0 [#"../../../creusot-contracts/src/logic/ord.rs" 185 12 185 49] (self : usize) (o : usize) : t_Ordering'0 + use seq.Seq + + use seq.Seq + + use seq.Seq + + predicate produces'1 [#"../../../creusot-contracts/src/std/iter.rs" 32 4 32 65] (self : t_I'0) (visited : Seq.seq t_Item'0) (o : t_I'0) - = - [%#sord1] if self < o then C_Less'0 else if self = o then C_Equal'0 else C_Greater'0 - goal refines : [%#sord0] forall x : usize . forall y : usize . forall z : usize . forall o : t_Ordering'0 . cmp_log'0 y z - = o - /\ cmp_log'0 x y = o - -> cmp_log'0 y z = o /\ cmp_log'0 x y = o /\ (forall result : () . cmp_log'0 x z = o -> cmp_log'0 x z = o) -end -module M_creusot_contracts__logic__ord__qyi8186105652185060096__eq_cmp__refines [#"../../../creusot-contracts/src/logic/ord.rs" 174 8 174 35] (* *) - let%span sord0 = "../../../creusot-contracts/src/logic/ord.rs" 174 8 174 35 - let%span sord1 = "../../../creusot-contracts/src/logic/ord.rs" 186 16 192 17 + function produces_trans'1 [#"../../../creusot-contracts/src/std/iter.rs" 45 4 45 91] (a : t_I'0) (ab : Seq.seq t_Item'0) (b : t_I'0) (bc : Seq.seq t_Item'0) (c : t_I'0) : () + - use prelude.prelude.UIntSize + axiom produces_trans'1_spec : forall a : t_I'0, ab : Seq.seq t_Item'0, b : t_I'0, bc : Seq.seq t_Item'0, c : t_I'0 . ([%#siter3] produces'1 a ab b) + -> ([%#siter4] produces'1 b bc c) -> ([%#siter5] produces'1 a (Seq.(++) ab bc) c) - type t_Ordering'0 = - | C_Less'0 - | C_Equal'0 - | C_Greater'0 + function produces_refl'0 [#"../../../creusot-contracts/src/std/iter.rs" 39 4 39 27] (self : t_I'0) : () - use prelude.prelude.Int + axiom produces_refl'0_spec : forall self : t_I'0 . [%#siter2] produces'1 self (Seq.empty : Seq.seq t_Item'0) self - function cmp_log'0 [#"../../../creusot-contracts/src/logic/ord.rs" 185 12 185 49] (self : usize) (o : usize) : t_Ordering'0 + predicate produces'0 [#"../../../creusot-contracts/src/std/iter.rs" 210 4 210 64] (self : borrowed t_I'0) (visited : Seq.seq t_Item'0) (o : borrowed t_I'0) = - [%#sord1] if self < o then C_Less'0 else if self = o then C_Equal'0 else C_Greater'0 + [%#siter1] produces'1 self.current visited o.current /\ self.final = o.final - goal refines : [%#sord0] forall x : usize . forall y : usize . forall result : () . (x = y) - = (cmp_log'0 x y = C_Equal'0) -> (x = y) = (cmp_log'0 x y = C_Equal'0) + goal refines : [%#siter0] forall a : borrowed t_I'0 . forall ab : Seq.seq t_Item'0 . forall b : borrowed t_I'0 . forall bc : Seq.seq t_Item'0 . forall c : borrowed t_I'0 . produces'0 b bc c + /\ produces'0 a ab b + -> produces'0 b bc c + /\ produces'0 a ab b /\ (forall result : () . produces'0 a (Seq.(++) ab bc) c -> produces'0 a (Seq.(++) ab bc) c) end -module M_creusot_contracts__logic__ord__qyi8186105652185060096__antisym2__refines [#"../../../creusot-contracts/src/logic/ord.rs" 169 8 169 37] (* *) - let%span sord0 = "../../../creusot-contracts/src/logic/ord.rs" 169 8 169 37 - let%span sord1 = "../../../creusot-contracts/src/logic/ord.rs" 186 16 192 17 +module M_creusot_contracts__stdqy35z1__option__qyi15354566128244900690__produces_refl__refines [#"../../../creusot-contracts/src/std/option.rs" 477 4 477 26] (* as std::iter::Iterator> *) + let%span soption0 = "../../../creusot-contracts/src/std/option.rs" 477 4 477 26 + let%span soption1 = "../../../creusot-contracts/src/std/option.rs" 469 12 470 96 - use prelude.prelude.UIntSize + type t_T'0 - type t_Ordering'0 = - | C_Less'0 - | C_Equal'0 - | C_Greater'0 + type t_Option'0 = + | C_None'0 + | C_Some'0 t_T'0 - use prelude.prelude.Int + type t_Item'0 = + { t_Item__opt'0: t_Option'0 } - function cmp_log'0 [#"../../../creusot-contracts/src/logic/ord.rs" 185 12 185 49] (self : usize) (o : usize) : t_Ordering'0 - - = - [%#sord1] if self < o then C_Less'0 else if self = o then C_Equal'0 else C_Greater'0 + type t_IntoIter'0 = + { t_IntoIter__inner'0: t_Item'0 } - goal refines : [%#sord0] forall x : usize . forall y : usize . cmp_log'0 x y = C_Greater'0 - -> cmp_log'0 x y = C_Greater'0 /\ (forall result : () . cmp_log'0 y x = C_Less'0 -> cmp_log'0 y x = C_Less'0) -end -module M_creusot_contracts__logic__ord__qyi8186105652185060096__refl__refines [#"../../../creusot-contracts/src/logic/ord.rs" 150 8 150 24] (* *) - let%span sord0 = "../../../creusot-contracts/src/logic/ord.rs" 150 8 150 24 - let%span sord1 = "../../../creusot-contracts/src/logic/ord.rs" 186 16 192 17 + use seq.Seq - use prelude.prelude.UIntSize + use seq.Seq - type t_Ordering'0 = - | C_Less'0 - | C_Equal'0 - | C_Greater'0 + function view'0 [#"../../../creusot-contracts/src/std/option.rs" 453 4 453 30] (self : t_IntoIter'0) : t_Option'0 - use prelude.prelude.Int + use seq.Seq - function cmp_log'0 [#"../../../creusot-contracts/src/logic/ord.rs" 185 12 185 49] (self : usize) (o : usize) : t_Ordering'0 + predicate produces'0 [#"../../../creusot-contracts/src/std/option.rs" 467 4 467 64] (self : t_IntoIter'0) (visited : Seq.seq t_T'0) (o : t_IntoIter'0) = - [%#sord1] if self < o then C_Less'0 else if self = o then C_Equal'0 else C_Greater'0 + [%#soption1] visited = (Seq.empty : Seq.seq t_T'0) /\ self = o + \/ (exists e : t_T'0 . view'0 self = C_Some'0 e /\ visited = Seq.singleton e /\ view'0 o = C_None'0) - goal refines : [%#sord0] forall x : usize . forall result : () . cmp_log'0 x x = C_Equal'0 - -> cmp_log'0 x x = C_Equal'0 + goal refines : [%#soption0] forall self : t_IntoIter'0 . forall result : () . produces'0 self (Seq.empty : Seq.seq t_T'0) self + -> produces'0 self (Seq.empty : Seq.seq t_T'0) self end -module M_creusot_contracts__logic__ord__qyi18413678402769648790__cmp_lt_log__refines [#"../../../creusot-contracts/src/logic/ord.rs" 135 8 135 39] (* *) - let%span sord0 = "../../../creusot-contracts/src/logic/ord.rs" 135 8 135 39 - let%span sord1 = "../../../creusot-contracts/src/logic/ord.rs" 186 16 192 17 +module M_creusot_contracts__stdqy35z1__option__qyi15354566128244900690__produces_trans__refines [#"../../../creusot-contracts/src/std/option.rs" 484 4 484 90] (* as std::iter::Iterator> *) + let%span soption0 = "../../../creusot-contracts/src/std/option.rs" 484 4 484 90 + let%span soption1 = "../../../creusot-contracts/src/std/option.rs" 469 12 470 96 - use prelude.prelude.Int8 + type t_T'0 - use prelude.prelude.Int + type t_Option'0 = + | C_None'0 + | C_Some'0 t_T'0 - type t_Ordering'0 = - | C_Less'0 - | C_Equal'0 - | C_Greater'0 + type t_Item'0 = + { t_Item__opt'0: t_Option'0 } - function cmp_log'0 [#"../../../creusot-contracts/src/logic/ord.rs" 185 12 185 49] (self : int8) (o : int8) : t_Ordering'0 - - = - [%#sord1] if self < o then C_Less'0 else if self = o then C_Equal'0 else C_Greater'0 + type t_IntoIter'0 = + { t_IntoIter__inner'0: t_Item'0 } - goal refines : [%#sord0] forall x : int8 . forall y : int8 . forall result : () . (x < y) = (cmp_log'0 x y = C_Less'0) - -> (x < y) = (cmp_log'0 x y = C_Less'0) -end -module M_creusot_contracts__logic__ord__qyi18413678402769648790__cmp_ge_log__refines [#"../../../creusot-contracts/src/logic/ord.rs" 140 8 140 39] (* *) - let%span sord0 = "../../../creusot-contracts/src/logic/ord.rs" 140 8 140 39 - let%span sord1 = "../../../creusot-contracts/src/logic/ord.rs" 186 16 192 17 + use seq.Seq - use prelude.prelude.Int8 + use seq.Seq - use prelude.prelude.Int + function view'0 [#"../../../creusot-contracts/src/std/option.rs" 453 4 453 30] (self : t_IntoIter'0) : t_Option'0 - type t_Ordering'0 = - | C_Less'0 - | C_Equal'0 - | C_Greater'0 + use seq.Seq - function cmp_log'0 [#"../../../creusot-contracts/src/logic/ord.rs" 185 12 185 49] (self : int8) (o : int8) : t_Ordering'0 + predicate produces'0 [#"../../../creusot-contracts/src/std/option.rs" 467 4 467 64] (self : t_IntoIter'0) (visited : Seq.seq t_T'0) (o : t_IntoIter'0) = - [%#sord1] if self < o then C_Less'0 else if self = o then C_Equal'0 else C_Greater'0 + [%#soption1] visited = (Seq.empty : Seq.seq t_T'0) /\ self = o + \/ (exists e : t_T'0 . view'0 self = C_Some'0 e /\ visited = Seq.singleton e /\ view'0 o = C_None'0) - goal refines : [%#sord0] forall x : int8 . forall y : int8 . forall result : () . (x >= y) - = (cmp_log'0 x y <> C_Less'0) -> (x >= y) = (cmp_log'0 x y <> C_Less'0) + use seq.Seq + + goal refines : [%#soption0] forall a : t_IntoIter'0 . forall ab : Seq.seq t_T'0 . forall b : t_IntoIter'0 . forall bc : Seq.seq t_T'0 . forall c : t_IntoIter'0 . produces'0 b bc c + /\ produces'0 a ab b + -> produces'0 b bc c + /\ produces'0 a ab b /\ (forall result : () . produces'0 a (Seq.(++) ab bc) c -> produces'0 a (Seq.(++) ab bc) c) end -module M_creusot_contracts__logic__ord__qyi18413678402769648790__trans__refines [#"../../../creusot-contracts/src/logic/ord.rs" 157 8 157 56] (* *) - let%span sord0 = "../../../creusot-contracts/src/logic/ord.rs" 157 8 157 56 - let%span sord1 = "../../../creusot-contracts/src/logic/ord.rs" 186 16 192 17 +module M_creusot_contracts__stdqy35z1__option__qyi15411423289202690388__produces_refl__refines [#"../../../creusot-contracts/src/std/option.rs" 530 4 530 26] (* as std::iter::Iterator> *) + let%span soption0 = "../../../creusot-contracts/src/std/option.rs" 530 4 530 26 + let%span soption1 = "../../../creusot-contracts/src/std/option.rs" 522 12 523 96 - use prelude.prelude.Int8 + use prelude.prelude.Borrow - type t_Ordering'0 = - | C_Less'0 - | C_Equal'0 - | C_Greater'0 + type t_T'0 - use prelude.prelude.Int + type t_Option'0 = + | C_None'0 + | C_Some'0 t_T'0 - function cmp_log'0 [#"../../../creusot-contracts/src/logic/ord.rs" 185 12 185 49] (self : int8) (o : int8) : t_Ordering'0 - - = - [%#sord1] if self < o then C_Less'0 else if self = o then C_Equal'0 else C_Greater'0 + type t_Item'0 = + { t_Item__opt'0: t_Option'0 } - goal refines : [%#sord0] forall x : int8 . forall y : int8 . forall z : int8 . forall o : t_Ordering'0 . cmp_log'0 y z - = o - /\ cmp_log'0 x y = o - -> cmp_log'0 y z = o /\ cmp_log'0 x y = o /\ (forall result : () . cmp_log'0 x z = o -> cmp_log'0 x z = o) -end -module M_creusot_contracts__logic__ord__qyi18413678402769648790__refl__refines [#"../../../creusot-contracts/src/logic/ord.rs" 150 8 150 24] (* *) - let%span sord0 = "../../../creusot-contracts/src/logic/ord.rs" 150 8 150 24 - let%span sord1 = "../../../creusot-contracts/src/logic/ord.rs" 186 16 192 17 + type t_Iter'0 = + { t_Iter__inner'0: t_Item'0 } - use prelude.prelude.Int8 + use seq.Seq - type t_Ordering'0 = - | C_Less'0 - | C_Equal'0 - | C_Greater'0 + use seq.Seq - use prelude.prelude.Int + function view'0 [#"../../../creusot-contracts/src/std/option.rs" 506 4 506 34] (self : t_Iter'0) : t_Option'0 - function cmp_log'0 [#"../../../creusot-contracts/src/logic/ord.rs" 185 12 185 49] (self : int8) (o : int8) : t_Ordering'0 + use seq.Seq + + predicate produces'0 [#"../../../creusot-contracts/src/std/option.rs" 520 4 520 64] (self : t_Iter'0) (visited : Seq.seq t_T'0) (o : t_Iter'0) = - [%#sord1] if self < o then C_Less'0 else if self = o then C_Equal'0 else C_Greater'0 + [%#soption1] visited = (Seq.empty : Seq.seq t_T'0) /\ self = o + \/ (exists e : t_T'0 . view'0 self = C_Some'0 e /\ visited = Seq.singleton e /\ view'0 o = C_None'0) - goal refines : [%#sord0] forall x : int8 . forall result : () . cmp_log'0 x x = C_Equal'0 - -> cmp_log'0 x x = C_Equal'0 + goal refines : [%#soption0] forall self : t_Iter'0 . forall result : () . produces'0 self (Seq.empty : Seq.seq t_T'0) self + -> produces'0 self (Seq.empty : Seq.seq t_T'0) self end -module M_creusot_contracts__logic__ord__qyi18413678402769648790__antisym1__refines [#"../../../creusot-contracts/src/logic/ord.rs" 163 8 163 37] (* *) - let%span sord0 = "../../../creusot-contracts/src/logic/ord.rs" 163 8 163 37 - let%span sord1 = "../../../creusot-contracts/src/logic/ord.rs" 186 16 192 17 +module M_creusot_contracts__stdqy35z1__option__qyi15411423289202690388__produces_trans__refines [#"../../../creusot-contracts/src/std/option.rs" 537 4 537 90] (* as std::iter::Iterator> *) + let%span soption0 = "../../../creusot-contracts/src/std/option.rs" 537 4 537 90 + let%span soption1 = "../../../creusot-contracts/src/std/option.rs" 522 12 523 96 - use prelude.prelude.Int8 + use prelude.prelude.Borrow - type t_Ordering'0 = - | C_Less'0 - | C_Equal'0 - | C_Greater'0 + type t_T'0 - use prelude.prelude.Int + type t_Option'0 = + | C_None'0 + | C_Some'0 t_T'0 - function cmp_log'0 [#"../../../creusot-contracts/src/logic/ord.rs" 185 12 185 49] (self : int8) (o : int8) : t_Ordering'0 - - = - [%#sord1] if self < o then C_Less'0 else if self = o then C_Equal'0 else C_Greater'0 + type t_Item'0 = + { t_Item__opt'0: t_Option'0 } - goal refines : [%#sord0] forall x : int8 . forall y : int8 . cmp_log'0 x y = C_Less'0 - -> cmp_log'0 x y = C_Less'0 /\ (forall result : () . cmp_log'0 y x = C_Greater'0 -> cmp_log'0 y x = C_Greater'0) -end -module M_creusot_contracts__logic__ord__qyi18413678402769648790__cmp_gt_log__refines [#"../../../creusot-contracts/src/logic/ord.rs" 145 8 145 39] (* *) - let%span sord0 = "../../../creusot-contracts/src/logic/ord.rs" 145 8 145 39 - let%span sord1 = "../../../creusot-contracts/src/logic/ord.rs" 186 16 192 17 + type t_Iter'0 = + { t_Iter__inner'0: t_Item'0 } - use prelude.prelude.Int8 + use seq.Seq - use prelude.prelude.Int + use seq.Seq - type t_Ordering'0 = - | C_Less'0 - | C_Equal'0 - | C_Greater'0 + function view'0 [#"../../../creusot-contracts/src/std/option.rs" 506 4 506 34] (self : t_Iter'0) : t_Option'0 - function cmp_log'0 [#"../../../creusot-contracts/src/logic/ord.rs" 185 12 185 49] (self : int8) (o : int8) : t_Ordering'0 + use seq.Seq + + predicate produces'0 [#"../../../creusot-contracts/src/std/option.rs" 520 4 520 64] (self : t_Iter'0) (visited : Seq.seq t_T'0) (o : t_Iter'0) = - [%#sord1] if self < o then C_Less'0 else if self = o then C_Equal'0 else C_Greater'0 + [%#soption1] visited = (Seq.empty : Seq.seq t_T'0) /\ self = o + \/ (exists e : t_T'0 . view'0 self = C_Some'0 e /\ visited = Seq.singleton e /\ view'0 o = C_None'0) - goal refines : [%#sord0] forall x : int8 . forall y : int8 . forall result : () . (x > y) - = (cmp_log'0 x y = C_Greater'0) -> (x > y) = (cmp_log'0 x y = C_Greater'0) + use seq.Seq + + goal refines : [%#soption0] forall a : t_Iter'0 . forall ab : Seq.seq t_T'0 . forall b : t_Iter'0 . forall bc : Seq.seq t_T'0 . forall c : t_Iter'0 . produces'0 b bc c + /\ produces'0 a ab b + -> produces'0 b bc c + /\ produces'0 a ab b /\ (forall result : () . produces'0 a (Seq.(++) ab bc) c -> produces'0 a (Seq.(++) ab bc) c) end -module M_creusot_contracts__logic__ord__qyi18413678402769648790__eq_cmp__refines [#"../../../creusot-contracts/src/logic/ord.rs" 174 8 174 35] (* *) - let%span sord0 = "../../../creusot-contracts/src/logic/ord.rs" 174 8 174 35 - let%span sord1 = "../../../creusot-contracts/src/logic/ord.rs" 186 16 192 17 +module M_creusot_contracts__stdqy35z1__option__qyi6601631924869095363__produces_trans__refines [#"../../../creusot-contracts/src/std/option.rs" 593 4 593 90] (* as std::iter::Iterator> *) + let%span soption0 = "../../../creusot-contracts/src/std/option.rs" 593 4 593 90 + let%span soption1 = "../../../creusot-contracts/src/std/option.rs" 578 12 579 96 - use prelude.prelude.Int8 + use prelude.prelude.Borrow - type t_Ordering'0 = - | C_Less'0 - | C_Equal'0 - | C_Greater'0 + type t_T'0 - use prelude.prelude.Int + type t_Option'0 = + | C_None'0 + | C_Some'0 (borrowed t_T'0) - function cmp_log'0 [#"../../../creusot-contracts/src/logic/ord.rs" 185 12 185 49] (self : int8) (o : int8) : t_Ordering'0 - - = - [%#sord1] if self < o then C_Less'0 else if self = o then C_Equal'0 else C_Greater'0 + type t_Item'0 = + { t_Item__opt'0: t_Option'0 } - goal refines : [%#sord0] forall x : int8 . forall y : int8 . forall result : () . (x = y) - = (cmp_log'0 x y = C_Equal'0) -> (x = y) = (cmp_log'0 x y = C_Equal'0) -end -module M_creusot_contracts__logic__ord__qyi18413678402769648790__antisym2__refines [#"../../../creusot-contracts/src/logic/ord.rs" 169 8 169 37] (* *) - let%span sord0 = "../../../creusot-contracts/src/logic/ord.rs" 169 8 169 37 - let%span sord1 = "../../../creusot-contracts/src/logic/ord.rs" 186 16 192 17 + type t_IterMut'0 = + { t_IterMut__inner'0: t_Item'0 } - use prelude.prelude.Int8 + use seq.Seq - type t_Ordering'0 = - | C_Less'0 - | C_Equal'0 - | C_Greater'0 + use seq.Seq - use prelude.prelude.Int + function view'0 [#"../../../creusot-contracts/src/std/option.rs" 562 4 562 38] (self : t_IterMut'0) : t_Option'0 - function cmp_log'0 [#"../../../creusot-contracts/src/logic/ord.rs" 185 12 185 49] (self : int8) (o : int8) : t_Ordering'0 + use seq.Seq + + predicate produces'0 [#"../../../creusot-contracts/src/std/option.rs" 576 4 576 64] (self : t_IterMut'0) (visited : Seq.seq (borrowed t_T'0)) (o : t_IterMut'0) = - [%#sord1] if self < o then C_Less'0 else if self = o then C_Equal'0 else C_Greater'0 + [%#soption1] visited = (Seq.empty : Seq.seq (borrowed t_T'0)) /\ self = o + \/ (exists e : borrowed t_T'0 . view'0 self = C_Some'0 e /\ visited = Seq.singleton e /\ view'0 o = C_None'0) - goal refines : [%#sord0] forall x : int8 . forall y : int8 . cmp_log'0 x y = C_Greater'0 - -> cmp_log'0 x y = C_Greater'0 /\ (forall result : () . cmp_log'0 y x = C_Less'0 -> cmp_log'0 y x = C_Less'0) + use seq.Seq + + goal refines : [%#soption0] forall a : t_IterMut'0 . forall ab : Seq.seq (borrowed t_T'0) . forall b : t_IterMut'0 . forall bc : Seq.seq (borrowed t_T'0) . forall c : t_IterMut'0 . produces'0 b bc c + /\ produces'0 a ab b + -> produces'0 b bc c + /\ produces'0 a ab b /\ (forall result : () . produces'0 a (Seq.(++) ab bc) c -> produces'0 a (Seq.(++) ab bc) c) end -module M_creusot_contracts__logic__ord__qyi18413678402769648790__cmp_le_log__refines [#"../../../creusot-contracts/src/logic/ord.rs" 130 8 130 39] (* *) - let%span sord0 = "../../../creusot-contracts/src/logic/ord.rs" 130 8 130 39 - let%span sord1 = "../../../creusot-contracts/src/logic/ord.rs" 186 16 192 17 +module M_creusot_contracts__stdqy35z1__option__qyi6601631924869095363__produces_refl__refines [#"../../../creusot-contracts/src/std/option.rs" 586 4 586 26] (* as std::iter::Iterator> *) + let%span soption0 = "../../../creusot-contracts/src/std/option.rs" 586 4 586 26 + let%span soption1 = "../../../creusot-contracts/src/std/option.rs" 578 12 579 96 - use prelude.prelude.Int8 + use prelude.prelude.Borrow - use prelude.prelude.Int + type t_T'0 - type t_Ordering'0 = - | C_Less'0 - | C_Equal'0 - | C_Greater'0 + type t_Option'0 = + | C_None'0 + | C_Some'0 (borrowed t_T'0) - function cmp_log'0 [#"../../../creusot-contracts/src/logic/ord.rs" 185 12 185 49] (self : int8) (o : int8) : t_Ordering'0 - - = - [%#sord1] if self < o then C_Less'0 else if self = o then C_Equal'0 else C_Greater'0 + type t_Item'0 = + { t_Item__opt'0: t_Option'0 } - goal refines : [%#sord0] forall x : int8 . forall y : int8 . forall result : () . (x <= y) - = (cmp_log'0 x y <> C_Greater'0) -> (x <= y) = (cmp_log'0 x y <> C_Greater'0) -end -module M_creusot_contracts__logic__ord__qyi8040194823849327911__cmp_ge_log__refines [#"../../../creusot-contracts/src/logic/ord.rs" 140 8 140 39] (* *) - let%span sord0 = "../../../creusot-contracts/src/logic/ord.rs" 140 8 140 39 - let%span sord1 = "../../../creusot-contracts/src/logic/ord.rs" 186 16 192 17 + type t_IterMut'0 = + { t_IterMut__inner'0: t_Item'0 } - use prelude.prelude.Int16 + use seq.Seq - use prelude.prelude.Int + use seq.Seq - type t_Ordering'0 = - | C_Less'0 - | C_Equal'0 - | C_Greater'0 + function view'0 [#"../../../creusot-contracts/src/std/option.rs" 562 4 562 38] (self : t_IterMut'0) : t_Option'0 - function cmp_log'0 [#"../../../creusot-contracts/src/logic/ord.rs" 185 12 185 49] (self : int16) (o : int16) : t_Ordering'0 + use seq.Seq + + predicate produces'0 [#"../../../creusot-contracts/src/std/option.rs" 576 4 576 64] (self : t_IterMut'0) (visited : Seq.seq (borrowed t_T'0)) (o : t_IterMut'0) = - [%#sord1] if self < o then C_Less'0 else if self = o then C_Equal'0 else C_Greater'0 + [%#soption1] visited = (Seq.empty : Seq.seq (borrowed t_T'0)) /\ self = o + \/ (exists e : borrowed t_T'0 . view'0 self = C_Some'0 e /\ visited = Seq.singleton e /\ view'0 o = C_None'0) - goal refines : [%#sord0] forall x : int16 . forall y : int16 . forall result : () . (x >= y) - = (cmp_log'0 x y <> C_Less'0) -> (x >= y) = (cmp_log'0 x y <> C_Less'0) + goal refines : [%#soption0] forall self : t_IterMut'0 . forall result : () . produces'0 self (Seq.empty : Seq.seq (borrowed t_T'0)) self + -> produces'0 self (Seq.empty : Seq.seq (borrowed t_T'0)) self end -module M_creusot_contracts__logic__ord__qyi8040194823849327911__trans__refines [#"../../../creusot-contracts/src/logic/ord.rs" 157 8 157 56] (* *) - let%span sord0 = "../../../creusot-contracts/src/logic/ord.rs" 157 8 157 56 - let%span sord1 = "../../../creusot-contracts/src/logic/ord.rs" 186 16 192 17 +module M_creusot_contracts__stdqy35z1__slice__qyi8256668011736225471__produces_trans__refines [#"../../../creusot-contracts/src/std/slice.rs" 419 4 419 90] (* as std::iter::Iterator> *) + let%span sslice0 = "../../../creusot-contracts/src/std/slice.rs" 419 4 419 90 + let%span sslice1 = "../../../creusot-contracts/src/std/slice.rs" 405 12 405 66 + let%span sslice2 = "../../../creusot-contracts/src/std/slice.rs" 96 14 96 41 + let%span sslice3 = "../../../creusot-contracts/src/std/slice.rs" 97 14 97 80 + let%span smodel4 = "../../../creusot-contracts/src/model.rs" 92 8 92 22 + let%span sindex5 = "../../../creusot-contracts/src/logic/ops/index.rs" 49 8 49 31 + let%span sslice6 = "../../../creusot-contracts/src/std/slice.rs" 28 14 28 41 + let%span sslice7 = "../../../creusot-contracts/src/std/slice.rs" 29 14 29 42 - use prelude.prelude.Int16 + use prelude.prelude.Opaque - type t_Ordering'0 = - | C_Less'0 - | C_Equal'0 - | C_Greater'0 + type t_NonNull'0 = + { t_NonNull__pointer'0: opaque_ptr } - use prelude.prelude.Int + type t_Iter'0 = + { t_Iter__ptr'0: t_NonNull'0; t_Iter__end_or_len'0: opaque_ptr; t_Iter__qy95zmarker'0: () } - function cmp_log'0 [#"../../../creusot-contracts/src/logic/ord.rs" 185 12 185 49] (self : int16) (o : int16) : t_Ordering'0 - - = - [%#sord1] if self < o then C_Less'0 else if self = o then C_Equal'0 else C_Greater'0 + use prelude.prelude.Borrow - goal refines : [%#sord0] forall x : int16 . forall y : int16 . forall z : int16 . forall o : t_Ordering'0 . cmp_log'0 y z - = o - /\ cmp_log'0 x y = o - -> cmp_log'0 y z = o /\ cmp_log'0 x y = o /\ (forall result : () . cmp_log'0 x z = o -> cmp_log'0 x z = o) -end -module M_creusot_contracts__logic__ord__qyi8040194823849327911__cmp_le_log__refines [#"../../../creusot-contracts/src/logic/ord.rs" 130 8 130 39] (* *) - let%span sord0 = "../../../creusot-contracts/src/logic/ord.rs" 130 8 130 39 - let%span sord1 = "../../../creusot-contracts/src/logic/ord.rs" 186 16 192 17 + type t_T'0 - use prelude.prelude.Int16 + use seq.Seq - use prelude.prelude.Int + use prelude.prelude.Slice - type t_Ordering'0 = - | C_Less'0 - | C_Equal'0 - | C_Greater'0 + function view'0 [#"../../../creusot-contracts/src/std/slice.rs" 389 4 389 33] (self : t_Iter'0) : slice t_T'0 - function cmp_log'0 [#"../../../creusot-contracts/src/logic/ord.rs" 185 12 185 49] (self : int16) (o : int16) : t_Ordering'0 - - = - [%#sord1] if self < o then C_Less'0 else if self = o then C_Equal'0 else C_Greater'0 + use seq.Seq - goal refines : [%#sord0] forall x : int16 . forall y : int16 . forall result : () . (x <= y) - = (cmp_log'0 x y <> C_Greater'0) -> (x <= y) = (cmp_log'0 x y <> C_Greater'0) -end -module M_creusot_contracts__logic__ord__qyi8040194823849327911__refl__refines [#"../../../creusot-contracts/src/logic/ord.rs" 150 8 150 24] (* *) - let%span sord0 = "../../../creusot-contracts/src/logic/ord.rs" 150 8 150 24 - let%span sord1 = "../../../creusot-contracts/src/logic/ord.rs" 186 16 192 17 + use seq.Seq - use prelude.prelude.Int16 + use seq.Seq - type t_Ordering'0 = - | C_Less'0 - | C_Equal'0 - | C_Greater'0 + use prelude.prelude.UIntSize + + constant v_MAX'0 : usize = (18446744073709551615 : usize) + + use prelude.prelude.UIntSize use prelude.prelude.Int - function cmp_log'0 [#"../../../creusot-contracts/src/logic/ord.rs" 185 12 185 49] (self : int16) (o : int16) : t_Ordering'0 - - = - [%#sord1] if self < o then C_Less'0 else if self = o then C_Equal'0 else C_Greater'0 + use prelude.prelude.Slice - goal refines : [%#sord0] forall x : int16 . forall result : () . cmp_log'0 x x = C_Equal'0 - -> cmp_log'0 x x = C_Equal'0 -end -module M_creusot_contracts__logic__ord__qyi8040194823849327911__eq_cmp__refines [#"../../../creusot-contracts/src/logic/ord.rs" 174 8 174 35] (* *) - let%span sord0 = "../../../creusot-contracts/src/logic/ord.rs" 174 8 174 35 - let%span sord1 = "../../../creusot-contracts/src/logic/ord.rs" 186 16 192 17 + function view'2 [#"../../../creusot-contracts/src/std/slice.rs" 30 4 30 33] (self : slice t_T'0) : Seq.seq t_T'0 - use prelude.prelude.Int16 + axiom view'2_spec : forall self : slice t_T'0 . ([%#sslice6] Seq.length (view'2 self) + <= UIntSize.to_int (v_MAX'0 : usize)) + && ([%#sslice7] view'2 self = Slice.id self) - type t_Ordering'0 = - | C_Less'0 - | C_Equal'0 - | C_Greater'0 + function view'1 [#"../../../creusot-contracts/src/model.rs" 91 4 91 33] (self : slice t_T'0) : Seq.seq t_T'0 = + [%#smodel4] view'2 self - use prelude.prelude.Int + use seq.Seq - function cmp_log'0 [#"../../../creusot-contracts/src/logic/ord.rs" 185 12 185 49] (self : int16) (o : int16) : t_Ordering'0 + use seq.Seq + + function index_logic'0 [@inline:trivial] [#"../../../creusot-contracts/src/logic/ops/index.rs" 48 4 48 47] (self : slice t_T'0) (ix : int) : t_T'0 = - [%#sord1] if self < o then C_Less'0 else if self = o then C_Equal'0 else C_Greater'0 - - goal refines : [%#sord0] forall x : int16 . forall y : int16 . forall result : () . (x = y) - = (cmp_log'0 x y = C_Equal'0) -> (x = y) = (cmp_log'0 x y = C_Equal'0) -end -module M_creusot_contracts__logic__ord__qyi8040194823849327911__cmp_lt_log__refines [#"../../../creusot-contracts/src/logic/ord.rs" 135 8 135 39] (* *) - let%span sord0 = "../../../creusot-contracts/src/logic/ord.rs" 135 8 135 39 - let%span sord1 = "../../../creusot-contracts/src/logic/ord.rs" 186 16 192 17 + [%#sindex5] Seq.get (view'2 self) ix - use prelude.prelude.Int16 + function to_ref_seq'0 [#"../../../creusot-contracts/src/std/slice.rs" 98 4 98 35] (self : slice t_T'0) : Seq.seq t_T'0 - use prelude.prelude.Int + axiom to_ref_seq'0_spec : forall self : slice t_T'0 . ([%#sslice2] Seq.length (to_ref_seq'0 self) + = Seq.length (view'1 self)) + && ([%#sslice3] forall i : int . 0 <= i /\ i < Seq.length (to_ref_seq'0 self) + -> Seq.get (to_ref_seq'0 self) i = index_logic'0 self i) - type t_Ordering'0 = - | C_Less'0 - | C_Equal'0 - | C_Greater'0 + use seq.Seq - function cmp_log'0 [#"../../../creusot-contracts/src/logic/ord.rs" 185 12 185 49] (self : int16) (o : int16) : t_Ordering'0 + predicate produces'0 [#"../../../creusot-contracts/src/std/slice.rs" 403 4 403 65] (self : t_Iter'0) (visited : Seq.seq t_T'0) (tl : t_Iter'0) = - [%#sord1] if self < o then C_Less'0 else if self = o then C_Equal'0 else C_Greater'0 + [%#sslice1] to_ref_seq'0 (view'0 self) = Seq.(++) visited (to_ref_seq'0 (view'0 tl)) - goal refines : [%#sord0] forall x : int16 . forall y : int16 . forall result : () . (x < y) - = (cmp_log'0 x y = C_Less'0) -> (x < y) = (cmp_log'0 x y = C_Less'0) + goal refines : [%#sslice0] forall a : t_Iter'0 . forall ab : Seq.seq t_T'0 . forall b : t_Iter'0 . forall bc : Seq.seq t_T'0 . forall c : t_Iter'0 . produces'0 b bc c + /\ produces'0 a ab b + -> produces'0 b bc c + /\ produces'0 a ab b /\ (forall result : () . produces'0 a (Seq.(++) ab bc) c -> produces'0 a (Seq.(++) ab bc) c) end -module M_creusot_contracts__logic__ord__qyi8040194823849327911__antisym2__refines [#"../../../creusot-contracts/src/logic/ord.rs" 169 8 169 37] (* *) - let%span sord0 = "../../../creusot-contracts/src/logic/ord.rs" 169 8 169 37 - let%span sord1 = "../../../creusot-contracts/src/logic/ord.rs" 186 16 192 17 - - use prelude.prelude.Int16 +module M_creusot_contracts__stdqy35z1__slice__qyi8256668011736225471__produces_refl__refines [#"../../../creusot-contracts/src/std/slice.rs" 412 4 412 26] (* as std::iter::Iterator> *) + let%span sslice0 = "../../../creusot-contracts/src/std/slice.rs" 412 4 412 26 + let%span sslice1 = "../../../creusot-contracts/src/std/slice.rs" 405 12 405 66 + let%span sslice2 = "../../../creusot-contracts/src/std/slice.rs" 96 14 96 41 + let%span sslice3 = "../../../creusot-contracts/src/std/slice.rs" 97 14 97 80 + let%span smodel4 = "../../../creusot-contracts/src/model.rs" 92 8 92 22 + let%span sindex5 = "../../../creusot-contracts/src/logic/ops/index.rs" 49 8 49 31 + let%span sslice6 = "../../../creusot-contracts/src/std/slice.rs" 28 14 28 41 + let%span sslice7 = "../../../creusot-contracts/src/std/slice.rs" 29 14 29 42 - type t_Ordering'0 = - | C_Less'0 - | C_Equal'0 - | C_Greater'0 + use prelude.prelude.Opaque - use prelude.prelude.Int + type t_NonNull'0 = + { t_NonNull__pointer'0: opaque_ptr } - function cmp_log'0 [#"../../../creusot-contracts/src/logic/ord.rs" 185 12 185 49] (self : int16) (o : int16) : t_Ordering'0 - - = - [%#sord1] if self < o then C_Less'0 else if self = o then C_Equal'0 else C_Greater'0 + type t_Iter'0 = + { t_Iter__ptr'0: t_NonNull'0; t_Iter__end_or_len'0: opaque_ptr; t_Iter__qy95zmarker'0: () } - goal refines : [%#sord0] forall x : int16 . forall y : int16 . cmp_log'0 x y = C_Greater'0 - -> cmp_log'0 x y = C_Greater'0 /\ (forall result : () . cmp_log'0 y x = C_Less'0 -> cmp_log'0 y x = C_Less'0) -end -module M_creusot_contracts__logic__ord__qyi8040194823849327911__cmp_gt_log__refines [#"../../../creusot-contracts/src/logic/ord.rs" 145 8 145 39] (* *) - let%span sord0 = "../../../creusot-contracts/src/logic/ord.rs" 145 8 145 39 - let%span sord1 = "../../../creusot-contracts/src/logic/ord.rs" 186 16 192 17 + use seq.Seq - use prelude.prelude.Int16 + use prelude.prelude.Borrow - use prelude.prelude.Int + type t_T'0 - type t_Ordering'0 = - | C_Less'0 - | C_Equal'0 - | C_Greater'0 + use seq.Seq - function cmp_log'0 [#"../../../creusot-contracts/src/logic/ord.rs" 185 12 185 49] (self : int16) (o : int16) : t_Ordering'0 - - = - [%#sord1] if self < o then C_Less'0 else if self = o then C_Equal'0 else C_Greater'0 + use prelude.prelude.Slice - goal refines : [%#sord0] forall x : int16 . forall y : int16 . forall result : () . (x > y) - = (cmp_log'0 x y = C_Greater'0) -> (x > y) = (cmp_log'0 x y = C_Greater'0) -end -module M_creusot_contracts__logic__ord__qyi8040194823849327911__antisym1__refines [#"../../../creusot-contracts/src/logic/ord.rs" 163 8 163 37] (* *) - let%span sord0 = "../../../creusot-contracts/src/logic/ord.rs" 163 8 163 37 - let%span sord1 = "../../../creusot-contracts/src/logic/ord.rs" 186 16 192 17 + function view'0 [#"../../../creusot-contracts/src/std/slice.rs" 389 4 389 33] (self : t_Iter'0) : slice t_T'0 - use prelude.prelude.Int16 + use seq.Seq - type t_Ordering'0 = - | C_Less'0 - | C_Equal'0 - | C_Greater'0 + use seq.Seq - use prelude.prelude.Int + use seq.Seq - function cmp_log'0 [#"../../../creusot-contracts/src/logic/ord.rs" 185 12 185 49] (self : int16) (o : int16) : t_Ordering'0 - - = - [%#sord1] if self < o then C_Less'0 else if self = o then C_Equal'0 else C_Greater'0 + use prelude.prelude.UIntSize - goal refines : [%#sord0] forall x : int16 . forall y : int16 . cmp_log'0 x y = C_Less'0 - -> cmp_log'0 x y = C_Less'0 /\ (forall result : () . cmp_log'0 y x = C_Greater'0 -> cmp_log'0 y x = C_Greater'0) -end -module M_creusot_contracts__logic__ord__qyi211457485035727011__cmp_le_log__refines [#"../../../creusot-contracts/src/logic/ord.rs" 130 8 130 39] (* *) - let%span sord0 = "../../../creusot-contracts/src/logic/ord.rs" 130 8 130 39 - let%span sord1 = "../../../creusot-contracts/src/logic/ord.rs" 186 16 192 17 + constant v_MAX'0 : usize = (18446744073709551615 : usize) - use prelude.prelude.Int32 + use prelude.prelude.UIntSize use prelude.prelude.Int - type t_Ordering'0 = - | C_Less'0 - | C_Equal'0 - | C_Greater'0 + use prelude.prelude.Slice - function cmp_log'0 [#"../../../creusot-contracts/src/logic/ord.rs" 185 12 185 49] (self : int32) (o : int32) : t_Ordering'0 - - = - [%#sord1] if self < o then C_Less'0 else if self = o then C_Equal'0 else C_Greater'0 + function view'2 [#"../../../creusot-contracts/src/std/slice.rs" 30 4 30 33] (self : slice t_T'0) : Seq.seq t_T'0 - goal refines : [%#sord0] forall x : int32 . forall y : int32 . forall result : () . (x <= y) - = (cmp_log'0 x y <> C_Greater'0) -> (x <= y) = (cmp_log'0 x y <> C_Greater'0) -end -module M_creusot_contracts__logic__ord__qyi211457485035727011__trans__refines [#"../../../creusot-contracts/src/logic/ord.rs" 157 8 157 56] (* *) - let%span sord0 = "../../../creusot-contracts/src/logic/ord.rs" 157 8 157 56 - let%span sord1 = "../../../creusot-contracts/src/logic/ord.rs" 186 16 192 17 + axiom view'2_spec : forall self : slice t_T'0 . ([%#sslice6] Seq.length (view'2 self) + <= UIntSize.to_int (v_MAX'0 : usize)) + && ([%#sslice7] view'2 self = Slice.id self) - use prelude.prelude.Int32 + function view'1 [#"../../../creusot-contracts/src/model.rs" 91 4 91 33] (self : slice t_T'0) : Seq.seq t_T'0 = + [%#smodel4] view'2 self - type t_Ordering'0 = - | C_Less'0 - | C_Equal'0 - | C_Greater'0 + use seq.Seq - use prelude.prelude.Int + use seq.Seq - function cmp_log'0 [#"../../../creusot-contracts/src/logic/ord.rs" 185 12 185 49] (self : int32) (o : int32) : t_Ordering'0 + function index_logic'0 [@inline:trivial] [#"../../../creusot-contracts/src/logic/ops/index.rs" 48 4 48 47] (self : slice t_T'0) (ix : int) : t_T'0 = - [%#sord1] if self < o then C_Less'0 else if self = o then C_Equal'0 else C_Greater'0 + [%#sindex5] Seq.get (view'2 self) ix - goal refines : [%#sord0] forall x : int32 . forall y : int32 . forall z : int32 . forall o : t_Ordering'0 . cmp_log'0 y z - = o - /\ cmp_log'0 x y = o - -> cmp_log'0 y z = o /\ cmp_log'0 x y = o /\ (forall result : () . cmp_log'0 x z = o -> cmp_log'0 x z = o) -end -module M_creusot_contracts__logic__ord__qyi211457485035727011__cmp_gt_log__refines [#"../../../creusot-contracts/src/logic/ord.rs" 145 8 145 39] (* *) - let%span sord0 = "../../../creusot-contracts/src/logic/ord.rs" 145 8 145 39 - let%span sord1 = "../../../creusot-contracts/src/logic/ord.rs" 186 16 192 17 - - use prelude.prelude.Int32 + function to_ref_seq'0 [#"../../../creusot-contracts/src/std/slice.rs" 98 4 98 35] (self : slice t_T'0) : Seq.seq t_T'0 - use prelude.prelude.Int + axiom to_ref_seq'0_spec : forall self : slice t_T'0 . ([%#sslice2] Seq.length (to_ref_seq'0 self) + = Seq.length (view'1 self)) + && ([%#sslice3] forall i : int . 0 <= i /\ i < Seq.length (to_ref_seq'0 self) + -> Seq.get (to_ref_seq'0 self) i = index_logic'0 self i) - type t_Ordering'0 = - | C_Less'0 - | C_Equal'0 - | C_Greater'0 + use seq.Seq - function cmp_log'0 [#"../../../creusot-contracts/src/logic/ord.rs" 185 12 185 49] (self : int32) (o : int32) : t_Ordering'0 + predicate produces'0 [#"../../../creusot-contracts/src/std/slice.rs" 403 4 403 65] (self : t_Iter'0) (visited : Seq.seq t_T'0) (tl : t_Iter'0) = - [%#sord1] if self < o then C_Less'0 else if self = o then C_Equal'0 else C_Greater'0 + [%#sslice1] to_ref_seq'0 (view'0 self) = Seq.(++) visited (to_ref_seq'0 (view'0 tl)) - goal refines : [%#sord0] forall x : int32 . forall y : int32 . forall result : () . (x > y) - = (cmp_log'0 x y = C_Greater'0) -> (x > y) = (cmp_log'0 x y = C_Greater'0) + goal refines : [%#sslice0] forall self : t_Iter'0 . forall result : () . produces'0 self (Seq.empty : Seq.seq t_T'0) self + -> produces'0 self (Seq.empty : Seq.seq t_T'0) self end -module M_creusot_contracts__logic__ord__qyi211457485035727011__cmp_lt_log__refines [#"../../../creusot-contracts/src/logic/ord.rs" 135 8 135 39] (* *) - let%span sord0 = "../../../creusot-contracts/src/logic/ord.rs" 135 8 135 39 - let%span sord1 = "../../../creusot-contracts/src/logic/ord.rs" 186 16 192 17 - - use prelude.prelude.Int32 +module M_creusot_contracts__stdqy35z1__slice__qyi7128337469104663169__produces_refl__refines [#"../../../creusot-contracts/src/std/slice.rs" 466 4 466 26] (* as std::iter::Iterator> *) + let%span sslice0 = "../../../creusot-contracts/src/std/slice.rs" 466 4 466 26 + let%span sslice1 = "../../../creusot-contracts/src/std/slice.rs" 459 12 459 66 + let%span sslice2 = "../../../creusot-contracts/src/std/slice.rs" 427 14 427 50 + let%span sslice3 = "../../../creusot-contracts/src/std/slice.rs" 87 14 87 41 + let%span sslice4 = "../../../creusot-contracts/src/std/slice.rs" 88 14 88 84 + let%span sslice5 = "../../../creusot-contracts/src/std/slice.rs" 28 14 28 41 + let%span sslice6 = "../../../creusot-contracts/src/std/slice.rs" 29 14 29 42 + let%span smodel7 = "../../../creusot-contracts/src/model.rs" 110 8 110 22 + let%span sindex8 = "../../../creusot-contracts/src/logic/ops/index.rs" 49 8 49 31 - use prelude.prelude.Int + use prelude.prelude.Opaque - type t_Ordering'0 = - | C_Less'0 - | C_Equal'0 - | C_Greater'0 + type t_NonNull'0 = + { t_NonNull__pointer'0: opaque_ptr } - function cmp_log'0 [#"../../../creusot-contracts/src/logic/ord.rs" 185 12 185 49] (self : int32) (o : int32) : t_Ordering'0 - - = - [%#sord1] if self < o then C_Less'0 else if self = o then C_Equal'0 else C_Greater'0 + type t_IterMut'0 = + { t_IterMut__ptr'0: t_NonNull'0; t_IterMut__end_or_len'0: opaque_ptr; t_IterMut__qy95zmarker'0: () } - goal refines : [%#sord0] forall x : int32 . forall y : int32 . forall result : () . (x < y) - = (cmp_log'0 x y = C_Less'0) -> (x < y) = (cmp_log'0 x y = C_Less'0) -end -module M_creusot_contracts__logic__ord__qyi211457485035727011__cmp_ge_log__refines [#"../../../creusot-contracts/src/logic/ord.rs" 140 8 140 39] (* *) - let%span sord0 = "../../../creusot-contracts/src/logic/ord.rs" 140 8 140 39 - let%span sord1 = "../../../creusot-contracts/src/logic/ord.rs" 186 16 192 17 + use seq.Seq - use prelude.prelude.Int32 + use prelude.prelude.Borrow - use prelude.prelude.Int + type t_T'0 - type t_Ordering'0 = - | C_Less'0 - | C_Equal'0 - | C_Greater'0 + use seq.Seq - function cmp_log'0 [#"../../../creusot-contracts/src/logic/ord.rs" 185 12 185 49] (self : int32) (o : int32) : t_Ordering'0 - - = - [%#sord1] if self < o then C_Less'0 else if self = o then C_Equal'0 else C_Greater'0 + use seq.Seq - goal refines : [%#sord0] forall x : int32 . forall y : int32 . forall result : () . (x >= y) - = (cmp_log'0 x y <> C_Less'0) -> (x >= y) = (cmp_log'0 x y <> C_Less'0) -end -module M_creusot_contracts__logic__ord__qyi211457485035727011__antisym1__refines [#"../../../creusot-contracts/src/logic/ord.rs" 163 8 163 37] (* *) - let%span sord0 = "../../../creusot-contracts/src/logic/ord.rs" 163 8 163 37 - let%span sord1 = "../../../creusot-contracts/src/logic/ord.rs" 186 16 192 17 + use prelude.prelude.UIntSize - use prelude.prelude.Int32 + constant v_MAX'0 : usize = (18446744073709551615 : usize) - type t_Ordering'0 = - | C_Less'0 - | C_Equal'0 - | C_Greater'0 + use prelude.prelude.UIntSize use prelude.prelude.Int - function cmp_log'0 [#"../../../creusot-contracts/src/logic/ord.rs" 185 12 185 49] (self : int32) (o : int32) : t_Ordering'0 - - = - [%#sord1] if self < o then C_Less'0 else if self = o then C_Equal'0 else C_Greater'0 + use prelude.prelude.Slice - goal refines : [%#sord0] forall x : int32 . forall y : int32 . cmp_log'0 x y = C_Less'0 - -> cmp_log'0 x y = C_Less'0 /\ (forall result : () . cmp_log'0 y x = C_Greater'0 -> cmp_log'0 y x = C_Greater'0) -end -module M_creusot_contracts__logic__ord__qyi211457485035727011__antisym2__refines [#"../../../creusot-contracts/src/logic/ord.rs" 169 8 169 37] (* *) - let%span sord0 = "../../../creusot-contracts/src/logic/ord.rs" 169 8 169 37 - let%span sord1 = "../../../creusot-contracts/src/logic/ord.rs" 186 16 192 17 + use prelude.prelude.Slice - use prelude.prelude.Int32 + use seq.Seq - type t_Ordering'0 = - | C_Less'0 - | C_Equal'0 - | C_Greater'0 + function view'1 [#"../../../creusot-contracts/src/std/slice.rs" 30 4 30 33] (self : slice t_T'0) : Seq.seq t_T'0 - use prelude.prelude.Int + axiom view'1_spec : forall self : slice t_T'0 . ([%#sslice5] Seq.length (view'1 self) + <= UIntSize.to_int (v_MAX'0 : usize)) + && ([%#sslice6] view'1 self = Slice.id self) - function cmp_log'0 [#"../../../creusot-contracts/src/logic/ord.rs" 185 12 185 49] (self : int32) (o : int32) : t_Ordering'0 + function view'0 [#"../../../creusot-contracts/src/std/slice.rs" 428 4 428 33] (self : t_IterMut'0) : borrowed (slice t_T'0) - = - [%#sord1] if self < o then C_Less'0 else if self = o then C_Equal'0 else C_Greater'0 - - goal refines : [%#sord0] forall x : int32 . forall y : int32 . cmp_log'0 x y = C_Greater'0 - -> cmp_log'0 x y = C_Greater'0 /\ (forall result : () . cmp_log'0 y x = C_Less'0 -> cmp_log'0 y x = C_Less'0) -end -module M_creusot_contracts__logic__ord__qyi211457485035727011__refl__refines [#"../../../creusot-contracts/src/logic/ord.rs" 150 8 150 24] (* *) - let%span sord0 = "../../../creusot-contracts/src/logic/ord.rs" 150 8 150 24 - let%span sord1 = "../../../creusot-contracts/src/logic/ord.rs" 186 16 192 17 - - use prelude.prelude.Int32 - type t_Ordering'0 = - | C_Less'0 - | C_Equal'0 - | C_Greater'0 + axiom view'0_spec : forall self : t_IterMut'0 . [%#sslice2] Seq.length (view'1 (view'0 self).final) + = Seq.length (view'1 (view'0 self).current) - use prelude.prelude.Int + use seq.Seq - function cmp_log'0 [#"../../../creusot-contracts/src/logic/ord.rs" 185 12 185 49] (self : int32) (o : int32) : t_Ordering'0 + function view'2 [#"../../../creusot-contracts/src/model.rs" 109 4 109 33] (self : borrowed (slice t_T'0)) : Seq.seq t_T'0 = - [%#sord1] if self < o then C_Less'0 else if self = o then C_Equal'0 else C_Greater'0 - - goal refines : [%#sord0] forall x : int32 . forall result : () . cmp_log'0 x x = C_Equal'0 - -> cmp_log'0 x x = C_Equal'0 -end -module M_creusot_contracts__logic__ord__qyi211457485035727011__eq_cmp__refines [#"../../../creusot-contracts/src/logic/ord.rs" 174 8 174 35] (* *) - let%span sord0 = "../../../creusot-contracts/src/logic/ord.rs" 174 8 174 35 - let%span sord1 = "../../../creusot-contracts/src/logic/ord.rs" 186 16 192 17 - - use prelude.prelude.Int32 + [%#smodel7] view'1 self.current - type t_Ordering'0 = - | C_Less'0 - | C_Equal'0 - | C_Greater'0 + use seq.Seq - use prelude.prelude.Int + use seq.Seq - function cmp_log'0 [#"../../../creusot-contracts/src/logic/ord.rs" 185 12 185 49] (self : int32) (o : int32) : t_Ordering'0 + function index_logic'0 [@inline:trivial] [#"../../../creusot-contracts/src/logic/ops/index.rs" 48 4 48 47] (self : slice t_T'0) (ix : int) : t_T'0 = - [%#sord1] if self < o then C_Less'0 else if self = o then C_Equal'0 else C_Greater'0 - - goal refines : [%#sord0] forall x : int32 . forall y : int32 . forall result : () . (x = y) - = (cmp_log'0 x y = C_Equal'0) -> (x = y) = (cmp_log'0 x y = C_Equal'0) -end -module M_creusot_contracts__logic__ord__qyi2565746305859701215__refl__refines [#"../../../creusot-contracts/src/logic/ord.rs" 150 8 150 24] (* *) - let%span sord0 = "../../../creusot-contracts/src/logic/ord.rs" 150 8 150 24 - let%span sord1 = "../../../creusot-contracts/src/logic/ord.rs" 186 16 192 17 + [%#sindex8] Seq.get (view'1 self) ix - use prelude.prelude.Int64 + function to_mut_seq'0 [#"../../../creusot-contracts/src/std/slice.rs" 90 4 90 43] (self : borrowed (slice t_T'0)) : Seq.seq (borrowed t_T'0) + - type t_Ordering'0 = - | C_Less'0 - | C_Equal'0 - | C_Greater'0 + axiom to_mut_seq'0_spec : forall self : borrowed (slice t_T'0) . ([%#sslice3] Seq.length (to_mut_seq'0 self) + = Seq.length (view'2 self)) + && ([%#sslice4] forall i : int . 0 <= i /\ i < Seq.length (to_mut_seq'0 self) + -> Seq.get (to_mut_seq'0 self) i + = Borrow.borrow_logic (index_logic'0 self.current i) (index_logic'0 self.final i) (Borrow.inherit_id (Borrow.get_id self) i)) - use prelude.prelude.Int + use seq.Seq - function cmp_log'0 [#"../../../creusot-contracts/src/logic/ord.rs" 185 12 185 49] (self : int64) (o : int64) : t_Ordering'0 + predicate produces'0 [#"../../../creusot-contracts/src/std/slice.rs" 457 4 457 65] (self : t_IterMut'0) (visited : Seq.seq (borrowed t_T'0)) (tl : t_IterMut'0) = - [%#sord1] if self < o then C_Less'0 else if self = o then C_Equal'0 else C_Greater'0 + [%#sslice1] to_mut_seq'0 (view'0 self) = Seq.(++) visited (to_mut_seq'0 (view'0 tl)) - goal refines : [%#sord0] forall x : int64 . forall result : () . cmp_log'0 x x = C_Equal'0 - -> cmp_log'0 x x = C_Equal'0 + goal refines : [%#sslice0] forall self : t_IterMut'0 . forall result : () . produces'0 self (Seq.empty : Seq.seq (borrowed t_T'0)) self + -> produces'0 self (Seq.empty : Seq.seq (borrowed t_T'0)) self end -module M_creusot_contracts__logic__ord__qyi2565746305859701215__cmp_lt_log__refines [#"../../../creusot-contracts/src/logic/ord.rs" 135 8 135 39] (* *) - let%span sord0 = "../../../creusot-contracts/src/logic/ord.rs" 135 8 135 39 - let%span sord1 = "../../../creusot-contracts/src/logic/ord.rs" 186 16 192 17 +module M_creusot_contracts__stdqy35z1__slice__qyi7128337469104663169__produces_trans__refines [#"../../../creusot-contracts/src/std/slice.rs" 473 4 473 90] (* as std::iter::Iterator> *) + let%span sslice0 = "../../../creusot-contracts/src/std/slice.rs" 473 4 473 90 + let%span sslice1 = "../../../creusot-contracts/src/std/slice.rs" 459 12 459 66 + let%span sslice2 = "../../../creusot-contracts/src/std/slice.rs" 427 14 427 50 + let%span sslice3 = "../../../creusot-contracts/src/std/slice.rs" 87 14 87 41 + let%span sslice4 = "../../../creusot-contracts/src/std/slice.rs" 88 14 88 84 + let%span sslice5 = "../../../creusot-contracts/src/std/slice.rs" 28 14 28 41 + let%span sslice6 = "../../../creusot-contracts/src/std/slice.rs" 29 14 29 42 + let%span smodel7 = "../../../creusot-contracts/src/model.rs" 110 8 110 22 + let%span sindex8 = "../../../creusot-contracts/src/logic/ops/index.rs" 49 8 49 31 - use prelude.prelude.Int64 + use prelude.prelude.Opaque - use prelude.prelude.Int + type t_NonNull'0 = + { t_NonNull__pointer'0: opaque_ptr } - type t_Ordering'0 = - | C_Less'0 - | C_Equal'0 - | C_Greater'0 + type t_IterMut'0 = + { t_IterMut__ptr'0: t_NonNull'0; t_IterMut__end_or_len'0: opaque_ptr; t_IterMut__qy95zmarker'0: () } - function cmp_log'0 [#"../../../creusot-contracts/src/logic/ord.rs" 185 12 185 49] (self : int64) (o : int64) : t_Ordering'0 - - = - [%#sord1] if self < o then C_Less'0 else if self = o then C_Equal'0 else C_Greater'0 + use prelude.prelude.Borrow - goal refines : [%#sord0] forall x : int64 . forall y : int64 . forall result : () . (x < y) - = (cmp_log'0 x y = C_Less'0) -> (x < y) = (cmp_log'0 x y = C_Less'0) -end -module M_creusot_contracts__logic__ord__qyi2565746305859701215__antisym1__refines [#"../../../creusot-contracts/src/logic/ord.rs" 163 8 163 37] (* *) - let%span sord0 = "../../../creusot-contracts/src/logic/ord.rs" 163 8 163 37 - let%span sord1 = "../../../creusot-contracts/src/logic/ord.rs" 186 16 192 17 + type t_T'0 - use prelude.prelude.Int64 + use seq.Seq - type t_Ordering'0 = - | C_Less'0 - | C_Equal'0 - | C_Greater'0 + use seq.Seq - use prelude.prelude.Int + use prelude.prelude.UIntSize - function cmp_log'0 [#"../../../creusot-contracts/src/logic/ord.rs" 185 12 185 49] (self : int64) (o : int64) : t_Ordering'0 - - = - [%#sord1] if self < o then C_Less'0 else if self = o then C_Equal'0 else C_Greater'0 + constant v_MAX'0 : usize = (18446744073709551615 : usize) - goal refines : [%#sord0] forall x : int64 . forall y : int64 . cmp_log'0 x y = C_Less'0 - -> cmp_log'0 x y = C_Less'0 /\ (forall result : () . cmp_log'0 y x = C_Greater'0 -> cmp_log'0 y x = C_Greater'0) -end -module M_creusot_contracts__logic__ord__qyi2565746305859701215__trans__refines [#"../../../creusot-contracts/src/logic/ord.rs" 157 8 157 56] (* *) - let%span sord0 = "../../../creusot-contracts/src/logic/ord.rs" 157 8 157 56 - let%span sord1 = "../../../creusot-contracts/src/logic/ord.rs" 186 16 192 17 + use prelude.prelude.UIntSize - use prelude.prelude.Int64 + use prelude.prelude.Int - type t_Ordering'0 = - | C_Less'0 - | C_Equal'0 - | C_Greater'0 + use prelude.prelude.Slice - use prelude.prelude.Int + use prelude.prelude.Slice - function cmp_log'0 [#"../../../creusot-contracts/src/logic/ord.rs" 185 12 185 49] (self : int64) (o : int64) : t_Ordering'0 - - = - [%#sord1] if self < o then C_Less'0 else if self = o then C_Equal'0 else C_Greater'0 + use seq.Seq - goal refines : [%#sord0] forall x : int64 . forall y : int64 . forall z : int64 . forall o : t_Ordering'0 . cmp_log'0 y z - = o - /\ cmp_log'0 x y = o - -> cmp_log'0 y z = o /\ cmp_log'0 x y = o /\ (forall result : () . cmp_log'0 x z = o -> cmp_log'0 x z = o) -end -module M_creusot_contracts__logic__ord__qyi2565746305859701215__eq_cmp__refines [#"../../../creusot-contracts/src/logic/ord.rs" 174 8 174 35] (* *) - let%span sord0 = "../../../creusot-contracts/src/logic/ord.rs" 174 8 174 35 - let%span sord1 = "../../../creusot-contracts/src/logic/ord.rs" 186 16 192 17 + function view'1 [#"../../../creusot-contracts/src/std/slice.rs" 30 4 30 33] (self : slice t_T'0) : Seq.seq t_T'0 - use prelude.prelude.Int64 + axiom view'1_spec : forall self : slice t_T'0 . ([%#sslice5] Seq.length (view'1 self) + <= UIntSize.to_int (v_MAX'0 : usize)) + && ([%#sslice6] view'1 self = Slice.id self) - type t_Ordering'0 = - | C_Less'0 - | C_Equal'0 - | C_Greater'0 + function view'0 [#"../../../creusot-contracts/src/std/slice.rs" 428 4 428 33] (self : t_IterMut'0) : borrowed (slice t_T'0) + - use prelude.prelude.Int + axiom view'0_spec : forall self : t_IterMut'0 . [%#sslice2] Seq.length (view'1 (view'0 self).final) + = Seq.length (view'1 (view'0 self).current) - function cmp_log'0 [#"../../../creusot-contracts/src/logic/ord.rs" 185 12 185 49] (self : int64) (o : int64) : t_Ordering'0 + use seq.Seq + + function view'2 [#"../../../creusot-contracts/src/model.rs" 109 4 109 33] (self : borrowed (slice t_T'0)) : Seq.seq t_T'0 = - [%#sord1] if self < o then C_Less'0 else if self = o then C_Equal'0 else C_Greater'0 - - goal refines : [%#sord0] forall x : int64 . forall y : int64 . forall result : () . (x = y) - = (cmp_log'0 x y = C_Equal'0) -> (x = y) = (cmp_log'0 x y = C_Equal'0) -end -module M_creusot_contracts__logic__ord__qyi2565746305859701215__antisym2__refines [#"../../../creusot-contracts/src/logic/ord.rs" 169 8 169 37] (* *) - let%span sord0 = "../../../creusot-contracts/src/logic/ord.rs" 169 8 169 37 - let%span sord1 = "../../../creusot-contracts/src/logic/ord.rs" 186 16 192 17 - - use prelude.prelude.Int64 + [%#smodel7] view'1 self.current - type t_Ordering'0 = - | C_Less'0 - | C_Equal'0 - | C_Greater'0 + use seq.Seq - use prelude.prelude.Int + use seq.Seq - function cmp_log'0 [#"../../../creusot-contracts/src/logic/ord.rs" 185 12 185 49] (self : int64) (o : int64) : t_Ordering'0 + function index_logic'0 [@inline:trivial] [#"../../../creusot-contracts/src/logic/ops/index.rs" 48 4 48 47] (self : slice t_T'0) (ix : int) : t_T'0 = - [%#sord1] if self < o then C_Less'0 else if self = o then C_Equal'0 else C_Greater'0 - - goal refines : [%#sord0] forall x : int64 . forall y : int64 . cmp_log'0 x y = C_Greater'0 - -> cmp_log'0 x y = C_Greater'0 /\ (forall result : () . cmp_log'0 y x = C_Less'0 -> cmp_log'0 y x = C_Less'0) -end -module M_creusot_contracts__logic__ord__qyi2565746305859701215__cmp_gt_log__refines [#"../../../creusot-contracts/src/logic/ord.rs" 145 8 145 39] (* *) - let%span sord0 = "../../../creusot-contracts/src/logic/ord.rs" 145 8 145 39 - let%span sord1 = "../../../creusot-contracts/src/logic/ord.rs" 186 16 192 17 + [%#sindex8] Seq.get (view'1 self) ix - use prelude.prelude.Int64 + function to_mut_seq'0 [#"../../../creusot-contracts/src/std/slice.rs" 90 4 90 43] (self : borrowed (slice t_T'0)) : Seq.seq (borrowed t_T'0) + - use prelude.prelude.Int + axiom to_mut_seq'0_spec : forall self : borrowed (slice t_T'0) . ([%#sslice3] Seq.length (to_mut_seq'0 self) + = Seq.length (view'2 self)) + && ([%#sslice4] forall i : int . 0 <= i /\ i < Seq.length (to_mut_seq'0 self) + -> Seq.get (to_mut_seq'0 self) i + = Borrow.borrow_logic (index_logic'0 self.current i) (index_logic'0 self.final i) (Borrow.inherit_id (Borrow.get_id self) i)) - type t_Ordering'0 = - | C_Less'0 - | C_Equal'0 - | C_Greater'0 + use seq.Seq - function cmp_log'0 [#"../../../creusot-contracts/src/logic/ord.rs" 185 12 185 49] (self : int64) (o : int64) : t_Ordering'0 + predicate produces'0 [#"../../../creusot-contracts/src/std/slice.rs" 457 4 457 65] (self : t_IterMut'0) (visited : Seq.seq (borrowed t_T'0)) (tl : t_IterMut'0) = - [%#sord1] if self < o then C_Less'0 else if self = o then C_Equal'0 else C_Greater'0 + [%#sslice1] to_mut_seq'0 (view'0 self) = Seq.(++) visited (to_mut_seq'0 (view'0 tl)) - goal refines : [%#sord0] forall x : int64 . forall y : int64 . forall result : () . (x > y) - = (cmp_log'0 x y = C_Greater'0) -> (x > y) = (cmp_log'0 x y = C_Greater'0) + goal refines : [%#sslice0] forall a : t_IterMut'0 . forall ab : Seq.seq (borrowed t_T'0) . forall b : t_IterMut'0 . forall bc : Seq.seq (borrowed t_T'0) . forall c : t_IterMut'0 . produces'0 b bc c + /\ produces'0 a ab b + -> produces'0 b bc c + /\ produces'0 a ab b /\ (forall result : () . produces'0 a (Seq.(++) ab bc) c -> produces'0 a (Seq.(++) ab bc) c) end -module M_creusot_contracts__logic__ord__qyi2565746305859701215__cmp_le_log__refines [#"../../../creusot-contracts/src/logic/ord.rs" 130 8 130 39] (* *) - let%span sord0 = "../../../creusot-contracts/src/logic/ord.rs" 130 8 130 39 - let%span sord1 = "../../../creusot-contracts/src/logic/ord.rs" 186 16 192 17 +module M_creusot_contracts__stdqy35z1__vec__qyi12862303518309667396__produces_trans__refines [#"../../../creusot-contracts/src/std/vec.rs" 278 4 278 72] (* as std::iter::Iterator> *) + let%span svec0 = "../../../creusot-contracts/src/std/vec.rs" 278 4 278 72 + let%span svec1 = "../../../creusot-contracts/src/std/vec.rs" 264 12 264 41 - use prelude.prelude.Int64 + use prelude.prelude.Opaque - use prelude.prelude.Int + type t_NonNull'0 = + { t_NonNull__pointer'0: opaque_ptr } - type t_Ordering'0 = - | C_Less'0 - | C_Equal'0 - | C_Greater'0 + use prelude.prelude.UIntSize - function cmp_log'0 [#"../../../creusot-contracts/src/logic/ord.rs" 185 12 185 49] (self : int64) (o : int64) : t_Ordering'0 - - = - [%#sord1] if self < o then C_Less'0 else if self = o then C_Equal'0 else C_Greater'0 + type t_A'0 - goal refines : [%#sord0] forall x : int64 . forall y : int64 . forall result : () . (x <= y) - = (cmp_log'0 x y <> C_Greater'0) -> (x <= y) = (cmp_log'0 x y <> C_Greater'0) -end -module M_creusot_contracts__logic__ord__qyi2565746305859701215__cmp_ge_log__refines [#"../../../creusot-contracts/src/logic/ord.rs" 140 8 140 39] (* *) - let%span sord0 = "../../../creusot-contracts/src/logic/ord.rs" 140 8 140 39 - let%span sord1 = "../../../creusot-contracts/src/logic/ord.rs" 186 16 192 17 + type t_ManuallyDrop'0 = + { t_ManuallyDrop__value'0: t_A'0 } - use prelude.prelude.Int64 + type t_IntoIter'0 = + { t_IntoIter__buf'0: t_NonNull'0; + t_IntoIter__phantom'0: (); + t_IntoIter__cap'0: usize; + t_IntoIter__alloc'0: t_ManuallyDrop'0; + t_IntoIter__ptr'0: t_NonNull'0; + t_IntoIter__end'0: opaque_ptr } - use prelude.prelude.Int + type t_T'0 - type t_Ordering'0 = - | C_Less'0 - | C_Equal'0 - | C_Greater'0 + use seq.Seq - function cmp_log'0 [#"../../../creusot-contracts/src/logic/ord.rs" 185 12 185 49] (self : int64) (o : int64) : t_Ordering'0 + function view'0 [#"../../../creusot-contracts/src/std/vec.rs" 234 4 234 33] (self : t_IntoIter'0) : Seq.seq t_T'0 + + use seq.Seq + + predicate produces'0 [#"../../../creusot-contracts/src/std/vec.rs" 262 4 262 57] (self : t_IntoIter'0) (visited : Seq.seq t_T'0) (rhs : t_IntoIter'0) = - [%#sord1] if self < o then C_Less'0 else if self = o then C_Equal'0 else C_Greater'0 + [%#svec1] view'0 self = Seq.(++) visited (view'0 rhs) - goal refines : [%#sord0] forall x : int64 . forall y : int64 . forall result : () . (x >= y) - = (cmp_log'0 x y <> C_Less'0) -> (x >= y) = (cmp_log'0 x y <> C_Less'0) + goal refines : [%#svec0] forall a : t_IntoIter'0 . forall ab : Seq.seq t_T'0 . forall b : t_IntoIter'0 . forall bc : Seq.seq t_T'0 . forall c : t_IntoIter'0 . produces'0 b bc c + /\ produces'0 a ab b + -> produces'0 b bc c + /\ produces'0 a ab b /\ (forall result : () . produces'0 a (Seq.(++) ab bc) c -> produces'0 a (Seq.(++) ab bc) c) end -module M_creusot_contracts__logic__ord__qyi2364657485180829964__antisym1__refines [#"../../../creusot-contracts/src/logic/ord.rs" 163 8 163 37] (* *) - let%span sord0 = "../../../creusot-contracts/src/logic/ord.rs" 163 8 163 37 - let%span sord1 = "../../../creusot-contracts/src/logic/ord.rs" 186 16 192 17 - - use prelude.prelude.Int128 - - type t_Ordering'0 = - | C_Less'0 - | C_Equal'0 - | C_Greater'0 +module M_creusot_contracts__stdqy35z1__vec__qyi12862303518309667396__produces_refl__refines [#"../../../creusot-contracts/src/std/vec.rs" 271 4 271 26] (* as std::iter::Iterator> *) + let%span svec0 = "../../../creusot-contracts/src/std/vec.rs" 271 4 271 26 + let%span svec1 = "../../../creusot-contracts/src/std/vec.rs" 264 12 264 41 - use prelude.prelude.Int + use prelude.prelude.Opaque - function cmp_log'0 [#"../../../creusot-contracts/src/logic/ord.rs" 185 12 185 49] (self : int128) (o : int128) : t_Ordering'0 - - = - [%#sord1] if self < o then C_Less'0 else if self = o then C_Equal'0 else C_Greater'0 + type t_NonNull'0 = + { t_NonNull__pointer'0: opaque_ptr } - goal refines : [%#sord0] forall x : int128 . forall y : int128 . cmp_log'0 x y = C_Less'0 - -> cmp_log'0 x y = C_Less'0 /\ (forall result : () . cmp_log'0 y x = C_Greater'0 -> cmp_log'0 y x = C_Greater'0) -end -module M_creusot_contracts__logic__ord__qyi2364657485180829964__eq_cmp__refines [#"../../../creusot-contracts/src/logic/ord.rs" 174 8 174 35] (* *) - let%span sord0 = "../../../creusot-contracts/src/logic/ord.rs" 174 8 174 35 - let%span sord1 = "../../../creusot-contracts/src/logic/ord.rs" 186 16 192 17 + use prelude.prelude.UIntSize - use prelude.prelude.Int128 + type t_A'0 - type t_Ordering'0 = - | C_Less'0 - | C_Equal'0 - | C_Greater'0 + type t_ManuallyDrop'0 = + { t_ManuallyDrop__value'0: t_A'0 } - use prelude.prelude.Int + type t_IntoIter'0 = + { t_IntoIter__buf'0: t_NonNull'0; + t_IntoIter__phantom'0: (); + t_IntoIter__cap'0: usize; + t_IntoIter__alloc'0: t_ManuallyDrop'0; + t_IntoIter__ptr'0: t_NonNull'0; + t_IntoIter__end'0: opaque_ptr } - function cmp_log'0 [#"../../../creusot-contracts/src/logic/ord.rs" 185 12 185 49] (self : int128) (o : int128) : t_Ordering'0 - - = - [%#sord1] if self < o then C_Less'0 else if self = o then C_Equal'0 else C_Greater'0 + use seq.Seq - goal refines : [%#sord0] forall x : int128 . forall y : int128 . forall result : () . (x = y) - = (cmp_log'0 x y = C_Equal'0) -> (x = y) = (cmp_log'0 x y = C_Equal'0) -end -module M_creusot_contracts__logic__ord__qyi2364657485180829964__antisym2__refines [#"../../../creusot-contracts/src/logic/ord.rs" 169 8 169 37] (* *) - let%span sord0 = "../../../creusot-contracts/src/logic/ord.rs" 169 8 169 37 - let%span sord1 = "../../../creusot-contracts/src/logic/ord.rs" 186 16 192 17 + type t_T'0 - use prelude.prelude.Int128 + use seq.Seq - type t_Ordering'0 = - | C_Less'0 - | C_Equal'0 - | C_Greater'0 + function view'0 [#"../../../creusot-contracts/src/std/vec.rs" 234 4 234 33] (self : t_IntoIter'0) : Seq.seq t_T'0 - use prelude.prelude.Int + use seq.Seq - function cmp_log'0 [#"../../../creusot-contracts/src/logic/ord.rs" 185 12 185 49] (self : int128) (o : int128) : t_Ordering'0 + predicate produces'0 [#"../../../creusot-contracts/src/std/vec.rs" 262 4 262 57] (self : t_IntoIter'0) (visited : Seq.seq t_T'0) (rhs : t_IntoIter'0) = - [%#sord1] if self < o then C_Less'0 else if self = o then C_Equal'0 else C_Greater'0 + [%#svec1] view'0 self = Seq.(++) visited (view'0 rhs) - goal refines : [%#sord0] forall x : int128 . forall y : int128 . cmp_log'0 x y = C_Greater'0 - -> cmp_log'0 x y = C_Greater'0 /\ (forall result : () . cmp_log'0 y x = C_Less'0 -> cmp_log'0 y x = C_Less'0) + goal refines : [%#svec0] forall self : t_IntoIter'0 . forall result : () . produces'0 self (Seq.empty : Seq.seq t_T'0) self + -> produces'0 self (Seq.empty : Seq.seq t_T'0) self end -module M_creusot_contracts__logic__ord__qyi2364657485180829964__cmp_gt_log__refines [#"../../../creusot-contracts/src/logic/ord.rs" 145 8 145 39] (* *) - let%span sord0 = "../../../creusot-contracts/src/logic/ord.rs" 145 8 145 39 - let%span sord1 = "../../../creusot-contracts/src/logic/ord.rs" 186 16 192 17 +module M_creusot_contracts__stdqy35z1__cmp__qyi16241606109483467814__cmp_lt_log__refines [#"../../../creusot-contracts/src/std/cmp.rs" 93 4 93 35] (* as logic::ord::OrdLogic> *) + let%span scmp0 = "../../../creusot-contracts/src/std/cmp.rs" 93 4 93 35 + let%span sord1 = "../../../creusot-contracts/src/logic/ord.rs" 36 20 36 53 + let%span scmp2 = "../../../creusot-contracts/src/std/cmp.rs" 78 8 82 9 + let%span sord3 = "../../../creusot-contracts/src/logic/ord.rs" 29 14 29 64 + let%span sord4 = "../../../creusot-contracts/src/logic/ord.rs" 40 14 40 61 + let%span sord5 = "../../../creusot-contracts/src/logic/ord.rs" 51 14 51 61 + let%span sord6 = "../../../creusot-contracts/src/logic/ord.rs" 62 14 62 64 + let%span sord7 = "../../../creusot-contracts/src/logic/ord.rs" 67 14 67 45 + let%span sord8 = "../../../creusot-contracts/src/logic/ord.rs" 72 15 72 32 + let%span sord9 = "../../../creusot-contracts/src/logic/ord.rs" 73 15 73 32 + let%span sord10 = "../../../creusot-contracts/src/logic/ord.rs" 74 14 74 31 + let%span sord11 = "../../../creusot-contracts/src/logic/ord.rs" 81 15 81 45 + let%span sord12 = "../../../creusot-contracts/src/logic/ord.rs" 82 14 82 47 + let%span sord13 = "../../../creusot-contracts/src/logic/ord.rs" 89 15 89 48 + let%span sord14 = "../../../creusot-contracts/src/logic/ord.rs" 90 14 90 44 + let%span sord15 = "../../../creusot-contracts/src/logic/ord.rs" 95 14 95 59 - use prelude.prelude.Int128 + type t_T'0 - use prelude.prelude.Int + type t_Reverse'0 = + { t_Reverse__0'0: t_T'0 } type t_Ordering'0 = | C_Less'0 | C_Equal'0 | C_Greater'0 - function cmp_log'0 [#"../../../creusot-contracts/src/logic/ord.rs" 185 12 185 49] (self : int128) (o : int128) : t_Ordering'0 + function cmp_log'1 [#"../../../creusot-contracts/src/logic/ord.rs" 19 4 19 46] (self : t_T'0) (other : t_T'0) : t_Ordering'0 - = - [%#sord1] if self < o then C_Less'0 else if self = o then C_Equal'0 else C_Greater'0 - goal refines : [%#sord0] forall x : int128 . forall y : int128 . forall result : () . (x > y) - = (cmp_log'0 x y = C_Greater'0) -> (x > y) = (cmp_log'0 x y = C_Greater'0) -end -module M_creusot_contracts__logic__ord__qyi2364657485180829964__refl__refines [#"../../../creusot-contracts/src/logic/ord.rs" 150 8 150 24] (* *) - let%span sord0 = "../../../creusot-contracts/src/logic/ord.rs" 150 8 150 24 - let%span sord1 = "../../../creusot-contracts/src/logic/ord.rs" 186 16 192 17 + function eq_cmp'0 [#"../../../creusot-contracts/src/logic/ord.rs" 96 4 96 32] (x : t_T'0) (y : t_T'0) : () - use prelude.prelude.Int128 + axiom eq_cmp'0_spec : forall x : t_T'0, y : t_T'0 . [%#sord15] (x = y) = (cmp_log'1 x y = C_Equal'0) - type t_Ordering'0 = - | C_Less'0 - | C_Equal'0 - | C_Greater'0 + function antisym2'0 [#"../../../creusot-contracts/src/logic/ord.rs" 91 4 91 34] (x : t_T'0) (y : t_T'0) : () - use prelude.prelude.Int + axiom antisym2'0_spec : forall x : t_T'0, y : t_T'0 . ([%#sord13] cmp_log'1 x y = C_Greater'0) + -> ([%#sord14] cmp_log'1 y x = C_Less'0) - function cmp_log'0 [#"../../../creusot-contracts/src/logic/ord.rs" 185 12 185 49] (self : int128) (o : int128) : t_Ordering'0 + function antisym1'0 [#"../../../creusot-contracts/src/logic/ord.rs" 83 4 83 34] (x : t_T'0) (y : t_T'0) : () + + axiom antisym1'0_spec : forall x : t_T'0, y : t_T'0 . ([%#sord11] cmp_log'1 x y = C_Less'0) + -> ([%#sord12] cmp_log'1 y x = C_Greater'0) + + function trans'0 [#"../../../creusot-contracts/src/logic/ord.rs" 75 4 75 53] (x : t_T'0) (y : t_T'0) (z : t_T'0) (o : t_Ordering'0) : () - = - [%#sord1] if self < o then C_Less'0 else if self = o then C_Equal'0 else C_Greater'0 - goal refines : [%#sord0] forall x : int128 . forall result : () . cmp_log'0 x x = C_Equal'0 - -> cmp_log'0 x x = C_Equal'0 -end -module M_creusot_contracts__logic__ord__qyi2364657485180829964__cmp_ge_log__refines [#"../../../creusot-contracts/src/logic/ord.rs" 140 8 140 39] (* *) - let%span sord0 = "../../../creusot-contracts/src/logic/ord.rs" 140 8 140 39 - let%span sord1 = "../../../creusot-contracts/src/logic/ord.rs" 186 16 192 17 + axiom trans'0_spec : forall x : t_T'0, y : t_T'0, z : t_T'0, o : t_Ordering'0 . ([%#sord8] cmp_log'1 x y = o) + -> ([%#sord9] cmp_log'1 y z = o) -> ([%#sord10] cmp_log'1 x z = o) - use prelude.prelude.Int128 + function refl'0 [#"../../../creusot-contracts/src/logic/ord.rs" 68 4 68 21] (x : t_T'0) : () - use prelude.prelude.Int + axiom refl'0_spec : forall x : t_T'0 . [%#sord7] cmp_log'1 x x = C_Equal'0 - type t_Ordering'0 = - | C_Less'0 - | C_Equal'0 - | C_Greater'0 + function gt_log'0 [#"../../../creusot-contracts/src/logic/ord.rs" 57 4 57 36] (self : t_T'0) (o : t_T'0) : bool - function cmp_log'0 [#"../../../creusot-contracts/src/logic/ord.rs" 185 12 185 49] (self : int128) (o : int128) : t_Ordering'0 - - = - [%#sord1] if self < o then C_Less'0 else if self = o then C_Equal'0 else C_Greater'0 + function cmp_gt_log'0 [#"../../../creusot-contracts/src/logic/ord.rs" 63 4 63 36] (x : t_T'0) (y : t_T'0) : () - goal refines : [%#sord0] forall x : int128 . forall y : int128 . forall result : () . (x >= y) - = (cmp_log'0 x y <> C_Less'0) -> (x >= y) = (cmp_log'0 x y <> C_Less'0) -end -module M_creusot_contracts__logic__ord__qyi2364657485180829964__cmp_lt_log__refines [#"../../../creusot-contracts/src/logic/ord.rs" 135 8 135 39] (* *) - let%span sord0 = "../../../creusot-contracts/src/logic/ord.rs" 135 8 135 39 - let%span sord1 = "../../../creusot-contracts/src/logic/ord.rs" 186 16 192 17 + axiom cmp_gt_log'0_spec : forall x : t_T'0, y : t_T'0 . [%#sord6] gt_log'0 x y = (cmp_log'1 x y = C_Greater'0) - use prelude.prelude.Int128 + function ge_log'0 [#"../../../creusot-contracts/src/logic/ord.rs" 46 4 46 36] (self : t_T'0) (o : t_T'0) : bool - use prelude.prelude.Int + function cmp_ge_log'0 [#"../../../creusot-contracts/src/logic/ord.rs" 52 4 52 36] (x : t_T'0) (y : t_T'0) : () - type t_Ordering'0 = - | C_Less'0 - | C_Equal'0 - | C_Greater'0 + axiom cmp_ge_log'0_spec : forall x : t_T'0, y : t_T'0 . [%#sord5] ge_log'0 x y = (cmp_log'1 x y <> C_Less'0) - function cmp_log'0 [#"../../../creusot-contracts/src/logic/ord.rs" 185 12 185 49] (self : int128) (o : int128) : t_Ordering'0 + function lt_log'1 [#"../../../creusot-contracts/src/logic/ord.rs" 35 4 35 36] (self : t_T'0) (o : t_T'0) : bool + + function cmp_lt_log'1 [#"../../../creusot-contracts/src/logic/ord.rs" 41 4 41 36] (x : t_T'0) (y : t_T'0) : () + + axiom cmp_lt_log'1_spec : forall x : t_T'0, y : t_T'0 . [%#sord4] lt_log'1 x y = (cmp_log'1 x y = C_Less'0) + + function le_log'0 [#"../../../creusot-contracts/src/logic/ord.rs" 24 4 24 36] (self : t_T'0) (o : t_T'0) : bool + + function cmp_le_log'0 [#"../../../creusot-contracts/src/logic/ord.rs" 30 4 30 36] (x : t_T'0) (y : t_T'0) : () + + axiom cmp_le_log'0_spec : forall x : t_T'0, y : t_T'0 . [%#sord3] le_log'0 x y = (cmp_log'1 x y <> C_Greater'0) + + function cmp_log'0 [#"../../../creusot-contracts/src/std/cmp.rs" 77 4 77 41] (self : t_Reverse'0) (o : t_Reverse'0) : t_Ordering'0 = - [%#sord1] if self < o then C_Less'0 else if self = o then C_Equal'0 else C_Greater'0 + [%#scmp2] match cmp_log'1 self.t_Reverse__0'0 o.t_Reverse__0'0 with + | C_Equal'0 -> C_Equal'0 + | C_Less'0 -> C_Greater'0 + | C_Greater'0 -> C_Less'0 + end - goal refines : [%#sord0] forall x : int128 . forall y : int128 . forall result : () . (x < y) - = (cmp_log'0 x y = C_Less'0) -> (x < y) = (cmp_log'0 x y = C_Less'0) + function lt_log'0 [#"../../../creusot-contracts/src/logic/ord.rs" 35 4 35 36] (self : t_Reverse'0) (o : t_Reverse'0) : bool + + = + [%#sord1] cmp_log'0 self o = C_Less'0 + + goal refines : [%#scmp0] forall x : t_Reverse'0 . forall y : t_Reverse'0 . forall result : () . lt_log'0 x y + = (cmp_log'0 x y = C_Less'0) -> lt_log'0 x y = (cmp_log'0 x y = C_Less'0) end -module M_creusot_contracts__logic__ord__qyi2364657485180829964__cmp_le_log__refines [#"../../../creusot-contracts/src/logic/ord.rs" 130 8 130 39] (* *) - let%span sord0 = "../../../creusot-contracts/src/logic/ord.rs" 130 8 130 39 - let%span sord1 = "../../../creusot-contracts/src/logic/ord.rs" 186 16 192 17 +module M_creusot_contracts__stdqy35z1__cmp__qyi16241606109483467814__antisym1__refines [#"../../../creusot-contracts/src/std/cmp.rs" 121 4 121 33] (* as logic::ord::OrdLogic> *) + let%span scmp0 = "../../../creusot-contracts/src/std/cmp.rs" 121 4 121 33 + let%span scmp1 = "../../../creusot-contracts/src/std/cmp.rs" 78 8 82 9 + let%span sord2 = "../../../creusot-contracts/src/logic/ord.rs" 29 14 29 64 + let%span sord3 = "../../../creusot-contracts/src/logic/ord.rs" 40 14 40 61 + let%span sord4 = "../../../creusot-contracts/src/logic/ord.rs" 51 14 51 61 + let%span sord5 = "../../../creusot-contracts/src/logic/ord.rs" 62 14 62 64 + let%span sord6 = "../../../creusot-contracts/src/logic/ord.rs" 67 14 67 45 + let%span sord7 = "../../../creusot-contracts/src/logic/ord.rs" 72 15 72 32 + let%span sord8 = "../../../creusot-contracts/src/logic/ord.rs" 73 15 73 32 + let%span sord9 = "../../../creusot-contracts/src/logic/ord.rs" 74 14 74 31 + let%span sord10 = "../../../creusot-contracts/src/logic/ord.rs" 81 15 81 45 + let%span sord11 = "../../../creusot-contracts/src/logic/ord.rs" 82 14 82 47 + let%span sord12 = "../../../creusot-contracts/src/logic/ord.rs" 89 15 89 48 + let%span sord13 = "../../../creusot-contracts/src/logic/ord.rs" 90 14 90 44 + let%span sord14 = "../../../creusot-contracts/src/logic/ord.rs" 95 14 95 59 - use prelude.prelude.Int128 + type t_T'0 - use prelude.prelude.Int + type t_Reverse'0 = + { t_Reverse__0'0: t_T'0 } type t_Ordering'0 = | C_Less'0 | C_Equal'0 | C_Greater'0 - function cmp_log'0 [#"../../../creusot-contracts/src/logic/ord.rs" 185 12 185 49] (self : int128) (o : int128) : t_Ordering'0 + function cmp_log'1 [#"../../../creusot-contracts/src/logic/ord.rs" 19 4 19 46] (self : t_T'0) (other : t_T'0) : t_Ordering'0 - = - [%#sord1] if self < o then C_Less'0 else if self = o then C_Equal'0 else C_Greater'0 - goal refines : [%#sord0] forall x : int128 . forall y : int128 . forall result : () . (x <= y) - = (cmp_log'0 x y <> C_Greater'0) -> (x <= y) = (cmp_log'0 x y <> C_Greater'0) -end -module M_creusot_contracts__logic__ord__qyi2364657485180829964__trans__refines [#"../../../creusot-contracts/src/logic/ord.rs" 157 8 157 56] (* *) - let%span sord0 = "../../../creusot-contracts/src/logic/ord.rs" 157 8 157 56 - let%span sord1 = "../../../creusot-contracts/src/logic/ord.rs" 186 16 192 17 + function eq_cmp'0 [#"../../../creusot-contracts/src/logic/ord.rs" 96 4 96 32] (x : t_T'0) (y : t_T'0) : () - use prelude.prelude.Int128 + axiom eq_cmp'0_spec : forall x : t_T'0, y : t_T'0 . [%#sord14] (x = y) = (cmp_log'1 x y = C_Equal'0) - type t_Ordering'0 = - | C_Less'0 - | C_Equal'0 - | C_Greater'0 + function antisym2'0 [#"../../../creusot-contracts/src/logic/ord.rs" 91 4 91 34] (x : t_T'0) (y : t_T'0) : () - use prelude.prelude.Int + axiom antisym2'0_spec : forall x : t_T'0, y : t_T'0 . ([%#sord12] cmp_log'1 x y = C_Greater'0) + -> ([%#sord13] cmp_log'1 y x = C_Less'0) - function cmp_log'0 [#"../../../creusot-contracts/src/logic/ord.rs" 185 12 185 49] (self : int128) (o : int128) : t_Ordering'0 + function antisym1'1 [#"../../../creusot-contracts/src/logic/ord.rs" 83 4 83 34] (x : t_T'0) (y : t_T'0) : () + + axiom antisym1'1_spec : forall x : t_T'0, y : t_T'0 . ([%#sord10] cmp_log'1 x y = C_Less'0) + -> ([%#sord11] cmp_log'1 y x = C_Greater'0) + + function trans'0 [#"../../../creusot-contracts/src/logic/ord.rs" 75 4 75 53] (x : t_T'0) (y : t_T'0) (z : t_T'0) (o : t_Ordering'0) : () - = - [%#sord1] if self < o then C_Less'0 else if self = o then C_Equal'0 else C_Greater'0 - goal refines : [%#sord0] forall x : int128 . forall y : int128 . forall z : int128 . forall o : t_Ordering'0 . cmp_log'0 y z - = o - /\ cmp_log'0 x y = o - -> cmp_log'0 y z = o /\ cmp_log'0 x y = o /\ (forall result : () . cmp_log'0 x z = o -> cmp_log'0 x z = o) -end -module M_creusot_contracts__logic__ord__qyi8047313880300482848__antisym1__refines [#"../../../creusot-contracts/src/logic/ord.rs" 163 8 163 37] (* *) - let%span sord0 = "../../../creusot-contracts/src/logic/ord.rs" 163 8 163 37 - let%span sord1 = "../../../creusot-contracts/src/logic/ord.rs" 186 16 192 17 + axiom trans'0_spec : forall x : t_T'0, y : t_T'0, z : t_T'0, o : t_Ordering'0 . ([%#sord7] cmp_log'1 x y = o) + -> ([%#sord8] cmp_log'1 y z = o) -> ([%#sord9] cmp_log'1 x z = o) - use prelude.prelude.IntSize + function refl'0 [#"../../../creusot-contracts/src/logic/ord.rs" 68 4 68 21] (x : t_T'0) : () - type t_Ordering'0 = - | C_Less'0 - | C_Equal'0 - | C_Greater'0 + axiom refl'0_spec : forall x : t_T'0 . [%#sord6] cmp_log'1 x x = C_Equal'0 - use prelude.prelude.Int + function gt_log'0 [#"../../../creusot-contracts/src/logic/ord.rs" 57 4 57 36] (self : t_T'0) (o : t_T'0) : bool - function cmp_log'0 [#"../../../creusot-contracts/src/logic/ord.rs" 185 12 185 49] (self : isize) (o : isize) : t_Ordering'0 - - = - [%#sord1] if self < o then C_Less'0 else if self = o then C_Equal'0 else C_Greater'0 + function cmp_gt_log'0 [#"../../../creusot-contracts/src/logic/ord.rs" 63 4 63 36] (x : t_T'0) (y : t_T'0) : () - goal refines : [%#sord0] forall x : isize . forall y : isize . cmp_log'0 x y = C_Less'0 - -> cmp_log'0 x y = C_Less'0 /\ (forall result : () . cmp_log'0 y x = C_Greater'0 -> cmp_log'0 y x = C_Greater'0) -end -module M_creusot_contracts__logic__ord__qyi8047313880300482848__antisym2__refines [#"../../../creusot-contracts/src/logic/ord.rs" 169 8 169 37] (* *) - let%span sord0 = "../../../creusot-contracts/src/logic/ord.rs" 169 8 169 37 - let%span sord1 = "../../../creusot-contracts/src/logic/ord.rs" 186 16 192 17 + axiom cmp_gt_log'0_spec : forall x : t_T'0, y : t_T'0 . [%#sord5] gt_log'0 x y = (cmp_log'1 x y = C_Greater'0) - use prelude.prelude.IntSize + function ge_log'0 [#"../../../creusot-contracts/src/logic/ord.rs" 46 4 46 36] (self : t_T'0) (o : t_T'0) : bool - type t_Ordering'0 = - | C_Less'0 - | C_Equal'0 - | C_Greater'0 + function cmp_ge_log'0 [#"../../../creusot-contracts/src/logic/ord.rs" 52 4 52 36] (x : t_T'0) (y : t_T'0) : () - use prelude.prelude.Int + axiom cmp_ge_log'0_spec : forall x : t_T'0, y : t_T'0 . [%#sord4] ge_log'0 x y = (cmp_log'1 x y <> C_Less'0) - function cmp_log'0 [#"../../../creusot-contracts/src/logic/ord.rs" 185 12 185 49] (self : isize) (o : isize) : t_Ordering'0 - - = - [%#sord1] if self < o then C_Less'0 else if self = o then C_Equal'0 else C_Greater'0 + function lt_log'0 [#"../../../creusot-contracts/src/logic/ord.rs" 35 4 35 36] (self : t_T'0) (o : t_T'0) : bool - goal refines : [%#sord0] forall x : isize . forall y : isize . cmp_log'0 x y = C_Greater'0 - -> cmp_log'0 x y = C_Greater'0 /\ (forall result : () . cmp_log'0 y x = C_Less'0 -> cmp_log'0 y x = C_Less'0) -end -module M_creusot_contracts__logic__ord__qyi8047313880300482848__cmp_ge_log__refines [#"../../../creusot-contracts/src/logic/ord.rs" 140 8 140 39] (* *) - let%span sord0 = "../../../creusot-contracts/src/logic/ord.rs" 140 8 140 39 - let%span sord1 = "../../../creusot-contracts/src/logic/ord.rs" 186 16 192 17 + function cmp_lt_log'0 [#"../../../creusot-contracts/src/logic/ord.rs" 41 4 41 36] (x : t_T'0) (y : t_T'0) : () - use prelude.prelude.IntSize + axiom cmp_lt_log'0_spec : forall x : t_T'0, y : t_T'0 . [%#sord3] lt_log'0 x y = (cmp_log'1 x y = C_Less'0) - use prelude.prelude.Int + function le_log'0 [#"../../../creusot-contracts/src/logic/ord.rs" 24 4 24 36] (self : t_T'0) (o : t_T'0) : bool - type t_Ordering'0 = - | C_Less'0 - | C_Equal'0 - | C_Greater'0 + function cmp_le_log'0 [#"../../../creusot-contracts/src/logic/ord.rs" 30 4 30 36] (x : t_T'0) (y : t_T'0) : () - function cmp_log'0 [#"../../../creusot-contracts/src/logic/ord.rs" 185 12 185 49] (self : isize) (o : isize) : t_Ordering'0 + axiom cmp_le_log'0_spec : forall x : t_T'0, y : t_T'0 . [%#sord2] le_log'0 x y = (cmp_log'1 x y <> C_Greater'0) + + function cmp_log'0 [#"../../../creusot-contracts/src/std/cmp.rs" 77 4 77 41] (self : t_Reverse'0) (o : t_Reverse'0) : t_Ordering'0 = - [%#sord1] if self < o then C_Less'0 else if self = o then C_Equal'0 else C_Greater'0 + [%#scmp1] match cmp_log'1 self.t_Reverse__0'0 o.t_Reverse__0'0 with + | C_Equal'0 -> C_Equal'0 + | C_Less'0 -> C_Greater'0 + | C_Greater'0 -> C_Less'0 + end - goal refines : [%#sord0] forall x : isize . forall y : isize . forall result : () . (x >= y) - = (cmp_log'0 x y <> C_Less'0) -> (x >= y) = (cmp_log'0 x y <> C_Less'0) + goal refines : [%#scmp0] forall x : t_Reverse'0 . forall y : t_Reverse'0 . cmp_log'0 x y = C_Less'0 + -> cmp_log'0 x y = C_Less'0 /\ (forall result : () . cmp_log'0 y x = C_Greater'0 -> cmp_log'0 y x = C_Greater'0) end -module M_creusot_contracts__logic__ord__qyi8047313880300482848__cmp_lt_log__refines [#"../../../creusot-contracts/src/logic/ord.rs" 135 8 135 39] (* *) - let%span sord0 = "../../../creusot-contracts/src/logic/ord.rs" 135 8 135 39 - let%span sord1 = "../../../creusot-contracts/src/logic/ord.rs" 186 16 192 17 +module M_creusot_contracts__stdqy35z1__cmp__qyi16241606109483467814__eq_cmp__refines [#"../../../creusot-contracts/src/std/cmp.rs" 132 4 132 31] (* as logic::ord::OrdLogic> *) + let%span scmp0 = "../../../creusot-contracts/src/std/cmp.rs" 132 4 132 31 + let%span scmp1 = "../../../creusot-contracts/src/std/cmp.rs" 78 8 82 9 + let%span sord2 = "../../../creusot-contracts/src/logic/ord.rs" 29 14 29 64 + let%span sord3 = "../../../creusot-contracts/src/logic/ord.rs" 40 14 40 61 + let%span sord4 = "../../../creusot-contracts/src/logic/ord.rs" 51 14 51 61 + let%span sord5 = "../../../creusot-contracts/src/logic/ord.rs" 62 14 62 64 + let%span sord6 = "../../../creusot-contracts/src/logic/ord.rs" 67 14 67 45 + let%span sord7 = "../../../creusot-contracts/src/logic/ord.rs" 72 15 72 32 + let%span sord8 = "../../../creusot-contracts/src/logic/ord.rs" 73 15 73 32 + let%span sord9 = "../../../creusot-contracts/src/logic/ord.rs" 74 14 74 31 + let%span sord10 = "../../../creusot-contracts/src/logic/ord.rs" 81 15 81 45 + let%span sord11 = "../../../creusot-contracts/src/logic/ord.rs" 82 14 82 47 + let%span sord12 = "../../../creusot-contracts/src/logic/ord.rs" 89 15 89 48 + let%span sord13 = "../../../creusot-contracts/src/logic/ord.rs" 90 14 90 44 + let%span sord14 = "../../../creusot-contracts/src/logic/ord.rs" 95 14 95 59 - use prelude.prelude.IntSize + type t_T'0 - use prelude.prelude.Int + type t_Reverse'0 = + { t_Reverse__0'0: t_T'0 } type t_Ordering'0 = | C_Less'0 | C_Equal'0 | C_Greater'0 - function cmp_log'0 [#"../../../creusot-contracts/src/logic/ord.rs" 185 12 185 49] (self : isize) (o : isize) : t_Ordering'0 + function cmp_log'1 [#"../../../creusot-contracts/src/logic/ord.rs" 19 4 19 46] (self : t_T'0) (other : t_T'0) : t_Ordering'0 - = - [%#sord1] if self < o then C_Less'0 else if self = o then C_Equal'0 else C_Greater'0 - goal refines : [%#sord0] forall x : isize . forall y : isize . forall result : () . (x < y) - = (cmp_log'0 x y = C_Less'0) -> (x < y) = (cmp_log'0 x y = C_Less'0) -end -module M_creusot_contracts__logic__ord__qyi8047313880300482848__trans__refines [#"../../../creusot-contracts/src/logic/ord.rs" 157 8 157 56] (* *) - let%span sord0 = "../../../creusot-contracts/src/logic/ord.rs" 157 8 157 56 - let%span sord1 = "../../../creusot-contracts/src/logic/ord.rs" 186 16 192 17 + function eq_cmp'1 [#"../../../creusot-contracts/src/logic/ord.rs" 96 4 96 32] (x : t_T'0) (y : t_T'0) : () - use prelude.prelude.IntSize + axiom eq_cmp'1_spec : forall x : t_T'0, y : t_T'0 . [%#sord14] (x = y) = (cmp_log'1 x y = C_Equal'0) - type t_Ordering'0 = - | C_Less'0 - | C_Equal'0 - | C_Greater'0 + function antisym2'0 [#"../../../creusot-contracts/src/logic/ord.rs" 91 4 91 34] (x : t_T'0) (y : t_T'0) : () - use prelude.prelude.Int + axiom antisym2'0_spec : forall x : t_T'0, y : t_T'0 . ([%#sord12] cmp_log'1 x y = C_Greater'0) + -> ([%#sord13] cmp_log'1 y x = C_Less'0) - function cmp_log'0 [#"../../../creusot-contracts/src/logic/ord.rs" 185 12 185 49] (self : isize) (o : isize) : t_Ordering'0 - - = - [%#sord1] if self < o then C_Less'0 else if self = o then C_Equal'0 else C_Greater'0 + function antisym1'0 [#"../../../creusot-contracts/src/logic/ord.rs" 83 4 83 34] (x : t_T'0) (y : t_T'0) : () - goal refines : [%#sord0] forall x : isize . forall y : isize . forall z : isize . forall o : t_Ordering'0 . cmp_log'0 y z - = o - /\ cmp_log'0 x y = o - -> cmp_log'0 y z = o /\ cmp_log'0 x y = o /\ (forall result : () . cmp_log'0 x z = o -> cmp_log'0 x z = o) -end -module M_creusot_contracts__logic__ord__qyi8047313880300482848__eq_cmp__refines [#"../../../creusot-contracts/src/logic/ord.rs" 174 8 174 35] (* *) - let%span sord0 = "../../../creusot-contracts/src/logic/ord.rs" 174 8 174 35 - let%span sord1 = "../../../creusot-contracts/src/logic/ord.rs" 186 16 192 17 + axiom antisym1'0_spec : forall x : t_T'0, y : t_T'0 . ([%#sord10] cmp_log'1 x y = C_Less'0) + -> ([%#sord11] cmp_log'1 y x = C_Greater'0) - use prelude.prelude.IntSize + function trans'0 [#"../../../creusot-contracts/src/logic/ord.rs" 75 4 75 53] (x : t_T'0) (y : t_T'0) (z : t_T'0) (o : t_Ordering'0) : () + - type t_Ordering'0 = - | C_Less'0 - | C_Equal'0 - | C_Greater'0 + axiom trans'0_spec : forall x : t_T'0, y : t_T'0, z : t_T'0, o : t_Ordering'0 . ([%#sord7] cmp_log'1 x y = o) + -> ([%#sord8] cmp_log'1 y z = o) -> ([%#sord9] cmp_log'1 x z = o) - use prelude.prelude.Int + function refl'0 [#"../../../creusot-contracts/src/logic/ord.rs" 68 4 68 21] (x : t_T'0) : () - function cmp_log'0 [#"../../../creusot-contracts/src/logic/ord.rs" 185 12 185 49] (self : isize) (o : isize) : t_Ordering'0 - - = - [%#sord1] if self < o then C_Less'0 else if self = o then C_Equal'0 else C_Greater'0 + axiom refl'0_spec : forall x : t_T'0 . [%#sord6] cmp_log'1 x x = C_Equal'0 - goal refines : [%#sord0] forall x : isize . forall y : isize . forall result : () . (x = y) - = (cmp_log'0 x y = C_Equal'0) -> (x = y) = (cmp_log'0 x y = C_Equal'0) -end -module M_creusot_contracts__logic__ord__qyi8047313880300482848__refl__refines [#"../../../creusot-contracts/src/logic/ord.rs" 150 8 150 24] (* *) - let%span sord0 = "../../../creusot-contracts/src/logic/ord.rs" 150 8 150 24 - let%span sord1 = "../../../creusot-contracts/src/logic/ord.rs" 186 16 192 17 + function gt_log'0 [#"../../../creusot-contracts/src/logic/ord.rs" 57 4 57 36] (self : t_T'0) (o : t_T'0) : bool - use prelude.prelude.IntSize + function cmp_gt_log'0 [#"../../../creusot-contracts/src/logic/ord.rs" 63 4 63 36] (x : t_T'0) (y : t_T'0) : () - type t_Ordering'0 = - | C_Less'0 - | C_Equal'0 - | C_Greater'0 + axiom cmp_gt_log'0_spec : forall x : t_T'0, y : t_T'0 . [%#sord5] gt_log'0 x y = (cmp_log'1 x y = C_Greater'0) - use prelude.prelude.Int + function ge_log'0 [#"../../../creusot-contracts/src/logic/ord.rs" 46 4 46 36] (self : t_T'0) (o : t_T'0) : bool - function cmp_log'0 [#"../../../creusot-contracts/src/logic/ord.rs" 185 12 185 49] (self : isize) (o : isize) : t_Ordering'0 - - = - [%#sord1] if self < o then C_Less'0 else if self = o then C_Equal'0 else C_Greater'0 + function cmp_ge_log'0 [#"../../../creusot-contracts/src/logic/ord.rs" 52 4 52 36] (x : t_T'0) (y : t_T'0) : () - goal refines : [%#sord0] forall x : isize . forall result : () . cmp_log'0 x x = C_Equal'0 - -> cmp_log'0 x x = C_Equal'0 -end -module M_creusot_contracts__logic__ord__qyi8047313880300482848__cmp_gt_log__refines [#"../../../creusot-contracts/src/logic/ord.rs" 145 8 145 39] (* *) - let%span sord0 = "../../../creusot-contracts/src/logic/ord.rs" 145 8 145 39 - let%span sord1 = "../../../creusot-contracts/src/logic/ord.rs" 186 16 192 17 + axiom cmp_ge_log'0_spec : forall x : t_T'0, y : t_T'0 . [%#sord4] ge_log'0 x y = (cmp_log'1 x y <> C_Less'0) - use prelude.prelude.IntSize + function lt_log'0 [#"../../../creusot-contracts/src/logic/ord.rs" 35 4 35 36] (self : t_T'0) (o : t_T'0) : bool - use prelude.prelude.Int + function cmp_lt_log'0 [#"../../../creusot-contracts/src/logic/ord.rs" 41 4 41 36] (x : t_T'0) (y : t_T'0) : () - type t_Ordering'0 = - | C_Less'0 - | C_Equal'0 - | C_Greater'0 + axiom cmp_lt_log'0_spec : forall x : t_T'0, y : t_T'0 . [%#sord3] lt_log'0 x y = (cmp_log'1 x y = C_Less'0) - function cmp_log'0 [#"../../../creusot-contracts/src/logic/ord.rs" 185 12 185 49] (self : isize) (o : isize) : t_Ordering'0 + function le_log'0 [#"../../../creusot-contracts/src/logic/ord.rs" 24 4 24 36] (self : t_T'0) (o : t_T'0) : bool + + function cmp_le_log'0 [#"../../../creusot-contracts/src/logic/ord.rs" 30 4 30 36] (x : t_T'0) (y : t_T'0) : () + + axiom cmp_le_log'0_spec : forall x : t_T'0, y : t_T'0 . [%#sord2] le_log'0 x y = (cmp_log'1 x y <> C_Greater'0) + + function cmp_log'0 [#"../../../creusot-contracts/src/std/cmp.rs" 77 4 77 41] (self : t_Reverse'0) (o : t_Reverse'0) : t_Ordering'0 = - [%#sord1] if self < o then C_Less'0 else if self = o then C_Equal'0 else C_Greater'0 + [%#scmp1] match cmp_log'1 self.t_Reverse__0'0 o.t_Reverse__0'0 with + | C_Equal'0 -> C_Equal'0 + | C_Less'0 -> C_Greater'0 + | C_Greater'0 -> C_Less'0 + end - goal refines : [%#sord0] forall x : isize . forall y : isize . forall result : () . (x > y) - = (cmp_log'0 x y = C_Greater'0) -> (x > y) = (cmp_log'0 x y = C_Greater'0) + goal refines : [%#scmp0] forall x : t_Reverse'0 . forall y : t_Reverse'0 . forall result : () . (x = y) + = (cmp_log'0 x y = C_Equal'0) -> (x = y) = (cmp_log'0 x y = C_Equal'0) end -module M_creusot_contracts__logic__ord__qyi8047313880300482848__cmp_le_log__refines [#"../../../creusot-contracts/src/logic/ord.rs" 130 8 130 39] (* *) - let%span sord0 = "../../../creusot-contracts/src/logic/ord.rs" 130 8 130 39 - let%span sord1 = "../../../creusot-contracts/src/logic/ord.rs" 186 16 192 17 +module M_creusot_contracts__stdqy35z1__cmp__qyi16241606109483467814__refl__refines [#"../../../creusot-contracts/src/std/cmp.rs" 108 4 108 20] (* as logic::ord::OrdLogic> *) + let%span scmp0 = "../../../creusot-contracts/src/std/cmp.rs" 108 4 108 20 + let%span scmp1 = "../../../creusot-contracts/src/std/cmp.rs" 78 8 82 9 + let%span sord2 = "../../../creusot-contracts/src/logic/ord.rs" 29 14 29 64 + let%span sord3 = "../../../creusot-contracts/src/logic/ord.rs" 40 14 40 61 + let%span sord4 = "../../../creusot-contracts/src/logic/ord.rs" 51 14 51 61 + let%span sord5 = "../../../creusot-contracts/src/logic/ord.rs" 62 14 62 64 + let%span sord6 = "../../../creusot-contracts/src/logic/ord.rs" 67 14 67 45 + let%span sord7 = "../../../creusot-contracts/src/logic/ord.rs" 72 15 72 32 + let%span sord8 = "../../../creusot-contracts/src/logic/ord.rs" 73 15 73 32 + let%span sord9 = "../../../creusot-contracts/src/logic/ord.rs" 74 14 74 31 + let%span sord10 = "../../../creusot-contracts/src/logic/ord.rs" 81 15 81 45 + let%span sord11 = "../../../creusot-contracts/src/logic/ord.rs" 82 14 82 47 + let%span sord12 = "../../../creusot-contracts/src/logic/ord.rs" 89 15 89 48 + let%span sord13 = "../../../creusot-contracts/src/logic/ord.rs" 90 14 90 44 + let%span sord14 = "../../../creusot-contracts/src/logic/ord.rs" 95 14 95 59 - use prelude.prelude.IntSize + type t_T'0 - use prelude.prelude.Int + type t_Reverse'0 = + { t_Reverse__0'0: t_T'0 } type t_Ordering'0 = | C_Less'0 | C_Equal'0 | C_Greater'0 - function cmp_log'0 [#"../../../creusot-contracts/src/logic/ord.rs" 185 12 185 49] (self : isize) (o : isize) : t_Ordering'0 + function cmp_log'1 [#"../../../creusot-contracts/src/logic/ord.rs" 19 4 19 46] (self : t_T'0) (other : t_T'0) : t_Ordering'0 - = - [%#sord1] if self < o then C_Less'0 else if self = o then C_Equal'0 else C_Greater'0 - goal refines : [%#sord0] forall x : isize . forall y : isize . forall result : () . (x <= y) - = (cmp_log'0 x y <> C_Greater'0) -> (x <= y) = (cmp_log'0 x y <> C_Greater'0) -end -module M_creusot_contracts__logic__ord__qyi17836724837647357586__cmp_ge_log__refines [#"../../../creusot-contracts/src/logic/ord.rs" 140 8 140 39] (* *) - let%span sord0 = "../../../creusot-contracts/src/logic/ord.rs" 140 8 140 39 - let%span sord1 = "../../../creusot-contracts/src/logic/ord.rs" 47 20 47 53 - let%span sord2 = "../../../creusot-contracts/src/logic/ord.rs" 248 8 253 9 + function eq_cmp'0 [#"../../../creusot-contracts/src/logic/ord.rs" 96 4 96 32] (x : t_T'0) (y : t_T'0) : () - type t_Ordering'0 = - | C_Less'0 - | C_Equal'0 - | C_Greater'0 + axiom eq_cmp'0_spec : forall x : t_T'0, y : t_T'0 . [%#sord14] (x = y) = (cmp_log'1 x y = C_Equal'0) - function cmp_log'0 [#"../../../creusot-contracts/src/logic/ord.rs" 247 4 247 41] (self : bool) (o : bool) : t_Ordering'0 - - = - [%#sord2] match (self, o) with - | (False, False) -> C_Equal'0 - | (True, True) -> C_Equal'0 - | (False, True) -> C_Less'0 - | (True, False) -> C_Greater'0 - end + function antisym2'0 [#"../../../creusot-contracts/src/logic/ord.rs" 91 4 91 34] (x : t_T'0) (y : t_T'0) : () - function ge_log'0 [#"../../../creusot-contracts/src/logic/ord.rs" 46 4 46 36] (self : bool) (o : bool) : bool = - [%#sord1] cmp_log'0 self o <> C_Less'0 + axiom antisym2'0_spec : forall x : t_T'0, y : t_T'0 . ([%#sord12] cmp_log'1 x y = C_Greater'0) + -> ([%#sord13] cmp_log'1 y x = C_Less'0) - goal refines : [%#sord0] forall x : bool . forall y : bool . forall result : () . ge_log'0 x y - = (cmp_log'0 x y <> C_Less'0) -> ge_log'0 x y = (cmp_log'0 x y <> C_Less'0) -end -module M_creusot_contracts__logic__ord__qyi17836724837647357586__refl__refines [#"../../../creusot-contracts/src/logic/ord.rs" 150 8 150 24] (* *) - let%span sord0 = "../../../creusot-contracts/src/logic/ord.rs" 150 8 150 24 - let%span sord1 = "../../../creusot-contracts/src/logic/ord.rs" 248 8 253 9 + function antisym1'0 [#"../../../creusot-contracts/src/logic/ord.rs" 83 4 83 34] (x : t_T'0) (y : t_T'0) : () - type t_Ordering'0 = - | C_Less'0 - | C_Equal'0 - | C_Greater'0 + axiom antisym1'0_spec : forall x : t_T'0, y : t_T'0 . ([%#sord10] cmp_log'1 x y = C_Less'0) + -> ([%#sord11] cmp_log'1 y x = C_Greater'0) - function cmp_log'0 [#"../../../creusot-contracts/src/logic/ord.rs" 247 4 247 41] (self : bool) (o : bool) : t_Ordering'0 + function trans'0 [#"../../../creusot-contracts/src/logic/ord.rs" 75 4 75 53] (x : t_T'0) (y : t_T'0) (z : t_T'0) (o : t_Ordering'0) : () - = - [%#sord1] match (self, o) with - | (False, False) -> C_Equal'0 - | (True, True) -> C_Equal'0 - | (False, True) -> C_Less'0 - | (True, False) -> C_Greater'0 - end - goal refines : [%#sord0] forall x : bool . forall result : () . cmp_log'0 x x = C_Equal'0 - -> cmp_log'0 x x = C_Equal'0 -end -module M_creusot_contracts__logic__ord__qyi17836724837647357586__antisym1__refines [#"../../../creusot-contracts/src/logic/ord.rs" 163 8 163 37] (* *) - let%span sord0 = "../../../creusot-contracts/src/logic/ord.rs" 163 8 163 37 - let%span sord1 = "../../../creusot-contracts/src/logic/ord.rs" 248 8 253 9 + axiom trans'0_spec : forall x : t_T'0, y : t_T'0, z : t_T'0, o : t_Ordering'0 . ([%#sord7] cmp_log'1 x y = o) + -> ([%#sord8] cmp_log'1 y z = o) -> ([%#sord9] cmp_log'1 x z = o) - type t_Ordering'0 = - | C_Less'0 - | C_Equal'0 - | C_Greater'0 + function refl'1 [#"../../../creusot-contracts/src/logic/ord.rs" 68 4 68 21] (x : t_T'0) : () - function cmp_log'0 [#"../../../creusot-contracts/src/logic/ord.rs" 247 4 247 41] (self : bool) (o : bool) : t_Ordering'0 + axiom refl'1_spec : forall x : t_T'0 . [%#sord6] cmp_log'1 x x = C_Equal'0 + + function gt_log'0 [#"../../../creusot-contracts/src/logic/ord.rs" 57 4 57 36] (self : t_T'0) (o : t_T'0) : bool + + function cmp_gt_log'0 [#"../../../creusot-contracts/src/logic/ord.rs" 63 4 63 36] (x : t_T'0) (y : t_T'0) : () + + axiom cmp_gt_log'0_spec : forall x : t_T'0, y : t_T'0 . [%#sord5] gt_log'0 x y = (cmp_log'1 x y = C_Greater'0) + + function ge_log'0 [#"../../../creusot-contracts/src/logic/ord.rs" 46 4 46 36] (self : t_T'0) (o : t_T'0) : bool + + function cmp_ge_log'0 [#"../../../creusot-contracts/src/logic/ord.rs" 52 4 52 36] (x : t_T'0) (y : t_T'0) : () + + axiom cmp_ge_log'0_spec : forall x : t_T'0, y : t_T'0 . [%#sord4] ge_log'0 x y = (cmp_log'1 x y <> C_Less'0) + + function lt_log'0 [#"../../../creusot-contracts/src/logic/ord.rs" 35 4 35 36] (self : t_T'0) (o : t_T'0) : bool + + function cmp_lt_log'0 [#"../../../creusot-contracts/src/logic/ord.rs" 41 4 41 36] (x : t_T'0) (y : t_T'0) : () + + axiom cmp_lt_log'0_spec : forall x : t_T'0, y : t_T'0 . [%#sord3] lt_log'0 x y = (cmp_log'1 x y = C_Less'0) + + function le_log'0 [#"../../../creusot-contracts/src/logic/ord.rs" 24 4 24 36] (self : t_T'0) (o : t_T'0) : bool + + function cmp_le_log'0 [#"../../../creusot-contracts/src/logic/ord.rs" 30 4 30 36] (x : t_T'0) (y : t_T'0) : () + + axiom cmp_le_log'0_spec : forall x : t_T'0, y : t_T'0 . [%#sord2] le_log'0 x y = (cmp_log'1 x y <> C_Greater'0) + + function cmp_log'0 [#"../../../creusot-contracts/src/std/cmp.rs" 77 4 77 41] (self : t_Reverse'0) (o : t_Reverse'0) : t_Ordering'0 = - [%#sord1] match (self, o) with - | (False, False) -> C_Equal'0 - | (True, True) -> C_Equal'0 - | (False, True) -> C_Less'0 - | (True, False) -> C_Greater'0 + [%#scmp1] match cmp_log'1 self.t_Reverse__0'0 o.t_Reverse__0'0 with + | C_Equal'0 -> C_Equal'0 + | C_Less'0 -> C_Greater'0 + | C_Greater'0 -> C_Less'0 end - goal refines : [%#sord0] forall x : bool . forall y : bool . cmp_log'0 x y = C_Less'0 - -> cmp_log'0 x y = C_Less'0 /\ (forall result : () . cmp_log'0 y x = C_Greater'0 -> cmp_log'0 y x = C_Greater'0) + goal refines : [%#scmp0] forall x : t_Reverse'0 . forall result : () . cmp_log'0 x x = C_Equal'0 + -> cmp_log'0 x x = C_Equal'0 end -module M_creusot_contracts__logic__ord__qyi17836724837647357586__cmp_gt_log__refines [#"../../../creusot-contracts/src/logic/ord.rs" 145 8 145 39] (* *) - let%span sord0 = "../../../creusot-contracts/src/logic/ord.rs" 145 8 145 39 - let%span sord1 = "../../../creusot-contracts/src/logic/ord.rs" 58 20 58 56 - let%span sord2 = "../../../creusot-contracts/src/logic/ord.rs" 248 8 253 9 +module M_creusot_contracts__stdqy35z1__cmp__qyi16241606109483467814__trans__refines [#"../../../creusot-contracts/src/std/cmp.rs" 115 4 115 52] (* as logic::ord::OrdLogic> *) + let%span scmp0 = "../../../creusot-contracts/src/std/cmp.rs" 115 4 115 52 + let%span scmp1 = "../../../creusot-contracts/src/std/cmp.rs" 78 8 82 9 + let%span sord2 = "../../../creusot-contracts/src/logic/ord.rs" 29 14 29 64 + let%span sord3 = "../../../creusot-contracts/src/logic/ord.rs" 40 14 40 61 + let%span sord4 = "../../../creusot-contracts/src/logic/ord.rs" 51 14 51 61 + let%span sord5 = "../../../creusot-contracts/src/logic/ord.rs" 62 14 62 64 + let%span sord6 = "../../../creusot-contracts/src/logic/ord.rs" 67 14 67 45 + let%span sord7 = "../../../creusot-contracts/src/logic/ord.rs" 72 15 72 32 + let%span sord8 = "../../../creusot-contracts/src/logic/ord.rs" 73 15 73 32 + let%span sord9 = "../../../creusot-contracts/src/logic/ord.rs" 74 14 74 31 + let%span sord10 = "../../../creusot-contracts/src/logic/ord.rs" 81 15 81 45 + let%span sord11 = "../../../creusot-contracts/src/logic/ord.rs" 82 14 82 47 + let%span sord12 = "../../../creusot-contracts/src/logic/ord.rs" 89 15 89 48 + let%span sord13 = "../../../creusot-contracts/src/logic/ord.rs" 90 14 90 44 + let%span sord14 = "../../../creusot-contracts/src/logic/ord.rs" 95 14 95 59 + + type t_T'0 + + type t_Reverse'0 = + { t_Reverse__0'0: t_T'0 } type t_Ordering'0 = | C_Less'0 | C_Equal'0 | C_Greater'0 - function cmp_log'0 [#"../../../creusot-contracts/src/logic/ord.rs" 247 4 247 41] (self : bool) (o : bool) : t_Ordering'0 + function cmp_log'1 [#"../../../creusot-contracts/src/logic/ord.rs" 19 4 19 46] (self : t_T'0) (other : t_T'0) : t_Ordering'0 - = - [%#sord2] match (self, o) with - | (False, False) -> C_Equal'0 - | (True, True) -> C_Equal'0 - | (False, True) -> C_Less'0 - | (True, False) -> C_Greater'0 - end - function gt_log'0 [#"../../../creusot-contracts/src/logic/ord.rs" 57 4 57 36] (self : bool) (o : bool) : bool = - [%#sord1] cmp_log'0 self o = C_Greater'0 + function eq_cmp'0 [#"../../../creusot-contracts/src/logic/ord.rs" 96 4 96 32] (x : t_T'0) (y : t_T'0) : () - goal refines : [%#sord0] forall x : bool . forall y : bool . forall result : () . gt_log'0 x y - = (cmp_log'0 x y = C_Greater'0) -> gt_log'0 x y = (cmp_log'0 x y = C_Greater'0) -end -module M_creusot_contracts__logic__ord__qyi17836724837647357586__cmp_le_log__refines [#"../../../creusot-contracts/src/logic/ord.rs" 130 8 130 39] (* *) - let%span sord0 = "../../../creusot-contracts/src/logic/ord.rs" 130 8 130 39 - let%span sord1 = "../../../creusot-contracts/src/logic/ord.rs" 25 20 25 56 - let%span sord2 = "../../../creusot-contracts/src/logic/ord.rs" 248 8 253 9 + axiom eq_cmp'0_spec : forall x : t_T'0, y : t_T'0 . [%#sord14] (x = y) = (cmp_log'1 x y = C_Equal'0) - type t_Ordering'0 = - | C_Less'0 - | C_Equal'0 - | C_Greater'0 + function antisym2'0 [#"../../../creusot-contracts/src/logic/ord.rs" 91 4 91 34] (x : t_T'0) (y : t_T'0) : () - function cmp_log'0 [#"../../../creusot-contracts/src/logic/ord.rs" 247 4 247 41] (self : bool) (o : bool) : t_Ordering'0 + axiom antisym2'0_spec : forall x : t_T'0, y : t_T'0 . ([%#sord12] cmp_log'1 x y = C_Greater'0) + -> ([%#sord13] cmp_log'1 y x = C_Less'0) + + function antisym1'0 [#"../../../creusot-contracts/src/logic/ord.rs" 83 4 83 34] (x : t_T'0) (y : t_T'0) : () + + axiom antisym1'0_spec : forall x : t_T'0, y : t_T'0 . ([%#sord10] cmp_log'1 x y = C_Less'0) + -> ([%#sord11] cmp_log'1 y x = C_Greater'0) + + function trans'1 [#"../../../creusot-contracts/src/logic/ord.rs" 75 4 75 53] (x : t_T'0) (y : t_T'0) (z : t_T'0) (o : t_Ordering'0) : () - = - [%#sord2] match (self, o) with - | (False, False) -> C_Equal'0 - | (True, True) -> C_Equal'0 - | (False, True) -> C_Less'0 - | (True, False) -> C_Greater'0 - end - function le_log'0 [#"../../../creusot-contracts/src/logic/ord.rs" 24 4 24 36] (self : bool) (o : bool) : bool = - [%#sord1] cmp_log'0 self o <> C_Greater'0 + axiom trans'1_spec : forall x : t_T'0, y : t_T'0, z : t_T'0, o : t_Ordering'0 . ([%#sord7] cmp_log'1 x y = o) + -> ([%#sord8] cmp_log'1 y z = o) -> ([%#sord9] cmp_log'1 x z = o) - goal refines : [%#sord0] forall x : bool . forall y : bool . forall result : () . le_log'0 x y - = (cmp_log'0 x y <> C_Greater'0) -> le_log'0 x y = (cmp_log'0 x y <> C_Greater'0) -end -module M_creusot_contracts__logic__ord__qyi17836724837647357586__cmp_lt_log__refines [#"../../../creusot-contracts/src/logic/ord.rs" 135 8 135 39] (* *) - let%span sord0 = "../../../creusot-contracts/src/logic/ord.rs" 135 8 135 39 - let%span sord1 = "../../../creusot-contracts/src/logic/ord.rs" 36 20 36 53 - let%span sord2 = "../../../creusot-contracts/src/logic/ord.rs" 248 8 253 9 + function refl'0 [#"../../../creusot-contracts/src/logic/ord.rs" 68 4 68 21] (x : t_T'0) : () - type t_Ordering'0 = - | C_Less'0 - | C_Equal'0 - | C_Greater'0 + axiom refl'0_spec : forall x : t_T'0 . [%#sord6] cmp_log'1 x x = C_Equal'0 - function cmp_log'0 [#"../../../creusot-contracts/src/logic/ord.rs" 247 4 247 41] (self : bool) (o : bool) : t_Ordering'0 - - = - [%#sord2] match (self, o) with - | (False, False) -> C_Equal'0 - | (True, True) -> C_Equal'0 - | (False, True) -> C_Less'0 - | (True, False) -> C_Greater'0 - end + function gt_log'0 [#"../../../creusot-contracts/src/logic/ord.rs" 57 4 57 36] (self : t_T'0) (o : t_T'0) : bool - function lt_log'0 [#"../../../creusot-contracts/src/logic/ord.rs" 35 4 35 36] (self : bool) (o : bool) : bool = - [%#sord1] cmp_log'0 self o = C_Less'0 + function cmp_gt_log'0 [#"../../../creusot-contracts/src/logic/ord.rs" 63 4 63 36] (x : t_T'0) (y : t_T'0) : () - goal refines : [%#sord0] forall x : bool . forall y : bool . forall result : () . lt_log'0 x y - = (cmp_log'0 x y = C_Less'0) -> lt_log'0 x y = (cmp_log'0 x y = C_Less'0) -end -module M_creusot_contracts__logic__ord__qyi17836724837647357586__eq_cmp__refines [#"../../../creusot-contracts/src/logic/ord.rs" 174 8 174 35] (* *) - let%span sord0 = "../../../creusot-contracts/src/logic/ord.rs" 174 8 174 35 - let%span sord1 = "../../../creusot-contracts/src/logic/ord.rs" 248 8 253 9 + axiom cmp_gt_log'0_spec : forall x : t_T'0, y : t_T'0 . [%#sord5] gt_log'0 x y = (cmp_log'1 x y = C_Greater'0) - type t_Ordering'0 = - | C_Less'0 - | C_Equal'0 - | C_Greater'0 + function ge_log'0 [#"../../../creusot-contracts/src/logic/ord.rs" 46 4 46 36] (self : t_T'0) (o : t_T'0) : bool - function cmp_log'0 [#"../../../creusot-contracts/src/logic/ord.rs" 247 4 247 41] (self : bool) (o : bool) : t_Ordering'0 + function cmp_ge_log'0 [#"../../../creusot-contracts/src/logic/ord.rs" 52 4 52 36] (x : t_T'0) (y : t_T'0) : () + + axiom cmp_ge_log'0_spec : forall x : t_T'0, y : t_T'0 . [%#sord4] ge_log'0 x y = (cmp_log'1 x y <> C_Less'0) + + function lt_log'0 [#"../../../creusot-contracts/src/logic/ord.rs" 35 4 35 36] (self : t_T'0) (o : t_T'0) : bool + + function cmp_lt_log'0 [#"../../../creusot-contracts/src/logic/ord.rs" 41 4 41 36] (x : t_T'0) (y : t_T'0) : () + + axiom cmp_lt_log'0_spec : forall x : t_T'0, y : t_T'0 . [%#sord3] lt_log'0 x y = (cmp_log'1 x y = C_Less'0) + + function le_log'0 [#"../../../creusot-contracts/src/logic/ord.rs" 24 4 24 36] (self : t_T'0) (o : t_T'0) : bool + + function cmp_le_log'0 [#"../../../creusot-contracts/src/logic/ord.rs" 30 4 30 36] (x : t_T'0) (y : t_T'0) : () + + axiom cmp_le_log'0_spec : forall x : t_T'0, y : t_T'0 . [%#sord2] le_log'0 x y = (cmp_log'1 x y <> C_Greater'0) + + function cmp_log'0 [#"../../../creusot-contracts/src/std/cmp.rs" 77 4 77 41] (self : t_Reverse'0) (o : t_Reverse'0) : t_Ordering'0 = - [%#sord1] match (self, o) with - | (False, False) -> C_Equal'0 - | (True, True) -> C_Equal'0 - | (False, True) -> C_Less'0 - | (True, False) -> C_Greater'0 + [%#scmp1] match cmp_log'1 self.t_Reverse__0'0 o.t_Reverse__0'0 with + | C_Equal'0 -> C_Equal'0 + | C_Less'0 -> C_Greater'0 + | C_Greater'0 -> C_Less'0 end - goal refines : [%#sord0] forall x : bool . forall y : bool . forall result : () . (x = y) - = (cmp_log'0 x y = C_Equal'0) -> (x = y) = (cmp_log'0 x y = C_Equal'0) + goal refines : [%#scmp0] forall x : t_Reverse'0 . forall y : t_Reverse'0 . forall z : t_Reverse'0 . forall o : t_Ordering'0 . cmp_log'0 y z + = o + /\ cmp_log'0 x y = o + -> cmp_log'0 y z = o /\ cmp_log'0 x y = o /\ (forall result : () . cmp_log'0 x z = o -> cmp_log'0 x z = o) end -module M_creusot_contracts__logic__ord__qyi17836724837647357586__antisym2__refines [#"../../../creusot-contracts/src/logic/ord.rs" 169 8 169 37] (* *) - let%span sord0 = "../../../creusot-contracts/src/logic/ord.rs" 169 8 169 37 - let%span sord1 = "../../../creusot-contracts/src/logic/ord.rs" 248 8 253 9 +module M_creusot_contracts__stdqy35z1__cmp__qyi16241606109483467814__antisym2__refines [#"../../../creusot-contracts/src/std/cmp.rs" 127 4 127 33] (* as logic::ord::OrdLogic> *) + let%span scmp0 = "../../../creusot-contracts/src/std/cmp.rs" 127 4 127 33 + let%span scmp1 = "../../../creusot-contracts/src/std/cmp.rs" 78 8 82 9 + let%span sord2 = "../../../creusot-contracts/src/logic/ord.rs" 29 14 29 64 + let%span sord3 = "../../../creusot-contracts/src/logic/ord.rs" 40 14 40 61 + let%span sord4 = "../../../creusot-contracts/src/logic/ord.rs" 51 14 51 61 + let%span sord5 = "../../../creusot-contracts/src/logic/ord.rs" 62 14 62 64 + let%span sord6 = "../../../creusot-contracts/src/logic/ord.rs" 67 14 67 45 + let%span sord7 = "../../../creusot-contracts/src/logic/ord.rs" 72 15 72 32 + let%span sord8 = "../../../creusot-contracts/src/logic/ord.rs" 73 15 73 32 + let%span sord9 = "../../../creusot-contracts/src/logic/ord.rs" 74 14 74 31 + let%span sord10 = "../../../creusot-contracts/src/logic/ord.rs" 81 15 81 45 + let%span sord11 = "../../../creusot-contracts/src/logic/ord.rs" 82 14 82 47 + let%span sord12 = "../../../creusot-contracts/src/logic/ord.rs" 89 15 89 48 + let%span sord13 = "../../../creusot-contracts/src/logic/ord.rs" 90 14 90 44 + let%span sord14 = "../../../creusot-contracts/src/logic/ord.rs" 95 14 95 59 + + type t_T'0 + + type t_Reverse'0 = + { t_Reverse__0'0: t_T'0 } type t_Ordering'0 = | C_Less'0 | C_Equal'0 | C_Greater'0 - function cmp_log'0 [#"../../../creusot-contracts/src/logic/ord.rs" 247 4 247 41] (self : bool) (o : bool) : t_Ordering'0 + function cmp_log'1 [#"../../../creusot-contracts/src/logic/ord.rs" 19 4 19 46] (self : t_T'0) (other : t_T'0) : t_Ordering'0 - = - [%#sord1] match (self, o) with - | (False, False) -> C_Equal'0 - | (True, True) -> C_Equal'0 - | (False, True) -> C_Less'0 - | (True, False) -> C_Greater'0 - end - goal refines : [%#sord0] forall x : bool . forall y : bool . cmp_log'0 x y = C_Greater'0 - -> cmp_log'0 x y = C_Greater'0 /\ (forall result : () . cmp_log'0 y x = C_Less'0 -> cmp_log'0 y x = C_Less'0) -end -module M_creusot_contracts__logic__ord__qyi17836724837647357586__trans__refines [#"../../../creusot-contracts/src/logic/ord.rs" 157 8 157 56] (* *) - let%span sord0 = "../../../creusot-contracts/src/logic/ord.rs" 157 8 157 56 - let%span sord1 = "../../../creusot-contracts/src/logic/ord.rs" 248 8 253 9 + function eq_cmp'0 [#"../../../creusot-contracts/src/logic/ord.rs" 96 4 96 32] (x : t_T'0) (y : t_T'0) : () - type t_Ordering'0 = - | C_Less'0 - | C_Equal'0 - | C_Greater'0 + axiom eq_cmp'0_spec : forall x : t_T'0, y : t_T'0 . [%#sord14] (x = y) = (cmp_log'1 x y = C_Equal'0) - function cmp_log'0 [#"../../../creusot-contracts/src/logic/ord.rs" 247 4 247 41] (self : bool) (o : bool) : t_Ordering'0 + function antisym2'1 [#"../../../creusot-contracts/src/logic/ord.rs" 91 4 91 34] (x : t_T'0) (y : t_T'0) : () + + axiom antisym2'1_spec : forall x : t_T'0, y : t_T'0 . ([%#sord12] cmp_log'1 x y = C_Greater'0) + -> ([%#sord13] cmp_log'1 y x = C_Less'0) + + function antisym1'0 [#"../../../creusot-contracts/src/logic/ord.rs" 83 4 83 34] (x : t_T'0) (y : t_T'0) : () + + axiom antisym1'0_spec : forall x : t_T'0, y : t_T'0 . ([%#sord10] cmp_log'1 x y = C_Less'0) + -> ([%#sord11] cmp_log'1 y x = C_Greater'0) + + function trans'0 [#"../../../creusot-contracts/src/logic/ord.rs" 75 4 75 53] (x : t_T'0) (y : t_T'0) (z : t_T'0) (o : t_Ordering'0) : () + + + axiom trans'0_spec : forall x : t_T'0, y : t_T'0, z : t_T'0, o : t_Ordering'0 . ([%#sord7] cmp_log'1 x y = o) + -> ([%#sord8] cmp_log'1 y z = o) -> ([%#sord9] cmp_log'1 x z = o) + + function refl'0 [#"../../../creusot-contracts/src/logic/ord.rs" 68 4 68 21] (x : t_T'0) : () + + axiom refl'0_spec : forall x : t_T'0 . [%#sord6] cmp_log'1 x x = C_Equal'0 + + function gt_log'0 [#"../../../creusot-contracts/src/logic/ord.rs" 57 4 57 36] (self : t_T'0) (o : t_T'0) : bool + + function cmp_gt_log'0 [#"../../../creusot-contracts/src/logic/ord.rs" 63 4 63 36] (x : t_T'0) (y : t_T'0) : () + + axiom cmp_gt_log'0_spec : forall x : t_T'0, y : t_T'0 . [%#sord5] gt_log'0 x y = (cmp_log'1 x y = C_Greater'0) + + function ge_log'0 [#"../../../creusot-contracts/src/logic/ord.rs" 46 4 46 36] (self : t_T'0) (o : t_T'0) : bool + + function cmp_ge_log'0 [#"../../../creusot-contracts/src/logic/ord.rs" 52 4 52 36] (x : t_T'0) (y : t_T'0) : () + + axiom cmp_ge_log'0_spec : forall x : t_T'0, y : t_T'0 . [%#sord4] ge_log'0 x y = (cmp_log'1 x y <> C_Less'0) + + function lt_log'0 [#"../../../creusot-contracts/src/logic/ord.rs" 35 4 35 36] (self : t_T'0) (o : t_T'0) : bool + + function cmp_lt_log'0 [#"../../../creusot-contracts/src/logic/ord.rs" 41 4 41 36] (x : t_T'0) (y : t_T'0) : () + + axiom cmp_lt_log'0_spec : forall x : t_T'0, y : t_T'0 . [%#sord3] lt_log'0 x y = (cmp_log'1 x y = C_Less'0) + + function le_log'0 [#"../../../creusot-contracts/src/logic/ord.rs" 24 4 24 36] (self : t_T'0) (o : t_T'0) : bool + + function cmp_le_log'0 [#"../../../creusot-contracts/src/logic/ord.rs" 30 4 30 36] (x : t_T'0) (y : t_T'0) : () + + axiom cmp_le_log'0_spec : forall x : t_T'0, y : t_T'0 . [%#sord2] le_log'0 x y = (cmp_log'1 x y <> C_Greater'0) + + function cmp_log'0 [#"../../../creusot-contracts/src/std/cmp.rs" 77 4 77 41] (self : t_Reverse'0) (o : t_Reverse'0) : t_Ordering'0 = - [%#sord1] match (self, o) with - | (False, False) -> C_Equal'0 - | (True, True) -> C_Equal'0 - | (False, True) -> C_Less'0 - | (True, False) -> C_Greater'0 + [%#scmp1] match cmp_log'1 self.t_Reverse__0'0 o.t_Reverse__0'0 with + | C_Equal'0 -> C_Equal'0 + | C_Less'0 -> C_Greater'0 + | C_Greater'0 -> C_Less'0 end - goal refines : [%#sord0] forall x : bool . forall y : bool . forall z : bool . forall o : t_Ordering'0 . cmp_log'0 y z - = o - /\ cmp_log'0 x y = o - -> cmp_log'0 y z = o /\ cmp_log'0 x y = o /\ (forall result : () . cmp_log'0 x z = o -> cmp_log'0 x z = o) + goal refines : [%#scmp0] forall x : t_Reverse'0 . forall y : t_Reverse'0 . cmp_log'0 x y = C_Greater'0 + -> cmp_log'0 x y = C_Greater'0 /\ (forall result : () . cmp_log'0 y x = C_Less'0 -> cmp_log'0 y x = C_Less'0) end -module M_creusot_contracts__logic__ord__qyi1910662420989811789__cmp_gt_log__refines [#"../../../creusot-contracts/src/logic/ord.rs" 145 8 145 39] (* <(A, B) as logic::ord::OrdLogic> *) - let%span sord0 = "../../../creusot-contracts/src/logic/ord.rs" 145 8 145 39 - let%span sord1 = "../../../creusot-contracts/src/logic/ord.rs" 294 20 294 67 - let%span sord2 = "../../../creusot-contracts/src/logic/ord.rs" 263 8 270 11 +module M_creusot_contracts__stdqy35z1__cmp__qyi16241606109483467814__cmp_le_log__refines [#"../../../creusot-contracts/src/std/cmp.rs" 88 4 88 35] (* as logic::ord::OrdLogic> *) + let%span scmp0 = "../../../creusot-contracts/src/std/cmp.rs" 88 4 88 35 + let%span sord1 = "../../../creusot-contracts/src/logic/ord.rs" 25 20 25 56 + let%span scmp2 = "../../../creusot-contracts/src/std/cmp.rs" 78 8 82 9 let%span sord3 = "../../../creusot-contracts/src/logic/ord.rs" 29 14 29 64 let%span sord4 = "../../../creusot-contracts/src/logic/ord.rs" 40 14 40 61 let%span sord5 = "../../../creusot-contracts/src/logic/ord.rs" 51 14 51 61 @@ -18743,140 +18258,184 @@ module M_creusot_contracts__logic__ord__qyi1910662420989811789__cmp_gt_log__refi let%span sord14 = "../../../creusot-contracts/src/logic/ord.rs" 90 14 90 44 let%span sord15 = "../../../creusot-contracts/src/logic/ord.rs" 95 14 95 59 - type t_A'0 + type t_T'0 - type t_B'0 + type t_Reverse'0 = + { t_Reverse__0'0: t_T'0 } type t_Ordering'0 = | C_Less'0 | C_Equal'0 | C_Greater'0 - function cmp_log'2 [#"../../../creusot-contracts/src/logic/ord.rs" 19 4 19 46] (self : t_B'0) (other : t_B'0) : t_Ordering'0 + function cmp_log'1 [#"../../../creusot-contracts/src/logic/ord.rs" 19 4 19 46] (self : t_T'0) (other : t_T'0) : t_Ordering'0 - function eq_cmp'0 [#"../../../creusot-contracts/src/logic/ord.rs" 96 4 96 32] (x : t_B'0) (y : t_B'0) : () + function eq_cmp'0 [#"../../../creusot-contracts/src/logic/ord.rs" 96 4 96 32] (x : t_T'0) (y : t_T'0) : () - axiom eq_cmp'0_spec : forall x : t_B'0, y : t_B'0 . [%#sord15] (x = y) = (cmp_log'2 x y = C_Equal'0) + axiom eq_cmp'0_spec : forall x : t_T'0, y : t_T'0 . [%#sord15] (x = y) = (cmp_log'1 x y = C_Equal'0) - function antisym2'0 [#"../../../creusot-contracts/src/logic/ord.rs" 91 4 91 34] (x : t_B'0) (y : t_B'0) : () + function antisym2'0 [#"../../../creusot-contracts/src/logic/ord.rs" 91 4 91 34] (x : t_T'0) (y : t_T'0) : () - axiom antisym2'0_spec : forall x : t_B'0, y : t_B'0 . ([%#sord13] cmp_log'2 x y = C_Greater'0) - -> ([%#sord14] cmp_log'2 y x = C_Less'0) + axiom antisym2'0_spec : forall x : t_T'0, y : t_T'0 . ([%#sord13] cmp_log'1 x y = C_Greater'0) + -> ([%#sord14] cmp_log'1 y x = C_Less'0) - function antisym1'0 [#"../../../creusot-contracts/src/logic/ord.rs" 83 4 83 34] (x : t_B'0) (y : t_B'0) : () + function antisym1'0 [#"../../../creusot-contracts/src/logic/ord.rs" 83 4 83 34] (x : t_T'0) (y : t_T'0) : () - axiom antisym1'0_spec : forall x : t_B'0, y : t_B'0 . ([%#sord11] cmp_log'2 x y = C_Less'0) - -> ([%#sord12] cmp_log'2 y x = C_Greater'0) + axiom antisym1'0_spec : forall x : t_T'0, y : t_T'0 . ([%#sord11] cmp_log'1 x y = C_Less'0) + -> ([%#sord12] cmp_log'1 y x = C_Greater'0) - function trans'0 [#"../../../creusot-contracts/src/logic/ord.rs" 75 4 75 53] (x : t_B'0) (y : t_B'0) (z : t_B'0) (o : t_Ordering'0) : () + function trans'0 [#"../../../creusot-contracts/src/logic/ord.rs" 75 4 75 53] (x : t_T'0) (y : t_T'0) (z : t_T'0) (o : t_Ordering'0) : () - axiom trans'0_spec : forall x : t_B'0, y : t_B'0, z : t_B'0, o : t_Ordering'0 . ([%#sord8] cmp_log'2 x y = o) - -> ([%#sord9] cmp_log'2 y z = o) -> ([%#sord10] cmp_log'2 x z = o) + axiom trans'0_spec : forall x : t_T'0, y : t_T'0, z : t_T'0, o : t_Ordering'0 . ([%#sord8] cmp_log'1 x y = o) + -> ([%#sord9] cmp_log'1 y z = o) -> ([%#sord10] cmp_log'1 x z = o) - function refl'0 [#"../../../creusot-contracts/src/logic/ord.rs" 68 4 68 21] (x : t_B'0) : () + function refl'0 [#"../../../creusot-contracts/src/logic/ord.rs" 68 4 68 21] (x : t_T'0) : () - axiom refl'0_spec : forall x : t_B'0 . [%#sord7] cmp_log'2 x x = C_Equal'0 + axiom refl'0_spec : forall x : t_T'0 . [%#sord7] cmp_log'1 x x = C_Equal'0 - function gt_log'1 [#"../../../creusot-contracts/src/logic/ord.rs" 57 4 57 36] (self : t_B'0) (o : t_B'0) : bool + function gt_log'0 [#"../../../creusot-contracts/src/logic/ord.rs" 57 4 57 36] (self : t_T'0) (o : t_T'0) : bool - function cmp_gt_log'1 [#"../../../creusot-contracts/src/logic/ord.rs" 63 4 63 36] (x : t_B'0) (y : t_B'0) : () + function cmp_gt_log'0 [#"../../../creusot-contracts/src/logic/ord.rs" 63 4 63 36] (x : t_T'0) (y : t_T'0) : () - axiom cmp_gt_log'1_spec : forall x : t_B'0, y : t_B'0 . [%#sord6] gt_log'1 x y = (cmp_log'2 x y = C_Greater'0) + axiom cmp_gt_log'0_spec : forall x : t_T'0, y : t_T'0 . [%#sord6] gt_log'0 x y = (cmp_log'1 x y = C_Greater'0) - function ge_log'0 [#"../../../creusot-contracts/src/logic/ord.rs" 46 4 46 36] (self : t_B'0) (o : t_B'0) : bool + function ge_log'0 [#"../../../creusot-contracts/src/logic/ord.rs" 46 4 46 36] (self : t_T'0) (o : t_T'0) : bool - function cmp_ge_log'0 [#"../../../creusot-contracts/src/logic/ord.rs" 52 4 52 36] (x : t_B'0) (y : t_B'0) : () + function cmp_ge_log'0 [#"../../../creusot-contracts/src/logic/ord.rs" 52 4 52 36] (x : t_T'0) (y : t_T'0) : () - axiom cmp_ge_log'0_spec : forall x : t_B'0, y : t_B'0 . [%#sord5] ge_log'0 x y = (cmp_log'2 x y <> C_Less'0) + axiom cmp_ge_log'0_spec : forall x : t_T'0, y : t_T'0 . [%#sord5] ge_log'0 x y = (cmp_log'1 x y <> C_Less'0) - function lt_log'0 [#"../../../creusot-contracts/src/logic/ord.rs" 35 4 35 36] (self : t_B'0) (o : t_B'0) : bool + function lt_log'0 [#"../../../creusot-contracts/src/logic/ord.rs" 35 4 35 36] (self : t_T'0) (o : t_T'0) : bool - function cmp_lt_log'0 [#"../../../creusot-contracts/src/logic/ord.rs" 41 4 41 36] (x : t_B'0) (y : t_B'0) : () + function cmp_lt_log'0 [#"../../../creusot-contracts/src/logic/ord.rs" 41 4 41 36] (x : t_T'0) (y : t_T'0) : () - axiom cmp_lt_log'0_spec : forall x : t_B'0, y : t_B'0 . [%#sord4] lt_log'0 x y = (cmp_log'2 x y = C_Less'0) + axiom cmp_lt_log'0_spec : forall x : t_T'0, y : t_T'0 . [%#sord4] lt_log'0 x y = (cmp_log'1 x y = C_Less'0) - function le_log'0 [#"../../../creusot-contracts/src/logic/ord.rs" 24 4 24 36] (self : t_B'0) (o : t_B'0) : bool + function le_log'1 [#"../../../creusot-contracts/src/logic/ord.rs" 24 4 24 36] (self : t_T'0) (o : t_T'0) : bool - function cmp_le_log'0 [#"../../../creusot-contracts/src/logic/ord.rs" 30 4 30 36] (x : t_B'0) (y : t_B'0) : () + function cmp_le_log'1 [#"../../../creusot-contracts/src/logic/ord.rs" 30 4 30 36] (x : t_T'0) (y : t_T'0) : () - axiom cmp_le_log'0_spec : forall x : t_B'0, y : t_B'0 . [%#sord3] le_log'0 x y = (cmp_log'2 x y <> C_Greater'0) + axiom cmp_le_log'1_spec : forall x : t_T'0, y : t_T'0 . [%#sord3] le_log'1 x y = (cmp_log'1 x y <> C_Greater'0) - function cmp_log'1 [#"../../../creusot-contracts/src/logic/ord.rs" 19 4 19 46] (self : t_A'0) (other : t_A'0) : t_Ordering'0 + function cmp_log'0 [#"../../../creusot-contracts/src/std/cmp.rs" 77 4 77 41] (self : t_Reverse'0) (o : t_Reverse'0) : t_Ordering'0 + = + [%#scmp2] match cmp_log'1 self.t_Reverse__0'0 o.t_Reverse__0'0 with + | C_Equal'0 -> C_Equal'0 + | C_Less'0 -> C_Greater'0 + | C_Greater'0 -> C_Less'0 + end - function eq_cmp'1 [#"../../../creusot-contracts/src/logic/ord.rs" 96 4 96 32] (x : t_A'0) (y : t_A'0) : () + function le_log'0 [#"../../../creusot-contracts/src/logic/ord.rs" 24 4 24 36] (self : t_Reverse'0) (o : t_Reverse'0) : bool + + = + [%#sord1] cmp_log'0 self o <> C_Greater'0 - axiom eq_cmp'1_spec : forall x : t_A'0, y : t_A'0 . [%#sord15] (x = y) = (cmp_log'1 x y = C_Equal'0) + goal refines : [%#scmp0] forall x : t_Reverse'0 . forall y : t_Reverse'0 . forall result : () . le_log'0 x y + = (cmp_log'0 x y <> C_Greater'0) -> le_log'0 x y = (cmp_log'0 x y <> C_Greater'0) +end +module M_creusot_contracts__stdqy35z1__cmp__qyi16241606109483467814__cmp_ge_log__refines [#"../../../creusot-contracts/src/std/cmp.rs" 98 4 98 35] (* as logic::ord::OrdLogic> *) + let%span scmp0 = "../../../creusot-contracts/src/std/cmp.rs" 98 4 98 35 + let%span sord1 = "../../../creusot-contracts/src/logic/ord.rs" 47 20 47 53 + let%span scmp2 = "../../../creusot-contracts/src/std/cmp.rs" 78 8 82 9 + let%span sord3 = "../../../creusot-contracts/src/logic/ord.rs" 29 14 29 64 + let%span sord4 = "../../../creusot-contracts/src/logic/ord.rs" 40 14 40 61 + let%span sord5 = "../../../creusot-contracts/src/logic/ord.rs" 51 14 51 61 + let%span sord6 = "../../../creusot-contracts/src/logic/ord.rs" 62 14 62 64 + let%span sord7 = "../../../creusot-contracts/src/logic/ord.rs" 67 14 67 45 + let%span sord8 = "../../../creusot-contracts/src/logic/ord.rs" 72 15 72 32 + let%span sord9 = "../../../creusot-contracts/src/logic/ord.rs" 73 15 73 32 + let%span sord10 = "../../../creusot-contracts/src/logic/ord.rs" 74 14 74 31 + let%span sord11 = "../../../creusot-contracts/src/logic/ord.rs" 81 15 81 45 + let%span sord12 = "../../../creusot-contracts/src/logic/ord.rs" 82 14 82 47 + let%span sord13 = "../../../creusot-contracts/src/logic/ord.rs" 89 15 89 48 + let%span sord14 = "../../../creusot-contracts/src/logic/ord.rs" 90 14 90 44 + let%span sord15 = "../../../creusot-contracts/src/logic/ord.rs" 95 14 95 59 - function antisym2'1 [#"../../../creusot-contracts/src/logic/ord.rs" 91 4 91 34] (x : t_A'0) (y : t_A'0) : () + type t_T'0 - axiom antisym2'1_spec : forall x : t_A'0, y : t_A'0 . ([%#sord13] cmp_log'1 x y = C_Greater'0) + type t_Reverse'0 = + { t_Reverse__0'0: t_T'0 } + + type t_Ordering'0 = + | C_Less'0 + | C_Equal'0 + | C_Greater'0 + + function cmp_log'1 [#"../../../creusot-contracts/src/logic/ord.rs" 19 4 19 46] (self : t_T'0) (other : t_T'0) : t_Ordering'0 + + + function eq_cmp'0 [#"../../../creusot-contracts/src/logic/ord.rs" 96 4 96 32] (x : t_T'0) (y : t_T'0) : () + + axiom eq_cmp'0_spec : forall x : t_T'0, y : t_T'0 . [%#sord15] (x = y) = (cmp_log'1 x y = C_Equal'0) + + function antisym2'0 [#"../../../creusot-contracts/src/logic/ord.rs" 91 4 91 34] (x : t_T'0) (y : t_T'0) : () + + axiom antisym2'0_spec : forall x : t_T'0, y : t_T'0 . ([%#sord13] cmp_log'1 x y = C_Greater'0) -> ([%#sord14] cmp_log'1 y x = C_Less'0) - function antisym1'1 [#"../../../creusot-contracts/src/logic/ord.rs" 83 4 83 34] (x : t_A'0) (y : t_A'0) : () + function antisym1'0 [#"../../../creusot-contracts/src/logic/ord.rs" 83 4 83 34] (x : t_T'0) (y : t_T'0) : () - axiom antisym1'1_spec : forall x : t_A'0, y : t_A'0 . ([%#sord11] cmp_log'1 x y = C_Less'0) + axiom antisym1'0_spec : forall x : t_T'0, y : t_T'0 . ([%#sord11] cmp_log'1 x y = C_Less'0) -> ([%#sord12] cmp_log'1 y x = C_Greater'0) - function trans'1 [#"../../../creusot-contracts/src/logic/ord.rs" 75 4 75 53] (x : t_A'0) (y : t_A'0) (z : t_A'0) (o : t_Ordering'0) : () + function trans'0 [#"../../../creusot-contracts/src/logic/ord.rs" 75 4 75 53] (x : t_T'0) (y : t_T'0) (z : t_T'0) (o : t_Ordering'0) : () - axiom trans'1_spec : forall x : t_A'0, y : t_A'0, z : t_A'0, o : t_Ordering'0 . ([%#sord8] cmp_log'1 x y = o) + axiom trans'0_spec : forall x : t_T'0, y : t_T'0, z : t_T'0, o : t_Ordering'0 . ([%#sord8] cmp_log'1 x y = o) -> ([%#sord9] cmp_log'1 y z = o) -> ([%#sord10] cmp_log'1 x z = o) - function refl'1 [#"../../../creusot-contracts/src/logic/ord.rs" 68 4 68 21] (x : t_A'0) : () + function refl'0 [#"../../../creusot-contracts/src/logic/ord.rs" 68 4 68 21] (x : t_T'0) : () - axiom refl'1_spec : forall x : t_A'0 . [%#sord7] cmp_log'1 x x = C_Equal'0 + axiom refl'0_spec : forall x : t_T'0 . [%#sord7] cmp_log'1 x x = C_Equal'0 - function gt_log'2 [#"../../../creusot-contracts/src/logic/ord.rs" 57 4 57 36] (self : t_A'0) (o : t_A'0) : bool + function gt_log'0 [#"../../../creusot-contracts/src/logic/ord.rs" 57 4 57 36] (self : t_T'0) (o : t_T'0) : bool - function cmp_gt_log'2 [#"../../../creusot-contracts/src/logic/ord.rs" 63 4 63 36] (x : t_A'0) (y : t_A'0) : () + function cmp_gt_log'0 [#"../../../creusot-contracts/src/logic/ord.rs" 63 4 63 36] (x : t_T'0) (y : t_T'0) : () - axiom cmp_gt_log'2_spec : forall x : t_A'0, y : t_A'0 . [%#sord6] gt_log'2 x y = (cmp_log'1 x y = C_Greater'0) + axiom cmp_gt_log'0_spec : forall x : t_T'0, y : t_T'0 . [%#sord6] gt_log'0 x y = (cmp_log'1 x y = C_Greater'0) - function ge_log'1 [#"../../../creusot-contracts/src/logic/ord.rs" 46 4 46 36] (self : t_A'0) (o : t_A'0) : bool + function ge_log'1 [#"../../../creusot-contracts/src/logic/ord.rs" 46 4 46 36] (self : t_T'0) (o : t_T'0) : bool - function cmp_ge_log'1 [#"../../../creusot-contracts/src/logic/ord.rs" 52 4 52 36] (x : t_A'0) (y : t_A'0) : () + function cmp_ge_log'1 [#"../../../creusot-contracts/src/logic/ord.rs" 52 4 52 36] (x : t_T'0) (y : t_T'0) : () - axiom cmp_ge_log'1_spec : forall x : t_A'0, y : t_A'0 . [%#sord5] ge_log'1 x y = (cmp_log'1 x y <> C_Less'0) + axiom cmp_ge_log'1_spec : forall x : t_T'0, y : t_T'0 . [%#sord5] ge_log'1 x y = (cmp_log'1 x y <> C_Less'0) - function lt_log'1 [#"../../../creusot-contracts/src/logic/ord.rs" 35 4 35 36] (self : t_A'0) (o : t_A'0) : bool + function lt_log'0 [#"../../../creusot-contracts/src/logic/ord.rs" 35 4 35 36] (self : t_T'0) (o : t_T'0) : bool - function cmp_lt_log'1 [#"../../../creusot-contracts/src/logic/ord.rs" 41 4 41 36] (x : t_A'0) (y : t_A'0) : () + function cmp_lt_log'0 [#"../../../creusot-contracts/src/logic/ord.rs" 41 4 41 36] (x : t_T'0) (y : t_T'0) : () - axiom cmp_lt_log'1_spec : forall x : t_A'0, y : t_A'0 . [%#sord4] lt_log'1 x y = (cmp_log'1 x y = C_Less'0) + axiom cmp_lt_log'0_spec : forall x : t_T'0, y : t_T'0 . [%#sord4] lt_log'0 x y = (cmp_log'1 x y = C_Less'0) - function le_log'1 [#"../../../creusot-contracts/src/logic/ord.rs" 24 4 24 36] (self : t_A'0) (o : t_A'0) : bool + function le_log'0 [#"../../../creusot-contracts/src/logic/ord.rs" 24 4 24 36] (self : t_T'0) (o : t_T'0) : bool - function cmp_le_log'1 [#"../../../creusot-contracts/src/logic/ord.rs" 30 4 30 36] (x : t_A'0) (y : t_A'0) : () + function cmp_le_log'0 [#"../../../creusot-contracts/src/logic/ord.rs" 30 4 30 36] (x : t_T'0) (y : t_T'0) : () - axiom cmp_le_log'1_spec : forall x : t_A'0, y : t_A'0 . [%#sord3] le_log'1 x y = (cmp_log'1 x y <> C_Greater'0) + axiom cmp_le_log'0_spec : forall x : t_T'0, y : t_T'0 . [%#sord3] le_log'0 x y = (cmp_log'1 x y <> C_Greater'0) - function gt_log'0 [#"../../../creusot-contracts/src/logic/ord.rs" 293 4 293 36] (self : (t_A'0, t_B'0)) (o : (t_A'0, t_B'0)) : bool + function cmp_log'0 [#"../../../creusot-contracts/src/std/cmp.rs" 77 4 77 41] (self : t_Reverse'0) (o : t_Reverse'0) : t_Ordering'0 = - [%#sord1] (let (a, _) = self in a) = (let (a, _) = o in a) - /\ gt_log'1 (let (_, a) = self in a) (let (_, a) = o in a) - \/ gt_log'2 (let (a, _) = self in a) (let (a, _) = o in a) + [%#scmp2] match cmp_log'1 self.t_Reverse__0'0 o.t_Reverse__0'0 with + | C_Equal'0 -> C_Equal'0 + | C_Less'0 -> C_Greater'0 + | C_Greater'0 -> C_Less'0 + end - function cmp_log'0 [#"../../../creusot-contracts/src/logic/ord.rs" 262 4 262 41] (self : (t_A'0, t_B'0)) (o : (t_A'0, t_B'0)) : t_Ordering'0 + function ge_log'0 [#"../../../creusot-contracts/src/logic/ord.rs" 46 4 46 36] (self : t_Reverse'0) (o : t_Reverse'0) : bool = - [%#sord2] let r = cmp_log'1 (let (a, _) = self in a) (let (a, _) = o in a) in if r = C_Equal'0 then - cmp_log'2 (let (_, a) = self in a) (let (_, a) = o in a) - else - r - + [%#sord1] cmp_log'0 self o <> C_Less'0 - goal refines : [%#sord0] forall x : (t_A'0, t_B'0) . forall y : (t_A'0, t_B'0) . forall result : () . gt_log'0 x y - = (cmp_log'0 x y = C_Greater'0) -> gt_log'0 x y = (cmp_log'0 x y = C_Greater'0) + goal refines : [%#scmp0] forall x : t_Reverse'0 . forall y : t_Reverse'0 . forall result : () . ge_log'0 x y + = (cmp_log'0 x y <> C_Less'0) -> ge_log'0 x y = (cmp_log'0 x y <> C_Less'0) end -module M_creusot_contracts__logic__ord__qyi1910662420989811789__cmp_ge_log__refines [#"../../../creusot-contracts/src/logic/ord.rs" 140 8 140 39] (* <(A, B) as logic::ord::OrdLogic> *) - let%span sord0 = "../../../creusot-contracts/src/logic/ord.rs" 140 8 140 39 - let%span sord1 = "../../../creusot-contracts/src/logic/ord.rs" 288 20 288 68 - let%span sord2 = "../../../creusot-contracts/src/logic/ord.rs" 263 8 270 11 +module M_creusot_contracts__stdqy35z1__cmp__qyi16241606109483467814__cmp_gt_log__refines [#"../../../creusot-contracts/src/std/cmp.rs" 103 4 103 35] (* as logic::ord::OrdLogic> *) + let%span scmp0 = "../../../creusot-contracts/src/std/cmp.rs" 103 4 103 35 + let%span sord1 = "../../../creusot-contracts/src/logic/ord.rs" 58 20 58 56 + let%span scmp2 = "../../../creusot-contracts/src/std/cmp.rs" 78 8 82 9 let%span sord3 = "../../../creusot-contracts/src/logic/ord.rs" 29 14 29 64 let%span sord4 = "../../../creusot-contracts/src/logic/ord.rs" 40 14 40 61 let%span sord5 = "../../../creusot-contracts/src/logic/ord.rs" 51 14 51 61 @@ -18891,279 +18450,381 @@ module M_creusot_contracts__logic__ord__qyi1910662420989811789__cmp_ge_log__refi let%span sord14 = "../../../creusot-contracts/src/logic/ord.rs" 90 14 90 44 let%span sord15 = "../../../creusot-contracts/src/logic/ord.rs" 95 14 95 59 - type t_A'0 + type t_T'0 - type t_B'0 + type t_Reverse'0 = + { t_Reverse__0'0: t_T'0 } type t_Ordering'0 = | C_Less'0 | C_Equal'0 | C_Greater'0 - function cmp_log'2 [#"../../../creusot-contracts/src/logic/ord.rs" 19 4 19 46] (self : t_B'0) (other : t_B'0) : t_Ordering'0 + function cmp_log'1 [#"../../../creusot-contracts/src/logic/ord.rs" 19 4 19 46] (self : t_T'0) (other : t_T'0) : t_Ordering'0 - function eq_cmp'0 [#"../../../creusot-contracts/src/logic/ord.rs" 96 4 96 32] (x : t_B'0) (y : t_B'0) : () + function eq_cmp'0 [#"../../../creusot-contracts/src/logic/ord.rs" 96 4 96 32] (x : t_T'0) (y : t_T'0) : () - axiom eq_cmp'0_spec : forall x : t_B'0, y : t_B'0 . [%#sord15] (x = y) = (cmp_log'2 x y = C_Equal'0) + axiom eq_cmp'0_spec : forall x : t_T'0, y : t_T'0 . [%#sord15] (x = y) = (cmp_log'1 x y = C_Equal'0) - function antisym2'0 [#"../../../creusot-contracts/src/logic/ord.rs" 91 4 91 34] (x : t_B'0) (y : t_B'0) : () + function antisym2'0 [#"../../../creusot-contracts/src/logic/ord.rs" 91 4 91 34] (x : t_T'0) (y : t_T'0) : () - axiom antisym2'0_spec : forall x : t_B'0, y : t_B'0 . ([%#sord13] cmp_log'2 x y = C_Greater'0) - -> ([%#sord14] cmp_log'2 y x = C_Less'0) + axiom antisym2'0_spec : forall x : t_T'0, y : t_T'0 . ([%#sord13] cmp_log'1 x y = C_Greater'0) + -> ([%#sord14] cmp_log'1 y x = C_Less'0) - function antisym1'0 [#"../../../creusot-contracts/src/logic/ord.rs" 83 4 83 34] (x : t_B'0) (y : t_B'0) : () + function antisym1'0 [#"../../../creusot-contracts/src/logic/ord.rs" 83 4 83 34] (x : t_T'0) (y : t_T'0) : () - axiom antisym1'0_spec : forall x : t_B'0, y : t_B'0 . ([%#sord11] cmp_log'2 x y = C_Less'0) - -> ([%#sord12] cmp_log'2 y x = C_Greater'0) + axiom antisym1'0_spec : forall x : t_T'0, y : t_T'0 . ([%#sord11] cmp_log'1 x y = C_Less'0) + -> ([%#sord12] cmp_log'1 y x = C_Greater'0) - function trans'0 [#"../../../creusot-contracts/src/logic/ord.rs" 75 4 75 53] (x : t_B'0) (y : t_B'0) (z : t_B'0) (o : t_Ordering'0) : () + function trans'0 [#"../../../creusot-contracts/src/logic/ord.rs" 75 4 75 53] (x : t_T'0) (y : t_T'0) (z : t_T'0) (o : t_Ordering'0) : () - axiom trans'0_spec : forall x : t_B'0, y : t_B'0, z : t_B'0, o : t_Ordering'0 . ([%#sord8] cmp_log'2 x y = o) - -> ([%#sord9] cmp_log'2 y z = o) -> ([%#sord10] cmp_log'2 x z = o) + axiom trans'0_spec : forall x : t_T'0, y : t_T'0, z : t_T'0, o : t_Ordering'0 . ([%#sord8] cmp_log'1 x y = o) + -> ([%#sord9] cmp_log'1 y z = o) -> ([%#sord10] cmp_log'1 x z = o) - function refl'0 [#"../../../creusot-contracts/src/logic/ord.rs" 68 4 68 21] (x : t_B'0) : () + function refl'0 [#"../../../creusot-contracts/src/logic/ord.rs" 68 4 68 21] (x : t_T'0) : () - axiom refl'0_spec : forall x : t_B'0 . [%#sord7] cmp_log'2 x x = C_Equal'0 + axiom refl'0_spec : forall x : t_T'0 . [%#sord7] cmp_log'1 x x = C_Equal'0 - function gt_log'1 [#"../../../creusot-contracts/src/logic/ord.rs" 57 4 57 36] (self : t_B'0) (o : t_B'0) : bool + function gt_log'1 [#"../../../creusot-contracts/src/logic/ord.rs" 57 4 57 36] (self : t_T'0) (o : t_T'0) : bool - function cmp_gt_log'0 [#"../../../creusot-contracts/src/logic/ord.rs" 63 4 63 36] (x : t_B'0) (y : t_B'0) : () + function cmp_gt_log'1 [#"../../../creusot-contracts/src/logic/ord.rs" 63 4 63 36] (x : t_T'0) (y : t_T'0) : () - axiom cmp_gt_log'0_spec : forall x : t_B'0, y : t_B'0 . [%#sord6] gt_log'1 x y = (cmp_log'2 x y = C_Greater'0) + axiom cmp_gt_log'1_spec : forall x : t_T'0, y : t_T'0 . [%#sord6] gt_log'1 x y = (cmp_log'1 x y = C_Greater'0) - function ge_log'1 [#"../../../creusot-contracts/src/logic/ord.rs" 46 4 46 36] (self : t_B'0) (o : t_B'0) : bool + function ge_log'0 [#"../../../creusot-contracts/src/logic/ord.rs" 46 4 46 36] (self : t_T'0) (o : t_T'0) : bool - function cmp_ge_log'1 [#"../../../creusot-contracts/src/logic/ord.rs" 52 4 52 36] (x : t_B'0) (y : t_B'0) : () + function cmp_ge_log'0 [#"../../../creusot-contracts/src/logic/ord.rs" 52 4 52 36] (x : t_T'0) (y : t_T'0) : () - axiom cmp_ge_log'1_spec : forall x : t_B'0, y : t_B'0 . [%#sord5] ge_log'1 x y = (cmp_log'2 x y <> C_Less'0) + axiom cmp_ge_log'0_spec : forall x : t_T'0, y : t_T'0 . [%#sord5] ge_log'0 x y = (cmp_log'1 x y <> C_Less'0) - function lt_log'0 [#"../../../creusot-contracts/src/logic/ord.rs" 35 4 35 36] (self : t_B'0) (o : t_B'0) : bool + function lt_log'0 [#"../../../creusot-contracts/src/logic/ord.rs" 35 4 35 36] (self : t_T'0) (o : t_T'0) : bool - function cmp_lt_log'0 [#"../../../creusot-contracts/src/logic/ord.rs" 41 4 41 36] (x : t_B'0) (y : t_B'0) : () + function cmp_lt_log'0 [#"../../../creusot-contracts/src/logic/ord.rs" 41 4 41 36] (x : t_T'0) (y : t_T'0) : () - axiom cmp_lt_log'0_spec : forall x : t_B'0, y : t_B'0 . [%#sord4] lt_log'0 x y = (cmp_log'2 x y = C_Less'0) + axiom cmp_lt_log'0_spec : forall x : t_T'0, y : t_T'0 . [%#sord4] lt_log'0 x y = (cmp_log'1 x y = C_Less'0) - function le_log'0 [#"../../../creusot-contracts/src/logic/ord.rs" 24 4 24 36] (self : t_B'0) (o : t_B'0) : bool + function le_log'0 [#"../../../creusot-contracts/src/logic/ord.rs" 24 4 24 36] (self : t_T'0) (o : t_T'0) : bool - function cmp_le_log'0 [#"../../../creusot-contracts/src/logic/ord.rs" 30 4 30 36] (x : t_B'0) (y : t_B'0) : () + function cmp_le_log'0 [#"../../../creusot-contracts/src/logic/ord.rs" 30 4 30 36] (x : t_T'0) (y : t_T'0) : () - axiom cmp_le_log'0_spec : forall x : t_B'0, y : t_B'0 . [%#sord3] le_log'0 x y = (cmp_log'2 x y <> C_Greater'0) + axiom cmp_le_log'0_spec : forall x : t_T'0, y : t_T'0 . [%#sord3] le_log'0 x y = (cmp_log'1 x y <> C_Greater'0) - function cmp_log'1 [#"../../../creusot-contracts/src/logic/ord.rs" 19 4 19 46] (self : t_A'0) (other : t_A'0) : t_Ordering'0 + function cmp_log'0 [#"../../../creusot-contracts/src/std/cmp.rs" 77 4 77 41] (self : t_Reverse'0) (o : t_Reverse'0) : t_Ordering'0 + = + [%#scmp2] match cmp_log'1 self.t_Reverse__0'0 o.t_Reverse__0'0 with + | C_Equal'0 -> C_Equal'0 + | C_Less'0 -> C_Greater'0 + | C_Greater'0 -> C_Less'0 + end - function eq_cmp'1 [#"../../../creusot-contracts/src/logic/ord.rs" 96 4 96 32] (x : t_A'0) (y : t_A'0) : () - - axiom eq_cmp'1_spec : forall x : t_A'0, y : t_A'0 . [%#sord15] (x = y) = (cmp_log'1 x y = C_Equal'0) + function gt_log'0 [#"../../../creusot-contracts/src/logic/ord.rs" 57 4 57 36] (self : t_Reverse'0) (o : t_Reverse'0) : bool + + = + [%#sord1] cmp_log'0 self o = C_Greater'0 - function antisym2'1 [#"../../../creusot-contracts/src/logic/ord.rs" 91 4 91 34] (x : t_A'0) (y : t_A'0) : () + goal refines : [%#scmp0] forall x : t_Reverse'0 . forall y : t_Reverse'0 . forall result : () . gt_log'0 x y + = (cmp_log'0 x y = C_Greater'0) -> gt_log'0 x y = (cmp_log'0 x y = C_Greater'0) +end +module M_creusot_contracts__stdqy35z1__option__qyi10751279649878241649__cmp_ge_log__refines [#"../../../creusot-contracts/src/logic/ord.rs" 140 8 140 39] (* as logic::ord::OrdLogic> *) + let%span sord0 = "../../../creusot-contracts/src/logic/ord.rs" 140 8 140 39 + let%span sord1 = "../../../creusot-contracts/src/logic/ord.rs" 47 20 47 53 + let%span soption2 = "../../../creusot-contracts/src/std/option.rs" 437 8 442 9 + let%span sord3 = "../../../creusot-contracts/src/logic/ord.rs" 29 14 29 64 + let%span sord4 = "../../../creusot-contracts/src/logic/ord.rs" 40 14 40 61 + let%span sord5 = "../../../creusot-contracts/src/logic/ord.rs" 51 14 51 61 + let%span sord6 = "../../../creusot-contracts/src/logic/ord.rs" 62 14 62 64 + let%span sord7 = "../../../creusot-contracts/src/logic/ord.rs" 67 14 67 45 + let%span sord8 = "../../../creusot-contracts/src/logic/ord.rs" 72 15 72 32 + let%span sord9 = "../../../creusot-contracts/src/logic/ord.rs" 73 15 73 32 + let%span sord10 = "../../../creusot-contracts/src/logic/ord.rs" 74 14 74 31 + let%span sord11 = "../../../creusot-contracts/src/logic/ord.rs" 81 15 81 45 + let%span sord12 = "../../../creusot-contracts/src/logic/ord.rs" 82 14 82 47 + let%span sord13 = "../../../creusot-contracts/src/logic/ord.rs" 89 15 89 48 + let%span sord14 = "../../../creusot-contracts/src/logic/ord.rs" 90 14 90 44 + let%span sord15 = "../../../creusot-contracts/src/logic/ord.rs" 95 14 95 59 - axiom antisym2'1_spec : forall x : t_A'0, y : t_A'0 . ([%#sord13] cmp_log'1 x y = C_Greater'0) - -> ([%#sord14] cmp_log'1 y x = C_Less'0) + type t_T'0 - function antisym1'1 [#"../../../creusot-contracts/src/logic/ord.rs" 83 4 83 34] (x : t_A'0) (y : t_A'0) : () + type t_Option'0 = + | C_None'0 + | C_Some'0 t_T'0 - axiom antisym1'1_spec : forall x : t_A'0, y : t_A'0 . ([%#sord11] cmp_log'1 x y = C_Less'0) - -> ([%#sord12] cmp_log'1 y x = C_Greater'0) + type t_Ordering'0 = + | C_Less'0 + | C_Equal'0 + | C_Greater'0 - function trans'1 [#"../../../creusot-contracts/src/logic/ord.rs" 75 4 75 53] (x : t_A'0) (y : t_A'0) (z : t_A'0) (o : t_Ordering'0) : () + function cmp_log'1 [#"../../../creusot-contracts/src/logic/ord.rs" 19 4 19 46] (self : t_T'0) (other : t_T'0) : t_Ordering'0 - axiom trans'1_spec : forall x : t_A'0, y : t_A'0, z : t_A'0, o : t_Ordering'0 . ([%#sord8] cmp_log'1 x y = o) - -> ([%#sord9] cmp_log'1 y z = o) -> ([%#sord10] cmp_log'1 x z = o) + function eq_cmp'0 [#"../../../creusot-contracts/src/logic/ord.rs" 96 4 96 32] (x : t_T'0) (y : t_T'0) : () - function refl'1 [#"../../../creusot-contracts/src/logic/ord.rs" 68 4 68 21] (x : t_A'0) : () + axiom eq_cmp'0_spec : forall x : t_T'0, y : t_T'0 . [%#sord15] (x = y) = (cmp_log'1 x y = C_Equal'0) - axiom refl'1_spec : forall x : t_A'0 . [%#sord7] cmp_log'1 x x = C_Equal'0 + function antisym2'0 [#"../../../creusot-contracts/src/logic/ord.rs" 91 4 91 34] (x : t_T'0) (y : t_T'0) : () - function gt_log'0 [#"../../../creusot-contracts/src/logic/ord.rs" 57 4 57 36] (self : t_A'0) (o : t_A'0) : bool + axiom antisym2'0_spec : forall x : t_T'0, y : t_T'0 . ([%#sord13] cmp_log'1 x y = C_Greater'0) + -> ([%#sord14] cmp_log'1 y x = C_Less'0) - function cmp_gt_log'1 [#"../../../creusot-contracts/src/logic/ord.rs" 63 4 63 36] (x : t_A'0) (y : t_A'0) : () + function antisym1'0 [#"../../../creusot-contracts/src/logic/ord.rs" 83 4 83 34] (x : t_T'0) (y : t_T'0) : () - axiom cmp_gt_log'1_spec : forall x : t_A'0, y : t_A'0 . [%#sord6] gt_log'0 x y = (cmp_log'1 x y = C_Greater'0) + axiom antisym1'0_spec : forall x : t_T'0, y : t_T'0 . ([%#sord11] cmp_log'1 x y = C_Less'0) + -> ([%#sord12] cmp_log'1 y x = C_Greater'0) - function ge_log'2 [#"../../../creusot-contracts/src/logic/ord.rs" 46 4 46 36] (self : t_A'0) (o : t_A'0) : bool + function trans'0 [#"../../../creusot-contracts/src/logic/ord.rs" 75 4 75 53] (x : t_T'0) (y : t_T'0) (z : t_T'0) (o : t_Ordering'0) : () + - function cmp_ge_log'2 [#"../../../creusot-contracts/src/logic/ord.rs" 52 4 52 36] (x : t_A'0) (y : t_A'0) : () + axiom trans'0_spec : forall x : t_T'0, y : t_T'0, z : t_T'0, o : t_Ordering'0 . ([%#sord8] cmp_log'1 x y = o) + -> ([%#sord9] cmp_log'1 y z = o) -> ([%#sord10] cmp_log'1 x z = o) - axiom cmp_ge_log'2_spec : forall x : t_A'0, y : t_A'0 . [%#sord5] ge_log'2 x y = (cmp_log'1 x y <> C_Less'0) + function refl'0 [#"../../../creusot-contracts/src/logic/ord.rs" 68 4 68 21] (x : t_T'0) : () - function lt_log'1 [#"../../../creusot-contracts/src/logic/ord.rs" 35 4 35 36] (self : t_A'0) (o : t_A'0) : bool + axiom refl'0_spec : forall x : t_T'0 . [%#sord7] cmp_log'1 x x = C_Equal'0 - function cmp_lt_log'1 [#"../../../creusot-contracts/src/logic/ord.rs" 41 4 41 36] (x : t_A'0) (y : t_A'0) : () + function gt_log'0 [#"../../../creusot-contracts/src/logic/ord.rs" 57 4 57 36] (self : t_T'0) (o : t_T'0) : bool - axiom cmp_lt_log'1_spec : forall x : t_A'0, y : t_A'0 . [%#sord4] lt_log'1 x y = (cmp_log'1 x y = C_Less'0) + function cmp_gt_log'0 [#"../../../creusot-contracts/src/logic/ord.rs" 63 4 63 36] (x : t_T'0) (y : t_T'0) : () - function le_log'1 [#"../../../creusot-contracts/src/logic/ord.rs" 24 4 24 36] (self : t_A'0) (o : t_A'0) : bool + axiom cmp_gt_log'0_spec : forall x : t_T'0, y : t_T'0 . [%#sord6] gt_log'0 x y = (cmp_log'1 x y = C_Greater'0) - function cmp_le_log'1 [#"../../../creusot-contracts/src/logic/ord.rs" 30 4 30 36] (x : t_A'0) (y : t_A'0) : () + function ge_log'1 [#"../../../creusot-contracts/src/logic/ord.rs" 46 4 46 36] (self : t_T'0) (o : t_T'0) : bool - axiom cmp_le_log'1_spec : forall x : t_A'0, y : t_A'0 . [%#sord3] le_log'1 x y = (cmp_log'1 x y <> C_Greater'0) + function cmp_ge_log'1 [#"../../../creusot-contracts/src/logic/ord.rs" 52 4 52 36] (x : t_T'0) (y : t_T'0) : () - function ge_log'0 [#"../../../creusot-contracts/src/logic/ord.rs" 287 4 287 36] (self : (t_A'0, t_B'0)) (o : (t_A'0, t_B'0)) : bool + axiom cmp_ge_log'1_spec : forall x : t_T'0, y : t_T'0 . [%#sord5] ge_log'1 x y = (cmp_log'1 x y <> C_Less'0) + + function lt_log'0 [#"../../../creusot-contracts/src/logic/ord.rs" 35 4 35 36] (self : t_T'0) (o : t_T'0) : bool + + function cmp_lt_log'0 [#"../../../creusot-contracts/src/logic/ord.rs" 41 4 41 36] (x : t_T'0) (y : t_T'0) : () + + axiom cmp_lt_log'0_spec : forall x : t_T'0, y : t_T'0 . [%#sord4] lt_log'0 x y = (cmp_log'1 x y = C_Less'0) + + function le_log'0 [#"../../../creusot-contracts/src/logic/ord.rs" 24 4 24 36] (self : t_T'0) (o : t_T'0) : bool + + function cmp_le_log'0 [#"../../../creusot-contracts/src/logic/ord.rs" 30 4 30 36] (x : t_T'0) (y : t_T'0) : () + + axiom cmp_le_log'0_spec : forall x : t_T'0, y : t_T'0 . [%#sord3] le_log'0 x y = (cmp_log'1 x y <> C_Greater'0) + + function cmp_log'0 [#"../../../creusot-contracts/src/std/option.rs" 436 4 436 41] (self : t_Option'0) (o : t_Option'0) : t_Ordering'0 = - [%#sord1] (let (a, _) = self in a) = (let (a, _) = o in a) - /\ ge_log'1 (let (_, a) = self in a) (let (_, a) = o in a) - \/ gt_log'0 (let (a, _) = self in a) (let (a, _) = o in a) + [%#soption2] match (self, o) with + | (C_None'0, C_None'0) -> C_Equal'0 + | (C_None'0, C_Some'0 _) -> C_Less'0 + | (C_Some'0 _, C_None'0) -> C_Greater'0 + | (C_Some'0 x, C_Some'0 y) -> cmp_log'1 x y + end - function cmp_log'0 [#"../../../creusot-contracts/src/logic/ord.rs" 262 4 262 41] (self : (t_A'0, t_B'0)) (o : (t_A'0, t_B'0)) : t_Ordering'0 + function ge_log'0 [#"../../../creusot-contracts/src/logic/ord.rs" 46 4 46 36] (self : t_Option'0) (o : t_Option'0) : bool = - [%#sord2] let r = cmp_log'1 (let (a, _) = self in a) (let (a, _) = o in a) in if r = C_Equal'0 then - cmp_log'2 (let (_, a) = self in a) (let (_, a) = o in a) - else - r - + [%#sord1] cmp_log'0 self o <> C_Less'0 - goal refines : [%#sord0] forall x : (t_A'0, t_B'0) . forall y : (t_A'0, t_B'0) . forall result : () . ge_log'0 x y + goal refines : [%#sord0] forall x : t_Option'0 . forall y : t_Option'0 . forall result : () . ge_log'0 x y = (cmp_log'0 x y <> C_Less'0) -> ge_log'0 x y = (cmp_log'0 x y <> C_Less'0) end -module M_creusot_contracts__logic__ord__qyi1910662420989811789__antisym2__refines [#"../../../creusot-contracts/src/logic/ord.rs" 169 8 169 37] (* <(A, B) as logic::ord::OrdLogic> *) - let%span sord0 = "../../../creusot-contracts/src/logic/ord.rs" 169 8 169 37 - let%span sord1 = "../../../creusot-contracts/src/logic/ord.rs" 263 8 270 11 - let%span sord2 = "../../../creusot-contracts/src/logic/ord.rs" 29 14 29 64 - let%span sord3 = "../../../creusot-contracts/src/logic/ord.rs" 40 14 40 61 - let%span sord4 = "../../../creusot-contracts/src/logic/ord.rs" 51 14 51 61 - let%span sord5 = "../../../creusot-contracts/src/logic/ord.rs" 62 14 62 64 - let%span sord6 = "../../../creusot-contracts/src/logic/ord.rs" 67 14 67 45 - let%span sord7 = "../../../creusot-contracts/src/logic/ord.rs" 72 15 72 32 - let%span sord8 = "../../../creusot-contracts/src/logic/ord.rs" 73 15 73 32 - let%span sord9 = "../../../creusot-contracts/src/logic/ord.rs" 74 14 74 31 - let%span sord10 = "../../../creusot-contracts/src/logic/ord.rs" 81 15 81 45 - let%span sord11 = "../../../creusot-contracts/src/logic/ord.rs" 82 14 82 47 - let%span sord12 = "../../../creusot-contracts/src/logic/ord.rs" 89 15 89 48 - let%span sord13 = "../../../creusot-contracts/src/logic/ord.rs" 90 14 90 44 - let%span sord14 = "../../../creusot-contracts/src/logic/ord.rs" 95 14 95 59 +module M_creusot_contracts__stdqy35z1__option__qyi10751279649878241649__cmp_le_log__refines [#"../../../creusot-contracts/src/logic/ord.rs" 130 8 130 39] (* as logic::ord::OrdLogic> *) + let%span sord0 = "../../../creusot-contracts/src/logic/ord.rs" 130 8 130 39 + let%span sord1 = "../../../creusot-contracts/src/logic/ord.rs" 25 20 25 56 + let%span soption2 = "../../../creusot-contracts/src/std/option.rs" 437 8 442 9 + let%span sord3 = "../../../creusot-contracts/src/logic/ord.rs" 29 14 29 64 + let%span sord4 = "../../../creusot-contracts/src/logic/ord.rs" 40 14 40 61 + let%span sord5 = "../../../creusot-contracts/src/logic/ord.rs" 51 14 51 61 + let%span sord6 = "../../../creusot-contracts/src/logic/ord.rs" 62 14 62 64 + let%span sord7 = "../../../creusot-contracts/src/logic/ord.rs" 67 14 67 45 + let%span sord8 = "../../../creusot-contracts/src/logic/ord.rs" 72 15 72 32 + let%span sord9 = "../../../creusot-contracts/src/logic/ord.rs" 73 15 73 32 + let%span sord10 = "../../../creusot-contracts/src/logic/ord.rs" 74 14 74 31 + let%span sord11 = "../../../creusot-contracts/src/logic/ord.rs" 81 15 81 45 + let%span sord12 = "../../../creusot-contracts/src/logic/ord.rs" 82 14 82 47 + let%span sord13 = "../../../creusot-contracts/src/logic/ord.rs" 89 15 89 48 + let%span sord14 = "../../../creusot-contracts/src/logic/ord.rs" 90 14 90 44 + let%span sord15 = "../../../creusot-contracts/src/logic/ord.rs" 95 14 95 59 - type t_A'0 + type t_T'0 - type t_B'0 + type t_Option'0 = + | C_None'0 + | C_Some'0 t_T'0 type t_Ordering'0 = | C_Less'0 | C_Equal'0 | C_Greater'0 - function cmp_log'1 [#"../../../creusot-contracts/src/logic/ord.rs" 19 4 19 46] (self : t_A'0) (other : t_A'0) : t_Ordering'0 + function cmp_log'1 [#"../../../creusot-contracts/src/logic/ord.rs" 19 4 19 46] (self : t_T'0) (other : t_T'0) : t_Ordering'0 - function eq_cmp'0 [#"../../../creusot-contracts/src/logic/ord.rs" 96 4 96 32] (x : t_A'0) (y : t_A'0) : () + function eq_cmp'0 [#"../../../creusot-contracts/src/logic/ord.rs" 96 4 96 32] (x : t_T'0) (y : t_T'0) : () - axiom eq_cmp'0_spec : forall x : t_A'0, y : t_A'0 . [%#sord14] (x = y) = (cmp_log'1 x y = C_Equal'0) + axiom eq_cmp'0_spec : forall x : t_T'0, y : t_T'0 . [%#sord15] (x = y) = (cmp_log'1 x y = C_Equal'0) - function antisym2'1 [#"../../../creusot-contracts/src/logic/ord.rs" 91 4 91 34] (x : t_A'0) (y : t_A'0) : () + function antisym2'0 [#"../../../creusot-contracts/src/logic/ord.rs" 91 4 91 34] (x : t_T'0) (y : t_T'0) : () - axiom antisym2'1_spec : forall x : t_A'0, y : t_A'0 . ([%#sord12] cmp_log'1 x y = C_Greater'0) - -> ([%#sord13] cmp_log'1 y x = C_Less'0) + axiom antisym2'0_spec : forall x : t_T'0, y : t_T'0 . ([%#sord13] cmp_log'1 x y = C_Greater'0) + -> ([%#sord14] cmp_log'1 y x = C_Less'0) - function antisym1'0 [#"../../../creusot-contracts/src/logic/ord.rs" 83 4 83 34] (x : t_A'0) (y : t_A'0) : () + function antisym1'0 [#"../../../creusot-contracts/src/logic/ord.rs" 83 4 83 34] (x : t_T'0) (y : t_T'0) : () - axiom antisym1'0_spec : forall x : t_A'0, y : t_A'0 . ([%#sord10] cmp_log'1 x y = C_Less'0) - -> ([%#sord11] cmp_log'1 y x = C_Greater'0) + axiom antisym1'0_spec : forall x : t_T'0, y : t_T'0 . ([%#sord11] cmp_log'1 x y = C_Less'0) + -> ([%#sord12] cmp_log'1 y x = C_Greater'0) - function trans'0 [#"../../../creusot-contracts/src/logic/ord.rs" 75 4 75 53] (x : t_A'0) (y : t_A'0) (z : t_A'0) (o : t_Ordering'0) : () + function trans'0 [#"../../../creusot-contracts/src/logic/ord.rs" 75 4 75 53] (x : t_T'0) (y : t_T'0) (z : t_T'0) (o : t_Ordering'0) : () - axiom trans'0_spec : forall x : t_A'0, y : t_A'0, z : t_A'0, o : t_Ordering'0 . ([%#sord7] cmp_log'1 x y = o) - -> ([%#sord8] cmp_log'1 y z = o) -> ([%#sord9] cmp_log'1 x z = o) + axiom trans'0_spec : forall x : t_T'0, y : t_T'0, z : t_T'0, o : t_Ordering'0 . ([%#sord8] cmp_log'1 x y = o) + -> ([%#sord9] cmp_log'1 y z = o) -> ([%#sord10] cmp_log'1 x z = o) - function refl'0 [#"../../../creusot-contracts/src/logic/ord.rs" 68 4 68 21] (x : t_A'0) : () + function refl'0 [#"../../../creusot-contracts/src/logic/ord.rs" 68 4 68 21] (x : t_T'0) : () - axiom refl'0_spec : forall x : t_A'0 . [%#sord6] cmp_log'1 x x = C_Equal'0 + axiom refl'0_spec : forall x : t_T'0 . [%#sord7] cmp_log'1 x x = C_Equal'0 - function gt_log'0 [#"../../../creusot-contracts/src/logic/ord.rs" 57 4 57 36] (self : t_A'0) (o : t_A'0) : bool + function gt_log'0 [#"../../../creusot-contracts/src/logic/ord.rs" 57 4 57 36] (self : t_T'0) (o : t_T'0) : bool - function cmp_gt_log'0 [#"../../../creusot-contracts/src/logic/ord.rs" 63 4 63 36] (x : t_A'0) (y : t_A'0) : () + function cmp_gt_log'0 [#"../../../creusot-contracts/src/logic/ord.rs" 63 4 63 36] (x : t_T'0) (y : t_T'0) : () - axiom cmp_gt_log'0_spec : forall x : t_A'0, y : t_A'0 . [%#sord5] gt_log'0 x y = (cmp_log'1 x y = C_Greater'0) + axiom cmp_gt_log'0_spec : forall x : t_T'0, y : t_T'0 . [%#sord6] gt_log'0 x y = (cmp_log'1 x y = C_Greater'0) - function ge_log'0 [#"../../../creusot-contracts/src/logic/ord.rs" 46 4 46 36] (self : t_A'0) (o : t_A'0) : bool + function ge_log'0 [#"../../../creusot-contracts/src/logic/ord.rs" 46 4 46 36] (self : t_T'0) (o : t_T'0) : bool - function cmp_ge_log'0 [#"../../../creusot-contracts/src/logic/ord.rs" 52 4 52 36] (x : t_A'0) (y : t_A'0) : () + function cmp_ge_log'0 [#"../../../creusot-contracts/src/logic/ord.rs" 52 4 52 36] (x : t_T'0) (y : t_T'0) : () - axiom cmp_ge_log'0_spec : forall x : t_A'0, y : t_A'0 . [%#sord4] ge_log'0 x y = (cmp_log'1 x y <> C_Less'0) + axiom cmp_ge_log'0_spec : forall x : t_T'0, y : t_T'0 . [%#sord5] ge_log'0 x y = (cmp_log'1 x y <> C_Less'0) - function lt_log'0 [#"../../../creusot-contracts/src/logic/ord.rs" 35 4 35 36] (self : t_A'0) (o : t_A'0) : bool + function lt_log'0 [#"../../../creusot-contracts/src/logic/ord.rs" 35 4 35 36] (self : t_T'0) (o : t_T'0) : bool - function cmp_lt_log'0 [#"../../../creusot-contracts/src/logic/ord.rs" 41 4 41 36] (x : t_A'0) (y : t_A'0) : () + function cmp_lt_log'0 [#"../../../creusot-contracts/src/logic/ord.rs" 41 4 41 36] (x : t_T'0) (y : t_T'0) : () - axiom cmp_lt_log'0_spec : forall x : t_A'0, y : t_A'0 . [%#sord3] lt_log'0 x y = (cmp_log'1 x y = C_Less'0) + axiom cmp_lt_log'0_spec : forall x : t_T'0, y : t_T'0 . [%#sord4] lt_log'0 x y = (cmp_log'1 x y = C_Less'0) - function le_log'0 [#"../../../creusot-contracts/src/logic/ord.rs" 24 4 24 36] (self : t_A'0) (o : t_A'0) : bool + function le_log'1 [#"../../../creusot-contracts/src/logic/ord.rs" 24 4 24 36] (self : t_T'0) (o : t_T'0) : bool - function cmp_le_log'0 [#"../../../creusot-contracts/src/logic/ord.rs" 30 4 30 36] (x : t_A'0) (y : t_A'0) : () + function cmp_le_log'1 [#"../../../creusot-contracts/src/logic/ord.rs" 30 4 30 36] (x : t_T'0) (y : t_T'0) : () - axiom cmp_le_log'0_spec : forall x : t_A'0, y : t_A'0 . [%#sord2] le_log'0 x y = (cmp_log'1 x y <> C_Greater'0) + axiom cmp_le_log'1_spec : forall x : t_T'0, y : t_T'0 . [%#sord3] le_log'1 x y = (cmp_log'1 x y <> C_Greater'0) - function cmp_log'2 [#"../../../creusot-contracts/src/logic/ord.rs" 19 4 19 46] (self : t_B'0) (other : t_B'0) : t_Ordering'0 + function cmp_log'0 [#"../../../creusot-contracts/src/std/option.rs" 436 4 436 41] (self : t_Option'0) (o : t_Option'0) : t_Ordering'0 + = + [%#soption2] match (self, o) with + | (C_None'0, C_None'0) -> C_Equal'0 + | (C_None'0, C_Some'0 _) -> C_Less'0 + | (C_Some'0 _, C_None'0) -> C_Greater'0 + | (C_Some'0 x, C_Some'0 y) -> cmp_log'1 x y + end - function eq_cmp'1 [#"../../../creusot-contracts/src/logic/ord.rs" 96 4 96 32] (x : t_B'0) (y : t_B'0) : () + function le_log'0 [#"../../../creusot-contracts/src/logic/ord.rs" 24 4 24 36] (self : t_Option'0) (o : t_Option'0) : bool + + = + [%#sord1] cmp_log'0 self o <> C_Greater'0 - axiom eq_cmp'1_spec : forall x : t_B'0, y : t_B'0 . [%#sord14] (x = y) = (cmp_log'2 x y = C_Equal'0) + goal refines : [%#sord0] forall x : t_Option'0 . forall y : t_Option'0 . forall result : () . le_log'0 x y + = (cmp_log'0 x y <> C_Greater'0) -> le_log'0 x y = (cmp_log'0 x y <> C_Greater'0) +end +module M_creusot_contracts__stdqy35z1__option__qyi10751279649878241649__cmp_gt_log__refines [#"../../../creusot-contracts/src/logic/ord.rs" 145 8 145 39] (* as logic::ord::OrdLogic> *) + let%span sord0 = "../../../creusot-contracts/src/logic/ord.rs" 145 8 145 39 + let%span sord1 = "../../../creusot-contracts/src/logic/ord.rs" 58 20 58 56 + let%span soption2 = "../../../creusot-contracts/src/std/option.rs" 437 8 442 9 + let%span sord3 = "../../../creusot-contracts/src/logic/ord.rs" 29 14 29 64 + let%span sord4 = "../../../creusot-contracts/src/logic/ord.rs" 40 14 40 61 + let%span sord5 = "../../../creusot-contracts/src/logic/ord.rs" 51 14 51 61 + let%span sord6 = "../../../creusot-contracts/src/logic/ord.rs" 62 14 62 64 + let%span sord7 = "../../../creusot-contracts/src/logic/ord.rs" 67 14 67 45 + let%span sord8 = "../../../creusot-contracts/src/logic/ord.rs" 72 15 72 32 + let%span sord9 = "../../../creusot-contracts/src/logic/ord.rs" 73 15 73 32 + let%span sord10 = "../../../creusot-contracts/src/logic/ord.rs" 74 14 74 31 + let%span sord11 = "../../../creusot-contracts/src/logic/ord.rs" 81 15 81 45 + let%span sord12 = "../../../creusot-contracts/src/logic/ord.rs" 82 14 82 47 + let%span sord13 = "../../../creusot-contracts/src/logic/ord.rs" 89 15 89 48 + let%span sord14 = "../../../creusot-contracts/src/logic/ord.rs" 90 14 90 44 + let%span sord15 = "../../../creusot-contracts/src/logic/ord.rs" 95 14 95 59 - function antisym2'2 [#"../../../creusot-contracts/src/logic/ord.rs" 91 4 91 34] (x : t_B'0) (y : t_B'0) : () + type t_T'0 - axiom antisym2'2_spec : forall x : t_B'0, y : t_B'0 . ([%#sord12] cmp_log'2 x y = C_Greater'0) - -> ([%#sord13] cmp_log'2 y x = C_Less'0) + type t_Option'0 = + | C_None'0 + | C_Some'0 t_T'0 - function antisym1'1 [#"../../../creusot-contracts/src/logic/ord.rs" 83 4 83 34] (x : t_B'0) (y : t_B'0) : () + type t_Ordering'0 = + | C_Less'0 + | C_Equal'0 + | C_Greater'0 - axiom antisym1'1_spec : forall x : t_B'0, y : t_B'0 . ([%#sord10] cmp_log'2 x y = C_Less'0) - -> ([%#sord11] cmp_log'2 y x = C_Greater'0) + function cmp_log'1 [#"../../../creusot-contracts/src/logic/ord.rs" 19 4 19 46] (self : t_T'0) (other : t_T'0) : t_Ordering'0 + - function trans'1 [#"../../../creusot-contracts/src/logic/ord.rs" 75 4 75 53] (x : t_B'0) (y : t_B'0) (z : t_B'0) (o : t_Ordering'0) : () + function eq_cmp'0 [#"../../../creusot-contracts/src/logic/ord.rs" 96 4 96 32] (x : t_T'0) (y : t_T'0) : () + + axiom eq_cmp'0_spec : forall x : t_T'0, y : t_T'0 . [%#sord15] (x = y) = (cmp_log'1 x y = C_Equal'0) + + function antisym2'0 [#"../../../creusot-contracts/src/logic/ord.rs" 91 4 91 34] (x : t_T'0) (y : t_T'0) : () + + axiom antisym2'0_spec : forall x : t_T'0, y : t_T'0 . ([%#sord13] cmp_log'1 x y = C_Greater'0) + -> ([%#sord14] cmp_log'1 y x = C_Less'0) + + function antisym1'0 [#"../../../creusot-contracts/src/logic/ord.rs" 83 4 83 34] (x : t_T'0) (y : t_T'0) : () + + axiom antisym1'0_spec : forall x : t_T'0, y : t_T'0 . ([%#sord11] cmp_log'1 x y = C_Less'0) + -> ([%#sord12] cmp_log'1 y x = C_Greater'0) + + function trans'0 [#"../../../creusot-contracts/src/logic/ord.rs" 75 4 75 53] (x : t_T'0) (y : t_T'0) (z : t_T'0) (o : t_Ordering'0) : () - axiom trans'1_spec : forall x : t_B'0, y : t_B'0, z : t_B'0, o : t_Ordering'0 . ([%#sord7] cmp_log'2 x y = o) - -> ([%#sord8] cmp_log'2 y z = o) -> ([%#sord9] cmp_log'2 x z = o) + axiom trans'0_spec : forall x : t_T'0, y : t_T'0, z : t_T'0, o : t_Ordering'0 . ([%#sord8] cmp_log'1 x y = o) + -> ([%#sord9] cmp_log'1 y z = o) -> ([%#sord10] cmp_log'1 x z = o) - function refl'1 [#"../../../creusot-contracts/src/logic/ord.rs" 68 4 68 21] (x : t_B'0) : () + function refl'0 [#"../../../creusot-contracts/src/logic/ord.rs" 68 4 68 21] (x : t_T'0) : () - axiom refl'1_spec : forall x : t_B'0 . [%#sord6] cmp_log'2 x x = C_Equal'0 + axiom refl'0_spec : forall x : t_T'0 . [%#sord7] cmp_log'1 x x = C_Equal'0 - function gt_log'1 [#"../../../creusot-contracts/src/logic/ord.rs" 57 4 57 36] (self : t_B'0) (o : t_B'0) : bool + function gt_log'1 [#"../../../creusot-contracts/src/logic/ord.rs" 57 4 57 36] (self : t_T'0) (o : t_T'0) : bool - function cmp_gt_log'1 [#"../../../creusot-contracts/src/logic/ord.rs" 63 4 63 36] (x : t_B'0) (y : t_B'0) : () + function cmp_gt_log'1 [#"../../../creusot-contracts/src/logic/ord.rs" 63 4 63 36] (x : t_T'0) (y : t_T'0) : () - axiom cmp_gt_log'1_spec : forall x : t_B'0, y : t_B'0 . [%#sord5] gt_log'1 x y = (cmp_log'2 x y = C_Greater'0) + axiom cmp_gt_log'1_spec : forall x : t_T'0, y : t_T'0 . [%#sord6] gt_log'1 x y = (cmp_log'1 x y = C_Greater'0) - function ge_log'1 [#"../../../creusot-contracts/src/logic/ord.rs" 46 4 46 36] (self : t_B'0) (o : t_B'0) : bool + function ge_log'0 [#"../../../creusot-contracts/src/logic/ord.rs" 46 4 46 36] (self : t_T'0) (o : t_T'0) : bool - function cmp_ge_log'1 [#"../../../creusot-contracts/src/logic/ord.rs" 52 4 52 36] (x : t_B'0) (y : t_B'0) : () + function cmp_ge_log'0 [#"../../../creusot-contracts/src/logic/ord.rs" 52 4 52 36] (x : t_T'0) (y : t_T'0) : () - axiom cmp_ge_log'1_spec : forall x : t_B'0, y : t_B'0 . [%#sord4] ge_log'1 x y = (cmp_log'2 x y <> C_Less'0) + axiom cmp_ge_log'0_spec : forall x : t_T'0, y : t_T'0 . [%#sord5] ge_log'0 x y = (cmp_log'1 x y <> C_Less'0) - function lt_log'1 [#"../../../creusot-contracts/src/logic/ord.rs" 35 4 35 36] (self : t_B'0) (o : t_B'0) : bool + function lt_log'0 [#"../../../creusot-contracts/src/logic/ord.rs" 35 4 35 36] (self : t_T'0) (o : t_T'0) : bool - function cmp_lt_log'1 [#"../../../creusot-contracts/src/logic/ord.rs" 41 4 41 36] (x : t_B'0) (y : t_B'0) : () + function cmp_lt_log'0 [#"../../../creusot-contracts/src/logic/ord.rs" 41 4 41 36] (x : t_T'0) (y : t_T'0) : () - axiom cmp_lt_log'1_spec : forall x : t_B'0, y : t_B'0 . [%#sord3] lt_log'1 x y = (cmp_log'2 x y = C_Less'0) + axiom cmp_lt_log'0_spec : forall x : t_T'0, y : t_T'0 . [%#sord4] lt_log'0 x y = (cmp_log'1 x y = C_Less'0) - function le_log'1 [#"../../../creusot-contracts/src/logic/ord.rs" 24 4 24 36] (self : t_B'0) (o : t_B'0) : bool + function le_log'0 [#"../../../creusot-contracts/src/logic/ord.rs" 24 4 24 36] (self : t_T'0) (o : t_T'0) : bool - function cmp_le_log'1 [#"../../../creusot-contracts/src/logic/ord.rs" 30 4 30 36] (x : t_B'0) (y : t_B'0) : () + function cmp_le_log'0 [#"../../../creusot-contracts/src/logic/ord.rs" 30 4 30 36] (x : t_T'0) (y : t_T'0) : () - axiom cmp_le_log'1_spec : forall x : t_B'0, y : t_B'0 . [%#sord2] le_log'1 x y = (cmp_log'2 x y <> C_Greater'0) + axiom cmp_le_log'0_spec : forall x : t_T'0, y : t_T'0 . [%#sord3] le_log'0 x y = (cmp_log'1 x y <> C_Greater'0) - function cmp_log'0 [#"../../../creusot-contracts/src/logic/ord.rs" 262 4 262 41] (self : (t_A'0, t_B'0)) (o : (t_A'0, t_B'0)) : t_Ordering'0 + function cmp_log'0 [#"../../../creusot-contracts/src/std/option.rs" 436 4 436 41] (self : t_Option'0) (o : t_Option'0) : t_Ordering'0 = - [%#sord1] let r = cmp_log'1 (let (a, _) = self in a) (let (a, _) = o in a) in if r = C_Equal'0 then - cmp_log'2 (let (_, a) = self in a) (let (_, a) = o in a) - else - r - - - goal refines : [%#sord0] forall x : (t_A'0, t_B'0) . forall y : (t_A'0, t_B'0) . cmp_log'0 x y = C_Greater'0 - -> cmp_log'0 x y = C_Greater'0 /\ (forall result : () . cmp_log'0 y x = C_Less'0 -> cmp_log'0 y x = C_Less'0) -end -module M_creusot_contracts__logic__ord__qyi1910662420989811789__eq_cmp__refines [#"../../../creusot-contracts/src/logic/ord.rs" 174 8 174 35] (* <(A, B) as logic::ord::OrdLogic> *) + [%#soption2] match (self, o) with + | (C_None'0, C_None'0) -> C_Equal'0 + | (C_None'0, C_Some'0 _) -> C_Less'0 + | (C_Some'0 _, C_None'0) -> C_Greater'0 + | (C_Some'0 x, C_Some'0 y) -> cmp_log'1 x y + end + + function gt_log'0 [#"../../../creusot-contracts/src/logic/ord.rs" 57 4 57 36] (self : t_Option'0) (o : t_Option'0) : bool + + = + [%#sord1] cmp_log'0 self o = C_Greater'0 + + goal refines : [%#sord0] forall x : t_Option'0 . forall y : t_Option'0 . forall result : () . gt_log'0 x y + = (cmp_log'0 x y = C_Greater'0) -> gt_log'0 x y = (cmp_log'0 x y = C_Greater'0) +end +module M_creusot_contracts__stdqy35z1__option__qyi10751279649878241649__eq_cmp__refines [#"../../../creusot-contracts/src/logic/ord.rs" 174 8 174 35] (* as logic::ord::OrdLogic> *) let%span sord0 = "../../../creusot-contracts/src/logic/ord.rs" 174 8 174 35 - let%span sord1 = "../../../creusot-contracts/src/logic/ord.rs" 263 8 270 11 + let%span soption1 = "../../../creusot-contracts/src/std/option.rs" 437 8 442 9 let%span sord2 = "../../../creusot-contracts/src/logic/ord.rs" 29 14 29 64 let%span sord3 = "../../../creusot-contracts/src/logic/ord.rs" 40 14 40 61 let%span sord4 = "../../../creusot-contracts/src/logic/ord.rs" 51 14 51 61 @@ -19178,133 +18839,85 @@ module M_creusot_contracts__logic__ord__qyi1910662420989811789__eq_cmp__refines let%span sord13 = "../../../creusot-contracts/src/logic/ord.rs" 90 14 90 44 let%span sord14 = "../../../creusot-contracts/src/logic/ord.rs" 95 14 95 59 - type t_A'0 + type t_T'0 - type t_B'0 + type t_Option'0 = + | C_None'0 + | C_Some'0 t_T'0 type t_Ordering'0 = | C_Less'0 | C_Equal'0 | C_Greater'0 - function cmp_log'1 [#"../../../creusot-contracts/src/logic/ord.rs" 19 4 19 46] (self : t_A'0) (other : t_A'0) : t_Ordering'0 + function cmp_log'1 [#"../../../creusot-contracts/src/logic/ord.rs" 19 4 19 46] (self : t_T'0) (other : t_T'0) : t_Ordering'0 - function eq_cmp'1 [#"../../../creusot-contracts/src/logic/ord.rs" 96 4 96 32] (x : t_A'0) (y : t_A'0) : () + function eq_cmp'1 [#"../../../creusot-contracts/src/logic/ord.rs" 96 4 96 32] (x : t_T'0) (y : t_T'0) : () - axiom eq_cmp'1_spec : forall x : t_A'0, y : t_A'0 . [%#sord14] (x = y) = (cmp_log'1 x y = C_Equal'0) + axiom eq_cmp'1_spec : forall x : t_T'0, y : t_T'0 . [%#sord14] (x = y) = (cmp_log'1 x y = C_Equal'0) - function antisym2'0 [#"../../../creusot-contracts/src/logic/ord.rs" 91 4 91 34] (x : t_A'0) (y : t_A'0) : () + function antisym2'0 [#"../../../creusot-contracts/src/logic/ord.rs" 91 4 91 34] (x : t_T'0) (y : t_T'0) : () - axiom antisym2'0_spec : forall x : t_A'0, y : t_A'0 . ([%#sord12] cmp_log'1 x y = C_Greater'0) + axiom antisym2'0_spec : forall x : t_T'0, y : t_T'0 . ([%#sord12] cmp_log'1 x y = C_Greater'0) -> ([%#sord13] cmp_log'1 y x = C_Less'0) - function antisym1'0 [#"../../../creusot-contracts/src/logic/ord.rs" 83 4 83 34] (x : t_A'0) (y : t_A'0) : () + function antisym1'0 [#"../../../creusot-contracts/src/logic/ord.rs" 83 4 83 34] (x : t_T'0) (y : t_T'0) : () - axiom antisym1'0_spec : forall x : t_A'0, y : t_A'0 . ([%#sord10] cmp_log'1 x y = C_Less'0) + axiom antisym1'0_spec : forall x : t_T'0, y : t_T'0 . ([%#sord10] cmp_log'1 x y = C_Less'0) -> ([%#sord11] cmp_log'1 y x = C_Greater'0) - function trans'0 [#"../../../creusot-contracts/src/logic/ord.rs" 75 4 75 53] (x : t_A'0) (y : t_A'0) (z : t_A'0) (o : t_Ordering'0) : () + function trans'0 [#"../../../creusot-contracts/src/logic/ord.rs" 75 4 75 53] (x : t_T'0) (y : t_T'0) (z : t_T'0) (o : t_Ordering'0) : () - axiom trans'0_spec : forall x : t_A'0, y : t_A'0, z : t_A'0, o : t_Ordering'0 . ([%#sord7] cmp_log'1 x y = o) + axiom trans'0_spec : forall x : t_T'0, y : t_T'0, z : t_T'0, o : t_Ordering'0 . ([%#sord7] cmp_log'1 x y = o) -> ([%#sord8] cmp_log'1 y z = o) -> ([%#sord9] cmp_log'1 x z = o) - function refl'0 [#"../../../creusot-contracts/src/logic/ord.rs" 68 4 68 21] (x : t_A'0) : () - - axiom refl'0_spec : forall x : t_A'0 . [%#sord6] cmp_log'1 x x = C_Equal'0 - - function gt_log'0 [#"../../../creusot-contracts/src/logic/ord.rs" 57 4 57 36] (self : t_A'0) (o : t_A'0) : bool - - function cmp_gt_log'0 [#"../../../creusot-contracts/src/logic/ord.rs" 63 4 63 36] (x : t_A'0) (y : t_A'0) : () - - axiom cmp_gt_log'0_spec : forall x : t_A'0, y : t_A'0 . [%#sord5] gt_log'0 x y = (cmp_log'1 x y = C_Greater'0) - - function ge_log'0 [#"../../../creusot-contracts/src/logic/ord.rs" 46 4 46 36] (self : t_A'0) (o : t_A'0) : bool - - function cmp_ge_log'0 [#"../../../creusot-contracts/src/logic/ord.rs" 52 4 52 36] (x : t_A'0) (y : t_A'0) : () - - axiom cmp_ge_log'0_spec : forall x : t_A'0, y : t_A'0 . [%#sord4] ge_log'0 x y = (cmp_log'1 x y <> C_Less'0) - - function lt_log'0 [#"../../../creusot-contracts/src/logic/ord.rs" 35 4 35 36] (self : t_A'0) (o : t_A'0) : bool - - function cmp_lt_log'0 [#"../../../creusot-contracts/src/logic/ord.rs" 41 4 41 36] (x : t_A'0) (y : t_A'0) : () - - axiom cmp_lt_log'0_spec : forall x : t_A'0, y : t_A'0 . [%#sord3] lt_log'0 x y = (cmp_log'1 x y = C_Less'0) - - function le_log'0 [#"../../../creusot-contracts/src/logic/ord.rs" 24 4 24 36] (self : t_A'0) (o : t_A'0) : bool - - function cmp_le_log'0 [#"../../../creusot-contracts/src/logic/ord.rs" 30 4 30 36] (x : t_A'0) (y : t_A'0) : () - - axiom cmp_le_log'0_spec : forall x : t_A'0, y : t_A'0 . [%#sord2] le_log'0 x y = (cmp_log'1 x y <> C_Greater'0) - - function cmp_log'2 [#"../../../creusot-contracts/src/logic/ord.rs" 19 4 19 46] (self : t_B'0) (other : t_B'0) : t_Ordering'0 - - - function eq_cmp'2 [#"../../../creusot-contracts/src/logic/ord.rs" 96 4 96 32] (x : t_B'0) (y : t_B'0) : () - - axiom eq_cmp'2_spec : forall x : t_B'0, y : t_B'0 . [%#sord14] (x = y) = (cmp_log'2 x y = C_Equal'0) - - function antisym2'1 [#"../../../creusot-contracts/src/logic/ord.rs" 91 4 91 34] (x : t_B'0) (y : t_B'0) : () - - axiom antisym2'1_spec : forall x : t_B'0, y : t_B'0 . ([%#sord12] cmp_log'2 x y = C_Greater'0) - -> ([%#sord13] cmp_log'2 y x = C_Less'0) - - function antisym1'1 [#"../../../creusot-contracts/src/logic/ord.rs" 83 4 83 34] (x : t_B'0) (y : t_B'0) : () - - axiom antisym1'1_spec : forall x : t_B'0, y : t_B'0 . ([%#sord10] cmp_log'2 x y = C_Less'0) - -> ([%#sord11] cmp_log'2 y x = C_Greater'0) - - function trans'1 [#"../../../creusot-contracts/src/logic/ord.rs" 75 4 75 53] (x : t_B'0) (y : t_B'0) (z : t_B'0) (o : t_Ordering'0) : () - - - axiom trans'1_spec : forall x : t_B'0, y : t_B'0, z : t_B'0, o : t_Ordering'0 . ([%#sord7] cmp_log'2 x y = o) - -> ([%#sord8] cmp_log'2 y z = o) -> ([%#sord9] cmp_log'2 x z = o) - - function refl'1 [#"../../../creusot-contracts/src/logic/ord.rs" 68 4 68 21] (x : t_B'0) : () + function refl'0 [#"../../../creusot-contracts/src/logic/ord.rs" 68 4 68 21] (x : t_T'0) : () - axiom refl'1_spec : forall x : t_B'0 . [%#sord6] cmp_log'2 x x = C_Equal'0 + axiom refl'0_spec : forall x : t_T'0 . [%#sord6] cmp_log'1 x x = C_Equal'0 - function gt_log'1 [#"../../../creusot-contracts/src/logic/ord.rs" 57 4 57 36] (self : t_B'0) (o : t_B'0) : bool + function gt_log'0 [#"../../../creusot-contracts/src/logic/ord.rs" 57 4 57 36] (self : t_T'0) (o : t_T'0) : bool - function cmp_gt_log'1 [#"../../../creusot-contracts/src/logic/ord.rs" 63 4 63 36] (x : t_B'0) (y : t_B'0) : () + function cmp_gt_log'0 [#"../../../creusot-contracts/src/logic/ord.rs" 63 4 63 36] (x : t_T'0) (y : t_T'0) : () - axiom cmp_gt_log'1_spec : forall x : t_B'0, y : t_B'0 . [%#sord5] gt_log'1 x y = (cmp_log'2 x y = C_Greater'0) + axiom cmp_gt_log'0_spec : forall x : t_T'0, y : t_T'0 . [%#sord5] gt_log'0 x y = (cmp_log'1 x y = C_Greater'0) - function ge_log'1 [#"../../../creusot-contracts/src/logic/ord.rs" 46 4 46 36] (self : t_B'0) (o : t_B'0) : bool + function ge_log'0 [#"../../../creusot-contracts/src/logic/ord.rs" 46 4 46 36] (self : t_T'0) (o : t_T'0) : bool - function cmp_ge_log'1 [#"../../../creusot-contracts/src/logic/ord.rs" 52 4 52 36] (x : t_B'0) (y : t_B'0) : () + function cmp_ge_log'0 [#"../../../creusot-contracts/src/logic/ord.rs" 52 4 52 36] (x : t_T'0) (y : t_T'0) : () - axiom cmp_ge_log'1_spec : forall x : t_B'0, y : t_B'0 . [%#sord4] ge_log'1 x y = (cmp_log'2 x y <> C_Less'0) + axiom cmp_ge_log'0_spec : forall x : t_T'0, y : t_T'0 . [%#sord4] ge_log'0 x y = (cmp_log'1 x y <> C_Less'0) - function lt_log'1 [#"../../../creusot-contracts/src/logic/ord.rs" 35 4 35 36] (self : t_B'0) (o : t_B'0) : bool + function lt_log'0 [#"../../../creusot-contracts/src/logic/ord.rs" 35 4 35 36] (self : t_T'0) (o : t_T'0) : bool - function cmp_lt_log'1 [#"../../../creusot-contracts/src/logic/ord.rs" 41 4 41 36] (x : t_B'0) (y : t_B'0) : () + function cmp_lt_log'0 [#"../../../creusot-contracts/src/logic/ord.rs" 41 4 41 36] (x : t_T'0) (y : t_T'0) : () - axiom cmp_lt_log'1_spec : forall x : t_B'0, y : t_B'0 . [%#sord3] lt_log'1 x y = (cmp_log'2 x y = C_Less'0) + axiom cmp_lt_log'0_spec : forall x : t_T'0, y : t_T'0 . [%#sord3] lt_log'0 x y = (cmp_log'1 x y = C_Less'0) - function le_log'1 [#"../../../creusot-contracts/src/logic/ord.rs" 24 4 24 36] (self : t_B'0) (o : t_B'0) : bool + function le_log'0 [#"../../../creusot-contracts/src/logic/ord.rs" 24 4 24 36] (self : t_T'0) (o : t_T'0) : bool - function cmp_le_log'1 [#"../../../creusot-contracts/src/logic/ord.rs" 30 4 30 36] (x : t_B'0) (y : t_B'0) : () + function cmp_le_log'0 [#"../../../creusot-contracts/src/logic/ord.rs" 30 4 30 36] (x : t_T'0) (y : t_T'0) : () - axiom cmp_le_log'1_spec : forall x : t_B'0, y : t_B'0 . [%#sord2] le_log'1 x y = (cmp_log'2 x y <> C_Greater'0) + axiom cmp_le_log'0_spec : forall x : t_T'0, y : t_T'0 . [%#sord2] le_log'0 x y = (cmp_log'1 x y <> C_Greater'0) - function cmp_log'0 [#"../../../creusot-contracts/src/logic/ord.rs" 262 4 262 41] (self : (t_A'0, t_B'0)) (o : (t_A'0, t_B'0)) : t_Ordering'0 + function cmp_log'0 [#"../../../creusot-contracts/src/std/option.rs" 436 4 436 41] (self : t_Option'0) (o : t_Option'0) : t_Ordering'0 = - [%#sord1] let r = cmp_log'1 (let (a, _) = self in a) (let (a, _) = o in a) in if r = C_Equal'0 then - cmp_log'2 (let (_, a) = self in a) (let (_, a) = o in a) - else - r - + [%#soption1] match (self, o) with + | (C_None'0, C_None'0) -> C_Equal'0 + | (C_None'0, C_Some'0 _) -> C_Less'0 + | (C_Some'0 _, C_None'0) -> C_Greater'0 + | (C_Some'0 x, C_Some'0 y) -> cmp_log'1 x y + end - goal refines : [%#sord0] forall x : (t_A'0, t_B'0) . forall y : (t_A'0, t_B'0) . forall result : () . (x = y) + goal refines : [%#sord0] forall x : t_Option'0 . forall y : t_Option'0 . forall result : () . (x = y) = (cmp_log'0 x y = C_Equal'0) -> (x = y) = (cmp_log'0 x y = C_Equal'0) end -module M_creusot_contracts__logic__ord__qyi1910662420989811789__cmp_le_log__refines [#"../../../creusot-contracts/src/logic/ord.rs" 130 8 130 39] (* <(A, B) as logic::ord::OrdLogic> *) - let%span sord0 = "../../../creusot-contracts/src/logic/ord.rs" 130 8 130 39 - let%span sord1 = "../../../creusot-contracts/src/logic/ord.rs" 276 20 276 68 - let%span sord2 = "../../../creusot-contracts/src/logic/ord.rs" 263 8 270 11 +module M_creusot_contracts__stdqy35z1__option__qyi10751279649878241649__cmp_lt_log__refines [#"../../../creusot-contracts/src/logic/ord.rs" 135 8 135 39] (* as logic::ord::OrdLogic> *) + let%span sord0 = "../../../creusot-contracts/src/logic/ord.rs" 135 8 135 39 + let%span sord1 = "../../../creusot-contracts/src/logic/ord.rs" 36 20 36 53 + let%span soption2 = "../../../creusot-contracts/src/std/option.rs" 437 8 442 9 let%span sord3 = "../../../creusot-contracts/src/logic/ord.rs" 29 14 29 64 let%span sord4 = "../../../creusot-contracts/src/logic/ord.rs" 40 14 40 61 let%span sord5 = "../../../creusot-contracts/src/logic/ord.rs" 51 14 51 61 @@ -19319,139 +18932,181 @@ module M_creusot_contracts__logic__ord__qyi1910662420989811789__cmp_le_log__refi let%span sord14 = "../../../creusot-contracts/src/logic/ord.rs" 90 14 90 44 let%span sord15 = "../../../creusot-contracts/src/logic/ord.rs" 95 14 95 59 - type t_A'0 + type t_T'0 - type t_B'0 + type t_Option'0 = + | C_None'0 + | C_Some'0 t_T'0 type t_Ordering'0 = | C_Less'0 | C_Equal'0 | C_Greater'0 - function cmp_log'2 [#"../../../creusot-contracts/src/logic/ord.rs" 19 4 19 46] (self : t_B'0) (other : t_B'0) : t_Ordering'0 + function cmp_log'1 [#"../../../creusot-contracts/src/logic/ord.rs" 19 4 19 46] (self : t_T'0) (other : t_T'0) : t_Ordering'0 - function eq_cmp'0 [#"../../../creusot-contracts/src/logic/ord.rs" 96 4 96 32] (x : t_B'0) (y : t_B'0) : () + function eq_cmp'0 [#"../../../creusot-contracts/src/logic/ord.rs" 96 4 96 32] (x : t_T'0) (y : t_T'0) : () - axiom eq_cmp'0_spec : forall x : t_B'0, y : t_B'0 . [%#sord15] (x = y) = (cmp_log'2 x y = C_Equal'0) + axiom eq_cmp'0_spec : forall x : t_T'0, y : t_T'0 . [%#sord15] (x = y) = (cmp_log'1 x y = C_Equal'0) - function antisym2'0 [#"../../../creusot-contracts/src/logic/ord.rs" 91 4 91 34] (x : t_B'0) (y : t_B'0) : () + function antisym2'0 [#"../../../creusot-contracts/src/logic/ord.rs" 91 4 91 34] (x : t_T'0) (y : t_T'0) : () - axiom antisym2'0_spec : forall x : t_B'0, y : t_B'0 . ([%#sord13] cmp_log'2 x y = C_Greater'0) - -> ([%#sord14] cmp_log'2 y x = C_Less'0) + axiom antisym2'0_spec : forall x : t_T'0, y : t_T'0 . ([%#sord13] cmp_log'1 x y = C_Greater'0) + -> ([%#sord14] cmp_log'1 y x = C_Less'0) - function antisym1'0 [#"../../../creusot-contracts/src/logic/ord.rs" 83 4 83 34] (x : t_B'0) (y : t_B'0) : () + function antisym1'0 [#"../../../creusot-contracts/src/logic/ord.rs" 83 4 83 34] (x : t_T'0) (y : t_T'0) : () - axiom antisym1'0_spec : forall x : t_B'0, y : t_B'0 . ([%#sord11] cmp_log'2 x y = C_Less'0) - -> ([%#sord12] cmp_log'2 y x = C_Greater'0) + axiom antisym1'0_spec : forall x : t_T'0, y : t_T'0 . ([%#sord11] cmp_log'1 x y = C_Less'0) + -> ([%#sord12] cmp_log'1 y x = C_Greater'0) - function trans'0 [#"../../../creusot-contracts/src/logic/ord.rs" 75 4 75 53] (x : t_B'0) (y : t_B'0) (z : t_B'0) (o : t_Ordering'0) : () + function trans'0 [#"../../../creusot-contracts/src/logic/ord.rs" 75 4 75 53] (x : t_T'0) (y : t_T'0) (z : t_T'0) (o : t_Ordering'0) : () - axiom trans'0_spec : forall x : t_B'0, y : t_B'0, z : t_B'0, o : t_Ordering'0 . ([%#sord8] cmp_log'2 x y = o) - -> ([%#sord9] cmp_log'2 y z = o) -> ([%#sord10] cmp_log'2 x z = o) + axiom trans'0_spec : forall x : t_T'0, y : t_T'0, z : t_T'0, o : t_Ordering'0 . ([%#sord8] cmp_log'1 x y = o) + -> ([%#sord9] cmp_log'1 y z = o) -> ([%#sord10] cmp_log'1 x z = o) - function refl'0 [#"../../../creusot-contracts/src/logic/ord.rs" 68 4 68 21] (x : t_B'0) : () + function refl'0 [#"../../../creusot-contracts/src/logic/ord.rs" 68 4 68 21] (x : t_T'0) : () - axiom refl'0_spec : forall x : t_B'0 . [%#sord7] cmp_log'2 x x = C_Equal'0 + axiom refl'0_spec : forall x : t_T'0 . [%#sord7] cmp_log'1 x x = C_Equal'0 - function gt_log'0 [#"../../../creusot-contracts/src/logic/ord.rs" 57 4 57 36] (self : t_B'0) (o : t_B'0) : bool + function gt_log'0 [#"../../../creusot-contracts/src/logic/ord.rs" 57 4 57 36] (self : t_T'0) (o : t_T'0) : bool - function cmp_gt_log'0 [#"../../../creusot-contracts/src/logic/ord.rs" 63 4 63 36] (x : t_B'0) (y : t_B'0) : () + function cmp_gt_log'0 [#"../../../creusot-contracts/src/logic/ord.rs" 63 4 63 36] (x : t_T'0) (y : t_T'0) : () - axiom cmp_gt_log'0_spec : forall x : t_B'0, y : t_B'0 . [%#sord6] gt_log'0 x y = (cmp_log'2 x y = C_Greater'0) + axiom cmp_gt_log'0_spec : forall x : t_T'0, y : t_T'0 . [%#sord6] gt_log'0 x y = (cmp_log'1 x y = C_Greater'0) - function ge_log'0 [#"../../../creusot-contracts/src/logic/ord.rs" 46 4 46 36] (self : t_B'0) (o : t_B'0) : bool + function ge_log'0 [#"../../../creusot-contracts/src/logic/ord.rs" 46 4 46 36] (self : t_T'0) (o : t_T'0) : bool - function cmp_ge_log'0 [#"../../../creusot-contracts/src/logic/ord.rs" 52 4 52 36] (x : t_B'0) (y : t_B'0) : () + function cmp_ge_log'0 [#"../../../creusot-contracts/src/logic/ord.rs" 52 4 52 36] (x : t_T'0) (y : t_T'0) : () - axiom cmp_ge_log'0_spec : forall x : t_B'0, y : t_B'0 . [%#sord5] ge_log'0 x y = (cmp_log'2 x y <> C_Less'0) + axiom cmp_ge_log'0_spec : forall x : t_T'0, y : t_T'0 . [%#sord5] ge_log'0 x y = (cmp_log'1 x y <> C_Less'0) - function lt_log'1 [#"../../../creusot-contracts/src/logic/ord.rs" 35 4 35 36] (self : t_B'0) (o : t_B'0) : bool + function lt_log'1 [#"../../../creusot-contracts/src/logic/ord.rs" 35 4 35 36] (self : t_T'0) (o : t_T'0) : bool - function cmp_lt_log'0 [#"../../../creusot-contracts/src/logic/ord.rs" 41 4 41 36] (x : t_B'0) (y : t_B'0) : () + function cmp_lt_log'1 [#"../../../creusot-contracts/src/logic/ord.rs" 41 4 41 36] (x : t_T'0) (y : t_T'0) : () - axiom cmp_lt_log'0_spec : forall x : t_B'0, y : t_B'0 . [%#sord4] lt_log'1 x y = (cmp_log'2 x y = C_Less'0) + axiom cmp_lt_log'1_spec : forall x : t_T'0, y : t_T'0 . [%#sord4] lt_log'1 x y = (cmp_log'1 x y = C_Less'0) - function le_log'1 [#"../../../creusot-contracts/src/logic/ord.rs" 24 4 24 36] (self : t_B'0) (o : t_B'0) : bool + function le_log'0 [#"../../../creusot-contracts/src/logic/ord.rs" 24 4 24 36] (self : t_T'0) (o : t_T'0) : bool - function cmp_le_log'1 [#"../../../creusot-contracts/src/logic/ord.rs" 30 4 30 36] (x : t_B'0) (y : t_B'0) : () + function cmp_le_log'0 [#"../../../creusot-contracts/src/logic/ord.rs" 30 4 30 36] (x : t_T'0) (y : t_T'0) : () - axiom cmp_le_log'1_spec : forall x : t_B'0, y : t_B'0 . [%#sord3] le_log'1 x y = (cmp_log'2 x y <> C_Greater'0) + axiom cmp_le_log'0_spec : forall x : t_T'0, y : t_T'0 . [%#sord3] le_log'0 x y = (cmp_log'1 x y <> C_Greater'0) - function cmp_log'1 [#"../../../creusot-contracts/src/logic/ord.rs" 19 4 19 46] (self : t_A'0) (other : t_A'0) : t_Ordering'0 + function cmp_log'0 [#"../../../creusot-contracts/src/std/option.rs" 436 4 436 41] (self : t_Option'0) (o : t_Option'0) : t_Ordering'0 + = + [%#soption2] match (self, o) with + | (C_None'0, C_None'0) -> C_Equal'0 + | (C_None'0, C_Some'0 _) -> C_Less'0 + | (C_Some'0 _, C_None'0) -> C_Greater'0 + | (C_Some'0 x, C_Some'0 y) -> cmp_log'1 x y + end - function eq_cmp'1 [#"../../../creusot-contracts/src/logic/ord.rs" 96 4 96 32] (x : t_A'0) (y : t_A'0) : () - - axiom eq_cmp'1_spec : forall x : t_A'0, y : t_A'0 . [%#sord15] (x = y) = (cmp_log'1 x y = C_Equal'0) + function lt_log'0 [#"../../../creusot-contracts/src/logic/ord.rs" 35 4 35 36] (self : t_Option'0) (o : t_Option'0) : bool + + = + [%#sord1] cmp_log'0 self o = C_Less'0 - function antisym2'1 [#"../../../creusot-contracts/src/logic/ord.rs" 91 4 91 34] (x : t_A'0) (y : t_A'0) : () + goal refines : [%#sord0] forall x : t_Option'0 . forall y : t_Option'0 . forall result : () . lt_log'0 x y + = (cmp_log'0 x y = C_Less'0) -> lt_log'0 x y = (cmp_log'0 x y = C_Less'0) +end +module M_creusot_contracts__stdqy35z1__option__qyi10751279649878241649__antisym2__refines [#"../../../creusot-contracts/src/logic/ord.rs" 169 8 169 37] (* as logic::ord::OrdLogic> *) + let%span sord0 = "../../../creusot-contracts/src/logic/ord.rs" 169 8 169 37 + let%span soption1 = "../../../creusot-contracts/src/std/option.rs" 437 8 442 9 + let%span sord2 = "../../../creusot-contracts/src/logic/ord.rs" 29 14 29 64 + let%span sord3 = "../../../creusot-contracts/src/logic/ord.rs" 40 14 40 61 + let%span sord4 = "../../../creusot-contracts/src/logic/ord.rs" 51 14 51 61 + let%span sord5 = "../../../creusot-contracts/src/logic/ord.rs" 62 14 62 64 + let%span sord6 = "../../../creusot-contracts/src/logic/ord.rs" 67 14 67 45 + let%span sord7 = "../../../creusot-contracts/src/logic/ord.rs" 72 15 72 32 + let%span sord8 = "../../../creusot-contracts/src/logic/ord.rs" 73 15 73 32 + let%span sord9 = "../../../creusot-contracts/src/logic/ord.rs" 74 14 74 31 + let%span sord10 = "../../../creusot-contracts/src/logic/ord.rs" 81 15 81 45 + let%span sord11 = "../../../creusot-contracts/src/logic/ord.rs" 82 14 82 47 + let%span sord12 = "../../../creusot-contracts/src/logic/ord.rs" 89 15 89 48 + let%span sord13 = "../../../creusot-contracts/src/logic/ord.rs" 90 14 90 44 + let%span sord14 = "../../../creusot-contracts/src/logic/ord.rs" 95 14 95 59 - axiom antisym2'1_spec : forall x : t_A'0, y : t_A'0 . ([%#sord13] cmp_log'1 x y = C_Greater'0) - -> ([%#sord14] cmp_log'1 y x = C_Less'0) + type t_T'0 - function antisym1'1 [#"../../../creusot-contracts/src/logic/ord.rs" 83 4 83 34] (x : t_A'0) (y : t_A'0) : () + type t_Option'0 = + | C_None'0 + | C_Some'0 t_T'0 - axiom antisym1'1_spec : forall x : t_A'0, y : t_A'0 . ([%#sord11] cmp_log'1 x y = C_Less'0) - -> ([%#sord12] cmp_log'1 y x = C_Greater'0) + type t_Ordering'0 = + | C_Less'0 + | C_Equal'0 + | C_Greater'0 - function trans'1 [#"../../../creusot-contracts/src/logic/ord.rs" 75 4 75 53] (x : t_A'0) (y : t_A'0) (z : t_A'0) (o : t_Ordering'0) : () + function cmp_log'1 [#"../../../creusot-contracts/src/logic/ord.rs" 19 4 19 46] (self : t_T'0) (other : t_T'0) : t_Ordering'0 - axiom trans'1_spec : forall x : t_A'0, y : t_A'0, z : t_A'0, o : t_Ordering'0 . ([%#sord8] cmp_log'1 x y = o) - -> ([%#sord9] cmp_log'1 y z = o) -> ([%#sord10] cmp_log'1 x z = o) + function eq_cmp'0 [#"../../../creusot-contracts/src/logic/ord.rs" 96 4 96 32] (x : t_T'0) (y : t_T'0) : () - function refl'1 [#"../../../creusot-contracts/src/logic/ord.rs" 68 4 68 21] (x : t_A'0) : () + axiom eq_cmp'0_spec : forall x : t_T'0, y : t_T'0 . [%#sord14] (x = y) = (cmp_log'1 x y = C_Equal'0) - axiom refl'1_spec : forall x : t_A'0 . [%#sord7] cmp_log'1 x x = C_Equal'0 + function antisym2'1 [#"../../../creusot-contracts/src/logic/ord.rs" 91 4 91 34] (x : t_T'0) (y : t_T'0) : () - function gt_log'1 [#"../../../creusot-contracts/src/logic/ord.rs" 57 4 57 36] (self : t_A'0) (o : t_A'0) : bool + axiom antisym2'1_spec : forall x : t_T'0, y : t_T'0 . ([%#sord12] cmp_log'1 x y = C_Greater'0) + -> ([%#sord13] cmp_log'1 y x = C_Less'0) - function cmp_gt_log'1 [#"../../../creusot-contracts/src/logic/ord.rs" 63 4 63 36] (x : t_A'0) (y : t_A'0) : () + function antisym1'0 [#"../../../creusot-contracts/src/logic/ord.rs" 83 4 83 34] (x : t_T'0) (y : t_T'0) : () - axiom cmp_gt_log'1_spec : forall x : t_A'0, y : t_A'0 . [%#sord6] gt_log'1 x y = (cmp_log'1 x y = C_Greater'0) + axiom antisym1'0_spec : forall x : t_T'0, y : t_T'0 . ([%#sord10] cmp_log'1 x y = C_Less'0) + -> ([%#sord11] cmp_log'1 y x = C_Greater'0) - function ge_log'1 [#"../../../creusot-contracts/src/logic/ord.rs" 46 4 46 36] (self : t_A'0) (o : t_A'0) : bool + function trans'0 [#"../../../creusot-contracts/src/logic/ord.rs" 75 4 75 53] (x : t_T'0) (y : t_T'0) (z : t_T'0) (o : t_Ordering'0) : () + - function cmp_ge_log'1 [#"../../../creusot-contracts/src/logic/ord.rs" 52 4 52 36] (x : t_A'0) (y : t_A'0) : () + axiom trans'0_spec : forall x : t_T'0, y : t_T'0, z : t_T'0, o : t_Ordering'0 . ([%#sord7] cmp_log'1 x y = o) + -> ([%#sord8] cmp_log'1 y z = o) -> ([%#sord9] cmp_log'1 x z = o) - axiom cmp_ge_log'1_spec : forall x : t_A'0, y : t_A'0 . [%#sord5] ge_log'1 x y = (cmp_log'1 x y <> C_Less'0) + function refl'0 [#"../../../creusot-contracts/src/logic/ord.rs" 68 4 68 21] (x : t_T'0) : () - function lt_log'0 [#"../../../creusot-contracts/src/logic/ord.rs" 35 4 35 36] (self : t_A'0) (o : t_A'0) : bool + axiom refl'0_spec : forall x : t_T'0 . [%#sord6] cmp_log'1 x x = C_Equal'0 - function cmp_lt_log'1 [#"../../../creusot-contracts/src/logic/ord.rs" 41 4 41 36] (x : t_A'0) (y : t_A'0) : () + function gt_log'0 [#"../../../creusot-contracts/src/logic/ord.rs" 57 4 57 36] (self : t_T'0) (o : t_T'0) : bool - axiom cmp_lt_log'1_spec : forall x : t_A'0, y : t_A'0 . [%#sord4] lt_log'0 x y = (cmp_log'1 x y = C_Less'0) + function cmp_gt_log'0 [#"../../../creusot-contracts/src/logic/ord.rs" 63 4 63 36] (x : t_T'0) (y : t_T'0) : () - function le_log'2 [#"../../../creusot-contracts/src/logic/ord.rs" 24 4 24 36] (self : t_A'0) (o : t_A'0) : bool + axiom cmp_gt_log'0_spec : forall x : t_T'0, y : t_T'0 . [%#sord5] gt_log'0 x y = (cmp_log'1 x y = C_Greater'0) - function cmp_le_log'2 [#"../../../creusot-contracts/src/logic/ord.rs" 30 4 30 36] (x : t_A'0) (y : t_A'0) : () + function ge_log'0 [#"../../../creusot-contracts/src/logic/ord.rs" 46 4 46 36] (self : t_T'0) (o : t_T'0) : bool - axiom cmp_le_log'2_spec : forall x : t_A'0, y : t_A'0 . [%#sord3] le_log'2 x y = (cmp_log'1 x y <> C_Greater'0) + function cmp_ge_log'0 [#"../../../creusot-contracts/src/logic/ord.rs" 52 4 52 36] (x : t_T'0) (y : t_T'0) : () - function le_log'0 [#"../../../creusot-contracts/src/logic/ord.rs" 275 4 275 36] (self : (t_A'0, t_B'0)) (o : (t_A'0, t_B'0)) : bool - - = - [%#sord1] (let (a, _) = self in a) = (let (a, _) = o in a) - /\ le_log'1 (let (_, a) = self in a) (let (_, a) = o in a) - \/ lt_log'0 (let (a, _) = self in a) (let (a, _) = o in a) + axiom cmp_ge_log'0_spec : forall x : t_T'0, y : t_T'0 . [%#sord4] ge_log'0 x y = (cmp_log'1 x y <> C_Less'0) - function cmp_log'0 [#"../../../creusot-contracts/src/logic/ord.rs" 262 4 262 41] (self : (t_A'0, t_B'0)) (o : (t_A'0, t_B'0)) : t_Ordering'0 + function lt_log'0 [#"../../../creusot-contracts/src/logic/ord.rs" 35 4 35 36] (self : t_T'0) (o : t_T'0) : bool + + function cmp_lt_log'0 [#"../../../creusot-contracts/src/logic/ord.rs" 41 4 41 36] (x : t_T'0) (y : t_T'0) : () + + axiom cmp_lt_log'0_spec : forall x : t_T'0, y : t_T'0 . [%#sord3] lt_log'0 x y = (cmp_log'1 x y = C_Less'0) + + function le_log'0 [#"../../../creusot-contracts/src/logic/ord.rs" 24 4 24 36] (self : t_T'0) (o : t_T'0) : bool + + function cmp_le_log'0 [#"../../../creusot-contracts/src/logic/ord.rs" 30 4 30 36] (x : t_T'0) (y : t_T'0) : () + + axiom cmp_le_log'0_spec : forall x : t_T'0, y : t_T'0 . [%#sord2] le_log'0 x y = (cmp_log'1 x y <> C_Greater'0) + + function cmp_log'0 [#"../../../creusot-contracts/src/std/option.rs" 436 4 436 41] (self : t_Option'0) (o : t_Option'0) : t_Ordering'0 = - [%#sord2] let r = cmp_log'1 (let (a, _) = self in a) (let (a, _) = o in a) in if r = C_Equal'0 then - cmp_log'2 (let (_, a) = self in a) (let (_, a) = o in a) - else - r - + [%#soption1] match (self, o) with + | (C_None'0, C_None'0) -> C_Equal'0 + | (C_None'0, C_Some'0 _) -> C_Less'0 + | (C_Some'0 _, C_None'0) -> C_Greater'0 + | (C_Some'0 x, C_Some'0 y) -> cmp_log'1 x y + end - goal refines : [%#sord0] forall x : (t_A'0, t_B'0) . forall y : (t_A'0, t_B'0) . forall result : () . le_log'0 x y - = (cmp_log'0 x y <> C_Greater'0) -> le_log'0 x y = (cmp_log'0 x y <> C_Greater'0) + goal refines : [%#sord0] forall x : t_Option'0 . forall y : t_Option'0 . cmp_log'0 x y = C_Greater'0 + -> cmp_log'0 x y = C_Greater'0 /\ (forall result : () . cmp_log'0 y x = C_Less'0 -> cmp_log'0 y x = C_Less'0) end -module M_creusot_contracts__logic__ord__qyi1910662420989811789__refl__refines [#"../../../creusot-contracts/src/logic/ord.rs" 150 8 150 24] (* <(A, B) as logic::ord::OrdLogic> *) - let%span sord0 = "../../../creusot-contracts/src/logic/ord.rs" 150 8 150 24 - let%span sord1 = "../../../creusot-contracts/src/logic/ord.rs" 263 8 270 11 +module M_creusot_contracts__stdqy35z1__option__qyi10751279649878241649__antisym1__refines [#"../../../creusot-contracts/src/logic/ord.rs" 163 8 163 37] (* as logic::ord::OrdLogic> *) + let%span sord0 = "../../../creusot-contracts/src/logic/ord.rs" 163 8 163 37 + let%span soption1 = "../../../creusot-contracts/src/std/option.rs" 437 8 442 9 let%span sord2 = "../../../creusot-contracts/src/logic/ord.rs" 29 14 29 64 let%span sord3 = "../../../creusot-contracts/src/logic/ord.rs" 40 14 40 61 let%span sord4 = "../../../creusot-contracts/src/logic/ord.rs" 51 14 51 61 @@ -19466,132 +19121,176 @@ module M_creusot_contracts__logic__ord__qyi1910662420989811789__refl__refines [# let%span sord13 = "../../../creusot-contracts/src/logic/ord.rs" 90 14 90 44 let%span sord14 = "../../../creusot-contracts/src/logic/ord.rs" 95 14 95 59 - type t_A'0 + type t_T'0 - type t_B'0 + type t_Option'0 = + | C_None'0 + | C_Some'0 t_T'0 type t_Ordering'0 = | C_Less'0 | C_Equal'0 | C_Greater'0 - function cmp_log'1 [#"../../../creusot-contracts/src/logic/ord.rs" 19 4 19 46] (self : t_A'0) (other : t_A'0) : t_Ordering'0 + function cmp_log'1 [#"../../../creusot-contracts/src/logic/ord.rs" 19 4 19 46] (self : t_T'0) (other : t_T'0) : t_Ordering'0 - function eq_cmp'0 [#"../../../creusot-contracts/src/logic/ord.rs" 96 4 96 32] (x : t_A'0) (y : t_A'0) : () + function eq_cmp'0 [#"../../../creusot-contracts/src/logic/ord.rs" 96 4 96 32] (x : t_T'0) (y : t_T'0) : () - axiom eq_cmp'0_spec : forall x : t_A'0, y : t_A'0 . [%#sord14] (x = y) = (cmp_log'1 x y = C_Equal'0) + axiom eq_cmp'0_spec : forall x : t_T'0, y : t_T'0 . [%#sord14] (x = y) = (cmp_log'1 x y = C_Equal'0) - function antisym2'0 [#"../../../creusot-contracts/src/logic/ord.rs" 91 4 91 34] (x : t_A'0) (y : t_A'0) : () + function antisym2'0 [#"../../../creusot-contracts/src/logic/ord.rs" 91 4 91 34] (x : t_T'0) (y : t_T'0) : () - axiom antisym2'0_spec : forall x : t_A'0, y : t_A'0 . ([%#sord12] cmp_log'1 x y = C_Greater'0) + axiom antisym2'0_spec : forall x : t_T'0, y : t_T'0 . ([%#sord12] cmp_log'1 x y = C_Greater'0) -> ([%#sord13] cmp_log'1 y x = C_Less'0) - function antisym1'0 [#"../../../creusot-contracts/src/logic/ord.rs" 83 4 83 34] (x : t_A'0) (y : t_A'0) : () + function antisym1'1 [#"../../../creusot-contracts/src/logic/ord.rs" 83 4 83 34] (x : t_T'0) (y : t_T'0) : () - axiom antisym1'0_spec : forall x : t_A'0, y : t_A'0 . ([%#sord10] cmp_log'1 x y = C_Less'0) + axiom antisym1'1_spec : forall x : t_T'0, y : t_T'0 . ([%#sord10] cmp_log'1 x y = C_Less'0) -> ([%#sord11] cmp_log'1 y x = C_Greater'0) - function trans'0 [#"../../../creusot-contracts/src/logic/ord.rs" 75 4 75 53] (x : t_A'0) (y : t_A'0) (z : t_A'0) (o : t_Ordering'0) : () + function trans'0 [#"../../../creusot-contracts/src/logic/ord.rs" 75 4 75 53] (x : t_T'0) (y : t_T'0) (z : t_T'0) (o : t_Ordering'0) : () - axiom trans'0_spec : forall x : t_A'0, y : t_A'0, z : t_A'0, o : t_Ordering'0 . ([%#sord7] cmp_log'1 x y = o) + axiom trans'0_spec : forall x : t_T'0, y : t_T'0, z : t_T'0, o : t_Ordering'0 . ([%#sord7] cmp_log'1 x y = o) -> ([%#sord8] cmp_log'1 y z = o) -> ([%#sord9] cmp_log'1 x z = o) - function refl'1 [#"../../../creusot-contracts/src/logic/ord.rs" 68 4 68 21] (x : t_A'0) : () + function refl'0 [#"../../../creusot-contracts/src/logic/ord.rs" 68 4 68 21] (x : t_T'0) : () - axiom refl'1_spec : forall x : t_A'0 . [%#sord6] cmp_log'1 x x = C_Equal'0 + axiom refl'0_spec : forall x : t_T'0 . [%#sord6] cmp_log'1 x x = C_Equal'0 - function gt_log'0 [#"../../../creusot-contracts/src/logic/ord.rs" 57 4 57 36] (self : t_A'0) (o : t_A'0) : bool + function gt_log'0 [#"../../../creusot-contracts/src/logic/ord.rs" 57 4 57 36] (self : t_T'0) (o : t_T'0) : bool - function cmp_gt_log'0 [#"../../../creusot-contracts/src/logic/ord.rs" 63 4 63 36] (x : t_A'0) (y : t_A'0) : () + function cmp_gt_log'0 [#"../../../creusot-contracts/src/logic/ord.rs" 63 4 63 36] (x : t_T'0) (y : t_T'0) : () - axiom cmp_gt_log'0_spec : forall x : t_A'0, y : t_A'0 . [%#sord5] gt_log'0 x y = (cmp_log'1 x y = C_Greater'0) + axiom cmp_gt_log'0_spec : forall x : t_T'0, y : t_T'0 . [%#sord5] gt_log'0 x y = (cmp_log'1 x y = C_Greater'0) - function ge_log'0 [#"../../../creusot-contracts/src/logic/ord.rs" 46 4 46 36] (self : t_A'0) (o : t_A'0) : bool + function ge_log'0 [#"../../../creusot-contracts/src/logic/ord.rs" 46 4 46 36] (self : t_T'0) (o : t_T'0) : bool - function cmp_ge_log'0 [#"../../../creusot-contracts/src/logic/ord.rs" 52 4 52 36] (x : t_A'0) (y : t_A'0) : () + function cmp_ge_log'0 [#"../../../creusot-contracts/src/logic/ord.rs" 52 4 52 36] (x : t_T'0) (y : t_T'0) : () - axiom cmp_ge_log'0_spec : forall x : t_A'0, y : t_A'0 . [%#sord4] ge_log'0 x y = (cmp_log'1 x y <> C_Less'0) + axiom cmp_ge_log'0_spec : forall x : t_T'0, y : t_T'0 . [%#sord4] ge_log'0 x y = (cmp_log'1 x y <> C_Less'0) - function lt_log'0 [#"../../../creusot-contracts/src/logic/ord.rs" 35 4 35 36] (self : t_A'0) (o : t_A'0) : bool + function lt_log'0 [#"../../../creusot-contracts/src/logic/ord.rs" 35 4 35 36] (self : t_T'0) (o : t_T'0) : bool - function cmp_lt_log'0 [#"../../../creusot-contracts/src/logic/ord.rs" 41 4 41 36] (x : t_A'0) (y : t_A'0) : () + function cmp_lt_log'0 [#"../../../creusot-contracts/src/logic/ord.rs" 41 4 41 36] (x : t_T'0) (y : t_T'0) : () - axiom cmp_lt_log'0_spec : forall x : t_A'0, y : t_A'0 . [%#sord3] lt_log'0 x y = (cmp_log'1 x y = C_Less'0) + axiom cmp_lt_log'0_spec : forall x : t_T'0, y : t_T'0 . [%#sord3] lt_log'0 x y = (cmp_log'1 x y = C_Less'0) - function le_log'0 [#"../../../creusot-contracts/src/logic/ord.rs" 24 4 24 36] (self : t_A'0) (o : t_A'0) : bool + function le_log'0 [#"../../../creusot-contracts/src/logic/ord.rs" 24 4 24 36] (self : t_T'0) (o : t_T'0) : bool - function cmp_le_log'0 [#"../../../creusot-contracts/src/logic/ord.rs" 30 4 30 36] (x : t_A'0) (y : t_A'0) : () + function cmp_le_log'0 [#"../../../creusot-contracts/src/logic/ord.rs" 30 4 30 36] (x : t_T'0) (y : t_T'0) : () - axiom cmp_le_log'0_spec : forall x : t_A'0, y : t_A'0 . [%#sord2] le_log'0 x y = (cmp_log'1 x y <> C_Greater'0) + axiom cmp_le_log'0_spec : forall x : t_T'0, y : t_T'0 . [%#sord2] le_log'0 x y = (cmp_log'1 x y <> C_Greater'0) - function cmp_log'2 [#"../../../creusot-contracts/src/logic/ord.rs" 19 4 19 46] (self : t_B'0) (other : t_B'0) : t_Ordering'0 + function cmp_log'0 [#"../../../creusot-contracts/src/std/option.rs" 436 4 436 41] (self : t_Option'0) (o : t_Option'0) : t_Ordering'0 + = + [%#soption1] match (self, o) with + | (C_None'0, C_None'0) -> C_Equal'0 + | (C_None'0, C_Some'0 _) -> C_Less'0 + | (C_Some'0 _, C_None'0) -> C_Greater'0 + | (C_Some'0 x, C_Some'0 y) -> cmp_log'1 x y + end - function eq_cmp'1 [#"../../../creusot-contracts/src/logic/ord.rs" 96 4 96 32] (x : t_B'0) (y : t_B'0) : () + goal refines : [%#sord0] forall x : t_Option'0 . forall y : t_Option'0 . cmp_log'0 x y = C_Less'0 + -> cmp_log'0 x y = C_Less'0 /\ (forall result : () . cmp_log'0 y x = C_Greater'0 -> cmp_log'0 y x = C_Greater'0) +end +module M_creusot_contracts__stdqy35z1__option__qyi10751279649878241649__refl__refines [#"../../../creusot-contracts/src/logic/ord.rs" 150 8 150 24] (* as logic::ord::OrdLogic> *) + let%span sord0 = "../../../creusot-contracts/src/logic/ord.rs" 150 8 150 24 + let%span soption1 = "../../../creusot-contracts/src/std/option.rs" 437 8 442 9 + let%span sord2 = "../../../creusot-contracts/src/logic/ord.rs" 29 14 29 64 + let%span sord3 = "../../../creusot-contracts/src/logic/ord.rs" 40 14 40 61 + let%span sord4 = "../../../creusot-contracts/src/logic/ord.rs" 51 14 51 61 + let%span sord5 = "../../../creusot-contracts/src/logic/ord.rs" 62 14 62 64 + let%span sord6 = "../../../creusot-contracts/src/logic/ord.rs" 67 14 67 45 + let%span sord7 = "../../../creusot-contracts/src/logic/ord.rs" 72 15 72 32 + let%span sord8 = "../../../creusot-contracts/src/logic/ord.rs" 73 15 73 32 + let%span sord9 = "../../../creusot-contracts/src/logic/ord.rs" 74 14 74 31 + let%span sord10 = "../../../creusot-contracts/src/logic/ord.rs" 81 15 81 45 + let%span sord11 = "../../../creusot-contracts/src/logic/ord.rs" 82 14 82 47 + let%span sord12 = "../../../creusot-contracts/src/logic/ord.rs" 89 15 89 48 + let%span sord13 = "../../../creusot-contracts/src/logic/ord.rs" 90 14 90 44 + let%span sord14 = "../../../creusot-contracts/src/logic/ord.rs" 95 14 95 59 - axiom eq_cmp'1_spec : forall x : t_B'0, y : t_B'0 . [%#sord14] (x = y) = (cmp_log'2 x y = C_Equal'0) + type t_T'0 - function antisym2'1 [#"../../../creusot-contracts/src/logic/ord.rs" 91 4 91 34] (x : t_B'0) (y : t_B'0) : () + type t_Option'0 = + | C_None'0 + | C_Some'0 t_T'0 - axiom antisym2'1_spec : forall x : t_B'0, y : t_B'0 . ([%#sord12] cmp_log'2 x y = C_Greater'0) - -> ([%#sord13] cmp_log'2 y x = C_Less'0) + type t_Ordering'0 = + | C_Less'0 + | C_Equal'0 + | C_Greater'0 - function antisym1'1 [#"../../../creusot-contracts/src/logic/ord.rs" 83 4 83 34] (x : t_B'0) (y : t_B'0) : () + function cmp_log'1 [#"../../../creusot-contracts/src/logic/ord.rs" 19 4 19 46] (self : t_T'0) (other : t_T'0) : t_Ordering'0 + - axiom antisym1'1_spec : forall x : t_B'0, y : t_B'0 . ([%#sord10] cmp_log'2 x y = C_Less'0) - -> ([%#sord11] cmp_log'2 y x = C_Greater'0) + function eq_cmp'0 [#"../../../creusot-contracts/src/logic/ord.rs" 96 4 96 32] (x : t_T'0) (y : t_T'0) : () - function trans'1 [#"../../../creusot-contracts/src/logic/ord.rs" 75 4 75 53] (x : t_B'0) (y : t_B'0) (z : t_B'0) (o : t_Ordering'0) : () + axiom eq_cmp'0_spec : forall x : t_T'0, y : t_T'0 . [%#sord14] (x = y) = (cmp_log'1 x y = C_Equal'0) + + function antisym2'0 [#"../../../creusot-contracts/src/logic/ord.rs" 91 4 91 34] (x : t_T'0) (y : t_T'0) : () + + axiom antisym2'0_spec : forall x : t_T'0, y : t_T'0 . ([%#sord12] cmp_log'1 x y = C_Greater'0) + -> ([%#sord13] cmp_log'1 y x = C_Less'0) + + function antisym1'0 [#"../../../creusot-contracts/src/logic/ord.rs" 83 4 83 34] (x : t_T'0) (y : t_T'0) : () + + axiom antisym1'0_spec : forall x : t_T'0, y : t_T'0 . ([%#sord10] cmp_log'1 x y = C_Less'0) + -> ([%#sord11] cmp_log'1 y x = C_Greater'0) + + function trans'0 [#"../../../creusot-contracts/src/logic/ord.rs" 75 4 75 53] (x : t_T'0) (y : t_T'0) (z : t_T'0) (o : t_Ordering'0) : () - axiom trans'1_spec : forall x : t_B'0, y : t_B'0, z : t_B'0, o : t_Ordering'0 . ([%#sord7] cmp_log'2 x y = o) - -> ([%#sord8] cmp_log'2 y z = o) -> ([%#sord9] cmp_log'2 x z = o) + axiom trans'0_spec : forall x : t_T'0, y : t_T'0, z : t_T'0, o : t_Ordering'0 . ([%#sord7] cmp_log'1 x y = o) + -> ([%#sord8] cmp_log'1 y z = o) -> ([%#sord9] cmp_log'1 x z = o) - function refl'2 [#"../../../creusot-contracts/src/logic/ord.rs" 68 4 68 21] (x : t_B'0) : () + function refl'1 [#"../../../creusot-contracts/src/logic/ord.rs" 68 4 68 21] (x : t_T'0) : () - axiom refl'2_spec : forall x : t_B'0 . [%#sord6] cmp_log'2 x x = C_Equal'0 + axiom refl'1_spec : forall x : t_T'0 . [%#sord6] cmp_log'1 x x = C_Equal'0 - function gt_log'1 [#"../../../creusot-contracts/src/logic/ord.rs" 57 4 57 36] (self : t_B'0) (o : t_B'0) : bool + function gt_log'0 [#"../../../creusot-contracts/src/logic/ord.rs" 57 4 57 36] (self : t_T'0) (o : t_T'0) : bool - function cmp_gt_log'1 [#"../../../creusot-contracts/src/logic/ord.rs" 63 4 63 36] (x : t_B'0) (y : t_B'0) : () + function cmp_gt_log'0 [#"../../../creusot-contracts/src/logic/ord.rs" 63 4 63 36] (x : t_T'0) (y : t_T'0) : () - axiom cmp_gt_log'1_spec : forall x : t_B'0, y : t_B'0 . [%#sord5] gt_log'1 x y = (cmp_log'2 x y = C_Greater'0) + axiom cmp_gt_log'0_spec : forall x : t_T'0, y : t_T'0 . [%#sord5] gt_log'0 x y = (cmp_log'1 x y = C_Greater'0) - function ge_log'1 [#"../../../creusot-contracts/src/logic/ord.rs" 46 4 46 36] (self : t_B'0) (o : t_B'0) : bool + function ge_log'0 [#"../../../creusot-contracts/src/logic/ord.rs" 46 4 46 36] (self : t_T'0) (o : t_T'0) : bool - function cmp_ge_log'1 [#"../../../creusot-contracts/src/logic/ord.rs" 52 4 52 36] (x : t_B'0) (y : t_B'0) : () + function cmp_ge_log'0 [#"../../../creusot-contracts/src/logic/ord.rs" 52 4 52 36] (x : t_T'0) (y : t_T'0) : () - axiom cmp_ge_log'1_spec : forall x : t_B'0, y : t_B'0 . [%#sord4] ge_log'1 x y = (cmp_log'2 x y <> C_Less'0) + axiom cmp_ge_log'0_spec : forall x : t_T'0, y : t_T'0 . [%#sord4] ge_log'0 x y = (cmp_log'1 x y <> C_Less'0) - function lt_log'1 [#"../../../creusot-contracts/src/logic/ord.rs" 35 4 35 36] (self : t_B'0) (o : t_B'0) : bool + function lt_log'0 [#"../../../creusot-contracts/src/logic/ord.rs" 35 4 35 36] (self : t_T'0) (o : t_T'0) : bool - function cmp_lt_log'1 [#"../../../creusot-contracts/src/logic/ord.rs" 41 4 41 36] (x : t_B'0) (y : t_B'0) : () + function cmp_lt_log'0 [#"../../../creusot-contracts/src/logic/ord.rs" 41 4 41 36] (x : t_T'0) (y : t_T'0) : () - axiom cmp_lt_log'1_spec : forall x : t_B'0, y : t_B'0 . [%#sord3] lt_log'1 x y = (cmp_log'2 x y = C_Less'0) + axiom cmp_lt_log'0_spec : forall x : t_T'0, y : t_T'0 . [%#sord3] lt_log'0 x y = (cmp_log'1 x y = C_Less'0) - function le_log'1 [#"../../../creusot-contracts/src/logic/ord.rs" 24 4 24 36] (self : t_B'0) (o : t_B'0) : bool + function le_log'0 [#"../../../creusot-contracts/src/logic/ord.rs" 24 4 24 36] (self : t_T'0) (o : t_T'0) : bool - function cmp_le_log'1 [#"../../../creusot-contracts/src/logic/ord.rs" 30 4 30 36] (x : t_B'0) (y : t_B'0) : () + function cmp_le_log'0 [#"../../../creusot-contracts/src/logic/ord.rs" 30 4 30 36] (x : t_T'0) (y : t_T'0) : () - axiom cmp_le_log'1_spec : forall x : t_B'0, y : t_B'0 . [%#sord2] le_log'1 x y = (cmp_log'2 x y <> C_Greater'0) + axiom cmp_le_log'0_spec : forall x : t_T'0, y : t_T'0 . [%#sord2] le_log'0 x y = (cmp_log'1 x y <> C_Greater'0) - function cmp_log'0 [#"../../../creusot-contracts/src/logic/ord.rs" 262 4 262 41] (self : (t_A'0, t_B'0)) (o : (t_A'0, t_B'0)) : t_Ordering'0 + function cmp_log'0 [#"../../../creusot-contracts/src/std/option.rs" 436 4 436 41] (self : t_Option'0) (o : t_Option'0) : t_Ordering'0 = - [%#sord1] let r = cmp_log'1 (let (a, _) = self in a) (let (a, _) = o in a) in if r = C_Equal'0 then - cmp_log'2 (let (_, a) = self in a) (let (_, a) = o in a) - else - r - + [%#soption1] match (self, o) with + | (C_None'0, C_None'0) -> C_Equal'0 + | (C_None'0, C_Some'0 _) -> C_Less'0 + | (C_Some'0 _, C_None'0) -> C_Greater'0 + | (C_Some'0 x, C_Some'0 y) -> cmp_log'1 x y + end - goal refines : [%#sord0] forall x : (t_A'0, t_B'0) . forall result : () . cmp_log'0 x x = C_Equal'0 + goal refines : [%#sord0] forall x : t_Option'0 . forall result : () . cmp_log'0 x x = C_Equal'0 -> cmp_log'0 x x = C_Equal'0 end -module M_creusot_contracts__logic__ord__qyi1910662420989811789__trans__refines [#"../../../creusot-contracts/src/logic/ord.rs" 157 8 157 56] (* <(A, B) as logic::ord::OrdLogic> *) +module M_creusot_contracts__stdqy35z1__option__qyi10751279649878241649__trans__refines [#"../../../creusot-contracts/src/logic/ord.rs" 157 8 157 56] (* as logic::ord::OrdLogic> *) let%span sord0 = "../../../creusot-contracts/src/logic/ord.rs" 157 8 157 56 - let%span sord1 = "../../../creusot-contracts/src/logic/ord.rs" 263 8 270 11 + let%span soption1 = "../../../creusot-contracts/src/std/option.rs" 437 8 442 9 let%span sord2 = "../../../creusot-contracts/src/logic/ord.rs" 29 14 29 64 let%span sord3 = "../../../creusot-contracts/src/logic/ord.rs" 40 14 40 61 let%span sord4 = "../../../creusot-contracts/src/logic/ord.rs" 51 14 51 61 @@ -19606,4521 +19305,5178 @@ module M_creusot_contracts__logic__ord__qyi1910662420989811789__trans__refines [ let%span sord13 = "../../../creusot-contracts/src/logic/ord.rs" 90 14 90 44 let%span sord14 = "../../../creusot-contracts/src/logic/ord.rs" 95 14 95 59 - type t_A'0 + type t_T'0 - type t_B'0 + type t_Option'0 = + | C_None'0 + | C_Some'0 t_T'0 type t_Ordering'0 = | C_Less'0 | C_Equal'0 | C_Greater'0 - function cmp_log'1 [#"../../../creusot-contracts/src/logic/ord.rs" 19 4 19 46] (self : t_A'0) (other : t_A'0) : t_Ordering'0 + function cmp_log'1 [#"../../../creusot-contracts/src/logic/ord.rs" 19 4 19 46] (self : t_T'0) (other : t_T'0) : t_Ordering'0 - function eq_cmp'0 [#"../../../creusot-contracts/src/logic/ord.rs" 96 4 96 32] (x : t_A'0) (y : t_A'0) : () + function eq_cmp'0 [#"../../../creusot-contracts/src/logic/ord.rs" 96 4 96 32] (x : t_T'0) (y : t_T'0) : () - axiom eq_cmp'0_spec : forall x : t_A'0, y : t_A'0 . [%#sord14] (x = y) = (cmp_log'1 x y = C_Equal'0) + axiom eq_cmp'0_spec : forall x : t_T'0, y : t_T'0 . [%#sord14] (x = y) = (cmp_log'1 x y = C_Equal'0) - function antisym2'0 [#"../../../creusot-contracts/src/logic/ord.rs" 91 4 91 34] (x : t_A'0) (y : t_A'0) : () + function antisym2'0 [#"../../../creusot-contracts/src/logic/ord.rs" 91 4 91 34] (x : t_T'0) (y : t_T'0) : () - axiom antisym2'0_spec : forall x : t_A'0, y : t_A'0 . ([%#sord12] cmp_log'1 x y = C_Greater'0) + axiom antisym2'0_spec : forall x : t_T'0, y : t_T'0 . ([%#sord12] cmp_log'1 x y = C_Greater'0) -> ([%#sord13] cmp_log'1 y x = C_Less'0) - function antisym1'0 [#"../../../creusot-contracts/src/logic/ord.rs" 83 4 83 34] (x : t_A'0) (y : t_A'0) : () + function antisym1'0 [#"../../../creusot-contracts/src/logic/ord.rs" 83 4 83 34] (x : t_T'0) (y : t_T'0) : () - axiom antisym1'0_spec : forall x : t_A'0, y : t_A'0 . ([%#sord10] cmp_log'1 x y = C_Less'0) + axiom antisym1'0_spec : forall x : t_T'0, y : t_T'0 . ([%#sord10] cmp_log'1 x y = C_Less'0) -> ([%#sord11] cmp_log'1 y x = C_Greater'0) - function trans'1 [#"../../../creusot-contracts/src/logic/ord.rs" 75 4 75 53] (x : t_A'0) (y : t_A'0) (z : t_A'0) (o : t_Ordering'0) : () + function trans'1 [#"../../../creusot-contracts/src/logic/ord.rs" 75 4 75 53] (x : t_T'0) (y : t_T'0) (z : t_T'0) (o : t_Ordering'0) : () - axiom trans'1_spec : forall x : t_A'0, y : t_A'0, z : t_A'0, o : t_Ordering'0 . ([%#sord7] cmp_log'1 x y = o) + axiom trans'1_spec : forall x : t_T'0, y : t_T'0, z : t_T'0, o : t_Ordering'0 . ([%#sord7] cmp_log'1 x y = o) -> ([%#sord8] cmp_log'1 y z = o) -> ([%#sord9] cmp_log'1 x z = o) - function refl'0 [#"../../../creusot-contracts/src/logic/ord.rs" 68 4 68 21] (x : t_A'0) : () + function refl'0 [#"../../../creusot-contracts/src/logic/ord.rs" 68 4 68 21] (x : t_T'0) : () - axiom refl'0_spec : forall x : t_A'0 . [%#sord6] cmp_log'1 x x = C_Equal'0 + axiom refl'0_spec : forall x : t_T'0 . [%#sord6] cmp_log'1 x x = C_Equal'0 - function gt_log'0 [#"../../../creusot-contracts/src/logic/ord.rs" 57 4 57 36] (self : t_A'0) (o : t_A'0) : bool + function gt_log'0 [#"../../../creusot-contracts/src/logic/ord.rs" 57 4 57 36] (self : t_T'0) (o : t_T'0) : bool - function cmp_gt_log'0 [#"../../../creusot-contracts/src/logic/ord.rs" 63 4 63 36] (x : t_A'0) (y : t_A'0) : () + function cmp_gt_log'0 [#"../../../creusot-contracts/src/logic/ord.rs" 63 4 63 36] (x : t_T'0) (y : t_T'0) : () - axiom cmp_gt_log'0_spec : forall x : t_A'0, y : t_A'0 . [%#sord5] gt_log'0 x y = (cmp_log'1 x y = C_Greater'0) + axiom cmp_gt_log'0_spec : forall x : t_T'0, y : t_T'0 . [%#sord5] gt_log'0 x y = (cmp_log'1 x y = C_Greater'0) - function ge_log'0 [#"../../../creusot-contracts/src/logic/ord.rs" 46 4 46 36] (self : t_A'0) (o : t_A'0) : bool + function ge_log'0 [#"../../../creusot-contracts/src/logic/ord.rs" 46 4 46 36] (self : t_T'0) (o : t_T'0) : bool - function cmp_ge_log'0 [#"../../../creusot-contracts/src/logic/ord.rs" 52 4 52 36] (x : t_A'0) (y : t_A'0) : () + function cmp_ge_log'0 [#"../../../creusot-contracts/src/logic/ord.rs" 52 4 52 36] (x : t_T'0) (y : t_T'0) : () - axiom cmp_ge_log'0_spec : forall x : t_A'0, y : t_A'0 . [%#sord4] ge_log'0 x y = (cmp_log'1 x y <> C_Less'0) + axiom cmp_ge_log'0_spec : forall x : t_T'0, y : t_T'0 . [%#sord4] ge_log'0 x y = (cmp_log'1 x y <> C_Less'0) - function lt_log'0 [#"../../../creusot-contracts/src/logic/ord.rs" 35 4 35 36] (self : t_A'0) (o : t_A'0) : bool + function lt_log'0 [#"../../../creusot-contracts/src/logic/ord.rs" 35 4 35 36] (self : t_T'0) (o : t_T'0) : bool - function cmp_lt_log'0 [#"../../../creusot-contracts/src/logic/ord.rs" 41 4 41 36] (x : t_A'0) (y : t_A'0) : () + function cmp_lt_log'0 [#"../../../creusot-contracts/src/logic/ord.rs" 41 4 41 36] (x : t_T'0) (y : t_T'0) : () - axiom cmp_lt_log'0_spec : forall x : t_A'0, y : t_A'0 . [%#sord3] lt_log'0 x y = (cmp_log'1 x y = C_Less'0) + axiom cmp_lt_log'0_spec : forall x : t_T'0, y : t_T'0 . [%#sord3] lt_log'0 x y = (cmp_log'1 x y = C_Less'0) - function le_log'0 [#"../../../creusot-contracts/src/logic/ord.rs" 24 4 24 36] (self : t_A'0) (o : t_A'0) : bool + function le_log'0 [#"../../../creusot-contracts/src/logic/ord.rs" 24 4 24 36] (self : t_T'0) (o : t_T'0) : bool - function cmp_le_log'0 [#"../../../creusot-contracts/src/logic/ord.rs" 30 4 30 36] (x : t_A'0) (y : t_A'0) : () + function cmp_le_log'0 [#"../../../creusot-contracts/src/logic/ord.rs" 30 4 30 36] (x : t_T'0) (y : t_T'0) : () - axiom cmp_le_log'0_spec : forall x : t_A'0, y : t_A'0 . [%#sord2] le_log'0 x y = (cmp_log'1 x y <> C_Greater'0) + axiom cmp_le_log'0_spec : forall x : t_T'0, y : t_T'0 . [%#sord2] le_log'0 x y = (cmp_log'1 x y <> C_Greater'0) - function cmp_log'2 [#"../../../creusot-contracts/src/logic/ord.rs" 19 4 19 46] (self : t_B'0) (other : t_B'0) : t_Ordering'0 + function cmp_log'0 [#"../../../creusot-contracts/src/std/option.rs" 436 4 436 41] (self : t_Option'0) (o : t_Option'0) : t_Ordering'0 + = + [%#soption1] match (self, o) with + | (C_None'0, C_None'0) -> C_Equal'0 + | (C_None'0, C_Some'0 _) -> C_Less'0 + | (C_Some'0 _, C_None'0) -> C_Greater'0 + | (C_Some'0 x, C_Some'0 y) -> cmp_log'1 x y + end - function eq_cmp'1 [#"../../../creusot-contracts/src/logic/ord.rs" 96 4 96 32] (x : t_B'0) (y : t_B'0) : () - - axiom eq_cmp'1_spec : forall x : t_B'0, y : t_B'0 . [%#sord14] (x = y) = (cmp_log'2 x y = C_Equal'0) + goal refines : [%#sord0] forall x : t_Option'0 . forall y : t_Option'0 . forall z : t_Option'0 . forall o : t_Ordering'0 . cmp_log'0 y z + = o + /\ cmp_log'0 x y = o + -> cmp_log'0 y z = o /\ cmp_log'0 x y = o /\ (forall result : () . cmp_log'0 x z = o -> cmp_log'0 x z = o) +end +module M_creusot_contracts__num_rational__qyi7156484438548626841__cmp_le_log__refines [#"../../../creusot-contracts/src/logic/ord.rs" 130 8 130 39] (* *) + let%span sord0 = "../../../creusot-contracts/src/logic/ord.rs" 130 8 130 39 + let%span snum_rational1 = "../../../creusot-contracts/src/num_rational.rs" 29 4 29 12 - function antisym2'1 [#"../../../creusot-contracts/src/logic/ord.rs" 91 4 91 34] (x : t_B'0) (y : t_B'0) : () + use prelude.prelude.Real - axiom antisym2'1_spec : forall x : t_B'0, y : t_B'0 . ([%#sord12] cmp_log'2 x y = C_Greater'0) - -> ([%#sord13] cmp_log'2 y x = C_Less'0) + use prelude.prelude.Real - function antisym1'1 [#"../../../creusot-contracts/src/logic/ord.rs" 83 4 83 34] (x : t_B'0) (y : t_B'0) : () + type t_Ordering'0 = + | C_Less'0 + | C_Equal'0 + | C_Greater'0 - axiom antisym1'1_spec : forall x : t_B'0, y : t_B'0 . ([%#sord10] cmp_log'2 x y = C_Less'0) - -> ([%#sord11] cmp_log'2 y x = C_Greater'0) + use prelude.prelude.Real - function trans'2 [#"../../../creusot-contracts/src/logic/ord.rs" 75 4 75 53] (x : t_B'0) (y : t_B'0) (z : t_B'0) (o : t_Ordering'0) : () + function cmp_log'0 [#"../../../creusot-contracts/src/num_rational.rs" 31 4 31 41] (self : Real.real) (o : Real.real) : t_Ordering'0 + = + [%#snum_rational1] if Real.(<) self o then C_Less'0 else if self = o then C_Equal'0 else C_Greater'0 - axiom trans'2_spec : forall x : t_B'0, y : t_B'0, z : t_B'0, o : t_Ordering'0 . ([%#sord7] cmp_log'2 x y = o) - -> ([%#sord8] cmp_log'2 y z = o) -> ([%#sord9] cmp_log'2 x z = o) + goal refines : [%#sord0] forall x : Real.real . forall y : Real.real . forall result : () . Real.(<=) x y + = (cmp_log'0 x y <> C_Greater'0) -> Real.(<=) x y = (cmp_log'0 x y <> C_Greater'0) +end +module M_creusot_contracts__num_rational__qyi7156484438548626841__eq_cmp__refines [#"../../../creusot-contracts/src/logic/ord.rs" 174 8 174 35] (* *) + let%span sord0 = "../../../creusot-contracts/src/logic/ord.rs" 174 8 174 35 + let%span snum_rational1 = "../../../creusot-contracts/src/num_rational.rs" 29 4 29 12 - function refl'1 [#"../../../creusot-contracts/src/logic/ord.rs" 68 4 68 21] (x : t_B'0) : () + use prelude.prelude.Real - axiom refl'1_spec : forall x : t_B'0 . [%#sord6] cmp_log'2 x x = C_Equal'0 + type t_Ordering'0 = + | C_Less'0 + | C_Equal'0 + | C_Greater'0 - function gt_log'1 [#"../../../creusot-contracts/src/logic/ord.rs" 57 4 57 36] (self : t_B'0) (o : t_B'0) : bool + use prelude.prelude.Real - function cmp_gt_log'1 [#"../../../creusot-contracts/src/logic/ord.rs" 63 4 63 36] (x : t_B'0) (y : t_B'0) : () + function cmp_log'0 [#"../../../creusot-contracts/src/num_rational.rs" 31 4 31 41] (self : Real.real) (o : Real.real) : t_Ordering'0 + + = + [%#snum_rational1] if Real.(<) self o then C_Less'0 else if self = o then C_Equal'0 else C_Greater'0 - axiom cmp_gt_log'1_spec : forall x : t_B'0, y : t_B'0 . [%#sord5] gt_log'1 x y = (cmp_log'2 x y = C_Greater'0) + goal refines : [%#sord0] forall x : Real.real . forall y : Real.real . forall result : () . (x = y) + = (cmp_log'0 x y = C_Equal'0) -> (x = y) = (cmp_log'0 x y = C_Equal'0) +end +module M_creusot_contracts__num_rational__qyi7156484438548626841__cmp_lt_log__refines [#"../../../creusot-contracts/src/logic/ord.rs" 135 8 135 39] (* *) + let%span sord0 = "../../../creusot-contracts/src/logic/ord.rs" 135 8 135 39 + let%span snum_rational1 = "../../../creusot-contracts/src/num_rational.rs" 29 4 29 12 - function ge_log'1 [#"../../../creusot-contracts/src/logic/ord.rs" 46 4 46 36] (self : t_B'0) (o : t_B'0) : bool + use prelude.prelude.Real - function cmp_ge_log'1 [#"../../../creusot-contracts/src/logic/ord.rs" 52 4 52 36] (x : t_B'0) (y : t_B'0) : () + use prelude.prelude.Real - axiom cmp_ge_log'1_spec : forall x : t_B'0, y : t_B'0 . [%#sord4] ge_log'1 x y = (cmp_log'2 x y <> C_Less'0) + type t_Ordering'0 = + | C_Less'0 + | C_Equal'0 + | C_Greater'0 - function lt_log'1 [#"../../../creusot-contracts/src/logic/ord.rs" 35 4 35 36] (self : t_B'0) (o : t_B'0) : bool + function cmp_log'0 [#"../../../creusot-contracts/src/num_rational.rs" 31 4 31 41] (self : Real.real) (o : Real.real) : t_Ordering'0 + + = + [%#snum_rational1] if Real.(<) self o then C_Less'0 else if self = o then C_Equal'0 else C_Greater'0 - function cmp_lt_log'1 [#"../../../creusot-contracts/src/logic/ord.rs" 41 4 41 36] (x : t_B'0) (y : t_B'0) : () + goal refines : [%#sord0] forall x : Real.real . forall y : Real.real . forall result : () . Real.(<) x y + = (cmp_log'0 x y = C_Less'0) -> Real.(<) x y = (cmp_log'0 x y = C_Less'0) +end +module M_creusot_contracts__num_rational__qyi7156484438548626841__cmp_ge_log__refines [#"../../../creusot-contracts/src/logic/ord.rs" 140 8 140 39] (* *) + let%span sord0 = "../../../creusot-contracts/src/logic/ord.rs" 140 8 140 39 + let%span snum_rational1 = "../../../creusot-contracts/src/num_rational.rs" 29 4 29 12 - axiom cmp_lt_log'1_spec : forall x : t_B'0, y : t_B'0 . [%#sord3] lt_log'1 x y = (cmp_log'2 x y = C_Less'0) + use prelude.prelude.Real - function le_log'1 [#"../../../creusot-contracts/src/logic/ord.rs" 24 4 24 36] (self : t_B'0) (o : t_B'0) : bool + use prelude.prelude.Real - function cmp_le_log'1 [#"../../../creusot-contracts/src/logic/ord.rs" 30 4 30 36] (x : t_B'0) (y : t_B'0) : () + type t_Ordering'0 = + | C_Less'0 + | C_Equal'0 + | C_Greater'0 - axiom cmp_le_log'1_spec : forall x : t_B'0, y : t_B'0 . [%#sord2] le_log'1 x y = (cmp_log'2 x y <> C_Greater'0) + use prelude.prelude.Real - function cmp_log'0 [#"../../../creusot-contracts/src/logic/ord.rs" 262 4 262 41] (self : (t_A'0, t_B'0)) (o : (t_A'0, t_B'0)) : t_Ordering'0 + function cmp_log'0 [#"../../../creusot-contracts/src/num_rational.rs" 31 4 31 41] (self : Real.real) (o : Real.real) : t_Ordering'0 = - [%#sord1] let r = cmp_log'1 (let (a, _) = self in a) (let (a, _) = o in a) in if r = C_Equal'0 then - cmp_log'2 (let (_, a) = self in a) (let (_, a) = o in a) - else - r - + [%#snum_rational1] if Real.(<) self o then C_Less'0 else if self = o then C_Equal'0 else C_Greater'0 - goal refines : [%#sord0] forall x : (t_A'0, t_B'0) . forall y : (t_A'0, t_B'0) . forall z : (t_A'0, t_B'0) . forall o : t_Ordering'0 . cmp_log'0 y z - = o - /\ cmp_log'0 x y = o - -> cmp_log'0 y z = o /\ cmp_log'0 x y = o /\ (forall result : () . cmp_log'0 x z = o -> cmp_log'0 x z = o) + goal refines : [%#sord0] forall x : Real.real . forall y : Real.real . forall result : () . Real.(>=) x y + = (cmp_log'0 x y <> C_Less'0) -> Real.(>=) x y = (cmp_log'0 x y <> C_Less'0) end -module M_creusot_contracts__logic__ord__qyi1910662420989811789__cmp_lt_log__refines [#"../../../creusot-contracts/src/logic/ord.rs" 135 8 135 39] (* <(A, B) as logic::ord::OrdLogic> *) - let%span sord0 = "../../../creusot-contracts/src/logic/ord.rs" 135 8 135 39 - let%span sord1 = "../../../creusot-contracts/src/logic/ord.rs" 282 20 282 67 - let%span sord2 = "../../../creusot-contracts/src/logic/ord.rs" 263 8 270 11 - let%span sord3 = "../../../creusot-contracts/src/logic/ord.rs" 29 14 29 64 - let%span sord4 = "../../../creusot-contracts/src/logic/ord.rs" 40 14 40 61 - let%span sord5 = "../../../creusot-contracts/src/logic/ord.rs" 51 14 51 61 - let%span sord6 = "../../../creusot-contracts/src/logic/ord.rs" 62 14 62 64 - let%span sord7 = "../../../creusot-contracts/src/logic/ord.rs" 67 14 67 45 - let%span sord8 = "../../../creusot-contracts/src/logic/ord.rs" 72 15 72 32 - let%span sord9 = "../../../creusot-contracts/src/logic/ord.rs" 73 15 73 32 - let%span sord10 = "../../../creusot-contracts/src/logic/ord.rs" 74 14 74 31 - let%span sord11 = "../../../creusot-contracts/src/logic/ord.rs" 81 15 81 45 - let%span sord12 = "../../../creusot-contracts/src/logic/ord.rs" 82 14 82 47 - let%span sord13 = "../../../creusot-contracts/src/logic/ord.rs" 89 15 89 48 - let%span sord14 = "../../../creusot-contracts/src/logic/ord.rs" 90 14 90 44 - let%span sord15 = "../../../creusot-contracts/src/logic/ord.rs" 95 14 95 59 +module M_creusot_contracts__num_rational__qyi7156484438548626841__cmp_gt_log__refines [#"../../../creusot-contracts/src/logic/ord.rs" 145 8 145 39] (* *) + let%span sord0 = "../../../creusot-contracts/src/logic/ord.rs" 145 8 145 39 + let%span snum_rational1 = "../../../creusot-contracts/src/num_rational.rs" 29 4 29 12 - type t_A'0 + use prelude.prelude.Real - type t_B'0 + use prelude.prelude.Real type t_Ordering'0 = | C_Less'0 | C_Equal'0 | C_Greater'0 - function cmp_log'2 [#"../../../creusot-contracts/src/logic/ord.rs" 19 4 19 46] (self : t_B'0) (other : t_B'0) : t_Ordering'0 - - - function eq_cmp'0 [#"../../../creusot-contracts/src/logic/ord.rs" 96 4 96 32] (x : t_B'0) (y : t_B'0) : () + use prelude.prelude.Real - axiom eq_cmp'0_spec : forall x : t_B'0, y : t_B'0 . [%#sord15] (x = y) = (cmp_log'2 x y = C_Equal'0) + function cmp_log'0 [#"../../../creusot-contracts/src/num_rational.rs" 31 4 31 41] (self : Real.real) (o : Real.real) : t_Ordering'0 + + = + [%#snum_rational1] if Real.(<) self o then C_Less'0 else if self = o then C_Equal'0 else C_Greater'0 - function antisym2'0 [#"../../../creusot-contracts/src/logic/ord.rs" 91 4 91 34] (x : t_B'0) (y : t_B'0) : () + goal refines : [%#sord0] forall x : Real.real . forall y : Real.real . forall result : () . Real.(>) x y + = (cmp_log'0 x y = C_Greater'0) -> Real.(>) x y = (cmp_log'0 x y = C_Greater'0) +end +module M_creusot_contracts__num_rational__qyi7156484438548626841__antisym2__refines [#"../../../creusot-contracts/src/logic/ord.rs" 169 8 169 37] (* *) + let%span sord0 = "../../../creusot-contracts/src/logic/ord.rs" 169 8 169 37 + let%span snum_rational1 = "../../../creusot-contracts/src/num_rational.rs" 29 4 29 12 - axiom antisym2'0_spec : forall x : t_B'0, y : t_B'0 . ([%#sord13] cmp_log'2 x y = C_Greater'0) - -> ([%#sord14] cmp_log'2 y x = C_Less'0) + use prelude.prelude.Real - function antisym1'0 [#"../../../creusot-contracts/src/logic/ord.rs" 83 4 83 34] (x : t_B'0) (y : t_B'0) : () + type t_Ordering'0 = + | C_Less'0 + | C_Equal'0 + | C_Greater'0 - axiom antisym1'0_spec : forall x : t_B'0, y : t_B'0 . ([%#sord11] cmp_log'2 x y = C_Less'0) - -> ([%#sord12] cmp_log'2 y x = C_Greater'0) + use prelude.prelude.Real - function trans'0 [#"../../../creusot-contracts/src/logic/ord.rs" 75 4 75 53] (x : t_B'0) (y : t_B'0) (z : t_B'0) (o : t_Ordering'0) : () + function cmp_log'0 [#"../../../creusot-contracts/src/num_rational.rs" 31 4 31 41] (self : Real.real) (o : Real.real) : t_Ordering'0 + = + [%#snum_rational1] if Real.(<) self o then C_Less'0 else if self = o then C_Equal'0 else C_Greater'0 - axiom trans'0_spec : forall x : t_B'0, y : t_B'0, z : t_B'0, o : t_Ordering'0 . ([%#sord8] cmp_log'2 x y = o) - -> ([%#sord9] cmp_log'2 y z = o) -> ([%#sord10] cmp_log'2 x z = o) + goal refines : [%#sord0] forall x : Real.real . forall y : Real.real . cmp_log'0 x y = C_Greater'0 + -> cmp_log'0 x y = C_Greater'0 /\ (forall result : () . cmp_log'0 y x = C_Less'0 -> cmp_log'0 y x = C_Less'0) +end +module M_creusot_contracts__num_rational__qyi7156484438548626841__trans__refines [#"../../../creusot-contracts/src/logic/ord.rs" 157 8 157 56] (* *) + let%span sord0 = "../../../creusot-contracts/src/logic/ord.rs" 157 8 157 56 + let%span snum_rational1 = "../../../creusot-contracts/src/num_rational.rs" 29 4 29 12 - function refl'0 [#"../../../creusot-contracts/src/logic/ord.rs" 68 4 68 21] (x : t_B'0) : () + use prelude.prelude.Real - axiom refl'0_spec : forall x : t_B'0 . [%#sord7] cmp_log'2 x x = C_Equal'0 + type t_Ordering'0 = + | C_Less'0 + | C_Equal'0 + | C_Greater'0 - function gt_log'0 [#"../../../creusot-contracts/src/logic/ord.rs" 57 4 57 36] (self : t_B'0) (o : t_B'0) : bool + use prelude.prelude.Real - function cmp_gt_log'0 [#"../../../creusot-contracts/src/logic/ord.rs" 63 4 63 36] (x : t_B'0) (y : t_B'0) : () + function cmp_log'0 [#"../../../creusot-contracts/src/num_rational.rs" 31 4 31 41] (self : Real.real) (o : Real.real) : t_Ordering'0 + + = + [%#snum_rational1] if Real.(<) self o then C_Less'0 else if self = o then C_Equal'0 else C_Greater'0 - axiom cmp_gt_log'0_spec : forall x : t_B'0, y : t_B'0 . [%#sord6] gt_log'0 x y = (cmp_log'2 x y = C_Greater'0) + goal refines : [%#sord0] forall x : Real.real . forall y : Real.real . forall z : Real.real . forall o : t_Ordering'0 . cmp_log'0 y z + = o + /\ cmp_log'0 x y = o + -> cmp_log'0 y z = o /\ cmp_log'0 x y = o /\ (forall result : () . cmp_log'0 x z = o -> cmp_log'0 x z = o) +end +module M_creusot_contracts__num_rational__qyi7156484438548626841__antisym1__refines [#"../../../creusot-contracts/src/logic/ord.rs" 163 8 163 37] (* *) + let%span sord0 = "../../../creusot-contracts/src/logic/ord.rs" 163 8 163 37 + let%span snum_rational1 = "../../../creusot-contracts/src/num_rational.rs" 29 4 29 12 - function ge_log'0 [#"../../../creusot-contracts/src/logic/ord.rs" 46 4 46 36] (self : t_B'0) (o : t_B'0) : bool + use prelude.prelude.Real - function cmp_ge_log'0 [#"../../../creusot-contracts/src/logic/ord.rs" 52 4 52 36] (x : t_B'0) (y : t_B'0) : () + type t_Ordering'0 = + | C_Less'0 + | C_Equal'0 + | C_Greater'0 - axiom cmp_ge_log'0_spec : forall x : t_B'0, y : t_B'0 . [%#sord5] ge_log'0 x y = (cmp_log'2 x y <> C_Less'0) + use prelude.prelude.Real - function lt_log'1 [#"../../../creusot-contracts/src/logic/ord.rs" 35 4 35 36] (self : t_B'0) (o : t_B'0) : bool + function cmp_log'0 [#"../../../creusot-contracts/src/num_rational.rs" 31 4 31 41] (self : Real.real) (o : Real.real) : t_Ordering'0 + + = + [%#snum_rational1] if Real.(<) self o then C_Less'0 else if self = o then C_Equal'0 else C_Greater'0 - function cmp_lt_log'1 [#"../../../creusot-contracts/src/logic/ord.rs" 41 4 41 36] (x : t_B'0) (y : t_B'0) : () + goal refines : [%#sord0] forall x : Real.real . forall y : Real.real . cmp_log'0 x y = C_Less'0 + -> cmp_log'0 x y = C_Less'0 /\ (forall result : () . cmp_log'0 y x = C_Greater'0 -> cmp_log'0 y x = C_Greater'0) +end +module M_creusot_contracts__num_rational__qyi7156484438548626841__refl__refines [#"../../../creusot-contracts/src/logic/ord.rs" 150 8 150 24] (* *) + let%span sord0 = "../../../creusot-contracts/src/logic/ord.rs" 150 8 150 24 + let%span snum_rational1 = "../../../creusot-contracts/src/num_rational.rs" 29 4 29 12 - axiom cmp_lt_log'1_spec : forall x : t_B'0, y : t_B'0 . [%#sord4] lt_log'1 x y = (cmp_log'2 x y = C_Less'0) - - function le_log'0 [#"../../../creusot-contracts/src/logic/ord.rs" 24 4 24 36] (self : t_B'0) (o : t_B'0) : bool + use prelude.prelude.Real - function cmp_le_log'0 [#"../../../creusot-contracts/src/logic/ord.rs" 30 4 30 36] (x : t_B'0) (y : t_B'0) : () + type t_Ordering'0 = + | C_Less'0 + | C_Equal'0 + | C_Greater'0 - axiom cmp_le_log'0_spec : forall x : t_B'0, y : t_B'0 . [%#sord3] le_log'0 x y = (cmp_log'2 x y <> C_Greater'0) + use prelude.prelude.Real - function cmp_log'1 [#"../../../creusot-contracts/src/logic/ord.rs" 19 4 19 46] (self : t_A'0) (other : t_A'0) : t_Ordering'0 + function cmp_log'0 [#"../../../creusot-contracts/src/num_rational.rs" 31 4 31 41] (self : Real.real) (o : Real.real) : t_Ordering'0 + = + [%#snum_rational1] if Real.(<) self o then C_Less'0 else if self = o then C_Equal'0 else C_Greater'0 - function eq_cmp'1 [#"../../../creusot-contracts/src/logic/ord.rs" 96 4 96 32] (x : t_A'0) (y : t_A'0) : () - - axiom eq_cmp'1_spec : forall x : t_A'0, y : t_A'0 . [%#sord15] (x = y) = (cmp_log'1 x y = C_Equal'0) - - function antisym2'1 [#"../../../creusot-contracts/src/logic/ord.rs" 91 4 91 34] (x : t_A'0) (y : t_A'0) : () - - axiom antisym2'1_spec : forall x : t_A'0, y : t_A'0 . ([%#sord13] cmp_log'1 x y = C_Greater'0) - -> ([%#sord14] cmp_log'1 y x = C_Less'0) + goal refines : [%#sord0] forall x : Real.real . forall result : () . cmp_log'0 x x = C_Equal'0 + -> cmp_log'0 x x = C_Equal'0 +end +module M_creusot_contracts__logic__ord__qyi8355372356285216375__cmp_ge_log__refines [#"../../../creusot-contracts/src/logic/ord.rs" 140 8 140 39] (* *) + let%span sord0 = "../../../creusot-contracts/src/logic/ord.rs" 140 8 140 39 + let%span sord1 = "../../../creusot-contracts/src/logic/ord.rs" 186 16 192 17 - function antisym1'1 [#"../../../creusot-contracts/src/logic/ord.rs" 83 4 83 34] (x : t_A'0) (y : t_A'0) : () + use prelude.prelude.Int - axiom antisym1'1_spec : forall x : t_A'0, y : t_A'0 . ([%#sord11] cmp_log'1 x y = C_Less'0) - -> ([%#sord12] cmp_log'1 y x = C_Greater'0) + type t_Ordering'0 = + | C_Less'0 + | C_Equal'0 + | C_Greater'0 - function trans'1 [#"../../../creusot-contracts/src/logic/ord.rs" 75 4 75 53] (x : t_A'0) (y : t_A'0) (z : t_A'0) (o : t_Ordering'0) : () + function cmp_log'0 [#"../../../creusot-contracts/src/logic/ord.rs" 185 12 185 49] (self : int) (o : int) : t_Ordering'0 + = + [%#sord1] if self < o then C_Less'0 else if self = o then C_Equal'0 else C_Greater'0 - axiom trans'1_spec : forall x : t_A'0, y : t_A'0, z : t_A'0, o : t_Ordering'0 . ([%#sord8] cmp_log'1 x y = o) - -> ([%#sord9] cmp_log'1 y z = o) -> ([%#sord10] cmp_log'1 x z = o) - - function refl'1 [#"../../../creusot-contracts/src/logic/ord.rs" 68 4 68 21] (x : t_A'0) : () + goal refines : [%#sord0] forall x : int . forall y : int . forall result : () . (x >= y) = (cmp_log'0 x y <> C_Less'0) + -> (x >= y) = (cmp_log'0 x y <> C_Less'0) +end +module M_creusot_contracts__logic__ord__qyi8355372356285216375__refl__refines [#"../../../creusot-contracts/src/logic/ord.rs" 150 8 150 24] (* *) + let%span sord0 = "../../../creusot-contracts/src/logic/ord.rs" 150 8 150 24 + let%span sord1 = "../../../creusot-contracts/src/logic/ord.rs" 186 16 192 17 - axiom refl'1_spec : forall x : t_A'0 . [%#sord7] cmp_log'1 x x = C_Equal'0 + use prelude.prelude.Int - function gt_log'1 [#"../../../creusot-contracts/src/logic/ord.rs" 57 4 57 36] (self : t_A'0) (o : t_A'0) : bool + type t_Ordering'0 = + | C_Less'0 + | C_Equal'0 + | C_Greater'0 - function cmp_gt_log'1 [#"../../../creusot-contracts/src/logic/ord.rs" 63 4 63 36] (x : t_A'0) (y : t_A'0) : () + function cmp_log'0 [#"../../../creusot-contracts/src/logic/ord.rs" 185 12 185 49] (self : int) (o : int) : t_Ordering'0 + + = + [%#sord1] if self < o then C_Less'0 else if self = o then C_Equal'0 else C_Greater'0 - axiom cmp_gt_log'1_spec : forall x : t_A'0, y : t_A'0 . [%#sord6] gt_log'1 x y = (cmp_log'1 x y = C_Greater'0) + goal refines : [%#sord0] forall x : int . forall result : () . cmp_log'0 x x = C_Equal'0 -> cmp_log'0 x x = C_Equal'0 +end +module M_creusot_contracts__logic__ord__qyi8355372356285216375__cmp_gt_log__refines [#"../../../creusot-contracts/src/logic/ord.rs" 145 8 145 39] (* *) + let%span sord0 = "../../../creusot-contracts/src/logic/ord.rs" 145 8 145 39 + let%span sord1 = "../../../creusot-contracts/src/logic/ord.rs" 186 16 192 17 - function ge_log'1 [#"../../../creusot-contracts/src/logic/ord.rs" 46 4 46 36] (self : t_A'0) (o : t_A'0) : bool + use prelude.prelude.Int - function cmp_ge_log'1 [#"../../../creusot-contracts/src/logic/ord.rs" 52 4 52 36] (x : t_A'0) (y : t_A'0) : () + type t_Ordering'0 = + | C_Less'0 + | C_Equal'0 + | C_Greater'0 - axiom cmp_ge_log'1_spec : forall x : t_A'0, y : t_A'0 . [%#sord5] ge_log'1 x y = (cmp_log'1 x y <> C_Less'0) + function cmp_log'0 [#"../../../creusot-contracts/src/logic/ord.rs" 185 12 185 49] (self : int) (o : int) : t_Ordering'0 + + = + [%#sord1] if self < o then C_Less'0 else if self = o then C_Equal'0 else C_Greater'0 - function lt_log'2 [#"../../../creusot-contracts/src/logic/ord.rs" 35 4 35 36] (self : t_A'0) (o : t_A'0) : bool + goal refines : [%#sord0] forall x : int . forall y : int . forall result : () . (x > y) + = (cmp_log'0 x y = C_Greater'0) -> (x > y) = (cmp_log'0 x y = C_Greater'0) +end +module M_creusot_contracts__logic__ord__qyi8355372356285216375__cmp_lt_log__refines [#"../../../creusot-contracts/src/logic/ord.rs" 135 8 135 39] (* *) + let%span sord0 = "../../../creusot-contracts/src/logic/ord.rs" 135 8 135 39 + let%span sord1 = "../../../creusot-contracts/src/logic/ord.rs" 186 16 192 17 - function cmp_lt_log'2 [#"../../../creusot-contracts/src/logic/ord.rs" 41 4 41 36] (x : t_A'0) (y : t_A'0) : () + use prelude.prelude.Int - axiom cmp_lt_log'2_spec : forall x : t_A'0, y : t_A'0 . [%#sord4] lt_log'2 x y = (cmp_log'1 x y = C_Less'0) + type t_Ordering'0 = + | C_Less'0 + | C_Equal'0 + | C_Greater'0 - function le_log'1 [#"../../../creusot-contracts/src/logic/ord.rs" 24 4 24 36] (self : t_A'0) (o : t_A'0) : bool + function cmp_log'0 [#"../../../creusot-contracts/src/logic/ord.rs" 185 12 185 49] (self : int) (o : int) : t_Ordering'0 + + = + [%#sord1] if self < o then C_Less'0 else if self = o then C_Equal'0 else C_Greater'0 - function cmp_le_log'1 [#"../../../creusot-contracts/src/logic/ord.rs" 30 4 30 36] (x : t_A'0) (y : t_A'0) : () + goal refines : [%#sord0] forall x : int . forall y : int . forall result : () . (x < y) = (cmp_log'0 x y = C_Less'0) + -> (x < y) = (cmp_log'0 x y = C_Less'0) +end +module M_creusot_contracts__logic__ord__qyi8355372356285216375__eq_cmp__refines [#"../../../creusot-contracts/src/logic/ord.rs" 174 8 174 35] (* *) + let%span sord0 = "../../../creusot-contracts/src/logic/ord.rs" 174 8 174 35 + let%span sord1 = "../../../creusot-contracts/src/logic/ord.rs" 186 16 192 17 - axiom cmp_le_log'1_spec : forall x : t_A'0, y : t_A'0 . [%#sord3] le_log'1 x y = (cmp_log'1 x y <> C_Greater'0) + use prelude.prelude.Int - function lt_log'0 [#"../../../creusot-contracts/src/logic/ord.rs" 281 4 281 36] (self : (t_A'0, t_B'0)) (o : (t_A'0, t_B'0)) : bool - - = - [%#sord1] (let (a, _) = self in a) = (let (a, _) = o in a) - /\ lt_log'1 (let (_, a) = self in a) (let (_, a) = o in a) - \/ lt_log'2 (let (a, _) = self in a) (let (a, _) = o in a) + type t_Ordering'0 = + | C_Less'0 + | C_Equal'0 + | C_Greater'0 - function cmp_log'0 [#"../../../creusot-contracts/src/logic/ord.rs" 262 4 262 41] (self : (t_A'0, t_B'0)) (o : (t_A'0, t_B'0)) : t_Ordering'0 + function cmp_log'0 [#"../../../creusot-contracts/src/logic/ord.rs" 185 12 185 49] (self : int) (o : int) : t_Ordering'0 = - [%#sord2] let r = cmp_log'1 (let (a, _) = self in a) (let (a, _) = o in a) in if r = C_Equal'0 then - cmp_log'2 (let (_, a) = self in a) (let (_, a) = o in a) - else - r - + [%#sord1] if self < o then C_Less'0 else if self = o then C_Equal'0 else C_Greater'0 - goal refines : [%#sord0] forall x : (t_A'0, t_B'0) . forall y : (t_A'0, t_B'0) . forall result : () . lt_log'0 x y - = (cmp_log'0 x y = C_Less'0) -> lt_log'0 x y = (cmp_log'0 x y = C_Less'0) + goal refines : [%#sord0] forall x : int . forall y : int . forall result : () . (x = y) = (cmp_log'0 x y = C_Equal'0) + -> (x = y) = (cmp_log'0 x y = C_Equal'0) end -module M_creusot_contracts__logic__ord__qyi1910662420989811789__antisym1__refines [#"../../../creusot-contracts/src/logic/ord.rs" 163 8 163 37] (* <(A, B) as logic::ord::OrdLogic> *) +module M_creusot_contracts__logic__ord__qyi8355372356285216375__antisym1__refines [#"../../../creusot-contracts/src/logic/ord.rs" 163 8 163 37] (* *) let%span sord0 = "../../../creusot-contracts/src/logic/ord.rs" 163 8 163 37 - let%span sord1 = "../../../creusot-contracts/src/logic/ord.rs" 263 8 270 11 - let%span sord2 = "../../../creusot-contracts/src/logic/ord.rs" 29 14 29 64 - let%span sord3 = "../../../creusot-contracts/src/logic/ord.rs" 40 14 40 61 - let%span sord4 = "../../../creusot-contracts/src/logic/ord.rs" 51 14 51 61 - let%span sord5 = "../../../creusot-contracts/src/logic/ord.rs" 62 14 62 64 - let%span sord6 = "../../../creusot-contracts/src/logic/ord.rs" 67 14 67 45 - let%span sord7 = "../../../creusot-contracts/src/logic/ord.rs" 72 15 72 32 - let%span sord8 = "../../../creusot-contracts/src/logic/ord.rs" 73 15 73 32 - let%span sord9 = "../../../creusot-contracts/src/logic/ord.rs" 74 14 74 31 - let%span sord10 = "../../../creusot-contracts/src/logic/ord.rs" 81 15 81 45 - let%span sord11 = "../../../creusot-contracts/src/logic/ord.rs" 82 14 82 47 - let%span sord12 = "../../../creusot-contracts/src/logic/ord.rs" 89 15 89 48 - let%span sord13 = "../../../creusot-contracts/src/logic/ord.rs" 90 14 90 44 - let%span sord14 = "../../../creusot-contracts/src/logic/ord.rs" 95 14 95 59 - - type t_A'0 + let%span sord1 = "../../../creusot-contracts/src/logic/ord.rs" 186 16 192 17 - type t_B'0 + use prelude.prelude.Int type t_Ordering'0 = | C_Less'0 | C_Equal'0 | C_Greater'0 - function cmp_log'1 [#"../../../creusot-contracts/src/logic/ord.rs" 19 4 19 46] (self : t_A'0) (other : t_A'0) : t_Ordering'0 + function cmp_log'0 [#"../../../creusot-contracts/src/logic/ord.rs" 185 12 185 49] (self : int) (o : int) : t_Ordering'0 + = + [%#sord1] if self < o then C_Less'0 else if self = o then C_Equal'0 else C_Greater'0 - function eq_cmp'0 [#"../../../creusot-contracts/src/logic/ord.rs" 96 4 96 32] (x : t_A'0) (y : t_A'0) : () - - axiom eq_cmp'0_spec : forall x : t_A'0, y : t_A'0 . [%#sord14] (x = y) = (cmp_log'1 x y = C_Equal'0) - - function antisym2'0 [#"../../../creusot-contracts/src/logic/ord.rs" 91 4 91 34] (x : t_A'0) (y : t_A'0) : () - - axiom antisym2'0_spec : forall x : t_A'0, y : t_A'0 . ([%#sord12] cmp_log'1 x y = C_Greater'0) - -> ([%#sord13] cmp_log'1 y x = C_Less'0) + goal refines : [%#sord0] forall x : int . forall y : int . cmp_log'0 x y = C_Less'0 + -> cmp_log'0 x y = C_Less'0 /\ (forall result : () . cmp_log'0 y x = C_Greater'0 -> cmp_log'0 y x = C_Greater'0) +end +module M_creusot_contracts__logic__ord__qyi8355372356285216375__antisym2__refines [#"../../../creusot-contracts/src/logic/ord.rs" 169 8 169 37] (* *) + let%span sord0 = "../../../creusot-contracts/src/logic/ord.rs" 169 8 169 37 + let%span sord1 = "../../../creusot-contracts/src/logic/ord.rs" 186 16 192 17 - function antisym1'1 [#"../../../creusot-contracts/src/logic/ord.rs" 83 4 83 34] (x : t_A'0) (y : t_A'0) : () + use prelude.prelude.Int - axiom antisym1'1_spec : forall x : t_A'0, y : t_A'0 . ([%#sord10] cmp_log'1 x y = C_Less'0) - -> ([%#sord11] cmp_log'1 y x = C_Greater'0) + type t_Ordering'0 = + | C_Less'0 + | C_Equal'0 + | C_Greater'0 - function trans'0 [#"../../../creusot-contracts/src/logic/ord.rs" 75 4 75 53] (x : t_A'0) (y : t_A'0) (z : t_A'0) (o : t_Ordering'0) : () + function cmp_log'0 [#"../../../creusot-contracts/src/logic/ord.rs" 185 12 185 49] (self : int) (o : int) : t_Ordering'0 + = + [%#sord1] if self < o then C_Less'0 else if self = o then C_Equal'0 else C_Greater'0 - axiom trans'0_spec : forall x : t_A'0, y : t_A'0, z : t_A'0, o : t_Ordering'0 . ([%#sord7] cmp_log'1 x y = o) - -> ([%#sord8] cmp_log'1 y z = o) -> ([%#sord9] cmp_log'1 x z = o) + goal refines : [%#sord0] forall x : int . forall y : int . cmp_log'0 x y = C_Greater'0 + -> cmp_log'0 x y = C_Greater'0 /\ (forall result : () . cmp_log'0 y x = C_Less'0 -> cmp_log'0 y x = C_Less'0) +end +module M_creusot_contracts__logic__ord__qyi8355372356285216375__cmp_le_log__refines [#"../../../creusot-contracts/src/logic/ord.rs" 130 8 130 39] (* *) + let%span sord0 = "../../../creusot-contracts/src/logic/ord.rs" 130 8 130 39 + let%span sord1 = "../../../creusot-contracts/src/logic/ord.rs" 186 16 192 17 - function refl'0 [#"../../../creusot-contracts/src/logic/ord.rs" 68 4 68 21] (x : t_A'0) : () + use prelude.prelude.Int - axiom refl'0_spec : forall x : t_A'0 . [%#sord6] cmp_log'1 x x = C_Equal'0 + type t_Ordering'0 = + | C_Less'0 + | C_Equal'0 + | C_Greater'0 - function gt_log'0 [#"../../../creusot-contracts/src/logic/ord.rs" 57 4 57 36] (self : t_A'0) (o : t_A'0) : bool + function cmp_log'0 [#"../../../creusot-contracts/src/logic/ord.rs" 185 12 185 49] (self : int) (o : int) : t_Ordering'0 + + = + [%#sord1] if self < o then C_Less'0 else if self = o then C_Equal'0 else C_Greater'0 - function cmp_gt_log'0 [#"../../../creusot-contracts/src/logic/ord.rs" 63 4 63 36] (x : t_A'0) (y : t_A'0) : () + goal refines : [%#sord0] forall x : int . forall y : int . forall result : () . (x <= y) + = (cmp_log'0 x y <> C_Greater'0) -> (x <= y) = (cmp_log'0 x y <> C_Greater'0) +end +module M_creusot_contracts__logic__ord__qyi8355372356285216375__trans__refines [#"../../../creusot-contracts/src/logic/ord.rs" 157 8 157 56] (* *) + let%span sord0 = "../../../creusot-contracts/src/logic/ord.rs" 157 8 157 56 + let%span sord1 = "../../../creusot-contracts/src/logic/ord.rs" 186 16 192 17 - axiom cmp_gt_log'0_spec : forall x : t_A'0, y : t_A'0 . [%#sord5] gt_log'0 x y = (cmp_log'1 x y = C_Greater'0) + use prelude.prelude.Int - function ge_log'0 [#"../../../creusot-contracts/src/logic/ord.rs" 46 4 46 36] (self : t_A'0) (o : t_A'0) : bool + type t_Ordering'0 = + | C_Less'0 + | C_Equal'0 + | C_Greater'0 - function cmp_ge_log'0 [#"../../../creusot-contracts/src/logic/ord.rs" 52 4 52 36] (x : t_A'0) (y : t_A'0) : () + function cmp_log'0 [#"../../../creusot-contracts/src/logic/ord.rs" 185 12 185 49] (self : int) (o : int) : t_Ordering'0 + + = + [%#sord1] if self < o then C_Less'0 else if self = o then C_Equal'0 else C_Greater'0 - axiom cmp_ge_log'0_spec : forall x : t_A'0, y : t_A'0 . [%#sord4] ge_log'0 x y = (cmp_log'1 x y <> C_Less'0) + goal refines : [%#sord0] forall x : int . forall y : int . forall z : int . forall o : t_Ordering'0 . cmp_log'0 y z + = o + /\ cmp_log'0 x y = o + -> cmp_log'0 y z = o /\ cmp_log'0 x y = o /\ (forall result : () . cmp_log'0 x z = o -> cmp_log'0 x z = o) +end +module M_creusot_contracts__logic__ord__qyi15418235539824427604__eq_cmp__refines [#"../../../creusot-contracts/src/logic/ord.rs" 174 8 174 35] (* *) + let%span sord0 = "../../../creusot-contracts/src/logic/ord.rs" 174 8 174 35 + let%span sord1 = "../../../creusot-contracts/src/logic/ord.rs" 186 16 192 17 - function lt_log'0 [#"../../../creusot-contracts/src/logic/ord.rs" 35 4 35 36] (self : t_A'0) (o : t_A'0) : bool + use prelude.prelude.UInt8 - function cmp_lt_log'0 [#"../../../creusot-contracts/src/logic/ord.rs" 41 4 41 36] (x : t_A'0) (y : t_A'0) : () + type t_Ordering'0 = + | C_Less'0 + | C_Equal'0 + | C_Greater'0 - axiom cmp_lt_log'0_spec : forall x : t_A'0, y : t_A'0 . [%#sord3] lt_log'0 x y = (cmp_log'1 x y = C_Less'0) + use prelude.prelude.Int - function le_log'0 [#"../../../creusot-contracts/src/logic/ord.rs" 24 4 24 36] (self : t_A'0) (o : t_A'0) : bool + function cmp_log'0 [#"../../../creusot-contracts/src/logic/ord.rs" 185 12 185 49] (self : uint8) (o : uint8) : t_Ordering'0 + + = + [%#sord1] if self < o then C_Less'0 else if self = o then C_Equal'0 else C_Greater'0 - function cmp_le_log'0 [#"../../../creusot-contracts/src/logic/ord.rs" 30 4 30 36] (x : t_A'0) (y : t_A'0) : () + goal refines : [%#sord0] forall x : uint8 . forall y : uint8 . forall result : () . (x = y) + = (cmp_log'0 x y = C_Equal'0) -> (x = y) = (cmp_log'0 x y = C_Equal'0) +end +module M_creusot_contracts__logic__ord__qyi15418235539824427604__cmp_gt_log__refines [#"../../../creusot-contracts/src/logic/ord.rs" 145 8 145 39] (* *) + let%span sord0 = "../../../creusot-contracts/src/logic/ord.rs" 145 8 145 39 + let%span sord1 = "../../../creusot-contracts/src/logic/ord.rs" 186 16 192 17 - axiom cmp_le_log'0_spec : forall x : t_A'0, y : t_A'0 . [%#sord2] le_log'0 x y = (cmp_log'1 x y <> C_Greater'0) + use prelude.prelude.UInt8 - function cmp_log'2 [#"../../../creusot-contracts/src/logic/ord.rs" 19 4 19 46] (self : t_B'0) (other : t_B'0) : t_Ordering'0 - + use prelude.prelude.Int - function eq_cmp'1 [#"../../../creusot-contracts/src/logic/ord.rs" 96 4 96 32] (x : t_B'0) (y : t_B'0) : () + type t_Ordering'0 = + | C_Less'0 + | C_Equal'0 + | C_Greater'0 - axiom eq_cmp'1_spec : forall x : t_B'0, y : t_B'0 . [%#sord14] (x = y) = (cmp_log'2 x y = C_Equal'0) + function cmp_log'0 [#"../../../creusot-contracts/src/logic/ord.rs" 185 12 185 49] (self : uint8) (o : uint8) : t_Ordering'0 + + = + [%#sord1] if self < o then C_Less'0 else if self = o then C_Equal'0 else C_Greater'0 - function antisym2'1 [#"../../../creusot-contracts/src/logic/ord.rs" 91 4 91 34] (x : t_B'0) (y : t_B'0) : () + goal refines : [%#sord0] forall x : uint8 . forall y : uint8 . forall result : () . (x > y) + = (cmp_log'0 x y = C_Greater'0) -> (x > y) = (cmp_log'0 x y = C_Greater'0) +end +module M_creusot_contracts__logic__ord__qyi15418235539824427604__trans__refines [#"../../../creusot-contracts/src/logic/ord.rs" 157 8 157 56] (* *) + let%span sord0 = "../../../creusot-contracts/src/logic/ord.rs" 157 8 157 56 + let%span sord1 = "../../../creusot-contracts/src/logic/ord.rs" 186 16 192 17 - axiom antisym2'1_spec : forall x : t_B'0, y : t_B'0 . ([%#sord12] cmp_log'2 x y = C_Greater'0) - -> ([%#sord13] cmp_log'2 y x = C_Less'0) + use prelude.prelude.UInt8 - function antisym1'2 [#"../../../creusot-contracts/src/logic/ord.rs" 83 4 83 34] (x : t_B'0) (y : t_B'0) : () + type t_Ordering'0 = + | C_Less'0 + | C_Equal'0 + | C_Greater'0 - axiom antisym1'2_spec : forall x : t_B'0, y : t_B'0 . ([%#sord10] cmp_log'2 x y = C_Less'0) - -> ([%#sord11] cmp_log'2 y x = C_Greater'0) + use prelude.prelude.Int - function trans'1 [#"../../../creusot-contracts/src/logic/ord.rs" 75 4 75 53] (x : t_B'0) (y : t_B'0) (z : t_B'0) (o : t_Ordering'0) : () + function cmp_log'0 [#"../../../creusot-contracts/src/logic/ord.rs" 185 12 185 49] (self : uint8) (o : uint8) : t_Ordering'0 + = + [%#sord1] if self < o then C_Less'0 else if self = o then C_Equal'0 else C_Greater'0 - axiom trans'1_spec : forall x : t_B'0, y : t_B'0, z : t_B'0, o : t_Ordering'0 . ([%#sord7] cmp_log'2 x y = o) - -> ([%#sord8] cmp_log'2 y z = o) -> ([%#sord9] cmp_log'2 x z = o) - - function refl'1 [#"../../../creusot-contracts/src/logic/ord.rs" 68 4 68 21] (x : t_B'0) : () + goal refines : [%#sord0] forall x : uint8 . forall y : uint8 . forall z : uint8 . forall o : t_Ordering'0 . cmp_log'0 y z + = o + /\ cmp_log'0 x y = o + -> cmp_log'0 y z = o /\ cmp_log'0 x y = o /\ (forall result : () . cmp_log'0 x z = o -> cmp_log'0 x z = o) +end +module M_creusot_contracts__logic__ord__qyi15418235539824427604__antisym2__refines [#"../../../creusot-contracts/src/logic/ord.rs" 169 8 169 37] (* *) + let%span sord0 = "../../../creusot-contracts/src/logic/ord.rs" 169 8 169 37 + let%span sord1 = "../../../creusot-contracts/src/logic/ord.rs" 186 16 192 17 - axiom refl'1_spec : forall x : t_B'0 . [%#sord6] cmp_log'2 x x = C_Equal'0 + use prelude.prelude.UInt8 - function gt_log'1 [#"../../../creusot-contracts/src/logic/ord.rs" 57 4 57 36] (self : t_B'0) (o : t_B'0) : bool + type t_Ordering'0 = + | C_Less'0 + | C_Equal'0 + | C_Greater'0 - function cmp_gt_log'1 [#"../../../creusot-contracts/src/logic/ord.rs" 63 4 63 36] (x : t_B'0) (y : t_B'0) : () + use prelude.prelude.Int - axiom cmp_gt_log'1_spec : forall x : t_B'0, y : t_B'0 . [%#sord5] gt_log'1 x y = (cmp_log'2 x y = C_Greater'0) + function cmp_log'0 [#"../../../creusot-contracts/src/logic/ord.rs" 185 12 185 49] (self : uint8) (o : uint8) : t_Ordering'0 + + = + [%#sord1] if self < o then C_Less'0 else if self = o then C_Equal'0 else C_Greater'0 - function ge_log'1 [#"../../../creusot-contracts/src/logic/ord.rs" 46 4 46 36] (self : t_B'0) (o : t_B'0) : bool + goal refines : [%#sord0] forall x : uint8 . forall y : uint8 . cmp_log'0 x y = C_Greater'0 + -> cmp_log'0 x y = C_Greater'0 /\ (forall result : () . cmp_log'0 y x = C_Less'0 -> cmp_log'0 y x = C_Less'0) +end +module M_creusot_contracts__logic__ord__qyi15418235539824427604__cmp_le_log__refines [#"../../../creusot-contracts/src/logic/ord.rs" 130 8 130 39] (* *) + let%span sord0 = "../../../creusot-contracts/src/logic/ord.rs" 130 8 130 39 + let%span sord1 = "../../../creusot-contracts/src/logic/ord.rs" 186 16 192 17 - function cmp_ge_log'1 [#"../../../creusot-contracts/src/logic/ord.rs" 52 4 52 36] (x : t_B'0) (y : t_B'0) : () + use prelude.prelude.UInt8 - axiom cmp_ge_log'1_spec : forall x : t_B'0, y : t_B'0 . [%#sord4] ge_log'1 x y = (cmp_log'2 x y <> C_Less'0) + use prelude.prelude.Int - function lt_log'1 [#"../../../creusot-contracts/src/logic/ord.rs" 35 4 35 36] (self : t_B'0) (o : t_B'0) : bool + type t_Ordering'0 = + | C_Less'0 + | C_Equal'0 + | C_Greater'0 - function cmp_lt_log'1 [#"../../../creusot-contracts/src/logic/ord.rs" 41 4 41 36] (x : t_B'0) (y : t_B'0) : () + function cmp_log'0 [#"../../../creusot-contracts/src/logic/ord.rs" 185 12 185 49] (self : uint8) (o : uint8) : t_Ordering'0 + + = + [%#sord1] if self < o then C_Less'0 else if self = o then C_Equal'0 else C_Greater'0 - axiom cmp_lt_log'1_spec : forall x : t_B'0, y : t_B'0 . [%#sord3] lt_log'1 x y = (cmp_log'2 x y = C_Less'0) + goal refines : [%#sord0] forall x : uint8 . forall y : uint8 . forall result : () . (x <= y) + = (cmp_log'0 x y <> C_Greater'0) -> (x <= y) = (cmp_log'0 x y <> C_Greater'0) +end +module M_creusot_contracts__logic__ord__qyi15418235539824427604__cmp_lt_log__refines [#"../../../creusot-contracts/src/logic/ord.rs" 135 8 135 39] (* *) + let%span sord0 = "../../../creusot-contracts/src/logic/ord.rs" 135 8 135 39 + let%span sord1 = "../../../creusot-contracts/src/logic/ord.rs" 186 16 192 17 - function le_log'1 [#"../../../creusot-contracts/src/logic/ord.rs" 24 4 24 36] (self : t_B'0) (o : t_B'0) : bool + use prelude.prelude.UInt8 - function cmp_le_log'1 [#"../../../creusot-contracts/src/logic/ord.rs" 30 4 30 36] (x : t_B'0) (y : t_B'0) : () + use prelude.prelude.Int - axiom cmp_le_log'1_spec : forall x : t_B'0, y : t_B'0 . [%#sord2] le_log'1 x y = (cmp_log'2 x y <> C_Greater'0) + type t_Ordering'0 = + | C_Less'0 + | C_Equal'0 + | C_Greater'0 - function cmp_log'0 [#"../../../creusot-contracts/src/logic/ord.rs" 262 4 262 41] (self : (t_A'0, t_B'0)) (o : (t_A'0, t_B'0)) : t_Ordering'0 + function cmp_log'0 [#"../../../creusot-contracts/src/logic/ord.rs" 185 12 185 49] (self : uint8) (o : uint8) : t_Ordering'0 = - [%#sord1] let r = cmp_log'1 (let (a, _) = self in a) (let (a, _) = o in a) in if r = C_Equal'0 then - cmp_log'2 (let (_, a) = self in a) (let (_, a) = o in a) - else - r - + [%#sord1] if self < o then C_Less'0 else if self = o then C_Equal'0 else C_Greater'0 - goal refines : [%#sord0] forall x : (t_A'0, t_B'0) . forall y : (t_A'0, t_B'0) . cmp_log'0 x y = C_Less'0 - -> cmp_log'0 x y = C_Less'0 /\ (forall result : () . cmp_log'0 y x = C_Greater'0 -> cmp_log'0 y x = C_Greater'0) + goal refines : [%#sord0] forall x : uint8 . forall y : uint8 . forall result : () . (x < y) + = (cmp_log'0 x y = C_Less'0) -> (x < y) = (cmp_log'0 x y = C_Less'0) end -module M_creusot_contracts__stdqy35z1__deque__qyi8367101395671471553__resolve_coherence__refines [#"../../../creusot-contracts/src/std/deque.rs" 65 4 65 31] (* as resolve::Resolve> *) - let%span sdeque0 = "../../../creusot-contracts/src/std/deque.rs" 65 4 65 31 - let%span sdeque1 = "../../../creusot-contracts/src/std/deque.rs" 58 20 58 83 - let%span sdeque2 = "../../../creusot-contracts/src/std/deque.rs" 13 14 13 41 - let%span sdeque3 = "../../../creusot-contracts/src/std/deque.rs" 39 8 39 31 - - use prelude.prelude.Borrow +module M_creusot_contracts__logic__ord__qyi15418235539824427604__cmp_ge_log__refines [#"../../../creusot-contracts/src/logic/ord.rs" 140 8 140 39] (* *) + let%span sord0 = "../../../creusot-contracts/src/logic/ord.rs" 140 8 140 39 + let%span sord1 = "../../../creusot-contracts/src/logic/ord.rs" 186 16 192 17 - use prelude.prelude.UIntSize + use prelude.prelude.UInt8 - use prelude.prelude.Opaque + use prelude.prelude.Int - type t_NonNull'0 = - { t_NonNull__pointer'0: opaque_ptr } + type t_Ordering'0 = + | C_Less'0 + | C_Equal'0 + | C_Greater'0 - type t_Unique'0 = - { t_Unique__pointer'0: t_NonNull'0; t_Unique__qy95zmarker'0: () } + function cmp_log'0 [#"../../../creusot-contracts/src/logic/ord.rs" 185 12 185 49] (self : uint8) (o : uint8) : t_Ordering'0 + + = + [%#sord1] if self < o then C_Less'0 else if self = o then C_Equal'0 else C_Greater'0 - type t_Cap'0 = - { t_Cap__0'0: usize } + goal refines : [%#sord0] forall x : uint8 . forall y : uint8 . forall result : () . (x >= y) + = (cmp_log'0 x y <> C_Less'0) -> (x >= y) = (cmp_log'0 x y <> C_Less'0) +end +module M_creusot_contracts__logic__ord__qyi15418235539824427604__antisym1__refines [#"../../../creusot-contracts/src/logic/ord.rs" 163 8 163 37] (* *) + let%span sord0 = "../../../creusot-contracts/src/logic/ord.rs" 163 8 163 37 + let%span sord1 = "../../../creusot-contracts/src/logic/ord.rs" 186 16 192 17 - type t_RawVec'0 = - { t_RawVec__ptr'0: t_Unique'0; t_RawVec__cap'0: t_Cap'0; t_RawVec__alloc'0: () } + use prelude.prelude.UInt8 - type t_VecDeque'0 = - { t_VecDeque__head'0: usize; t_VecDeque__len'0: usize; t_VecDeque__buf'0: t_RawVec'0 } + type t_Ordering'0 = + | C_Less'0 + | C_Equal'0 + | C_Greater'0 - predicate resolve'1 [#"../../../creusot-contracts/src/resolve.rs" 19 0 19 40] (_1 : t_RawVec'0) = - true + use prelude.prelude.Int - predicate resolve'2 [#"../../../creusot-contracts/src/resolve.rs" 19 0 19 40] (_1 : usize) = - true + function cmp_log'0 [#"../../../creusot-contracts/src/logic/ord.rs" 185 12 185 49] (self : uint8) (o : uint8) : t_Ordering'0 + + = + [%#sord1] if self < o then C_Less'0 else if self = o then C_Equal'0 else C_Greater'0 - predicate structural_resolve'0 [#"../../../creusot-contracts/src/resolve.rs" 27 0 27 51] (_1 : t_VecDeque'0) = - match _1 with - | {t_VecDeque__head'0 = x0 ; t_VecDeque__len'0 = x1 ; t_VecDeque__buf'0 = x2} -> resolve'1 x2 - /\ resolve'2 x1 /\ resolve'2 x0 - end + goal refines : [%#sord0] forall x : uint8 . forall y : uint8 . cmp_log'0 x y = C_Less'0 + -> cmp_log'0 x y = C_Less'0 /\ (forall result : () . cmp_log'0 y x = C_Greater'0 -> cmp_log'0 y x = C_Greater'0) +end +module M_creusot_contracts__logic__ord__qyi15418235539824427604__refl__refines [#"../../../creusot-contracts/src/logic/ord.rs" 150 8 150 24] (* *) + let%span sord0 = "../../../creusot-contracts/src/logic/ord.rs" 150 8 150 24 + let%span sord1 = "../../../creusot-contracts/src/logic/ord.rs" 186 16 192 17 - predicate inv'0 [#"../../../creusot-contracts/src/invariant.rs" 41 0 41 35] (_1 : t_VecDeque'0) + use prelude.prelude.UInt8 - axiom inv_axiom'0 [@rewrite] : forall x : t_VecDeque'0 [inv'0 x] . inv'0 x = true + type t_Ordering'0 = + | C_Less'0 + | C_Equal'0 + | C_Greater'0 use prelude.prelude.Int - use seq.Seq + function cmp_log'0 [#"../../../creusot-contracts/src/logic/ord.rs" 185 12 185 49] (self : uint8) (o : uint8) : t_Ordering'0 + + = + [%#sord1] if self < o then C_Less'0 else if self = o then C_Equal'0 else C_Greater'0 - constant v_MAX'0 : usize = (18446744073709551615 : usize) + goal refines : [%#sord0] forall x : uint8 . forall result : () . cmp_log'0 x x = C_Equal'0 + -> cmp_log'0 x x = C_Equal'0 +end +module M_creusot_contracts__logic__ord__qyi7305497527599188430__antisym2__refines [#"../../../creusot-contracts/src/logic/ord.rs" 169 8 169 37] (* *) + let%span sord0 = "../../../creusot-contracts/src/logic/ord.rs" 169 8 169 37 + let%span sord1 = "../../../creusot-contracts/src/logic/ord.rs" 186 16 192 17 - use prelude.prelude.UIntSize + use prelude.prelude.UInt16 - type t_T'0 + type t_Ordering'0 = + | C_Less'0 + | C_Equal'0 + | C_Greater'0 - use seq.Seq + use prelude.prelude.Int - function view'0 [#"../../../creusot-contracts/src/std/deque.rs" 14 4 14 27] (self : t_VecDeque'0) : Seq.seq t_T'0 + function cmp_log'0 [#"../../../creusot-contracts/src/logic/ord.rs" 185 12 185 49] (self : uint16) (o : uint16) : t_Ordering'0 + + = + [%#sord1] if self < o then C_Less'0 else if self = o then C_Equal'0 else C_Greater'0 - axiom view'0_spec : forall self : t_VecDeque'0 . [%#sdeque2] Seq.length (view'0 self) - <= UIntSize.to_int (v_MAX'0 : usize) + goal refines : [%#sord0] forall x : uint16 . forall y : uint16 . cmp_log'0 x y = C_Greater'0 + -> cmp_log'0 x y = C_Greater'0 /\ (forall result : () . cmp_log'0 y x = C_Less'0 -> cmp_log'0 y x = C_Less'0) +end +module M_creusot_contracts__logic__ord__qyi7305497527599188430__cmp_ge_log__refines [#"../../../creusot-contracts/src/logic/ord.rs" 140 8 140 39] (* *) + let%span sord0 = "../../../creusot-contracts/src/logic/ord.rs" 140 8 140 39 + let%span sord1 = "../../../creusot-contracts/src/logic/ord.rs" 186 16 192 17 - use seq.Seq + use prelude.prelude.UInt16 - function index_logic'0 [@inline:trivial] [#"../../../creusot-contracts/src/std/deque.rs" 38 4 38 47] (self : t_VecDeque'0) (ix : int) : t_T'0 - - = - [%#sdeque3] Seq.get (view'0 self) ix + use prelude.prelude.Int - predicate resolve'3 [#"../../../creusot-contracts/src/resolve.rs" 19 0 19 40] (_1 : t_T'0) + type t_Ordering'0 = + | C_Less'0 + | C_Equal'0 + | C_Greater'0 - predicate resolve'0 [#"../../../creusot-contracts/src/std/deque.rs" 57 4 57 28] (self : t_VecDeque'0) = - [%#sdeque1] forall i : int . 0 <= i /\ i < Seq.length (view'0 self) -> resolve'3 (index_logic'0 self i) + function cmp_log'0 [#"../../../creusot-contracts/src/logic/ord.rs" 185 12 185 49] (self : uint16) (o : uint16) : t_Ordering'0 + + = + [%#sord1] if self < o then C_Less'0 else if self = o then C_Equal'0 else C_Greater'0 - goal refines : [%#sdeque0] forall self : t_VecDeque'0 . structural_resolve'0 self /\ inv'0 self - -> structural_resolve'0 self /\ (forall result : () . resolve'0 self -> resolve'0 self) + goal refines : [%#sord0] forall x : uint16 . forall y : uint16 . forall result : () . (x >= y) + = (cmp_log'0 x y <> C_Less'0) -> (x >= y) = (cmp_log'0 x y <> C_Less'0) end -module M_creusot_contracts__stdqy35z1__iter__cloned__qyi49636360433726320__resolve_coherence__refines [#"../../../creusot-contracts/src/std/iter/cloned.rs" 28 4 28 31] (* as resolve::Resolve> *) - let%span scloned0 = "../../../creusot-contracts/src/std/iter/cloned.rs" 28 4 28 31 - let%span scloned1 = "../../../creusot-contracts/src/std/iter/cloned.rs" 21 8 21 29 - let%span scloned2 = "../../../creusot-contracts/src/std/iter/cloned.rs" 11 14 11 39 - let%span sinvariant3 = "../../../creusot-contracts/src/invariant.rs" 24 8 24 18 +module M_creusot_contracts__logic__ord__qyi7305497527599188430__refl__refines [#"../../../creusot-contracts/src/logic/ord.rs" 150 8 150 24] (* *) + let%span sord0 = "../../../creusot-contracts/src/logic/ord.rs" 150 8 150 24 + let%span sord1 = "../../../creusot-contracts/src/logic/ord.rs" 186 16 192 17 - use prelude.prelude.Borrow + use prelude.prelude.UInt16 - type t_I'0 + type t_Ordering'0 = + | C_Less'0 + | C_Equal'0 + | C_Greater'0 - type t_Cloned'0 = - { t_Cloned__it'0: t_I'0 } + use prelude.prelude.Int - predicate resolve'1 [#"../../../creusot-contracts/src/resolve.rs" 19 0 19 40] (_1 : t_I'0) + function cmp_log'0 [#"../../../creusot-contracts/src/logic/ord.rs" 185 12 185 49] (self : uint16) (o : uint16) : t_Ordering'0 + + = + [%#sord1] if self < o then C_Less'0 else if self = o then C_Equal'0 else C_Greater'0 - predicate structural_resolve'0 [#"../../../creusot-contracts/src/resolve.rs" 27 0 27 51] (_1 : t_Cloned'0) = - match _1 with - | {t_Cloned__it'0 = x0} -> resolve'1 x0 - end + goal refines : [%#sord0] forall x : uint16 . forall result : () . cmp_log'0 x x = C_Equal'0 + -> cmp_log'0 x x = C_Equal'0 +end +module M_creusot_contracts__logic__ord__qyi7305497527599188430__cmp_lt_log__refines [#"../../../creusot-contracts/src/logic/ord.rs" 135 8 135 39] (* *) + let%span sord0 = "../../../creusot-contracts/src/logic/ord.rs" 135 8 135 39 + let%span sord1 = "../../../creusot-contracts/src/logic/ord.rs" 186 16 192 17 - predicate inv'2 [#"../../../creusot-contracts/src/invariant.rs" 41 0 41 35] (_1 : t_I'0) + use prelude.prelude.UInt16 - predicate inv'1 [#"../../../creusot-contracts/src/invariant.rs" 41 0 41 35] (_1 : t_Cloned'0) + use prelude.prelude.Int - axiom inv_axiom'1 [@rewrite] : forall x : t_Cloned'0 [inv'1 x] . inv'1 x - = match x with - | {t_Cloned__it'0 = it} -> inv'2 it - end + type t_Ordering'0 = + | C_Less'0 + | C_Equal'0 + | C_Greater'0 - predicate invariant'0 [#"../../../creusot-contracts/src/invariant.rs" 23 4 23 30] (self : t_Cloned'0) = - [%#sinvariant3] inv'1 self + function cmp_log'0 [#"../../../creusot-contracts/src/logic/ord.rs" 185 12 185 49] (self : uint16) (o : uint16) : t_Ordering'0 + + = + [%#sord1] if self < o then C_Less'0 else if self = o then C_Equal'0 else C_Greater'0 - predicate inv'0 [#"../../../creusot-contracts/src/invariant.rs" 41 0 41 35] (_1 : t_Cloned'0) + goal refines : [%#sord0] forall x : uint16 . forall y : uint16 . forall result : () . (x < y) + = (cmp_log'0 x y = C_Less'0) -> (x < y) = (cmp_log'0 x y = C_Less'0) +end +module M_creusot_contracts__logic__ord__qyi7305497527599188430__cmp_le_log__refines [#"../../../creusot-contracts/src/logic/ord.rs" 130 8 130 39] (* *) + let%span sord0 = "../../../creusot-contracts/src/logic/ord.rs" 130 8 130 39 + let%span sord1 = "../../../creusot-contracts/src/logic/ord.rs" 186 16 192 17 - axiom inv_axiom'0 [@rewrite] : forall x : t_Cloned'0 [inv'0 x] . inv'0 x = invariant'0 x + use prelude.prelude.UInt16 - function iter'0 [#"../../../creusot-contracts/src/std/iter/cloned.rs" 12 4 12 22] (self : t_Cloned'0) : t_I'0 + use prelude.prelude.Int - axiom iter'0_spec : forall self : t_Cloned'0 . [%#scloned2] inv'1 self -> inv'2 (iter'0 self) + type t_Ordering'0 = + | C_Less'0 + | C_Equal'0 + | C_Greater'0 - predicate resolve'0 [#"../../../creusot-contracts/src/std/iter/cloned.rs" 20 4 20 28] (self : t_Cloned'0) = - [%#scloned1] resolve'1 (iter'0 self) + function cmp_log'0 [#"../../../creusot-contracts/src/logic/ord.rs" 185 12 185 49] (self : uint16) (o : uint16) : t_Ordering'0 + + = + [%#sord1] if self < o then C_Less'0 else if self = o then C_Equal'0 else C_Greater'0 - goal refines : [%#scloned0] forall self : t_Cloned'0 . structural_resolve'0 self /\ inv'0 self - -> structural_resolve'0 self /\ (forall result : () . resolve'0 self -> resolve'0 self) + goal refines : [%#sord0] forall x : uint16 . forall y : uint16 . forall result : () . (x <= y) + = (cmp_log'0 x y <> C_Greater'0) -> (x <= y) = (cmp_log'0 x y <> C_Greater'0) end -module M_creusot_contracts__stdqy35z1__iter__copied__qyi4622684907952448174__resolve_coherence__refines [#"../../../creusot-contracts/src/std/iter/copied.rs" 28 4 28 31] (* as resolve::Resolve> *) - let%span scopied0 = "../../../creusot-contracts/src/std/iter/copied.rs" 28 4 28 31 - let%span scopied1 = "../../../creusot-contracts/src/std/iter/copied.rs" 21 8 21 29 - let%span scopied2 = "../../../creusot-contracts/src/std/iter/copied.rs" 11 14 11 39 - let%span sinvariant3 = "../../../creusot-contracts/src/invariant.rs" 24 8 24 18 +module M_creusot_contracts__logic__ord__qyi7305497527599188430__antisym1__refines [#"../../../creusot-contracts/src/logic/ord.rs" 163 8 163 37] (* *) + let%span sord0 = "../../../creusot-contracts/src/logic/ord.rs" 163 8 163 37 + let%span sord1 = "../../../creusot-contracts/src/logic/ord.rs" 186 16 192 17 - use prelude.prelude.Borrow + use prelude.prelude.UInt16 - type t_I'0 + type t_Ordering'0 = + | C_Less'0 + | C_Equal'0 + | C_Greater'0 - type t_Copied'0 = - { t_Copied__it'0: t_I'0 } + use prelude.prelude.Int - predicate resolve'1 [#"../../../creusot-contracts/src/resolve.rs" 19 0 19 40] (_1 : t_I'0) + function cmp_log'0 [#"../../../creusot-contracts/src/logic/ord.rs" 185 12 185 49] (self : uint16) (o : uint16) : t_Ordering'0 + + = + [%#sord1] if self < o then C_Less'0 else if self = o then C_Equal'0 else C_Greater'0 - predicate structural_resolve'0 [#"../../../creusot-contracts/src/resolve.rs" 27 0 27 51] (_1 : t_Copied'0) = - match _1 with - | {t_Copied__it'0 = x0} -> resolve'1 x0 - end + goal refines : [%#sord0] forall x : uint16 . forall y : uint16 . cmp_log'0 x y = C_Less'0 + -> cmp_log'0 x y = C_Less'0 /\ (forall result : () . cmp_log'0 y x = C_Greater'0 -> cmp_log'0 y x = C_Greater'0) +end +module M_creusot_contracts__logic__ord__qyi7305497527599188430__trans__refines [#"../../../creusot-contracts/src/logic/ord.rs" 157 8 157 56] (* *) + let%span sord0 = "../../../creusot-contracts/src/logic/ord.rs" 157 8 157 56 + let%span sord1 = "../../../creusot-contracts/src/logic/ord.rs" 186 16 192 17 - predicate inv'2 [#"../../../creusot-contracts/src/invariant.rs" 41 0 41 35] (_1 : t_I'0) + use prelude.prelude.UInt16 - predicate inv'1 [#"../../../creusot-contracts/src/invariant.rs" 41 0 41 35] (_1 : t_Copied'0) + type t_Ordering'0 = + | C_Less'0 + | C_Equal'0 + | C_Greater'0 - axiom inv_axiom'1 [@rewrite] : forall x : t_Copied'0 [inv'1 x] . inv'1 x - = match x with - | {t_Copied__it'0 = it} -> inv'2 it - end + use prelude.prelude.Int - predicate invariant'0 [#"../../../creusot-contracts/src/invariant.rs" 23 4 23 30] (self : t_Copied'0) = - [%#sinvariant3] inv'1 self + function cmp_log'0 [#"../../../creusot-contracts/src/logic/ord.rs" 185 12 185 49] (self : uint16) (o : uint16) : t_Ordering'0 + + = + [%#sord1] if self < o then C_Less'0 else if self = o then C_Equal'0 else C_Greater'0 - predicate inv'0 [#"../../../creusot-contracts/src/invariant.rs" 41 0 41 35] (_1 : t_Copied'0) + goal refines : [%#sord0] forall x : uint16 . forall y : uint16 . forall z : uint16 . forall o : t_Ordering'0 . cmp_log'0 y z + = o + /\ cmp_log'0 x y = o + -> cmp_log'0 y z = o /\ cmp_log'0 x y = o /\ (forall result : () . cmp_log'0 x z = o -> cmp_log'0 x z = o) +end +module M_creusot_contracts__logic__ord__qyi7305497527599188430__eq_cmp__refines [#"../../../creusot-contracts/src/logic/ord.rs" 174 8 174 35] (* *) + let%span sord0 = "../../../creusot-contracts/src/logic/ord.rs" 174 8 174 35 + let%span sord1 = "../../../creusot-contracts/src/logic/ord.rs" 186 16 192 17 - axiom inv_axiom'0 [@rewrite] : forall x : t_Copied'0 [inv'0 x] . inv'0 x = invariant'0 x + use prelude.prelude.UInt16 - function iter'0 [#"../../../creusot-contracts/src/std/iter/copied.rs" 12 4 12 22] (self : t_Copied'0) : t_I'0 + type t_Ordering'0 = + | C_Less'0 + | C_Equal'0 + | C_Greater'0 - axiom iter'0_spec : forall self : t_Copied'0 . [%#scopied2] inv'1 self -> inv'2 (iter'0 self) + use prelude.prelude.Int - predicate resolve'0 [#"../../../creusot-contracts/src/std/iter/copied.rs" 20 4 20 28] (self : t_Copied'0) = - [%#scopied1] resolve'1 (iter'0 self) + function cmp_log'0 [#"../../../creusot-contracts/src/logic/ord.rs" 185 12 185 49] (self : uint16) (o : uint16) : t_Ordering'0 + + = + [%#sord1] if self < o then C_Less'0 else if self = o then C_Equal'0 else C_Greater'0 - goal refines : [%#scopied0] forall self : t_Copied'0 . structural_resolve'0 self /\ inv'0 self - -> structural_resolve'0 self /\ (forall result : () . resolve'0 self -> resolve'0 self) + goal refines : [%#sord0] forall x : uint16 . forall y : uint16 . forall result : () . (x = y) + = (cmp_log'0 x y = C_Equal'0) -> (x = y) = (cmp_log'0 x y = C_Equal'0) end -module M_creusot_contracts__stdqy35z1__iter__enumerate__qyi2208779330486735413__resolve_coherence__refines [#"../../../creusot-contracts/src/std/iter/enumerate.rs" 37 4 37 31] (* as resolve::Resolve> *) - let%span senumerate0 = "../../../creusot-contracts/src/std/iter/enumerate.rs" 37 4 37 31 - let%span senumerate1 = "../../../creusot-contracts/src/std/iter/enumerate.rs" 30 8 30 29 - let%span senumerate2 = "../../../creusot-contracts/src/std/iter/enumerate.rs" 14 14 14 39 - let%span sinvariant3 = "../../../creusot-contracts/src/invariant.rs" 24 8 24 18 - - use prelude.prelude.Borrow - - type t_I'0 +module M_creusot_contracts__logic__ord__qyi7305497527599188430__cmp_gt_log__refines [#"../../../creusot-contracts/src/logic/ord.rs" 145 8 145 39] (* *) + let%span sord0 = "../../../creusot-contracts/src/logic/ord.rs" 145 8 145 39 + let%span sord1 = "../../../creusot-contracts/src/logic/ord.rs" 186 16 192 17 - use prelude.prelude.UIntSize + use prelude.prelude.UInt16 - type t_Enumerate'0 = - { t_Enumerate__iter'0: t_I'0; t_Enumerate__count'0: usize } + use prelude.prelude.Int - predicate resolve'1 [#"../../../creusot-contracts/src/resolve.rs" 19 0 19 40] (_1 : usize) = - true + type t_Ordering'0 = + | C_Less'0 + | C_Equal'0 + | C_Greater'0 - predicate resolve'2 [#"../../../creusot-contracts/src/resolve.rs" 19 0 19 40] (_1 : t_I'0) + function cmp_log'0 [#"../../../creusot-contracts/src/logic/ord.rs" 185 12 185 49] (self : uint16) (o : uint16) : t_Ordering'0 + + = + [%#sord1] if self < o then C_Less'0 else if self = o then C_Equal'0 else C_Greater'0 - predicate structural_resolve'0 [#"../../../creusot-contracts/src/resolve.rs" 27 0 27 51] (_1 : t_Enumerate'0) = - match _1 with - | {t_Enumerate__iter'0 = x0 ; t_Enumerate__count'0 = x1} -> resolve'1 x1 /\ resolve'2 x0 - end + goal refines : [%#sord0] forall x : uint16 . forall y : uint16 . forall result : () . (x > y) + = (cmp_log'0 x y = C_Greater'0) -> (x > y) = (cmp_log'0 x y = C_Greater'0) +end +module M_creusot_contracts__logic__ord__qyi4526525114627399862__cmp_gt_log__refines [#"../../../creusot-contracts/src/logic/ord.rs" 145 8 145 39] (* *) + let%span sord0 = "../../../creusot-contracts/src/logic/ord.rs" 145 8 145 39 + let%span sord1 = "../../../creusot-contracts/src/logic/ord.rs" 186 16 192 17 - predicate inv'2 [#"../../../creusot-contracts/src/invariant.rs" 41 0 41 35] (_1 : t_I'0) + use prelude.prelude.UInt32 - predicate inv'1 [#"../../../creusot-contracts/src/invariant.rs" 41 0 41 35] (_1 : t_Enumerate'0) + use prelude.prelude.Int - axiom inv_axiom'1 : forall x : t_Enumerate'0 [inv'1 x] . inv'1 x - -> match x with - | {t_Enumerate__iter'0 = iter ; t_Enumerate__count'0 = count} -> inv'2 iter - end + type t_Ordering'0 = + | C_Less'0 + | C_Equal'0 + | C_Greater'0 - predicate invariant'0 [#"../../../creusot-contracts/src/invariant.rs" 23 4 23 30] (self : t_Enumerate'0) = - [%#sinvariant3] inv'1 self + function cmp_log'0 [#"../../../creusot-contracts/src/logic/ord.rs" 185 12 185 49] (self : uint32) (o : uint32) : t_Ordering'0 + + = + [%#sord1] if self < o then C_Less'0 else if self = o then C_Equal'0 else C_Greater'0 - predicate inv'0 [#"../../../creusot-contracts/src/invariant.rs" 41 0 41 35] (_1 : t_Enumerate'0) + goal refines : [%#sord0] forall x : uint32 . forall y : uint32 . forall result : () . (x > y) + = (cmp_log'0 x y = C_Greater'0) -> (x > y) = (cmp_log'0 x y = C_Greater'0) +end +module M_creusot_contracts__logic__ord__qyi4526525114627399862__trans__refines [#"../../../creusot-contracts/src/logic/ord.rs" 157 8 157 56] (* *) + let%span sord0 = "../../../creusot-contracts/src/logic/ord.rs" 157 8 157 56 + let%span sord1 = "../../../creusot-contracts/src/logic/ord.rs" 186 16 192 17 - axiom inv_axiom'0 [@rewrite] : forall x : t_Enumerate'0 [inv'0 x] . inv'0 x = invariant'0 x + use prelude.prelude.UInt32 - function iter'0 [#"../../../creusot-contracts/src/std/iter/enumerate.rs" 15 4 15 22] (self : t_Enumerate'0) : t_I'0 + type t_Ordering'0 = + | C_Less'0 + | C_Equal'0 + | C_Greater'0 - axiom iter'0_spec : forall self : t_Enumerate'0 . [%#senumerate2] inv'1 self -> inv'2 (iter'0 self) + use prelude.prelude.Int - predicate resolve'0 [#"../../../creusot-contracts/src/std/iter/enumerate.rs" 29 4 29 28] (self : t_Enumerate'0) = - [%#senumerate1] resolve'2 (iter'0 self) + function cmp_log'0 [#"../../../creusot-contracts/src/logic/ord.rs" 185 12 185 49] (self : uint32) (o : uint32) : t_Ordering'0 + + = + [%#sord1] if self < o then C_Less'0 else if self = o then C_Equal'0 else C_Greater'0 - goal refines : [%#senumerate0] forall self : t_Enumerate'0 . structural_resolve'0 self /\ inv'0 self - -> structural_resolve'0 self /\ (forall result : () . resolve'0 self -> resolve'0 self) + goal refines : [%#sord0] forall x : uint32 . forall y : uint32 . forall z : uint32 . forall o : t_Ordering'0 . cmp_log'0 y z + = o + /\ cmp_log'0 x y = o + -> cmp_log'0 y z = o /\ cmp_log'0 x y = o /\ (forall result : () . cmp_log'0 x z = o -> cmp_log'0 x z = o) end -module M_creusot_contracts__stdqy35z1__iter__map__qyi13484997498660514945__resolve_coherence__refines [#"../../../creusot-contracts/src/std/iter/map.rs" 40 4 40 31] (* as resolve::Resolve> *) - let%span smap0 = "../../../creusot-contracts/src/std/iter/map.rs" 40 4 40 31 - let%span smap1 = "../../../creusot-contracts/src/std/iter/map.rs" 32 8 32 54 - let%span smap2 = "../../../creusot-contracts/src/std/iter/map.rs" 15 14 15 39 - let%span smap3 = "../../../creusot-contracts/src/std/iter/map.rs" 22 14 22 39 - let%span sinvariant4 = "../../../creusot-contracts/src/invariant.rs" 24 8 24 18 - - use prelude.prelude.Borrow +module M_creusot_contracts__logic__ord__qyi4526525114627399862__cmp_lt_log__refines [#"../../../creusot-contracts/src/logic/ord.rs" 135 8 135 39] (* *) + let%span sord0 = "../../../creusot-contracts/src/logic/ord.rs" 135 8 135 39 + let%span sord1 = "../../../creusot-contracts/src/logic/ord.rs" 186 16 192 17 - type t_I'0 + use prelude.prelude.UInt32 - type t_F'0 + use prelude.prelude.Int - type t_Map'0 = - { t_Map__iter'0: t_I'0; t_Map__f'0: t_F'0 } + type t_Ordering'0 = + | C_Less'0 + | C_Equal'0 + | C_Greater'0 - predicate resolve'1 [#"../../../creusot-contracts/src/resolve.rs" 19 0 19 40] (_1 : t_F'0) + function cmp_log'0 [#"../../../creusot-contracts/src/logic/ord.rs" 185 12 185 49] (self : uint32) (o : uint32) : t_Ordering'0 + + = + [%#sord1] if self < o then C_Less'0 else if self = o then C_Equal'0 else C_Greater'0 - predicate resolve'2 [#"../../../creusot-contracts/src/resolve.rs" 19 0 19 40] (_1 : t_I'0) + goal refines : [%#sord0] forall x : uint32 . forall y : uint32 . forall result : () . (x < y) + = (cmp_log'0 x y = C_Less'0) -> (x < y) = (cmp_log'0 x y = C_Less'0) +end +module M_creusot_contracts__logic__ord__qyi4526525114627399862__cmp_ge_log__refines [#"../../../creusot-contracts/src/logic/ord.rs" 140 8 140 39] (* *) + let%span sord0 = "../../../creusot-contracts/src/logic/ord.rs" 140 8 140 39 + let%span sord1 = "../../../creusot-contracts/src/logic/ord.rs" 186 16 192 17 - predicate structural_resolve'0 [#"../../../creusot-contracts/src/resolve.rs" 27 0 27 51] (_1 : t_Map'0) = - match _1 with - | {t_Map__iter'0 = x0 ; t_Map__f'0 = x1} -> resolve'1 x1 /\ resolve'2 x0 - end + use prelude.prelude.UInt32 - predicate inv'2 [#"../../../creusot-contracts/src/invariant.rs" 41 0 41 35] (_1 : t_I'0) + use prelude.prelude.Int - predicate inv'3 [#"../../../creusot-contracts/src/invariant.rs" 41 0 41 35] (_1 : t_F'0) + type t_Ordering'0 = + | C_Less'0 + | C_Equal'0 + | C_Greater'0 - predicate inv'1 [#"../../../creusot-contracts/src/invariant.rs" 41 0 41 35] (_1 : t_Map'0) + function cmp_log'0 [#"../../../creusot-contracts/src/logic/ord.rs" 185 12 185 49] (self : uint32) (o : uint32) : t_Ordering'0 + + = + [%#sord1] if self < o then C_Less'0 else if self = o then C_Equal'0 else C_Greater'0 - axiom inv_axiom'1 [@rewrite] : forall x : t_Map'0 [inv'1 x] . inv'1 x - = match x with - | {t_Map__iter'0 = iter ; t_Map__f'0 = f} -> inv'2 iter /\ inv'3 f - end + goal refines : [%#sord0] forall x : uint32 . forall y : uint32 . forall result : () . (x >= y) + = (cmp_log'0 x y <> C_Less'0) -> (x >= y) = (cmp_log'0 x y <> C_Less'0) +end +module M_creusot_contracts__logic__ord__qyi4526525114627399862__cmp_le_log__refines [#"../../../creusot-contracts/src/logic/ord.rs" 130 8 130 39] (* *) + let%span sord0 = "../../../creusot-contracts/src/logic/ord.rs" 130 8 130 39 + let%span sord1 = "../../../creusot-contracts/src/logic/ord.rs" 186 16 192 17 - predicate invariant'0 [#"../../../creusot-contracts/src/invariant.rs" 23 4 23 30] (self : t_Map'0) = - [%#sinvariant4] inv'1 self + use prelude.prelude.UInt32 - predicate inv'0 [#"../../../creusot-contracts/src/invariant.rs" 41 0 41 35] (_1 : t_Map'0) + use prelude.prelude.Int - axiom inv_axiom'0 [@rewrite] : forall x : t_Map'0 [inv'0 x] . inv'0 x = invariant'0 x + type t_Ordering'0 = + | C_Less'0 + | C_Equal'0 + | C_Greater'0 - function iter'0 [#"../../../creusot-contracts/src/std/iter/map.rs" 16 4 16 22] (self : t_Map'0) : t_I'0 + function cmp_log'0 [#"../../../creusot-contracts/src/logic/ord.rs" 185 12 185 49] (self : uint32) (o : uint32) : t_Ordering'0 + + = + [%#sord1] if self < o then C_Less'0 else if self = o then C_Equal'0 else C_Greater'0 - axiom iter'0_spec : forall self : t_Map'0 . [%#smap2] inv'1 self -> inv'2 (iter'0 self) + goal refines : [%#sord0] forall x : uint32 . forall y : uint32 . forall result : () . (x <= y) + = (cmp_log'0 x y <> C_Greater'0) -> (x <= y) = (cmp_log'0 x y <> C_Greater'0) +end +module M_creusot_contracts__logic__ord__qyi4526525114627399862__antisym2__refines [#"../../../creusot-contracts/src/logic/ord.rs" 169 8 169 37] (* *) + let%span sord0 = "../../../creusot-contracts/src/logic/ord.rs" 169 8 169 37 + let%span sord1 = "../../../creusot-contracts/src/logic/ord.rs" 186 16 192 17 - function func'0 [#"../../../creusot-contracts/src/std/iter/map.rs" 23 4 23 22] (self : t_Map'0) : t_F'0 + use prelude.prelude.UInt32 - axiom func'0_spec : forall self : t_Map'0 . [%#smap3] inv'1 self -> inv'3 (func'0 self) + type t_Ordering'0 = + | C_Less'0 + | C_Equal'0 + | C_Greater'0 - predicate resolve'0 [#"../../../creusot-contracts/src/std/iter/map.rs" 31 4 31 28] (self : t_Map'0) = - [%#smap1] resolve'2 (iter'0 self) /\ resolve'1 (func'0 self) + use prelude.prelude.Int - goal refines : [%#smap0] forall self : t_Map'0 . structural_resolve'0 self /\ inv'0 self - -> structural_resolve'0 self /\ (forall result : () . resolve'0 self -> resolve'0 self) + function cmp_log'0 [#"../../../creusot-contracts/src/logic/ord.rs" 185 12 185 49] (self : uint32) (o : uint32) : t_Ordering'0 + + = + [%#sord1] if self < o then C_Less'0 else if self = o then C_Equal'0 else C_Greater'0 + + goal refines : [%#sord0] forall x : uint32 . forall y : uint32 . cmp_log'0 x y = C_Greater'0 + -> cmp_log'0 x y = C_Greater'0 /\ (forall result : () . cmp_log'0 y x = C_Less'0 -> cmp_log'0 y x = C_Less'0) end -module M_creusot_contracts__stdqy35z1__iter__map_inv__qyi5691635635396426195__resolve_coherence__refines [#"../../../creusot-contracts/src/std/iter/map_inv.rs" 64 4 64 31] (* as resolve::Resolve> *) - let%span smap_inv0 = "../../../creusot-contracts/src/std/iter/map_inv.rs" 64 4 64 31 - let%span smap_inv1 = "../../../creusot-contracts/src/std/iter/map_inv.rs" 57 8 57 50 - let%span sinvariant2 = "../../../creusot-contracts/src/invariant.rs" 24 8 24 18 +module M_creusot_contracts__logic__ord__qyi4526525114627399862__refl__refines [#"../../../creusot-contracts/src/logic/ord.rs" 150 8 150 24] (* *) + let%span sord0 = "../../../creusot-contracts/src/logic/ord.rs" 150 8 150 24 + let%span sord1 = "../../../creusot-contracts/src/logic/ord.rs" 186 16 192 17 - use prelude.prelude.Borrow + use prelude.prelude.UInt32 - type t_I'0 + type t_Ordering'0 = + | C_Less'0 + | C_Equal'0 + | C_Greater'0 - type t_F'0 + use prelude.prelude.Int - type t_B'0 + function cmp_log'0 [#"../../../creusot-contracts/src/logic/ord.rs" 185 12 185 49] (self : uint32) (o : uint32) : t_Ordering'0 + + = + [%#sord1] if self < o then C_Less'0 else if self = o then C_Equal'0 else C_Greater'0 - use seq.Seq + goal refines : [%#sord0] forall x : uint32 . forall result : () . cmp_log'0 x x = C_Equal'0 + -> cmp_log'0 x x = C_Equal'0 +end +module M_creusot_contracts__logic__ord__qyi4526525114627399862__eq_cmp__refines [#"../../../creusot-contracts/src/logic/ord.rs" 174 8 174 35] (* *) + let%span sord0 = "../../../creusot-contracts/src/logic/ord.rs" 174 8 174 35 + let%span sord1 = "../../../creusot-contracts/src/logic/ord.rs" 186 16 192 17 - use prelude.prelude.Snapshot + use prelude.prelude.UInt32 - type t_MapInv'0 = - { t_MapInv__iter'0: t_I'0; t_MapInv__func'0: t_F'0; t_MapInv__produced'0: Snapshot.snap_ty (Seq.seq t_B'0) } + type t_Ordering'0 = + | C_Less'0 + | C_Equal'0 + | C_Greater'0 - predicate resolve'1 [#"../../../creusot-contracts/src/resolve.rs" 19 0 19 40] (_1 : Snapshot.snap_ty (Seq.seq t_B'0)) - = - true + use prelude.prelude.Int - predicate resolve'2 [#"../../../creusot-contracts/src/resolve.rs" 19 0 19 40] (_1 : t_F'0) + function cmp_log'0 [#"../../../creusot-contracts/src/logic/ord.rs" 185 12 185 49] (self : uint32) (o : uint32) : t_Ordering'0 + + = + [%#sord1] if self < o then C_Less'0 else if self = o then C_Equal'0 else C_Greater'0 - predicate resolve'3 [#"../../../creusot-contracts/src/resolve.rs" 19 0 19 40] (_1 : t_I'0) + goal refines : [%#sord0] forall x : uint32 . forall y : uint32 . forall result : () . (x = y) + = (cmp_log'0 x y = C_Equal'0) -> (x = y) = (cmp_log'0 x y = C_Equal'0) +end +module M_creusot_contracts__logic__ord__qyi4526525114627399862__antisym1__refines [#"../../../creusot-contracts/src/logic/ord.rs" 163 8 163 37] (* *) + let%span sord0 = "../../../creusot-contracts/src/logic/ord.rs" 163 8 163 37 + let%span sord1 = "../../../creusot-contracts/src/logic/ord.rs" 186 16 192 17 - predicate structural_resolve'0 [#"../../../creusot-contracts/src/resolve.rs" 27 0 27 51] (_1 : t_MapInv'0) = - match _1 with - | {t_MapInv__iter'0 = x0 ; t_MapInv__func'0 = x1 ; t_MapInv__produced'0 = x2} -> resolve'1 x2 - /\ resolve'2 x1 /\ resolve'3 x0 - end + use prelude.prelude.UInt32 - predicate inv'2 [#"../../../creusot-contracts/src/invariant.rs" 41 0 41 35] (_1 : t_I'0) + type t_Ordering'0 = + | C_Less'0 + | C_Equal'0 + | C_Greater'0 - predicate inv'3 [#"../../../creusot-contracts/src/invariant.rs" 41 0 41 35] (_1 : t_F'0) + use prelude.prelude.Int - predicate inv'1 [#"../../../creusot-contracts/src/invariant.rs" 41 0 41 35] (_1 : t_MapInv'0) + function cmp_log'0 [#"../../../creusot-contracts/src/logic/ord.rs" 185 12 185 49] (self : uint32) (o : uint32) : t_Ordering'0 + + = + [%#sord1] if self < o then C_Less'0 else if self = o then C_Equal'0 else C_Greater'0 - axiom inv_axiom'1 : forall x : t_MapInv'0 [inv'1 x] . inv'1 x - -> match x with - | {t_MapInv__iter'0 = iter ; t_MapInv__func'0 = func ; t_MapInv__produced'0 = produced} -> inv'2 iter /\ inv'3 func - end + goal refines : [%#sord0] forall x : uint32 . forall y : uint32 . cmp_log'0 x y = C_Less'0 + -> cmp_log'0 x y = C_Less'0 /\ (forall result : () . cmp_log'0 y x = C_Greater'0 -> cmp_log'0 y x = C_Greater'0) +end +module M_creusot_contracts__logic__ord__qyi11489483489418918928__trans__refines [#"../../../creusot-contracts/src/logic/ord.rs" 157 8 157 56] (* *) + let%span sord0 = "../../../creusot-contracts/src/logic/ord.rs" 157 8 157 56 + let%span sord1 = "../../../creusot-contracts/src/logic/ord.rs" 186 16 192 17 - predicate invariant'0 [#"../../../creusot-contracts/src/invariant.rs" 23 4 23 30] (self : t_MapInv'0) = - [%#sinvariant2] inv'1 self + use prelude.prelude.UInt64 - predicate inv'0 [#"../../../creusot-contracts/src/invariant.rs" 41 0 41 35] (_1 : t_MapInv'0) + type t_Ordering'0 = + | C_Less'0 + | C_Equal'0 + | C_Greater'0 - axiom inv_axiom'0 [@rewrite] : forall x : t_MapInv'0 [inv'0 x] . inv'0 x = invariant'0 x + use prelude.prelude.Int - predicate resolve'0 [#"../../../creusot-contracts/src/std/iter/map_inv.rs" 56 4 56 28] (self : t_MapInv'0) = - [%#smap_inv1] resolve'3 self.t_MapInv__iter'0 /\ resolve'2 self.t_MapInv__func'0 + function cmp_log'0 [#"../../../creusot-contracts/src/logic/ord.rs" 185 12 185 49] (self : uint64) (o : uint64) : t_Ordering'0 + + = + [%#sord1] if self < o then C_Less'0 else if self = o then C_Equal'0 else C_Greater'0 - goal refines : [%#smap_inv0] forall self : t_MapInv'0 . structural_resolve'0 self /\ inv'0 self - -> structural_resolve'0 self /\ (forall result : () . resolve'0 self -> resolve'0 self) + goal refines : [%#sord0] forall x : uint64 . forall y : uint64 . forall z : uint64 . forall o : t_Ordering'0 . cmp_log'0 y z + = o + /\ cmp_log'0 x y = o + -> cmp_log'0 y z = o /\ cmp_log'0 x y = o /\ (forall result : () . cmp_log'0 x z = o -> cmp_log'0 x z = o) end -module M_creusot_contracts__stdqy35z1__iter__skip__qyi14372835745621067113__resolve_coherence__refines [#"../../../creusot-contracts/src/std/iter/skip.rs" 40 4 40 31] (* as resolve::Resolve> *) - let%span sskip0 = "../../../creusot-contracts/src/std/iter/skip.rs" 40 4 40 31 - let%span sskip1 = "../../../creusot-contracts/src/std/iter/skip.rs" 32 12 32 33 - let%span sskip2 = "../../../creusot-contracts/src/std/iter/skip.rs" 14 14 14 39 - let%span sinvariant3 = "../../../creusot-contracts/src/invariant.rs" 24 8 24 18 - - use prelude.prelude.Borrow - - type t_I'0 +module M_creusot_contracts__logic__ord__qyi11489483489418918928__eq_cmp__refines [#"../../../creusot-contracts/src/logic/ord.rs" 174 8 174 35] (* *) + let%span sord0 = "../../../creusot-contracts/src/logic/ord.rs" 174 8 174 35 + let%span sord1 = "../../../creusot-contracts/src/logic/ord.rs" 186 16 192 17 - use prelude.prelude.UIntSize + use prelude.prelude.UInt64 - type t_Skip'0 = - { t_Skip__iter'0: t_I'0; t_Skip__n'0: usize } + type t_Ordering'0 = + | C_Less'0 + | C_Equal'0 + | C_Greater'0 - predicate resolve'1 [#"../../../creusot-contracts/src/resolve.rs" 19 0 19 40] (_1 : usize) = - true + use prelude.prelude.Int - predicate resolve'2 [#"../../../creusot-contracts/src/resolve.rs" 19 0 19 40] (_1 : t_I'0) + function cmp_log'0 [#"../../../creusot-contracts/src/logic/ord.rs" 185 12 185 49] (self : uint64) (o : uint64) : t_Ordering'0 + + = + [%#sord1] if self < o then C_Less'0 else if self = o then C_Equal'0 else C_Greater'0 - predicate structural_resolve'0 [#"../../../creusot-contracts/src/resolve.rs" 27 0 27 51] (_1 : t_Skip'0) = - match _1 with - | {t_Skip__iter'0 = x0 ; t_Skip__n'0 = x1} -> resolve'1 x1 /\ resolve'2 x0 - end + goal refines : [%#sord0] forall x : uint64 . forall y : uint64 . forall result : () . (x = y) + = (cmp_log'0 x y = C_Equal'0) -> (x = y) = (cmp_log'0 x y = C_Equal'0) +end +module M_creusot_contracts__logic__ord__qyi11489483489418918928__antisym1__refines [#"../../../creusot-contracts/src/logic/ord.rs" 163 8 163 37] (* *) + let%span sord0 = "../../../creusot-contracts/src/logic/ord.rs" 163 8 163 37 + let%span sord1 = "../../../creusot-contracts/src/logic/ord.rs" 186 16 192 17 - predicate inv'2 [#"../../../creusot-contracts/src/invariant.rs" 41 0 41 35] (_1 : t_I'0) + use prelude.prelude.UInt64 - predicate inv'1 [#"../../../creusot-contracts/src/invariant.rs" 41 0 41 35] (_1 : t_Skip'0) + type t_Ordering'0 = + | C_Less'0 + | C_Equal'0 + | C_Greater'0 - axiom inv_axiom'1 [@rewrite] : forall x : t_Skip'0 [inv'1 x] . inv'1 x - = match x with - | {t_Skip__iter'0 = iter ; t_Skip__n'0 = n} -> inv'2 iter - end + use prelude.prelude.Int - predicate invariant'0 [#"../../../creusot-contracts/src/invariant.rs" 23 4 23 30] (self : t_Skip'0) = - [%#sinvariant3] inv'1 self + function cmp_log'0 [#"../../../creusot-contracts/src/logic/ord.rs" 185 12 185 49] (self : uint64) (o : uint64) : t_Ordering'0 + + = + [%#sord1] if self < o then C_Less'0 else if self = o then C_Equal'0 else C_Greater'0 - predicate inv'0 [#"../../../creusot-contracts/src/invariant.rs" 41 0 41 35] (_1 : t_Skip'0) + goal refines : [%#sord0] forall x : uint64 . forall y : uint64 . cmp_log'0 x y = C_Less'0 + -> cmp_log'0 x y = C_Less'0 /\ (forall result : () . cmp_log'0 y x = C_Greater'0 -> cmp_log'0 y x = C_Greater'0) +end +module M_creusot_contracts__logic__ord__qyi11489483489418918928__refl__refines [#"../../../creusot-contracts/src/logic/ord.rs" 150 8 150 24] (* *) + let%span sord0 = "../../../creusot-contracts/src/logic/ord.rs" 150 8 150 24 + let%span sord1 = "../../../creusot-contracts/src/logic/ord.rs" 186 16 192 17 - axiom inv_axiom'0 [@rewrite] : forall x : t_Skip'0 [inv'0 x] . inv'0 x = invariant'0 x + use prelude.prelude.UInt64 - function iter'0 [#"../../../creusot-contracts/src/std/iter/skip.rs" 15 4 15 22] (self : t_Skip'0) : t_I'0 + type t_Ordering'0 = + | C_Less'0 + | C_Equal'0 + | C_Greater'0 - axiom iter'0_spec : forall self : t_Skip'0 . [%#sskip2] inv'1 self -> inv'2 (iter'0 self) + use prelude.prelude.Int - predicate resolve'0 [#"../../../creusot-contracts/src/std/iter/skip.rs" 30 4 30 28] (self : t_Skip'0) = - [%#sskip1] resolve'2 (iter'0 self) + function cmp_log'0 [#"../../../creusot-contracts/src/logic/ord.rs" 185 12 185 49] (self : uint64) (o : uint64) : t_Ordering'0 + + = + [%#sord1] if self < o then C_Less'0 else if self = o then C_Equal'0 else C_Greater'0 - goal refines : [%#sskip0] forall self : t_Skip'0 . structural_resolve'0 self /\ inv'0 self - -> structural_resolve'0 self /\ (forall result : () . resolve'0 self -> resolve'0 self) + goal refines : [%#sord0] forall x : uint64 . forall result : () . cmp_log'0 x x = C_Equal'0 + -> cmp_log'0 x x = C_Equal'0 end -module M_creusot_contracts__stdqy35z1__iter__take__qyi11550387566643656565__resolve_coherence__refines [#"../../../creusot-contracts/src/std/iter/take.rs" 48 4 48 31] (* as resolve::Resolve> *) - let%span stake0 = "../../../creusot-contracts/src/std/iter/take.rs" 48 4 48 31 - let%span stake1 = "../../../creusot-contracts/src/std/iter/take.rs" 41 8 41 29 - let%span stake2 = "../../../creusot-contracts/src/std/iter/take.rs" 17 14 17 39 - let%span sinvariant3 = "../../../creusot-contracts/src/invariant.rs" 24 8 24 18 +module M_creusot_contracts__logic__ord__qyi11489483489418918928__cmp_le_log__refines [#"../../../creusot-contracts/src/logic/ord.rs" 130 8 130 39] (* *) + let%span sord0 = "../../../creusot-contracts/src/logic/ord.rs" 130 8 130 39 + let%span sord1 = "../../../creusot-contracts/src/logic/ord.rs" 186 16 192 17 - use prelude.prelude.Borrow + use prelude.prelude.UInt64 - type t_I'0 + use prelude.prelude.Int - use prelude.prelude.UIntSize + type t_Ordering'0 = + | C_Less'0 + | C_Equal'0 + | C_Greater'0 - type t_Take'0 = - { t_Take__iter'0: t_I'0; t_Take__n'0: usize } + function cmp_log'0 [#"../../../creusot-contracts/src/logic/ord.rs" 185 12 185 49] (self : uint64) (o : uint64) : t_Ordering'0 + + = + [%#sord1] if self < o then C_Less'0 else if self = o then C_Equal'0 else C_Greater'0 - predicate resolve'1 [#"../../../creusot-contracts/src/resolve.rs" 19 0 19 40] (_1 : usize) = - true + goal refines : [%#sord0] forall x : uint64 . forall y : uint64 . forall result : () . (x <= y) + = (cmp_log'0 x y <> C_Greater'0) -> (x <= y) = (cmp_log'0 x y <> C_Greater'0) +end +module M_creusot_contracts__logic__ord__qyi11489483489418918928__cmp_ge_log__refines [#"../../../creusot-contracts/src/logic/ord.rs" 140 8 140 39] (* *) + let%span sord0 = "../../../creusot-contracts/src/logic/ord.rs" 140 8 140 39 + let%span sord1 = "../../../creusot-contracts/src/logic/ord.rs" 186 16 192 17 - predicate resolve'2 [#"../../../creusot-contracts/src/resolve.rs" 19 0 19 40] (_1 : t_I'0) + use prelude.prelude.UInt64 - predicate structural_resolve'0 [#"../../../creusot-contracts/src/resolve.rs" 27 0 27 51] (_1 : t_Take'0) = - match _1 with - | {t_Take__iter'0 = x0 ; t_Take__n'0 = x1} -> resolve'1 x1 /\ resolve'2 x0 - end + use prelude.prelude.Int - predicate inv'2 [#"../../../creusot-contracts/src/invariant.rs" 41 0 41 35] (_1 : t_I'0) + type t_Ordering'0 = + | C_Less'0 + | C_Equal'0 + | C_Greater'0 - predicate inv'1 [#"../../../creusot-contracts/src/invariant.rs" 41 0 41 35] (_1 : t_Take'0) + function cmp_log'0 [#"../../../creusot-contracts/src/logic/ord.rs" 185 12 185 49] (self : uint64) (o : uint64) : t_Ordering'0 + + = + [%#sord1] if self < o then C_Less'0 else if self = o then C_Equal'0 else C_Greater'0 - axiom inv_axiom'1 [@rewrite] : forall x : t_Take'0 [inv'1 x] . inv'1 x - = match x with - | {t_Take__iter'0 = iter ; t_Take__n'0 = n} -> inv'2 iter - end + goal refines : [%#sord0] forall x : uint64 . forall y : uint64 . forall result : () . (x >= y) + = (cmp_log'0 x y <> C_Less'0) -> (x >= y) = (cmp_log'0 x y <> C_Less'0) +end +module M_creusot_contracts__logic__ord__qyi11489483489418918928__antisym2__refines [#"../../../creusot-contracts/src/logic/ord.rs" 169 8 169 37] (* *) + let%span sord0 = "../../../creusot-contracts/src/logic/ord.rs" 169 8 169 37 + let%span sord1 = "../../../creusot-contracts/src/logic/ord.rs" 186 16 192 17 - predicate invariant'0 [#"../../../creusot-contracts/src/invariant.rs" 23 4 23 30] (self : t_Take'0) = - [%#sinvariant3] inv'1 self + use prelude.prelude.UInt64 - predicate inv'0 [#"../../../creusot-contracts/src/invariant.rs" 41 0 41 35] (_1 : t_Take'0) + type t_Ordering'0 = + | C_Less'0 + | C_Equal'0 + | C_Greater'0 - axiom inv_axiom'0 [@rewrite] : forall x : t_Take'0 [inv'0 x] . inv'0 x = invariant'0 x + use prelude.prelude.Int - function iter'0 [#"../../../creusot-contracts/src/std/iter/take.rs" 18 4 18 22] (self : t_Take'0) : t_I'0 + function cmp_log'0 [#"../../../creusot-contracts/src/logic/ord.rs" 185 12 185 49] (self : uint64) (o : uint64) : t_Ordering'0 + + = + [%#sord1] if self < o then C_Less'0 else if self = o then C_Equal'0 else C_Greater'0 - axiom iter'0_spec : forall self : t_Take'0 . [%#stake2] inv'1 self -> inv'2 (iter'0 self) + goal refines : [%#sord0] forall x : uint64 . forall y : uint64 . cmp_log'0 x y = C_Greater'0 + -> cmp_log'0 x y = C_Greater'0 /\ (forall result : () . cmp_log'0 y x = C_Less'0 -> cmp_log'0 y x = C_Less'0) +end +module M_creusot_contracts__logic__ord__qyi11489483489418918928__cmp_gt_log__refines [#"../../../creusot-contracts/src/logic/ord.rs" 145 8 145 39] (* *) + let%span sord0 = "../../../creusot-contracts/src/logic/ord.rs" 145 8 145 39 + let%span sord1 = "../../../creusot-contracts/src/logic/ord.rs" 186 16 192 17 - predicate resolve'0 [#"../../../creusot-contracts/src/std/iter/take.rs" 40 4 40 28] (self : t_Take'0) = - [%#stake1] resolve'2 (iter'0 self) + use prelude.prelude.UInt64 - goal refines : [%#stake0] forall self : t_Take'0 . structural_resolve'0 self /\ inv'0 self - -> structural_resolve'0 self /\ (forall result : () . resolve'0 self -> resolve'0 self) -end -module M_creusot_contracts__stdqy35z1__slice__qyi4472237099583716627__resolve_coherence__refines [#"../../../creusot-contracts/src/std/slice.rs" 445 4 445 31] (* as resolve::Resolve> *) - let%span sslice0 = "../../../creusot-contracts/src/std/slice.rs" 445 4 445 31 - let%span sslice1 = "../../../creusot-contracts/src/std/slice.rs" 437 20 437 36 - let%span sslice2 = "../../../creusot-contracts/src/std/slice.rs" 427 14 427 50 - let%span sslice3 = "../../../creusot-contracts/src/std/slice.rs" 28 14 28 41 - let%span sslice4 = "../../../creusot-contracts/src/std/slice.rs" 29 14 29 42 + use prelude.prelude.Int - use prelude.prelude.Borrow + type t_Ordering'0 = + | C_Less'0 + | C_Equal'0 + | C_Greater'0 - use prelude.prelude.Opaque + function cmp_log'0 [#"../../../creusot-contracts/src/logic/ord.rs" 185 12 185 49] (self : uint64) (o : uint64) : t_Ordering'0 + + = + [%#sord1] if self < o then C_Less'0 else if self = o then C_Equal'0 else C_Greater'0 - type t_NonNull'0 = - { t_NonNull__pointer'0: opaque_ptr } + goal refines : [%#sord0] forall x : uint64 . forall y : uint64 . forall result : () . (x > y) + = (cmp_log'0 x y = C_Greater'0) -> (x > y) = (cmp_log'0 x y = C_Greater'0) +end +module M_creusot_contracts__logic__ord__qyi11489483489418918928__cmp_lt_log__refines [#"../../../creusot-contracts/src/logic/ord.rs" 135 8 135 39] (* *) + let%span sord0 = "../../../creusot-contracts/src/logic/ord.rs" 135 8 135 39 + let%span sord1 = "../../../creusot-contracts/src/logic/ord.rs" 186 16 192 17 - type t_IterMut'0 = - { t_IterMut__ptr'0: t_NonNull'0; t_IterMut__end_or_len'0: opaque_ptr; t_IterMut__qy95zmarker'0: () } + use prelude.prelude.UInt64 - predicate resolve'1 [#"../../../creusot-contracts/src/resolve.rs" 19 0 19 40] (_1 : ()) = - true + use prelude.prelude.Int - predicate resolve'2 [#"../../../creusot-contracts/src/resolve.rs" 19 0 19 40] (_1 : opaque_ptr) = - true + type t_Ordering'0 = + | C_Less'0 + | C_Equal'0 + | C_Greater'0 - predicate resolve'3 [#"../../../creusot-contracts/src/resolve.rs" 19 0 19 40] (_1 : t_NonNull'0) = - true + function cmp_log'0 [#"../../../creusot-contracts/src/logic/ord.rs" 185 12 185 49] (self : uint64) (o : uint64) : t_Ordering'0 + + = + [%#sord1] if self < o then C_Less'0 else if self = o then C_Equal'0 else C_Greater'0 - predicate structural_resolve'0 [#"../../../creusot-contracts/src/resolve.rs" 27 0 27 51] (_1 : t_IterMut'0) = - match _1 with - | {t_IterMut__ptr'0 = x0 ; t_IterMut__end_or_len'0 = x1 ; t_IterMut__qy95zmarker'0 = x2} -> resolve'1 x2 - /\ resolve'2 x1 /\ resolve'3 x0 - end + goal refines : [%#sord0] forall x : uint64 . forall y : uint64 . forall result : () . (x < y) + = (cmp_log'0 x y = C_Less'0) -> (x < y) = (cmp_log'0 x y = C_Less'0) +end +module M_creusot_contracts__logic__ord__qyi13757098721041279861__antisym2__refines [#"../../../creusot-contracts/src/logic/ord.rs" 169 8 169 37] (* *) + let%span sord0 = "../../../creusot-contracts/src/logic/ord.rs" 169 8 169 37 + let%span sord1 = "../../../creusot-contracts/src/logic/ord.rs" 186 16 192 17 - predicate inv'0 [#"../../../creusot-contracts/src/invariant.rs" 41 0 41 35] (_1 : t_IterMut'0) + use prelude.prelude.UInt128 - axiom inv_axiom'0 [@rewrite] : forall x : t_IterMut'0 [inv'0 x] . inv'0 x = true + type t_Ordering'0 = + | C_Less'0 + | C_Equal'0 + | C_Greater'0 - use seq.Seq + use prelude.prelude.Int - use prelude.prelude.UIntSize + function cmp_log'0 [#"../../../creusot-contracts/src/logic/ord.rs" 185 12 185 49] (self : uint128) (o : uint128) : t_Ordering'0 + + = + [%#sord1] if self < o then C_Less'0 else if self = o then C_Equal'0 else C_Greater'0 - constant v_MAX'0 : usize = (18446744073709551615 : usize) + goal refines : [%#sord0] forall x : uint128 . forall y : uint128 . cmp_log'0 x y = C_Greater'0 + -> cmp_log'0 x y = C_Greater'0 /\ (forall result : () . cmp_log'0 y x = C_Less'0 -> cmp_log'0 y x = C_Less'0) +end +module M_creusot_contracts__logic__ord__qyi13757098721041279861__cmp_le_log__refines [#"../../../creusot-contracts/src/logic/ord.rs" 130 8 130 39] (* *) + let%span sord0 = "../../../creusot-contracts/src/logic/ord.rs" 130 8 130 39 + let%span sord1 = "../../../creusot-contracts/src/logic/ord.rs" 186 16 192 17 - use prelude.prelude.UIntSize + use prelude.prelude.UInt128 use prelude.prelude.Int - use prelude.prelude.Slice + type t_Ordering'0 = + | C_Less'0 + | C_Equal'0 + | C_Greater'0 - use prelude.prelude.Slice + function cmp_log'0 [#"../../../creusot-contracts/src/logic/ord.rs" 185 12 185 49] (self : uint128) (o : uint128) : t_Ordering'0 + + = + [%#sord1] if self < o then C_Less'0 else if self = o then C_Equal'0 else C_Greater'0 - type t_T'0 + goal refines : [%#sord0] forall x : uint128 . forall y : uint128 . forall result : () . (x <= y) + = (cmp_log'0 x y <> C_Greater'0) -> (x <= y) = (cmp_log'0 x y <> C_Greater'0) +end +module M_creusot_contracts__logic__ord__qyi13757098721041279861__antisym1__refines [#"../../../creusot-contracts/src/logic/ord.rs" 163 8 163 37] (* *) + let%span sord0 = "../../../creusot-contracts/src/logic/ord.rs" 163 8 163 37 + let%span sord1 = "../../../creusot-contracts/src/logic/ord.rs" 186 16 192 17 - use seq.Seq + use prelude.prelude.UInt128 - function view'1 [#"../../../creusot-contracts/src/std/slice.rs" 30 4 30 33] (self : slice t_T'0) : Seq.seq t_T'0 + type t_Ordering'0 = + | C_Less'0 + | C_Equal'0 + | C_Greater'0 - axiom view'1_spec : forall self : slice t_T'0 . ([%#sslice3] Seq.length (view'1 self) - <= UIntSize.to_int (v_MAX'0 : usize)) - && ([%#sslice4] view'1 self = Slice.id self) + use prelude.prelude.Int - function view'0 [#"../../../creusot-contracts/src/std/slice.rs" 428 4 428 33] (self : t_IterMut'0) : borrowed (slice t_T'0) + function cmp_log'0 [#"../../../creusot-contracts/src/logic/ord.rs" 185 12 185 49] (self : uint128) (o : uint128) : t_Ordering'0 + = + [%#sord1] if self < o then C_Less'0 else if self = o then C_Equal'0 else C_Greater'0 - axiom view'0_spec : forall self : t_IterMut'0 . [%#sslice2] Seq.length (view'1 (view'0 self).final) - = Seq.length (view'1 (view'0 self).current) - - predicate resolve'0 [#"../../../creusot-contracts/src/std/slice.rs" 436 4 436 28] (self : t_IterMut'0) = - [%#sslice1] (view'0 self).current = (view'0 self).final - - goal refines : [%#sslice0] forall self : t_IterMut'0 . structural_resolve'0 self /\ inv'0 self - -> structural_resolve'0 self /\ (forall result : () . resolve'0 self -> resolve'0 self) + goal refines : [%#sord0] forall x : uint128 . forall y : uint128 . cmp_log'0 x y = C_Less'0 + -> cmp_log'0 x y = C_Less'0 /\ (forall result : () . cmp_log'0 y x = C_Greater'0 -> cmp_log'0 y x = C_Greater'0) end -module M_creusot_contracts__stdqy35z1__vec__qyi6844585276173866460__resolve_coherence__refines [#"../../../creusot-contracts/src/std/vec.rs" 56 4 56 31] (* as resolve::Resolve> *) - let%span svec0 = "../../../creusot-contracts/src/std/vec.rs" 56 4 56 31 - let%span svec1 = "../../../creusot-contracts/src/std/vec.rs" 49 20 49 83 - let%span svec2 = "../../../creusot-contracts/src/std/vec.rs" 18 14 18 41 - let%span sindex3 = "../../../creusot-contracts/src/logic/ops/index.rs" 27 8 27 31 - let%span sinvariant4 = "../../../creusot-contracts/src/invariant.rs" 24 8 24 18 - let%span svec5 = "../../../creusot-contracts/src/std/vec.rs" 65 20 65 41 - let%span sseq6 = "../../../creusot-contracts/src/logic/seq.rs" 623 20 623 95 - let%span sboxed7 = "../../../creusot-contracts/src/std/boxed.rs" 28 8 28 18 +module M_creusot_contracts__logic__ord__qyi13757098721041279861__trans__refines [#"../../../creusot-contracts/src/logic/ord.rs" 157 8 157 56] (* *) + let%span sord0 = "../../../creusot-contracts/src/logic/ord.rs" 157 8 157 56 + let%span sord1 = "../../../creusot-contracts/src/logic/ord.rs" 186 16 192 17 - use prelude.prelude.Borrow + use prelude.prelude.UInt128 - use prelude.prelude.Opaque + type t_Ordering'0 = + | C_Less'0 + | C_Equal'0 + | C_Greater'0 - type t_NonNull'0 = - { t_NonNull__pointer'0: opaque_ptr } + use prelude.prelude.Int - type t_Unique'0 = - { t_Unique__pointer'0: t_NonNull'0; t_Unique__qy95zmarker'0: () } + function cmp_log'0 [#"../../../creusot-contracts/src/logic/ord.rs" 185 12 185 49] (self : uint128) (o : uint128) : t_Ordering'0 + + = + [%#sord1] if self < o then C_Less'0 else if self = o then C_Equal'0 else C_Greater'0 - use prelude.prelude.UIntSize + goal refines : [%#sord0] forall x : uint128 . forall y : uint128 . forall z : uint128 . forall o : t_Ordering'0 . cmp_log'0 y z + = o + /\ cmp_log'0 x y = o + -> cmp_log'0 y z = o /\ cmp_log'0 x y = o /\ (forall result : () . cmp_log'0 x z = o -> cmp_log'0 x z = o) +end +module M_creusot_contracts__logic__ord__qyi13757098721041279861__refl__refines [#"../../../creusot-contracts/src/logic/ord.rs" 150 8 150 24] (* *) + let%span sord0 = "../../../creusot-contracts/src/logic/ord.rs" 150 8 150 24 + let%span sord1 = "../../../creusot-contracts/src/logic/ord.rs" 186 16 192 17 - type t_Cap'0 = - { t_Cap__0'0: usize } + use prelude.prelude.UInt128 - type t_A'0 + type t_Ordering'0 = + | C_Less'0 + | C_Equal'0 + | C_Greater'0 - type t_RawVec'0 = - { t_RawVec__ptr'0: t_Unique'0; t_RawVec__cap'0: t_Cap'0; t_RawVec__alloc'0: t_A'0 } + use prelude.prelude.Int - type t_Vec'0 = - { t_Vec__buf'0: t_RawVec'0; t_Vec__len'0: usize } + function cmp_log'0 [#"../../../creusot-contracts/src/logic/ord.rs" 185 12 185 49] (self : uint128) (o : uint128) : t_Ordering'0 + + = + [%#sord1] if self < o then C_Less'0 else if self = o then C_Equal'0 else C_Greater'0 - predicate resolve'1 [#"../../../creusot-contracts/src/resolve.rs" 19 0 19 40] (_1 : usize) = - true + goal refines : [%#sord0] forall x : uint128 . forall result : () . cmp_log'0 x x = C_Equal'0 + -> cmp_log'0 x x = C_Equal'0 +end +module M_creusot_contracts__logic__ord__qyi13757098721041279861__cmp_ge_log__refines [#"../../../creusot-contracts/src/logic/ord.rs" 140 8 140 39] (* *) + let%span sord0 = "../../../creusot-contracts/src/logic/ord.rs" 140 8 140 39 + let%span sord1 = "../../../creusot-contracts/src/logic/ord.rs" 186 16 192 17 - predicate resolve'2 [#"../../../creusot-contracts/src/resolve.rs" 19 0 19 40] (_1 : t_RawVec'0) = - true - - predicate structural_resolve'0 [#"../../../creusot-contracts/src/resolve.rs" 27 0 27 51] (_1 : t_Vec'0) = - match _1 with - | {t_Vec__buf'0 = x0 ; t_Vec__len'0 = x1} -> resolve'1 x1 /\ resolve'2 x0 - end - - use seq.Seq + use prelude.prelude.UInt128 - constant v_MAX'0 : usize = (18446744073709551615 : usize) + use prelude.prelude.Int - use prelude.prelude.UIntSize + type t_Ordering'0 = + | C_Less'0 + | C_Equal'0 + | C_Greater'0 - use prelude.prelude.Int + function cmp_log'0 [#"../../../creusot-contracts/src/logic/ord.rs" 185 12 185 49] (self : uint128) (o : uint128) : t_Ordering'0 + + = + [%#sord1] if self < o then C_Less'0 else if self = o then C_Equal'0 else C_Greater'0 - type t_T'0 + goal refines : [%#sord0] forall x : uint128 . forall y : uint128 . forall result : () . (x >= y) + = (cmp_log'0 x y <> C_Less'0) -> (x >= y) = (cmp_log'0 x y <> C_Less'0) +end +module M_creusot_contracts__logic__ord__qyi13757098721041279861__eq_cmp__refines [#"../../../creusot-contracts/src/logic/ord.rs" 174 8 174 35] (* *) + let%span sord0 = "../../../creusot-contracts/src/logic/ord.rs" 174 8 174 35 + let%span sord1 = "../../../creusot-contracts/src/logic/ord.rs" 186 16 192 17 - use seq.Seq + use prelude.prelude.UInt128 - function view'0 [#"../../../creusot-contracts/src/std/vec.rs" 19 4 19 27] (self : t_Vec'0) : Seq.seq t_T'0 + type t_Ordering'0 = + | C_Less'0 + | C_Equal'0 + | C_Greater'0 - axiom view'0_spec : forall self : t_Vec'0 . [%#svec2] Seq.length (view'0 self) <= UIntSize.to_int (v_MAX'0 : usize) + use prelude.prelude.Int - use seq.Seq + function cmp_log'0 [#"../../../creusot-contracts/src/logic/ord.rs" 185 12 185 49] (self : uint128) (o : uint128) : t_Ordering'0 + + = + [%#sord1] if self < o then C_Less'0 else if self = o then C_Equal'0 else C_Greater'0 - predicate inv'4 [#"../../../creusot-contracts/src/invariant.rs" 41 0 41 35] (_1 : t_T'0) + goal refines : [%#sord0] forall x : uint128 . forall y : uint128 . forall result : () . (x = y) + = (cmp_log'0 x y = C_Equal'0) -> (x = y) = (cmp_log'0 x y = C_Equal'0) +end +module M_creusot_contracts__logic__ord__qyi13757098721041279861__cmp_gt_log__refines [#"../../../creusot-contracts/src/logic/ord.rs" 145 8 145 39] (* *) + let%span sord0 = "../../../creusot-contracts/src/logic/ord.rs" 145 8 145 39 + let%span sord1 = "../../../creusot-contracts/src/logic/ord.rs" 186 16 192 17 - predicate invariant'3 [#"../../../creusot-contracts/src/std/boxed.rs" 27 4 27 30] (self : t_T'0) = - [%#sboxed7] inv'4 self + use prelude.prelude.UInt128 - predicate inv'3 [#"../../../creusot-contracts/src/invariant.rs" 41 0 41 35] (_1 : t_T'0) + use prelude.prelude.Int - axiom inv_axiom'3 [@rewrite] : forall x : t_T'0 [inv'3 x] . inv'3 x = invariant'3 x + type t_Ordering'0 = + | C_Less'0 + | C_Equal'0 + | C_Greater'0 - predicate invariant'2 [#"../../../creusot-contracts/src/logic/seq.rs" 622 4 622 30] (self : Seq.seq t_T'0) = - [%#sseq6] forall i : int . 0 <= i /\ i < Seq.length self -> inv'3 (Seq.get self i) + function cmp_log'0 [#"../../../creusot-contracts/src/logic/ord.rs" 185 12 185 49] (self : uint128) (o : uint128) : t_Ordering'0 + + = + [%#sord1] if self < o then C_Less'0 else if self = o then C_Equal'0 else C_Greater'0 - predicate inv'2 [#"../../../creusot-contracts/src/invariant.rs" 41 0 41 35] (_1 : Seq.seq t_T'0) + goal refines : [%#sord0] forall x : uint128 . forall y : uint128 . forall result : () . (x > y) + = (cmp_log'0 x y = C_Greater'0) -> (x > y) = (cmp_log'0 x y = C_Greater'0) +end +module M_creusot_contracts__logic__ord__qyi13757098721041279861__cmp_lt_log__refines [#"../../../creusot-contracts/src/logic/ord.rs" 135 8 135 39] (* *) + let%span sord0 = "../../../creusot-contracts/src/logic/ord.rs" 135 8 135 39 + let%span sord1 = "../../../creusot-contracts/src/logic/ord.rs" 186 16 192 17 - axiom inv_axiom'2 [@rewrite] : forall x : Seq.seq t_T'0 [inv'2 x] . inv'2 x = invariant'2 x + use prelude.prelude.UInt128 - predicate invariant'1 [#"../../../creusot-contracts/src/std/vec.rs" 64 4 64 30] (self : t_Vec'0) = - [%#svec5] inv'2 (view'0 self) + use prelude.prelude.Int - predicate inv'1 [#"../../../creusot-contracts/src/invariant.rs" 41 0 41 35] (_1 : t_Vec'0) + type t_Ordering'0 = + | C_Less'0 + | C_Equal'0 + | C_Greater'0 - axiom inv_axiom'1 [@rewrite] : forall x : t_Vec'0 [inv'1 x] . inv'1 x = invariant'1 x + function cmp_log'0 [#"../../../creusot-contracts/src/logic/ord.rs" 185 12 185 49] (self : uint128) (o : uint128) : t_Ordering'0 + + = + [%#sord1] if self < o then C_Less'0 else if self = o then C_Equal'0 else C_Greater'0 - predicate invariant'0 [#"../../../creusot-contracts/src/invariant.rs" 23 4 23 30] (self : t_Vec'0) = - [%#sinvariant4] inv'1 self + goal refines : [%#sord0] forall x : uint128 . forall y : uint128 . forall result : () . (x < y) + = (cmp_log'0 x y = C_Less'0) -> (x < y) = (cmp_log'0 x y = C_Less'0) +end +module M_creusot_contracts__logic__ord__qyi8186105652185060096__antisym1__refines [#"../../../creusot-contracts/src/logic/ord.rs" 163 8 163 37] (* *) + let%span sord0 = "../../../creusot-contracts/src/logic/ord.rs" 163 8 163 37 + let%span sord1 = "../../../creusot-contracts/src/logic/ord.rs" 186 16 192 17 - predicate inv'0 [#"../../../creusot-contracts/src/invariant.rs" 41 0 41 35] (_1 : t_Vec'0) + use prelude.prelude.UIntSize - axiom inv_axiom'0 [@rewrite] : forall x : t_Vec'0 [inv'0 x] . inv'0 x = invariant'0 x + type t_Ordering'0 = + | C_Less'0 + | C_Equal'0 + | C_Greater'0 - use seq.Seq + use prelude.prelude.Int - function index_logic'0 [@inline:trivial] [#"../../../creusot-contracts/src/logic/ops/index.rs" 26 4 26 47] (self : t_Vec'0) (ix : int) : t_T'0 + function cmp_log'0 [#"../../../creusot-contracts/src/logic/ord.rs" 185 12 185 49] (self : usize) (o : usize) : t_Ordering'0 = - [%#sindex3] Seq.get (view'0 self) ix + [%#sord1] if self < o then C_Less'0 else if self = o then C_Equal'0 else C_Greater'0 - predicate resolve'3 [#"../../../creusot-contracts/src/resolve.rs" 19 0 19 40] (_1 : t_T'0) + goal refines : [%#sord0] forall x : usize . forall y : usize . cmp_log'0 x y = C_Less'0 + -> cmp_log'0 x y = C_Less'0 /\ (forall result : () . cmp_log'0 y x = C_Greater'0 -> cmp_log'0 y x = C_Greater'0) +end +module M_creusot_contracts__logic__ord__qyi8186105652185060096__cmp_ge_log__refines [#"../../../creusot-contracts/src/logic/ord.rs" 140 8 140 39] (* *) + let%span sord0 = "../../../creusot-contracts/src/logic/ord.rs" 140 8 140 39 + let%span sord1 = "../../../creusot-contracts/src/logic/ord.rs" 186 16 192 17 - predicate resolve'0 [#"../../../creusot-contracts/src/std/vec.rs" 48 4 48 28] (self : t_Vec'0) = - [%#svec1] forall i : int . 0 <= i /\ i < Seq.length (view'0 self) -> resolve'3 (index_logic'0 self i) + use prelude.prelude.UIntSize - goal refines : [%#svec0] forall self : t_Vec'0 . structural_resolve'0 self /\ inv'0 self - -> structural_resolve'0 self /\ (forall result : () . resolve'0 self -> resolve'0 self) -end -module M_creusot_contracts__stdqy35z1__vec__qyi8594830193745006303__resolve_coherence__refines [#"../../../creusot-contracts/src/std/vec.rs" 250 4 250 31] (* as resolve::Resolve> *) - let%span svec0 = "../../../creusot-contracts/src/std/vec.rs" 250 4 250 31 - let%span svec1 = "../../../creusot-contracts/src/std/vec.rs" 243 20 243 83 - let%span sinvariant2 = "../../../creusot-contracts/src/invariant.rs" 24 8 24 18 + use prelude.prelude.Int - use prelude.prelude.Borrow + type t_Ordering'0 = + | C_Less'0 + | C_Equal'0 + | C_Greater'0 - use prelude.prelude.Opaque + function cmp_log'0 [#"../../../creusot-contracts/src/logic/ord.rs" 185 12 185 49] (self : usize) (o : usize) : t_Ordering'0 + + = + [%#sord1] if self < o then C_Less'0 else if self = o then C_Equal'0 else C_Greater'0 - type t_NonNull'0 = - { t_NonNull__pointer'0: opaque_ptr } + goal refines : [%#sord0] forall x : usize . forall y : usize . forall result : () . (x >= y) + = (cmp_log'0 x y <> C_Less'0) -> (x >= y) = (cmp_log'0 x y <> C_Less'0) +end +module M_creusot_contracts__logic__ord__qyi8186105652185060096__cmp_le_log__refines [#"../../../creusot-contracts/src/logic/ord.rs" 130 8 130 39] (* *) + let%span sord0 = "../../../creusot-contracts/src/logic/ord.rs" 130 8 130 39 + let%span sord1 = "../../../creusot-contracts/src/logic/ord.rs" 186 16 192 17 use prelude.prelude.UIntSize - type t_A'0 - - type t_ManuallyDrop'0 = - { t_ManuallyDrop__value'0: t_A'0 } + use prelude.prelude.Int - type t_IntoIter'0 = - { t_IntoIter__buf'0: t_NonNull'0; - t_IntoIter__phantom'0: (); - t_IntoIter__cap'0: usize; - t_IntoIter__alloc'0: t_ManuallyDrop'0; - t_IntoIter__ptr'0: t_NonNull'0; - t_IntoIter__end'0: opaque_ptr } + type t_Ordering'0 = + | C_Less'0 + | C_Equal'0 + | C_Greater'0 - predicate resolve'1 [#"../../../creusot-contracts/src/resolve.rs" 19 0 19 40] (_1 : opaque_ptr) = - true + function cmp_log'0 [#"../../../creusot-contracts/src/logic/ord.rs" 185 12 185 49] (self : usize) (o : usize) : t_Ordering'0 + + = + [%#sord1] if self < o then C_Less'0 else if self = o then C_Equal'0 else C_Greater'0 - predicate resolve'2 [#"../../../creusot-contracts/src/resolve.rs" 19 0 19 40] (_1 : t_NonNull'0) = - true + goal refines : [%#sord0] forall x : usize . forall y : usize . forall result : () . (x <= y) + = (cmp_log'0 x y <> C_Greater'0) -> (x <= y) = (cmp_log'0 x y <> C_Greater'0) +end +module M_creusot_contracts__logic__ord__qyi8186105652185060096__cmp_lt_log__refines [#"../../../creusot-contracts/src/logic/ord.rs" 135 8 135 39] (* *) + let%span sord0 = "../../../creusot-contracts/src/logic/ord.rs" 135 8 135 39 + let%span sord1 = "../../../creusot-contracts/src/logic/ord.rs" 186 16 192 17 - predicate resolve'3 [#"../../../creusot-contracts/src/resolve.rs" 19 0 19 40] (_1 : t_ManuallyDrop'0) = - true + use prelude.prelude.UIntSize - predicate resolve'4 [#"../../../creusot-contracts/src/resolve.rs" 19 0 19 40] (_1 : usize) = - true + use prelude.prelude.Int - predicate resolve'5 [#"../../../creusot-contracts/src/resolve.rs" 19 0 19 40] (_1 : ()) = - true + type t_Ordering'0 = + | C_Less'0 + | C_Equal'0 + | C_Greater'0 - predicate structural_resolve'0 [#"../../../creusot-contracts/src/resolve.rs" 27 0 27 51] (_1 : t_IntoIter'0) = - match _1 with - | {t_IntoIter__buf'0 = x0 ; t_IntoIter__phantom'0 = x1 ; t_IntoIter__cap'0 = x2 ; t_IntoIter__alloc'0 = x3 ; t_IntoIter__ptr'0 = x4 ; t_IntoIter__end'0 = x5} -> resolve'1 x5 - /\ resolve'2 x4 /\ resolve'3 x3 /\ resolve'4 x2 /\ resolve'5 x1 /\ resolve'2 x0 - end + function cmp_log'0 [#"../../../creusot-contracts/src/logic/ord.rs" 185 12 185 49] (self : usize) (o : usize) : t_Ordering'0 + + = + [%#sord1] if self < o then C_Less'0 else if self = o then C_Equal'0 else C_Greater'0 - predicate inv'3 [#"../../../creusot-contracts/src/invariant.rs" 41 0 41 35] (_1 : t_A'0) + goal refines : [%#sord0] forall x : usize . forall y : usize . forall result : () . (x < y) + = (cmp_log'0 x y = C_Less'0) -> (x < y) = (cmp_log'0 x y = C_Less'0) +end +module M_creusot_contracts__logic__ord__qyi8186105652185060096__cmp_gt_log__refines [#"../../../creusot-contracts/src/logic/ord.rs" 145 8 145 39] (* *) + let%span sord0 = "../../../creusot-contracts/src/logic/ord.rs" 145 8 145 39 + let%span sord1 = "../../../creusot-contracts/src/logic/ord.rs" 186 16 192 17 - predicate inv'2 [#"../../../creusot-contracts/src/invariant.rs" 41 0 41 35] (_1 : t_ManuallyDrop'0) + use prelude.prelude.UIntSize - axiom inv_axiom'2 [@rewrite] : forall x : t_ManuallyDrop'0 [inv'2 x] . inv'2 x - = match x with - | {t_ManuallyDrop__value'0 = value} -> inv'3 value - end + use prelude.prelude.Int - predicate inv'1 [#"../../../creusot-contracts/src/invariant.rs" 41 0 41 35] (_1 : t_IntoIter'0) + type t_Ordering'0 = + | C_Less'0 + | C_Equal'0 + | C_Greater'0 - axiom inv_axiom'1 [@rewrite] : forall x : t_IntoIter'0 [inv'1 x] . inv'1 x - = match x with - | {t_IntoIter__buf'0 = buf ; t_IntoIter__phantom'0 = phantom ; t_IntoIter__cap'0 = cap ; t_IntoIter__alloc'0 = alloc ; t_IntoIter__ptr'0 = ptr ; t_IntoIter__end'0 = end'} -> inv'2 alloc - end + function cmp_log'0 [#"../../../creusot-contracts/src/logic/ord.rs" 185 12 185 49] (self : usize) (o : usize) : t_Ordering'0 + + = + [%#sord1] if self < o then C_Less'0 else if self = o then C_Equal'0 else C_Greater'0 - predicate invariant'0 [#"../../../creusot-contracts/src/invariant.rs" 23 4 23 30] (self : t_IntoIter'0) = - [%#sinvariant2] inv'1 self + goal refines : [%#sord0] forall x : usize . forall y : usize . forall result : () . (x > y) + = (cmp_log'0 x y = C_Greater'0) -> (x > y) = (cmp_log'0 x y = C_Greater'0) +end +module M_creusot_contracts__logic__ord__qyi8186105652185060096__trans__refines [#"../../../creusot-contracts/src/logic/ord.rs" 157 8 157 56] (* *) + let%span sord0 = "../../../creusot-contracts/src/logic/ord.rs" 157 8 157 56 + let%span sord1 = "../../../creusot-contracts/src/logic/ord.rs" 186 16 192 17 - predicate inv'0 [#"../../../creusot-contracts/src/invariant.rs" 41 0 41 35] (_1 : t_IntoIter'0) + use prelude.prelude.UIntSize - axiom inv_axiom'0 [@rewrite] : forall x : t_IntoIter'0 [inv'0 x] . inv'0 x = invariant'0 x + type t_Ordering'0 = + | C_Less'0 + | C_Equal'0 + | C_Greater'0 use prelude.prelude.Int - type t_T'0 - - use seq.Seq + function cmp_log'0 [#"../../../creusot-contracts/src/logic/ord.rs" 185 12 185 49] (self : usize) (o : usize) : t_Ordering'0 + + = + [%#sord1] if self < o then C_Less'0 else if self = o then C_Equal'0 else C_Greater'0 - function view'0 [#"../../../creusot-contracts/src/std/vec.rs" 234 4 234 33] (self : t_IntoIter'0) : Seq.seq t_T'0 + goal refines : [%#sord0] forall x : usize . forall y : usize . forall z : usize . forall o : t_Ordering'0 . cmp_log'0 y z + = o + /\ cmp_log'0 x y = o + -> cmp_log'0 y z = o /\ cmp_log'0 x y = o /\ (forall result : () . cmp_log'0 x z = o -> cmp_log'0 x z = o) +end +module M_creusot_contracts__logic__ord__qyi8186105652185060096__eq_cmp__refines [#"../../../creusot-contracts/src/logic/ord.rs" 174 8 174 35] (* *) + let%span sord0 = "../../../creusot-contracts/src/logic/ord.rs" 174 8 174 35 + let%span sord1 = "../../../creusot-contracts/src/logic/ord.rs" 186 16 192 17 - use seq.Seq + use prelude.prelude.UIntSize - use seq.Seq + type t_Ordering'0 = + | C_Less'0 + | C_Equal'0 + | C_Greater'0 - predicate resolve'6 [#"../../../creusot-contracts/src/resolve.rs" 19 0 19 40] (_1 : t_T'0) + use prelude.prelude.Int - predicate resolve'0 [#"../../../creusot-contracts/src/std/vec.rs" 242 4 242 28] (self : t_IntoIter'0) = - [%#svec1] forall i : int . 0 <= i /\ i < Seq.length (view'0 self) -> resolve'6 (Seq.get (view'0 self) i) + function cmp_log'0 [#"../../../creusot-contracts/src/logic/ord.rs" 185 12 185 49] (self : usize) (o : usize) : t_Ordering'0 + + = + [%#sord1] if self < o then C_Less'0 else if self = o then C_Equal'0 else C_Greater'0 - goal refines : [%#svec0] forall self : t_IntoIter'0 . structural_resolve'0 self /\ inv'0 self - -> structural_resolve'0 self /\ (forall result : () . resolve'0 self -> resolve'0 self) + goal refines : [%#sord0] forall x : usize . forall y : usize . forall result : () . (x = y) + = (cmp_log'0 x y = C_Equal'0) -> (x = y) = (cmp_log'0 x y = C_Equal'0) end -module M_creusot_contracts__ghost__qyi2241556416362616690__resolve_coherence__refines [#"../../../creusot-contracts/src/ghost.rs" 117 4 117 31] (* as resolve::Resolve> *) - let%span sghost0 = "../../../creusot-contracts/src/ghost.rs" 117 4 117 31 - let%span sghost1 = "../../../creusot-contracts/src/ghost.rs" 110 8 110 24 - let%span sresolve2 = "../../../creusot-contracts/src/resolve.rs" 68 8 68 23 - let%span sinvariant3 = "../../../creusot-contracts/src/invariant.rs" 24 8 24 18 - let%span sboxed4 = "../../../creusot-contracts/src/std/boxed.rs" 28 8 28 18 +module M_creusot_contracts__logic__ord__qyi8186105652185060096__antisym2__refines [#"../../../creusot-contracts/src/logic/ord.rs" 169 8 169 37] (* *) + let%span sord0 = "../../../creusot-contracts/src/logic/ord.rs" 169 8 169 37 + let%span sord1 = "../../../creusot-contracts/src/logic/ord.rs" 186 16 192 17 - use prelude.prelude.Borrow + use prelude.prelude.UIntSize - type t_T'0 + type t_Ordering'0 = + | C_Less'0 + | C_Equal'0 + | C_Greater'0 - type t_GhostBox'0 = - { t_GhostBox__0'0: t_T'0 } + use prelude.prelude.Int - predicate resolve'3 [#"../../../creusot-contracts/src/resolve.rs" 19 0 19 40] (_1 : t_T'0) + function cmp_log'0 [#"../../../creusot-contracts/src/logic/ord.rs" 185 12 185 49] (self : usize) (o : usize) : t_Ordering'0 + + = + [%#sord1] if self < o then C_Less'0 else if self = o then C_Equal'0 else C_Greater'0 - predicate resolve'2 [#"../../../creusot-contracts/src/resolve.rs" 67 4 67 28] (self : t_T'0) = - [%#sresolve2] resolve'3 self + goal refines : [%#sord0] forall x : usize . forall y : usize . cmp_log'0 x y = C_Greater'0 + -> cmp_log'0 x y = C_Greater'0 /\ (forall result : () . cmp_log'0 y x = C_Less'0 -> cmp_log'0 y x = C_Less'0) +end +module M_creusot_contracts__logic__ord__qyi8186105652185060096__refl__refines [#"../../../creusot-contracts/src/logic/ord.rs" 150 8 150 24] (* *) + let%span sord0 = "../../../creusot-contracts/src/logic/ord.rs" 150 8 150 24 + let%span sord1 = "../../../creusot-contracts/src/logic/ord.rs" 186 16 192 17 - predicate resolve'1 [#"../../../creusot-contracts/src/resolve.rs" 19 0 19 40] (_1 : t_T'0) = - resolve'2 _1 + use prelude.prelude.UIntSize - predicate structural_resolve'0 [#"../../../creusot-contracts/src/resolve.rs" 27 0 27 51] (_1 : t_GhostBox'0) = - match _1 with - | {t_GhostBox__0'0 = x0} -> resolve'1 x0 - end + type t_Ordering'0 = + | C_Less'0 + | C_Equal'0 + | C_Greater'0 - predicate inv'3 [#"../../../creusot-contracts/src/invariant.rs" 41 0 41 35] (_1 : t_T'0) + use prelude.prelude.Int - predicate invariant'1 [#"../../../creusot-contracts/src/std/boxed.rs" 27 4 27 30] (self : t_T'0) = - [%#sboxed4] inv'3 self + function cmp_log'0 [#"../../../creusot-contracts/src/logic/ord.rs" 185 12 185 49] (self : usize) (o : usize) : t_Ordering'0 + + = + [%#sord1] if self < o then C_Less'0 else if self = o then C_Equal'0 else C_Greater'0 - predicate inv'2 [#"../../../creusot-contracts/src/invariant.rs" 41 0 41 35] (_1 : t_T'0) + goal refines : [%#sord0] forall x : usize . forall result : () . cmp_log'0 x x = C_Equal'0 + -> cmp_log'0 x x = C_Equal'0 +end +module M_creusot_contracts__logic__ord__qyi18413678402769648790__cmp_lt_log__refines [#"../../../creusot-contracts/src/logic/ord.rs" 135 8 135 39] (* *) + let%span sord0 = "../../../creusot-contracts/src/logic/ord.rs" 135 8 135 39 + let%span sord1 = "../../../creusot-contracts/src/logic/ord.rs" 186 16 192 17 - axiom inv_axiom'2 [@rewrite] : forall x : t_T'0 [inv'2 x] . inv'2 x = invariant'1 x + use prelude.prelude.Int8 - predicate inv'1 [#"../../../creusot-contracts/src/invariant.rs" 41 0 41 35] (_1 : t_GhostBox'0) + use prelude.prelude.Int - axiom inv_axiom'1 [@rewrite] : forall x : t_GhostBox'0 [inv'1 x] . inv'1 x - = match x with - | {t_GhostBox__0'0 = a_0} -> inv'2 a_0 - end + type t_Ordering'0 = + | C_Less'0 + | C_Equal'0 + | C_Greater'0 - predicate invariant'0 [#"../../../creusot-contracts/src/invariant.rs" 23 4 23 30] (self : t_GhostBox'0) = - [%#sinvariant3] inv'1 self + function cmp_log'0 [#"../../../creusot-contracts/src/logic/ord.rs" 185 12 185 49] (self : int8) (o : int8) : t_Ordering'0 + + = + [%#sord1] if self < o then C_Less'0 else if self = o then C_Equal'0 else C_Greater'0 - predicate inv'0 [#"../../../creusot-contracts/src/invariant.rs" 41 0 41 35] (_1 : t_GhostBox'0) + goal refines : [%#sord0] forall x : int8 . forall y : int8 . forall result : () . (x < y) = (cmp_log'0 x y = C_Less'0) + -> (x < y) = (cmp_log'0 x y = C_Less'0) +end +module M_creusot_contracts__logic__ord__qyi18413678402769648790__cmp_ge_log__refines [#"../../../creusot-contracts/src/logic/ord.rs" 140 8 140 39] (* *) + let%span sord0 = "../../../creusot-contracts/src/logic/ord.rs" 140 8 140 39 + let%span sord1 = "../../../creusot-contracts/src/logic/ord.rs" 186 16 192 17 - axiom inv_axiom'0 [@rewrite] : forall x : t_GhostBox'0 [inv'0 x] . inv'0 x = invariant'0 x + use prelude.prelude.Int8 - predicate structural_resolve'1 [#"../../../creusot-contracts/src/resolve.rs" 27 0 27 51] (_1 : t_GhostBox'0) = - true + use prelude.prelude.Int - predicate resolve'0 [#"../../../creusot-contracts/src/ghost.rs" 109 4 109 28] (self : t_GhostBox'0) = - [%#sghost1] resolve'1 self.t_GhostBox__0'0 + type t_Ordering'0 = + | C_Less'0 + | C_Equal'0 + | C_Greater'0 - goal refines : [%#sghost0] forall self : t_GhostBox'0 . structural_resolve'0 self /\ inv'0 self - -> structural_resolve'1 self /\ (forall result : () . resolve'0 self -> resolve'0 self) + function cmp_log'0 [#"../../../creusot-contracts/src/logic/ord.rs" 185 12 185 49] (self : int8) (o : int8) : t_Ordering'0 + + = + [%#sord1] if self < o then C_Less'0 else if self = o then C_Equal'0 else C_Greater'0 + + goal refines : [%#sord0] forall x : int8 . forall y : int8 . forall result : () . (x >= y) + = (cmp_log'0 x y <> C_Less'0) -> (x >= y) = (cmp_log'0 x y <> C_Less'0) end -module M_creusot_contracts__resolve__qyi4855891653524509355__resolve_coherence__refines [#"../../../creusot-contracts/src/resolve.rs" 47 4 47 31] (* <(T1, T2) as resolve::Resolve> *) - let%span sresolve0 = "../../../creusot-contracts/src/resolve.rs" 47 4 47 31 - let%span sresolve1 = "../../../creusot-contracts/src/resolve.rs" 40 8 40 44 - let%span sinvariant2 = "../../../creusot-contracts/src/invariant.rs" 24 8 24 18 +module M_creusot_contracts__logic__ord__qyi18413678402769648790__trans__refines [#"../../../creusot-contracts/src/logic/ord.rs" 157 8 157 56] (* *) + let%span sord0 = "../../../creusot-contracts/src/logic/ord.rs" 157 8 157 56 + let%span sord1 = "../../../creusot-contracts/src/logic/ord.rs" 186 16 192 17 - use prelude.prelude.Borrow + use prelude.prelude.Int8 - type t_T1'0 + type t_Ordering'0 = + | C_Less'0 + | C_Equal'0 + | C_Greater'0 - type t_T2'0 + use prelude.prelude.Int - predicate resolve'1 [#"../../../creusot-contracts/src/resolve.rs" 19 0 19 40] (_1 : t_T2'0) + function cmp_log'0 [#"../../../creusot-contracts/src/logic/ord.rs" 185 12 185 49] (self : int8) (o : int8) : t_Ordering'0 + + = + [%#sord1] if self < o then C_Less'0 else if self = o then C_Equal'0 else C_Greater'0 - predicate resolve'2 [#"../../../creusot-contracts/src/resolve.rs" 19 0 19 40] (_1 : t_T1'0) + goal refines : [%#sord0] forall x : int8 . forall y : int8 . forall z : int8 . forall o : t_Ordering'0 . cmp_log'0 y z + = o + /\ cmp_log'0 x y = o + -> cmp_log'0 y z = o /\ cmp_log'0 x y = o /\ (forall result : () . cmp_log'0 x z = o -> cmp_log'0 x z = o) +end +module M_creusot_contracts__logic__ord__qyi18413678402769648790__refl__refines [#"../../../creusot-contracts/src/logic/ord.rs" 150 8 150 24] (* *) + let%span sord0 = "../../../creusot-contracts/src/logic/ord.rs" 150 8 150 24 + let%span sord1 = "../../../creusot-contracts/src/logic/ord.rs" 186 16 192 17 - predicate structural_resolve'0 [#"../../../creusot-contracts/src/resolve.rs" 27 0 27 51] (_1 : (t_T1'0, t_T2'0)) = - match _1 with - | (x0, x1) -> resolve'1 x1 /\ resolve'2 x0 - end + use prelude.prelude.Int8 - predicate inv'2 [#"../../../creusot-contracts/src/invariant.rs" 41 0 41 35] (_1 : t_T1'0) + type t_Ordering'0 = + | C_Less'0 + | C_Equal'0 + | C_Greater'0 - predicate inv'3 [#"../../../creusot-contracts/src/invariant.rs" 41 0 41 35] (_1 : t_T2'0) + use prelude.prelude.Int - predicate inv'1 [#"../../../creusot-contracts/src/invariant.rs" 41 0 41 35] (_1 : (t_T1'0, t_T2'0)) + function cmp_log'0 [#"../../../creusot-contracts/src/logic/ord.rs" 185 12 185 49] (self : int8) (o : int8) : t_Ordering'0 + + = + [%#sord1] if self < o then C_Less'0 else if self = o then C_Equal'0 else C_Greater'0 - axiom inv_axiom'1 [@rewrite] : forall x : (t_T1'0, t_T2'0) [inv'1 x] . inv'1 x - = (let (x0, x1) = x in inv'2 x0 /\ inv'3 x1) + goal refines : [%#sord0] forall x : int8 . forall result : () . cmp_log'0 x x = C_Equal'0 + -> cmp_log'0 x x = C_Equal'0 +end +module M_creusot_contracts__logic__ord__qyi18413678402769648790__antisym1__refines [#"../../../creusot-contracts/src/logic/ord.rs" 163 8 163 37] (* *) + let%span sord0 = "../../../creusot-contracts/src/logic/ord.rs" 163 8 163 37 + let%span sord1 = "../../../creusot-contracts/src/logic/ord.rs" 186 16 192 17 - predicate invariant'0 [#"../../../creusot-contracts/src/invariant.rs" 23 4 23 30] (self : (t_T1'0, t_T2'0)) = - [%#sinvariant2] inv'1 self + use prelude.prelude.Int8 - predicate inv'0 [#"../../../creusot-contracts/src/invariant.rs" 41 0 41 35] (_1 : (t_T1'0, t_T2'0)) + type t_Ordering'0 = + | C_Less'0 + | C_Equal'0 + | C_Greater'0 - axiom inv_axiom'0 [@rewrite] : forall x : (t_T1'0, t_T2'0) [inv'0 x] . inv'0 x = invariant'0 x + use prelude.prelude.Int - predicate resolve'0 [#"../../../creusot-contracts/src/resolve.rs" 39 4 39 28] (self : (t_T1'0, t_T2'0)) = - [%#sresolve1] resolve'2 (let (a, _) = self in a) /\ resolve'1 (let (_, a) = self in a) + function cmp_log'0 [#"../../../creusot-contracts/src/logic/ord.rs" 185 12 185 49] (self : int8) (o : int8) : t_Ordering'0 + + = + [%#sord1] if self < o then C_Less'0 else if self = o then C_Equal'0 else C_Greater'0 - goal refines : [%#sresolve0] forall self : (t_T1'0, t_T2'0) . structural_resolve'0 self /\ inv'0 self - -> structural_resolve'0 self /\ (forall result : () . resolve'0 self -> resolve'0 self) + goal refines : [%#sord0] forall x : int8 . forall y : int8 . cmp_log'0 x y = C_Less'0 + -> cmp_log'0 x y = C_Less'0 /\ (forall result : () . cmp_log'0 y x = C_Greater'0 -> cmp_log'0 y x = C_Greater'0) end -module M_creusot_contracts__resolve__qyi6740873903368268328__resolve_coherence__refines [#"../../../creusot-contracts/src/resolve.rs" 61 4 61 31] (* <&mut T as resolve::Resolve> *) - let%span sresolve0 = "../../../creusot-contracts/src/resolve.rs" 61 4 61 31 - let%span sresolve1 = "../../../creusot-contracts/src/resolve.rs" 54 20 54 34 - let%span sinvariant2 = "../../../creusot-contracts/src/invariant.rs" 24 8 24 18 - let%span sinvariant3 = "../../../creusot-contracts/src/invariant.rs" 34 20 34 44 +module M_creusot_contracts__logic__ord__qyi18413678402769648790__cmp_gt_log__refines [#"../../../creusot-contracts/src/logic/ord.rs" 145 8 145 39] (* *) + let%span sord0 = "../../../creusot-contracts/src/logic/ord.rs" 145 8 145 39 + let%span sord1 = "../../../creusot-contracts/src/logic/ord.rs" 186 16 192 17 - use prelude.prelude.Borrow + use prelude.prelude.Int8 - type t_T'0 + use prelude.prelude.Int - predicate structural_resolve'0 [#"../../../creusot-contracts/src/resolve.rs" 27 0 27 51] (_1 : borrowed t_T'0) = - _1.final = _1.current + type t_Ordering'0 = + | C_Less'0 + | C_Equal'0 + | C_Greater'0 - predicate inv'2 [#"../../../creusot-contracts/src/invariant.rs" 41 0 41 35] (_1 : t_T'0) + function cmp_log'0 [#"../../../creusot-contracts/src/logic/ord.rs" 185 12 185 49] (self : int8) (o : int8) : t_Ordering'0 + + = + [%#sord1] if self < o then C_Less'0 else if self = o then C_Equal'0 else C_Greater'0 - predicate invariant'1 [#"../../../creusot-contracts/src/invariant.rs" 33 4 33 30] (self : borrowed t_T'0) = - [%#sinvariant3] inv'2 self.current /\ inv'2 self.final + goal refines : [%#sord0] forall x : int8 . forall y : int8 . forall result : () . (x > y) + = (cmp_log'0 x y = C_Greater'0) -> (x > y) = (cmp_log'0 x y = C_Greater'0) +end +module M_creusot_contracts__logic__ord__qyi18413678402769648790__eq_cmp__refines [#"../../../creusot-contracts/src/logic/ord.rs" 174 8 174 35] (* *) + let%span sord0 = "../../../creusot-contracts/src/logic/ord.rs" 174 8 174 35 + let%span sord1 = "../../../creusot-contracts/src/logic/ord.rs" 186 16 192 17 - predicate inv'1 [#"../../../creusot-contracts/src/invariant.rs" 41 0 41 35] (_1 : borrowed t_T'0) + use prelude.prelude.Int8 - axiom inv_axiom'1 [@rewrite] : forall x : borrowed t_T'0 [inv'1 x] . inv'1 x = invariant'1 x + type t_Ordering'0 = + | C_Less'0 + | C_Equal'0 + | C_Greater'0 - predicate invariant'0 [#"../../../creusot-contracts/src/invariant.rs" 23 4 23 30] (self : borrowed t_T'0) = - [%#sinvariant2] inv'1 self + use prelude.prelude.Int - predicate inv'0 [#"../../../creusot-contracts/src/invariant.rs" 41 0 41 35] (_1 : borrowed t_T'0) + function cmp_log'0 [#"../../../creusot-contracts/src/logic/ord.rs" 185 12 185 49] (self : int8) (o : int8) : t_Ordering'0 + + = + [%#sord1] if self < o then C_Less'0 else if self = o then C_Equal'0 else C_Greater'0 - axiom inv_axiom'0 [@rewrite] : forall x : borrowed t_T'0 [inv'0 x] . inv'0 x = invariant'0 x + goal refines : [%#sord0] forall x : int8 . forall y : int8 . forall result : () . (x = y) + = (cmp_log'0 x y = C_Equal'0) -> (x = y) = (cmp_log'0 x y = C_Equal'0) +end +module M_creusot_contracts__logic__ord__qyi18413678402769648790__antisym2__refines [#"../../../creusot-contracts/src/logic/ord.rs" 169 8 169 37] (* *) + let%span sord0 = "../../../creusot-contracts/src/logic/ord.rs" 169 8 169 37 + let%span sord1 = "../../../creusot-contracts/src/logic/ord.rs" 186 16 192 17 - predicate resolve'0 [#"../../../creusot-contracts/src/resolve.rs" 53 4 53 28] (self : borrowed t_T'0) = - [%#sresolve1] self.final = self.current + use prelude.prelude.Int8 - goal refines : [%#sresolve0] forall self : borrowed t_T'0 . structural_resolve'0 self /\ inv'0 self - -> structural_resolve'0 self /\ (forall result : () . resolve'0 self -> resolve'0 self) -end -module M_creusot_contracts__resolve__qyi10830812895881240411__resolve_coherence__refines [#"../../../creusot-contracts/src/resolve.rs" 75 4 75 31] (* as resolve::Resolve> *) - let%span sresolve0 = "../../../creusot-contracts/src/resolve.rs" 75 4 75 31 - let%span sresolve1 = "../../../creusot-contracts/src/resolve.rs" 68 8 68 23 - let%span sinvariant2 = "../../../creusot-contracts/src/invariant.rs" 24 8 24 18 - let%span sboxed3 = "../../../creusot-contracts/src/std/boxed.rs" 28 8 28 18 - - use prelude.prelude.Borrow - - type t_T'0 - - predicate resolve'1 [#"../../../creusot-contracts/src/resolve.rs" 19 0 19 40] (_1 : t_T'0) - - predicate structural_resolve'0 [#"../../../creusot-contracts/src/resolve.rs" 27 0 27 51] (_1 : t_T'0) = - resolve'1 _1 - - predicate inv'2 [#"../../../creusot-contracts/src/invariant.rs" 41 0 41 35] (_1 : t_T'0) + type t_Ordering'0 = + | C_Less'0 + | C_Equal'0 + | C_Greater'0 - predicate invariant'1 [#"../../../creusot-contracts/src/std/boxed.rs" 27 4 27 30] (self : t_T'0) = - [%#sboxed3] inv'2 self + use prelude.prelude.Int - predicate inv'1 [#"../../../creusot-contracts/src/invariant.rs" 41 0 41 35] (_1 : t_T'0) + function cmp_log'0 [#"../../../creusot-contracts/src/logic/ord.rs" 185 12 185 49] (self : int8) (o : int8) : t_Ordering'0 + + = + [%#sord1] if self < o then C_Less'0 else if self = o then C_Equal'0 else C_Greater'0 - axiom inv_axiom'1 [@rewrite] : forall x : t_T'0 [inv'1 x] . inv'1 x = invariant'1 x + goal refines : [%#sord0] forall x : int8 . forall y : int8 . cmp_log'0 x y = C_Greater'0 + -> cmp_log'0 x y = C_Greater'0 /\ (forall result : () . cmp_log'0 y x = C_Less'0 -> cmp_log'0 y x = C_Less'0) +end +module M_creusot_contracts__logic__ord__qyi18413678402769648790__cmp_le_log__refines [#"../../../creusot-contracts/src/logic/ord.rs" 130 8 130 39] (* *) + let%span sord0 = "../../../creusot-contracts/src/logic/ord.rs" 130 8 130 39 + let%span sord1 = "../../../creusot-contracts/src/logic/ord.rs" 186 16 192 17 - predicate invariant'0 [#"../../../creusot-contracts/src/invariant.rs" 23 4 23 30] (self : t_T'0) = - [%#sinvariant2] inv'1 self + use prelude.prelude.Int8 - predicate inv'0 [#"../../../creusot-contracts/src/invariant.rs" 41 0 41 35] (_1 : t_T'0) + use prelude.prelude.Int - axiom inv_axiom'0 [@rewrite] : forall x : t_T'0 [inv'0 x] . inv'0 x = invariant'0 x + type t_Ordering'0 = + | C_Less'0 + | C_Equal'0 + | C_Greater'0 - predicate resolve'0 [#"../../../creusot-contracts/src/resolve.rs" 67 4 67 28] (self : t_T'0) = - [%#sresolve1] resolve'1 self + function cmp_log'0 [#"../../../creusot-contracts/src/logic/ord.rs" 185 12 185 49] (self : int8) (o : int8) : t_Ordering'0 + + = + [%#sord1] if self < o then C_Less'0 else if self = o then C_Equal'0 else C_Greater'0 - goal refines : [%#sresolve0] forall self : t_T'0 . structural_resolve'0 self /\ inv'0 self - -> structural_resolve'0 self /\ (forall result : () . resolve'0 self -> resolve'0 self) + goal refines : [%#sord0] forall x : int8 . forall y : int8 . forall result : () . (x <= y) + = (cmp_log'0 x y <> C_Greater'0) -> (x <= y) = (cmp_log'0 x y <> C_Greater'0) end -module M_creusot_contracts__resolve__qyi12875730110607858017__resolve_coherence__refines [#"../../../creusot-contracts/src/resolve.rs" 92 4 92 31] (* as resolve::Resolve> *) - let%span sresolve0 = "../../../creusot-contracts/src/resolve.rs" 92 4 92 31 - let%span sresolve1 = "../../../creusot-contracts/src/resolve.rs" 82 8 85 9 - let%span sinvariant2 = "../../../creusot-contracts/src/invariant.rs" 24 8 24 18 - - use prelude.prelude.Borrow - - type t_T'0 - - type t_Option'0 = - | C_None'0 - | C_Some'0 t_T'0 +module M_creusot_contracts__logic__ord__qyi8040194823849327911__cmp_ge_log__refines [#"../../../creusot-contracts/src/logic/ord.rs" 140 8 140 39] (* *) + let%span sord0 = "../../../creusot-contracts/src/logic/ord.rs" 140 8 140 39 + let%span sord1 = "../../../creusot-contracts/src/logic/ord.rs" 186 16 192 17 - predicate resolve'1 [#"../../../creusot-contracts/src/resolve.rs" 19 0 19 40] (_1 : t_T'0) + use prelude.prelude.Int16 - predicate structural_resolve'0 [#"../../../creusot-contracts/src/resolve.rs" 27 0 27 51] (_1 : t_Option'0) = - match _1 with - | C_None'0 -> true - | C_Some'0 x0 -> resolve'1 x0 - end + use prelude.prelude.Int - predicate inv'2 [#"../../../creusot-contracts/src/invariant.rs" 41 0 41 35] (_1 : t_T'0) + type t_Ordering'0 = + | C_Less'0 + | C_Equal'0 + | C_Greater'0 - predicate inv'1 [#"../../../creusot-contracts/src/invariant.rs" 41 0 41 35] (_1 : t_Option'0) + function cmp_log'0 [#"../../../creusot-contracts/src/logic/ord.rs" 185 12 185 49] (self : int16) (o : int16) : t_Ordering'0 + + = + [%#sord1] if self < o then C_Less'0 else if self = o then C_Equal'0 else C_Greater'0 - axiom inv_axiom'1 [@rewrite] : forall x : t_Option'0 [inv'1 x] . inv'1 x - = match x with - | C_None'0 -> true - | C_Some'0 a_0 -> inv'2 a_0 - end + goal refines : [%#sord0] forall x : int16 . forall y : int16 . forall result : () . (x >= y) + = (cmp_log'0 x y <> C_Less'0) -> (x >= y) = (cmp_log'0 x y <> C_Less'0) +end +module M_creusot_contracts__logic__ord__qyi8040194823849327911__trans__refines [#"../../../creusot-contracts/src/logic/ord.rs" 157 8 157 56] (* *) + let%span sord0 = "../../../creusot-contracts/src/logic/ord.rs" 157 8 157 56 + let%span sord1 = "../../../creusot-contracts/src/logic/ord.rs" 186 16 192 17 - predicate invariant'0 [#"../../../creusot-contracts/src/invariant.rs" 23 4 23 30] (self : t_Option'0) = - [%#sinvariant2] inv'1 self + use prelude.prelude.Int16 - predicate inv'0 [#"../../../creusot-contracts/src/invariant.rs" 41 0 41 35] (_1 : t_Option'0) + type t_Ordering'0 = + | C_Less'0 + | C_Equal'0 + | C_Greater'0 - axiom inv_axiom'0 [@rewrite] : forall x : t_Option'0 [inv'0 x] . inv'0 x = invariant'0 x + use prelude.prelude.Int - predicate resolve'0 [#"../../../creusot-contracts/src/resolve.rs" 81 4 81 28] (self : t_Option'0) = - [%#sresolve1] match self with - | C_Some'0 x -> resolve'1 x - | C_None'0 -> true - end + function cmp_log'0 [#"../../../creusot-contracts/src/logic/ord.rs" 185 12 185 49] (self : int16) (o : int16) : t_Ordering'0 + + = + [%#sord1] if self < o then C_Less'0 else if self = o then C_Equal'0 else C_Greater'0 - goal refines : [%#sresolve0] forall self : t_Option'0 . structural_resolve'0 self /\ inv'0 self - -> structural_resolve'0 self /\ (forall result : () . resolve'0 self -> resolve'0 self) + goal refines : [%#sord0] forall x : int16 . forall y : int16 . forall z : int16 . forall o : t_Ordering'0 . cmp_log'0 y z + = o + /\ cmp_log'0 x y = o + -> cmp_log'0 y z = o /\ cmp_log'0 x y = o /\ (forall result : () . cmp_log'0 x z = o -> cmp_log'0 x z = o) end -module M_creusot_contracts__stdqy35z1__deque__qyi3159098507555769709__produces_refl__refines [#"../../../creusot-contracts/src/std/deque.rs" 178 4 178 26] (* as std::iter::Iterator> *) - let%span sdeque0 = "../../../creusot-contracts/src/std/deque.rs" 178 4 178 26 - let%span sdeque1 = "../../../creusot-contracts/src/std/deque.rs" 171 12 171 66 - let%span sslice2 = "../../../creusot-contracts/src/std/slice.rs" 96 14 96 41 - let%span sslice3 = "../../../creusot-contracts/src/std/slice.rs" 97 14 97 80 - let%span smodel4 = "../../../creusot-contracts/src/model.rs" 92 8 92 22 - let%span sindex5 = "../../../creusot-contracts/src/logic/ops/index.rs" 49 8 49 31 - let%span sslice6 = "../../../creusot-contracts/src/std/slice.rs" 28 14 28 41 - let%span sslice7 = "../../../creusot-contracts/src/std/slice.rs" 29 14 29 42 +module M_creusot_contracts__logic__ord__qyi8040194823849327911__cmp_le_log__refines [#"../../../creusot-contracts/src/logic/ord.rs" 130 8 130 39] (* *) + let%span sord0 = "../../../creusot-contracts/src/logic/ord.rs" 130 8 130 39 + let%span sord1 = "../../../creusot-contracts/src/logic/ord.rs" 186 16 192 17 - use prelude.prelude.Opaque + use prelude.prelude.Int16 - type t_NonNull'0 = - { t_NonNull__pointer'0: opaque_ptr } + use prelude.prelude.Int - type t_Iter'1 = - { t_Iter__ptr'0: t_NonNull'0; t_Iter__end_or_len'0: opaque_ptr; t_Iter__qy95zmarker'0: () } + type t_Ordering'0 = + | C_Less'0 + | C_Equal'0 + | C_Greater'0 - type t_Iter'0 = - { t_Iter__i1'0: t_Iter'1; t_Iter__i2'0: t_Iter'1 } + function cmp_log'0 [#"../../../creusot-contracts/src/logic/ord.rs" 185 12 185 49] (self : int16) (o : int16) : t_Ordering'0 + + = + [%#sord1] if self < o then C_Less'0 else if self = o then C_Equal'0 else C_Greater'0 - use seq.Seq + goal refines : [%#sord0] forall x : int16 . forall y : int16 . forall result : () . (x <= y) + = (cmp_log'0 x y <> C_Greater'0) -> (x <= y) = (cmp_log'0 x y <> C_Greater'0) +end +module M_creusot_contracts__logic__ord__qyi8040194823849327911__refl__refines [#"../../../creusot-contracts/src/logic/ord.rs" 150 8 150 24] (* *) + let%span sord0 = "../../../creusot-contracts/src/logic/ord.rs" 150 8 150 24 + let%span sord1 = "../../../creusot-contracts/src/logic/ord.rs" 186 16 192 17 - use prelude.prelude.Borrow + use prelude.prelude.Int16 - type t_T'0 + type t_Ordering'0 = + | C_Less'0 + | C_Equal'0 + | C_Greater'0 - use seq.Seq + use prelude.prelude.Int - use prelude.prelude.Slice + function cmp_log'0 [#"../../../creusot-contracts/src/logic/ord.rs" 185 12 185 49] (self : int16) (o : int16) : t_Ordering'0 + + = + [%#sord1] if self < o then C_Less'0 else if self = o then C_Equal'0 else C_Greater'0 - function view'0 [#"../../../creusot-contracts/src/std/deque.rs" 155 4 155 33] (self : t_Iter'0) : slice t_T'0 + goal refines : [%#sord0] forall x : int16 . forall result : () . cmp_log'0 x x = C_Equal'0 + -> cmp_log'0 x x = C_Equal'0 +end +module M_creusot_contracts__logic__ord__qyi8040194823849327911__eq_cmp__refines [#"../../../creusot-contracts/src/logic/ord.rs" 174 8 174 35] (* *) + let%span sord0 = "../../../creusot-contracts/src/logic/ord.rs" 174 8 174 35 + let%span sord1 = "../../../creusot-contracts/src/logic/ord.rs" 186 16 192 17 - use seq.Seq + use prelude.prelude.Int16 - use seq.Seq + type t_Ordering'0 = + | C_Less'0 + | C_Equal'0 + | C_Greater'0 - use seq.Seq + use prelude.prelude.Int - use prelude.prelude.UIntSize + function cmp_log'0 [#"../../../creusot-contracts/src/logic/ord.rs" 185 12 185 49] (self : int16) (o : int16) : t_Ordering'0 + + = + [%#sord1] if self < o then C_Less'0 else if self = o then C_Equal'0 else C_Greater'0 - constant v_MAX'0 : usize = (18446744073709551615 : usize) + goal refines : [%#sord0] forall x : int16 . forall y : int16 . forall result : () . (x = y) + = (cmp_log'0 x y = C_Equal'0) -> (x = y) = (cmp_log'0 x y = C_Equal'0) +end +module M_creusot_contracts__logic__ord__qyi8040194823849327911__cmp_lt_log__refines [#"../../../creusot-contracts/src/logic/ord.rs" 135 8 135 39] (* *) + let%span sord0 = "../../../creusot-contracts/src/logic/ord.rs" 135 8 135 39 + let%span sord1 = "../../../creusot-contracts/src/logic/ord.rs" 186 16 192 17 - use prelude.prelude.UIntSize + use prelude.prelude.Int16 use prelude.prelude.Int - use prelude.prelude.Slice + type t_Ordering'0 = + | C_Less'0 + | C_Equal'0 + | C_Greater'0 - function view'2 [#"../../../creusot-contracts/src/std/slice.rs" 30 4 30 33] (self : slice t_T'0) : Seq.seq t_T'0 + function cmp_log'0 [#"../../../creusot-contracts/src/logic/ord.rs" 185 12 185 49] (self : int16) (o : int16) : t_Ordering'0 + + = + [%#sord1] if self < o then C_Less'0 else if self = o then C_Equal'0 else C_Greater'0 - axiom view'2_spec : forall self : slice t_T'0 . ([%#sslice6] Seq.length (view'2 self) - <= UIntSize.to_int (v_MAX'0 : usize)) - && ([%#sslice7] view'2 self = Slice.id self) + goal refines : [%#sord0] forall x : int16 . forall y : int16 . forall result : () . (x < y) + = (cmp_log'0 x y = C_Less'0) -> (x < y) = (cmp_log'0 x y = C_Less'0) +end +module M_creusot_contracts__logic__ord__qyi8040194823849327911__antisym2__refines [#"../../../creusot-contracts/src/logic/ord.rs" 169 8 169 37] (* *) + let%span sord0 = "../../../creusot-contracts/src/logic/ord.rs" 169 8 169 37 + let%span sord1 = "../../../creusot-contracts/src/logic/ord.rs" 186 16 192 17 - function view'1 [#"../../../creusot-contracts/src/model.rs" 91 4 91 33] (self : slice t_T'0) : Seq.seq t_T'0 = - [%#smodel4] view'2 self + use prelude.prelude.Int16 - use seq.Seq + type t_Ordering'0 = + | C_Less'0 + | C_Equal'0 + | C_Greater'0 - use seq.Seq + use prelude.prelude.Int - function index_logic'0 [@inline:trivial] [#"../../../creusot-contracts/src/logic/ops/index.rs" 48 4 48 47] (self : slice t_T'0) (ix : int) : t_T'0 + function cmp_log'0 [#"../../../creusot-contracts/src/logic/ord.rs" 185 12 185 49] (self : int16) (o : int16) : t_Ordering'0 = - [%#sindex5] Seq.get (view'2 self) ix + [%#sord1] if self < o then C_Less'0 else if self = o then C_Equal'0 else C_Greater'0 - function to_ref_seq'0 [#"../../../creusot-contracts/src/std/slice.rs" 98 4 98 35] (self : slice t_T'0) : Seq.seq t_T'0 + goal refines : [%#sord0] forall x : int16 . forall y : int16 . cmp_log'0 x y = C_Greater'0 + -> cmp_log'0 x y = C_Greater'0 /\ (forall result : () . cmp_log'0 y x = C_Less'0 -> cmp_log'0 y x = C_Less'0) +end +module M_creusot_contracts__logic__ord__qyi8040194823849327911__cmp_gt_log__refines [#"../../../creusot-contracts/src/logic/ord.rs" 145 8 145 39] (* *) + let%span sord0 = "../../../creusot-contracts/src/logic/ord.rs" 145 8 145 39 + let%span sord1 = "../../../creusot-contracts/src/logic/ord.rs" 186 16 192 17 - axiom to_ref_seq'0_spec : forall self : slice t_T'0 . ([%#sslice2] Seq.length (to_ref_seq'0 self) - = Seq.length (view'1 self)) - && ([%#sslice3] forall i : int . 0 <= i /\ i < Seq.length (to_ref_seq'0 self) - -> Seq.get (to_ref_seq'0 self) i = index_logic'0 self i) + use prelude.prelude.Int16 - use seq.Seq + use prelude.prelude.Int - predicate produces'0 [#"../../../creusot-contracts/src/std/deque.rs" 169 4 169 65] (self : t_Iter'0) (visited : Seq.seq t_T'0) (tl : t_Iter'0) + type t_Ordering'0 = + | C_Less'0 + | C_Equal'0 + | C_Greater'0 + + function cmp_log'0 [#"../../../creusot-contracts/src/logic/ord.rs" 185 12 185 49] (self : int16) (o : int16) : t_Ordering'0 = - [%#sdeque1] to_ref_seq'0 (view'0 self) = Seq.(++) visited (to_ref_seq'0 (view'0 tl)) + [%#sord1] if self < o then C_Less'0 else if self = o then C_Equal'0 else C_Greater'0 - goal refines : [%#sdeque0] forall self : t_Iter'0 . forall result : () . produces'0 self (Seq.empty : Seq.seq t_T'0) self - -> produces'0 self (Seq.empty : Seq.seq t_T'0) self + goal refines : [%#sord0] forall x : int16 . forall y : int16 . forall result : () . (x > y) + = (cmp_log'0 x y = C_Greater'0) -> (x > y) = (cmp_log'0 x y = C_Greater'0) end -module M_creusot_contracts__stdqy35z1__deque__qyi3159098507555769709__produces_trans__refines [#"../../../creusot-contracts/src/std/deque.rs" 185 4 185 90] (* as std::iter::Iterator> *) - let%span sdeque0 = "../../../creusot-contracts/src/std/deque.rs" 185 4 185 90 - let%span sdeque1 = "../../../creusot-contracts/src/std/deque.rs" 171 12 171 66 - let%span sslice2 = "../../../creusot-contracts/src/std/slice.rs" 96 14 96 41 - let%span sslice3 = "../../../creusot-contracts/src/std/slice.rs" 97 14 97 80 - let%span smodel4 = "../../../creusot-contracts/src/model.rs" 92 8 92 22 - let%span sindex5 = "../../../creusot-contracts/src/logic/ops/index.rs" 49 8 49 31 - let%span sslice6 = "../../../creusot-contracts/src/std/slice.rs" 28 14 28 41 - let%span sslice7 = "../../../creusot-contracts/src/std/slice.rs" 29 14 29 42 - - use prelude.prelude.Opaque - - type t_NonNull'0 = - { t_NonNull__pointer'0: opaque_ptr } - - type t_Iter'1 = - { t_Iter__ptr'0: t_NonNull'0; t_Iter__end_or_len'0: opaque_ptr; t_Iter__qy95zmarker'0: () } +module M_creusot_contracts__logic__ord__qyi8040194823849327911__antisym1__refines [#"../../../creusot-contracts/src/logic/ord.rs" 163 8 163 37] (* *) + let%span sord0 = "../../../creusot-contracts/src/logic/ord.rs" 163 8 163 37 + let%span sord1 = "../../../creusot-contracts/src/logic/ord.rs" 186 16 192 17 - type t_Iter'0 = - { t_Iter__i1'0: t_Iter'1; t_Iter__i2'0: t_Iter'1 } + use prelude.prelude.Int16 - use prelude.prelude.Borrow + type t_Ordering'0 = + | C_Less'0 + | C_Equal'0 + | C_Greater'0 - type t_T'0 + use prelude.prelude.Int - use seq.Seq + function cmp_log'0 [#"../../../creusot-contracts/src/logic/ord.rs" 185 12 185 49] (self : int16) (o : int16) : t_Ordering'0 + + = + [%#sord1] if self < o then C_Less'0 else if self = o then C_Equal'0 else C_Greater'0 - use prelude.prelude.Slice + goal refines : [%#sord0] forall x : int16 . forall y : int16 . cmp_log'0 x y = C_Less'0 + -> cmp_log'0 x y = C_Less'0 /\ (forall result : () . cmp_log'0 y x = C_Greater'0 -> cmp_log'0 y x = C_Greater'0) +end +module M_creusot_contracts__logic__ord__qyi211457485035727011__cmp_le_log__refines [#"../../../creusot-contracts/src/logic/ord.rs" 130 8 130 39] (* *) + let%span sord0 = "../../../creusot-contracts/src/logic/ord.rs" 130 8 130 39 + let%span sord1 = "../../../creusot-contracts/src/logic/ord.rs" 186 16 192 17 - function view'0 [#"../../../creusot-contracts/src/std/deque.rs" 155 4 155 33] (self : t_Iter'0) : slice t_T'0 + use prelude.prelude.Int32 - use seq.Seq + use prelude.prelude.Int - use seq.Seq + type t_Ordering'0 = + | C_Less'0 + | C_Equal'0 + | C_Greater'0 - use seq.Seq + function cmp_log'0 [#"../../../creusot-contracts/src/logic/ord.rs" 185 12 185 49] (self : int32) (o : int32) : t_Ordering'0 + + = + [%#sord1] if self < o then C_Less'0 else if self = o then C_Equal'0 else C_Greater'0 - use prelude.prelude.UIntSize + goal refines : [%#sord0] forall x : int32 . forall y : int32 . forall result : () . (x <= y) + = (cmp_log'0 x y <> C_Greater'0) -> (x <= y) = (cmp_log'0 x y <> C_Greater'0) +end +module M_creusot_contracts__logic__ord__qyi211457485035727011__trans__refines [#"../../../creusot-contracts/src/logic/ord.rs" 157 8 157 56] (* *) + let%span sord0 = "../../../creusot-contracts/src/logic/ord.rs" 157 8 157 56 + let%span sord1 = "../../../creusot-contracts/src/logic/ord.rs" 186 16 192 17 - constant v_MAX'0 : usize = (18446744073709551615 : usize) + use prelude.prelude.Int32 - use prelude.prelude.UIntSize + type t_Ordering'0 = + | C_Less'0 + | C_Equal'0 + | C_Greater'0 use prelude.prelude.Int - use prelude.prelude.Slice - - function view'2 [#"../../../creusot-contracts/src/std/slice.rs" 30 4 30 33] (self : slice t_T'0) : Seq.seq t_T'0 + function cmp_log'0 [#"../../../creusot-contracts/src/logic/ord.rs" 185 12 185 49] (self : int32) (o : int32) : t_Ordering'0 + + = + [%#sord1] if self < o then C_Less'0 else if self = o then C_Equal'0 else C_Greater'0 - axiom view'2_spec : forall self : slice t_T'0 . ([%#sslice6] Seq.length (view'2 self) - <= UIntSize.to_int (v_MAX'0 : usize)) - && ([%#sslice7] view'2 self = Slice.id self) + goal refines : [%#sord0] forall x : int32 . forall y : int32 . forall z : int32 . forall o : t_Ordering'0 . cmp_log'0 y z + = o + /\ cmp_log'0 x y = o + -> cmp_log'0 y z = o /\ cmp_log'0 x y = o /\ (forall result : () . cmp_log'0 x z = o -> cmp_log'0 x z = o) +end +module M_creusot_contracts__logic__ord__qyi211457485035727011__cmp_gt_log__refines [#"../../../creusot-contracts/src/logic/ord.rs" 145 8 145 39] (* *) + let%span sord0 = "../../../creusot-contracts/src/logic/ord.rs" 145 8 145 39 + let%span sord1 = "../../../creusot-contracts/src/logic/ord.rs" 186 16 192 17 - function view'1 [#"../../../creusot-contracts/src/model.rs" 91 4 91 33] (self : slice t_T'0) : Seq.seq t_T'0 = - [%#smodel4] view'2 self + use prelude.prelude.Int32 - use seq.Seq + use prelude.prelude.Int - use seq.Seq + type t_Ordering'0 = + | C_Less'0 + | C_Equal'0 + | C_Greater'0 - function index_logic'0 [@inline:trivial] [#"../../../creusot-contracts/src/logic/ops/index.rs" 48 4 48 47] (self : slice t_T'0) (ix : int) : t_T'0 + function cmp_log'0 [#"../../../creusot-contracts/src/logic/ord.rs" 185 12 185 49] (self : int32) (o : int32) : t_Ordering'0 = - [%#sindex5] Seq.get (view'2 self) ix + [%#sord1] if self < o then C_Less'0 else if self = o then C_Equal'0 else C_Greater'0 - function to_ref_seq'0 [#"../../../creusot-contracts/src/std/slice.rs" 98 4 98 35] (self : slice t_T'0) : Seq.seq t_T'0 + goal refines : [%#sord0] forall x : int32 . forall y : int32 . forall result : () . (x > y) + = (cmp_log'0 x y = C_Greater'0) -> (x > y) = (cmp_log'0 x y = C_Greater'0) +end +module M_creusot_contracts__logic__ord__qyi211457485035727011__cmp_lt_log__refines [#"../../../creusot-contracts/src/logic/ord.rs" 135 8 135 39] (* *) + let%span sord0 = "../../../creusot-contracts/src/logic/ord.rs" 135 8 135 39 + let%span sord1 = "../../../creusot-contracts/src/logic/ord.rs" 186 16 192 17 - axiom to_ref_seq'0_spec : forall self : slice t_T'0 . ([%#sslice2] Seq.length (to_ref_seq'0 self) - = Seq.length (view'1 self)) - && ([%#sslice3] forall i : int . 0 <= i /\ i < Seq.length (to_ref_seq'0 self) - -> Seq.get (to_ref_seq'0 self) i = index_logic'0 self i) + use prelude.prelude.Int32 - use seq.Seq + use prelude.prelude.Int - predicate produces'0 [#"../../../creusot-contracts/src/std/deque.rs" 169 4 169 65] (self : t_Iter'0) (visited : Seq.seq t_T'0) (tl : t_Iter'0) + type t_Ordering'0 = + | C_Less'0 + | C_Equal'0 + | C_Greater'0 + + function cmp_log'0 [#"../../../creusot-contracts/src/logic/ord.rs" 185 12 185 49] (self : int32) (o : int32) : t_Ordering'0 = - [%#sdeque1] to_ref_seq'0 (view'0 self) = Seq.(++) visited (to_ref_seq'0 (view'0 tl)) + [%#sord1] if self < o then C_Less'0 else if self = o then C_Equal'0 else C_Greater'0 - goal refines : [%#sdeque0] forall a : t_Iter'0 . forall ab : Seq.seq t_T'0 . forall b : t_Iter'0 . forall bc : Seq.seq t_T'0 . forall c : t_Iter'0 . produces'0 b bc c - /\ produces'0 a ab b - -> produces'0 b bc c - /\ produces'0 a ab b /\ (forall result : () . produces'0 a (Seq.(++) ab bc) c -> produces'0 a (Seq.(++) ab bc) c) + goal refines : [%#sord0] forall x : int32 . forall y : int32 . forall result : () . (x < y) + = (cmp_log'0 x y = C_Less'0) -> (x < y) = (cmp_log'0 x y = C_Less'0) end -module M_creusot_contracts__stdqy35z1__iter__cloned__qyi10472681371035856984__produces_trans__refines [#"../../../creusot-contracts/src/std/iter/cloned.rs" 65 4 65 90] (* as std::iter::Iterator> *) - let%span scloned0 = "../../../creusot-contracts/src/std/iter/cloned.rs" 65 4 65 90 - let%span scloned1 = "../../../creusot-contracts/src/std/iter/cloned.rs" 48 12 51 79 - let%span scloned2 = "../../../creusot-contracts/src/std/iter/cloned.rs" 11 14 11 39 - let%span siter3 = "../../../creusot-contracts/src/std/iter.rs" 38 14 38 45 - let%span siter4 = "../../../creusot-contracts/src/std/iter.rs" 42 15 42 32 - let%span siter5 = "../../../creusot-contracts/src/std/iter.rs" 43 15 43 32 - let%span siter6 = "../../../creusot-contracts/src/std/iter.rs" 44 14 44 42 +module M_creusot_contracts__logic__ord__qyi211457485035727011__cmp_ge_log__refines [#"../../../creusot-contracts/src/logic/ord.rs" 140 8 140 39] (* *) + let%span sord0 = "../../../creusot-contracts/src/logic/ord.rs" 140 8 140 39 + let%span sord1 = "../../../creusot-contracts/src/logic/ord.rs" 186 16 192 17 - type t_I'0 + use prelude.prelude.Int32 - type t_Cloned'0 = - { t_Cloned__it'0: t_I'0 } + use prelude.prelude.Int - type t_T'0 + type t_Ordering'0 = + | C_Less'0 + | C_Equal'0 + | C_Greater'0 - use seq.Seq + function cmp_log'0 [#"../../../creusot-contracts/src/logic/ord.rs" 185 12 185 49] (self : int32) (o : int32) : t_Ordering'0 + + = + [%#sord1] if self < o then C_Less'0 else if self = o then C_Equal'0 else C_Greater'0 - use prelude.prelude.Borrow + goal refines : [%#sord0] forall x : int32 . forall y : int32 . forall result : () . (x >= y) + = (cmp_log'0 x y <> C_Less'0) -> (x >= y) = (cmp_log'0 x y <> C_Less'0) +end +module M_creusot_contracts__logic__ord__qyi211457485035727011__antisym1__refines [#"../../../creusot-contracts/src/logic/ord.rs" 163 8 163 37] (* *) + let%span sord0 = "../../../creusot-contracts/src/logic/ord.rs" 163 8 163 37 + let%span sord1 = "../../../creusot-contracts/src/logic/ord.rs" 186 16 192 17 - use seq.Seq + use prelude.prelude.Int32 - predicate inv'1 [#"../../../creusot-contracts/src/invariant.rs" 41 0 41 35] (_1 : t_I'0) + type t_Ordering'0 = + | C_Less'0 + | C_Equal'0 + | C_Greater'0 - predicate inv'0 [#"../../../creusot-contracts/src/invariant.rs" 41 0 41 35] (_1 : t_Cloned'0) + use prelude.prelude.Int - axiom inv_axiom'0 [@rewrite] : forall x : t_Cloned'0 [inv'0 x] . inv'0 x - = match x with - | {t_Cloned__it'0 = it} -> inv'1 it - end + function cmp_log'0 [#"../../../creusot-contracts/src/logic/ord.rs" 185 12 185 49] (self : int32) (o : int32) : t_Ordering'0 + + = + [%#sord1] if self < o then C_Less'0 else if self = o then C_Equal'0 else C_Greater'0 - function iter'0 [#"../../../creusot-contracts/src/std/iter/cloned.rs" 12 4 12 22] (self : t_Cloned'0) : t_I'0 + goal refines : [%#sord0] forall x : int32 . forall y : int32 . cmp_log'0 x y = C_Less'0 + -> cmp_log'0 x y = C_Less'0 /\ (forall result : () . cmp_log'0 y x = C_Greater'0 -> cmp_log'0 y x = C_Greater'0) +end +module M_creusot_contracts__logic__ord__qyi211457485035727011__antisym2__refines [#"../../../creusot-contracts/src/logic/ord.rs" 169 8 169 37] (* *) + let%span sord0 = "../../../creusot-contracts/src/logic/ord.rs" 169 8 169 37 + let%span sord1 = "../../../creusot-contracts/src/logic/ord.rs" 186 16 192 17 - axiom iter'0_spec : forall self : t_Cloned'0 . [%#scloned2] inv'0 self -> inv'1 (iter'0 self) + use prelude.prelude.Int32 - use seq.Seq + type t_Ordering'0 = + | C_Less'0 + | C_Equal'0 + | C_Greater'0 - use seq.Seq + use prelude.prelude.Int - predicate produces'1 [#"../../../creusot-contracts/src/std/iter.rs" 32 4 32 65] (self : t_I'0) (visited : Seq.seq t_T'0) (o : t_I'0) + function cmp_log'0 [#"../../../creusot-contracts/src/logic/ord.rs" 185 12 185 49] (self : int32) (o : int32) : t_Ordering'0 + = + [%#sord1] if self < o then C_Less'0 else if self = o then C_Equal'0 else C_Greater'0 - function produces_trans'1 [#"../../../creusot-contracts/src/std/iter.rs" 45 4 45 91] (a : t_I'0) (ab : Seq.seq t_T'0) (b : t_I'0) (bc : Seq.seq t_T'0) (c : t_I'0) : () - + goal refines : [%#sord0] forall x : int32 . forall y : int32 . cmp_log'0 x y = C_Greater'0 + -> cmp_log'0 x y = C_Greater'0 /\ (forall result : () . cmp_log'0 y x = C_Less'0 -> cmp_log'0 y x = C_Less'0) +end +module M_creusot_contracts__logic__ord__qyi211457485035727011__refl__refines [#"../../../creusot-contracts/src/logic/ord.rs" 150 8 150 24] (* *) + let%span sord0 = "../../../creusot-contracts/src/logic/ord.rs" 150 8 150 24 + let%span sord1 = "../../../creusot-contracts/src/logic/ord.rs" 186 16 192 17 - axiom produces_trans'1_spec : forall a : t_I'0, ab : Seq.seq t_T'0, b : t_I'0, bc : Seq.seq t_T'0, c : t_I'0 . ([%#siter4] produces'1 a ab b) - -> ([%#siter5] produces'1 b bc c) -> ([%#siter6] produces'1 a (Seq.(++) ab bc) c) + use prelude.prelude.Int32 - function produces_refl'0 [#"../../../creusot-contracts/src/std/iter.rs" 39 4 39 27] (self : t_I'0) : () + type t_Ordering'0 = + | C_Less'0 + | C_Equal'0 + | C_Greater'0 - axiom produces_refl'0_spec : forall self : t_I'0 . [%#siter3] produces'1 self (Seq.empty : Seq.seq t_T'0) self + use prelude.prelude.Int - use seq.Seq + function cmp_log'0 [#"../../../creusot-contracts/src/logic/ord.rs" 185 12 185 49] (self : int32) (o : int32) : t_Ordering'0 + + = + [%#sord1] if self < o then C_Less'0 else if self = o then C_Equal'0 else C_Greater'0 - use seq.Seq + goal refines : [%#sord0] forall x : int32 . forall result : () . cmp_log'0 x x = C_Equal'0 + -> cmp_log'0 x x = C_Equal'0 +end +module M_creusot_contracts__logic__ord__qyi211457485035727011__eq_cmp__refines [#"../../../creusot-contracts/src/logic/ord.rs" 174 8 174 35] (* *) + let%span sord0 = "../../../creusot-contracts/src/logic/ord.rs" 174 8 174 35 + let%span sord1 = "../../../creusot-contracts/src/logic/ord.rs" 186 16 192 17 - use prelude.prelude.Int + use prelude.prelude.Int32 - use seq.Seq + type t_Ordering'0 = + | C_Less'0 + | C_Equal'0 + | C_Greater'0 - use seq.Seq + use prelude.prelude.Int - predicate produces'0 [#"../../../creusot-contracts/src/std/iter/cloned.rs" 46 4 46 64] (self : t_Cloned'0) (visited : Seq.seq t_T'0) (o : t_Cloned'0) + function cmp_log'0 [#"../../../creusot-contracts/src/logic/ord.rs" 185 12 185 49] (self : int32) (o : int32) : t_Ordering'0 = - [%#scloned1] exists s : Seq.seq t_T'0 . produces'1 (iter'0 self) s (iter'0 o) - /\ Seq.length visited = Seq.length s - /\ (forall i : int . 0 <= i /\ i < Seq.length s -> Seq.get visited i = Seq.get s i) - - use seq.Seq + [%#sord1] if self < o then C_Less'0 else if self = o then C_Equal'0 else C_Greater'0 - goal refines : [%#scloned0] forall a : t_Cloned'0 . forall ab : Seq.seq t_T'0 . forall b : t_Cloned'0 . forall bc : Seq.seq t_T'0 . forall c : t_Cloned'0 . produces'0 b bc c - /\ produces'0 a ab b - -> produces'0 b bc c - /\ produces'0 a ab b /\ (forall result : () . produces'0 a (Seq.(++) ab bc) c -> produces'0 a (Seq.(++) ab bc) c) + goal refines : [%#sord0] forall x : int32 . forall y : int32 . forall result : () . (x = y) + = (cmp_log'0 x y = C_Equal'0) -> (x = y) = (cmp_log'0 x y = C_Equal'0) end -module M_creusot_contracts__stdqy35z1__iter__cloned__qyi10472681371035856984__produces_refl__refines [#"../../../creusot-contracts/src/std/iter/cloned.rs" 58 4 58 26] (* as std::iter::Iterator> *) - let%span scloned0 = "../../../creusot-contracts/src/std/iter/cloned.rs" 58 4 58 26 - let%span scloned1 = "../../../creusot-contracts/src/std/iter/cloned.rs" 48 12 51 79 - let%span scloned2 = "../../../creusot-contracts/src/std/iter/cloned.rs" 11 14 11 39 - let%span siter3 = "../../../creusot-contracts/src/std/iter.rs" 38 14 38 45 - let%span siter4 = "../../../creusot-contracts/src/std/iter.rs" 42 15 42 32 - let%span siter5 = "../../../creusot-contracts/src/std/iter.rs" 43 15 43 32 - let%span siter6 = "../../../creusot-contracts/src/std/iter.rs" 44 14 44 42 - - type t_I'0 - - type t_Cloned'0 = - { t_Cloned__it'0: t_I'0 } +module M_creusot_contracts__logic__ord__qyi2565746305859701215__refl__refines [#"../../../creusot-contracts/src/logic/ord.rs" 150 8 150 24] (* *) + let%span sord0 = "../../../creusot-contracts/src/logic/ord.rs" 150 8 150 24 + let%span sord1 = "../../../creusot-contracts/src/logic/ord.rs" 186 16 192 17 - use seq.Seq + use prelude.prelude.Int64 - type t_T'0 + type t_Ordering'0 = + | C_Less'0 + | C_Equal'0 + | C_Greater'0 - use seq.Seq + use prelude.prelude.Int - use prelude.prelude.Borrow + function cmp_log'0 [#"../../../creusot-contracts/src/logic/ord.rs" 185 12 185 49] (self : int64) (o : int64) : t_Ordering'0 + + = + [%#sord1] if self < o then C_Less'0 else if self = o then C_Equal'0 else C_Greater'0 - use seq.Seq + goal refines : [%#sord0] forall x : int64 . forall result : () . cmp_log'0 x x = C_Equal'0 + -> cmp_log'0 x x = C_Equal'0 +end +module M_creusot_contracts__logic__ord__qyi2565746305859701215__cmp_lt_log__refines [#"../../../creusot-contracts/src/logic/ord.rs" 135 8 135 39] (* *) + let%span sord0 = "../../../creusot-contracts/src/logic/ord.rs" 135 8 135 39 + let%span sord1 = "../../../creusot-contracts/src/logic/ord.rs" 186 16 192 17 - predicate inv'1 [#"../../../creusot-contracts/src/invariant.rs" 41 0 41 35] (_1 : t_I'0) + use prelude.prelude.Int64 - predicate inv'0 [#"../../../creusot-contracts/src/invariant.rs" 41 0 41 35] (_1 : t_Cloned'0) + use prelude.prelude.Int - axiom inv_axiom'0 [@rewrite] : forall x : t_Cloned'0 [inv'0 x] . inv'0 x - = match x with - | {t_Cloned__it'0 = it} -> inv'1 it - end + type t_Ordering'0 = + | C_Less'0 + | C_Equal'0 + | C_Greater'0 - function iter'0 [#"../../../creusot-contracts/src/std/iter/cloned.rs" 12 4 12 22] (self : t_Cloned'0) : t_I'0 + function cmp_log'0 [#"../../../creusot-contracts/src/logic/ord.rs" 185 12 185 49] (self : int64) (o : int64) : t_Ordering'0 + + = + [%#sord1] if self < o then C_Less'0 else if self = o then C_Equal'0 else C_Greater'0 - axiom iter'0_spec : forall self : t_Cloned'0 . [%#scloned2] inv'0 self -> inv'1 (iter'0 self) + goal refines : [%#sord0] forall x : int64 . forall y : int64 . forall result : () . (x < y) + = (cmp_log'0 x y = C_Less'0) -> (x < y) = (cmp_log'0 x y = C_Less'0) +end +module M_creusot_contracts__logic__ord__qyi2565746305859701215__antisym1__refines [#"../../../creusot-contracts/src/logic/ord.rs" 163 8 163 37] (* *) + let%span sord0 = "../../../creusot-contracts/src/logic/ord.rs" 163 8 163 37 + let%span sord1 = "../../../creusot-contracts/src/logic/ord.rs" 186 16 192 17 - use seq.Seq + use prelude.prelude.Int64 - use seq.Seq + type t_Ordering'0 = + | C_Less'0 + | C_Equal'0 + | C_Greater'0 - predicate produces'1 [#"../../../creusot-contracts/src/std/iter.rs" 32 4 32 65] (self : t_I'0) (visited : Seq.seq t_T'0) (o : t_I'0) - + use prelude.prelude.Int - function produces_trans'0 [#"../../../creusot-contracts/src/std/iter.rs" 45 4 45 91] (a : t_I'0) (ab : Seq.seq t_T'0) (b : t_I'0) (bc : Seq.seq t_T'0) (c : t_I'0) : () + function cmp_log'0 [#"../../../creusot-contracts/src/logic/ord.rs" 185 12 185 49] (self : int64) (o : int64) : t_Ordering'0 + = + [%#sord1] if self < o then C_Less'0 else if self = o then C_Equal'0 else C_Greater'0 - axiom produces_trans'0_spec : forall a : t_I'0, ab : Seq.seq t_T'0, b : t_I'0, bc : Seq.seq t_T'0, c : t_I'0 . ([%#siter4] produces'1 a ab b) - -> ([%#siter5] produces'1 b bc c) -> ([%#siter6] produces'1 a (Seq.(++) ab bc) c) - - function produces_refl'1 [#"../../../creusot-contracts/src/std/iter.rs" 39 4 39 27] (self : t_I'0) : () - - axiom produces_refl'1_spec : forall self : t_I'0 . [%#siter3] produces'1 self (Seq.empty : Seq.seq t_T'0) self + goal refines : [%#sord0] forall x : int64 . forall y : int64 . cmp_log'0 x y = C_Less'0 + -> cmp_log'0 x y = C_Less'0 /\ (forall result : () . cmp_log'0 y x = C_Greater'0 -> cmp_log'0 y x = C_Greater'0) +end +module M_creusot_contracts__logic__ord__qyi2565746305859701215__trans__refines [#"../../../creusot-contracts/src/logic/ord.rs" 157 8 157 56] (* *) + let%span sord0 = "../../../creusot-contracts/src/logic/ord.rs" 157 8 157 56 + let%span sord1 = "../../../creusot-contracts/src/logic/ord.rs" 186 16 192 17 - use seq.Seq + use prelude.prelude.Int64 - use seq.Seq + type t_Ordering'0 = + | C_Less'0 + | C_Equal'0 + | C_Greater'0 use prelude.prelude.Int - use seq.Seq - - use seq.Seq - - predicate produces'0 [#"../../../creusot-contracts/src/std/iter/cloned.rs" 46 4 46 64] (self : t_Cloned'0) (visited : Seq.seq t_T'0) (o : t_Cloned'0) + function cmp_log'0 [#"../../../creusot-contracts/src/logic/ord.rs" 185 12 185 49] (self : int64) (o : int64) : t_Ordering'0 = - [%#scloned1] exists s : Seq.seq t_T'0 . produces'1 (iter'0 self) s (iter'0 o) - /\ Seq.length visited = Seq.length s - /\ (forall i : int . 0 <= i /\ i < Seq.length s -> Seq.get visited i = Seq.get s i) + [%#sord1] if self < o then C_Less'0 else if self = o then C_Equal'0 else C_Greater'0 - goal refines : [%#scloned0] forall self : t_Cloned'0 . forall result : () . produces'0 self (Seq.empty : Seq.seq t_T'0) self - -> produces'0 self (Seq.empty : Seq.seq t_T'0) self + goal refines : [%#sord0] forall x : int64 . forall y : int64 . forall z : int64 . forall o : t_Ordering'0 . cmp_log'0 y z + = o + /\ cmp_log'0 x y = o + -> cmp_log'0 y z = o /\ cmp_log'0 x y = o /\ (forall result : () . cmp_log'0 x z = o -> cmp_log'0 x z = o) end -module M_creusot_contracts__stdqy35z1__iter__copied__qyi18224474876607687026__produces_refl__refines [#"../../../creusot-contracts/src/std/iter/copied.rs" 58 4 58 26] (* as std::iter::Iterator> *) - let%span scopied0 = "../../../creusot-contracts/src/std/iter/copied.rs" 58 4 58 26 - let%span scopied1 = "../../../creusot-contracts/src/std/iter/copied.rs" 48 12 51 79 - let%span scopied2 = "../../../creusot-contracts/src/std/iter/copied.rs" 11 14 11 39 - let%span siter3 = "../../../creusot-contracts/src/std/iter.rs" 38 14 38 45 - let%span siter4 = "../../../creusot-contracts/src/std/iter.rs" 42 15 42 32 - let%span siter5 = "../../../creusot-contracts/src/std/iter.rs" 43 15 43 32 - let%span siter6 = "../../../creusot-contracts/src/std/iter.rs" 44 14 44 42 - - type t_I'0 +module M_creusot_contracts__logic__ord__qyi2565746305859701215__eq_cmp__refines [#"../../../creusot-contracts/src/logic/ord.rs" 174 8 174 35] (* *) + let%span sord0 = "../../../creusot-contracts/src/logic/ord.rs" 174 8 174 35 + let%span sord1 = "../../../creusot-contracts/src/logic/ord.rs" 186 16 192 17 - type t_Copied'0 = - { t_Copied__it'0: t_I'0 } + use prelude.prelude.Int64 - use seq.Seq + type t_Ordering'0 = + | C_Less'0 + | C_Equal'0 + | C_Greater'0 - type t_T'0 + use prelude.prelude.Int - use seq.Seq + function cmp_log'0 [#"../../../creusot-contracts/src/logic/ord.rs" 185 12 185 49] (self : int64) (o : int64) : t_Ordering'0 + + = + [%#sord1] if self < o then C_Less'0 else if self = o then C_Equal'0 else C_Greater'0 - use prelude.prelude.Borrow + goal refines : [%#sord0] forall x : int64 . forall y : int64 . forall result : () . (x = y) + = (cmp_log'0 x y = C_Equal'0) -> (x = y) = (cmp_log'0 x y = C_Equal'0) +end +module M_creusot_contracts__logic__ord__qyi2565746305859701215__antisym2__refines [#"../../../creusot-contracts/src/logic/ord.rs" 169 8 169 37] (* *) + let%span sord0 = "../../../creusot-contracts/src/logic/ord.rs" 169 8 169 37 + let%span sord1 = "../../../creusot-contracts/src/logic/ord.rs" 186 16 192 17 - use seq.Seq + use prelude.prelude.Int64 - predicate inv'1 [#"../../../creusot-contracts/src/invariant.rs" 41 0 41 35] (_1 : t_I'0) + type t_Ordering'0 = + | C_Less'0 + | C_Equal'0 + | C_Greater'0 - predicate inv'0 [#"../../../creusot-contracts/src/invariant.rs" 41 0 41 35] (_1 : t_Copied'0) + use prelude.prelude.Int - axiom inv_axiom'0 [@rewrite] : forall x : t_Copied'0 [inv'0 x] . inv'0 x - = match x with - | {t_Copied__it'0 = it} -> inv'1 it - end + function cmp_log'0 [#"../../../creusot-contracts/src/logic/ord.rs" 185 12 185 49] (self : int64) (o : int64) : t_Ordering'0 + + = + [%#sord1] if self < o then C_Less'0 else if self = o then C_Equal'0 else C_Greater'0 - function iter'0 [#"../../../creusot-contracts/src/std/iter/copied.rs" 12 4 12 22] (self : t_Copied'0) : t_I'0 + goal refines : [%#sord0] forall x : int64 . forall y : int64 . cmp_log'0 x y = C_Greater'0 + -> cmp_log'0 x y = C_Greater'0 /\ (forall result : () . cmp_log'0 y x = C_Less'0 -> cmp_log'0 y x = C_Less'0) +end +module M_creusot_contracts__logic__ord__qyi2565746305859701215__cmp_gt_log__refines [#"../../../creusot-contracts/src/logic/ord.rs" 145 8 145 39] (* *) + let%span sord0 = "../../../creusot-contracts/src/logic/ord.rs" 145 8 145 39 + let%span sord1 = "../../../creusot-contracts/src/logic/ord.rs" 186 16 192 17 - axiom iter'0_spec : forall self : t_Copied'0 . [%#scopied2] inv'0 self -> inv'1 (iter'0 self) + use prelude.prelude.Int64 - use seq.Seq + use prelude.prelude.Int - use seq.Seq + type t_Ordering'0 = + | C_Less'0 + | C_Equal'0 + | C_Greater'0 - predicate produces'1 [#"../../../creusot-contracts/src/std/iter.rs" 32 4 32 65] (self : t_I'0) (visited : Seq.seq t_T'0) (o : t_I'0) + function cmp_log'0 [#"../../../creusot-contracts/src/logic/ord.rs" 185 12 185 49] (self : int64) (o : int64) : t_Ordering'0 + = + [%#sord1] if self < o then C_Less'0 else if self = o then C_Equal'0 else C_Greater'0 - function produces_trans'0 [#"../../../creusot-contracts/src/std/iter.rs" 45 4 45 91] (a : t_I'0) (ab : Seq.seq t_T'0) (b : t_I'0) (bc : Seq.seq t_T'0) (c : t_I'0) : () - + goal refines : [%#sord0] forall x : int64 . forall y : int64 . forall result : () . (x > y) + = (cmp_log'0 x y = C_Greater'0) -> (x > y) = (cmp_log'0 x y = C_Greater'0) +end +module M_creusot_contracts__logic__ord__qyi2565746305859701215__cmp_le_log__refines [#"../../../creusot-contracts/src/logic/ord.rs" 130 8 130 39] (* *) + let%span sord0 = "../../../creusot-contracts/src/logic/ord.rs" 130 8 130 39 + let%span sord1 = "../../../creusot-contracts/src/logic/ord.rs" 186 16 192 17 - axiom produces_trans'0_spec : forall a : t_I'0, ab : Seq.seq t_T'0, b : t_I'0, bc : Seq.seq t_T'0, c : t_I'0 . ([%#siter4] produces'1 a ab b) - -> ([%#siter5] produces'1 b bc c) -> ([%#siter6] produces'1 a (Seq.(++) ab bc) c) + use prelude.prelude.Int64 - function produces_refl'1 [#"../../../creusot-contracts/src/std/iter.rs" 39 4 39 27] (self : t_I'0) : () + use prelude.prelude.Int - axiom produces_refl'1_spec : forall self : t_I'0 . [%#siter3] produces'1 self (Seq.empty : Seq.seq t_T'0) self + type t_Ordering'0 = + | C_Less'0 + | C_Equal'0 + | C_Greater'0 - use seq.Seq + function cmp_log'0 [#"../../../creusot-contracts/src/logic/ord.rs" 185 12 185 49] (self : int64) (o : int64) : t_Ordering'0 + + = + [%#sord1] if self < o then C_Less'0 else if self = o then C_Equal'0 else C_Greater'0 - use seq.Seq + goal refines : [%#sord0] forall x : int64 . forall y : int64 . forall result : () . (x <= y) + = (cmp_log'0 x y <> C_Greater'0) -> (x <= y) = (cmp_log'0 x y <> C_Greater'0) +end +module M_creusot_contracts__logic__ord__qyi2565746305859701215__cmp_ge_log__refines [#"../../../creusot-contracts/src/logic/ord.rs" 140 8 140 39] (* *) + let%span sord0 = "../../../creusot-contracts/src/logic/ord.rs" 140 8 140 39 + let%span sord1 = "../../../creusot-contracts/src/logic/ord.rs" 186 16 192 17 - use prelude.prelude.Int + use prelude.prelude.Int64 - use seq.Seq + use prelude.prelude.Int - use seq.Seq + type t_Ordering'0 = + | C_Less'0 + | C_Equal'0 + | C_Greater'0 - predicate produces'0 [#"../../../creusot-contracts/src/std/iter/copied.rs" 46 4 46 64] (self : t_Copied'0) (visited : Seq.seq t_T'0) (o : t_Copied'0) + function cmp_log'0 [#"../../../creusot-contracts/src/logic/ord.rs" 185 12 185 49] (self : int64) (o : int64) : t_Ordering'0 = - [%#scopied1] exists s : Seq.seq t_T'0 . produces'1 (iter'0 self) s (iter'0 o) - /\ Seq.length visited = Seq.length s - /\ (forall i : int . 0 <= i /\ i < Seq.length s -> Seq.get visited i = Seq.get s i) + [%#sord1] if self < o then C_Less'0 else if self = o then C_Equal'0 else C_Greater'0 - goal refines : [%#scopied0] forall self : t_Copied'0 . forall result : () . produces'0 self (Seq.empty : Seq.seq t_T'0) self - -> produces'0 self (Seq.empty : Seq.seq t_T'0) self + goal refines : [%#sord0] forall x : int64 . forall y : int64 . forall result : () . (x >= y) + = (cmp_log'0 x y <> C_Less'0) -> (x >= y) = (cmp_log'0 x y <> C_Less'0) end -module M_creusot_contracts__stdqy35z1__iter__copied__qyi18224474876607687026__produces_trans__refines [#"../../../creusot-contracts/src/std/iter/copied.rs" 65 4 65 90] (* as std::iter::Iterator> *) - let%span scopied0 = "../../../creusot-contracts/src/std/iter/copied.rs" 65 4 65 90 - let%span scopied1 = "../../../creusot-contracts/src/std/iter/copied.rs" 48 12 51 79 - let%span scopied2 = "../../../creusot-contracts/src/std/iter/copied.rs" 11 14 11 39 - let%span siter3 = "../../../creusot-contracts/src/std/iter.rs" 38 14 38 45 - let%span siter4 = "../../../creusot-contracts/src/std/iter.rs" 42 15 42 32 - let%span siter5 = "../../../creusot-contracts/src/std/iter.rs" 43 15 43 32 - let%span siter6 = "../../../creusot-contracts/src/std/iter.rs" 44 14 44 42 +module M_creusot_contracts__logic__ord__qyi2364657485180829964__antisym1__refines [#"../../../creusot-contracts/src/logic/ord.rs" 163 8 163 37] (* *) + let%span sord0 = "../../../creusot-contracts/src/logic/ord.rs" 163 8 163 37 + let%span sord1 = "../../../creusot-contracts/src/logic/ord.rs" 186 16 192 17 - type t_I'0 + use prelude.prelude.Int128 - type t_Copied'0 = - { t_Copied__it'0: t_I'0 } + type t_Ordering'0 = + | C_Less'0 + | C_Equal'0 + | C_Greater'0 - type t_T'0 + use prelude.prelude.Int - use seq.Seq - - use prelude.prelude.Borrow + function cmp_log'0 [#"../../../creusot-contracts/src/logic/ord.rs" 185 12 185 49] (self : int128) (o : int128) : t_Ordering'0 + + = + [%#sord1] if self < o then C_Less'0 else if self = o then C_Equal'0 else C_Greater'0 - use seq.Seq + goal refines : [%#sord0] forall x : int128 . forall y : int128 . cmp_log'0 x y = C_Less'0 + -> cmp_log'0 x y = C_Less'0 /\ (forall result : () . cmp_log'0 y x = C_Greater'0 -> cmp_log'0 y x = C_Greater'0) +end +module M_creusot_contracts__logic__ord__qyi2364657485180829964__eq_cmp__refines [#"../../../creusot-contracts/src/logic/ord.rs" 174 8 174 35] (* *) + let%span sord0 = "../../../creusot-contracts/src/logic/ord.rs" 174 8 174 35 + let%span sord1 = "../../../creusot-contracts/src/logic/ord.rs" 186 16 192 17 - predicate inv'1 [#"../../../creusot-contracts/src/invariant.rs" 41 0 41 35] (_1 : t_I'0) + use prelude.prelude.Int128 - predicate inv'0 [#"../../../creusot-contracts/src/invariant.rs" 41 0 41 35] (_1 : t_Copied'0) + type t_Ordering'0 = + | C_Less'0 + | C_Equal'0 + | C_Greater'0 - axiom inv_axiom'0 [@rewrite] : forall x : t_Copied'0 [inv'0 x] . inv'0 x - = match x with - | {t_Copied__it'0 = it} -> inv'1 it - end + use prelude.prelude.Int - function iter'0 [#"../../../creusot-contracts/src/std/iter/copied.rs" 12 4 12 22] (self : t_Copied'0) : t_I'0 + function cmp_log'0 [#"../../../creusot-contracts/src/logic/ord.rs" 185 12 185 49] (self : int128) (o : int128) : t_Ordering'0 + + = + [%#sord1] if self < o then C_Less'0 else if self = o then C_Equal'0 else C_Greater'0 - axiom iter'0_spec : forall self : t_Copied'0 . [%#scopied2] inv'0 self -> inv'1 (iter'0 self) + goal refines : [%#sord0] forall x : int128 . forall y : int128 . forall result : () . (x = y) + = (cmp_log'0 x y = C_Equal'0) -> (x = y) = (cmp_log'0 x y = C_Equal'0) +end +module M_creusot_contracts__logic__ord__qyi2364657485180829964__antisym2__refines [#"../../../creusot-contracts/src/logic/ord.rs" 169 8 169 37] (* *) + let%span sord0 = "../../../creusot-contracts/src/logic/ord.rs" 169 8 169 37 + let%span sord1 = "../../../creusot-contracts/src/logic/ord.rs" 186 16 192 17 - use seq.Seq + use prelude.prelude.Int128 - use seq.Seq + type t_Ordering'0 = + | C_Less'0 + | C_Equal'0 + | C_Greater'0 - predicate produces'1 [#"../../../creusot-contracts/src/std/iter.rs" 32 4 32 65] (self : t_I'0) (visited : Seq.seq t_T'0) (o : t_I'0) - + use prelude.prelude.Int - function produces_trans'1 [#"../../../creusot-contracts/src/std/iter.rs" 45 4 45 91] (a : t_I'0) (ab : Seq.seq t_T'0) (b : t_I'0) (bc : Seq.seq t_T'0) (c : t_I'0) : () + function cmp_log'0 [#"../../../creusot-contracts/src/logic/ord.rs" 185 12 185 49] (self : int128) (o : int128) : t_Ordering'0 + = + [%#sord1] if self < o then C_Less'0 else if self = o then C_Equal'0 else C_Greater'0 - axiom produces_trans'1_spec : forall a : t_I'0, ab : Seq.seq t_T'0, b : t_I'0, bc : Seq.seq t_T'0, c : t_I'0 . ([%#siter4] produces'1 a ab b) - -> ([%#siter5] produces'1 b bc c) -> ([%#siter6] produces'1 a (Seq.(++) ab bc) c) - - function produces_refl'0 [#"../../../creusot-contracts/src/std/iter.rs" 39 4 39 27] (self : t_I'0) : () - - axiom produces_refl'0_spec : forall self : t_I'0 . [%#siter3] produces'1 self (Seq.empty : Seq.seq t_T'0) self - - use seq.Seq + goal refines : [%#sord0] forall x : int128 . forall y : int128 . cmp_log'0 x y = C_Greater'0 + -> cmp_log'0 x y = C_Greater'0 /\ (forall result : () . cmp_log'0 y x = C_Less'0 -> cmp_log'0 y x = C_Less'0) +end +module M_creusot_contracts__logic__ord__qyi2364657485180829964__cmp_gt_log__refines [#"../../../creusot-contracts/src/logic/ord.rs" 145 8 145 39] (* *) + let%span sord0 = "../../../creusot-contracts/src/logic/ord.rs" 145 8 145 39 + let%span sord1 = "../../../creusot-contracts/src/logic/ord.rs" 186 16 192 17 - use seq.Seq + use prelude.prelude.Int128 use prelude.prelude.Int - use seq.Seq - - use seq.Seq + type t_Ordering'0 = + | C_Less'0 + | C_Equal'0 + | C_Greater'0 - predicate produces'0 [#"../../../creusot-contracts/src/std/iter/copied.rs" 46 4 46 64] (self : t_Copied'0) (visited : Seq.seq t_T'0) (o : t_Copied'0) + function cmp_log'0 [#"../../../creusot-contracts/src/logic/ord.rs" 185 12 185 49] (self : int128) (o : int128) : t_Ordering'0 = - [%#scopied1] exists s : Seq.seq t_T'0 . produces'1 (iter'0 self) s (iter'0 o) - /\ Seq.length visited = Seq.length s - /\ (forall i : int . 0 <= i /\ i < Seq.length s -> Seq.get visited i = Seq.get s i) - - use seq.Seq + [%#sord1] if self < o then C_Less'0 else if self = o then C_Equal'0 else C_Greater'0 - goal refines : [%#scopied0] forall a : t_Copied'0 . forall ab : Seq.seq t_T'0 . forall b : t_Copied'0 . forall bc : Seq.seq t_T'0 . forall c : t_Copied'0 . produces'0 b bc c - /\ produces'0 a ab b - -> produces'0 b bc c - /\ produces'0 a ab b /\ (forall result : () . produces'0 a (Seq.(++) ab bc) c -> produces'0 a (Seq.(++) ab bc) c) + goal refines : [%#sord0] forall x : int128 . forall y : int128 . forall result : () . (x > y) + = (cmp_log'0 x y = C_Greater'0) -> (x > y) = (cmp_log'0 x y = C_Greater'0) end -module M_creusot_contracts__stdqy35z1__iter__empty__qyi10605201058978801838__produces_refl__refines [#"../../../creusot-contracts/src/std/iter/empty.rs" 19 4 19 26] (* as std::iter::Iterator> *) - let%span sempty0 = "../../../creusot-contracts/src/std/iter/empty.rs" 19 4 19 26 - let%span sempty1 = "../../../creusot-contracts/src/std/iter/empty.rs" 13 20 13 54 - - type t_Empty'0 = - { t_Empty__0'0: () } +module M_creusot_contracts__logic__ord__qyi2364657485180829964__refl__refines [#"../../../creusot-contracts/src/logic/ord.rs" 150 8 150 24] (* *) + let%span sord0 = "../../../creusot-contracts/src/logic/ord.rs" 150 8 150 24 + let%span sord1 = "../../../creusot-contracts/src/logic/ord.rs" 186 16 192 17 - use seq.Seq + use prelude.prelude.Int128 - type t_T'0 + type t_Ordering'0 = + | C_Less'0 + | C_Equal'0 + | C_Greater'0 - use seq.Seq + use prelude.prelude.Int - predicate produces'0 [#"../../../creusot-contracts/src/std/iter/empty.rs" 12 4 12 64] (self : t_Empty'0) (visited : Seq.seq t_T'0) (o : t_Empty'0) + function cmp_log'0 [#"../../../creusot-contracts/src/logic/ord.rs" 185 12 185 49] (self : int128) (o : int128) : t_Ordering'0 = - [%#sempty1] visited = (Seq.empty : Seq.seq t_T'0) /\ self = o + [%#sord1] if self < o then C_Less'0 else if self = o then C_Equal'0 else C_Greater'0 - goal refines : [%#sempty0] forall self : t_Empty'0 . forall result : () . produces'0 self (Seq.empty : Seq.seq t_T'0) self - -> produces'0 self (Seq.empty : Seq.seq t_T'0) self + goal refines : [%#sord0] forall x : int128 . forall result : () . cmp_log'0 x x = C_Equal'0 + -> cmp_log'0 x x = C_Equal'0 end -module M_creusot_contracts__stdqy35z1__iter__empty__qyi10605201058978801838__produces_trans__refines [#"../../../creusot-contracts/src/std/iter/empty.rs" 26 4 26 90] (* as std::iter::Iterator> *) - let%span sempty0 = "../../../creusot-contracts/src/std/iter/empty.rs" 26 4 26 90 - let%span sempty1 = "../../../creusot-contracts/src/std/iter/empty.rs" 13 20 13 54 - - type t_Empty'0 = - { t_Empty__0'0: () } +module M_creusot_contracts__logic__ord__qyi2364657485180829964__cmp_ge_log__refines [#"../../../creusot-contracts/src/logic/ord.rs" 140 8 140 39] (* *) + let%span sord0 = "../../../creusot-contracts/src/logic/ord.rs" 140 8 140 39 + let%span sord1 = "../../../creusot-contracts/src/logic/ord.rs" 186 16 192 17 - type t_T'0 + use prelude.prelude.Int128 - use seq.Seq + use prelude.prelude.Int - use seq.Seq + type t_Ordering'0 = + | C_Less'0 + | C_Equal'0 + | C_Greater'0 - predicate produces'0 [#"../../../creusot-contracts/src/std/iter/empty.rs" 12 4 12 64] (self : t_Empty'0) (visited : Seq.seq t_T'0) (o : t_Empty'0) + function cmp_log'0 [#"../../../creusot-contracts/src/logic/ord.rs" 185 12 185 49] (self : int128) (o : int128) : t_Ordering'0 = - [%#sempty1] visited = (Seq.empty : Seq.seq t_T'0) /\ self = o - - use seq.Seq + [%#sord1] if self < o then C_Less'0 else if self = o then C_Equal'0 else C_Greater'0 - goal refines : [%#sempty0] forall a : t_Empty'0 . forall ab : Seq.seq t_T'0 . forall b : t_Empty'0 . forall bc : Seq.seq t_T'0 . forall c : t_Empty'0 . produces'0 b bc c - /\ produces'0 a ab b - -> produces'0 b bc c - /\ produces'0 a ab b /\ (forall result : () . produces'0 a (Seq.(++) ab bc) c -> produces'0 a (Seq.(++) ab bc) c) + goal refines : [%#sord0] forall x : int128 . forall y : int128 . forall result : () . (x >= y) + = (cmp_log'0 x y <> C_Less'0) -> (x >= y) = (cmp_log'0 x y <> C_Less'0) end -module M_creusot_contracts__stdqy35z1__iter__enumerate__qyi2718914205750388896__produces_trans__refines [#"../../../creusot-contracts/src/std/iter/enumerate.rs" 90 4 90 90] (* as std::iter::Iterator> *) - let%span senumerate0 = "../../../creusot-contracts/src/std/iter/enumerate.rs" 90 4 90 90 - let%span senumerate1 = "../../../creusot-contracts/src/std/iter/enumerate.rs" 72 12 76 113 - let%span senumerate2 = "../../../creusot-contracts/src/std/iter/enumerate.rs" 14 14 14 39 - let%span siter3 = "../../../creusot-contracts/src/std/iter.rs" 38 14 38 45 - let%span siter4 = "../../../creusot-contracts/src/std/iter.rs" 42 15 42 32 - let%span siter5 = "../../../creusot-contracts/src/std/iter.rs" 43 15 43 32 - let%span siter6 = "../../../creusot-contracts/src/std/iter.rs" 44 14 44 42 - let%span senumerate7 = "../../../creusot-contracts/src/std/iter/enumerate.rs" 45 12 49 79 +module M_creusot_contracts__logic__ord__qyi2364657485180829964__cmp_lt_log__refines [#"../../../creusot-contracts/src/logic/ord.rs" 135 8 135 39] (* *) + let%span sord0 = "../../../creusot-contracts/src/logic/ord.rs" 135 8 135 39 + let%span sord1 = "../../../creusot-contracts/src/logic/ord.rs" 186 16 192 17 - type t_I'0 + use prelude.prelude.Int128 - use prelude.prelude.UIntSize + use prelude.prelude.Int - type t_Enumerate'0 = - { t_Enumerate__iter'0: t_I'0; t_Enumerate__count'0: usize } + type t_Ordering'0 = + | C_Less'0 + | C_Equal'0 + | C_Greater'0 - type t_Item'0 + function cmp_log'0 [#"../../../creusot-contracts/src/logic/ord.rs" 185 12 185 49] (self : int128) (o : int128) : t_Ordering'0 + + = + [%#sord1] if self < o then C_Less'0 else if self = o then C_Equal'0 else C_Greater'0 - use seq.Seq + goal refines : [%#sord0] forall x : int128 . forall y : int128 . forall result : () . (x < y) + = (cmp_log'0 x y = C_Less'0) -> (x < y) = (cmp_log'0 x y = C_Less'0) +end +module M_creusot_contracts__logic__ord__qyi2364657485180829964__cmp_le_log__refines [#"../../../creusot-contracts/src/logic/ord.rs" 130 8 130 39] (* *) + let%span sord0 = "../../../creusot-contracts/src/logic/ord.rs" 130 8 130 39 + let%span sord1 = "../../../creusot-contracts/src/logic/ord.rs" 186 16 192 17 - use seq.Seq + use prelude.prelude.Int128 use prelude.prelude.Int - function n'0 [#"../../../creusot-contracts/src/std/iter/enumerate.rs" 21 4 21 21] (self : t_Enumerate'0) : int + type t_Ordering'0 = + | C_Less'0 + | C_Equal'0 + | C_Greater'0 - use seq.Seq + function cmp_log'0 [#"../../../creusot-contracts/src/logic/ord.rs" 185 12 185 49] (self : int128) (o : int128) : t_Ordering'0 + + = + [%#sord1] if self < o then C_Less'0 else if self = o then C_Equal'0 else C_Greater'0 - use seq.Seq + goal refines : [%#sord0] forall x : int128 . forall y : int128 . forall result : () . (x <= y) + = (cmp_log'0 x y <> C_Greater'0) -> (x <= y) = (cmp_log'0 x y <> C_Greater'0) +end +module M_creusot_contracts__logic__ord__qyi2364657485180829964__trans__refines [#"../../../creusot-contracts/src/logic/ord.rs" 157 8 157 56] (* *) + let%span sord0 = "../../../creusot-contracts/src/logic/ord.rs" 157 8 157 56 + let%span sord1 = "../../../creusot-contracts/src/logic/ord.rs" 186 16 192 17 - use seq.Seq + use prelude.prelude.Int128 - predicate produces'1 [#"../../../creusot-contracts/src/std/iter.rs" 32 4 32 65] (self : t_I'0) (visited : Seq.seq t_Item'0) (o : t_I'0) - + type t_Ordering'0 = + | C_Less'0 + | C_Equal'0 + | C_Greater'0 - function produces_trans'1 [#"../../../creusot-contracts/src/std/iter.rs" 45 4 45 91] (a : t_I'0) (ab : Seq.seq t_Item'0) (b : t_I'0) (bc : Seq.seq t_Item'0) (c : t_I'0) : () + use prelude.prelude.Int + + function cmp_log'0 [#"../../../creusot-contracts/src/logic/ord.rs" 185 12 185 49] (self : int128) (o : int128) : t_Ordering'0 + = + [%#sord1] if self < o then C_Less'0 else if self = o then C_Equal'0 else C_Greater'0 - axiom produces_trans'1_spec : forall a : t_I'0, ab : Seq.seq t_Item'0, b : t_I'0, bc : Seq.seq t_Item'0, c : t_I'0 . ([%#siter4] produces'1 a ab b) - -> ([%#siter5] produces'1 b bc c) -> ([%#siter6] produces'1 a (Seq.(++) ab bc) c) + goal refines : [%#sord0] forall x : int128 . forall y : int128 . forall z : int128 . forall o : t_Ordering'0 . cmp_log'0 y z + = o + /\ cmp_log'0 x y = o + -> cmp_log'0 y z = o /\ cmp_log'0 x y = o /\ (forall result : () . cmp_log'0 x z = o -> cmp_log'0 x z = o) +end +module M_creusot_contracts__logic__ord__qyi8047313880300482848__antisym1__refines [#"../../../creusot-contracts/src/logic/ord.rs" 163 8 163 37] (* *) + let%span sord0 = "../../../creusot-contracts/src/logic/ord.rs" 163 8 163 37 + let%span sord1 = "../../../creusot-contracts/src/logic/ord.rs" 186 16 192 17 - function produces_refl'0 [#"../../../creusot-contracts/src/std/iter.rs" 39 4 39 27] (self : t_I'0) : () + use prelude.prelude.IntSize - axiom produces_refl'0_spec : forall self : t_I'0 . [%#siter3] produces'1 self (Seq.empty : Seq.seq t_Item'0) self + type t_Ordering'0 = + | C_Less'0 + | C_Equal'0 + | C_Greater'0 - use seq.Seq + use prelude.prelude.Int - constant v_MAX'0 : usize = (18446744073709551615 : usize) + function cmp_log'0 [#"../../../creusot-contracts/src/logic/ord.rs" 185 12 185 49] (self : isize) (o : isize) : t_Ordering'0 + + = + [%#sord1] if self < o then C_Less'0 else if self = o then C_Equal'0 else C_Greater'0 - use prelude.prelude.UIntSize + goal refines : [%#sord0] forall x : isize . forall y : isize . cmp_log'0 x y = C_Less'0 + -> cmp_log'0 x y = C_Less'0 /\ (forall result : () . cmp_log'0 y x = C_Greater'0 -> cmp_log'0 y x = C_Greater'0) +end +module M_creusot_contracts__logic__ord__qyi8047313880300482848__antisym2__refines [#"../../../creusot-contracts/src/logic/ord.rs" 169 8 169 37] (* *) + let%span sord0 = "../../../creusot-contracts/src/logic/ord.rs" 169 8 169 37 + let%span sord1 = "../../../creusot-contracts/src/logic/ord.rs" 186 16 192 17 - use prelude.prelude.Borrow + use prelude.prelude.IntSize - predicate completed'0 [#"../../../creusot-contracts/src/std/iter.rs" 35 4 35 36] (self : borrowed t_I'0) + type t_Ordering'0 = + | C_Less'0 + | C_Equal'0 + | C_Greater'0 - predicate inv'1 [#"../../../creusot-contracts/src/invariant.rs" 41 0 41 35] (_1 : t_I'0) + use prelude.prelude.Int - predicate inv'0 [#"../../../creusot-contracts/src/invariant.rs" 41 0 41 35] (_1 : t_Enumerate'0) + function cmp_log'0 [#"../../../creusot-contracts/src/logic/ord.rs" 185 12 185 49] (self : isize) (o : isize) : t_Ordering'0 + + = + [%#sord1] if self < o then C_Less'0 else if self = o then C_Equal'0 else C_Greater'0 - function iter'0 [#"../../../creusot-contracts/src/std/iter/enumerate.rs" 15 4 15 22] (self : t_Enumerate'0) : t_I'0 - - axiom iter'0_spec : forall self : t_Enumerate'0 . [%#senumerate2] inv'0 self -> inv'1 (iter'0 self) - - predicate invariant'0 [#"../../../creusot-contracts/src/std/iter/enumerate.rs" 43 4 43 30] (self : t_Enumerate'0) = - [%#senumerate7] (forall s : Seq.seq t_Item'0, i : t_I'0 [produces'1 (iter'0 self) s i] . produces'1 (iter'0 self) s i - -> n'0 self + Seq.length s < UIntSize.to_int v_MAX'0) - /\ (forall i : borrowed t_I'0 . completed'0 i -> produces'1 i.current (Seq.empty : Seq.seq t_Item'0) i.final) + goal refines : [%#sord0] forall x : isize . forall y : isize . cmp_log'0 x y = C_Greater'0 + -> cmp_log'0 x y = C_Greater'0 /\ (forall result : () . cmp_log'0 y x = C_Less'0 -> cmp_log'0 y x = C_Less'0) +end +module M_creusot_contracts__logic__ord__qyi8047313880300482848__cmp_ge_log__refines [#"../../../creusot-contracts/src/logic/ord.rs" 140 8 140 39] (* *) + let%span sord0 = "../../../creusot-contracts/src/logic/ord.rs" 140 8 140 39 + let%span sord1 = "../../../creusot-contracts/src/logic/ord.rs" 186 16 192 17 - axiom inv_axiom'0 [@rewrite] : forall x : t_Enumerate'0 [inv'0 x] . inv'0 x - = (invariant'0 x - /\ match x with - | {t_Enumerate__iter'0 = iter ; t_Enumerate__count'0 = count} -> inv'1 iter - end) + use prelude.prelude.IntSize - use seq.Seq + use prelude.prelude.Int - use seq.Seq + type t_Ordering'0 = + | C_Less'0 + | C_Equal'0 + | C_Greater'0 - predicate produces'0 [#"../../../creusot-contracts/src/std/iter/enumerate.rs" 70 4 70 64] (self : t_Enumerate'0) (visited : Seq.seq (usize, t_Item'0)) (o : t_Enumerate'0) + function cmp_log'0 [#"../../../creusot-contracts/src/logic/ord.rs" 185 12 185 49] (self : isize) (o : isize) : t_Ordering'0 = - [%#senumerate1] Seq.length visited = n'0 o - n'0 self - /\ (exists s : Seq.seq t_Item'0 . produces'1 (iter'0 self) s (iter'0 o) - /\ Seq.length visited = Seq.length s - /\ (forall i : int . 0 <= i /\ i < Seq.length s - -> UIntSize.to_int (let (a, _) = Seq.get visited i in a) = n'0 self + i - /\ (let (_, a) = Seq.get visited i in a) = Seq.get s i)) - - use seq.Seq + [%#sord1] if self < o then C_Less'0 else if self = o then C_Equal'0 else C_Greater'0 - goal refines : [%#senumerate0] forall a : t_Enumerate'0 . forall ab : Seq.seq (usize, t_Item'0) . forall b : t_Enumerate'0 . forall bc : Seq.seq (usize, t_Item'0) . forall c : t_Enumerate'0 . produces'0 b bc c - /\ produces'0 a ab b - -> produces'0 b bc c - /\ produces'0 a ab b /\ (forall result : () . produces'0 a (Seq.(++) ab bc) c -> produces'0 a (Seq.(++) ab bc) c) + goal refines : [%#sord0] forall x : isize . forall y : isize . forall result : () . (x >= y) + = (cmp_log'0 x y <> C_Less'0) -> (x >= y) = (cmp_log'0 x y <> C_Less'0) end -module M_creusot_contracts__stdqy35z1__iter__enumerate__qyi2718914205750388896__produces_refl__refines [#"../../../creusot-contracts/src/std/iter/enumerate.rs" 83 4 83 26] (* as std::iter::Iterator> *) - let%span senumerate0 = "../../../creusot-contracts/src/std/iter/enumerate.rs" 83 4 83 26 - let%span senumerate1 = "../../../creusot-contracts/src/std/iter/enumerate.rs" 72 12 76 113 - let%span senumerate2 = "../../../creusot-contracts/src/std/iter/enumerate.rs" 14 14 14 39 - let%span siter3 = "../../../creusot-contracts/src/std/iter.rs" 38 14 38 45 - let%span siter4 = "../../../creusot-contracts/src/std/iter.rs" 42 15 42 32 - let%span siter5 = "../../../creusot-contracts/src/std/iter.rs" 43 15 43 32 - let%span siter6 = "../../../creusot-contracts/src/std/iter.rs" 44 14 44 42 - let%span senumerate7 = "../../../creusot-contracts/src/std/iter/enumerate.rs" 45 12 49 79 +module M_creusot_contracts__logic__ord__qyi8047313880300482848__cmp_lt_log__refines [#"../../../creusot-contracts/src/logic/ord.rs" 135 8 135 39] (* *) + let%span sord0 = "../../../creusot-contracts/src/logic/ord.rs" 135 8 135 39 + let%span sord1 = "../../../creusot-contracts/src/logic/ord.rs" 186 16 192 17 - type t_I'0 + use prelude.prelude.IntSize - use prelude.prelude.UIntSize + use prelude.prelude.Int - type t_Enumerate'0 = - { t_Enumerate__iter'0: t_I'0; t_Enumerate__count'0: usize } + type t_Ordering'0 = + | C_Less'0 + | C_Equal'0 + | C_Greater'0 - use seq.Seq + function cmp_log'0 [#"../../../creusot-contracts/src/logic/ord.rs" 185 12 185 49] (self : isize) (o : isize) : t_Ordering'0 + + = + [%#sord1] if self < o then C_Less'0 else if self = o then C_Equal'0 else C_Greater'0 - type t_Item'0 + goal refines : [%#sord0] forall x : isize . forall y : isize . forall result : () . (x < y) + = (cmp_log'0 x y = C_Less'0) -> (x < y) = (cmp_log'0 x y = C_Less'0) +end +module M_creusot_contracts__logic__ord__qyi8047313880300482848__trans__refines [#"../../../creusot-contracts/src/logic/ord.rs" 157 8 157 56] (* *) + let%span sord0 = "../../../creusot-contracts/src/logic/ord.rs" 157 8 157 56 + let%span sord1 = "../../../creusot-contracts/src/logic/ord.rs" 186 16 192 17 - use seq.Seq + use prelude.prelude.IntSize - use seq.Seq + type t_Ordering'0 = + | C_Less'0 + | C_Equal'0 + | C_Greater'0 use prelude.prelude.Int - function n'0 [#"../../../creusot-contracts/src/std/iter/enumerate.rs" 21 4 21 21] (self : t_Enumerate'0) : int + function cmp_log'0 [#"../../../creusot-contracts/src/logic/ord.rs" 185 12 185 49] (self : isize) (o : isize) : t_Ordering'0 + + = + [%#sord1] if self < o then C_Less'0 else if self = o then C_Equal'0 else C_Greater'0 - use seq.Seq + goal refines : [%#sord0] forall x : isize . forall y : isize . forall z : isize . forall o : t_Ordering'0 . cmp_log'0 y z + = o + /\ cmp_log'0 x y = o + -> cmp_log'0 y z = o /\ cmp_log'0 x y = o /\ (forall result : () . cmp_log'0 x z = o -> cmp_log'0 x z = o) +end +module M_creusot_contracts__logic__ord__qyi8047313880300482848__eq_cmp__refines [#"../../../creusot-contracts/src/logic/ord.rs" 174 8 174 35] (* *) + let%span sord0 = "../../../creusot-contracts/src/logic/ord.rs" 174 8 174 35 + let%span sord1 = "../../../creusot-contracts/src/logic/ord.rs" 186 16 192 17 - use seq.Seq + use prelude.prelude.IntSize - use seq.Seq + type t_Ordering'0 = + | C_Less'0 + | C_Equal'0 + | C_Greater'0 - predicate produces'1 [#"../../../creusot-contracts/src/std/iter.rs" 32 4 32 65] (self : t_I'0) (visited : Seq.seq t_Item'0) (o : t_I'0) - + use prelude.prelude.Int - function produces_trans'0 [#"../../../creusot-contracts/src/std/iter.rs" 45 4 45 91] (a : t_I'0) (ab : Seq.seq t_Item'0) (b : t_I'0) (bc : Seq.seq t_Item'0) (c : t_I'0) : () + function cmp_log'0 [#"../../../creusot-contracts/src/logic/ord.rs" 185 12 185 49] (self : isize) (o : isize) : t_Ordering'0 + = + [%#sord1] if self < o then C_Less'0 else if self = o then C_Equal'0 else C_Greater'0 - axiom produces_trans'0_spec : forall a : t_I'0, ab : Seq.seq t_Item'0, b : t_I'0, bc : Seq.seq t_Item'0, c : t_I'0 . ([%#siter4] produces'1 a ab b) - -> ([%#siter5] produces'1 b bc c) -> ([%#siter6] produces'1 a (Seq.(++) ab bc) c) - - function produces_refl'1 [#"../../../creusot-contracts/src/std/iter.rs" 39 4 39 27] (self : t_I'0) : () - - axiom produces_refl'1_spec : forall self : t_I'0 . [%#siter3] produces'1 self (Seq.empty : Seq.seq t_Item'0) self + goal refines : [%#sord0] forall x : isize . forall y : isize . forall result : () . (x = y) + = (cmp_log'0 x y = C_Equal'0) -> (x = y) = (cmp_log'0 x y = C_Equal'0) +end +module M_creusot_contracts__logic__ord__qyi8047313880300482848__refl__refines [#"../../../creusot-contracts/src/logic/ord.rs" 150 8 150 24] (* *) + let%span sord0 = "../../../creusot-contracts/src/logic/ord.rs" 150 8 150 24 + let%span sord1 = "../../../creusot-contracts/src/logic/ord.rs" 186 16 192 17 - use seq.Seq + use prelude.prelude.IntSize - constant v_MAX'0 : usize = (18446744073709551615 : usize) + type t_Ordering'0 = + | C_Less'0 + | C_Equal'0 + | C_Greater'0 - use prelude.prelude.UIntSize + use prelude.prelude.Int - use prelude.prelude.Borrow + function cmp_log'0 [#"../../../creusot-contracts/src/logic/ord.rs" 185 12 185 49] (self : isize) (o : isize) : t_Ordering'0 + + = + [%#sord1] if self < o then C_Less'0 else if self = o then C_Equal'0 else C_Greater'0 - predicate completed'0 [#"../../../creusot-contracts/src/std/iter.rs" 35 4 35 36] (self : borrowed t_I'0) + goal refines : [%#sord0] forall x : isize . forall result : () . cmp_log'0 x x = C_Equal'0 + -> cmp_log'0 x x = C_Equal'0 +end +module M_creusot_contracts__logic__ord__qyi8047313880300482848__cmp_gt_log__refines [#"../../../creusot-contracts/src/logic/ord.rs" 145 8 145 39] (* *) + let%span sord0 = "../../../creusot-contracts/src/logic/ord.rs" 145 8 145 39 + let%span sord1 = "../../../creusot-contracts/src/logic/ord.rs" 186 16 192 17 - predicate inv'1 [#"../../../creusot-contracts/src/invariant.rs" 41 0 41 35] (_1 : t_I'0) + use prelude.prelude.IntSize - predicate inv'0 [#"../../../creusot-contracts/src/invariant.rs" 41 0 41 35] (_1 : t_Enumerate'0) + use prelude.prelude.Int - function iter'0 [#"../../../creusot-contracts/src/std/iter/enumerate.rs" 15 4 15 22] (self : t_Enumerate'0) : t_I'0 + type t_Ordering'0 = + | C_Less'0 + | C_Equal'0 + | C_Greater'0 - axiom iter'0_spec : forall self : t_Enumerate'0 . [%#senumerate2] inv'0 self -> inv'1 (iter'0 self) + function cmp_log'0 [#"../../../creusot-contracts/src/logic/ord.rs" 185 12 185 49] (self : isize) (o : isize) : t_Ordering'0 + + = + [%#sord1] if self < o then C_Less'0 else if self = o then C_Equal'0 else C_Greater'0 - predicate invariant'0 [#"../../../creusot-contracts/src/std/iter/enumerate.rs" 43 4 43 30] (self : t_Enumerate'0) = - [%#senumerate7] (forall s : Seq.seq t_Item'0, i : t_I'0 [produces'1 (iter'0 self) s i] . produces'1 (iter'0 self) s i - -> n'0 self + Seq.length s < UIntSize.to_int v_MAX'0) - /\ (forall i : borrowed t_I'0 . completed'0 i -> produces'1 i.current (Seq.empty : Seq.seq t_Item'0) i.final) + goal refines : [%#sord0] forall x : isize . forall y : isize . forall result : () . (x > y) + = (cmp_log'0 x y = C_Greater'0) -> (x > y) = (cmp_log'0 x y = C_Greater'0) +end +module M_creusot_contracts__logic__ord__qyi8047313880300482848__cmp_le_log__refines [#"../../../creusot-contracts/src/logic/ord.rs" 130 8 130 39] (* *) + let%span sord0 = "../../../creusot-contracts/src/logic/ord.rs" 130 8 130 39 + let%span sord1 = "../../../creusot-contracts/src/logic/ord.rs" 186 16 192 17 - axiom inv_axiom'0 [@rewrite] : forall x : t_Enumerate'0 [inv'0 x] . inv'0 x - = (invariant'0 x - /\ match x with - | {t_Enumerate__iter'0 = iter ; t_Enumerate__count'0 = count} -> inv'1 iter - end) + use prelude.prelude.IntSize - use seq.Seq + use prelude.prelude.Int - use seq.Seq + type t_Ordering'0 = + | C_Less'0 + | C_Equal'0 + | C_Greater'0 - predicate produces'0 [#"../../../creusot-contracts/src/std/iter/enumerate.rs" 70 4 70 64] (self : t_Enumerate'0) (visited : Seq.seq (usize, t_Item'0)) (o : t_Enumerate'0) + function cmp_log'0 [#"../../../creusot-contracts/src/logic/ord.rs" 185 12 185 49] (self : isize) (o : isize) : t_Ordering'0 = - [%#senumerate1] Seq.length visited = n'0 o - n'0 self - /\ (exists s : Seq.seq t_Item'0 . produces'1 (iter'0 self) s (iter'0 o) - /\ Seq.length visited = Seq.length s - /\ (forall i : int . 0 <= i /\ i < Seq.length s - -> UIntSize.to_int (let (a, _) = Seq.get visited i in a) = n'0 self + i - /\ (let (_, a) = Seq.get visited i in a) = Seq.get s i)) + [%#sord1] if self < o then C_Less'0 else if self = o then C_Equal'0 else C_Greater'0 - goal refines : [%#senumerate0] forall self : t_Enumerate'0 . forall result : () . produces'0 self (Seq.empty : Seq.seq (usize, t_Item'0)) self - -> produces'0 self (Seq.empty : Seq.seq (usize, t_Item'0)) self + goal refines : [%#sord0] forall x : isize . forall y : isize . forall result : () . (x <= y) + = (cmp_log'0 x y <> C_Greater'0) -> (x <= y) = (cmp_log'0 x y <> C_Greater'0) end -module M_creusot_contracts__stdqy35z1__iter__filter__qyi9573749579793237160__produces_refl__refines [#"../../../creusot-contracts/src/std/iter/filter.rs" 106 4 106 26] (* as std::iter::Iterator> *) - let%span sfilter0 = "../../../creusot-contracts/src/std/iter/filter.rs" 106 4 106 26 - let%span sfilter1 = "../../../creusot-contracts/src/std/iter/filter.rs" 87 12 99 17 - let%span sfilter2 = "../../../creusot-contracts/src/std/iter/filter.rs" 34 12 40 124 - let%span sfilter3 = "../../../creusot-contracts/src/std/iter/filter.rs" 22 14 22 39 - let%span sfilter4 = "../../../creusot-contracts/src/std/iter/filter.rs" 15 14 15 39 - let%span sops5 = "../../../creusot-contracts/src/std/ops.rs" 109 15 109 59 - let%span sops6 = "../../../creusot-contracts/src/std/ops.rs" 110 14 110 36 - let%span sops7 = "../../../creusot-contracts/src/std/ops.rs" 115 14 115 31 - let%span sops8 = "../../../creusot-contracts/src/std/ops.rs" 120 15 120 29 - let%span sops9 = "../../../creusot-contracts/src/std/ops.rs" 121 15 121 26 - let%span sops10 = "../../../creusot-contracts/src/std/ops.rs" 122 14 122 28 - let%span sops11 = "../../../creusot-contracts/src/std/ops.rs" 127 14 128 105 - let%span siter12 = "../../../creusot-contracts/src/std/iter.rs" 38 14 38 45 - let%span siter13 = "../../../creusot-contracts/src/std/iter.rs" 42 15 42 32 - let%span siter14 = "../../../creusot-contracts/src/std/iter.rs" 43 15 43 32 - let%span siter15 = "../../../creusot-contracts/src/std/iter.rs" 44 14 44 42 +module M_creusot_contracts__logic__ord__qyi17836724837647357586__cmp_ge_log__refines [#"../../../creusot-contracts/src/logic/ord.rs" 140 8 140 39] (* *) + let%span sord0 = "../../../creusot-contracts/src/logic/ord.rs" 140 8 140 39 + let%span sord1 = "../../../creusot-contracts/src/logic/ord.rs" 47 20 47 53 + let%span sord2 = "../../../creusot-contracts/src/logic/ord.rs" 248 8 253 9 - type t_I'0 + type t_Ordering'0 = + | C_Less'0 + | C_Equal'0 + | C_Greater'0 - type t_F'0 + function cmp_log'0 [#"../../../creusot-contracts/src/logic/ord.rs" 247 4 247 41] (self : bool) (o : bool) : t_Ordering'0 + + = + [%#sord2] match (self, o) with + | (False, False) -> C_Equal'0 + | (True, True) -> C_Equal'0 + | (False, True) -> C_Less'0 + | (True, False) -> C_Greater'0 + end - type t_Filter'0 = - { t_Filter__iter'0: t_I'0; t_Filter__predicate'0: t_F'0 } + function ge_log'0 [#"../../../creusot-contracts/src/logic/ord.rs" 46 4 46 36] (self : bool) (o : bool) : bool = + [%#sord1] cmp_log'0 self o <> C_Less'0 - use seq.Seq + goal refines : [%#sord0] forall x : bool . forall y : bool . forall result : () . ge_log'0 x y + = (cmp_log'0 x y <> C_Less'0) -> ge_log'0 x y = (cmp_log'0 x y <> C_Less'0) +end +module M_creusot_contracts__logic__ord__qyi17836724837647357586__refl__refines [#"../../../creusot-contracts/src/logic/ord.rs" 150 8 150 24] (* *) + let%span sord0 = "../../../creusot-contracts/src/logic/ord.rs" 150 8 150 24 + let%span sord1 = "../../../creusot-contracts/src/logic/ord.rs" 248 8 253 9 - type t_Item'0 + type t_Ordering'0 = + | C_Less'0 + | C_Equal'0 + | C_Greater'0 - use seq.Seq + function cmp_log'0 [#"../../../creusot-contracts/src/logic/ord.rs" 247 4 247 41] (self : bool) (o : bool) : t_Ordering'0 + + = + [%#sord1] match (self, o) with + | (False, False) -> C_Equal'0 + | (True, True) -> C_Equal'0 + | (False, True) -> C_Less'0 + | (True, False) -> C_Greater'0 + end - use prelude.prelude.Borrow + goal refines : [%#sord0] forall x : bool . forall result : () . cmp_log'0 x x = C_Equal'0 + -> cmp_log'0 x x = C_Equal'0 +end +module M_creusot_contracts__logic__ord__qyi17836724837647357586__antisym1__refines [#"../../../creusot-contracts/src/logic/ord.rs" 163 8 163 37] (* *) + let%span sord0 = "../../../creusot-contracts/src/logic/ord.rs" 163 8 163 37 + let%span sord1 = "../../../creusot-contracts/src/logic/ord.rs" 248 8 253 9 - predicate precondition'0 [#"../../../creusot-contracts/src/std/ops.rs" 77 4 77 45] (self : t_F'0) (args : t_Item'0) + type t_Ordering'0 = + | C_Less'0 + | C_Equal'0 + | C_Greater'0 - predicate postcondition_once'0 [#"../../../creusot-contracts/src/std/ops.rs" 85 4 85 73] (self : t_F'0) (args : t_Item'0) (result : bool) + function cmp_log'0 [#"../../../creusot-contracts/src/logic/ord.rs" 247 4 247 41] (self : bool) (o : bool) : t_Ordering'0 + = + [%#sord1] match (self, o) with + | (False, False) -> C_Equal'0 + | (True, True) -> C_Equal'0 + | (False, True) -> C_Less'0 + | (True, False) -> C_Greater'0 + end - predicate resolve'0 [#"../../../creusot-contracts/src/resolve.rs" 19 0 19 40] (_1 : t_F'0) + goal refines : [%#sord0] forall x : bool . forall y : bool . cmp_log'0 x y = C_Less'0 + -> cmp_log'0 x y = C_Less'0 /\ (forall result : () . cmp_log'0 y x = C_Greater'0 -> cmp_log'0 y x = C_Greater'0) +end +module M_creusot_contracts__logic__ord__qyi17836724837647357586__cmp_gt_log__refines [#"../../../creusot-contracts/src/logic/ord.rs" 145 8 145 39] (* *) + let%span sord0 = "../../../creusot-contracts/src/logic/ord.rs" 145 8 145 39 + let%span sord1 = "../../../creusot-contracts/src/logic/ord.rs" 58 20 58 56 + let%span sord2 = "../../../creusot-contracts/src/logic/ord.rs" 248 8 253 9 - predicate postcondition_mut'0 [#"../../../creusot-contracts/src/std/ops.rs" 95 4 95 92] (self : t_F'0) (args : t_Item'0) (result_state : t_F'0) (result : bool) - + type t_Ordering'0 = + | C_Less'0 + | C_Equal'0 + | C_Greater'0 - function fn_mut_once'0 [#"../../../creusot-contracts/src/std/ops.rs" 129 4 129 55] (self : t_F'0) (args : t_Item'0) (res : bool) : () + function cmp_log'0 [#"../../../creusot-contracts/src/logic/ord.rs" 247 4 247 41] (self : bool) (o : bool) : t_Ordering'0 + = + [%#sord2] match (self, o) with + | (False, False) -> C_Equal'0 + | (True, True) -> C_Equal'0 + | (False, True) -> C_Less'0 + | (True, False) -> C_Greater'0 + end - axiom fn_mut_once'0_spec : forall self : t_F'0, args : t_Item'0, res : bool . [%#sops11] postcondition_once'0 self args res - = (exists res_state : t_F'0 . postcondition_mut'0 self args res_state res /\ resolve'0 res_state) + function gt_log'0 [#"../../../creusot-contracts/src/logic/ord.rs" 57 4 57 36] (self : bool) (o : bool) : bool = + [%#sord1] cmp_log'0 self o = C_Greater'0 - predicate unnest'0 [#"../../../creusot-contracts/src/std/ops.rs" 103 4 103 36] (self : t_F'0) (_2 : t_F'0) + goal refines : [%#sord0] forall x : bool . forall y : bool . forall result : () . gt_log'0 x y + = (cmp_log'0 x y = C_Greater'0) -> gt_log'0 x y = (cmp_log'0 x y = C_Greater'0) +end +module M_creusot_contracts__logic__ord__qyi17836724837647357586__cmp_le_log__refines [#"../../../creusot-contracts/src/logic/ord.rs" 130 8 130 39] (* *) + let%span sord0 = "../../../creusot-contracts/src/logic/ord.rs" 130 8 130 39 + let%span sord1 = "../../../creusot-contracts/src/logic/ord.rs" 25 20 25 56 + let%span sord2 = "../../../creusot-contracts/src/logic/ord.rs" 248 8 253 9 - function unnest_trans'0 [#"../../../creusot-contracts/src/std/ops.rs" 123 4 123 43] (self : t_F'0) (b : t_F'0) (c : t_F'0) : () + type t_Ordering'0 = + | C_Less'0 + | C_Equal'0 + | C_Greater'0 + + function cmp_log'0 [#"../../../creusot-contracts/src/logic/ord.rs" 247 4 247 41] (self : bool) (o : bool) : t_Ordering'0 + = + [%#sord2] match (self, o) with + | (False, False) -> C_Equal'0 + | (True, True) -> C_Equal'0 + | (False, True) -> C_Less'0 + | (True, False) -> C_Greater'0 + end - axiom unnest_trans'0_spec : forall self : t_F'0, b : t_F'0, c : t_F'0 . ([%#sops8] unnest'0 self b) - -> ([%#sops9] unnest'0 b c) -> ([%#sops10] unnest'0 self c) + function le_log'0 [#"../../../creusot-contracts/src/logic/ord.rs" 24 4 24 36] (self : bool) (o : bool) : bool = + [%#sord1] cmp_log'0 self o <> C_Greater'0 - function unnest_refl'0 [#"../../../creusot-contracts/src/std/ops.rs" 116 4 116 24] (self : t_F'0) : () + goal refines : [%#sord0] forall x : bool . forall y : bool . forall result : () . le_log'0 x y + = (cmp_log'0 x y <> C_Greater'0) -> le_log'0 x y = (cmp_log'0 x y <> C_Greater'0) +end +module M_creusot_contracts__logic__ord__qyi17836724837647357586__cmp_lt_log__refines [#"../../../creusot-contracts/src/logic/ord.rs" 135 8 135 39] (* *) + let%span sord0 = "../../../creusot-contracts/src/logic/ord.rs" 135 8 135 39 + let%span sord1 = "../../../creusot-contracts/src/logic/ord.rs" 36 20 36 53 + let%span sord2 = "../../../creusot-contracts/src/logic/ord.rs" 248 8 253 9 - axiom unnest_refl'0_spec : forall self : t_F'0 . [%#sops7] unnest'0 self self + type t_Ordering'0 = + | C_Less'0 + | C_Equal'0 + | C_Greater'0 - function postcondition_mut_unnest'0 [#"../../../creusot-contracts/src/std/ops.rs" 111 4 111 85] (self : t_F'0) (args : t_Item'0) (res_state : t_F'0) (res : bool) : () + function cmp_log'0 [#"../../../creusot-contracts/src/logic/ord.rs" 247 4 247 41] (self : bool) (o : bool) : t_Ordering'0 + = + [%#sord2] match (self, o) with + | (False, False) -> C_Equal'0 + | (True, True) -> C_Equal'0 + | (False, True) -> C_Less'0 + | (True, False) -> C_Greater'0 + end - axiom postcondition_mut_unnest'0_spec : forall self : t_F'0, args : t_Item'0, res_state : t_F'0, res : bool . ([%#sops5] postcondition_mut'0 self args res_state res) - -> ([%#sops6] unnest'0 self res_state) + function lt_log'0 [#"../../../creusot-contracts/src/logic/ord.rs" 35 4 35 36] (self : bool) (o : bool) : bool = + [%#sord1] cmp_log'0 self o = C_Less'0 - predicate invariant'0 [#"../../../creusot-contracts/src/std/iter/filter.rs" 31 4 31 30] (self : t_Filter'0) = - [%#sfilter2] forall f : t_F'0, i : t_Item'0 . precondition'0 f (i) - /\ (forall f : t_F'0, g : t_F'0 . unnest'0 f g -> f = g) - /\ (forall f1 : t_F'0, f2 : t_F'0, i : t_Item'0 . not (postcondition_mut'0 f1 (i) f2 true - /\ postcondition_mut'0 f1 (i) f2 false)) + goal refines : [%#sord0] forall x : bool . forall y : bool . forall result : () . lt_log'0 x y + = (cmp_log'0 x y = C_Less'0) -> lt_log'0 x y = (cmp_log'0 x y = C_Less'0) +end +module M_creusot_contracts__logic__ord__qyi17836724837647357586__eq_cmp__refines [#"../../../creusot-contracts/src/logic/ord.rs" 174 8 174 35] (* *) + let%span sord0 = "../../../creusot-contracts/src/logic/ord.rs" 174 8 174 35 + let%span sord1 = "../../../creusot-contracts/src/logic/ord.rs" 248 8 253 9 - predicate inv'2 [#"../../../creusot-contracts/src/invariant.rs" 41 0 41 35] (_1 : t_I'0) + type t_Ordering'0 = + | C_Less'0 + | C_Equal'0 + | C_Greater'0 - predicate inv'1 [#"../../../creusot-contracts/src/invariant.rs" 41 0 41 35] (_1 : t_F'0) + function cmp_log'0 [#"../../../creusot-contracts/src/logic/ord.rs" 247 4 247 41] (self : bool) (o : bool) : t_Ordering'0 + + = + [%#sord1] match (self, o) with + | (False, False) -> C_Equal'0 + | (True, True) -> C_Equal'0 + | (False, True) -> C_Less'0 + | (True, False) -> C_Greater'0 + end - predicate inv'0 [#"../../../creusot-contracts/src/invariant.rs" 41 0 41 35] (_1 : t_Filter'0) + goal refines : [%#sord0] forall x : bool . forall y : bool . forall result : () . (x = y) + = (cmp_log'0 x y = C_Equal'0) -> (x = y) = (cmp_log'0 x y = C_Equal'0) +end +module M_creusot_contracts__logic__ord__qyi17836724837647357586__antisym2__refines [#"../../../creusot-contracts/src/logic/ord.rs" 169 8 169 37] (* *) + let%span sord0 = "../../../creusot-contracts/src/logic/ord.rs" 169 8 169 37 + let%span sord1 = "../../../creusot-contracts/src/logic/ord.rs" 248 8 253 9 - axiom inv_axiom'0 [@rewrite] : forall x : t_Filter'0 [inv'0 x] . inv'0 x - = (invariant'0 x - /\ match x with - | {t_Filter__iter'0 = iter ; t_Filter__predicate'0 = predicate'} -> inv'2 iter /\ inv'1 predicate' - end) + type t_Ordering'0 = + | C_Less'0 + | C_Equal'0 + | C_Greater'0 - function func'0 [#"../../../creusot-contracts/src/std/iter/filter.rs" 23 4 23 22] (self : t_Filter'0) : t_F'0 + function cmp_log'0 [#"../../../creusot-contracts/src/logic/ord.rs" 247 4 247 41] (self : bool) (o : bool) : t_Ordering'0 + + = + [%#sord1] match (self, o) with + | (False, False) -> C_Equal'0 + | (True, True) -> C_Equal'0 + | (False, True) -> C_Less'0 + | (True, False) -> C_Greater'0 + end - axiom func'0_spec : forall self : t_Filter'0 . [%#sfilter3] inv'0 self -> inv'1 (func'0 self) + goal refines : [%#sord0] forall x : bool . forall y : bool . cmp_log'0 x y = C_Greater'0 + -> cmp_log'0 x y = C_Greater'0 /\ (forall result : () . cmp_log'0 y x = C_Less'0 -> cmp_log'0 y x = C_Less'0) +end +module M_creusot_contracts__logic__ord__qyi17836724837647357586__trans__refines [#"../../../creusot-contracts/src/logic/ord.rs" 157 8 157 56] (* *) + let%span sord0 = "../../../creusot-contracts/src/logic/ord.rs" 157 8 157 56 + let%span sord1 = "../../../creusot-contracts/src/logic/ord.rs" 248 8 253 9 - use prelude.prelude.Int + type t_Ordering'0 = + | C_Less'0 + | C_Equal'0 + | C_Greater'0 - use map.Map + function cmp_log'0 [#"../../../creusot-contracts/src/logic/ord.rs" 247 4 247 41] (self : bool) (o : bool) : t_Ordering'0 + + = + [%#sord1] match (self, o) with + | (False, False) -> C_Equal'0 + | (True, True) -> C_Equal'0 + | (False, True) -> C_Less'0 + | (True, False) -> C_Greater'0 + end - function iter'0 [#"../../../creusot-contracts/src/std/iter/filter.rs" 16 4 16 22] (self : t_Filter'0) : t_I'0 + goal refines : [%#sord0] forall x : bool . forall y : bool . forall z : bool . forall o : t_Ordering'0 . cmp_log'0 y z + = o + /\ cmp_log'0 x y = o + -> cmp_log'0 y z = o /\ cmp_log'0 x y = o /\ (forall result : () . cmp_log'0 x z = o -> cmp_log'0 x z = o) +end +module M_creusot_contracts__logic__ord__qyi1910662420989811789__cmp_gt_log__refines [#"../../../creusot-contracts/src/logic/ord.rs" 145 8 145 39] (* <(A, B) as logic::ord::OrdLogic> *) + let%span sord0 = "../../../creusot-contracts/src/logic/ord.rs" 145 8 145 39 + let%span sord1 = "../../../creusot-contracts/src/logic/ord.rs" 294 20 294 67 + let%span sord2 = "../../../creusot-contracts/src/logic/ord.rs" 263 8 270 11 + let%span sord3 = "../../../creusot-contracts/src/logic/ord.rs" 29 14 29 64 + let%span sord4 = "../../../creusot-contracts/src/logic/ord.rs" 40 14 40 61 + let%span sord5 = "../../../creusot-contracts/src/logic/ord.rs" 51 14 51 61 + let%span sord6 = "../../../creusot-contracts/src/logic/ord.rs" 62 14 62 64 + let%span sord7 = "../../../creusot-contracts/src/logic/ord.rs" 67 14 67 45 + let%span sord8 = "../../../creusot-contracts/src/logic/ord.rs" 72 15 72 32 + let%span sord9 = "../../../creusot-contracts/src/logic/ord.rs" 73 15 73 32 + let%span sord10 = "../../../creusot-contracts/src/logic/ord.rs" 74 14 74 31 + let%span sord11 = "../../../creusot-contracts/src/logic/ord.rs" 81 15 81 45 + let%span sord12 = "../../../creusot-contracts/src/logic/ord.rs" 82 14 82 47 + let%span sord13 = "../../../creusot-contracts/src/logic/ord.rs" 89 15 89 48 + let%span sord14 = "../../../creusot-contracts/src/logic/ord.rs" 90 14 90 44 + let%span sord15 = "../../../creusot-contracts/src/logic/ord.rs" 95 14 95 59 - axiom iter'0_spec : forall self : t_Filter'0 . [%#sfilter4] inv'0 self -> inv'2 (iter'0 self) + type t_A'0 - use seq.Seq + type t_B'0 - predicate produces'1 [#"../../../creusot-contracts/src/std/iter.rs" 32 4 32 65] (self : t_I'0) (visited : Seq.seq t_Item'0) (o : t_I'0) - + type t_Ordering'0 = + | C_Less'0 + | C_Equal'0 + | C_Greater'0 - function produces_trans'0 [#"../../../creusot-contracts/src/std/iter.rs" 45 4 45 91] (a : t_I'0) (ab : Seq.seq t_Item'0) (b : t_I'0) (bc : Seq.seq t_Item'0) (c : t_I'0) : () + function cmp_log'2 [#"../../../creusot-contracts/src/logic/ord.rs" 19 4 19 46] (self : t_B'0) (other : t_B'0) : t_Ordering'0 - axiom produces_trans'0_spec : forall a : t_I'0, ab : Seq.seq t_Item'0, b : t_I'0, bc : Seq.seq t_Item'0, c : t_I'0 . ([%#siter13] produces'1 a ab b) - -> ([%#siter14] produces'1 b bc c) -> ([%#siter15] produces'1 a (Seq.(++) ab bc) c) + function eq_cmp'0 [#"../../../creusot-contracts/src/logic/ord.rs" 96 4 96 32] (x : t_B'0) (y : t_B'0) : () - function produces_refl'1 [#"../../../creusot-contracts/src/std/iter.rs" 39 4 39 27] (self : t_I'0) : () + axiom eq_cmp'0_spec : forall x : t_B'0, y : t_B'0 . [%#sord15] (x = y) = (cmp_log'2 x y = C_Equal'0) - axiom produces_refl'1_spec : forall self : t_I'0 . [%#siter12] produces'1 self (Seq.empty : Seq.seq t_Item'0) self + function antisym2'0 [#"../../../creusot-contracts/src/logic/ord.rs" 91 4 91 34] (x : t_B'0) (y : t_B'0) : () - use seq.Seq + axiom antisym2'0_spec : forall x : t_B'0, y : t_B'0 . ([%#sord13] cmp_log'2 x y = C_Greater'0) + -> ([%#sord14] cmp_log'2 y x = C_Less'0) - use map.Map + function antisym1'0 [#"../../../creusot-contracts/src/logic/ord.rs" 83 4 83 34] (x : t_B'0) (y : t_B'0) : () - use seq.Seq + axiom antisym1'0_spec : forall x : t_B'0, y : t_B'0 . ([%#sord11] cmp_log'2 x y = C_Less'0) + -> ([%#sord12] cmp_log'2 y x = C_Greater'0) - predicate produces'0 [#"../../../creusot-contracts/src/std/iter/filter.rs" 85 4 85 67] (self : t_Filter'0) (visited : Seq.seq t_Item'0) (succ : t_Filter'0) + function trans'0 [#"../../../creusot-contracts/src/logic/ord.rs" 75 4 75 53] (x : t_B'0) (y : t_B'0) (z : t_B'0) (o : t_Ordering'0) : () - = - [%#sfilter1] invariant'0 self - -> unnest'0 (func'0 self) (func'0 succ) - /\ (exists s : Seq.seq t_Item'0, f : Map.map int int . produces'1 (iter'0 self) s (iter'0 succ) - /\ (forall i : int, j : int . 0 <= i /\ i <= j /\ j < Seq.length visited - -> 0 <= Map.get f i /\ Map.get f i <= Map.get f j /\ Map.get f j < Seq.length s) - /\ (forall i : int . 0 <= i /\ i < Seq.length visited -> Seq.get visited i = Seq.get s (Map.get f i)) - /\ (forall i : int . 0 <= i /\ i < Seq.length s - -> (exists j : int . 0 <= j /\ j < Seq.length visited /\ Map.get f j = i) - = postcondition_mut'0 (func'0 self) (Seq.get s i) (func'0 self) true)) - - goal refines : [%#sfilter0] forall self : t_Filter'0 . forall result : () . produces'0 self (Seq.empty : Seq.seq t_Item'0) self - -> produces'0 self (Seq.empty : Seq.seq t_Item'0) self -end -module M_creusot_contracts__stdqy35z1__iter__filter__qyi9573749579793237160__produces_trans__refines [#"../../../creusot-contracts/src/std/iter/filter.rs" 113 4 113 90] (* as std::iter::Iterator> *) - let%span sfilter0 = "../../../creusot-contracts/src/std/iter/filter.rs" 113 4 113 90 - let%span sfilter1 = "../../../creusot-contracts/src/std/iter/filter.rs" 87 12 99 17 - let%span sfilter2 = "../../../creusot-contracts/src/std/iter/filter.rs" 34 12 40 124 - let%span sfilter3 = "../../../creusot-contracts/src/std/iter/filter.rs" 22 14 22 39 - let%span sfilter4 = "../../../creusot-contracts/src/std/iter/filter.rs" 15 14 15 39 - let%span sops5 = "../../../creusot-contracts/src/std/ops.rs" 109 15 109 59 - let%span sops6 = "../../../creusot-contracts/src/std/ops.rs" 110 14 110 36 - let%span sops7 = "../../../creusot-contracts/src/std/ops.rs" 115 14 115 31 - let%span sops8 = "../../../creusot-contracts/src/std/ops.rs" 120 15 120 29 - let%span sops9 = "../../../creusot-contracts/src/std/ops.rs" 121 15 121 26 - let%span sops10 = "../../../creusot-contracts/src/std/ops.rs" 122 14 122 28 - let%span sops11 = "../../../creusot-contracts/src/std/ops.rs" 127 14 128 105 - let%span siter12 = "../../../creusot-contracts/src/std/iter.rs" 38 14 38 45 - let%span siter13 = "../../../creusot-contracts/src/std/iter.rs" 42 15 42 32 - let%span siter14 = "../../../creusot-contracts/src/std/iter.rs" 43 15 43 32 - let%span siter15 = "../../../creusot-contracts/src/std/iter.rs" 44 14 44 42 - - type t_I'0 - type t_F'0 - - type t_Filter'0 = - { t_Filter__iter'0: t_I'0; t_Filter__predicate'0: t_F'0 } + axiom trans'0_spec : forall x : t_B'0, y : t_B'0, z : t_B'0, o : t_Ordering'0 . ([%#sord8] cmp_log'2 x y = o) + -> ([%#sord9] cmp_log'2 y z = o) -> ([%#sord10] cmp_log'2 x z = o) - type t_Item'0 + function refl'0 [#"../../../creusot-contracts/src/logic/ord.rs" 68 4 68 21] (x : t_B'0) : () - use seq.Seq + axiom refl'0_spec : forall x : t_B'0 . [%#sord7] cmp_log'2 x x = C_Equal'0 - use prelude.prelude.Borrow + function gt_log'1 [#"../../../creusot-contracts/src/logic/ord.rs" 57 4 57 36] (self : t_B'0) (o : t_B'0) : bool - predicate precondition'0 [#"../../../creusot-contracts/src/std/ops.rs" 77 4 77 45] (self : t_F'0) (args : t_Item'0) + function cmp_gt_log'1 [#"../../../creusot-contracts/src/logic/ord.rs" 63 4 63 36] (x : t_B'0) (y : t_B'0) : () - predicate postcondition_once'0 [#"../../../creusot-contracts/src/std/ops.rs" 85 4 85 73] (self : t_F'0) (args : t_Item'0) (result : bool) - + axiom cmp_gt_log'1_spec : forall x : t_B'0, y : t_B'0 . [%#sord6] gt_log'1 x y = (cmp_log'2 x y = C_Greater'0) - predicate resolve'0 [#"../../../creusot-contracts/src/resolve.rs" 19 0 19 40] (_1 : t_F'0) + function ge_log'0 [#"../../../creusot-contracts/src/logic/ord.rs" 46 4 46 36] (self : t_B'0) (o : t_B'0) : bool - predicate postcondition_mut'0 [#"../../../creusot-contracts/src/std/ops.rs" 95 4 95 92] (self : t_F'0) (args : t_Item'0) (result_state : t_F'0) (result : bool) - + function cmp_ge_log'0 [#"../../../creusot-contracts/src/logic/ord.rs" 52 4 52 36] (x : t_B'0) (y : t_B'0) : () - function fn_mut_once'0 [#"../../../creusot-contracts/src/std/ops.rs" 129 4 129 55] (self : t_F'0) (args : t_Item'0) (res : bool) : () - + axiom cmp_ge_log'0_spec : forall x : t_B'0, y : t_B'0 . [%#sord5] ge_log'0 x y = (cmp_log'2 x y <> C_Less'0) - axiom fn_mut_once'0_spec : forall self : t_F'0, args : t_Item'0, res : bool . [%#sops11] postcondition_once'0 self args res - = (exists res_state : t_F'0 . postcondition_mut'0 self args res_state res /\ resolve'0 res_state) + function lt_log'0 [#"../../../creusot-contracts/src/logic/ord.rs" 35 4 35 36] (self : t_B'0) (o : t_B'0) : bool - predicate unnest'0 [#"../../../creusot-contracts/src/std/ops.rs" 103 4 103 36] (self : t_F'0) (_2 : t_F'0) + function cmp_lt_log'0 [#"../../../creusot-contracts/src/logic/ord.rs" 41 4 41 36] (x : t_B'0) (y : t_B'0) : () - function unnest_trans'0 [#"../../../creusot-contracts/src/std/ops.rs" 123 4 123 43] (self : t_F'0) (b : t_F'0) (c : t_F'0) : () - + axiom cmp_lt_log'0_spec : forall x : t_B'0, y : t_B'0 . [%#sord4] lt_log'0 x y = (cmp_log'2 x y = C_Less'0) - axiom unnest_trans'0_spec : forall self : t_F'0, b : t_F'0, c : t_F'0 . ([%#sops8] unnest'0 self b) - -> ([%#sops9] unnest'0 b c) -> ([%#sops10] unnest'0 self c) + function le_log'0 [#"../../../creusot-contracts/src/logic/ord.rs" 24 4 24 36] (self : t_B'0) (o : t_B'0) : bool - function unnest_refl'0 [#"../../../creusot-contracts/src/std/ops.rs" 116 4 116 24] (self : t_F'0) : () + function cmp_le_log'0 [#"../../../creusot-contracts/src/logic/ord.rs" 30 4 30 36] (x : t_B'0) (y : t_B'0) : () - axiom unnest_refl'0_spec : forall self : t_F'0 . [%#sops7] unnest'0 self self + axiom cmp_le_log'0_spec : forall x : t_B'0, y : t_B'0 . [%#sord3] le_log'0 x y = (cmp_log'2 x y <> C_Greater'0) - function postcondition_mut_unnest'0 [#"../../../creusot-contracts/src/std/ops.rs" 111 4 111 85] (self : t_F'0) (args : t_Item'0) (res_state : t_F'0) (res : bool) : () + function cmp_log'1 [#"../../../creusot-contracts/src/logic/ord.rs" 19 4 19 46] (self : t_A'0) (other : t_A'0) : t_Ordering'0 - axiom postcondition_mut_unnest'0_spec : forall self : t_F'0, args : t_Item'0, res_state : t_F'0, res : bool . ([%#sops5] postcondition_mut'0 self args res_state res) - -> ([%#sops6] unnest'0 self res_state) + function eq_cmp'1 [#"../../../creusot-contracts/src/logic/ord.rs" 96 4 96 32] (x : t_A'0) (y : t_A'0) : () - predicate invariant'0 [#"../../../creusot-contracts/src/std/iter/filter.rs" 31 4 31 30] (self : t_Filter'0) = - [%#sfilter2] forall f : t_F'0, i : t_Item'0 . precondition'0 f (i) - /\ (forall f : t_F'0, g : t_F'0 . unnest'0 f g -> f = g) - /\ (forall f1 : t_F'0, f2 : t_F'0, i : t_Item'0 . not (postcondition_mut'0 f1 (i) f2 true - /\ postcondition_mut'0 f1 (i) f2 false)) + axiom eq_cmp'1_spec : forall x : t_A'0, y : t_A'0 . [%#sord15] (x = y) = (cmp_log'1 x y = C_Equal'0) - predicate inv'2 [#"../../../creusot-contracts/src/invariant.rs" 41 0 41 35] (_1 : t_I'0) + function antisym2'1 [#"../../../creusot-contracts/src/logic/ord.rs" 91 4 91 34] (x : t_A'0) (y : t_A'0) : () - predicate inv'1 [#"../../../creusot-contracts/src/invariant.rs" 41 0 41 35] (_1 : t_F'0) + axiom antisym2'1_spec : forall x : t_A'0, y : t_A'0 . ([%#sord13] cmp_log'1 x y = C_Greater'0) + -> ([%#sord14] cmp_log'1 y x = C_Less'0) - predicate inv'0 [#"../../../creusot-contracts/src/invariant.rs" 41 0 41 35] (_1 : t_Filter'0) + function antisym1'1 [#"../../../creusot-contracts/src/logic/ord.rs" 83 4 83 34] (x : t_A'0) (y : t_A'0) : () - axiom inv_axiom'0 [@rewrite] : forall x : t_Filter'0 [inv'0 x] . inv'0 x - = (invariant'0 x - /\ match x with - | {t_Filter__iter'0 = iter ; t_Filter__predicate'0 = predicate'} -> inv'2 iter /\ inv'1 predicate' - end) + axiom antisym1'1_spec : forall x : t_A'0, y : t_A'0 . ([%#sord11] cmp_log'1 x y = C_Less'0) + -> ([%#sord12] cmp_log'1 y x = C_Greater'0) - function func'0 [#"../../../creusot-contracts/src/std/iter/filter.rs" 23 4 23 22] (self : t_Filter'0) : t_F'0 + function trans'1 [#"../../../creusot-contracts/src/logic/ord.rs" 75 4 75 53] (x : t_A'0) (y : t_A'0) (z : t_A'0) (o : t_Ordering'0) : () + - axiom func'0_spec : forall self : t_Filter'0 . [%#sfilter3] inv'0 self -> inv'1 (func'0 self) + axiom trans'1_spec : forall x : t_A'0, y : t_A'0, z : t_A'0, o : t_Ordering'0 . ([%#sord8] cmp_log'1 x y = o) + -> ([%#sord9] cmp_log'1 y z = o) -> ([%#sord10] cmp_log'1 x z = o) - use prelude.prelude.Int + function refl'1 [#"../../../creusot-contracts/src/logic/ord.rs" 68 4 68 21] (x : t_A'0) : () - use map.Map + axiom refl'1_spec : forall x : t_A'0 . [%#sord7] cmp_log'1 x x = C_Equal'0 - function iter'0 [#"../../../creusot-contracts/src/std/iter/filter.rs" 16 4 16 22] (self : t_Filter'0) : t_I'0 + function gt_log'2 [#"../../../creusot-contracts/src/logic/ord.rs" 57 4 57 36] (self : t_A'0) (o : t_A'0) : bool - axiom iter'0_spec : forall self : t_Filter'0 . [%#sfilter4] inv'0 self -> inv'2 (iter'0 self) + function cmp_gt_log'2 [#"../../../creusot-contracts/src/logic/ord.rs" 63 4 63 36] (x : t_A'0) (y : t_A'0) : () - use seq.Seq + axiom cmp_gt_log'2_spec : forall x : t_A'0, y : t_A'0 . [%#sord6] gt_log'2 x y = (cmp_log'1 x y = C_Greater'0) - use seq.Seq + function ge_log'1 [#"../../../creusot-contracts/src/logic/ord.rs" 46 4 46 36] (self : t_A'0) (o : t_A'0) : bool + + function cmp_ge_log'1 [#"../../../creusot-contracts/src/logic/ord.rs" 52 4 52 36] (x : t_A'0) (y : t_A'0) : () - predicate produces'1 [#"../../../creusot-contracts/src/std/iter.rs" 32 4 32 65] (self : t_I'0) (visited : Seq.seq t_Item'0) (o : t_I'0) - + axiom cmp_ge_log'1_spec : forall x : t_A'0, y : t_A'0 . [%#sord5] ge_log'1 x y = (cmp_log'1 x y <> C_Less'0) - function produces_trans'1 [#"../../../creusot-contracts/src/std/iter.rs" 45 4 45 91] (a : t_I'0) (ab : Seq.seq t_Item'0) (b : t_I'0) (bc : Seq.seq t_Item'0) (c : t_I'0) : () - + function lt_log'1 [#"../../../creusot-contracts/src/logic/ord.rs" 35 4 35 36] (self : t_A'0) (o : t_A'0) : bool - axiom produces_trans'1_spec : forall a : t_I'0, ab : Seq.seq t_Item'0, b : t_I'0, bc : Seq.seq t_Item'0, c : t_I'0 . ([%#siter13] produces'1 a ab b) - -> ([%#siter14] produces'1 b bc c) -> ([%#siter15] produces'1 a (Seq.(++) ab bc) c) + function cmp_lt_log'1 [#"../../../creusot-contracts/src/logic/ord.rs" 41 4 41 36] (x : t_A'0) (y : t_A'0) : () - function produces_refl'0 [#"../../../creusot-contracts/src/std/iter.rs" 39 4 39 27] (self : t_I'0) : () + axiom cmp_lt_log'1_spec : forall x : t_A'0, y : t_A'0 . [%#sord4] lt_log'1 x y = (cmp_log'1 x y = C_Less'0) - axiom produces_refl'0_spec : forall self : t_I'0 . [%#siter12] produces'1 self (Seq.empty : Seq.seq t_Item'0) self + function le_log'1 [#"../../../creusot-contracts/src/logic/ord.rs" 24 4 24 36] (self : t_A'0) (o : t_A'0) : bool - use seq.Seq + function cmp_le_log'1 [#"../../../creusot-contracts/src/logic/ord.rs" 30 4 30 36] (x : t_A'0) (y : t_A'0) : () - use map.Map + axiom cmp_le_log'1_spec : forall x : t_A'0, y : t_A'0 . [%#sord3] le_log'1 x y = (cmp_log'1 x y <> C_Greater'0) - use seq.Seq + function gt_log'0 [#"../../../creusot-contracts/src/logic/ord.rs" 293 4 293 36] (self : (t_A'0, t_B'0)) (o : (t_A'0, t_B'0)) : bool + + = + [%#sord1] (let (a, _) = self in a) = (let (a, _) = o in a) + /\ gt_log'1 (let (_, a) = self in a) (let (_, a) = o in a) + \/ gt_log'2 (let (a, _) = self in a) (let (a, _) = o in a) - predicate produces'0 [#"../../../creusot-contracts/src/std/iter/filter.rs" 85 4 85 67] (self : t_Filter'0) (visited : Seq.seq t_Item'0) (succ : t_Filter'0) + function cmp_log'0 [#"../../../creusot-contracts/src/logic/ord.rs" 262 4 262 41] (self : (t_A'0, t_B'0)) (o : (t_A'0, t_B'0)) : t_Ordering'0 = - [%#sfilter1] invariant'0 self - -> unnest'0 (func'0 self) (func'0 succ) - /\ (exists s : Seq.seq t_Item'0, f : Map.map int int . produces'1 (iter'0 self) s (iter'0 succ) - /\ (forall i : int, j : int . 0 <= i /\ i <= j /\ j < Seq.length visited - -> 0 <= Map.get f i /\ Map.get f i <= Map.get f j /\ Map.get f j < Seq.length s) - /\ (forall i : int . 0 <= i /\ i < Seq.length visited -> Seq.get visited i = Seq.get s (Map.get f i)) - /\ (forall i : int . 0 <= i /\ i < Seq.length s - -> (exists j : int . 0 <= j /\ j < Seq.length visited /\ Map.get f j = i) - = postcondition_mut'0 (func'0 self) (Seq.get s i) (func'0 self) true)) + [%#sord2] let r = cmp_log'1 (let (a, _) = self in a) (let (a, _) = o in a) in if r = C_Equal'0 then + cmp_log'2 (let (_, a) = self in a) (let (_, a) = o in a) + else + r + - goal refines : [%#sfilter0] forall a : t_Filter'0 . forall ab : Seq.seq t_Item'0 . forall b : t_Filter'0 . forall bc : Seq.seq t_Item'0 . forall c : t_Filter'0 . produces'0 b bc c - /\ produces'0 a ab b - -> produces'0 b bc c - /\ produces'0 a ab b /\ (forall result : () . produces'0 a (Seq.(++) ab bc) c -> produces'0 a (Seq.(++) ab bc) c) + goal refines : [%#sord0] forall x : (t_A'0, t_B'0) . forall y : (t_A'0, t_B'0) . forall result : () . gt_log'0 x y + = (cmp_log'0 x y = C_Greater'0) -> gt_log'0 x y = (cmp_log'0 x y = C_Greater'0) end -module M_creusot_contracts__stdqy35z1__iter__fuse__qyi10730559947553418603__produces_trans__refines [#"../../../creusot-contracts/src/std/iter/fuse.rs" 49 4 49 90] (* as std::iter::Iterator> *) - let%span sfuse0 = "../../../creusot-contracts/src/std/iter/fuse.rs" 49 4 49 90 - let%span sfuse1 = "../../../creusot-contracts/src/std/iter/fuse.rs" 29 12 35 13 - let%span sfuse2 = "../../../creusot-contracts/src/std/iter/fuse.rs" 8 14 8 39 - let%span sfuse3 = "../../../creusot-contracts/src/std/iter/fuse.rs" 9 14 9 71 - let%span siter4 = "../../../creusot-contracts/src/std/iter.rs" 38 14 38 45 - let%span siter5 = "../../../creusot-contracts/src/std/iter.rs" 42 15 42 32 - let%span siter6 = "../../../creusot-contracts/src/std/iter.rs" 43 15 43 32 - let%span siter7 = "../../../creusot-contracts/src/std/iter.rs" 44 14 44 42 +module M_creusot_contracts__logic__ord__qyi1910662420989811789__cmp_ge_log__refines [#"../../../creusot-contracts/src/logic/ord.rs" 140 8 140 39] (* <(A, B) as logic::ord::OrdLogic> *) + let%span sord0 = "../../../creusot-contracts/src/logic/ord.rs" 140 8 140 39 + let%span sord1 = "../../../creusot-contracts/src/logic/ord.rs" 288 20 288 68 + let%span sord2 = "../../../creusot-contracts/src/logic/ord.rs" 263 8 270 11 + let%span sord3 = "../../../creusot-contracts/src/logic/ord.rs" 29 14 29 64 + let%span sord4 = "../../../creusot-contracts/src/logic/ord.rs" 40 14 40 61 + let%span sord5 = "../../../creusot-contracts/src/logic/ord.rs" 51 14 51 61 + let%span sord6 = "../../../creusot-contracts/src/logic/ord.rs" 62 14 62 64 + let%span sord7 = "../../../creusot-contracts/src/logic/ord.rs" 67 14 67 45 + let%span sord8 = "../../../creusot-contracts/src/logic/ord.rs" 72 15 72 32 + let%span sord9 = "../../../creusot-contracts/src/logic/ord.rs" 73 15 73 32 + let%span sord10 = "../../../creusot-contracts/src/logic/ord.rs" 74 14 74 31 + let%span sord11 = "../../../creusot-contracts/src/logic/ord.rs" 81 15 81 45 + let%span sord12 = "../../../creusot-contracts/src/logic/ord.rs" 82 14 82 47 + let%span sord13 = "../../../creusot-contracts/src/logic/ord.rs" 89 15 89 48 + let%span sord14 = "../../../creusot-contracts/src/logic/ord.rs" 90 14 90 44 + let%span sord15 = "../../../creusot-contracts/src/logic/ord.rs" 95 14 95 59 - type t_I'0 + type t_A'0 - type t_Option'0 = - | C_None'0 - | C_Some'0 t_I'0 + type t_B'0 - type t_Fuse'0 = - { t_Fuse__iter'0: t_Option'0 } + type t_Ordering'0 = + | C_Less'0 + | C_Equal'0 + | C_Greater'0 - type t_Item'0 + function cmp_log'2 [#"../../../creusot-contracts/src/logic/ord.rs" 19 4 19 46] (self : t_B'0) (other : t_B'0) : t_Ordering'0 + - use seq.Seq + function eq_cmp'0 [#"../../../creusot-contracts/src/logic/ord.rs" 96 4 96 32] (x : t_B'0) (y : t_B'0) : () - use seq.Seq + axiom eq_cmp'0_spec : forall x : t_B'0, y : t_B'0 . [%#sord15] (x = y) = (cmp_log'2 x y = C_Equal'0) - predicate inv'2 [#"../../../creusot-contracts/src/invariant.rs" 41 0 41 35] (_1 : t_I'0) + function antisym2'0 [#"../../../creusot-contracts/src/logic/ord.rs" 91 4 91 34] (x : t_B'0) (y : t_B'0) : () - predicate inv'1 [#"../../../creusot-contracts/src/invariant.rs" 41 0 41 35] (_1 : t_Option'0) + axiom antisym2'0_spec : forall x : t_B'0, y : t_B'0 . ([%#sord13] cmp_log'2 x y = C_Greater'0) + -> ([%#sord14] cmp_log'2 y x = C_Less'0) - axiom inv_axiom'1 [@rewrite] : forall x : t_Option'0 [inv'1 x] . inv'1 x - = match x with - | C_None'0 -> true - | C_Some'0 a_0 -> inv'2 a_0 - end + function antisym1'0 [#"../../../creusot-contracts/src/logic/ord.rs" 83 4 83 34] (x : t_B'0) (y : t_B'0) : () - predicate inv'0 [#"../../../creusot-contracts/src/invariant.rs" 41 0 41 35] (_1 : t_Fuse'0) + axiom antisym1'0_spec : forall x : t_B'0, y : t_B'0 . ([%#sord11] cmp_log'2 x y = C_Less'0) + -> ([%#sord12] cmp_log'2 y x = C_Greater'0) - axiom inv_axiom'0 [@rewrite] : forall x : t_Fuse'0 [inv'0 x] . inv'0 x - = match x with - | {t_Fuse__iter'0 = iter} -> inv'1 iter - end + function trans'0 [#"../../../creusot-contracts/src/logic/ord.rs" 75 4 75 53] (x : t_B'0) (y : t_B'0) (z : t_B'0) (o : t_Ordering'0) : () + - function view'0 [#"../../../creusot-contracts/src/std/iter/fuse.rs" 10 4 10 30] (self : t_Fuse'0) : t_Option'0 + axiom trans'0_spec : forall x : t_B'0, y : t_B'0, z : t_B'0, o : t_Ordering'0 . ([%#sord8] cmp_log'2 x y = o) + -> ([%#sord9] cmp_log'2 y z = o) -> ([%#sord10] cmp_log'2 x z = o) - axiom view'0_spec : forall self : t_Fuse'0 . ([%#sfuse2] inv'0 self -> inv'1 (view'0 self)) - && ([%#sfuse3] forall other : t_Fuse'0 . view'0 self = view'0 other -> self = other) + function refl'0 [#"../../../creusot-contracts/src/logic/ord.rs" 68 4 68 21] (x : t_B'0) : () - use seq.Seq + axiom refl'0_spec : forall x : t_B'0 . [%#sord7] cmp_log'2 x x = C_Equal'0 - predicate produces'1 [#"../../../creusot-contracts/src/std/iter.rs" 32 4 32 65] (self : t_I'0) (visited : Seq.seq t_Item'0) (o : t_I'0) - + function gt_log'1 [#"../../../creusot-contracts/src/logic/ord.rs" 57 4 57 36] (self : t_B'0) (o : t_B'0) : bool - function produces_trans'1 [#"../../../creusot-contracts/src/std/iter.rs" 45 4 45 91] (a : t_I'0) (ab : Seq.seq t_Item'0) (b : t_I'0) (bc : Seq.seq t_Item'0) (c : t_I'0) : () - + function cmp_gt_log'0 [#"../../../creusot-contracts/src/logic/ord.rs" 63 4 63 36] (x : t_B'0) (y : t_B'0) : () - axiom produces_trans'1_spec : forall a : t_I'0, ab : Seq.seq t_Item'0, b : t_I'0, bc : Seq.seq t_Item'0, c : t_I'0 . ([%#siter5] produces'1 a ab b) - -> ([%#siter6] produces'1 b bc c) -> ([%#siter7] produces'1 a (Seq.(++) ab bc) c) + axiom cmp_gt_log'0_spec : forall x : t_B'0, y : t_B'0 . [%#sord6] gt_log'1 x y = (cmp_log'2 x y = C_Greater'0) - function produces_refl'0 [#"../../../creusot-contracts/src/std/iter.rs" 39 4 39 27] (self : t_I'0) : () + function ge_log'1 [#"../../../creusot-contracts/src/logic/ord.rs" 46 4 46 36] (self : t_B'0) (o : t_B'0) : bool - axiom produces_refl'0_spec : forall self : t_I'0 . [%#siter4] produces'1 self (Seq.empty : Seq.seq t_Item'0) self + function cmp_ge_log'1 [#"../../../creusot-contracts/src/logic/ord.rs" 52 4 52 36] (x : t_B'0) (y : t_B'0) : () - predicate produces'0 [#"../../../creusot-contracts/src/std/iter/fuse.rs" 27 4 27 65] (self : t_Fuse'0) (prod : Seq.seq t_Item'0) (other : t_Fuse'0) - - = - [%#sfuse1] match view'0 self with - | C_None'0 -> prod = (Seq.empty : Seq.seq t_Item'0) /\ view'0 other = view'0 self - | C_Some'0 i -> match view'0 other with - | C_Some'0 i2 -> produces'1 i prod i2 - | C_None'0 -> false - end - end + axiom cmp_ge_log'1_spec : forall x : t_B'0, y : t_B'0 . [%#sord5] ge_log'1 x y = (cmp_log'2 x y <> C_Less'0) - goal refines : [%#sfuse0] forall a : t_Fuse'0 . forall ab : Seq.seq t_Item'0 . forall b : t_Fuse'0 . forall bc : Seq.seq t_Item'0 . forall c : t_Fuse'0 . produces'0 b bc c - /\ produces'0 a ab b - -> produces'0 b bc c - /\ produces'0 a ab b /\ (forall result : () . produces'0 a (Seq.(++) ab bc) c -> produces'0 a (Seq.(++) ab bc) c) -end -module M_creusot_contracts__stdqy35z1__iter__fuse__qyi10730559947553418603__produces_refl__refines [#"../../../creusot-contracts/src/std/iter/fuse.rs" 42 4 42 26] (* as std::iter::Iterator> *) - let%span sfuse0 = "../../../creusot-contracts/src/std/iter/fuse.rs" 42 4 42 26 - let%span sfuse1 = "../../../creusot-contracts/src/std/iter/fuse.rs" 29 12 35 13 - let%span sfuse2 = "../../../creusot-contracts/src/std/iter/fuse.rs" 8 14 8 39 - let%span sfuse3 = "../../../creusot-contracts/src/std/iter/fuse.rs" 9 14 9 71 - let%span siter4 = "../../../creusot-contracts/src/std/iter.rs" 38 14 38 45 - let%span siter5 = "../../../creusot-contracts/src/std/iter.rs" 42 15 42 32 - let%span siter6 = "../../../creusot-contracts/src/std/iter.rs" 43 15 43 32 - let%span siter7 = "../../../creusot-contracts/src/std/iter.rs" 44 14 44 42 + function lt_log'0 [#"../../../creusot-contracts/src/logic/ord.rs" 35 4 35 36] (self : t_B'0) (o : t_B'0) : bool - type t_I'0 + function cmp_lt_log'0 [#"../../../creusot-contracts/src/logic/ord.rs" 41 4 41 36] (x : t_B'0) (y : t_B'0) : () - type t_Option'0 = - | C_None'0 - | C_Some'0 t_I'0 + axiom cmp_lt_log'0_spec : forall x : t_B'0, y : t_B'0 . [%#sord4] lt_log'0 x y = (cmp_log'2 x y = C_Less'0) - type t_Fuse'0 = - { t_Fuse__iter'0: t_Option'0 } + function le_log'0 [#"../../../creusot-contracts/src/logic/ord.rs" 24 4 24 36] (self : t_B'0) (o : t_B'0) : bool - use seq.Seq + function cmp_le_log'0 [#"../../../creusot-contracts/src/logic/ord.rs" 30 4 30 36] (x : t_B'0) (y : t_B'0) : () - type t_Item'0 + axiom cmp_le_log'0_spec : forall x : t_B'0, y : t_B'0 . [%#sord3] le_log'0 x y = (cmp_log'2 x y <> C_Greater'0) - use seq.Seq + function cmp_log'1 [#"../../../creusot-contracts/src/logic/ord.rs" 19 4 19 46] (self : t_A'0) (other : t_A'0) : t_Ordering'0 + - predicate inv'2 [#"../../../creusot-contracts/src/invariant.rs" 41 0 41 35] (_1 : t_I'0) + function eq_cmp'1 [#"../../../creusot-contracts/src/logic/ord.rs" 96 4 96 32] (x : t_A'0) (y : t_A'0) : () - predicate inv'1 [#"../../../creusot-contracts/src/invariant.rs" 41 0 41 35] (_1 : t_Option'0) + axiom eq_cmp'1_spec : forall x : t_A'0, y : t_A'0 . [%#sord15] (x = y) = (cmp_log'1 x y = C_Equal'0) - axiom inv_axiom'1 [@rewrite] : forall x : t_Option'0 [inv'1 x] . inv'1 x - = match x with - | C_None'0 -> true - | C_Some'0 a_0 -> inv'2 a_0 - end + function antisym2'1 [#"../../../creusot-contracts/src/logic/ord.rs" 91 4 91 34] (x : t_A'0) (y : t_A'0) : () - predicate inv'0 [#"../../../creusot-contracts/src/invariant.rs" 41 0 41 35] (_1 : t_Fuse'0) + axiom antisym2'1_spec : forall x : t_A'0, y : t_A'0 . ([%#sord13] cmp_log'1 x y = C_Greater'0) + -> ([%#sord14] cmp_log'1 y x = C_Less'0) - axiom inv_axiom'0 [@rewrite] : forall x : t_Fuse'0 [inv'0 x] . inv'0 x - = match x with - | {t_Fuse__iter'0 = iter} -> inv'1 iter - end + function antisym1'1 [#"../../../creusot-contracts/src/logic/ord.rs" 83 4 83 34] (x : t_A'0) (y : t_A'0) : () - function view'0 [#"../../../creusot-contracts/src/std/iter/fuse.rs" 10 4 10 30] (self : t_Fuse'0) : t_Option'0 + axiom antisym1'1_spec : forall x : t_A'0, y : t_A'0 . ([%#sord11] cmp_log'1 x y = C_Less'0) + -> ([%#sord12] cmp_log'1 y x = C_Greater'0) - axiom view'0_spec : forall self : t_Fuse'0 . ([%#sfuse2] inv'0 self -> inv'1 (view'0 self)) - && ([%#sfuse3] forall other : t_Fuse'0 . view'0 self = view'0 other -> self = other) + function trans'1 [#"../../../creusot-contracts/src/logic/ord.rs" 75 4 75 53] (x : t_A'0) (y : t_A'0) (z : t_A'0) (o : t_Ordering'0) : () + - use seq.Seq + axiom trans'1_spec : forall x : t_A'0, y : t_A'0, z : t_A'0, o : t_Ordering'0 . ([%#sord8] cmp_log'1 x y = o) + -> ([%#sord9] cmp_log'1 y z = o) -> ([%#sord10] cmp_log'1 x z = o) - predicate produces'1 [#"../../../creusot-contracts/src/std/iter.rs" 32 4 32 65] (self : t_I'0) (visited : Seq.seq t_Item'0) (o : t_I'0) - + function refl'1 [#"../../../creusot-contracts/src/logic/ord.rs" 68 4 68 21] (x : t_A'0) : () - function produces_trans'0 [#"../../../creusot-contracts/src/std/iter.rs" 45 4 45 91] (a : t_I'0) (ab : Seq.seq t_Item'0) (b : t_I'0) (bc : Seq.seq t_Item'0) (c : t_I'0) : () - + axiom refl'1_spec : forall x : t_A'0 . [%#sord7] cmp_log'1 x x = C_Equal'0 - axiom produces_trans'0_spec : forall a : t_I'0, ab : Seq.seq t_Item'0, b : t_I'0, bc : Seq.seq t_Item'0, c : t_I'0 . ([%#siter5] produces'1 a ab b) - -> ([%#siter6] produces'1 b bc c) -> ([%#siter7] produces'1 a (Seq.(++) ab bc) c) + function gt_log'0 [#"../../../creusot-contracts/src/logic/ord.rs" 57 4 57 36] (self : t_A'0) (o : t_A'0) : bool - function produces_refl'1 [#"../../../creusot-contracts/src/std/iter.rs" 39 4 39 27] (self : t_I'0) : () + function cmp_gt_log'1 [#"../../../creusot-contracts/src/logic/ord.rs" 63 4 63 36] (x : t_A'0) (y : t_A'0) : () - axiom produces_refl'1_spec : forall self : t_I'0 . [%#siter4] produces'1 self (Seq.empty : Seq.seq t_Item'0) self + axiom cmp_gt_log'1_spec : forall x : t_A'0, y : t_A'0 . [%#sord6] gt_log'0 x y = (cmp_log'1 x y = C_Greater'0) - predicate produces'0 [#"../../../creusot-contracts/src/std/iter/fuse.rs" 27 4 27 65] (self : t_Fuse'0) (prod : Seq.seq t_Item'0) (other : t_Fuse'0) - - = - [%#sfuse1] match view'0 self with - | C_None'0 -> prod = (Seq.empty : Seq.seq t_Item'0) /\ view'0 other = view'0 self - | C_Some'0 i -> match view'0 other with - | C_Some'0 i2 -> produces'1 i prod i2 - | C_None'0 -> false - end - end + function ge_log'2 [#"../../../creusot-contracts/src/logic/ord.rs" 46 4 46 36] (self : t_A'0) (o : t_A'0) : bool - goal refines : [%#sfuse0] forall self : t_Fuse'0 . forall result : () . produces'0 self (Seq.empty : Seq.seq t_Item'0) self - -> produces'0 self (Seq.empty : Seq.seq t_Item'0) self -end -module M_creusot_contracts__stdqy35z1__iter__map__qyi6597778842032428791__produces_refl__refines [#"../../../creusot-contracts/src/std/iter/map.rs" 81 4 81 26] (* as std::iter::Iterator> *) - let%span smap0 = "../../../creusot-contracts/src/std/iter/map.rs" 81 4 81 26 - let%span smap1 = "../../../creusot-contracts/src/std/iter/map.rs" 63 12 74 75 - let%span smap2 = "../../../creusot-contracts/src/std/iter/map.rs" 22 14 22 39 - let%span smap3 = "../../../creusot-contracts/src/std/iter/map.rs" 15 14 15 39 - let%span sops4 = "../../../creusot-contracts/src/std/ops.rs" 109 15 109 59 - let%span sops5 = "../../../creusot-contracts/src/std/ops.rs" 110 14 110 36 - let%span sops6 = "../../../creusot-contracts/src/std/ops.rs" 115 14 115 31 - let%span sops7 = "../../../creusot-contracts/src/std/ops.rs" 120 15 120 29 - let%span sops8 = "../../../creusot-contracts/src/std/ops.rs" 121 15 121 26 - let%span sops9 = "../../../creusot-contracts/src/std/ops.rs" 122 14 122 28 - let%span sops10 = "../../../creusot-contracts/src/std/ops.rs" 127 14 128 105 - let%span siter11 = "../../../creusot-contracts/src/std/iter.rs" 38 14 38 45 - let%span siter12 = "../../../creusot-contracts/src/std/iter.rs" 42 15 42 32 - let%span siter13 = "../../../creusot-contracts/src/std/iter.rs" 43 15 43 32 - let%span siter14 = "../../../creusot-contracts/src/std/iter.rs" 44 14 44 42 + function cmp_ge_log'2 [#"../../../creusot-contracts/src/logic/ord.rs" 52 4 52 36] (x : t_A'0) (y : t_A'0) : () - type t_I'0 + axiom cmp_ge_log'2_spec : forall x : t_A'0, y : t_A'0 . [%#sord5] ge_log'2 x y = (cmp_log'1 x y <> C_Less'0) - type t_F'0 + function lt_log'1 [#"../../../creusot-contracts/src/logic/ord.rs" 35 4 35 36] (self : t_A'0) (o : t_A'0) : bool - type t_Map'0 = - { t_Map__iter'0: t_I'0; t_Map__f'0: t_F'0 } + function cmp_lt_log'1 [#"../../../creusot-contracts/src/logic/ord.rs" 41 4 41 36] (x : t_A'0) (y : t_A'0) : () - use seq.Seq + axiom cmp_lt_log'1_spec : forall x : t_A'0, y : t_A'0 . [%#sord4] lt_log'1 x y = (cmp_log'1 x y = C_Less'0) - type t_B'0 + function le_log'1 [#"../../../creusot-contracts/src/logic/ord.rs" 24 4 24 36] (self : t_A'0) (o : t_A'0) : bool - use seq.Seq + function cmp_le_log'1 [#"../../../creusot-contracts/src/logic/ord.rs" 30 4 30 36] (x : t_A'0) (y : t_A'0) : () - predicate inv'2 [#"../../../creusot-contracts/src/invariant.rs" 41 0 41 35] (_1 : t_I'0) + axiom cmp_le_log'1_spec : forall x : t_A'0, y : t_A'0 . [%#sord3] le_log'1 x y = (cmp_log'1 x y <> C_Greater'0) - predicate inv'1 [#"../../../creusot-contracts/src/invariant.rs" 41 0 41 35] (_1 : t_F'0) + function ge_log'0 [#"../../../creusot-contracts/src/logic/ord.rs" 287 4 287 36] (self : (t_A'0, t_B'0)) (o : (t_A'0, t_B'0)) : bool + + = + [%#sord1] (let (a, _) = self in a) = (let (a, _) = o in a) + /\ ge_log'1 (let (_, a) = self in a) (let (_, a) = o in a) + \/ gt_log'0 (let (a, _) = self in a) (let (a, _) = o in a) - predicate inv'0 [#"../../../creusot-contracts/src/invariant.rs" 41 0 41 35] (_1 : t_Map'0) + function cmp_log'0 [#"../../../creusot-contracts/src/logic/ord.rs" 262 4 262 41] (self : (t_A'0, t_B'0)) (o : (t_A'0, t_B'0)) : t_Ordering'0 + + = + [%#sord2] let r = cmp_log'1 (let (a, _) = self in a) (let (a, _) = o in a) in if r = C_Equal'0 then + cmp_log'2 (let (_, a) = self in a) (let (_, a) = o in a) + else + r + - axiom inv_axiom'0 [@rewrite] : forall x : t_Map'0 [inv'0 x] . inv'0 x - = match x with - | {t_Map__iter'0 = iter ; t_Map__f'0 = f} -> inv'2 iter /\ inv'1 f - end + goal refines : [%#sord0] forall x : (t_A'0, t_B'0) . forall y : (t_A'0, t_B'0) . forall result : () . ge_log'0 x y + = (cmp_log'0 x y <> C_Less'0) -> ge_log'0 x y = (cmp_log'0 x y <> C_Less'0) +end +module M_creusot_contracts__logic__ord__qyi1910662420989811789__antisym2__refines [#"../../../creusot-contracts/src/logic/ord.rs" 169 8 169 37] (* <(A, B) as logic::ord::OrdLogic> *) + let%span sord0 = "../../../creusot-contracts/src/logic/ord.rs" 169 8 169 37 + let%span sord1 = "../../../creusot-contracts/src/logic/ord.rs" 263 8 270 11 + let%span sord2 = "../../../creusot-contracts/src/logic/ord.rs" 29 14 29 64 + let%span sord3 = "../../../creusot-contracts/src/logic/ord.rs" 40 14 40 61 + let%span sord4 = "../../../creusot-contracts/src/logic/ord.rs" 51 14 51 61 + let%span sord5 = "../../../creusot-contracts/src/logic/ord.rs" 62 14 62 64 + let%span sord6 = "../../../creusot-contracts/src/logic/ord.rs" 67 14 67 45 + let%span sord7 = "../../../creusot-contracts/src/logic/ord.rs" 72 15 72 32 + let%span sord8 = "../../../creusot-contracts/src/logic/ord.rs" 73 15 73 32 + let%span sord9 = "../../../creusot-contracts/src/logic/ord.rs" 74 14 74 31 + let%span sord10 = "../../../creusot-contracts/src/logic/ord.rs" 81 15 81 45 + let%span sord11 = "../../../creusot-contracts/src/logic/ord.rs" 82 14 82 47 + let%span sord12 = "../../../creusot-contracts/src/logic/ord.rs" 89 15 89 48 + let%span sord13 = "../../../creusot-contracts/src/logic/ord.rs" 90 14 90 44 + let%span sord14 = "../../../creusot-contracts/src/logic/ord.rs" 95 14 95 59 - function func'0 [#"../../../creusot-contracts/src/std/iter/map.rs" 23 4 23 22] (self : t_Map'0) : t_F'0 + type t_A'0 - axiom func'0_spec : forall self : t_Map'0 . [%#smap2] inv'0 self -> inv'1 (func'0 self) + type t_B'0 - type t_Item'0 + type t_Ordering'0 = + | C_Less'0 + | C_Equal'0 + | C_Greater'0 - predicate postcondition_once'0 [#"../../../creusot-contracts/src/std/ops.rs" 85 4 85 73] (self : t_F'0) (args : t_Item'0) (result : t_B'0) + function cmp_log'1 [#"../../../creusot-contracts/src/logic/ord.rs" 19 4 19 46] (self : t_A'0) (other : t_A'0) : t_Ordering'0 - use prelude.prelude.Borrow + function eq_cmp'0 [#"../../../creusot-contracts/src/logic/ord.rs" 96 4 96 32] (x : t_A'0) (y : t_A'0) : () - predicate resolve'0 [#"../../../creusot-contracts/src/resolve.rs" 19 0 19 40] (_1 : t_F'0) + axiom eq_cmp'0_spec : forall x : t_A'0, y : t_A'0 . [%#sord14] (x = y) = (cmp_log'1 x y = C_Equal'0) - predicate postcondition_mut'0 [#"../../../creusot-contracts/src/std/ops.rs" 95 4 95 92] (self : t_F'0) (args : t_Item'0) (result_state : t_F'0) (result : t_B'0) - + function antisym2'1 [#"../../../creusot-contracts/src/logic/ord.rs" 91 4 91 34] (x : t_A'0) (y : t_A'0) : () - function fn_mut_once'0 [#"../../../creusot-contracts/src/std/ops.rs" 129 4 129 55] (self : t_F'0) (args : t_Item'0) (res : t_B'0) : () - + axiom antisym2'1_spec : forall x : t_A'0, y : t_A'0 . ([%#sord12] cmp_log'1 x y = C_Greater'0) + -> ([%#sord13] cmp_log'1 y x = C_Less'0) - axiom fn_mut_once'0_spec : forall self : t_F'0, args : t_Item'0, res : t_B'0 . [%#sops10] postcondition_once'0 self args res - = (exists res_state : t_F'0 . postcondition_mut'0 self args res_state res /\ resolve'0 res_state) + function antisym1'0 [#"../../../creusot-contracts/src/logic/ord.rs" 83 4 83 34] (x : t_A'0) (y : t_A'0) : () - predicate unnest'0 [#"../../../creusot-contracts/src/std/ops.rs" 103 4 103 36] (self : t_F'0) (_2 : t_F'0) + axiom antisym1'0_spec : forall x : t_A'0, y : t_A'0 . ([%#sord10] cmp_log'1 x y = C_Less'0) + -> ([%#sord11] cmp_log'1 y x = C_Greater'0) - function unnest_trans'0 [#"../../../creusot-contracts/src/std/ops.rs" 123 4 123 43] (self : t_F'0) (b : t_F'0) (c : t_F'0) : () + function trans'0 [#"../../../creusot-contracts/src/logic/ord.rs" 75 4 75 53] (x : t_A'0) (y : t_A'0) (z : t_A'0) (o : t_Ordering'0) : () - axiom unnest_trans'0_spec : forall self : t_F'0, b : t_F'0, c : t_F'0 . ([%#sops7] unnest'0 self b) - -> ([%#sops8] unnest'0 b c) -> ([%#sops9] unnest'0 self c) + axiom trans'0_spec : forall x : t_A'0, y : t_A'0, z : t_A'0, o : t_Ordering'0 . ([%#sord7] cmp_log'1 x y = o) + -> ([%#sord8] cmp_log'1 y z = o) -> ([%#sord9] cmp_log'1 x z = o) - function unnest_refl'0 [#"../../../creusot-contracts/src/std/ops.rs" 116 4 116 24] (self : t_F'0) : () + function refl'0 [#"../../../creusot-contracts/src/logic/ord.rs" 68 4 68 21] (x : t_A'0) : () - axiom unnest_refl'0_spec : forall self : t_F'0 . [%#sops6] unnest'0 self self + axiom refl'0_spec : forall x : t_A'0 . [%#sord6] cmp_log'1 x x = C_Equal'0 - function postcondition_mut_unnest'0 [#"../../../creusot-contracts/src/std/ops.rs" 111 4 111 85] (self : t_F'0) (args : t_Item'0) (res_state : t_F'0) (res : t_B'0) : () - + function gt_log'0 [#"../../../creusot-contracts/src/logic/ord.rs" 57 4 57 36] (self : t_A'0) (o : t_A'0) : bool - axiom postcondition_mut_unnest'0_spec : forall self : t_F'0, args : t_Item'0, res_state : t_F'0, res : t_B'0 . ([%#sops4] postcondition_mut'0 self args res_state res) - -> ([%#sops5] unnest'0 self res_state) + function cmp_gt_log'0 [#"../../../creusot-contracts/src/logic/ord.rs" 63 4 63 36] (x : t_A'0) (y : t_A'0) : () - use seq.Seq + axiom cmp_gt_log'0_spec : forall x : t_A'0, y : t_A'0 . [%#sord5] gt_log'0 x y = (cmp_log'1 x y = C_Greater'0) - use seq.Seq + function ge_log'0 [#"../../../creusot-contracts/src/logic/ord.rs" 46 4 46 36] (self : t_A'0) (o : t_A'0) : bool - use seq.Seq + function cmp_ge_log'0 [#"../../../creusot-contracts/src/logic/ord.rs" 52 4 52 36] (x : t_A'0) (y : t_A'0) : () - use seq.Seq + axiom cmp_ge_log'0_spec : forall x : t_A'0, y : t_A'0 . [%#sord4] ge_log'0 x y = (cmp_log'1 x y <> C_Less'0) - use seq.Seq + function lt_log'0 [#"../../../creusot-contracts/src/logic/ord.rs" 35 4 35 36] (self : t_A'0) (o : t_A'0) : bool - function iter'0 [#"../../../creusot-contracts/src/std/iter/map.rs" 16 4 16 22] (self : t_Map'0) : t_I'0 + function cmp_lt_log'0 [#"../../../creusot-contracts/src/logic/ord.rs" 41 4 41 36] (x : t_A'0) (y : t_A'0) : () - axiom iter'0_spec : forall self : t_Map'0 . [%#smap3] inv'0 self -> inv'2 (iter'0 self) + axiom cmp_lt_log'0_spec : forall x : t_A'0, y : t_A'0 . [%#sord3] lt_log'0 x y = (cmp_log'1 x y = C_Less'0) - use seq.Seq + function le_log'0 [#"../../../creusot-contracts/src/logic/ord.rs" 24 4 24 36] (self : t_A'0) (o : t_A'0) : bool - use seq.Seq + function cmp_le_log'0 [#"../../../creusot-contracts/src/logic/ord.rs" 30 4 30 36] (x : t_A'0) (y : t_A'0) : () - predicate produces'1 [#"../../../creusot-contracts/src/std/iter.rs" 32 4 32 65] (self : t_I'0) (visited : Seq.seq t_Item'0) (o : t_I'0) - + axiom cmp_le_log'0_spec : forall x : t_A'0, y : t_A'0 . [%#sord2] le_log'0 x y = (cmp_log'1 x y <> C_Greater'0) - function produces_trans'0 [#"../../../creusot-contracts/src/std/iter.rs" 45 4 45 91] (a : t_I'0) (ab : Seq.seq t_Item'0) (b : t_I'0) (bc : Seq.seq t_Item'0) (c : t_I'0) : () + function cmp_log'2 [#"../../../creusot-contracts/src/logic/ord.rs" 19 4 19 46] (self : t_B'0) (other : t_B'0) : t_Ordering'0 - axiom produces_trans'0_spec : forall a : t_I'0, ab : Seq.seq t_Item'0, b : t_I'0, bc : Seq.seq t_Item'0, c : t_I'0 . ([%#siter12] produces'1 a ab b) - -> ([%#siter13] produces'1 b bc c) -> ([%#siter14] produces'1 a (Seq.(++) ab bc) c) - - function produces_refl'1 [#"../../../creusot-contracts/src/std/iter.rs" 39 4 39 27] (self : t_I'0) : () - - axiom produces_refl'1_spec : forall self : t_I'0 . [%#siter11] produces'1 self (Seq.empty : Seq.seq t_Item'0) self + function eq_cmp'1 [#"../../../creusot-contracts/src/logic/ord.rs" 96 4 96 32] (x : t_B'0) (y : t_B'0) : () - use prelude.prelude.Int + axiom eq_cmp'1_spec : forall x : t_B'0, y : t_B'0 . [%#sord14] (x = y) = (cmp_log'2 x y = C_Equal'0) - use seq.Seq + function antisym2'2 [#"../../../creusot-contracts/src/logic/ord.rs" 91 4 91 34] (x : t_B'0) (y : t_B'0) : () - use seq.Seq + axiom antisym2'2_spec : forall x : t_B'0, y : t_B'0 . ([%#sord12] cmp_log'2 x y = C_Greater'0) + -> ([%#sord13] cmp_log'2 y x = C_Less'0) - predicate precondition'0 [#"../../../creusot-contracts/src/std/ops.rs" 77 4 77 45] (self : t_F'0) (args : t_Item'0) + function antisym1'1 [#"../../../creusot-contracts/src/logic/ord.rs" 83 4 83 34] (x : t_B'0) (y : t_B'0) : () - use seq.Seq + axiom antisym1'1_spec : forall x : t_B'0, y : t_B'0 . ([%#sord10] cmp_log'2 x y = C_Less'0) + -> ([%#sord11] cmp_log'2 y x = C_Greater'0) - predicate produces'0 [@inline:trivial] [#"../../../creusot-contracts/src/std/iter/map.rs" 61 4 61 67] (self : t_Map'0) (visited : Seq.seq t_B'0) (succ : t_Map'0) + function trans'1 [#"../../../creusot-contracts/src/logic/ord.rs" 75 4 75 53] (x : t_B'0) (y : t_B'0) (z : t_B'0) (o : t_Ordering'0) : () - = - [%#smap1] unnest'0 (func'0 self) (func'0 succ) - /\ (exists fs : Seq.seq (borrowed t_F'0) . Seq.length fs = Seq.length visited - /\ (exists s : Seq.seq t_Item'0 [produces'1 (iter'0 self) s (iter'0 succ)] . Seq.length s = Seq.length visited - /\ produces'1 (iter'0 self) s (iter'0 succ) - /\ (forall i : int . 1 <= i /\ i < Seq.length fs -> (Seq.get fs (i - 1)).final = (Seq.get fs i).current) - /\ (if Seq.length visited = 0 then - func'0 self = func'0 succ - else - (Seq.get fs 0).current = func'0 self /\ (Seq.get fs (Seq.length visited - 1)).final = func'0 succ - ) - /\ (forall i : int . 0 <= i /\ i < Seq.length visited - -> unnest'0 (func'0 self) (Seq.get fs i).current - /\ precondition'0 (Seq.get fs i).current (Seq.get s i) - /\ postcondition_mut'0 (Seq.get fs i).current (Seq.get s i) (Seq.get fs i).final (Seq.get visited i)))) - - goal refines : [%#smap0] forall self : t_Map'0 . forall result : () . produces'0 self (Seq.empty : Seq.seq t_B'0) self - -> produces'0 self (Seq.empty : Seq.seq t_B'0) self -end -module M_creusot_contracts__stdqy35z1__iter__map__qyi6597778842032428791__produces_trans__refines [#"../../../creusot-contracts/src/std/iter/map.rs" 88 4 88 90] (* as std::iter::Iterator> *) - let%span smap0 = "../../../creusot-contracts/src/std/iter/map.rs" 88 4 88 90 - let%span smap1 = "../../../creusot-contracts/src/std/iter/map.rs" 63 12 74 75 - let%span smap2 = "../../../creusot-contracts/src/std/iter/map.rs" 22 14 22 39 - let%span smap3 = "../../../creusot-contracts/src/std/iter/map.rs" 15 14 15 39 - let%span sops4 = "../../../creusot-contracts/src/std/ops.rs" 109 15 109 59 - let%span sops5 = "../../../creusot-contracts/src/std/ops.rs" 110 14 110 36 - let%span sops6 = "../../../creusot-contracts/src/std/ops.rs" 115 14 115 31 - let%span sops7 = "../../../creusot-contracts/src/std/ops.rs" 120 15 120 29 - let%span sops8 = "../../../creusot-contracts/src/std/ops.rs" 121 15 121 26 - let%span sops9 = "../../../creusot-contracts/src/std/ops.rs" 122 14 122 28 - let%span sops10 = "../../../creusot-contracts/src/std/ops.rs" 127 14 128 105 - let%span siter11 = "../../../creusot-contracts/src/std/iter.rs" 38 14 38 45 - let%span siter12 = "../../../creusot-contracts/src/std/iter.rs" 42 15 42 32 - let%span siter13 = "../../../creusot-contracts/src/std/iter.rs" 43 15 43 32 - let%span siter14 = "../../../creusot-contracts/src/std/iter.rs" 44 14 44 42 - type t_I'0 + axiom trans'1_spec : forall x : t_B'0, y : t_B'0, z : t_B'0, o : t_Ordering'0 . ([%#sord7] cmp_log'2 x y = o) + -> ([%#sord8] cmp_log'2 y z = o) -> ([%#sord9] cmp_log'2 x z = o) - type t_F'0 + function refl'1 [#"../../../creusot-contracts/src/logic/ord.rs" 68 4 68 21] (x : t_B'0) : () - type t_Map'0 = - { t_Map__iter'0: t_I'0; t_Map__f'0: t_F'0 } + axiom refl'1_spec : forall x : t_B'0 . [%#sord6] cmp_log'2 x x = C_Equal'0 - type t_B'0 + function gt_log'1 [#"../../../creusot-contracts/src/logic/ord.rs" 57 4 57 36] (self : t_B'0) (o : t_B'0) : bool - use seq.Seq + function cmp_gt_log'1 [#"../../../creusot-contracts/src/logic/ord.rs" 63 4 63 36] (x : t_B'0) (y : t_B'0) : () - predicate inv'2 [#"../../../creusot-contracts/src/invariant.rs" 41 0 41 35] (_1 : t_I'0) + axiom cmp_gt_log'1_spec : forall x : t_B'0, y : t_B'0 . [%#sord5] gt_log'1 x y = (cmp_log'2 x y = C_Greater'0) - predicate inv'1 [#"../../../creusot-contracts/src/invariant.rs" 41 0 41 35] (_1 : t_F'0) + function ge_log'1 [#"../../../creusot-contracts/src/logic/ord.rs" 46 4 46 36] (self : t_B'0) (o : t_B'0) : bool - predicate inv'0 [#"../../../creusot-contracts/src/invariant.rs" 41 0 41 35] (_1 : t_Map'0) + function cmp_ge_log'1 [#"../../../creusot-contracts/src/logic/ord.rs" 52 4 52 36] (x : t_B'0) (y : t_B'0) : () - axiom inv_axiom'0 [@rewrite] : forall x : t_Map'0 [inv'0 x] . inv'0 x - = match x with - | {t_Map__iter'0 = iter ; t_Map__f'0 = f} -> inv'2 iter /\ inv'1 f - end + axiom cmp_ge_log'1_spec : forall x : t_B'0, y : t_B'0 . [%#sord4] ge_log'1 x y = (cmp_log'2 x y <> C_Less'0) - function func'0 [#"../../../creusot-contracts/src/std/iter/map.rs" 23 4 23 22] (self : t_Map'0) : t_F'0 + function lt_log'1 [#"../../../creusot-contracts/src/logic/ord.rs" 35 4 35 36] (self : t_B'0) (o : t_B'0) : bool - axiom func'0_spec : forall self : t_Map'0 . [%#smap2] inv'0 self -> inv'1 (func'0 self) + function cmp_lt_log'1 [#"../../../creusot-contracts/src/logic/ord.rs" 41 4 41 36] (x : t_B'0) (y : t_B'0) : () - type t_Item'0 + axiom cmp_lt_log'1_spec : forall x : t_B'0, y : t_B'0 . [%#sord3] lt_log'1 x y = (cmp_log'2 x y = C_Less'0) - predicate postcondition_once'0 [#"../../../creusot-contracts/src/std/ops.rs" 85 4 85 73] (self : t_F'0) (args : t_Item'0) (result : t_B'0) - + function le_log'1 [#"../../../creusot-contracts/src/logic/ord.rs" 24 4 24 36] (self : t_B'0) (o : t_B'0) : bool - use prelude.prelude.Borrow + function cmp_le_log'1 [#"../../../creusot-contracts/src/logic/ord.rs" 30 4 30 36] (x : t_B'0) (y : t_B'0) : () - predicate resolve'0 [#"../../../creusot-contracts/src/resolve.rs" 19 0 19 40] (_1 : t_F'0) + axiom cmp_le_log'1_spec : forall x : t_B'0, y : t_B'0 . [%#sord2] le_log'1 x y = (cmp_log'2 x y <> C_Greater'0) - predicate postcondition_mut'0 [#"../../../creusot-contracts/src/std/ops.rs" 95 4 95 92] (self : t_F'0) (args : t_Item'0) (result_state : t_F'0) (result : t_B'0) + function cmp_log'0 [#"../../../creusot-contracts/src/logic/ord.rs" 262 4 262 41] (self : (t_A'0, t_B'0)) (o : (t_A'0, t_B'0)) : t_Ordering'0 - - function fn_mut_once'0 [#"../../../creusot-contracts/src/std/ops.rs" 129 4 129 55] (self : t_F'0) (args : t_Item'0) (res : t_B'0) : () + = + [%#sord1] let r = cmp_log'1 (let (a, _) = self in a) (let (a, _) = o in a) in if r = C_Equal'0 then + cmp_log'2 (let (_, a) = self in a) (let (_, a) = o in a) + else + r - axiom fn_mut_once'0_spec : forall self : t_F'0, args : t_Item'0, res : t_B'0 . [%#sops10] postcondition_once'0 self args res - = (exists res_state : t_F'0 . postcondition_mut'0 self args res_state res /\ resolve'0 res_state) - - predicate unnest'0 [#"../../../creusot-contracts/src/std/ops.rs" 103 4 103 36] (self : t_F'0) (_2 : t_F'0) - - function unnest_trans'0 [#"../../../creusot-contracts/src/std/ops.rs" 123 4 123 43] (self : t_F'0) (b : t_F'0) (c : t_F'0) : () - + goal refines : [%#sord0] forall x : (t_A'0, t_B'0) . forall y : (t_A'0, t_B'0) . cmp_log'0 x y = C_Greater'0 + -> cmp_log'0 x y = C_Greater'0 /\ (forall result : () . cmp_log'0 y x = C_Less'0 -> cmp_log'0 y x = C_Less'0) +end +module M_creusot_contracts__logic__ord__qyi1910662420989811789__eq_cmp__refines [#"../../../creusot-contracts/src/logic/ord.rs" 174 8 174 35] (* <(A, B) as logic::ord::OrdLogic> *) + let%span sord0 = "../../../creusot-contracts/src/logic/ord.rs" 174 8 174 35 + let%span sord1 = "../../../creusot-contracts/src/logic/ord.rs" 263 8 270 11 + let%span sord2 = "../../../creusot-contracts/src/logic/ord.rs" 29 14 29 64 + let%span sord3 = "../../../creusot-contracts/src/logic/ord.rs" 40 14 40 61 + let%span sord4 = "../../../creusot-contracts/src/logic/ord.rs" 51 14 51 61 + let%span sord5 = "../../../creusot-contracts/src/logic/ord.rs" 62 14 62 64 + let%span sord6 = "../../../creusot-contracts/src/logic/ord.rs" 67 14 67 45 + let%span sord7 = "../../../creusot-contracts/src/logic/ord.rs" 72 15 72 32 + let%span sord8 = "../../../creusot-contracts/src/logic/ord.rs" 73 15 73 32 + let%span sord9 = "../../../creusot-contracts/src/logic/ord.rs" 74 14 74 31 + let%span sord10 = "../../../creusot-contracts/src/logic/ord.rs" 81 15 81 45 + let%span sord11 = "../../../creusot-contracts/src/logic/ord.rs" 82 14 82 47 + let%span sord12 = "../../../creusot-contracts/src/logic/ord.rs" 89 15 89 48 + let%span sord13 = "../../../creusot-contracts/src/logic/ord.rs" 90 14 90 44 + let%span sord14 = "../../../creusot-contracts/src/logic/ord.rs" 95 14 95 59 - axiom unnest_trans'0_spec : forall self : t_F'0, b : t_F'0, c : t_F'0 . ([%#sops7] unnest'0 self b) - -> ([%#sops8] unnest'0 b c) -> ([%#sops9] unnest'0 self c) + type t_A'0 - function unnest_refl'0 [#"../../../creusot-contracts/src/std/ops.rs" 116 4 116 24] (self : t_F'0) : () + type t_B'0 - axiom unnest_refl'0_spec : forall self : t_F'0 . [%#sops6] unnest'0 self self + type t_Ordering'0 = + | C_Less'0 + | C_Equal'0 + | C_Greater'0 - function postcondition_mut_unnest'0 [#"../../../creusot-contracts/src/std/ops.rs" 111 4 111 85] (self : t_F'0) (args : t_Item'0) (res_state : t_F'0) (res : t_B'0) : () + function cmp_log'1 [#"../../../creusot-contracts/src/logic/ord.rs" 19 4 19 46] (self : t_A'0) (other : t_A'0) : t_Ordering'0 - axiom postcondition_mut_unnest'0_spec : forall self : t_F'0, args : t_Item'0, res_state : t_F'0, res : t_B'0 . ([%#sops4] postcondition_mut'0 self args res_state res) - -> ([%#sops5] unnest'0 self res_state) + function eq_cmp'1 [#"../../../creusot-contracts/src/logic/ord.rs" 96 4 96 32] (x : t_A'0) (y : t_A'0) : () + + axiom eq_cmp'1_spec : forall x : t_A'0, y : t_A'0 . [%#sord14] (x = y) = (cmp_log'1 x y = C_Equal'0) - use seq.Seq + function antisym2'0 [#"../../../creusot-contracts/src/logic/ord.rs" 91 4 91 34] (x : t_A'0) (y : t_A'0) : () - use seq.Seq + axiom antisym2'0_spec : forall x : t_A'0, y : t_A'0 . ([%#sord12] cmp_log'1 x y = C_Greater'0) + -> ([%#sord13] cmp_log'1 y x = C_Less'0) - use seq.Seq + function antisym1'0 [#"../../../creusot-contracts/src/logic/ord.rs" 83 4 83 34] (x : t_A'0) (y : t_A'0) : () - use seq.Seq + axiom antisym1'0_spec : forall x : t_A'0, y : t_A'0 . ([%#sord10] cmp_log'1 x y = C_Less'0) + -> ([%#sord11] cmp_log'1 y x = C_Greater'0) - use seq.Seq + function trans'0 [#"../../../creusot-contracts/src/logic/ord.rs" 75 4 75 53] (x : t_A'0) (y : t_A'0) (z : t_A'0) (o : t_Ordering'0) : () + - function iter'0 [#"../../../creusot-contracts/src/std/iter/map.rs" 16 4 16 22] (self : t_Map'0) : t_I'0 + axiom trans'0_spec : forall x : t_A'0, y : t_A'0, z : t_A'0, o : t_Ordering'0 . ([%#sord7] cmp_log'1 x y = o) + -> ([%#sord8] cmp_log'1 y z = o) -> ([%#sord9] cmp_log'1 x z = o) - axiom iter'0_spec : forall self : t_Map'0 . [%#smap3] inv'0 self -> inv'2 (iter'0 self) + function refl'0 [#"../../../creusot-contracts/src/logic/ord.rs" 68 4 68 21] (x : t_A'0) : () - use seq.Seq + axiom refl'0_spec : forall x : t_A'0 . [%#sord6] cmp_log'1 x x = C_Equal'0 - use seq.Seq + function gt_log'0 [#"../../../creusot-contracts/src/logic/ord.rs" 57 4 57 36] (self : t_A'0) (o : t_A'0) : bool - predicate produces'1 [#"../../../creusot-contracts/src/std/iter.rs" 32 4 32 65] (self : t_I'0) (visited : Seq.seq t_Item'0) (o : t_I'0) - + function cmp_gt_log'0 [#"../../../creusot-contracts/src/logic/ord.rs" 63 4 63 36] (x : t_A'0) (y : t_A'0) : () - function produces_trans'1 [#"../../../creusot-contracts/src/std/iter.rs" 45 4 45 91] (a : t_I'0) (ab : Seq.seq t_Item'0) (b : t_I'0) (bc : Seq.seq t_Item'0) (c : t_I'0) : () - + axiom cmp_gt_log'0_spec : forall x : t_A'0, y : t_A'0 . [%#sord5] gt_log'0 x y = (cmp_log'1 x y = C_Greater'0) - axiom produces_trans'1_spec : forall a : t_I'0, ab : Seq.seq t_Item'0, b : t_I'0, bc : Seq.seq t_Item'0, c : t_I'0 . ([%#siter12] produces'1 a ab b) - -> ([%#siter13] produces'1 b bc c) -> ([%#siter14] produces'1 a (Seq.(++) ab bc) c) + function ge_log'0 [#"../../../creusot-contracts/src/logic/ord.rs" 46 4 46 36] (self : t_A'0) (o : t_A'0) : bool - function produces_refl'0 [#"../../../creusot-contracts/src/std/iter.rs" 39 4 39 27] (self : t_I'0) : () + function cmp_ge_log'0 [#"../../../creusot-contracts/src/logic/ord.rs" 52 4 52 36] (x : t_A'0) (y : t_A'0) : () - axiom produces_refl'0_spec : forall self : t_I'0 . [%#siter11] produces'1 self (Seq.empty : Seq.seq t_Item'0) self + axiom cmp_ge_log'0_spec : forall x : t_A'0, y : t_A'0 . [%#sord4] ge_log'0 x y = (cmp_log'1 x y <> C_Less'0) - use prelude.prelude.Int + function lt_log'0 [#"../../../creusot-contracts/src/logic/ord.rs" 35 4 35 36] (self : t_A'0) (o : t_A'0) : bool - use seq.Seq + function cmp_lt_log'0 [#"../../../creusot-contracts/src/logic/ord.rs" 41 4 41 36] (x : t_A'0) (y : t_A'0) : () - use seq.Seq + axiom cmp_lt_log'0_spec : forall x : t_A'0, y : t_A'0 . [%#sord3] lt_log'0 x y = (cmp_log'1 x y = C_Less'0) - predicate precondition'0 [#"../../../creusot-contracts/src/std/ops.rs" 77 4 77 45] (self : t_F'0) (args : t_Item'0) + function le_log'0 [#"../../../creusot-contracts/src/logic/ord.rs" 24 4 24 36] (self : t_A'0) (o : t_A'0) : bool - use seq.Seq + function cmp_le_log'0 [#"../../../creusot-contracts/src/logic/ord.rs" 30 4 30 36] (x : t_A'0) (y : t_A'0) : () - predicate produces'0 [@inline:trivial] [#"../../../creusot-contracts/src/std/iter/map.rs" 61 4 61 67] (self : t_Map'0) (visited : Seq.seq t_B'0) (succ : t_Map'0) + axiom cmp_le_log'0_spec : forall x : t_A'0, y : t_A'0 . [%#sord2] le_log'0 x y = (cmp_log'1 x y <> C_Greater'0) + + function cmp_log'2 [#"../../../creusot-contracts/src/logic/ord.rs" 19 4 19 46] (self : t_B'0) (other : t_B'0) : t_Ordering'0 - = - [%#smap1] unnest'0 (func'0 self) (func'0 succ) - /\ (exists fs : Seq.seq (borrowed t_F'0) . Seq.length fs = Seq.length visited - /\ (exists s : Seq.seq t_Item'0 [produces'1 (iter'0 self) s (iter'0 succ)] . Seq.length s = Seq.length visited - /\ produces'1 (iter'0 self) s (iter'0 succ) - /\ (forall i : int . 1 <= i /\ i < Seq.length fs -> (Seq.get fs (i - 1)).final = (Seq.get fs i).current) - /\ (if Seq.length visited = 0 then - func'0 self = func'0 succ - else - (Seq.get fs 0).current = func'0 self /\ (Seq.get fs (Seq.length visited - 1)).final = func'0 succ - ) - /\ (forall i : int . 0 <= i /\ i < Seq.length visited - -> unnest'0 (func'0 self) (Seq.get fs i).current - /\ precondition'0 (Seq.get fs i).current (Seq.get s i) - /\ postcondition_mut'0 (Seq.get fs i).current (Seq.get s i) (Seq.get fs i).final (Seq.get visited i)))) - use seq.Seq + function eq_cmp'2 [#"../../../creusot-contracts/src/logic/ord.rs" 96 4 96 32] (x : t_B'0) (y : t_B'0) : () - goal refines : [%#smap0] forall a : t_Map'0 . forall ab : Seq.seq t_B'0 . forall b : t_Map'0 . forall bc : Seq.seq t_B'0 . forall c : t_Map'0 . produces'0 b bc c - /\ produces'0 a ab b - -> produces'0 b bc c - /\ produces'0 a ab b /\ (forall result : () . produces'0 a (Seq.(++) ab bc) c -> produces'0 a (Seq.(++) ab bc) c) -end -module M_creusot_contracts__stdqy35z1__iter__map_inv__qyi9026772487048432788__produces_refl__refines [#"../../../creusot-contracts/src/std/iter/map_inv.rs" 24 4 24 26] (* ::Item, F> as std::iter::Iterator> *) - let%span smap_inv0 = "../../../creusot-contracts/src/std/iter/map_inv.rs" 24 4 24 26 - let%span smap_inv1 = "../../../creusot-contracts/src/std/iter/map_inv.rs" 37 8 49 9 - let%span sops2 = "../../../creusot-contracts/src/std/ops.rs" 109 15 109 59 - let%span sops3 = "../../../creusot-contracts/src/std/ops.rs" 110 14 110 36 - let%span sops4 = "../../../creusot-contracts/src/std/ops.rs" 115 14 115 31 - let%span sops5 = "../../../creusot-contracts/src/std/ops.rs" 120 15 120 29 - let%span sops6 = "../../../creusot-contracts/src/std/ops.rs" 121 15 121 26 - let%span sops7 = "../../../creusot-contracts/src/std/ops.rs" 122 14 122 28 - let%span sops8 = "../../../creusot-contracts/src/std/ops.rs" 127 14 128 105 - let%span siter9 = "../../../creusot-contracts/src/std/iter.rs" 38 14 38 45 - let%span siter10 = "../../../creusot-contracts/src/std/iter.rs" 42 15 42 32 - let%span siter11 = "../../../creusot-contracts/src/std/iter.rs" 43 15 43 32 - let%span siter12 = "../../../creusot-contracts/src/std/iter.rs" 44 14 44 42 + axiom eq_cmp'2_spec : forall x : t_B'0, y : t_B'0 . [%#sord14] (x = y) = (cmp_log'2 x y = C_Equal'0) - type t_I'0 + function antisym2'1 [#"../../../creusot-contracts/src/logic/ord.rs" 91 4 91 34] (x : t_B'0) (y : t_B'0) : () - type t_F'0 + axiom antisym2'1_spec : forall x : t_B'0, y : t_B'0 . ([%#sord12] cmp_log'2 x y = C_Greater'0) + -> ([%#sord13] cmp_log'2 y x = C_Less'0) - type t_Item'0 + function antisym1'1 [#"../../../creusot-contracts/src/logic/ord.rs" 83 4 83 34] (x : t_B'0) (y : t_B'0) : () - use seq.Seq + axiom antisym1'1_spec : forall x : t_B'0, y : t_B'0 . ([%#sord10] cmp_log'2 x y = C_Less'0) + -> ([%#sord11] cmp_log'2 y x = C_Greater'0) - use prelude.prelude.Snapshot + function trans'1 [#"../../../creusot-contracts/src/logic/ord.rs" 75 4 75 53] (x : t_B'0) (y : t_B'0) (z : t_B'0) (o : t_Ordering'0) : () + - type t_MapInv'0 = - { t_MapInv__iter'0: t_I'0; t_MapInv__func'0: t_F'0; t_MapInv__produced'0: Snapshot.snap_ty (Seq.seq t_Item'0) } + axiom trans'1_spec : forall x : t_B'0, y : t_B'0, z : t_B'0, o : t_Ordering'0 . ([%#sord7] cmp_log'2 x y = o) + -> ([%#sord8] cmp_log'2 y z = o) -> ([%#sord9] cmp_log'2 x z = o) - use seq.Seq + function refl'1 [#"../../../creusot-contracts/src/logic/ord.rs" 68 4 68 21] (x : t_B'0) : () - type t_B'0 + axiom refl'1_spec : forall x : t_B'0 . [%#sord6] cmp_log'2 x x = C_Equal'0 - use seq.Seq + function gt_log'1 [#"../../../creusot-contracts/src/logic/ord.rs" 57 4 57 36] (self : t_B'0) (o : t_B'0) : bool - predicate postcondition_once'0 [#"../../../creusot-contracts/src/std/ops.rs" 85 4 85 73] (self : t_F'0) (args : (t_Item'0, Snapshot.snap_ty (Seq.seq t_Item'0))) (result : t_B'0) - + function cmp_gt_log'1 [#"../../../creusot-contracts/src/logic/ord.rs" 63 4 63 36] (x : t_B'0) (y : t_B'0) : () - use prelude.prelude.Borrow + axiom cmp_gt_log'1_spec : forall x : t_B'0, y : t_B'0 . [%#sord5] gt_log'1 x y = (cmp_log'2 x y = C_Greater'0) - predicate resolve'0 [#"../../../creusot-contracts/src/resolve.rs" 19 0 19 40] (_1 : t_F'0) + function ge_log'1 [#"../../../creusot-contracts/src/logic/ord.rs" 46 4 46 36] (self : t_B'0) (o : t_B'0) : bool - predicate postcondition_mut'0 [#"../../../creusot-contracts/src/std/ops.rs" 95 4 95 92] (self : t_F'0) (args : (t_Item'0, Snapshot.snap_ty (Seq.seq t_Item'0))) (result_state : t_F'0) (result : t_B'0) - + function cmp_ge_log'1 [#"../../../creusot-contracts/src/logic/ord.rs" 52 4 52 36] (x : t_B'0) (y : t_B'0) : () - function fn_mut_once'0 [#"../../../creusot-contracts/src/std/ops.rs" 129 4 129 55] (self : t_F'0) (args : (t_Item'0, Snapshot.snap_ty (Seq.seq t_Item'0))) (res : t_B'0) : () - + axiom cmp_ge_log'1_spec : forall x : t_B'0, y : t_B'0 . [%#sord4] ge_log'1 x y = (cmp_log'2 x y <> C_Less'0) - axiom fn_mut_once'0_spec : forall self : t_F'0, args : (t_Item'0, Snapshot.snap_ty (Seq.seq t_Item'0)), res : t_B'0 . [%#sops8] postcondition_once'0 self args res - = (exists res_state : t_F'0 . postcondition_mut'0 self args res_state res /\ resolve'0 res_state) + function lt_log'1 [#"../../../creusot-contracts/src/logic/ord.rs" 35 4 35 36] (self : t_B'0) (o : t_B'0) : bool - predicate unnest'0 [#"../../../creusot-contracts/src/std/ops.rs" 103 4 103 36] (self : t_F'0) (_2 : t_F'0) + function cmp_lt_log'1 [#"../../../creusot-contracts/src/logic/ord.rs" 41 4 41 36] (x : t_B'0) (y : t_B'0) : () - function unnest_trans'0 [#"../../../creusot-contracts/src/std/ops.rs" 123 4 123 43] (self : t_F'0) (b : t_F'0) (c : t_F'0) : () - + axiom cmp_lt_log'1_spec : forall x : t_B'0, y : t_B'0 . [%#sord3] lt_log'1 x y = (cmp_log'2 x y = C_Less'0) - axiom unnest_trans'0_spec : forall self : t_F'0, b : t_F'0, c : t_F'0 . ([%#sops5] unnest'0 self b) - -> ([%#sops6] unnest'0 b c) -> ([%#sops7] unnest'0 self c) + function le_log'1 [#"../../../creusot-contracts/src/logic/ord.rs" 24 4 24 36] (self : t_B'0) (o : t_B'0) : bool - function unnest_refl'0 [#"../../../creusot-contracts/src/std/ops.rs" 116 4 116 24] (self : t_F'0) : () + function cmp_le_log'1 [#"../../../creusot-contracts/src/logic/ord.rs" 30 4 30 36] (x : t_B'0) (y : t_B'0) : () - axiom unnest_refl'0_spec : forall self : t_F'0 . [%#sops4] unnest'0 self self + axiom cmp_le_log'1_spec : forall x : t_B'0, y : t_B'0 . [%#sord2] le_log'1 x y = (cmp_log'2 x y <> C_Greater'0) - function postcondition_mut_unnest'0 [#"../../../creusot-contracts/src/std/ops.rs" 111 4 111 85] (self : t_F'0) (args : (t_Item'0, Snapshot.snap_ty (Seq.seq t_Item'0))) (res_state : t_F'0) (res : t_B'0) : () + function cmp_log'0 [#"../../../creusot-contracts/src/logic/ord.rs" 262 4 262 41] (self : (t_A'0, t_B'0)) (o : (t_A'0, t_B'0)) : t_Ordering'0 + + = + [%#sord1] let r = cmp_log'1 (let (a, _) = self in a) (let (a, _) = o in a) in if r = C_Equal'0 then + cmp_log'2 (let (_, a) = self in a) (let (_, a) = o in a) + else + r - axiom postcondition_mut_unnest'0_spec : forall self : t_F'0, args : (t_Item'0, Snapshot.snap_ty (Seq.seq t_Item'0)), res_state : t_F'0, res : t_B'0 . ([%#sops2] postcondition_mut'0 self args res_state res) - -> ([%#sops3] unnest'0 self res_state) + goal refines : [%#sord0] forall x : (t_A'0, t_B'0) . forall y : (t_A'0, t_B'0) . forall result : () . (x = y) + = (cmp_log'0 x y = C_Equal'0) -> (x = y) = (cmp_log'0 x y = C_Equal'0) +end +module M_creusot_contracts__logic__ord__qyi1910662420989811789__cmp_le_log__refines [#"../../../creusot-contracts/src/logic/ord.rs" 130 8 130 39] (* <(A, B) as logic::ord::OrdLogic> *) + let%span sord0 = "../../../creusot-contracts/src/logic/ord.rs" 130 8 130 39 + let%span sord1 = "../../../creusot-contracts/src/logic/ord.rs" 276 20 276 68 + let%span sord2 = "../../../creusot-contracts/src/logic/ord.rs" 263 8 270 11 + let%span sord3 = "../../../creusot-contracts/src/logic/ord.rs" 29 14 29 64 + let%span sord4 = "../../../creusot-contracts/src/logic/ord.rs" 40 14 40 61 + let%span sord5 = "../../../creusot-contracts/src/logic/ord.rs" 51 14 51 61 + let%span sord6 = "../../../creusot-contracts/src/logic/ord.rs" 62 14 62 64 + let%span sord7 = "../../../creusot-contracts/src/logic/ord.rs" 67 14 67 45 + let%span sord8 = "../../../creusot-contracts/src/logic/ord.rs" 72 15 72 32 + let%span sord9 = "../../../creusot-contracts/src/logic/ord.rs" 73 15 73 32 + let%span sord10 = "../../../creusot-contracts/src/logic/ord.rs" 74 14 74 31 + let%span sord11 = "../../../creusot-contracts/src/logic/ord.rs" 81 15 81 45 + let%span sord12 = "../../../creusot-contracts/src/logic/ord.rs" 82 14 82 47 + let%span sord13 = "../../../creusot-contracts/src/logic/ord.rs" 89 15 89 48 + let%span sord14 = "../../../creusot-contracts/src/logic/ord.rs" 90 14 90 44 + let%span sord15 = "../../../creusot-contracts/src/logic/ord.rs" 95 14 95 59 - use seq.Seq + type t_A'0 - use seq.Seq + type t_B'0 - use seq.Seq + type t_Ordering'0 = + | C_Less'0 + | C_Equal'0 + | C_Greater'0 - use seq.Seq + function cmp_log'2 [#"../../../creusot-contracts/src/logic/ord.rs" 19 4 19 46] (self : t_B'0) (other : t_B'0) : t_Ordering'0 + - use seq.Seq + function eq_cmp'0 [#"../../../creusot-contracts/src/logic/ord.rs" 96 4 96 32] (x : t_B'0) (y : t_B'0) : () - use seq.Seq + axiom eq_cmp'0_spec : forall x : t_B'0, y : t_B'0 . [%#sord15] (x = y) = (cmp_log'2 x y = C_Equal'0) - predicate produces'1 [#"../../../creusot-contracts/src/std/iter.rs" 32 4 32 65] (self : t_I'0) (visited : Seq.seq t_Item'0) (o : t_I'0) - + function antisym2'0 [#"../../../creusot-contracts/src/logic/ord.rs" 91 4 91 34] (x : t_B'0) (y : t_B'0) : () - function produces_trans'0 [#"../../../creusot-contracts/src/std/iter.rs" 45 4 45 91] (a : t_I'0) (ab : Seq.seq t_Item'0) (b : t_I'0) (bc : Seq.seq t_Item'0) (c : t_I'0) : () - + axiom antisym2'0_spec : forall x : t_B'0, y : t_B'0 . ([%#sord13] cmp_log'2 x y = C_Greater'0) + -> ([%#sord14] cmp_log'2 y x = C_Less'0) - axiom produces_trans'0_spec : forall a : t_I'0, ab : Seq.seq t_Item'0, b : t_I'0, bc : Seq.seq t_Item'0, c : t_I'0 . ([%#siter10] produces'1 a ab b) - -> ([%#siter11] produces'1 b bc c) -> ([%#siter12] produces'1 a (Seq.(++) ab bc) c) + function antisym1'0 [#"../../../creusot-contracts/src/logic/ord.rs" 83 4 83 34] (x : t_B'0) (y : t_B'0) : () - function produces_refl'1 [#"../../../creusot-contracts/src/std/iter.rs" 39 4 39 27] (self : t_I'0) : () + axiom antisym1'0_spec : forall x : t_B'0, y : t_B'0 . ([%#sord11] cmp_log'2 x y = C_Less'0) + -> ([%#sord12] cmp_log'2 y x = C_Greater'0) - axiom produces_refl'1_spec : forall self : t_I'0 . [%#siter9] produces'1 self (Seq.empty : Seq.seq t_Item'0) self + function trans'0 [#"../../../creusot-contracts/src/logic/ord.rs" 75 4 75 53] (x : t_B'0) (y : t_B'0) (z : t_B'0) (o : t_Ordering'0) : () + - use prelude.prelude.Snapshot + axiom trans'0_spec : forall x : t_B'0, y : t_B'0, z : t_B'0, o : t_Ordering'0 . ([%#sord8] cmp_log'2 x y = o) + -> ([%#sord9] cmp_log'2 y z = o) -> ([%#sord10] cmp_log'2 x z = o) - use prelude.prelude.Snapshot + function refl'0 [#"../../../creusot-contracts/src/logic/ord.rs" 68 4 68 21] (x : t_B'0) : () - use prelude.prelude.Int + axiom refl'0_spec : forall x : t_B'0 . [%#sord7] cmp_log'2 x x = C_Equal'0 - use seq.Seq + function gt_log'0 [#"../../../creusot-contracts/src/logic/ord.rs" 57 4 57 36] (self : t_B'0) (o : t_B'0) : bool - use seq.Seq + function cmp_gt_log'0 [#"../../../creusot-contracts/src/logic/ord.rs" 63 4 63 36] (x : t_B'0) (y : t_B'0) : () - use seq.Seq + axiom cmp_gt_log'0_spec : forall x : t_B'0, y : t_B'0 . [%#sord6] gt_log'0 x y = (cmp_log'2 x y = C_Greater'0) - use prelude.prelude.Snapshot + function ge_log'0 [#"../../../creusot-contracts/src/logic/ord.rs" 46 4 46 36] (self : t_B'0) (o : t_B'0) : bool - predicate precondition'0 [#"../../../creusot-contracts/src/std/ops.rs" 77 4 77 45] (self : t_F'0) (args : (t_Item'0, Snapshot.snap_ty (Seq.seq t_Item'0))) - + function cmp_ge_log'0 [#"../../../creusot-contracts/src/logic/ord.rs" 52 4 52 36] (x : t_B'0) (y : t_B'0) : () - use seq.Seq + axiom cmp_ge_log'0_spec : forall x : t_B'0, y : t_B'0 . [%#sord5] ge_log'0 x y = (cmp_log'2 x y <> C_Less'0) - predicate produces'0 [@inline:trivial] [#"../../../creusot-contracts/src/std/iter/map_inv.rs" 36 4 36 67] (self : t_MapInv'0) (visited : Seq.seq t_B'0) (succ : t_MapInv'0) - - = - [%#smap_inv1] unnest'0 self.t_MapInv__func'0 succ.t_MapInv__func'0 - /\ (exists fs : Seq.seq (borrowed t_F'0) . Seq.length fs = Seq.length visited - /\ (exists s : Seq.seq t_Item'0 . Seq.length s = Seq.length visited - /\ produces'1 self.t_MapInv__iter'0 s succ.t_MapInv__iter'0 - /\ Snapshot.inner succ.t_MapInv__produced'0 = Seq.(++) (Snapshot.inner self.t_MapInv__produced'0) s - /\ (forall i : int . 1 <= i /\ i < Seq.length fs -> (Seq.get fs (i - 1)).final = (Seq.get fs i).current) - /\ (if Seq.length visited = 0 then - self.t_MapInv__func'0 = succ.t_MapInv__func'0 - else - (Seq.get fs 0).current = self.t_MapInv__func'0 - /\ (Seq.get fs (Seq.length visited - 1)).final = succ.t_MapInv__func'0 - ) - /\ (forall i : int . 0 <= i /\ i < Seq.length visited - -> unnest'0 self.t_MapInv__func'0 (Seq.get fs i).current - /\ precondition'0 (Seq.get fs i).current (Seq.get s i, Snapshot.new (Seq.(++) (Snapshot.inner self.t_MapInv__produced'0) (Seq.([..]) s 0 i))) - /\ postcondition_mut'0 (Seq.get fs i).current (Seq.get s i, Snapshot.new (Seq.(++) (Snapshot.inner self.t_MapInv__produced'0) (Seq.([..]) s 0 i))) (Seq.get fs i).final (Seq.get visited i)))) + function lt_log'1 [#"../../../creusot-contracts/src/logic/ord.rs" 35 4 35 36] (self : t_B'0) (o : t_B'0) : bool - goal refines : [%#smap_inv0] forall self : t_MapInv'0 . forall result : () . produces'0 self (Seq.empty : Seq.seq t_B'0) self - -> produces'0 self (Seq.empty : Seq.seq t_B'0) self -end -module M_creusot_contracts__stdqy35z1__iter__map_inv__qyi9026772487048432788__produces_trans__refines [#"../../../creusot-contracts/src/std/iter/map_inv.rs" 31 4 31 90] (* ::Item, F> as std::iter::Iterator> *) - let%span smap_inv0 = "../../../creusot-contracts/src/std/iter/map_inv.rs" 31 4 31 90 - let%span smap_inv1 = "../../../creusot-contracts/src/std/iter/map_inv.rs" 37 8 49 9 - let%span sops2 = "../../../creusot-contracts/src/std/ops.rs" 109 15 109 59 - let%span sops3 = "../../../creusot-contracts/src/std/ops.rs" 110 14 110 36 - let%span sops4 = "../../../creusot-contracts/src/std/ops.rs" 115 14 115 31 - let%span sops5 = "../../../creusot-contracts/src/std/ops.rs" 120 15 120 29 - let%span sops6 = "../../../creusot-contracts/src/std/ops.rs" 121 15 121 26 - let%span sops7 = "../../../creusot-contracts/src/std/ops.rs" 122 14 122 28 - let%span sops8 = "../../../creusot-contracts/src/std/ops.rs" 127 14 128 105 - let%span siter9 = "../../../creusot-contracts/src/std/iter.rs" 38 14 38 45 - let%span siter10 = "../../../creusot-contracts/src/std/iter.rs" 42 15 42 32 - let%span siter11 = "../../../creusot-contracts/src/std/iter.rs" 43 15 43 32 - let%span siter12 = "../../../creusot-contracts/src/std/iter.rs" 44 14 44 42 + function cmp_lt_log'0 [#"../../../creusot-contracts/src/logic/ord.rs" 41 4 41 36] (x : t_B'0) (y : t_B'0) : () - type t_I'0 + axiom cmp_lt_log'0_spec : forall x : t_B'0, y : t_B'0 . [%#sord4] lt_log'1 x y = (cmp_log'2 x y = C_Less'0) - type t_F'0 + function le_log'1 [#"../../../creusot-contracts/src/logic/ord.rs" 24 4 24 36] (self : t_B'0) (o : t_B'0) : bool - type t_Item'0 + function cmp_le_log'1 [#"../../../creusot-contracts/src/logic/ord.rs" 30 4 30 36] (x : t_B'0) (y : t_B'0) : () - use seq.Seq + axiom cmp_le_log'1_spec : forall x : t_B'0, y : t_B'0 . [%#sord3] le_log'1 x y = (cmp_log'2 x y <> C_Greater'0) - use prelude.prelude.Snapshot + function cmp_log'1 [#"../../../creusot-contracts/src/logic/ord.rs" 19 4 19 46] (self : t_A'0) (other : t_A'0) : t_Ordering'0 + - type t_MapInv'0 = - { t_MapInv__iter'0: t_I'0; t_MapInv__func'0: t_F'0; t_MapInv__produced'0: Snapshot.snap_ty (Seq.seq t_Item'0) } + function eq_cmp'1 [#"../../../creusot-contracts/src/logic/ord.rs" 96 4 96 32] (x : t_A'0) (y : t_A'0) : () - type t_B'0 + axiom eq_cmp'1_spec : forall x : t_A'0, y : t_A'0 . [%#sord15] (x = y) = (cmp_log'1 x y = C_Equal'0) - use seq.Seq + function antisym2'1 [#"../../../creusot-contracts/src/logic/ord.rs" 91 4 91 34] (x : t_A'0) (y : t_A'0) : () - predicate postcondition_once'0 [#"../../../creusot-contracts/src/std/ops.rs" 85 4 85 73] (self : t_F'0) (args : (t_Item'0, Snapshot.snap_ty (Seq.seq t_Item'0))) (result : t_B'0) - + axiom antisym2'1_spec : forall x : t_A'0, y : t_A'0 . ([%#sord13] cmp_log'1 x y = C_Greater'0) + -> ([%#sord14] cmp_log'1 y x = C_Less'0) - use prelude.prelude.Borrow + function antisym1'1 [#"../../../creusot-contracts/src/logic/ord.rs" 83 4 83 34] (x : t_A'0) (y : t_A'0) : () - predicate resolve'0 [#"../../../creusot-contracts/src/resolve.rs" 19 0 19 40] (_1 : t_F'0) + axiom antisym1'1_spec : forall x : t_A'0, y : t_A'0 . ([%#sord11] cmp_log'1 x y = C_Less'0) + -> ([%#sord12] cmp_log'1 y x = C_Greater'0) - predicate postcondition_mut'0 [#"../../../creusot-contracts/src/std/ops.rs" 95 4 95 92] (self : t_F'0) (args : (t_Item'0, Snapshot.snap_ty (Seq.seq t_Item'0))) (result_state : t_F'0) (result : t_B'0) + function trans'1 [#"../../../creusot-contracts/src/logic/ord.rs" 75 4 75 53] (x : t_A'0) (y : t_A'0) (z : t_A'0) (o : t_Ordering'0) : () - function fn_mut_once'0 [#"../../../creusot-contracts/src/std/ops.rs" 129 4 129 55] (self : t_F'0) (args : (t_Item'0, Snapshot.snap_ty (Seq.seq t_Item'0))) (res : t_B'0) : () - + axiom trans'1_spec : forall x : t_A'0, y : t_A'0, z : t_A'0, o : t_Ordering'0 . ([%#sord8] cmp_log'1 x y = o) + -> ([%#sord9] cmp_log'1 y z = o) -> ([%#sord10] cmp_log'1 x z = o) - axiom fn_mut_once'0_spec : forall self : t_F'0, args : (t_Item'0, Snapshot.snap_ty (Seq.seq t_Item'0)), res : t_B'0 . [%#sops8] postcondition_once'0 self args res - = (exists res_state : t_F'0 . postcondition_mut'0 self args res_state res /\ resolve'0 res_state) + function refl'1 [#"../../../creusot-contracts/src/logic/ord.rs" 68 4 68 21] (x : t_A'0) : () - predicate unnest'0 [#"../../../creusot-contracts/src/std/ops.rs" 103 4 103 36] (self : t_F'0) (_2 : t_F'0) + axiom refl'1_spec : forall x : t_A'0 . [%#sord7] cmp_log'1 x x = C_Equal'0 - function unnest_trans'0 [#"../../../creusot-contracts/src/std/ops.rs" 123 4 123 43] (self : t_F'0) (b : t_F'0) (c : t_F'0) : () - + function gt_log'1 [#"../../../creusot-contracts/src/logic/ord.rs" 57 4 57 36] (self : t_A'0) (o : t_A'0) : bool - axiom unnest_trans'0_spec : forall self : t_F'0, b : t_F'0, c : t_F'0 . ([%#sops5] unnest'0 self b) - -> ([%#sops6] unnest'0 b c) -> ([%#sops7] unnest'0 self c) + function cmp_gt_log'1 [#"../../../creusot-contracts/src/logic/ord.rs" 63 4 63 36] (x : t_A'0) (y : t_A'0) : () - function unnest_refl'0 [#"../../../creusot-contracts/src/std/ops.rs" 116 4 116 24] (self : t_F'0) : () + axiom cmp_gt_log'1_spec : forall x : t_A'0, y : t_A'0 . [%#sord6] gt_log'1 x y = (cmp_log'1 x y = C_Greater'0) - axiom unnest_refl'0_spec : forall self : t_F'0 . [%#sops4] unnest'0 self self + function ge_log'1 [#"../../../creusot-contracts/src/logic/ord.rs" 46 4 46 36] (self : t_A'0) (o : t_A'0) : bool - function postcondition_mut_unnest'0 [#"../../../creusot-contracts/src/std/ops.rs" 111 4 111 85] (self : t_F'0) (args : (t_Item'0, Snapshot.snap_ty (Seq.seq t_Item'0))) (res_state : t_F'0) (res : t_B'0) : () - + function cmp_ge_log'1 [#"../../../creusot-contracts/src/logic/ord.rs" 52 4 52 36] (x : t_A'0) (y : t_A'0) : () - axiom postcondition_mut_unnest'0_spec : forall self : t_F'0, args : (t_Item'0, Snapshot.snap_ty (Seq.seq t_Item'0)), res_state : t_F'0, res : t_B'0 . ([%#sops2] postcondition_mut'0 self args res_state res) - -> ([%#sops3] unnest'0 self res_state) + axiom cmp_ge_log'1_spec : forall x : t_A'0, y : t_A'0 . [%#sord5] ge_log'1 x y = (cmp_log'1 x y <> C_Less'0) - use seq.Seq + function lt_log'0 [#"../../../creusot-contracts/src/logic/ord.rs" 35 4 35 36] (self : t_A'0) (o : t_A'0) : bool - use seq.Seq + function cmp_lt_log'1 [#"../../../creusot-contracts/src/logic/ord.rs" 41 4 41 36] (x : t_A'0) (y : t_A'0) : () - use seq.Seq + axiom cmp_lt_log'1_spec : forall x : t_A'0, y : t_A'0 . [%#sord4] lt_log'0 x y = (cmp_log'1 x y = C_Less'0) - use seq.Seq + function le_log'2 [#"../../../creusot-contracts/src/logic/ord.rs" 24 4 24 36] (self : t_A'0) (o : t_A'0) : bool - use seq.Seq + function cmp_le_log'2 [#"../../../creusot-contracts/src/logic/ord.rs" 30 4 30 36] (x : t_A'0) (y : t_A'0) : () - use seq.Seq + axiom cmp_le_log'2_spec : forall x : t_A'0, y : t_A'0 . [%#sord3] le_log'2 x y = (cmp_log'1 x y <> C_Greater'0) - predicate produces'1 [#"../../../creusot-contracts/src/std/iter.rs" 32 4 32 65] (self : t_I'0) (visited : Seq.seq t_Item'0) (o : t_I'0) + function le_log'0 [#"../../../creusot-contracts/src/logic/ord.rs" 275 4 275 36] (self : (t_A'0, t_B'0)) (o : (t_A'0, t_B'0)) : bool + = + [%#sord1] (let (a, _) = self in a) = (let (a, _) = o in a) + /\ le_log'1 (let (_, a) = self in a) (let (_, a) = o in a) + \/ lt_log'0 (let (a, _) = self in a) (let (a, _) = o in a) - function produces_trans'1 [#"../../../creusot-contracts/src/std/iter.rs" 45 4 45 91] (a : t_I'0) (ab : Seq.seq t_Item'0) (b : t_I'0) (bc : Seq.seq t_Item'0) (c : t_I'0) : () + function cmp_log'0 [#"../../../creusot-contracts/src/logic/ord.rs" 262 4 262 41] (self : (t_A'0, t_B'0)) (o : (t_A'0, t_B'0)) : t_Ordering'0 + + = + [%#sord2] let r = cmp_log'1 (let (a, _) = self in a) (let (a, _) = o in a) in if r = C_Equal'0 then + cmp_log'2 (let (_, a) = self in a) (let (_, a) = o in a) + else + r - axiom produces_trans'1_spec : forall a : t_I'0, ab : Seq.seq t_Item'0, b : t_I'0, bc : Seq.seq t_Item'0, c : t_I'0 . ([%#siter10] produces'1 a ab b) - -> ([%#siter11] produces'1 b bc c) -> ([%#siter12] produces'1 a (Seq.(++) ab bc) c) + goal refines : [%#sord0] forall x : (t_A'0, t_B'0) . forall y : (t_A'0, t_B'0) . forall result : () . le_log'0 x y + = (cmp_log'0 x y <> C_Greater'0) -> le_log'0 x y = (cmp_log'0 x y <> C_Greater'0) +end +module M_creusot_contracts__logic__ord__qyi1910662420989811789__refl__refines [#"../../../creusot-contracts/src/logic/ord.rs" 150 8 150 24] (* <(A, B) as logic::ord::OrdLogic> *) + let%span sord0 = "../../../creusot-contracts/src/logic/ord.rs" 150 8 150 24 + let%span sord1 = "../../../creusot-contracts/src/logic/ord.rs" 263 8 270 11 + let%span sord2 = "../../../creusot-contracts/src/logic/ord.rs" 29 14 29 64 + let%span sord3 = "../../../creusot-contracts/src/logic/ord.rs" 40 14 40 61 + let%span sord4 = "../../../creusot-contracts/src/logic/ord.rs" 51 14 51 61 + let%span sord5 = "../../../creusot-contracts/src/logic/ord.rs" 62 14 62 64 + let%span sord6 = "../../../creusot-contracts/src/logic/ord.rs" 67 14 67 45 + let%span sord7 = "../../../creusot-contracts/src/logic/ord.rs" 72 15 72 32 + let%span sord8 = "../../../creusot-contracts/src/logic/ord.rs" 73 15 73 32 + let%span sord9 = "../../../creusot-contracts/src/logic/ord.rs" 74 14 74 31 + let%span sord10 = "../../../creusot-contracts/src/logic/ord.rs" 81 15 81 45 + let%span sord11 = "../../../creusot-contracts/src/logic/ord.rs" 82 14 82 47 + let%span sord12 = "../../../creusot-contracts/src/logic/ord.rs" 89 15 89 48 + let%span sord13 = "../../../creusot-contracts/src/logic/ord.rs" 90 14 90 44 + let%span sord14 = "../../../creusot-contracts/src/logic/ord.rs" 95 14 95 59 - function produces_refl'0 [#"../../../creusot-contracts/src/std/iter.rs" 39 4 39 27] (self : t_I'0) : () + type t_A'0 - axiom produces_refl'0_spec : forall self : t_I'0 . [%#siter9] produces'1 self (Seq.empty : Seq.seq t_Item'0) self + type t_B'0 - use prelude.prelude.Snapshot + type t_Ordering'0 = + | C_Less'0 + | C_Equal'0 + | C_Greater'0 - use prelude.prelude.Snapshot + function cmp_log'1 [#"../../../creusot-contracts/src/logic/ord.rs" 19 4 19 46] (self : t_A'0) (other : t_A'0) : t_Ordering'0 + - use prelude.prelude.Int + function eq_cmp'0 [#"../../../creusot-contracts/src/logic/ord.rs" 96 4 96 32] (x : t_A'0) (y : t_A'0) : () - use seq.Seq + axiom eq_cmp'0_spec : forall x : t_A'0, y : t_A'0 . [%#sord14] (x = y) = (cmp_log'1 x y = C_Equal'0) - use seq.Seq + function antisym2'0 [#"../../../creusot-contracts/src/logic/ord.rs" 91 4 91 34] (x : t_A'0) (y : t_A'0) : () - use seq.Seq + axiom antisym2'0_spec : forall x : t_A'0, y : t_A'0 . ([%#sord12] cmp_log'1 x y = C_Greater'0) + -> ([%#sord13] cmp_log'1 y x = C_Less'0) - use prelude.prelude.Snapshot + function antisym1'0 [#"../../../creusot-contracts/src/logic/ord.rs" 83 4 83 34] (x : t_A'0) (y : t_A'0) : () - predicate precondition'0 [#"../../../creusot-contracts/src/std/ops.rs" 77 4 77 45] (self : t_F'0) (args : (t_Item'0, Snapshot.snap_ty (Seq.seq t_Item'0))) + axiom antisym1'0_spec : forall x : t_A'0, y : t_A'0 . ([%#sord10] cmp_log'1 x y = C_Less'0) + -> ([%#sord11] cmp_log'1 y x = C_Greater'0) + + function trans'0 [#"../../../creusot-contracts/src/logic/ord.rs" 75 4 75 53] (x : t_A'0) (y : t_A'0) (z : t_A'0) (o : t_Ordering'0) : () - use seq.Seq + axiom trans'0_spec : forall x : t_A'0, y : t_A'0, z : t_A'0, o : t_Ordering'0 . ([%#sord7] cmp_log'1 x y = o) + -> ([%#sord8] cmp_log'1 y z = o) -> ([%#sord9] cmp_log'1 x z = o) - predicate produces'0 [@inline:trivial] [#"../../../creusot-contracts/src/std/iter/map_inv.rs" 36 4 36 67] (self : t_MapInv'0) (visited : Seq.seq t_B'0) (succ : t_MapInv'0) - - = - [%#smap_inv1] unnest'0 self.t_MapInv__func'0 succ.t_MapInv__func'0 - /\ (exists fs : Seq.seq (borrowed t_F'0) . Seq.length fs = Seq.length visited - /\ (exists s : Seq.seq t_Item'0 . Seq.length s = Seq.length visited - /\ produces'1 self.t_MapInv__iter'0 s succ.t_MapInv__iter'0 - /\ Snapshot.inner succ.t_MapInv__produced'0 = Seq.(++) (Snapshot.inner self.t_MapInv__produced'0) s - /\ (forall i : int . 1 <= i /\ i < Seq.length fs -> (Seq.get fs (i - 1)).final = (Seq.get fs i).current) - /\ (if Seq.length visited = 0 then - self.t_MapInv__func'0 = succ.t_MapInv__func'0 - else - (Seq.get fs 0).current = self.t_MapInv__func'0 - /\ (Seq.get fs (Seq.length visited - 1)).final = succ.t_MapInv__func'0 - ) - /\ (forall i : int . 0 <= i /\ i < Seq.length visited - -> unnest'0 self.t_MapInv__func'0 (Seq.get fs i).current - /\ precondition'0 (Seq.get fs i).current (Seq.get s i, Snapshot.new (Seq.(++) (Snapshot.inner self.t_MapInv__produced'0) (Seq.([..]) s 0 i))) - /\ postcondition_mut'0 (Seq.get fs i).current (Seq.get s i, Snapshot.new (Seq.(++) (Snapshot.inner self.t_MapInv__produced'0) (Seq.([..]) s 0 i))) (Seq.get fs i).final (Seq.get visited i)))) + function refl'1 [#"../../../creusot-contracts/src/logic/ord.rs" 68 4 68 21] (x : t_A'0) : () - use seq.Seq + axiom refl'1_spec : forall x : t_A'0 . [%#sord6] cmp_log'1 x x = C_Equal'0 - goal refines : [%#smap_inv0] forall a : t_MapInv'0 . forall ab : Seq.seq t_B'0 . forall b : t_MapInv'0 . forall bc : Seq.seq t_B'0 . forall c : t_MapInv'0 . produces'0 b bc c - /\ produces'0 a ab b - -> produces'0 b bc c - /\ produces'0 a ab b /\ (forall result : () . produces'0 a (Seq.(++) ab bc) c -> produces'0 a (Seq.(++) ab bc) c) -end -module M_creusot_contracts__stdqy35z1__iter__once__qyi8116812009287608646__produces_trans__refines [#"../../../creusot-contracts/src/std/iter/once.rs" 39 4 39 90] (* as std::iter::Iterator> *) - let%span sonce0 = "../../../creusot-contracts/src/std/iter/once.rs" 39 4 39 90 - let%span sonce1 = "../../../creusot-contracts/src/std/iter/once.rs" 24 12 25 96 + function gt_log'0 [#"../../../creusot-contracts/src/logic/ord.rs" 57 4 57 36] (self : t_A'0) (o : t_A'0) : bool - type t_T'0 + function cmp_gt_log'0 [#"../../../creusot-contracts/src/logic/ord.rs" 63 4 63 36] (x : t_A'0) (y : t_A'0) : () - type t_Option'0 = - | C_None'0 - | C_Some'0 t_T'0 + axiom cmp_gt_log'0_spec : forall x : t_A'0, y : t_A'0 . [%#sord5] gt_log'0 x y = (cmp_log'1 x y = C_Greater'0) - type t_Item'0 = - { t_Item__opt'0: t_Option'0 } + function ge_log'0 [#"../../../creusot-contracts/src/logic/ord.rs" 46 4 46 36] (self : t_A'0) (o : t_A'0) : bool - type t_IntoIter'0 = - { t_IntoIter__inner'0: t_Item'0 } + function cmp_ge_log'0 [#"../../../creusot-contracts/src/logic/ord.rs" 52 4 52 36] (x : t_A'0) (y : t_A'0) : () - type t_Once'0 = - { t_Once__inner'0: t_IntoIter'0 } + axiom cmp_ge_log'0_spec : forall x : t_A'0, y : t_A'0 . [%#sord4] ge_log'0 x y = (cmp_log'1 x y <> C_Less'0) - use seq.Seq + function lt_log'0 [#"../../../creusot-contracts/src/logic/ord.rs" 35 4 35 36] (self : t_A'0) (o : t_A'0) : bool - use seq.Seq + function cmp_lt_log'0 [#"../../../creusot-contracts/src/logic/ord.rs" 41 4 41 36] (x : t_A'0) (y : t_A'0) : () - function view'0 [#"../../../creusot-contracts/src/std/iter/once.rs" 8 4 8 30] (self : t_Once'0) : t_Option'0 + axiom cmp_lt_log'0_spec : forall x : t_A'0, y : t_A'0 . [%#sord3] lt_log'0 x y = (cmp_log'1 x y = C_Less'0) - use seq.Seq + function le_log'0 [#"../../../creusot-contracts/src/logic/ord.rs" 24 4 24 36] (self : t_A'0) (o : t_A'0) : bool - predicate produces'0 [#"../../../creusot-contracts/src/std/iter/once.rs" 22 4 22 64] (self : t_Once'0) (visited : Seq.seq t_T'0) (o : t_Once'0) + function cmp_le_log'0 [#"../../../creusot-contracts/src/logic/ord.rs" 30 4 30 36] (x : t_A'0) (y : t_A'0) : () + + axiom cmp_le_log'0_spec : forall x : t_A'0, y : t_A'0 . [%#sord2] le_log'0 x y = (cmp_log'1 x y <> C_Greater'0) + + function cmp_log'2 [#"../../../creusot-contracts/src/logic/ord.rs" 19 4 19 46] (self : t_B'0) (other : t_B'0) : t_Ordering'0 - = - [%#sonce1] visited = (Seq.empty : Seq.seq t_T'0) /\ self = o - \/ (exists e : t_T'0 . view'0 self = C_Some'0 e /\ visited = Seq.singleton e /\ view'0 o = C_None'0) - use seq.Seq + function eq_cmp'1 [#"../../../creusot-contracts/src/logic/ord.rs" 96 4 96 32] (x : t_B'0) (y : t_B'0) : () - goal refines : [%#sonce0] forall a : t_Once'0 . forall ab : Seq.seq t_T'0 . forall b : t_Once'0 . forall bc : Seq.seq t_T'0 . forall c : t_Once'0 . produces'0 b bc c - /\ produces'0 a ab b - -> produces'0 b bc c - /\ produces'0 a ab b /\ (forall result : () . produces'0 a (Seq.(++) ab bc) c -> produces'0 a (Seq.(++) ab bc) c) -end -module M_creusot_contracts__stdqy35z1__iter__once__qyi8116812009287608646__produces_refl__refines [#"../../../creusot-contracts/src/std/iter/once.rs" 32 4 32 26] (* as std::iter::Iterator> *) - let%span sonce0 = "../../../creusot-contracts/src/std/iter/once.rs" 32 4 32 26 - let%span sonce1 = "../../../creusot-contracts/src/std/iter/once.rs" 24 12 25 96 + axiom eq_cmp'1_spec : forall x : t_B'0, y : t_B'0 . [%#sord14] (x = y) = (cmp_log'2 x y = C_Equal'0) - type t_T'0 + function antisym2'1 [#"../../../creusot-contracts/src/logic/ord.rs" 91 4 91 34] (x : t_B'0) (y : t_B'0) : () - type t_Option'0 = - | C_None'0 - | C_Some'0 t_T'0 + axiom antisym2'1_spec : forall x : t_B'0, y : t_B'0 . ([%#sord12] cmp_log'2 x y = C_Greater'0) + -> ([%#sord13] cmp_log'2 y x = C_Less'0) - type t_Item'0 = - { t_Item__opt'0: t_Option'0 } + function antisym1'1 [#"../../../creusot-contracts/src/logic/ord.rs" 83 4 83 34] (x : t_B'0) (y : t_B'0) : () - type t_IntoIter'0 = - { t_IntoIter__inner'0: t_Item'0 } + axiom antisym1'1_spec : forall x : t_B'0, y : t_B'0 . ([%#sord10] cmp_log'2 x y = C_Less'0) + -> ([%#sord11] cmp_log'2 y x = C_Greater'0) - type t_Once'0 = - { t_Once__inner'0: t_IntoIter'0 } + function trans'1 [#"../../../creusot-contracts/src/logic/ord.rs" 75 4 75 53] (x : t_B'0) (y : t_B'0) (z : t_B'0) (o : t_Ordering'0) : () + - use seq.Seq + axiom trans'1_spec : forall x : t_B'0, y : t_B'0, z : t_B'0, o : t_Ordering'0 . ([%#sord7] cmp_log'2 x y = o) + -> ([%#sord8] cmp_log'2 y z = o) -> ([%#sord9] cmp_log'2 x z = o) - use seq.Seq + function refl'2 [#"../../../creusot-contracts/src/logic/ord.rs" 68 4 68 21] (x : t_B'0) : () - function view'0 [#"../../../creusot-contracts/src/std/iter/once.rs" 8 4 8 30] (self : t_Once'0) : t_Option'0 + axiom refl'2_spec : forall x : t_B'0 . [%#sord6] cmp_log'2 x x = C_Equal'0 - use seq.Seq + function gt_log'1 [#"../../../creusot-contracts/src/logic/ord.rs" 57 4 57 36] (self : t_B'0) (o : t_B'0) : bool + + function cmp_gt_log'1 [#"../../../creusot-contracts/src/logic/ord.rs" 63 4 63 36] (x : t_B'0) (y : t_B'0) : () + + axiom cmp_gt_log'1_spec : forall x : t_B'0, y : t_B'0 . [%#sord5] gt_log'1 x y = (cmp_log'2 x y = C_Greater'0) + + function ge_log'1 [#"../../../creusot-contracts/src/logic/ord.rs" 46 4 46 36] (self : t_B'0) (o : t_B'0) : bool + + function cmp_ge_log'1 [#"../../../creusot-contracts/src/logic/ord.rs" 52 4 52 36] (x : t_B'0) (y : t_B'0) : () + + axiom cmp_ge_log'1_spec : forall x : t_B'0, y : t_B'0 . [%#sord4] ge_log'1 x y = (cmp_log'2 x y <> C_Less'0) + + function lt_log'1 [#"../../../creusot-contracts/src/logic/ord.rs" 35 4 35 36] (self : t_B'0) (o : t_B'0) : bool + + function cmp_lt_log'1 [#"../../../creusot-contracts/src/logic/ord.rs" 41 4 41 36] (x : t_B'0) (y : t_B'0) : () + + axiom cmp_lt_log'1_spec : forall x : t_B'0, y : t_B'0 . [%#sord3] lt_log'1 x y = (cmp_log'2 x y = C_Less'0) + + function le_log'1 [#"../../../creusot-contracts/src/logic/ord.rs" 24 4 24 36] (self : t_B'0) (o : t_B'0) : bool + + function cmp_le_log'1 [#"../../../creusot-contracts/src/logic/ord.rs" 30 4 30 36] (x : t_B'0) (y : t_B'0) : () + + axiom cmp_le_log'1_spec : forall x : t_B'0, y : t_B'0 . [%#sord2] le_log'1 x y = (cmp_log'2 x y <> C_Greater'0) - predicate produces'0 [#"../../../creusot-contracts/src/std/iter/once.rs" 22 4 22 64] (self : t_Once'0) (visited : Seq.seq t_T'0) (o : t_Once'0) + function cmp_log'0 [#"../../../creusot-contracts/src/logic/ord.rs" 262 4 262 41] (self : (t_A'0, t_B'0)) (o : (t_A'0, t_B'0)) : t_Ordering'0 = - [%#sonce1] visited = (Seq.empty : Seq.seq t_T'0) /\ self = o - \/ (exists e : t_T'0 . view'0 self = C_Some'0 e /\ visited = Seq.singleton e /\ view'0 o = C_None'0) + [%#sord1] let r = cmp_log'1 (let (a, _) = self in a) (let (a, _) = o in a) in if r = C_Equal'0 then + cmp_log'2 (let (_, a) = self in a) (let (_, a) = o in a) + else + r + - goal refines : [%#sonce0] forall self : t_Once'0 . forall result : () . produces'0 self (Seq.empty : Seq.seq t_T'0) self - -> produces'0 self (Seq.empty : Seq.seq t_T'0) self + goal refines : [%#sord0] forall x : (t_A'0, t_B'0) . forall result : () . cmp_log'0 x x = C_Equal'0 + -> cmp_log'0 x x = C_Equal'0 end -module M_creusot_contracts__stdqy35z1__iter__range__qyi16860283617022118777__produces_refl__refines [#"../../../creusot-contracts/src/std/iter/range.rs" 33 4 33 26] (* as std::iter::Iterator> *) - let%span srange0 = "../../../creusot-contracts/src/std/iter/range.rs" 33 4 33 26 - let%span srange1 = "../../../creusot-contracts/src/std/iter/range.rs" 22 12 26 70 +module M_creusot_contracts__logic__ord__qyi1910662420989811789__trans__refines [#"../../../creusot-contracts/src/logic/ord.rs" 157 8 157 56] (* <(A, B) as logic::ord::OrdLogic> *) + let%span sord0 = "../../../creusot-contracts/src/logic/ord.rs" 157 8 157 56 + let%span sord1 = "../../../creusot-contracts/src/logic/ord.rs" 263 8 270 11 + let%span sord2 = "../../../creusot-contracts/src/logic/ord.rs" 29 14 29 64 + let%span sord3 = "../../../creusot-contracts/src/logic/ord.rs" 40 14 40 61 + let%span sord4 = "../../../creusot-contracts/src/logic/ord.rs" 51 14 51 61 + let%span sord5 = "../../../creusot-contracts/src/logic/ord.rs" 62 14 62 64 + let%span sord6 = "../../../creusot-contracts/src/logic/ord.rs" 67 14 67 45 + let%span sord7 = "../../../creusot-contracts/src/logic/ord.rs" 72 15 72 32 + let%span sord8 = "../../../creusot-contracts/src/logic/ord.rs" 73 15 73 32 + let%span sord9 = "../../../creusot-contracts/src/logic/ord.rs" 74 14 74 31 + let%span sord10 = "../../../creusot-contracts/src/logic/ord.rs" 81 15 81 45 + let%span sord11 = "../../../creusot-contracts/src/logic/ord.rs" 82 14 82 47 + let%span sord12 = "../../../creusot-contracts/src/logic/ord.rs" 89 15 89 48 + let%span sord13 = "../../../creusot-contracts/src/logic/ord.rs" 90 14 90 44 + let%span sord14 = "../../../creusot-contracts/src/logic/ord.rs" 95 14 95 59 - type t_Idx'0 + type t_A'0 - type t_Range'0 = - { t_Range__start'0: t_Idx'0; t_Range__end'0: t_Idx'0 } + type t_B'0 - use seq.Seq + type t_Ordering'0 = + | C_Less'0 + | C_Equal'0 + | C_Greater'0 - use seq.Seq + function cmp_log'1 [#"../../../creusot-contracts/src/logic/ord.rs" 19 4 19 46] (self : t_A'0) (other : t_A'0) : t_Ordering'0 + - use prelude.prelude.Int + function eq_cmp'0 [#"../../../creusot-contracts/src/logic/ord.rs" 96 4 96 32] (x : t_A'0) (y : t_A'0) : () - function deep_model'0 [#"../../../creusot-contracts/src/model.rs" 29 4 29 45] (self : t_Idx'0) : int + axiom eq_cmp'0_spec : forall x : t_A'0, y : t_A'0 . [%#sord14] (x = y) = (cmp_log'1 x y = C_Equal'0) - use seq.Seq + function antisym2'0 [#"../../../creusot-contracts/src/logic/ord.rs" 91 4 91 34] (x : t_A'0) (y : t_A'0) : () - use seq.Seq + axiom antisym2'0_spec : forall x : t_A'0, y : t_A'0 . ([%#sord12] cmp_log'1 x y = C_Greater'0) + -> ([%#sord13] cmp_log'1 y x = C_Less'0) - predicate produces'0 [#"../../../creusot-contracts/src/std/iter/range.rs" 20 4 20 64] (self : t_Range'0) (visited : Seq.seq t_Idx'0) (o : t_Range'0) - - = - [%#srange1] self.t_Range__end'0 = o.t_Range__end'0 - /\ deep_model'0 self.t_Range__start'0 <= deep_model'0 o.t_Range__start'0 - /\ (Seq.length visited > 0 -> deep_model'0 o.t_Range__start'0 <= deep_model'0 o.t_Range__end'0) - /\ Seq.length visited = deep_model'0 o.t_Range__start'0 - deep_model'0 self.t_Range__start'0 - /\ (forall i : int . 0 <= i /\ i < Seq.length visited - -> deep_model'0 (Seq.get visited i) = deep_model'0 self.t_Range__start'0 + i) + function antisym1'0 [#"../../../creusot-contracts/src/logic/ord.rs" 83 4 83 34] (x : t_A'0) (y : t_A'0) : () - goal refines : [%#srange0] forall self : t_Range'0 . forall result : () . produces'0 self (Seq.empty : Seq.seq t_Idx'0) self - -> produces'0 self (Seq.empty : Seq.seq t_Idx'0) self -end -module M_creusot_contracts__stdqy35z1__iter__range__qyi16860283617022118777__produces_trans__refines [#"../../../creusot-contracts/src/std/iter/range.rs" 40 4 40 90] (* as std::iter::Iterator> *) - let%span srange0 = "../../../creusot-contracts/src/std/iter/range.rs" 40 4 40 90 - let%span srange1 = "../../../creusot-contracts/src/std/iter/range.rs" 22 12 26 70 + axiom antisym1'0_spec : forall x : t_A'0, y : t_A'0 . ([%#sord10] cmp_log'1 x y = C_Less'0) + -> ([%#sord11] cmp_log'1 y x = C_Greater'0) - type t_Idx'0 + function trans'1 [#"../../../creusot-contracts/src/logic/ord.rs" 75 4 75 53] (x : t_A'0) (y : t_A'0) (z : t_A'0) (o : t_Ordering'0) : () + - type t_Range'0 = - { t_Range__start'0: t_Idx'0; t_Range__end'0: t_Idx'0 } + axiom trans'1_spec : forall x : t_A'0, y : t_A'0, z : t_A'0, o : t_Ordering'0 . ([%#sord7] cmp_log'1 x y = o) + -> ([%#sord8] cmp_log'1 y z = o) -> ([%#sord9] cmp_log'1 x z = o) - use seq.Seq + function refl'0 [#"../../../creusot-contracts/src/logic/ord.rs" 68 4 68 21] (x : t_A'0) : () - use prelude.prelude.Int + axiom refl'0_spec : forall x : t_A'0 . [%#sord6] cmp_log'1 x x = C_Equal'0 - function deep_model'0 [#"../../../creusot-contracts/src/model.rs" 29 4 29 45] (self : t_Idx'0) : int + function gt_log'0 [#"../../../creusot-contracts/src/logic/ord.rs" 57 4 57 36] (self : t_A'0) (o : t_A'0) : bool - use seq.Seq + function cmp_gt_log'0 [#"../../../creusot-contracts/src/logic/ord.rs" 63 4 63 36] (x : t_A'0) (y : t_A'0) : () - use seq.Seq + axiom cmp_gt_log'0_spec : forall x : t_A'0, y : t_A'0 . [%#sord5] gt_log'0 x y = (cmp_log'1 x y = C_Greater'0) - predicate produces'0 [#"../../../creusot-contracts/src/std/iter/range.rs" 20 4 20 64] (self : t_Range'0) (visited : Seq.seq t_Idx'0) (o : t_Range'0) - - = - [%#srange1] self.t_Range__end'0 = o.t_Range__end'0 - /\ deep_model'0 self.t_Range__start'0 <= deep_model'0 o.t_Range__start'0 - /\ (Seq.length visited > 0 -> deep_model'0 o.t_Range__start'0 <= deep_model'0 o.t_Range__end'0) - /\ Seq.length visited = deep_model'0 o.t_Range__start'0 - deep_model'0 self.t_Range__start'0 - /\ (forall i : int . 0 <= i /\ i < Seq.length visited - -> deep_model'0 (Seq.get visited i) = deep_model'0 self.t_Range__start'0 + i) + function ge_log'0 [#"../../../creusot-contracts/src/logic/ord.rs" 46 4 46 36] (self : t_A'0) (o : t_A'0) : bool - use seq.Seq + function cmp_ge_log'0 [#"../../../creusot-contracts/src/logic/ord.rs" 52 4 52 36] (x : t_A'0) (y : t_A'0) : () - goal refines : [%#srange0] forall a : t_Range'0 . forall ab : Seq.seq t_Idx'0 . forall b : t_Range'0 . forall bc : Seq.seq t_Idx'0 . forall c : t_Range'0 . produces'0 b bc c - /\ produces'0 a ab b - -> produces'0 b bc c - /\ produces'0 a ab b /\ (forall result : () . produces'0 a (Seq.(++) ab bc) c -> produces'0 a (Seq.(++) ab bc) c) -end -module M_creusot_contracts__stdqy35z1__iter__range__qyi11108913944999844411__produces_trans__refines [#"../../../creusot-contracts/src/std/iter/range.rs" 84 4 84 90] (* as std::iter::Iterator> *) - let%span srange0 = "../../../creusot-contracts/src/std/iter/range.rs" 84 4 84 90 - let%span srange1 = "../../../creusot-contracts/src/std/iter/range.rs" 66 12 70 76 - let%span srange2 = "../../../creusot-contracts/src/std/iter/range.rs" 45 10 45 43 - let%span srange3 = "../../../creusot-contracts/src/std/iter/range.rs" 47 4 50 5 - let%span sops4 = "../../../creusot-contracts/src/std/ops.rs" 205 14 205 86 + axiom cmp_ge_log'0_spec : forall x : t_A'0, y : t_A'0 . [%#sord4] ge_log'0 x y = (cmp_log'1 x y <> C_Less'0) - type t_Idx'0 + function lt_log'0 [#"../../../creusot-contracts/src/logic/ord.rs" 35 4 35 36] (self : t_A'0) (o : t_A'0) : bool - type t_RangeInclusive'0 = - { t_RangeInclusive__start'0: t_Idx'0; t_RangeInclusive__end'0: t_Idx'0; t_RangeInclusive__exhausted'0: bool } + function cmp_lt_log'0 [#"../../../creusot-contracts/src/logic/ord.rs" 41 4 41 36] (x : t_A'0) (y : t_A'0) : () - use seq.Seq + axiom cmp_lt_log'0_spec : forall x : t_A'0, y : t_A'0 . [%#sord3] lt_log'0 x y = (cmp_log'1 x y = C_Less'0) - use seq.Seq + function le_log'0 [#"../../../creusot-contracts/src/logic/ord.rs" 24 4 24 36] (self : t_A'0) (o : t_A'0) : bool - function start_log'0 [#"../../../creusot-contracts/src/std/ops.rs" 193 4 193 29] (self : t_RangeInclusive'0) : t_Idx'0 + function cmp_le_log'0 [#"../../../creusot-contracts/src/logic/ord.rs" 30 4 30 36] (x : t_A'0) (y : t_A'0) : () - use prelude.prelude.Int + axiom cmp_le_log'0_spec : forall x : t_A'0, y : t_A'0 . [%#sord2] le_log'0 x y = (cmp_log'1 x y <> C_Greater'0) - function deep_model'0 [#"../../../creusot-contracts/src/model.rs" 29 4 29 45] (self : t_Idx'0) : int + function cmp_log'2 [#"../../../creusot-contracts/src/logic/ord.rs" 19 4 19 46] (self : t_B'0) (other : t_B'0) : t_Ordering'0 + - function end_log'0 [#"../../../creusot-contracts/src/std/ops.rs" 199 4 199 27] (self : t_RangeInclusive'0) : t_Idx'0 + function eq_cmp'1 [#"../../../creusot-contracts/src/logic/ord.rs" 96 4 96 32] (x : t_B'0) (y : t_B'0) : () - function is_empty_log'0 [#"../../../creusot-contracts/src/std/ops.rs" 206 4 209 35] (self : t_RangeInclusive'0) : bool + axiom eq_cmp'1_spec : forall x : t_B'0, y : t_B'0 . [%#sord14] (x = y) = (cmp_log'2 x y = C_Equal'0) - axiom is_empty_log'0_spec : forall self : t_RangeInclusive'0 . [%#sops4] not is_empty_log'0 self - -> deep_model'0 (start_log'0 self) <= deep_model'0 (end_log'0 self) + function antisym2'1 [#"../../../creusot-contracts/src/logic/ord.rs" 91 4 91 34] (x : t_B'0) (y : t_B'0) : () - function range_inclusive_len'0 [#"../../../creusot-contracts/src/std/iter/range.rs" 46 0 46 92] (r : t_RangeInclusive'0) : int - - = - [%#srange3] if is_empty_log'0 r then 0 else deep_model'0 (end_log'0 r) - deep_model'0 (start_log'0 r) + 1 + axiom antisym2'1_spec : forall x : t_B'0, y : t_B'0 . ([%#sord12] cmp_log'2 x y = C_Greater'0) + -> ([%#sord13] cmp_log'2 y x = C_Less'0) - axiom range_inclusive_len'0_spec : forall r : t_RangeInclusive'0 . [%#srange2] is_empty_log'0 r - = (range_inclusive_len'0 r = 0) + function antisym1'1 [#"../../../creusot-contracts/src/logic/ord.rs" 83 4 83 34] (x : t_B'0) (y : t_B'0) : () - use seq.Seq + axiom antisym1'1_spec : forall x : t_B'0, y : t_B'0 . ([%#sord10] cmp_log'2 x y = C_Less'0) + -> ([%#sord11] cmp_log'2 y x = C_Greater'0) - predicate produces'0 [#"../../../creusot-contracts/src/std/iter/range.rs" 64 4 64 64] (self : t_RangeInclusive'0) (visited : Seq.seq t_Idx'0) (o : t_RangeInclusive'0) + function trans'2 [#"../../../creusot-contracts/src/logic/ord.rs" 75 4 75 53] (x : t_B'0) (y : t_B'0) (z : t_B'0) (o : t_Ordering'0) : () - = - [%#srange1] Seq.length visited = range_inclusive_len'0 self - range_inclusive_len'0 o - /\ (is_empty_log'0 self -> is_empty_log'0 o) - /\ (is_empty_log'0 o \/ end_log'0 self = end_log'0 o) - /\ (forall i : int . 0 <= i /\ i < Seq.length visited - -> deep_model'0 (Seq.get visited i) = deep_model'0 (start_log'0 self) + i) - use seq.Seq - - goal refines : [%#srange0] forall a : t_RangeInclusive'0 . forall ab : Seq.seq t_Idx'0 . forall b : t_RangeInclusive'0 . forall bc : Seq.seq t_Idx'0 . forall c : t_RangeInclusive'0 . produces'0 b bc c - /\ produces'0 a ab b - -> produces'0 b bc c - /\ produces'0 a ab b /\ (forall result : () . produces'0 a (Seq.(++) ab bc) c -> produces'0 a (Seq.(++) ab bc) c) -end -module M_creusot_contracts__stdqy35z1__iter__range__qyi11108913944999844411__produces_refl__refines [#"../../../creusot-contracts/src/std/iter/range.rs" 77 4 77 26] (* as std::iter::Iterator> *) - let%span srange0 = "../../../creusot-contracts/src/std/iter/range.rs" 77 4 77 26 - let%span srange1 = "../../../creusot-contracts/src/std/iter/range.rs" 66 12 70 76 - let%span srange2 = "../../../creusot-contracts/src/std/iter/range.rs" 45 10 45 43 - let%span srange3 = "../../../creusot-contracts/src/std/iter/range.rs" 47 4 50 5 - let%span sops4 = "../../../creusot-contracts/src/std/ops.rs" 205 14 205 86 + axiom trans'2_spec : forall x : t_B'0, y : t_B'0, z : t_B'0, o : t_Ordering'0 . ([%#sord7] cmp_log'2 x y = o) + -> ([%#sord8] cmp_log'2 y z = o) -> ([%#sord9] cmp_log'2 x z = o) - type t_Idx'0 + function refl'1 [#"../../../creusot-contracts/src/logic/ord.rs" 68 4 68 21] (x : t_B'0) : () - type t_RangeInclusive'0 = - { t_RangeInclusive__start'0: t_Idx'0; t_RangeInclusive__end'0: t_Idx'0; t_RangeInclusive__exhausted'0: bool } + axiom refl'1_spec : forall x : t_B'0 . [%#sord6] cmp_log'2 x x = C_Equal'0 - use seq.Seq + function gt_log'1 [#"../../../creusot-contracts/src/logic/ord.rs" 57 4 57 36] (self : t_B'0) (o : t_B'0) : bool - use seq.Seq + function cmp_gt_log'1 [#"../../../creusot-contracts/src/logic/ord.rs" 63 4 63 36] (x : t_B'0) (y : t_B'0) : () - use seq.Seq + axiom cmp_gt_log'1_spec : forall x : t_B'0, y : t_B'0 . [%#sord5] gt_log'1 x y = (cmp_log'2 x y = C_Greater'0) - function start_log'0 [#"../../../creusot-contracts/src/std/ops.rs" 193 4 193 29] (self : t_RangeInclusive'0) : t_Idx'0 + function ge_log'1 [#"../../../creusot-contracts/src/logic/ord.rs" 46 4 46 36] (self : t_B'0) (o : t_B'0) : bool - use prelude.prelude.Int + function cmp_ge_log'1 [#"../../../creusot-contracts/src/logic/ord.rs" 52 4 52 36] (x : t_B'0) (y : t_B'0) : () - function deep_model'0 [#"../../../creusot-contracts/src/model.rs" 29 4 29 45] (self : t_Idx'0) : int + axiom cmp_ge_log'1_spec : forall x : t_B'0, y : t_B'0 . [%#sord4] ge_log'1 x y = (cmp_log'2 x y <> C_Less'0) - function end_log'0 [#"../../../creusot-contracts/src/std/ops.rs" 199 4 199 27] (self : t_RangeInclusive'0) : t_Idx'0 + function lt_log'1 [#"../../../creusot-contracts/src/logic/ord.rs" 35 4 35 36] (self : t_B'0) (o : t_B'0) : bool - function is_empty_log'0 [#"../../../creusot-contracts/src/std/ops.rs" 206 4 209 35] (self : t_RangeInclusive'0) : bool + function cmp_lt_log'1 [#"../../../creusot-contracts/src/logic/ord.rs" 41 4 41 36] (x : t_B'0) (y : t_B'0) : () - axiom is_empty_log'0_spec : forall self : t_RangeInclusive'0 . [%#sops4] not is_empty_log'0 self - -> deep_model'0 (start_log'0 self) <= deep_model'0 (end_log'0 self) + axiom cmp_lt_log'1_spec : forall x : t_B'0, y : t_B'0 . [%#sord3] lt_log'1 x y = (cmp_log'2 x y = C_Less'0) - function range_inclusive_len'0 [#"../../../creusot-contracts/src/std/iter/range.rs" 46 0 46 92] (r : t_RangeInclusive'0) : int - - = - [%#srange3] if is_empty_log'0 r then 0 else deep_model'0 (end_log'0 r) - deep_model'0 (start_log'0 r) + 1 + function le_log'1 [#"../../../creusot-contracts/src/logic/ord.rs" 24 4 24 36] (self : t_B'0) (o : t_B'0) : bool - axiom range_inclusive_len'0_spec : forall r : t_RangeInclusive'0 . [%#srange2] is_empty_log'0 r - = (range_inclusive_len'0 r = 0) + function cmp_le_log'1 [#"../../../creusot-contracts/src/logic/ord.rs" 30 4 30 36] (x : t_B'0) (y : t_B'0) : () - use seq.Seq + axiom cmp_le_log'1_spec : forall x : t_B'0, y : t_B'0 . [%#sord2] le_log'1 x y = (cmp_log'2 x y <> C_Greater'0) - predicate produces'0 [#"../../../creusot-contracts/src/std/iter/range.rs" 64 4 64 64] (self : t_RangeInclusive'0) (visited : Seq.seq t_Idx'0) (o : t_RangeInclusive'0) + function cmp_log'0 [#"../../../creusot-contracts/src/logic/ord.rs" 262 4 262 41] (self : (t_A'0, t_B'0)) (o : (t_A'0, t_B'0)) : t_Ordering'0 = - [%#srange1] Seq.length visited = range_inclusive_len'0 self - range_inclusive_len'0 o - /\ (is_empty_log'0 self -> is_empty_log'0 o) - /\ (is_empty_log'0 o \/ end_log'0 self = end_log'0 o) - /\ (forall i : int . 0 <= i /\ i < Seq.length visited - -> deep_model'0 (Seq.get visited i) = deep_model'0 (start_log'0 self) + i) + [%#sord1] let r = cmp_log'1 (let (a, _) = self in a) (let (a, _) = o in a) in if r = C_Equal'0 then + cmp_log'2 (let (_, a) = self in a) (let (_, a) = o in a) + else + r + - goal refines : [%#srange0] forall self : t_RangeInclusive'0 . forall result : () . produces'0 self (Seq.empty : Seq.seq t_Idx'0) self - -> produces'0 self (Seq.empty : Seq.seq t_Idx'0) self + goal refines : [%#sord0] forall x : (t_A'0, t_B'0) . forall y : (t_A'0, t_B'0) . forall z : (t_A'0, t_B'0) . forall o : t_Ordering'0 . cmp_log'0 y z + = o + /\ cmp_log'0 x y = o + -> cmp_log'0 y z = o /\ cmp_log'0 x y = o /\ (forall result : () . cmp_log'0 x z = o -> cmp_log'0 x z = o) end -module M_creusot_contracts__stdqy35z1__iter__repeat__qyi8658929399712466629__produces_refl__refines [#"../../../creusot-contracts/src/std/iter/repeat.rs" 32 4 32 26] (* as std::iter::Iterator> *) - let%span srepeat0 = "../../../creusot-contracts/src/std/iter/repeat.rs" 32 4 32 26 - let%span srepeat1 = "../../../creusot-contracts/src/std/iter/repeat.rs" 24 12 25 78 +module M_creusot_contracts__logic__ord__qyi1910662420989811789__cmp_lt_log__refines [#"../../../creusot-contracts/src/logic/ord.rs" 135 8 135 39] (* <(A, B) as logic::ord::OrdLogic> *) + let%span sord0 = "../../../creusot-contracts/src/logic/ord.rs" 135 8 135 39 + let%span sord1 = "../../../creusot-contracts/src/logic/ord.rs" 282 20 282 67 + let%span sord2 = "../../../creusot-contracts/src/logic/ord.rs" 263 8 270 11 + let%span sord3 = "../../../creusot-contracts/src/logic/ord.rs" 29 14 29 64 + let%span sord4 = "../../../creusot-contracts/src/logic/ord.rs" 40 14 40 61 + let%span sord5 = "../../../creusot-contracts/src/logic/ord.rs" 51 14 51 61 + let%span sord6 = "../../../creusot-contracts/src/logic/ord.rs" 62 14 62 64 + let%span sord7 = "../../../creusot-contracts/src/logic/ord.rs" 67 14 67 45 + let%span sord8 = "../../../creusot-contracts/src/logic/ord.rs" 72 15 72 32 + let%span sord9 = "../../../creusot-contracts/src/logic/ord.rs" 73 15 73 32 + let%span sord10 = "../../../creusot-contracts/src/logic/ord.rs" 74 14 74 31 + let%span sord11 = "../../../creusot-contracts/src/logic/ord.rs" 81 15 81 45 + let%span sord12 = "../../../creusot-contracts/src/logic/ord.rs" 82 14 82 47 + let%span sord13 = "../../../creusot-contracts/src/logic/ord.rs" 89 15 89 48 + let%span sord14 = "../../../creusot-contracts/src/logic/ord.rs" 90 14 90 44 + let%span sord15 = "../../../creusot-contracts/src/logic/ord.rs" 95 14 95 59 - type t_T'0 + type t_A'0 - type t_Repeat'0 = - { t_Repeat__element'0: t_T'0 } + type t_B'0 + + type t_Ordering'0 = + | C_Less'0 + | C_Equal'0 + | C_Greater'0 + + function cmp_log'2 [#"../../../creusot-contracts/src/logic/ord.rs" 19 4 19 46] (self : t_B'0) (other : t_B'0) : t_Ordering'0 + - use seq.Seq + function eq_cmp'0 [#"../../../creusot-contracts/src/logic/ord.rs" 96 4 96 32] (x : t_B'0) (y : t_B'0) : () - use seq.Seq + axiom eq_cmp'0_spec : forall x : t_B'0, y : t_B'0 . [%#sord15] (x = y) = (cmp_log'2 x y = C_Equal'0) - use prelude.prelude.Int + function antisym2'0 [#"../../../creusot-contracts/src/logic/ord.rs" 91 4 91 34] (x : t_B'0) (y : t_B'0) : () - use seq.Seq + axiom antisym2'0_spec : forall x : t_B'0, y : t_B'0 . ([%#sord13] cmp_log'2 x y = C_Greater'0) + -> ([%#sord14] cmp_log'2 y x = C_Less'0) - use seq.Seq + function antisym1'0 [#"../../../creusot-contracts/src/logic/ord.rs" 83 4 83 34] (x : t_B'0) (y : t_B'0) : () - function view'0 [#"../../../creusot-contracts/src/std/iter/repeat.rs" 8 4 8 22] (self : t_Repeat'0) : t_T'0 + axiom antisym1'0_spec : forall x : t_B'0, y : t_B'0 . ([%#sord11] cmp_log'2 x y = C_Less'0) + -> ([%#sord12] cmp_log'2 y x = C_Greater'0) - predicate produces'0 [#"../../../creusot-contracts/src/std/iter/repeat.rs" 22 4 22 64] (self : t_Repeat'0) (visited : Seq.seq t_T'0) (o : t_Repeat'0) + function trans'0 [#"../../../creusot-contracts/src/logic/ord.rs" 75 4 75 53] (x : t_B'0) (y : t_B'0) (z : t_B'0) (o : t_Ordering'0) : () - = - [%#srepeat1] self = o /\ (forall i : int . 0 <= i /\ i < Seq.length visited -> Seq.get visited i = view'0 self) - goal refines : [%#srepeat0] forall self : t_Repeat'0 . forall result : () . produces'0 self (Seq.empty : Seq.seq t_T'0) self - -> produces'0 self (Seq.empty : Seq.seq t_T'0) self -end -module M_creusot_contracts__stdqy35z1__iter__repeat__qyi8658929399712466629__produces_trans__refines [#"../../../creusot-contracts/src/std/iter/repeat.rs" 39 4 39 90] (* as std::iter::Iterator> *) - let%span srepeat0 = "../../../creusot-contracts/src/std/iter/repeat.rs" 39 4 39 90 - let%span srepeat1 = "../../../creusot-contracts/src/std/iter/repeat.rs" 24 12 25 78 + axiom trans'0_spec : forall x : t_B'0, y : t_B'0, z : t_B'0, o : t_Ordering'0 . ([%#sord8] cmp_log'2 x y = o) + -> ([%#sord9] cmp_log'2 y z = o) -> ([%#sord10] cmp_log'2 x z = o) - type t_T'0 + function refl'0 [#"../../../creusot-contracts/src/logic/ord.rs" 68 4 68 21] (x : t_B'0) : () - type t_Repeat'0 = - { t_Repeat__element'0: t_T'0 } + axiom refl'0_spec : forall x : t_B'0 . [%#sord7] cmp_log'2 x x = C_Equal'0 - use seq.Seq + function gt_log'0 [#"../../../creusot-contracts/src/logic/ord.rs" 57 4 57 36] (self : t_B'0) (o : t_B'0) : bool - use prelude.prelude.Int + function cmp_gt_log'0 [#"../../../creusot-contracts/src/logic/ord.rs" 63 4 63 36] (x : t_B'0) (y : t_B'0) : () - use seq.Seq + axiom cmp_gt_log'0_spec : forall x : t_B'0, y : t_B'0 . [%#sord6] gt_log'0 x y = (cmp_log'2 x y = C_Greater'0) - use seq.Seq + function ge_log'0 [#"../../../creusot-contracts/src/logic/ord.rs" 46 4 46 36] (self : t_B'0) (o : t_B'0) : bool - function view'0 [#"../../../creusot-contracts/src/std/iter/repeat.rs" 8 4 8 22] (self : t_Repeat'0) : t_T'0 + function cmp_ge_log'0 [#"../../../creusot-contracts/src/logic/ord.rs" 52 4 52 36] (x : t_B'0) (y : t_B'0) : () - predicate produces'0 [#"../../../creusot-contracts/src/std/iter/repeat.rs" 22 4 22 64] (self : t_Repeat'0) (visited : Seq.seq t_T'0) (o : t_Repeat'0) - - = - [%#srepeat1] self = o /\ (forall i : int . 0 <= i /\ i < Seq.length visited -> Seq.get visited i = view'0 self) + axiom cmp_ge_log'0_spec : forall x : t_B'0, y : t_B'0 . [%#sord5] ge_log'0 x y = (cmp_log'2 x y <> C_Less'0) - use seq.Seq + function lt_log'1 [#"../../../creusot-contracts/src/logic/ord.rs" 35 4 35 36] (self : t_B'0) (o : t_B'0) : bool - goal refines : [%#srepeat0] forall a : t_Repeat'0 . forall ab : Seq.seq t_T'0 . forall b : t_Repeat'0 . forall bc : Seq.seq t_T'0 . forall c : t_Repeat'0 . produces'0 b bc c - /\ produces'0 a ab b - -> produces'0 b bc c - /\ produces'0 a ab b /\ (forall result : () . produces'0 a (Seq.(++) ab bc) c -> produces'0 a (Seq.(++) ab bc) c) -end -module M_creusot_contracts__stdqy35z1__iter__skip__qyi3195031491774060502__produces_trans__refines [#"../../../creusot-contracts/src/std/iter/skip.rs" 81 4 81 90] (* as std::iter::Iterator> *) - let%span sskip0 = "../../../creusot-contracts/src/std/iter/skip.rs" 81 4 81 90 - let%span sskip1 = "../../../creusot-contracts/src/std/iter/skip.rs" 62 12 67 74 - let%span sskip2 = "../../../creusot-contracts/src/std/iter/skip.rs" 21 14 21 50 - let%span sskip3 = "../../../creusot-contracts/src/std/iter/skip.rs" 14 14 14 39 - let%span siter4 = "../../../creusot-contracts/src/std/iter.rs" 38 14 38 45 - let%span siter5 = "../../../creusot-contracts/src/std/iter.rs" 42 15 42 32 - let%span siter6 = "../../../creusot-contracts/src/std/iter.rs" 43 15 43 32 - let%span siter7 = "../../../creusot-contracts/src/std/iter.rs" 44 14 44 42 + function cmp_lt_log'1 [#"../../../creusot-contracts/src/logic/ord.rs" 41 4 41 36] (x : t_B'0) (y : t_B'0) : () - type t_I'0 + axiom cmp_lt_log'1_spec : forall x : t_B'0, y : t_B'0 . [%#sord4] lt_log'1 x y = (cmp_log'2 x y = C_Less'0) - use prelude.prelude.UIntSize + function le_log'0 [#"../../../creusot-contracts/src/logic/ord.rs" 24 4 24 36] (self : t_B'0) (o : t_B'0) : bool - type t_Skip'0 = - { t_Skip__iter'0: t_I'0; t_Skip__n'0: usize } + function cmp_le_log'0 [#"../../../creusot-contracts/src/logic/ord.rs" 30 4 30 36] (x : t_B'0) (y : t_B'0) : () - type t_Item'0 + axiom cmp_le_log'0_spec : forall x : t_B'0, y : t_B'0 . [%#sord3] le_log'0 x y = (cmp_log'2 x y <> C_Greater'0) - use seq.Seq + function cmp_log'1 [#"../../../creusot-contracts/src/logic/ord.rs" 19 4 19 46] (self : t_A'0) (other : t_A'0) : t_Ordering'0 + - use seq.Seq + function eq_cmp'1 [#"../../../creusot-contracts/src/logic/ord.rs" 96 4 96 32] (x : t_A'0) (y : t_A'0) : () - use prelude.prelude.Int + axiom eq_cmp'1_spec : forall x : t_A'0, y : t_A'0 . [%#sord15] (x = y) = (cmp_log'1 x y = C_Equal'0) - constant v_MAX'0 : usize = (18446744073709551615 : usize) + function antisym2'1 [#"../../../creusot-contracts/src/logic/ord.rs" 91 4 91 34] (x : t_A'0) (y : t_A'0) : () - use prelude.prelude.UIntSize + axiom antisym2'1_spec : forall x : t_A'0, y : t_A'0 . ([%#sord13] cmp_log'1 x y = C_Greater'0) + -> ([%#sord14] cmp_log'1 y x = C_Less'0) - function n'0 [#"../../../creusot-contracts/src/std/iter/skip.rs" 22 4 22 21] (self : t_Skip'0) : int + function antisym1'1 [#"../../../creusot-contracts/src/logic/ord.rs" 83 4 83 34] (x : t_A'0) (y : t_A'0) : () - axiom n'0_spec : forall self : t_Skip'0 . [%#sskip2] n'0 self >= 0 /\ n'0 self <= UIntSize.to_int (v_MAX'0 : usize) + axiom antisym1'1_spec : forall x : t_A'0, y : t_A'0 . ([%#sord11] cmp_log'1 x y = C_Less'0) + -> ([%#sord12] cmp_log'1 y x = C_Greater'0) - use seq.Seq + function trans'1 [#"../../../creusot-contracts/src/logic/ord.rs" 75 4 75 53] (x : t_A'0) (y : t_A'0) (z : t_A'0) (o : t_Ordering'0) : () + - predicate inv'1 [#"../../../creusot-contracts/src/invariant.rs" 41 0 41 35] (_1 : t_I'0) + axiom trans'1_spec : forall x : t_A'0, y : t_A'0, z : t_A'0, o : t_Ordering'0 . ([%#sord8] cmp_log'1 x y = o) + -> ([%#sord9] cmp_log'1 y z = o) -> ([%#sord10] cmp_log'1 x z = o) - predicate inv'0 [#"../../../creusot-contracts/src/invariant.rs" 41 0 41 35] (_1 : t_Skip'0) + function refl'1 [#"../../../creusot-contracts/src/logic/ord.rs" 68 4 68 21] (x : t_A'0) : () - axiom inv_axiom'0 [@rewrite] : forall x : t_Skip'0 [inv'0 x] . inv'0 x - = match x with - | {t_Skip__iter'0 = iter ; t_Skip__n'0 = n} -> inv'1 iter - end + axiom refl'1_spec : forall x : t_A'0 . [%#sord7] cmp_log'1 x x = C_Equal'0 - function iter'0 [#"../../../creusot-contracts/src/std/iter/skip.rs" 15 4 15 22] (self : t_Skip'0) : t_I'0 + function gt_log'1 [#"../../../creusot-contracts/src/logic/ord.rs" 57 4 57 36] (self : t_A'0) (o : t_A'0) : bool - axiom iter'0_spec : forall self : t_Skip'0 . [%#sskip3] inv'0 self -> inv'1 (iter'0 self) + function cmp_gt_log'1 [#"../../../creusot-contracts/src/logic/ord.rs" 63 4 63 36] (x : t_A'0) (y : t_A'0) : () - use seq.Seq + axiom cmp_gt_log'1_spec : forall x : t_A'0, y : t_A'0 . [%#sord6] gt_log'1 x y = (cmp_log'1 x y = C_Greater'0) - predicate produces'1 [#"../../../creusot-contracts/src/std/iter.rs" 32 4 32 65] (self : t_I'0) (visited : Seq.seq t_Item'0) (o : t_I'0) - + function ge_log'1 [#"../../../creusot-contracts/src/logic/ord.rs" 46 4 46 36] (self : t_A'0) (o : t_A'0) : bool - function produces_trans'1 [#"../../../creusot-contracts/src/std/iter.rs" 45 4 45 91] (a : t_I'0) (ab : Seq.seq t_Item'0) (b : t_I'0) (bc : Seq.seq t_Item'0) (c : t_I'0) : () - + function cmp_ge_log'1 [#"../../../creusot-contracts/src/logic/ord.rs" 52 4 52 36] (x : t_A'0) (y : t_A'0) : () - axiom produces_trans'1_spec : forall a : t_I'0, ab : Seq.seq t_Item'0, b : t_I'0, bc : Seq.seq t_Item'0, c : t_I'0 . ([%#siter5] produces'1 a ab b) - -> ([%#siter6] produces'1 b bc c) -> ([%#siter7] produces'1 a (Seq.(++) ab bc) c) + axiom cmp_ge_log'1_spec : forall x : t_A'0, y : t_A'0 . [%#sord5] ge_log'1 x y = (cmp_log'1 x y <> C_Less'0) - function produces_refl'0 [#"../../../creusot-contracts/src/std/iter.rs" 39 4 39 27] (self : t_I'0) : () + function lt_log'2 [#"../../../creusot-contracts/src/logic/ord.rs" 35 4 35 36] (self : t_A'0) (o : t_A'0) : bool - axiom produces_refl'0_spec : forall self : t_I'0 . [%#siter4] produces'1 self (Seq.empty : Seq.seq t_Item'0) self + function cmp_lt_log'2 [#"../../../creusot-contracts/src/logic/ord.rs" 41 4 41 36] (x : t_A'0) (y : t_A'0) : () - use seq.Seq + axiom cmp_lt_log'2_spec : forall x : t_A'0, y : t_A'0 . [%#sord4] lt_log'2 x y = (cmp_log'1 x y = C_Less'0) - use prelude.prelude.Borrow + function le_log'1 [#"../../../creusot-contracts/src/logic/ord.rs" 24 4 24 36] (self : t_A'0) (o : t_A'0) : bool - predicate resolve'0 [#"../../../creusot-contracts/src/resolve.rs" 19 0 19 40] (_1 : t_Item'0) + function cmp_le_log'1 [#"../../../creusot-contracts/src/logic/ord.rs" 30 4 30 36] (x : t_A'0) (y : t_A'0) : () - predicate produces'0 [#"../../../creusot-contracts/src/std/iter/skip.rs" 60 4 60 64] (self : t_Skip'0) (visited : Seq.seq t_Item'0) (o : t_Skip'0) + axiom cmp_le_log'1_spec : forall x : t_A'0, y : t_A'0 . [%#sord3] le_log'1 x y = (cmp_log'1 x y <> C_Greater'0) + + function lt_log'0 [#"../../../creusot-contracts/src/logic/ord.rs" 281 4 281 36] (self : (t_A'0, t_B'0)) (o : (t_A'0, t_B'0)) : bool = - [%#sskip1] visited = (Seq.empty : Seq.seq t_Item'0) /\ self = o - \/ n'0 o = 0 - /\ Seq.length visited > 0 - /\ (exists s : Seq.seq t_Item'0 . Seq.length s = n'0 self - /\ produces'1 (iter'0 self) (Seq.(++) s visited) (iter'0 o) - /\ (forall i : int . 0 <= i /\ i < Seq.length s -> resolve'0 (Seq.get s i))) - - goal refines : [%#sskip0] forall a : t_Skip'0 . forall ab : Seq.seq t_Item'0 . forall b : t_Skip'0 . forall bc : Seq.seq t_Item'0 . forall c : t_Skip'0 . produces'0 b bc c - /\ produces'0 a ab b - -> produces'0 b bc c - /\ produces'0 a ab b /\ (forall result : () . produces'0 a (Seq.(++) ab bc) c -> produces'0 a (Seq.(++) ab bc) c) -end -module M_creusot_contracts__stdqy35z1__iter__skip__qyi3195031491774060502__produces_refl__refines [#"../../../creusot-contracts/src/std/iter/skip.rs" 74 4 74 26] (* as std::iter::Iterator> *) - let%span sskip0 = "../../../creusot-contracts/src/std/iter/skip.rs" 74 4 74 26 - let%span sskip1 = "../../../creusot-contracts/src/std/iter/skip.rs" 62 12 67 74 - let%span sskip2 = "../../../creusot-contracts/src/std/iter/skip.rs" 21 14 21 50 - let%span sskip3 = "../../../creusot-contracts/src/std/iter/skip.rs" 14 14 14 39 - let%span siter4 = "../../../creusot-contracts/src/std/iter.rs" 38 14 38 45 - let%span siter5 = "../../../creusot-contracts/src/std/iter.rs" 42 15 42 32 - let%span siter6 = "../../../creusot-contracts/src/std/iter.rs" 43 15 43 32 - let%span siter7 = "../../../creusot-contracts/src/std/iter.rs" 44 14 44 42 + [%#sord1] (let (a, _) = self in a) = (let (a, _) = o in a) + /\ lt_log'1 (let (_, a) = self in a) (let (_, a) = o in a) + \/ lt_log'2 (let (a, _) = self in a) (let (a, _) = o in a) - type t_I'0 + function cmp_log'0 [#"../../../creusot-contracts/src/logic/ord.rs" 262 4 262 41] (self : (t_A'0, t_B'0)) (o : (t_A'0, t_B'0)) : t_Ordering'0 + + = + [%#sord2] let r = cmp_log'1 (let (a, _) = self in a) (let (a, _) = o in a) in if r = C_Equal'0 then + cmp_log'2 (let (_, a) = self in a) (let (_, a) = o in a) + else + r + - use prelude.prelude.UIntSize + goal refines : [%#sord0] forall x : (t_A'0, t_B'0) . forall y : (t_A'0, t_B'0) . forall result : () . lt_log'0 x y + = (cmp_log'0 x y = C_Less'0) -> lt_log'0 x y = (cmp_log'0 x y = C_Less'0) +end +module M_creusot_contracts__logic__ord__qyi1910662420989811789__antisym1__refines [#"../../../creusot-contracts/src/logic/ord.rs" 163 8 163 37] (* <(A, B) as logic::ord::OrdLogic> *) + let%span sord0 = "../../../creusot-contracts/src/logic/ord.rs" 163 8 163 37 + let%span sord1 = "../../../creusot-contracts/src/logic/ord.rs" 263 8 270 11 + let%span sord2 = "../../../creusot-contracts/src/logic/ord.rs" 29 14 29 64 + let%span sord3 = "../../../creusot-contracts/src/logic/ord.rs" 40 14 40 61 + let%span sord4 = "../../../creusot-contracts/src/logic/ord.rs" 51 14 51 61 + let%span sord5 = "../../../creusot-contracts/src/logic/ord.rs" 62 14 62 64 + let%span sord6 = "../../../creusot-contracts/src/logic/ord.rs" 67 14 67 45 + let%span sord7 = "../../../creusot-contracts/src/logic/ord.rs" 72 15 72 32 + let%span sord8 = "../../../creusot-contracts/src/logic/ord.rs" 73 15 73 32 + let%span sord9 = "../../../creusot-contracts/src/logic/ord.rs" 74 14 74 31 + let%span sord10 = "../../../creusot-contracts/src/logic/ord.rs" 81 15 81 45 + let%span sord11 = "../../../creusot-contracts/src/logic/ord.rs" 82 14 82 47 + let%span sord12 = "../../../creusot-contracts/src/logic/ord.rs" 89 15 89 48 + let%span sord13 = "../../../creusot-contracts/src/logic/ord.rs" 90 14 90 44 + let%span sord14 = "../../../creusot-contracts/src/logic/ord.rs" 95 14 95 59 - type t_Skip'0 = - { t_Skip__iter'0: t_I'0; t_Skip__n'0: usize } + type t_A'0 - use seq.Seq + type t_B'0 - type t_Item'0 + type t_Ordering'0 = + | C_Less'0 + | C_Equal'0 + | C_Greater'0 - use seq.Seq + function cmp_log'1 [#"../../../creusot-contracts/src/logic/ord.rs" 19 4 19 46] (self : t_A'0) (other : t_A'0) : t_Ordering'0 + - use prelude.prelude.Int + function eq_cmp'0 [#"../../../creusot-contracts/src/logic/ord.rs" 96 4 96 32] (x : t_A'0) (y : t_A'0) : () - constant v_MAX'0 : usize = (18446744073709551615 : usize) + axiom eq_cmp'0_spec : forall x : t_A'0, y : t_A'0 . [%#sord14] (x = y) = (cmp_log'1 x y = C_Equal'0) - use prelude.prelude.UIntSize + function antisym2'0 [#"../../../creusot-contracts/src/logic/ord.rs" 91 4 91 34] (x : t_A'0) (y : t_A'0) : () - function n'0 [#"../../../creusot-contracts/src/std/iter/skip.rs" 22 4 22 21] (self : t_Skip'0) : int + axiom antisym2'0_spec : forall x : t_A'0, y : t_A'0 . ([%#sord12] cmp_log'1 x y = C_Greater'0) + -> ([%#sord13] cmp_log'1 y x = C_Less'0) - axiom n'0_spec : forall self : t_Skip'0 . [%#sskip2] n'0 self >= 0 /\ n'0 self <= UIntSize.to_int (v_MAX'0 : usize) + function antisym1'1 [#"../../../creusot-contracts/src/logic/ord.rs" 83 4 83 34] (x : t_A'0) (y : t_A'0) : () - use seq.Seq + axiom antisym1'1_spec : forall x : t_A'0, y : t_A'0 . ([%#sord10] cmp_log'1 x y = C_Less'0) + -> ([%#sord11] cmp_log'1 y x = C_Greater'0) - predicate inv'1 [#"../../../creusot-contracts/src/invariant.rs" 41 0 41 35] (_1 : t_I'0) + function trans'0 [#"../../../creusot-contracts/src/logic/ord.rs" 75 4 75 53] (x : t_A'0) (y : t_A'0) (z : t_A'0) (o : t_Ordering'0) : () + - predicate inv'0 [#"../../../creusot-contracts/src/invariant.rs" 41 0 41 35] (_1 : t_Skip'0) + axiom trans'0_spec : forall x : t_A'0, y : t_A'0, z : t_A'0, o : t_Ordering'0 . ([%#sord7] cmp_log'1 x y = o) + -> ([%#sord8] cmp_log'1 y z = o) -> ([%#sord9] cmp_log'1 x z = o) - axiom inv_axiom'0 [@rewrite] : forall x : t_Skip'0 [inv'0 x] . inv'0 x - = match x with - | {t_Skip__iter'0 = iter ; t_Skip__n'0 = n} -> inv'1 iter - end + function refl'0 [#"../../../creusot-contracts/src/logic/ord.rs" 68 4 68 21] (x : t_A'0) : () - function iter'0 [#"../../../creusot-contracts/src/std/iter/skip.rs" 15 4 15 22] (self : t_Skip'0) : t_I'0 + axiom refl'0_spec : forall x : t_A'0 . [%#sord6] cmp_log'1 x x = C_Equal'0 - axiom iter'0_spec : forall self : t_Skip'0 . [%#sskip3] inv'0 self -> inv'1 (iter'0 self) + function gt_log'0 [#"../../../creusot-contracts/src/logic/ord.rs" 57 4 57 36] (self : t_A'0) (o : t_A'0) : bool - use seq.Seq + function cmp_gt_log'0 [#"../../../creusot-contracts/src/logic/ord.rs" 63 4 63 36] (x : t_A'0) (y : t_A'0) : () - predicate produces'1 [#"../../../creusot-contracts/src/std/iter.rs" 32 4 32 65] (self : t_I'0) (visited : Seq.seq t_Item'0) (o : t_I'0) - + axiom cmp_gt_log'0_spec : forall x : t_A'0, y : t_A'0 . [%#sord5] gt_log'0 x y = (cmp_log'1 x y = C_Greater'0) - function produces_trans'0 [#"../../../creusot-contracts/src/std/iter.rs" 45 4 45 91] (a : t_I'0) (ab : Seq.seq t_Item'0) (b : t_I'0) (bc : Seq.seq t_Item'0) (c : t_I'0) : () - + function ge_log'0 [#"../../../creusot-contracts/src/logic/ord.rs" 46 4 46 36] (self : t_A'0) (o : t_A'0) : bool - axiom produces_trans'0_spec : forall a : t_I'0, ab : Seq.seq t_Item'0, b : t_I'0, bc : Seq.seq t_Item'0, c : t_I'0 . ([%#siter5] produces'1 a ab b) - -> ([%#siter6] produces'1 b bc c) -> ([%#siter7] produces'1 a (Seq.(++) ab bc) c) + function cmp_ge_log'0 [#"../../../creusot-contracts/src/logic/ord.rs" 52 4 52 36] (x : t_A'0) (y : t_A'0) : () - function produces_refl'1 [#"../../../creusot-contracts/src/std/iter.rs" 39 4 39 27] (self : t_I'0) : () + axiom cmp_ge_log'0_spec : forall x : t_A'0, y : t_A'0 . [%#sord4] ge_log'0 x y = (cmp_log'1 x y <> C_Less'0) - axiom produces_refl'1_spec : forall self : t_I'0 . [%#siter4] produces'1 self (Seq.empty : Seq.seq t_Item'0) self + function lt_log'0 [#"../../../creusot-contracts/src/logic/ord.rs" 35 4 35 36] (self : t_A'0) (o : t_A'0) : bool - use seq.Seq + function cmp_lt_log'0 [#"../../../creusot-contracts/src/logic/ord.rs" 41 4 41 36] (x : t_A'0) (y : t_A'0) : () - use prelude.prelude.Borrow + axiom cmp_lt_log'0_spec : forall x : t_A'0, y : t_A'0 . [%#sord3] lt_log'0 x y = (cmp_log'1 x y = C_Less'0) - predicate resolve'0 [#"../../../creusot-contracts/src/resolve.rs" 19 0 19 40] (_1 : t_Item'0) + function le_log'0 [#"../../../creusot-contracts/src/logic/ord.rs" 24 4 24 36] (self : t_A'0) (o : t_A'0) : bool - predicate produces'0 [#"../../../creusot-contracts/src/std/iter/skip.rs" 60 4 60 64] (self : t_Skip'0) (visited : Seq.seq t_Item'0) (o : t_Skip'0) - - = - [%#sskip1] visited = (Seq.empty : Seq.seq t_Item'0) /\ self = o - \/ n'0 o = 0 - /\ Seq.length visited > 0 - /\ (exists s : Seq.seq t_Item'0 . Seq.length s = n'0 self - /\ produces'1 (iter'0 self) (Seq.(++) s visited) (iter'0 o) - /\ (forall i : int . 0 <= i /\ i < Seq.length s -> resolve'0 (Seq.get s i))) + function cmp_le_log'0 [#"../../../creusot-contracts/src/logic/ord.rs" 30 4 30 36] (x : t_A'0) (y : t_A'0) : () - goal refines : [%#sskip0] forall self : t_Skip'0 . forall result : () . produces'0 self (Seq.empty : Seq.seq t_Item'0) self - -> produces'0 self (Seq.empty : Seq.seq t_Item'0) self -end -module M_creusot_contracts__stdqy35z1__iter__take__qyi12344256497067751022__produces_refl__refines [#"../../../creusot-contracts/src/std/iter/take.rs" 72 4 72 26] (* as std::iter::Iterator> *) - let%span stake0 = "../../../creusot-contracts/src/std/iter/take.rs" 72 4 72 26 - let%span stake1 = "../../../creusot-contracts/src/std/iter/take.rs" 65 12 65 88 - let%span stake2 = "../../../creusot-contracts/src/std/iter/take.rs" 31 14 31 50 - let%span stake3 = "../../../creusot-contracts/src/std/iter/take.rs" 17 14 17 39 - let%span siter4 = "../../../creusot-contracts/src/std/iter.rs" 38 14 38 45 - let%span siter5 = "../../../creusot-contracts/src/std/iter.rs" 42 15 42 32 - let%span siter6 = "../../../creusot-contracts/src/std/iter.rs" 43 15 43 32 - let%span siter7 = "../../../creusot-contracts/src/std/iter.rs" 44 14 44 42 + axiom cmp_le_log'0_spec : forall x : t_A'0, y : t_A'0 . [%#sord2] le_log'0 x y = (cmp_log'1 x y <> C_Greater'0) - type t_I'0 + function cmp_log'2 [#"../../../creusot-contracts/src/logic/ord.rs" 19 4 19 46] (self : t_B'0) (other : t_B'0) : t_Ordering'0 + - use prelude.prelude.UIntSize + function eq_cmp'1 [#"../../../creusot-contracts/src/logic/ord.rs" 96 4 96 32] (x : t_B'0) (y : t_B'0) : () - type t_Take'0 = - { t_Take__iter'0: t_I'0; t_Take__n'0: usize } + axiom eq_cmp'1_spec : forall x : t_B'0, y : t_B'0 . [%#sord14] (x = y) = (cmp_log'2 x y = C_Equal'0) - use seq.Seq + function antisym2'1 [#"../../../creusot-contracts/src/logic/ord.rs" 91 4 91 34] (x : t_B'0) (y : t_B'0) : () - type t_Item'0 + axiom antisym2'1_spec : forall x : t_B'0, y : t_B'0 . ([%#sord12] cmp_log'2 x y = C_Greater'0) + -> ([%#sord13] cmp_log'2 y x = C_Less'0) - use seq.Seq + function antisym1'2 [#"../../../creusot-contracts/src/logic/ord.rs" 83 4 83 34] (x : t_B'0) (y : t_B'0) : () - use prelude.prelude.Int + axiom antisym1'2_spec : forall x : t_B'0, y : t_B'0 . ([%#sord10] cmp_log'2 x y = C_Less'0) + -> ([%#sord11] cmp_log'2 y x = C_Greater'0) - constant v_MAX'0 : usize = (18446744073709551615 : usize) + function trans'1 [#"../../../creusot-contracts/src/logic/ord.rs" 75 4 75 53] (x : t_B'0) (y : t_B'0) (z : t_B'0) (o : t_Ordering'0) : () + - use prelude.prelude.UIntSize + axiom trans'1_spec : forall x : t_B'0, y : t_B'0, z : t_B'0, o : t_Ordering'0 . ([%#sord7] cmp_log'2 x y = o) + -> ([%#sord8] cmp_log'2 y z = o) -> ([%#sord9] cmp_log'2 x z = o) - function n'0 [#"../../../creusot-contracts/src/std/iter/take.rs" 32 4 32 21] (self : t_Take'0) : int + function refl'1 [#"../../../creusot-contracts/src/logic/ord.rs" 68 4 68 21] (x : t_B'0) : () - axiom n'0_spec : forall self : t_Take'0 . [%#stake2] n'0 self >= 0 /\ n'0 self <= UIntSize.to_int (v_MAX'0 : usize) + axiom refl'1_spec : forall x : t_B'0 . [%#sord6] cmp_log'2 x x = C_Equal'0 - use seq.Seq + function gt_log'1 [#"../../../creusot-contracts/src/logic/ord.rs" 57 4 57 36] (self : t_B'0) (o : t_B'0) : bool - predicate inv'1 [#"../../../creusot-contracts/src/invariant.rs" 41 0 41 35] (_1 : t_I'0) + function cmp_gt_log'1 [#"../../../creusot-contracts/src/logic/ord.rs" 63 4 63 36] (x : t_B'0) (y : t_B'0) : () - predicate inv'0 [#"../../../creusot-contracts/src/invariant.rs" 41 0 41 35] (_1 : t_Take'0) + axiom cmp_gt_log'1_spec : forall x : t_B'0, y : t_B'0 . [%#sord5] gt_log'1 x y = (cmp_log'2 x y = C_Greater'0) - axiom inv_axiom'0 [@rewrite] : forall x : t_Take'0 [inv'0 x] . inv'0 x - = match x with - | {t_Take__iter'0 = iter ; t_Take__n'0 = n} -> inv'1 iter - end + function ge_log'1 [#"../../../creusot-contracts/src/logic/ord.rs" 46 4 46 36] (self : t_B'0) (o : t_B'0) : bool - function iter'0 [#"../../../creusot-contracts/src/std/iter/take.rs" 18 4 18 22] (self : t_Take'0) : t_I'0 + function cmp_ge_log'1 [#"../../../creusot-contracts/src/logic/ord.rs" 52 4 52 36] (x : t_B'0) (y : t_B'0) : () - axiom iter'0_spec : forall self : t_Take'0 . [%#stake3] inv'0 self -> inv'1 (iter'0 self) + axiom cmp_ge_log'1_spec : forall x : t_B'0, y : t_B'0 . [%#sord4] ge_log'1 x y = (cmp_log'2 x y <> C_Less'0) - use seq.Seq + function lt_log'1 [#"../../../creusot-contracts/src/logic/ord.rs" 35 4 35 36] (self : t_B'0) (o : t_B'0) : bool - predicate produces'1 [#"../../../creusot-contracts/src/std/iter.rs" 32 4 32 65] (self : t_I'0) (visited : Seq.seq t_Item'0) (o : t_I'0) - + function cmp_lt_log'1 [#"../../../creusot-contracts/src/logic/ord.rs" 41 4 41 36] (x : t_B'0) (y : t_B'0) : () - function produces_trans'0 [#"../../../creusot-contracts/src/std/iter.rs" 45 4 45 91] (a : t_I'0) (ab : Seq.seq t_Item'0) (b : t_I'0) (bc : Seq.seq t_Item'0) (c : t_I'0) : () - + axiom cmp_lt_log'1_spec : forall x : t_B'0, y : t_B'0 . [%#sord3] lt_log'1 x y = (cmp_log'2 x y = C_Less'0) - axiom produces_trans'0_spec : forall a : t_I'0, ab : Seq.seq t_Item'0, b : t_I'0, bc : Seq.seq t_Item'0, c : t_I'0 . ([%#siter5] produces'1 a ab b) - -> ([%#siter6] produces'1 b bc c) -> ([%#siter7] produces'1 a (Seq.(++) ab bc) c) + function le_log'1 [#"../../../creusot-contracts/src/logic/ord.rs" 24 4 24 36] (self : t_B'0) (o : t_B'0) : bool - function produces_refl'1 [#"../../../creusot-contracts/src/std/iter.rs" 39 4 39 27] (self : t_I'0) : () + function cmp_le_log'1 [#"../../../creusot-contracts/src/logic/ord.rs" 30 4 30 36] (x : t_B'0) (y : t_B'0) : () - axiom produces_refl'1_spec : forall self : t_I'0 . [%#siter4] produces'1 self (Seq.empty : Seq.seq t_Item'0) self + axiom cmp_le_log'1_spec : forall x : t_B'0, y : t_B'0 . [%#sord2] le_log'1 x y = (cmp_log'2 x y <> C_Greater'0) - predicate produces'0 [#"../../../creusot-contracts/src/std/iter/take.rs" 63 4 63 64] (self : t_Take'0) (visited : Seq.seq t_Item'0) (o : t_Take'0) + function cmp_log'0 [#"../../../creusot-contracts/src/logic/ord.rs" 262 4 262 41] (self : (t_A'0, t_B'0)) (o : (t_A'0, t_B'0)) : t_Ordering'0 = - [%#stake1] n'0 self = n'0 o + Seq.length visited /\ produces'1 (iter'0 self) visited (iter'0 o) + [%#sord1] let r = cmp_log'1 (let (a, _) = self in a) (let (a, _) = o in a) in if r = C_Equal'0 then + cmp_log'2 (let (_, a) = self in a) (let (_, a) = o in a) + else + r + - goal refines : [%#stake0] forall self : t_Take'0 . forall result : () . produces'0 self (Seq.empty : Seq.seq t_Item'0) self - -> produces'0 self (Seq.empty : Seq.seq t_Item'0) self + goal refines : [%#sord0] forall x : (t_A'0, t_B'0) . forall y : (t_A'0, t_B'0) . cmp_log'0 x y = C_Less'0 + -> cmp_log'0 x y = C_Less'0 /\ (forall result : () . cmp_log'0 y x = C_Greater'0 -> cmp_log'0 y x = C_Greater'0) end -module M_creusot_contracts__stdqy35z1__iter__take__qyi12344256497067751022__produces_trans__refines [#"../../../creusot-contracts/src/std/iter/take.rs" 79 4 79 90] (* as std::iter::Iterator> *) - let%span stake0 = "../../../creusot-contracts/src/std/iter/take.rs" 79 4 79 90 - let%span stake1 = "../../../creusot-contracts/src/std/iter/take.rs" 65 12 65 88 - let%span stake2 = "../../../creusot-contracts/src/std/iter/take.rs" 31 14 31 50 - let%span stake3 = "../../../creusot-contracts/src/std/iter/take.rs" 17 14 17 39 - let%span siter4 = "../../../creusot-contracts/src/std/iter.rs" 38 14 38 45 - let%span siter5 = "../../../creusot-contracts/src/std/iter.rs" 42 15 42 32 - let%span siter6 = "../../../creusot-contracts/src/std/iter.rs" 43 15 43 32 - let%span siter7 = "../../../creusot-contracts/src/std/iter.rs" 44 14 44 42 +module M_creusot_contracts__stdqy35z1__deque__qyi8367101395671471553__resolve_coherence__refines [#"../../../creusot-contracts/src/std/deque.rs" 65 4 65 31] (* as resolve::Resolve> *) + let%span sdeque0 = "../../../creusot-contracts/src/std/deque.rs" 65 4 65 31 + let%span sdeque1 = "../../../creusot-contracts/src/std/deque.rs" 58 20 58 83 + let%span sdeque2 = "../../../creusot-contracts/src/std/deque.rs" 13 14 13 41 + let%span sdeque3 = "../../../creusot-contracts/src/std/deque.rs" 39 8 39 31 - type t_I'0 + use prelude.prelude.Borrow use prelude.prelude.UIntSize - type t_Take'0 = - { t_Take__iter'0: t_I'0; t_Take__n'0: usize } - - type t_Item'0 - - use seq.Seq + use prelude.prelude.Opaque - use prelude.prelude.Int + type t_NonNull'0 = + { t_NonNull__pointer'0: opaque_ptr } - constant v_MAX'0 : usize = (18446744073709551615 : usize) + type t_Unique'0 = + { t_Unique__pointer'0: t_NonNull'0; t_Unique__qy95zmarker'0: () } - use prelude.prelude.UIntSize + type t_Cap'0 = + { t_Cap__0'0: usize } - function n'0 [#"../../../creusot-contracts/src/std/iter/take.rs" 32 4 32 21] (self : t_Take'0) : int + type t_RawVec'0 = + { t_RawVec__ptr'0: t_Unique'0; t_RawVec__cap'0: t_Cap'0; t_RawVec__alloc'0: () } - axiom n'0_spec : forall self : t_Take'0 . [%#stake2] n'0 self >= 0 /\ n'0 self <= UIntSize.to_int (v_MAX'0 : usize) + type t_VecDeque'0 = + { t_VecDeque__head'0: usize; t_VecDeque__len'0: usize; t_VecDeque__buf'0: t_RawVec'0 } - use seq.Seq + predicate resolve'1 [#"../../../creusot-contracts/src/resolve.rs" 19 0 19 40] (_1 : t_RawVec'0) = + true - predicate inv'1 [#"../../../creusot-contracts/src/invariant.rs" 41 0 41 35] (_1 : t_I'0) + predicate resolve'2 [#"../../../creusot-contracts/src/resolve.rs" 19 0 19 40] (_1 : usize) = + true - predicate inv'0 [#"../../../creusot-contracts/src/invariant.rs" 41 0 41 35] (_1 : t_Take'0) + predicate structural_resolve'0 [#"../../../creusot-contracts/src/resolve.rs" 27 0 27 51] (_1 : t_VecDeque'0) = + match _1 with + | {t_VecDeque__head'0 = x0 ; t_VecDeque__len'0 = x1 ; t_VecDeque__buf'0 = x2} -> resolve'1 x2 + /\ resolve'2 x1 /\ resolve'2 x0 + end - axiom inv_axiom'0 [@rewrite] : forall x : t_Take'0 [inv'0 x] . inv'0 x - = match x with - | {t_Take__iter'0 = iter ; t_Take__n'0 = n} -> inv'1 iter - end + predicate inv'0 [#"../../../creusot-contracts/src/invariant.rs" 41 0 41 35] (_1 : t_VecDeque'0) - function iter'0 [#"../../../creusot-contracts/src/std/iter/take.rs" 18 4 18 22] (self : t_Take'0) : t_I'0 + axiom inv_axiom'0 [@rewrite] : forall x : t_VecDeque'0 [inv'0 x] . inv'0 x = true - axiom iter'0_spec : forall self : t_Take'0 . [%#stake3] inv'0 self -> inv'1 (iter'0 self) + use prelude.prelude.Int use seq.Seq - use seq.Seq + constant v_MAX'0 : usize = (18446744073709551615 : usize) - predicate produces'1 [#"../../../creusot-contracts/src/std/iter.rs" 32 4 32 65] (self : t_I'0) (visited : Seq.seq t_Item'0) (o : t_I'0) - + use prelude.prelude.UIntSize - function produces_trans'1 [#"../../../creusot-contracts/src/std/iter.rs" 45 4 45 91] (a : t_I'0) (ab : Seq.seq t_Item'0) (b : t_I'0) (bc : Seq.seq t_Item'0) (c : t_I'0) : () - + type t_T'0 - axiom produces_trans'1_spec : forall a : t_I'0, ab : Seq.seq t_Item'0, b : t_I'0, bc : Seq.seq t_Item'0, c : t_I'0 . ([%#siter5] produces'1 a ab b) - -> ([%#siter6] produces'1 b bc c) -> ([%#siter7] produces'1 a (Seq.(++) ab bc) c) + use seq.Seq - function produces_refl'0 [#"../../../creusot-contracts/src/std/iter.rs" 39 4 39 27] (self : t_I'0) : () + function view'0 [#"../../../creusot-contracts/src/std/deque.rs" 14 4 14 27] (self : t_VecDeque'0) : Seq.seq t_T'0 - axiom produces_refl'0_spec : forall self : t_I'0 . [%#siter4] produces'1 self (Seq.empty : Seq.seq t_Item'0) self + axiom view'0_spec : forall self : t_VecDeque'0 . [%#sdeque2] Seq.length (view'0 self) + <= UIntSize.to_int (v_MAX'0 : usize) - predicate produces'0 [#"../../../creusot-contracts/src/std/iter/take.rs" 63 4 63 64] (self : t_Take'0) (visited : Seq.seq t_Item'0) (o : t_Take'0) + use seq.Seq + + function index_logic'0 [@inline:trivial] [#"../../../creusot-contracts/src/std/deque.rs" 38 4 38 47] (self : t_VecDeque'0) (ix : int) : t_T'0 = - [%#stake1] n'0 self = n'0 o + Seq.length visited /\ produces'1 (iter'0 self) visited (iter'0 o) - - goal refines : [%#stake0] forall a : t_Take'0 . forall ab : Seq.seq t_Item'0 . forall b : t_Take'0 . forall bc : Seq.seq t_Item'0 . forall c : t_Take'0 . produces'0 b bc c - /\ produces'0 a ab b - -> produces'0 b bc c - /\ produces'0 a ab b /\ (forall result : () . produces'0 a (Seq.(++) ab bc) c -> produces'0 a (Seq.(++) ab bc) c) -end -module M_creusot_contracts__stdqy35z1__iter__zip__qyi2281060687216883844__produces_trans__refines [#"../../../creusot-contracts/src/std/iter/zip.rs" 63 4 63 90] (* as std::iter::Iterator> *) - let%span szip0 = "../../../creusot-contracts/src/std/iter/zip.rs" 63 4 63 90 - let%span szip1 = "../../../creusot-contracts/src/std/iter/zip.rs" 46 12 49 95 - let%span szip2 = "../../../creusot-contracts/src/std/iter/zip.rs" 14 14 14 39 - let%span szip3 = "../../../creusot-contracts/src/std/iter/zip.rs" 21 14 21 39 - let%span siter4 = "../../../creusot-contracts/src/std/iter.rs" 38 14 38 45 - let%span siter5 = "../../../creusot-contracts/src/std/iter.rs" 42 15 42 32 - let%span siter6 = "../../../creusot-contracts/src/std/iter.rs" 43 15 43 32 - let%span siter7 = "../../../creusot-contracts/src/std/iter.rs" 44 14 44 42 - - type t_A'0 + [%#sdeque3] Seq.get (view'0 self) ix - type t_B'0 + predicate resolve'3 [#"../../../creusot-contracts/src/resolve.rs" 19 0 19 40] (_1 : t_T'0) - use prelude.prelude.UIntSize + predicate resolve'0 [#"../../../creusot-contracts/src/std/deque.rs" 57 4 57 28] (self : t_VecDeque'0) = + [%#sdeque1] forall i : int . 0 <= i /\ i < Seq.length (view'0 self) -> resolve'3 (index_logic'0 self i) - type t_Zip'0 = - { t_Zip__a'0: t_A'0; t_Zip__b'0: t_B'0; t_Zip__index'0: usize; t_Zip__len'0: usize; t_Zip__a_len'0: usize } + goal refines : [%#sdeque0] forall self : t_VecDeque'0 . structural_resolve'0 self /\ inv'0 self + -> structural_resolve'0 self /\ (forall result : () . resolve'0 self -> resolve'0 self) +end +module M_creusot_contracts__stdqy35z1__iter__cloned__qyi49636360433726320__resolve_coherence__refines [#"../../../creusot-contracts/src/std/iter/cloned.rs" 28 4 28 31] (* as resolve::Resolve> *) + let%span scloned0 = "../../../creusot-contracts/src/std/iter/cloned.rs" 28 4 28 31 + let%span scloned1 = "../../../creusot-contracts/src/std/iter/cloned.rs" 21 8 21 29 + let%span scloned2 = "../../../creusot-contracts/src/std/iter/cloned.rs" 11 14 11 39 + let%span sinvariant3 = "../../../creusot-contracts/src/invariant.rs" 24 8 24 18 - type t_Item'0 + use prelude.prelude.Borrow - type t_Item'1 + type t_I'0 - use seq.Seq + type t_Cloned'0 = + { t_Cloned__it'0: t_I'0 } - use seq.Seq + predicate resolve'1 [#"../../../creusot-contracts/src/resolve.rs" 19 0 19 40] (_1 : t_I'0) - use seq.Seq + predicate structural_resolve'0 [#"../../../creusot-contracts/src/resolve.rs" 27 0 27 51] (_1 : t_Cloned'0) = + match _1 with + | {t_Cloned__it'0 = x0} -> resolve'1 x0 + end - use seq.Seq + predicate inv'2 [#"../../../creusot-contracts/src/invariant.rs" 41 0 41 35] (_1 : t_I'0) - use seq.Seq + predicate inv'1 [#"../../../creusot-contracts/src/invariant.rs" 41 0 41 35] (_1 : t_Cloned'0) - use seq.Seq + axiom inv_axiom'1 [@rewrite] : forall x : t_Cloned'0 [inv'1 x] . inv'1 x + = match x with + | {t_Cloned__it'0 = it} -> inv'2 it + end - use prelude.prelude.Int + predicate invariant'0 [#"../../../creusot-contracts/src/invariant.rs" 23 4 23 30] (self : t_Cloned'0) = + [%#sinvariant3] inv'1 self - use seq.Seq + predicate inv'0 [#"../../../creusot-contracts/src/invariant.rs" 41 0 41 35] (_1 : t_Cloned'0) - use seq.Seq + axiom inv_axiom'0 [@rewrite] : forall x : t_Cloned'0 [inv'0 x] . inv'0 x = invariant'0 x - use seq.Seq + function iter'0 [#"../../../creusot-contracts/src/std/iter/cloned.rs" 12 4 12 22] (self : t_Cloned'0) : t_I'0 - predicate inv'1 [#"../../../creusot-contracts/src/invariant.rs" 41 0 41 35] (_1 : t_A'0) + axiom iter'0_spec : forall self : t_Cloned'0 . [%#scloned2] inv'1 self -> inv'2 (iter'0 self) - predicate inv'2 [#"../../../creusot-contracts/src/invariant.rs" 41 0 41 35] (_1 : t_B'0) + predicate resolve'0 [#"../../../creusot-contracts/src/std/iter/cloned.rs" 20 4 20 28] (self : t_Cloned'0) = + [%#scloned1] resolve'1 (iter'0 self) - predicate inv'0 [#"../../../creusot-contracts/src/invariant.rs" 41 0 41 35] (_1 : t_Zip'0) + goal refines : [%#scloned0] forall self : t_Cloned'0 . structural_resolve'0 self /\ inv'0 self + -> structural_resolve'0 self /\ (forall result : () . resolve'0 self -> resolve'0 self) +end +module M_creusot_contracts__stdqy35z1__iter__copied__qyi4622684907952448174__resolve_coherence__refines [#"../../../creusot-contracts/src/std/iter/copied.rs" 28 4 28 31] (* as resolve::Resolve> *) + let%span scopied0 = "../../../creusot-contracts/src/std/iter/copied.rs" 28 4 28 31 + let%span scopied1 = "../../../creusot-contracts/src/std/iter/copied.rs" 21 8 21 29 + let%span scopied2 = "../../../creusot-contracts/src/std/iter/copied.rs" 11 14 11 39 + let%span sinvariant3 = "../../../creusot-contracts/src/invariant.rs" 24 8 24 18 - axiom inv_axiom'0 [@rewrite] : forall x : t_Zip'0 [inv'0 x] . inv'0 x - = match x with - | {t_Zip__a'0 = a ; t_Zip__b'0 = b ; t_Zip__index'0 = index ; t_Zip__len'0 = len ; t_Zip__a_len'0 = a_len} -> inv'1 a - /\ inv'2 b - end + use prelude.prelude.Borrow - function itera'0 [#"../../../creusot-contracts/src/std/iter/zip.rs" 15 4 15 23] (self : t_Zip'0) : t_A'0 + type t_I'0 - axiom itera'0_spec : forall self : t_Zip'0 . [%#szip2] inv'0 self -> inv'1 (itera'0 self) + type t_Copied'0 = + { t_Copied__it'0: t_I'0 } - use seq.Seq + predicate resolve'1 [#"../../../creusot-contracts/src/resolve.rs" 19 0 19 40] (_1 : t_I'0) - use seq.Seq + predicate structural_resolve'0 [#"../../../creusot-contracts/src/resolve.rs" 27 0 27 51] (_1 : t_Copied'0) = + match _1 with + | {t_Copied__it'0 = x0} -> resolve'1 x0 + end - predicate produces'1 [#"../../../creusot-contracts/src/std/iter.rs" 32 4 32 65] (self : t_A'0) (visited : Seq.seq t_Item'0) (o : t_A'0) - + predicate inv'2 [#"../../../creusot-contracts/src/invariant.rs" 41 0 41 35] (_1 : t_I'0) - function produces_trans'1 [#"../../../creusot-contracts/src/std/iter.rs" 45 4 45 91] (a : t_A'0) (ab : Seq.seq t_Item'0) (b : t_A'0) (bc : Seq.seq t_Item'0) (c : t_A'0) : () - + predicate inv'1 [#"../../../creusot-contracts/src/invariant.rs" 41 0 41 35] (_1 : t_Copied'0) - axiom produces_trans'1_spec : forall a : t_A'0, ab : Seq.seq t_Item'0, b : t_A'0, bc : Seq.seq t_Item'0, c : t_A'0 . ([%#siter5] produces'1 a ab b) - -> ([%#siter6] produces'1 b bc c) -> ([%#siter7] produces'1 a (Seq.(++) ab bc) c) + axiom inv_axiom'1 [@rewrite] : forall x : t_Copied'0 [inv'1 x] . inv'1 x + = match x with + | {t_Copied__it'0 = it} -> inv'2 it + end - function produces_refl'0 [#"../../../creusot-contracts/src/std/iter.rs" 39 4 39 27] (self : t_A'0) : () + predicate invariant'0 [#"../../../creusot-contracts/src/invariant.rs" 23 4 23 30] (self : t_Copied'0) = + [%#sinvariant3] inv'1 self - axiom produces_refl'0_spec : forall self : t_A'0 . [%#siter4] produces'1 self (Seq.empty : Seq.seq t_Item'0) self + predicate inv'0 [#"../../../creusot-contracts/src/invariant.rs" 41 0 41 35] (_1 : t_Copied'0) - function iterb'0 [#"../../../creusot-contracts/src/std/iter/zip.rs" 22 4 22 23] (self : t_Zip'0) : t_B'0 + axiom inv_axiom'0 [@rewrite] : forall x : t_Copied'0 [inv'0 x] . inv'0 x = invariant'0 x - axiom iterb'0_spec : forall self : t_Zip'0 . [%#szip3] inv'0 self -> inv'2 (iterb'0 self) + function iter'0 [#"../../../creusot-contracts/src/std/iter/copied.rs" 12 4 12 22] (self : t_Copied'0) : t_I'0 - use seq.Seq + axiom iter'0_spec : forall self : t_Copied'0 . [%#scopied2] inv'1 self -> inv'2 (iter'0 self) - use seq.Seq + predicate resolve'0 [#"../../../creusot-contracts/src/std/iter/copied.rs" 20 4 20 28] (self : t_Copied'0) = + [%#scopied1] resolve'1 (iter'0 self) - predicate produces'2 [#"../../../creusot-contracts/src/std/iter.rs" 32 4 32 65] (self : t_B'0) (visited : Seq.seq t_Item'1) (o : t_B'0) - + goal refines : [%#scopied0] forall self : t_Copied'0 . structural_resolve'0 self /\ inv'0 self + -> structural_resolve'0 self /\ (forall result : () . resolve'0 self -> resolve'0 self) +end +module M_creusot_contracts__stdqy35z1__iter__enumerate__qyi2208779330486735413__resolve_coherence__refines [#"../../../creusot-contracts/src/std/iter/enumerate.rs" 37 4 37 31] (* as resolve::Resolve> *) + let%span senumerate0 = "../../../creusot-contracts/src/std/iter/enumerate.rs" 37 4 37 31 + let%span senumerate1 = "../../../creusot-contracts/src/std/iter/enumerate.rs" 30 8 30 29 + let%span senumerate2 = "../../../creusot-contracts/src/std/iter/enumerate.rs" 14 14 14 39 + let%span sinvariant3 = "../../../creusot-contracts/src/invariant.rs" 24 8 24 18 - function produces_trans'2 [#"../../../creusot-contracts/src/std/iter.rs" 45 4 45 91] (a : t_B'0) (ab : Seq.seq t_Item'1) (b : t_B'0) (bc : Seq.seq t_Item'1) (c : t_B'0) : () - + use prelude.prelude.Borrow - axiom produces_trans'2_spec : forall a : t_B'0, ab : Seq.seq t_Item'1, b : t_B'0, bc : Seq.seq t_Item'1, c : t_B'0 . ([%#siter5] produces'2 a ab b) - -> ([%#siter6] produces'2 b bc c) -> ([%#siter7] produces'2 a (Seq.(++) ab bc) c) + type t_I'0 - function produces_refl'1 [#"../../../creusot-contracts/src/std/iter.rs" 39 4 39 27] (self : t_B'0) : () + use prelude.prelude.UIntSize - axiom produces_refl'1_spec : forall self : t_B'0 . [%#siter4] produces'2 self (Seq.empty : Seq.seq t_Item'1) self + type t_Enumerate'0 = + { t_Enumerate__iter'0: t_I'0; t_Enumerate__count'0: usize } - predicate produces'0 [#"../../../creusot-contracts/src/std/iter/zip.rs" 43 4 43 64] (self : t_Zip'0) (visited : Seq.seq (t_Item'0, t_Item'1)) (o : t_Zip'0) - - = - [%#szip1] exists p1 : Seq.seq t_Item'0, p2 : Seq.seq t_Item'1 . Seq.length p1 = Seq.length p2 - /\ Seq.length p2 = Seq.length visited - /\ (forall i : int . 0 <= i /\ i < Seq.length visited -> Seq.get visited i = (Seq.get p1 i, Seq.get p2 i)) - /\ produces'1 (itera'0 self) p1 (itera'0 o) /\ produces'2 (iterb'0 self) p2 (iterb'0 o) + predicate resolve'1 [#"../../../creusot-contracts/src/resolve.rs" 19 0 19 40] (_1 : usize) = + true - use seq.Seq + predicate resolve'2 [#"../../../creusot-contracts/src/resolve.rs" 19 0 19 40] (_1 : t_I'0) - goal refines : [%#szip0] forall a : t_Zip'0 . forall ab : Seq.seq (t_Item'0, t_Item'1) . forall b : t_Zip'0 . forall bc : Seq.seq (t_Item'0, t_Item'1) . forall c : t_Zip'0 . produces'0 b bc c - /\ produces'0 a ab b - -> produces'0 b bc c - /\ produces'0 a ab b /\ (forall result : () . produces'0 a (Seq.(++) ab bc) c -> produces'0 a (Seq.(++) ab bc) c) -end -module M_creusot_contracts__stdqy35z1__iter__zip__qyi2281060687216883844__produces_refl__refines [#"../../../creusot-contracts/src/std/iter/zip.rs" 56 4 56 26] (* as std::iter::Iterator> *) - let%span szip0 = "../../../creusot-contracts/src/std/iter/zip.rs" 56 4 56 26 - let%span szip1 = "../../../creusot-contracts/src/std/iter/zip.rs" 46 12 49 95 - let%span szip2 = "../../../creusot-contracts/src/std/iter/zip.rs" 14 14 14 39 - let%span szip3 = "../../../creusot-contracts/src/std/iter/zip.rs" 21 14 21 39 - let%span siter4 = "../../../creusot-contracts/src/std/iter.rs" 38 14 38 45 - let%span siter5 = "../../../creusot-contracts/src/std/iter.rs" 42 15 42 32 - let%span siter6 = "../../../creusot-contracts/src/std/iter.rs" 43 15 43 32 - let%span siter7 = "../../../creusot-contracts/src/std/iter.rs" 44 14 44 42 + predicate structural_resolve'0 [#"../../../creusot-contracts/src/resolve.rs" 27 0 27 51] (_1 : t_Enumerate'0) = + match _1 with + | {t_Enumerate__iter'0 = x0 ; t_Enumerate__count'0 = x1} -> resolve'1 x1 /\ resolve'2 x0 + end - type t_A'0 + predicate inv'2 [#"../../../creusot-contracts/src/invariant.rs" 41 0 41 35] (_1 : t_I'0) - type t_B'0 + predicate inv'1 [#"../../../creusot-contracts/src/invariant.rs" 41 0 41 35] (_1 : t_Enumerate'0) - use prelude.prelude.UIntSize + axiom inv_axiom'1 : forall x : t_Enumerate'0 [inv'1 x] . inv'1 x + -> match x with + | {t_Enumerate__iter'0 = iter ; t_Enumerate__count'0 = count} -> inv'2 iter + end - type t_Zip'0 = - { t_Zip__a'0: t_A'0; t_Zip__b'0: t_B'0; t_Zip__index'0: usize; t_Zip__len'0: usize; t_Zip__a_len'0: usize } + predicate invariant'0 [#"../../../creusot-contracts/src/invariant.rs" 23 4 23 30] (self : t_Enumerate'0) = + [%#sinvariant3] inv'1 self - use seq.Seq + predicate inv'0 [#"../../../creusot-contracts/src/invariant.rs" 41 0 41 35] (_1 : t_Enumerate'0) - type t_Item'0 + axiom inv_axiom'0 [@rewrite] : forall x : t_Enumerate'0 [inv'0 x] . inv'0 x = invariant'0 x - type t_Item'1 + function iter'0 [#"../../../creusot-contracts/src/std/iter/enumerate.rs" 15 4 15 22] (self : t_Enumerate'0) : t_I'0 - use seq.Seq + axiom iter'0_spec : forall self : t_Enumerate'0 . [%#senumerate2] inv'1 self -> inv'2 (iter'0 self) - use seq.Seq + predicate resolve'0 [#"../../../creusot-contracts/src/std/iter/enumerate.rs" 29 4 29 28] (self : t_Enumerate'0) = + [%#senumerate1] resolve'2 (iter'0 self) - use seq.Seq + goal refines : [%#senumerate0] forall self : t_Enumerate'0 . structural_resolve'0 self /\ inv'0 self + -> structural_resolve'0 self /\ (forall result : () . resolve'0 self -> resolve'0 self) +end +module M_creusot_contracts__stdqy35z1__iter__map__qyi13484997498660514945__resolve_coherence__refines [#"../../../creusot-contracts/src/std/iter/map.rs" 40 4 40 31] (* as resolve::Resolve> *) + let%span smap0 = "../../../creusot-contracts/src/std/iter/map.rs" 40 4 40 31 + let%span smap1 = "../../../creusot-contracts/src/std/iter/map.rs" 32 8 32 54 + let%span smap2 = "../../../creusot-contracts/src/std/iter/map.rs" 15 14 15 39 + let%span smap3 = "../../../creusot-contracts/src/std/iter/map.rs" 22 14 22 39 + let%span sinvariant4 = "../../../creusot-contracts/src/invariant.rs" 24 8 24 18 - use seq.Seq + use prelude.prelude.Borrow - use seq.Seq + type t_I'0 - use seq.Seq + type t_F'0 - use prelude.prelude.Int + type t_Map'0 = + { t_Map__iter'0: t_I'0; t_Map__f'0: t_F'0 } - use seq.Seq + predicate resolve'1 [#"../../../creusot-contracts/src/resolve.rs" 19 0 19 40] (_1 : t_F'0) - use seq.Seq + predicate resolve'2 [#"../../../creusot-contracts/src/resolve.rs" 19 0 19 40] (_1 : t_I'0) - use seq.Seq + predicate structural_resolve'0 [#"../../../creusot-contracts/src/resolve.rs" 27 0 27 51] (_1 : t_Map'0) = + match _1 with + | {t_Map__iter'0 = x0 ; t_Map__f'0 = x1} -> resolve'1 x1 /\ resolve'2 x0 + end - predicate inv'1 [#"../../../creusot-contracts/src/invariant.rs" 41 0 41 35] (_1 : t_A'0) + predicate inv'2 [#"../../../creusot-contracts/src/invariant.rs" 41 0 41 35] (_1 : t_I'0) - predicate inv'2 [#"../../../creusot-contracts/src/invariant.rs" 41 0 41 35] (_1 : t_B'0) + predicate inv'3 [#"../../../creusot-contracts/src/invariant.rs" 41 0 41 35] (_1 : t_F'0) - predicate inv'0 [#"../../../creusot-contracts/src/invariant.rs" 41 0 41 35] (_1 : t_Zip'0) + predicate inv'1 [#"../../../creusot-contracts/src/invariant.rs" 41 0 41 35] (_1 : t_Map'0) - axiom inv_axiom'0 [@rewrite] : forall x : t_Zip'0 [inv'0 x] . inv'0 x + axiom inv_axiom'1 [@rewrite] : forall x : t_Map'0 [inv'1 x] . inv'1 x = match x with - | {t_Zip__a'0 = a ; t_Zip__b'0 = b ; t_Zip__index'0 = index ; t_Zip__len'0 = len ; t_Zip__a_len'0 = a_len} -> inv'1 a - /\ inv'2 b + | {t_Map__iter'0 = iter ; t_Map__f'0 = f} -> inv'2 iter /\ inv'3 f end - function itera'0 [#"../../../creusot-contracts/src/std/iter/zip.rs" 15 4 15 23] (self : t_Zip'0) : t_A'0 - - axiom itera'0_spec : forall self : t_Zip'0 . [%#szip2] inv'0 self -> inv'1 (itera'0 self) - - use seq.Seq + predicate invariant'0 [#"../../../creusot-contracts/src/invariant.rs" 23 4 23 30] (self : t_Map'0) = + [%#sinvariant4] inv'1 self - use seq.Seq + predicate inv'0 [#"../../../creusot-contracts/src/invariant.rs" 41 0 41 35] (_1 : t_Map'0) - predicate produces'1 [#"../../../creusot-contracts/src/std/iter.rs" 32 4 32 65] (self : t_A'0) (visited : Seq.seq t_Item'0) (o : t_A'0) - + axiom inv_axiom'0 [@rewrite] : forall x : t_Map'0 [inv'0 x] . inv'0 x = invariant'0 x - function produces_trans'0 [#"../../../creusot-contracts/src/std/iter.rs" 45 4 45 91] (a : t_A'0) (ab : Seq.seq t_Item'0) (b : t_A'0) (bc : Seq.seq t_Item'0) (c : t_A'0) : () - + function iter'0 [#"../../../creusot-contracts/src/std/iter/map.rs" 16 4 16 22] (self : t_Map'0) : t_I'0 - axiom produces_trans'0_spec : forall a : t_A'0, ab : Seq.seq t_Item'0, b : t_A'0, bc : Seq.seq t_Item'0, c : t_A'0 . ([%#siter5] produces'1 a ab b) - -> ([%#siter6] produces'1 b bc c) -> ([%#siter7] produces'1 a (Seq.(++) ab bc) c) + axiom iter'0_spec : forall self : t_Map'0 . [%#smap2] inv'1 self -> inv'2 (iter'0 self) - function produces_refl'1 [#"../../../creusot-contracts/src/std/iter.rs" 39 4 39 27] (self : t_A'0) : () + function func'0 [#"../../../creusot-contracts/src/std/iter/map.rs" 23 4 23 22] (self : t_Map'0) : t_F'0 - axiom produces_refl'1_spec : forall self : t_A'0 . [%#siter4] produces'1 self (Seq.empty : Seq.seq t_Item'0) self + axiom func'0_spec : forall self : t_Map'0 . [%#smap3] inv'1 self -> inv'3 (func'0 self) - function iterb'0 [#"../../../creusot-contracts/src/std/iter/zip.rs" 22 4 22 23] (self : t_Zip'0) : t_B'0 + predicate resolve'0 [#"../../../creusot-contracts/src/std/iter/map.rs" 31 4 31 28] (self : t_Map'0) = + [%#smap1] resolve'2 (iter'0 self) /\ resolve'1 (func'0 self) - axiom iterb'0_spec : forall self : t_Zip'0 . [%#szip3] inv'0 self -> inv'2 (iterb'0 self) + goal refines : [%#smap0] forall self : t_Map'0 . structural_resolve'0 self /\ inv'0 self + -> structural_resolve'0 self /\ (forall result : () . resolve'0 self -> resolve'0 self) +end +module M_creusot_contracts__stdqy35z1__iter__map_inv__qyi5691635635396426195__resolve_coherence__refines [#"../../../creusot-contracts/src/std/iter/map_inv.rs" 64 4 64 31] (* as resolve::Resolve> *) + let%span smap_inv0 = "../../../creusot-contracts/src/std/iter/map_inv.rs" 64 4 64 31 + let%span smap_inv1 = "../../../creusot-contracts/src/std/iter/map_inv.rs" 57 8 57 50 + let%span sinvariant2 = "../../../creusot-contracts/src/invariant.rs" 24 8 24 18 - use seq.Seq + use prelude.prelude.Borrow - use seq.Seq + type t_I'0 - predicate produces'2 [#"../../../creusot-contracts/src/std/iter.rs" 32 4 32 65] (self : t_B'0) (visited : Seq.seq t_Item'1) (o : t_B'0) - + type t_F'0 - function produces_trans'1 [#"../../../creusot-contracts/src/std/iter.rs" 45 4 45 91] (a : t_B'0) (ab : Seq.seq t_Item'1) (b : t_B'0) (bc : Seq.seq t_Item'1) (c : t_B'0) : () - + type t_B'0 - axiom produces_trans'1_spec : forall a : t_B'0, ab : Seq.seq t_Item'1, b : t_B'0, bc : Seq.seq t_Item'1, c : t_B'0 . ([%#siter5] produces'2 a ab b) - -> ([%#siter6] produces'2 b bc c) -> ([%#siter7] produces'2 a (Seq.(++) ab bc) c) + use seq.Seq - function produces_refl'2 [#"../../../creusot-contracts/src/std/iter.rs" 39 4 39 27] (self : t_B'0) : () + use prelude.prelude.Snapshot - axiom produces_refl'2_spec : forall self : t_B'0 . [%#siter4] produces'2 self (Seq.empty : Seq.seq t_Item'1) self + type t_MapInv'0 = + { t_MapInv__iter'0: t_I'0; t_MapInv__func'0: t_F'0; t_MapInv__produced'0: Snapshot.snap_ty (Seq.seq t_B'0) } - predicate produces'0 [#"../../../creusot-contracts/src/std/iter/zip.rs" 43 4 43 64] (self : t_Zip'0) (visited : Seq.seq (t_Item'0, t_Item'1)) (o : t_Zip'0) - + predicate resolve'1 [#"../../../creusot-contracts/src/resolve.rs" 19 0 19 40] (_1 : Snapshot.snap_ty (Seq.seq t_B'0)) = - [%#szip1] exists p1 : Seq.seq t_Item'0, p2 : Seq.seq t_Item'1 . Seq.length p1 = Seq.length p2 - /\ Seq.length p2 = Seq.length visited - /\ (forall i : int . 0 <= i /\ i < Seq.length visited -> Seq.get visited i = (Seq.get p1 i, Seq.get p2 i)) - /\ produces'1 (itera'0 self) p1 (itera'0 o) /\ produces'2 (iterb'0 self) p2 (iterb'0 o) + true - goal refines : [%#szip0] forall self : t_Zip'0 . forall result : () . produces'0 self (Seq.empty : Seq.seq (t_Item'0, t_Item'1)) self - -> produces'0 self (Seq.empty : Seq.seq (t_Item'0, t_Item'1)) self -end -module M_creusot_contracts__stdqy35z1__option__qyi15354566128244900690__produces_refl__refines [#"../../../creusot-contracts/src/std/option.rs" 477 4 477 26] (* as std::iter::Iterator> *) - let%span soption0 = "../../../creusot-contracts/src/std/option.rs" 477 4 477 26 - let%span soption1 = "../../../creusot-contracts/src/std/option.rs" 469 12 470 96 + predicate resolve'2 [#"../../../creusot-contracts/src/resolve.rs" 19 0 19 40] (_1 : t_F'0) - type t_T'0 + predicate resolve'3 [#"../../../creusot-contracts/src/resolve.rs" 19 0 19 40] (_1 : t_I'0) - type t_Option'0 = - | C_None'0 - | C_Some'0 t_T'0 + predicate structural_resolve'0 [#"../../../creusot-contracts/src/resolve.rs" 27 0 27 51] (_1 : t_MapInv'0) = + match _1 with + | {t_MapInv__iter'0 = x0 ; t_MapInv__func'0 = x1 ; t_MapInv__produced'0 = x2} -> resolve'1 x2 + /\ resolve'2 x1 /\ resolve'3 x0 + end - type t_Item'0 = - { t_Item__opt'0: t_Option'0 } + predicate inv'2 [#"../../../creusot-contracts/src/invariant.rs" 41 0 41 35] (_1 : t_I'0) - type t_IntoIter'0 = - { t_IntoIter__inner'0: t_Item'0 } + predicate inv'3 [#"../../../creusot-contracts/src/invariant.rs" 41 0 41 35] (_1 : t_F'0) - use seq.Seq + predicate inv'1 [#"../../../creusot-contracts/src/invariant.rs" 41 0 41 35] (_1 : t_MapInv'0) - use seq.Seq + axiom inv_axiom'1 : forall x : t_MapInv'0 [inv'1 x] . inv'1 x + -> match x with + | {t_MapInv__iter'0 = iter ; t_MapInv__func'0 = func ; t_MapInv__produced'0 = produced} -> inv'2 iter /\ inv'3 func + end - function view'0 [#"../../../creusot-contracts/src/std/option.rs" 453 4 453 30] (self : t_IntoIter'0) : t_Option'0 + predicate invariant'0 [#"../../../creusot-contracts/src/invariant.rs" 23 4 23 30] (self : t_MapInv'0) = + [%#sinvariant2] inv'1 self - use seq.Seq + predicate inv'0 [#"../../../creusot-contracts/src/invariant.rs" 41 0 41 35] (_1 : t_MapInv'0) - predicate produces'0 [#"../../../creusot-contracts/src/std/option.rs" 467 4 467 64] (self : t_IntoIter'0) (visited : Seq.seq t_T'0) (o : t_IntoIter'0) - - = - [%#soption1] visited = (Seq.empty : Seq.seq t_T'0) /\ self = o - \/ (exists e : t_T'0 . view'0 self = C_Some'0 e /\ visited = Seq.singleton e /\ view'0 o = C_None'0) + axiom inv_axiom'0 [@rewrite] : forall x : t_MapInv'0 [inv'0 x] . inv'0 x = invariant'0 x - goal refines : [%#soption0] forall self : t_IntoIter'0 . forall result : () . produces'0 self (Seq.empty : Seq.seq t_T'0) self - -> produces'0 self (Seq.empty : Seq.seq t_T'0) self + predicate resolve'0 [#"../../../creusot-contracts/src/std/iter/map_inv.rs" 56 4 56 28] (self : t_MapInv'0) = + [%#smap_inv1] resolve'3 self.t_MapInv__iter'0 /\ resolve'2 self.t_MapInv__func'0 + + goal refines : [%#smap_inv0] forall self : t_MapInv'0 . structural_resolve'0 self /\ inv'0 self + -> structural_resolve'0 self /\ (forall result : () . resolve'0 self -> resolve'0 self) end -module M_creusot_contracts__stdqy35z1__option__qyi15354566128244900690__produces_trans__refines [#"../../../creusot-contracts/src/std/option.rs" 484 4 484 90] (* as std::iter::Iterator> *) - let%span soption0 = "../../../creusot-contracts/src/std/option.rs" 484 4 484 90 - let%span soption1 = "../../../creusot-contracts/src/std/option.rs" 469 12 470 96 +module M_creusot_contracts__stdqy35z1__iter__skip__qyi14372835745621067113__resolve_coherence__refines [#"../../../creusot-contracts/src/std/iter/skip.rs" 40 4 40 31] (* as resolve::Resolve> *) + let%span sskip0 = "../../../creusot-contracts/src/std/iter/skip.rs" 40 4 40 31 + let%span sskip1 = "../../../creusot-contracts/src/std/iter/skip.rs" 32 12 32 33 + let%span sskip2 = "../../../creusot-contracts/src/std/iter/skip.rs" 14 14 14 39 + let%span sinvariant3 = "../../../creusot-contracts/src/invariant.rs" 24 8 24 18 - type t_T'0 + use prelude.prelude.Borrow - type t_Option'0 = - | C_None'0 - | C_Some'0 t_T'0 + type t_I'0 - type t_Item'0 = - { t_Item__opt'0: t_Option'0 } + use prelude.prelude.UIntSize - type t_IntoIter'0 = - { t_IntoIter__inner'0: t_Item'0 } + type t_Skip'0 = + { t_Skip__iter'0: t_I'0; t_Skip__n'0: usize } - use seq.Seq + predicate resolve'1 [#"../../../creusot-contracts/src/resolve.rs" 19 0 19 40] (_1 : usize) = + true - use seq.Seq + predicate resolve'2 [#"../../../creusot-contracts/src/resolve.rs" 19 0 19 40] (_1 : t_I'0) - function view'0 [#"../../../creusot-contracts/src/std/option.rs" 453 4 453 30] (self : t_IntoIter'0) : t_Option'0 + predicate structural_resolve'0 [#"../../../creusot-contracts/src/resolve.rs" 27 0 27 51] (_1 : t_Skip'0) = + match _1 with + | {t_Skip__iter'0 = x0 ; t_Skip__n'0 = x1} -> resolve'1 x1 /\ resolve'2 x0 + end - use seq.Seq + predicate inv'2 [#"../../../creusot-contracts/src/invariant.rs" 41 0 41 35] (_1 : t_I'0) - predicate produces'0 [#"../../../creusot-contracts/src/std/option.rs" 467 4 467 64] (self : t_IntoIter'0) (visited : Seq.seq t_T'0) (o : t_IntoIter'0) - - = - [%#soption1] visited = (Seq.empty : Seq.seq t_T'0) /\ self = o - \/ (exists e : t_T'0 . view'0 self = C_Some'0 e /\ visited = Seq.singleton e /\ view'0 o = C_None'0) + predicate inv'1 [#"../../../creusot-contracts/src/invariant.rs" 41 0 41 35] (_1 : t_Skip'0) - use seq.Seq + axiom inv_axiom'1 [@rewrite] : forall x : t_Skip'0 [inv'1 x] . inv'1 x + = match x with + | {t_Skip__iter'0 = iter ; t_Skip__n'0 = n} -> inv'2 iter + end - goal refines : [%#soption0] forall a : t_IntoIter'0 . forall ab : Seq.seq t_T'0 . forall b : t_IntoIter'0 . forall bc : Seq.seq t_T'0 . forall c : t_IntoIter'0 . produces'0 b bc c - /\ produces'0 a ab b - -> produces'0 b bc c - /\ produces'0 a ab b /\ (forall result : () . produces'0 a (Seq.(++) ab bc) c -> produces'0 a (Seq.(++) ab bc) c) -end -module M_creusot_contracts__stdqy35z1__option__qyi15411423289202690388__produces_refl__refines [#"../../../creusot-contracts/src/std/option.rs" 530 4 530 26] (* as std::iter::Iterator> *) - let%span soption0 = "../../../creusot-contracts/src/std/option.rs" 530 4 530 26 - let%span soption1 = "../../../creusot-contracts/src/std/option.rs" 522 12 523 96 + predicate invariant'0 [#"../../../creusot-contracts/src/invariant.rs" 23 4 23 30] (self : t_Skip'0) = + [%#sinvariant3] inv'1 self - use prelude.prelude.Borrow + predicate inv'0 [#"../../../creusot-contracts/src/invariant.rs" 41 0 41 35] (_1 : t_Skip'0) - type t_T'0 + axiom inv_axiom'0 [@rewrite] : forall x : t_Skip'0 [inv'0 x] . inv'0 x = invariant'0 x - type t_Option'0 = - | C_None'0 - | C_Some'0 t_T'0 + function iter'0 [#"../../../creusot-contracts/src/std/iter/skip.rs" 15 4 15 22] (self : t_Skip'0) : t_I'0 - type t_Item'0 = - { t_Item__opt'0: t_Option'0 } + axiom iter'0_spec : forall self : t_Skip'0 . [%#sskip2] inv'1 self -> inv'2 (iter'0 self) - type t_Iter'0 = - { t_Iter__inner'0: t_Item'0 } + predicate resolve'0 [#"../../../creusot-contracts/src/std/iter/skip.rs" 30 4 30 28] (self : t_Skip'0) = + [%#sskip1] resolve'2 (iter'0 self) - use seq.Seq + goal refines : [%#sskip0] forall self : t_Skip'0 . structural_resolve'0 self /\ inv'0 self + -> structural_resolve'0 self /\ (forall result : () . resolve'0 self -> resolve'0 self) +end +module M_creusot_contracts__stdqy35z1__iter__take__qyi11550387566643656565__resolve_coherence__refines [#"../../../creusot-contracts/src/std/iter/take.rs" 48 4 48 31] (* as resolve::Resolve> *) + let%span stake0 = "../../../creusot-contracts/src/std/iter/take.rs" 48 4 48 31 + let%span stake1 = "../../../creusot-contracts/src/std/iter/take.rs" 41 8 41 29 + let%span stake2 = "../../../creusot-contracts/src/std/iter/take.rs" 17 14 17 39 + let%span sinvariant3 = "../../../creusot-contracts/src/invariant.rs" 24 8 24 18 - use seq.Seq + use prelude.prelude.Borrow - function view'0 [#"../../../creusot-contracts/src/std/option.rs" 506 4 506 34] (self : t_Iter'0) : t_Option'0 + type t_I'0 - use seq.Seq + use prelude.prelude.UIntSize - predicate produces'0 [#"../../../creusot-contracts/src/std/option.rs" 520 4 520 64] (self : t_Iter'0) (visited : Seq.seq t_T'0) (o : t_Iter'0) - - = - [%#soption1] visited = (Seq.empty : Seq.seq t_T'0) /\ self = o - \/ (exists e : t_T'0 . view'0 self = C_Some'0 e /\ visited = Seq.singleton e /\ view'0 o = C_None'0) + type t_Take'0 = + { t_Take__iter'0: t_I'0; t_Take__n'0: usize } - goal refines : [%#soption0] forall self : t_Iter'0 . forall result : () . produces'0 self (Seq.empty : Seq.seq t_T'0) self - -> produces'0 self (Seq.empty : Seq.seq t_T'0) self -end -module M_creusot_contracts__stdqy35z1__option__qyi15411423289202690388__produces_trans__refines [#"../../../creusot-contracts/src/std/option.rs" 537 4 537 90] (* as std::iter::Iterator> *) - let%span soption0 = "../../../creusot-contracts/src/std/option.rs" 537 4 537 90 - let%span soption1 = "../../../creusot-contracts/src/std/option.rs" 522 12 523 96 + predicate resolve'1 [#"../../../creusot-contracts/src/resolve.rs" 19 0 19 40] (_1 : usize) = + true - use prelude.prelude.Borrow + predicate resolve'2 [#"../../../creusot-contracts/src/resolve.rs" 19 0 19 40] (_1 : t_I'0) - type t_T'0 + predicate structural_resolve'0 [#"../../../creusot-contracts/src/resolve.rs" 27 0 27 51] (_1 : t_Take'0) = + match _1 with + | {t_Take__iter'0 = x0 ; t_Take__n'0 = x1} -> resolve'1 x1 /\ resolve'2 x0 + end - type t_Option'0 = - | C_None'0 - | C_Some'0 t_T'0 + predicate inv'2 [#"../../../creusot-contracts/src/invariant.rs" 41 0 41 35] (_1 : t_I'0) - type t_Item'0 = - { t_Item__opt'0: t_Option'0 } + predicate inv'1 [#"../../../creusot-contracts/src/invariant.rs" 41 0 41 35] (_1 : t_Take'0) - type t_Iter'0 = - { t_Iter__inner'0: t_Item'0 } + axiom inv_axiom'1 [@rewrite] : forall x : t_Take'0 [inv'1 x] . inv'1 x + = match x with + | {t_Take__iter'0 = iter ; t_Take__n'0 = n} -> inv'2 iter + end - use seq.Seq + predicate invariant'0 [#"../../../creusot-contracts/src/invariant.rs" 23 4 23 30] (self : t_Take'0) = + [%#sinvariant3] inv'1 self - use seq.Seq + predicate inv'0 [#"../../../creusot-contracts/src/invariant.rs" 41 0 41 35] (_1 : t_Take'0) - function view'0 [#"../../../creusot-contracts/src/std/option.rs" 506 4 506 34] (self : t_Iter'0) : t_Option'0 + axiom inv_axiom'0 [@rewrite] : forall x : t_Take'0 [inv'0 x] . inv'0 x = invariant'0 x - use seq.Seq + function iter'0 [#"../../../creusot-contracts/src/std/iter/take.rs" 18 4 18 22] (self : t_Take'0) : t_I'0 - predicate produces'0 [#"../../../creusot-contracts/src/std/option.rs" 520 4 520 64] (self : t_Iter'0) (visited : Seq.seq t_T'0) (o : t_Iter'0) - - = - [%#soption1] visited = (Seq.empty : Seq.seq t_T'0) /\ self = o - \/ (exists e : t_T'0 . view'0 self = C_Some'0 e /\ visited = Seq.singleton e /\ view'0 o = C_None'0) + axiom iter'0_spec : forall self : t_Take'0 . [%#stake2] inv'1 self -> inv'2 (iter'0 self) - use seq.Seq + predicate resolve'0 [#"../../../creusot-contracts/src/std/iter/take.rs" 40 4 40 28] (self : t_Take'0) = + [%#stake1] resolve'2 (iter'0 self) - goal refines : [%#soption0] forall a : t_Iter'0 . forall ab : Seq.seq t_T'0 . forall b : t_Iter'0 . forall bc : Seq.seq t_T'0 . forall c : t_Iter'0 . produces'0 b bc c - /\ produces'0 a ab b - -> produces'0 b bc c - /\ produces'0 a ab b /\ (forall result : () . produces'0 a (Seq.(++) ab bc) c -> produces'0 a (Seq.(++) ab bc) c) + goal refines : [%#stake0] forall self : t_Take'0 . structural_resolve'0 self /\ inv'0 self + -> structural_resolve'0 self /\ (forall result : () . resolve'0 self -> resolve'0 self) end -module M_creusot_contracts__stdqy35z1__option__qyi6601631924869095363__produces_trans__refines [#"../../../creusot-contracts/src/std/option.rs" 593 4 593 90] (* as std::iter::Iterator> *) - let%span soption0 = "../../../creusot-contracts/src/std/option.rs" 593 4 593 90 - let%span soption1 = "../../../creusot-contracts/src/std/option.rs" 578 12 579 96 +module M_creusot_contracts__stdqy35z1__slice__qyi4472237099583716627__resolve_coherence__refines [#"../../../creusot-contracts/src/std/slice.rs" 445 4 445 31] (* as resolve::Resolve> *) + let%span sslice0 = "../../../creusot-contracts/src/std/slice.rs" 445 4 445 31 + let%span sslice1 = "../../../creusot-contracts/src/std/slice.rs" 437 20 437 36 + let%span sslice2 = "../../../creusot-contracts/src/std/slice.rs" 427 14 427 50 + let%span sslice3 = "../../../creusot-contracts/src/std/slice.rs" 28 14 28 41 + let%span sslice4 = "../../../creusot-contracts/src/std/slice.rs" 29 14 29 42 use prelude.prelude.Borrow - type t_T'0 - - type t_Option'0 = - | C_None'0 - | C_Some'0 (borrowed t_T'0) + use prelude.prelude.Opaque - type t_Item'0 = - { t_Item__opt'0: t_Option'0 } + type t_NonNull'0 = + { t_NonNull__pointer'0: opaque_ptr } type t_IterMut'0 = - { t_IterMut__inner'0: t_Item'0 } + { t_IterMut__ptr'0: t_NonNull'0; t_IterMut__end_or_len'0: opaque_ptr; t_IterMut__qy95zmarker'0: () } - use seq.Seq + predicate resolve'1 [#"../../../creusot-contracts/src/resolve.rs" 19 0 19 40] (_1 : ()) = + true - use seq.Seq + predicate resolve'2 [#"../../../creusot-contracts/src/resolve.rs" 19 0 19 40] (_1 : opaque_ptr) = + true - function view'0 [#"../../../creusot-contracts/src/std/option.rs" 562 4 562 38] (self : t_IterMut'0) : t_Option'0 + predicate resolve'3 [#"../../../creusot-contracts/src/resolve.rs" 19 0 19 40] (_1 : t_NonNull'0) = + true - use seq.Seq + predicate structural_resolve'0 [#"../../../creusot-contracts/src/resolve.rs" 27 0 27 51] (_1 : t_IterMut'0) = + match _1 with + | {t_IterMut__ptr'0 = x0 ; t_IterMut__end_or_len'0 = x1 ; t_IterMut__qy95zmarker'0 = x2} -> resolve'1 x2 + /\ resolve'2 x1 /\ resolve'3 x0 + end - predicate produces'0 [#"../../../creusot-contracts/src/std/option.rs" 576 4 576 64] (self : t_IterMut'0) (visited : Seq.seq (borrowed t_T'0)) (o : t_IterMut'0) - - = - [%#soption1] visited = (Seq.empty : Seq.seq (borrowed t_T'0)) /\ self = o - \/ (exists e : borrowed t_T'0 . view'0 self = C_Some'0 e /\ visited = Seq.singleton e /\ view'0 o = C_None'0) + predicate inv'0 [#"../../../creusot-contracts/src/invariant.rs" 41 0 41 35] (_1 : t_IterMut'0) + + axiom inv_axiom'0 [@rewrite] : forall x : t_IterMut'0 [inv'0 x] . inv'0 x = true use seq.Seq - goal refines : [%#soption0] forall a : t_IterMut'0 . forall ab : Seq.seq (borrowed t_T'0) . forall b : t_IterMut'0 . forall bc : Seq.seq (borrowed t_T'0) . forall c : t_IterMut'0 . produces'0 b bc c - /\ produces'0 a ab b - -> produces'0 b bc c - /\ produces'0 a ab b /\ (forall result : () . produces'0 a (Seq.(++) ab bc) c -> produces'0 a (Seq.(++) ab bc) c) -end -module M_creusot_contracts__stdqy35z1__option__qyi6601631924869095363__produces_refl__refines [#"../../../creusot-contracts/src/std/option.rs" 586 4 586 26] (* as std::iter::Iterator> *) - let%span soption0 = "../../../creusot-contracts/src/std/option.rs" 586 4 586 26 - let%span soption1 = "../../../creusot-contracts/src/std/option.rs" 578 12 579 96 + use prelude.prelude.UIntSize - use prelude.prelude.Borrow + constant v_MAX'0 : usize = (18446744073709551615 : usize) - type t_T'0 + use prelude.prelude.UIntSize - type t_Option'0 = - | C_None'0 - | C_Some'0 (borrowed t_T'0) + use prelude.prelude.Int - type t_Item'0 = - { t_Item__opt'0: t_Option'0 } + use prelude.prelude.Slice - type t_IterMut'0 = - { t_IterMut__inner'0: t_Item'0 } + use prelude.prelude.Slice - use seq.Seq + type t_T'0 use seq.Seq - function view'0 [#"../../../creusot-contracts/src/std/option.rs" 562 4 562 38] (self : t_IterMut'0) : t_Option'0 + function view'1 [#"../../../creusot-contracts/src/std/slice.rs" 30 4 30 33] (self : slice t_T'0) : Seq.seq t_T'0 - use seq.Seq + axiom view'1_spec : forall self : slice t_T'0 . ([%#sslice3] Seq.length (view'1 self) + <= UIntSize.to_int (v_MAX'0 : usize)) + && ([%#sslice4] view'1 self = Slice.id self) - predicate produces'0 [#"../../../creusot-contracts/src/std/option.rs" 576 4 576 64] (self : t_IterMut'0) (visited : Seq.seq (borrowed t_T'0)) (o : t_IterMut'0) + function view'0 [#"../../../creusot-contracts/src/std/slice.rs" 428 4 428 33] (self : t_IterMut'0) : borrowed (slice t_T'0) - = - [%#soption1] visited = (Seq.empty : Seq.seq (borrowed t_T'0)) /\ self = o - \/ (exists e : borrowed t_T'0 . view'0 self = C_Some'0 e /\ visited = Seq.singleton e /\ view'0 o = C_None'0) - goal refines : [%#soption0] forall self : t_IterMut'0 . forall result : () . produces'0 self (Seq.empty : Seq.seq (borrowed t_T'0)) self - -> produces'0 self (Seq.empty : Seq.seq (borrowed t_T'0)) self + axiom view'0_spec : forall self : t_IterMut'0 . [%#sslice2] Seq.length (view'1 (view'0 self).final) + = Seq.length (view'1 (view'0 self).current) + + predicate resolve'0 [#"../../../creusot-contracts/src/std/slice.rs" 436 4 436 28] (self : t_IterMut'0) = + [%#sslice1] (view'0 self).current = (view'0 self).final + + goal refines : [%#sslice0] forall self : t_IterMut'0 . structural_resolve'0 self /\ inv'0 self + -> structural_resolve'0 self /\ (forall result : () . resolve'0 self -> resolve'0 self) end -module M_creusot_contracts__stdqy35z1__slice__qyi8256668011736225471__produces_trans__refines [#"../../../creusot-contracts/src/std/slice.rs" 419 4 419 90] (* as std::iter::Iterator> *) - let%span sslice0 = "../../../creusot-contracts/src/std/slice.rs" 419 4 419 90 - let%span sslice1 = "../../../creusot-contracts/src/std/slice.rs" 405 12 405 66 - let%span sslice2 = "../../../creusot-contracts/src/std/slice.rs" 96 14 96 41 - let%span sslice3 = "../../../creusot-contracts/src/std/slice.rs" 97 14 97 80 - let%span smodel4 = "../../../creusot-contracts/src/model.rs" 92 8 92 22 - let%span sindex5 = "../../../creusot-contracts/src/logic/ops/index.rs" 49 8 49 31 - let%span sslice6 = "../../../creusot-contracts/src/std/slice.rs" 28 14 28 41 - let%span sslice7 = "../../../creusot-contracts/src/std/slice.rs" 29 14 29 42 +module M_creusot_contracts__stdqy35z1__vec__qyi6844585276173866460__resolve_coherence__refines [#"../../../creusot-contracts/src/std/vec.rs" 56 4 56 31] (* as resolve::Resolve> *) + let%span svec0 = "../../../creusot-contracts/src/std/vec.rs" 56 4 56 31 + let%span svec1 = "../../../creusot-contracts/src/std/vec.rs" 49 20 49 83 + let%span svec2 = "../../../creusot-contracts/src/std/vec.rs" 18 14 18 41 + let%span sindex3 = "../../../creusot-contracts/src/logic/ops/index.rs" 27 8 27 31 + let%span sinvariant4 = "../../../creusot-contracts/src/invariant.rs" 24 8 24 18 + let%span svec5 = "../../../creusot-contracts/src/std/vec.rs" 65 20 65 41 + let%span sseq6 = "../../../creusot-contracts/src/logic/seq.rs" 623 20 623 95 + let%span sboxed7 = "../../../creusot-contracts/src/std/boxed.rs" 28 8 28 18 + + use prelude.prelude.Borrow use prelude.prelude.Opaque type t_NonNull'0 = { t_NonNull__pointer'0: opaque_ptr } - type t_Iter'0 = - { t_Iter__ptr'0: t_NonNull'0; t_Iter__end_or_len'0: opaque_ptr; t_Iter__qy95zmarker'0: () } + type t_Unique'0 = + { t_Unique__pointer'0: t_NonNull'0; t_Unique__qy95zmarker'0: () } - use prelude.prelude.Borrow + use prelude.prelude.UIntSize + + type t_Cap'0 = + { t_Cap__0'0: usize } - type t_T'0 + type t_A'0 - use seq.Seq + type t_RawVec'0 = + { t_RawVec__ptr'0: t_Unique'0; t_RawVec__cap'0: t_Cap'0; t_RawVec__alloc'0: t_A'0 } - use prelude.prelude.Slice + type t_Vec'0 = + { t_Vec__buf'0: t_RawVec'0; t_Vec__len'0: usize } - function view'0 [#"../../../creusot-contracts/src/std/slice.rs" 389 4 389 33] (self : t_Iter'0) : slice t_T'0 + predicate resolve'1 [#"../../../creusot-contracts/src/resolve.rs" 19 0 19 40] (_1 : usize) = + true - use seq.Seq + predicate resolve'2 [#"../../../creusot-contracts/src/resolve.rs" 19 0 19 40] (_1 : t_RawVec'0) = + true - use seq.Seq + predicate structural_resolve'0 [#"../../../creusot-contracts/src/resolve.rs" 27 0 27 51] (_1 : t_Vec'0) = + match _1 with + | {t_Vec__buf'0 = x0 ; t_Vec__len'0 = x1} -> resolve'1 x1 /\ resolve'2 x0 + end use seq.Seq - use prelude.prelude.UIntSize - constant v_MAX'0 : usize = (18446744073709551615 : usize) use prelude.prelude.UIntSize use prelude.prelude.Int - use prelude.prelude.Slice + type t_T'0 - function view'2 [#"../../../creusot-contracts/src/std/slice.rs" 30 4 30 33] (self : slice t_T'0) : Seq.seq t_T'0 + use seq.Seq - axiom view'2_spec : forall self : slice t_T'0 . ([%#sslice6] Seq.length (view'2 self) - <= UIntSize.to_int (v_MAX'0 : usize)) - && ([%#sslice7] view'2 self = Slice.id self) + function view'0 [#"../../../creusot-contracts/src/std/vec.rs" 19 4 19 27] (self : t_Vec'0) : Seq.seq t_T'0 - function view'1 [#"../../../creusot-contracts/src/model.rs" 91 4 91 33] (self : slice t_T'0) : Seq.seq t_T'0 = - [%#smodel4] view'2 self + axiom view'0_spec : forall self : t_Vec'0 . [%#svec2] Seq.length (view'0 self) <= UIntSize.to_int (v_MAX'0 : usize) use seq.Seq - use seq.Seq + predicate inv'4 [#"../../../creusot-contracts/src/invariant.rs" 41 0 41 35] (_1 : t_T'0) - function index_logic'0 [@inline:trivial] [#"../../../creusot-contracts/src/logic/ops/index.rs" 48 4 48 47] (self : slice t_T'0) (ix : int) : t_T'0 - - = - [%#sindex5] Seq.get (view'2 self) ix + predicate invariant'3 [#"../../../creusot-contracts/src/std/boxed.rs" 27 4 27 30] (self : t_T'0) = + [%#sboxed7] inv'4 self - function to_ref_seq'0 [#"../../../creusot-contracts/src/std/slice.rs" 98 4 98 35] (self : slice t_T'0) : Seq.seq t_T'0 + predicate inv'3 [#"../../../creusot-contracts/src/invariant.rs" 41 0 41 35] (_1 : t_T'0) - axiom to_ref_seq'0_spec : forall self : slice t_T'0 . ([%#sslice2] Seq.length (to_ref_seq'0 self) - = Seq.length (view'1 self)) - && ([%#sslice3] forall i : int . 0 <= i /\ i < Seq.length (to_ref_seq'0 self) - -> Seq.get (to_ref_seq'0 self) i = index_logic'0 self i) + axiom inv_axiom'3 [@rewrite] : forall x : t_T'0 [inv'3 x] . inv'3 x = invariant'3 x - use seq.Seq + predicate invariant'2 [#"../../../creusot-contracts/src/logic/seq.rs" 622 4 622 30] (self : Seq.seq t_T'0) = + [%#sseq6] forall i : int . 0 <= i /\ i < Seq.length self -> inv'3 (Seq.get self i) - predicate produces'0 [#"../../../creusot-contracts/src/std/slice.rs" 403 4 403 65] (self : t_Iter'0) (visited : Seq.seq t_T'0) (tl : t_Iter'0) - - = - [%#sslice1] to_ref_seq'0 (view'0 self) = Seq.(++) visited (to_ref_seq'0 (view'0 tl)) + predicate inv'2 [#"../../../creusot-contracts/src/invariant.rs" 41 0 41 35] (_1 : Seq.seq t_T'0) - goal refines : [%#sslice0] forall a : t_Iter'0 . forall ab : Seq.seq t_T'0 . forall b : t_Iter'0 . forall bc : Seq.seq t_T'0 . forall c : t_Iter'0 . produces'0 b bc c - /\ produces'0 a ab b - -> produces'0 b bc c - /\ produces'0 a ab b /\ (forall result : () . produces'0 a (Seq.(++) ab bc) c -> produces'0 a (Seq.(++) ab bc) c) -end -module M_creusot_contracts__stdqy35z1__slice__qyi8256668011736225471__produces_refl__refines [#"../../../creusot-contracts/src/std/slice.rs" 412 4 412 26] (* as std::iter::Iterator> *) - let%span sslice0 = "../../../creusot-contracts/src/std/slice.rs" 412 4 412 26 - let%span sslice1 = "../../../creusot-contracts/src/std/slice.rs" 405 12 405 66 - let%span sslice2 = "../../../creusot-contracts/src/std/slice.rs" 96 14 96 41 - let%span sslice3 = "../../../creusot-contracts/src/std/slice.rs" 97 14 97 80 - let%span smodel4 = "../../../creusot-contracts/src/model.rs" 92 8 92 22 - let%span sindex5 = "../../../creusot-contracts/src/logic/ops/index.rs" 49 8 49 31 - let%span sslice6 = "../../../creusot-contracts/src/std/slice.rs" 28 14 28 41 - let%span sslice7 = "../../../creusot-contracts/src/std/slice.rs" 29 14 29 42 + axiom inv_axiom'2 [@rewrite] : forall x : Seq.seq t_T'0 [inv'2 x] . inv'2 x = invariant'2 x - use prelude.prelude.Opaque + predicate invariant'1 [#"../../../creusot-contracts/src/std/vec.rs" 64 4 64 30] (self : t_Vec'0) = + [%#svec5] inv'2 (view'0 self) - type t_NonNull'0 = - { t_NonNull__pointer'0: opaque_ptr } + predicate inv'1 [#"../../../creusot-contracts/src/invariant.rs" 41 0 41 35] (_1 : t_Vec'0) - type t_Iter'0 = - { t_Iter__ptr'0: t_NonNull'0; t_Iter__end_or_len'0: opaque_ptr; t_Iter__qy95zmarker'0: () } + axiom inv_axiom'1 [@rewrite] : forall x : t_Vec'0 [inv'1 x] . inv'1 x = invariant'1 x - use seq.Seq + predicate invariant'0 [#"../../../creusot-contracts/src/invariant.rs" 23 4 23 30] (self : t_Vec'0) = + [%#sinvariant4] inv'1 self - use prelude.prelude.Borrow + predicate inv'0 [#"../../../creusot-contracts/src/invariant.rs" 41 0 41 35] (_1 : t_Vec'0) - type t_T'0 + axiom inv_axiom'0 [@rewrite] : forall x : t_Vec'0 [inv'0 x] . inv'0 x = invariant'0 x use seq.Seq - use prelude.prelude.Slice + function index_logic'0 [@inline:trivial] [#"../../../creusot-contracts/src/logic/ops/index.rs" 26 4 26 47] (self : t_Vec'0) (ix : int) : t_T'0 + + = + [%#sindex3] Seq.get (view'0 self) ix - function view'0 [#"../../../creusot-contracts/src/std/slice.rs" 389 4 389 33] (self : t_Iter'0) : slice t_T'0 + predicate resolve'3 [#"../../../creusot-contracts/src/resolve.rs" 19 0 19 40] (_1 : t_T'0) - use seq.Seq + predicate resolve'0 [#"../../../creusot-contracts/src/std/vec.rs" 48 4 48 28] (self : t_Vec'0) = + [%#svec1] forall i : int . 0 <= i /\ i < Seq.length (view'0 self) -> resolve'3 (index_logic'0 self i) - use seq.Seq + goal refines : [%#svec0] forall self : t_Vec'0 . structural_resolve'0 self /\ inv'0 self + -> structural_resolve'0 self /\ (forall result : () . resolve'0 self -> resolve'0 self) +end +module M_creusot_contracts__stdqy35z1__vec__qyi8594830193745006303__resolve_coherence__refines [#"../../../creusot-contracts/src/std/vec.rs" 250 4 250 31] (* as resolve::Resolve> *) + let%span svec0 = "../../../creusot-contracts/src/std/vec.rs" 250 4 250 31 + let%span svec1 = "../../../creusot-contracts/src/std/vec.rs" 243 20 243 83 + let%span sinvariant2 = "../../../creusot-contracts/src/invariant.rs" 24 8 24 18 - use seq.Seq + use prelude.prelude.Borrow - use prelude.prelude.UIntSize + use prelude.prelude.Opaque - constant v_MAX'0 : usize = (18446744073709551615 : usize) + type t_NonNull'0 = + { t_NonNull__pointer'0: opaque_ptr } use prelude.prelude.UIntSize - use prelude.prelude.Int + type t_A'0 - use prelude.prelude.Slice + type t_ManuallyDrop'0 = + { t_ManuallyDrop__value'0: t_A'0 } - function view'2 [#"../../../creusot-contracts/src/std/slice.rs" 30 4 30 33] (self : slice t_T'0) : Seq.seq t_T'0 + type t_IntoIter'0 = + { t_IntoIter__buf'0: t_NonNull'0; + t_IntoIter__phantom'0: (); + t_IntoIter__cap'0: usize; + t_IntoIter__alloc'0: t_ManuallyDrop'0; + t_IntoIter__ptr'0: t_NonNull'0; + t_IntoIter__end'0: opaque_ptr } - axiom view'2_spec : forall self : slice t_T'0 . ([%#sslice6] Seq.length (view'2 self) - <= UIntSize.to_int (v_MAX'0 : usize)) - && ([%#sslice7] view'2 self = Slice.id self) + predicate resolve'1 [#"../../../creusot-contracts/src/resolve.rs" 19 0 19 40] (_1 : opaque_ptr) = + true - function view'1 [#"../../../creusot-contracts/src/model.rs" 91 4 91 33] (self : slice t_T'0) : Seq.seq t_T'0 = - [%#smodel4] view'2 self + predicate resolve'2 [#"../../../creusot-contracts/src/resolve.rs" 19 0 19 40] (_1 : t_NonNull'0) = + true - use seq.Seq + predicate resolve'3 [#"../../../creusot-contracts/src/resolve.rs" 19 0 19 40] (_1 : t_ManuallyDrop'0) = + true - use seq.Seq + predicate resolve'4 [#"../../../creusot-contracts/src/resolve.rs" 19 0 19 40] (_1 : usize) = + true - function index_logic'0 [@inline:trivial] [#"../../../creusot-contracts/src/logic/ops/index.rs" 48 4 48 47] (self : slice t_T'0) (ix : int) : t_T'0 - - = - [%#sindex5] Seq.get (view'2 self) ix + predicate resolve'5 [#"../../../creusot-contracts/src/resolve.rs" 19 0 19 40] (_1 : ()) = + true - function to_ref_seq'0 [#"../../../creusot-contracts/src/std/slice.rs" 98 4 98 35] (self : slice t_T'0) : Seq.seq t_T'0 + predicate structural_resolve'0 [#"../../../creusot-contracts/src/resolve.rs" 27 0 27 51] (_1 : t_IntoIter'0) = + match _1 with + | {t_IntoIter__buf'0 = x0 ; t_IntoIter__phantom'0 = x1 ; t_IntoIter__cap'0 = x2 ; t_IntoIter__alloc'0 = x3 ; t_IntoIter__ptr'0 = x4 ; t_IntoIter__end'0 = x5} -> resolve'1 x5 + /\ resolve'2 x4 /\ resolve'3 x3 /\ resolve'4 x2 /\ resolve'5 x1 /\ resolve'2 x0 + end - axiom to_ref_seq'0_spec : forall self : slice t_T'0 . ([%#sslice2] Seq.length (to_ref_seq'0 self) - = Seq.length (view'1 self)) - && ([%#sslice3] forall i : int . 0 <= i /\ i < Seq.length (to_ref_seq'0 self) - -> Seq.get (to_ref_seq'0 self) i = index_logic'0 self i) + predicate inv'3 [#"../../../creusot-contracts/src/invariant.rs" 41 0 41 35] (_1 : t_A'0) - use seq.Seq + predicate inv'2 [#"../../../creusot-contracts/src/invariant.rs" 41 0 41 35] (_1 : t_ManuallyDrop'0) - predicate produces'0 [#"../../../creusot-contracts/src/std/slice.rs" 403 4 403 65] (self : t_Iter'0) (visited : Seq.seq t_T'0) (tl : t_Iter'0) - - = - [%#sslice1] to_ref_seq'0 (view'0 self) = Seq.(++) visited (to_ref_seq'0 (view'0 tl)) + axiom inv_axiom'2 [@rewrite] : forall x : t_ManuallyDrop'0 [inv'2 x] . inv'2 x + = match x with + | {t_ManuallyDrop__value'0 = value} -> inv'3 value + end - goal refines : [%#sslice0] forall self : t_Iter'0 . forall result : () . produces'0 self (Seq.empty : Seq.seq t_T'0) self - -> produces'0 self (Seq.empty : Seq.seq t_T'0) self -end -module M_creusot_contracts__stdqy35z1__slice__qyi7128337469104663169__produces_refl__refines [#"../../../creusot-contracts/src/std/slice.rs" 466 4 466 26] (* as std::iter::Iterator> *) - let%span sslice0 = "../../../creusot-contracts/src/std/slice.rs" 466 4 466 26 - let%span sslice1 = "../../../creusot-contracts/src/std/slice.rs" 459 12 459 66 - let%span sslice2 = "../../../creusot-contracts/src/std/slice.rs" 427 14 427 50 - let%span sslice3 = "../../../creusot-contracts/src/std/slice.rs" 87 14 87 41 - let%span sslice4 = "../../../creusot-contracts/src/std/slice.rs" 88 14 88 84 - let%span sslice5 = "../../../creusot-contracts/src/std/slice.rs" 28 14 28 41 - let%span sslice6 = "../../../creusot-contracts/src/std/slice.rs" 29 14 29 42 - let%span smodel7 = "../../../creusot-contracts/src/model.rs" 110 8 110 22 - let%span sindex8 = "../../../creusot-contracts/src/logic/ops/index.rs" 49 8 49 31 + predicate inv'1 [#"../../../creusot-contracts/src/invariant.rs" 41 0 41 35] (_1 : t_IntoIter'0) - use prelude.prelude.Opaque + axiom inv_axiom'1 [@rewrite] : forall x : t_IntoIter'0 [inv'1 x] . inv'1 x + = match x with + | {t_IntoIter__buf'0 = buf ; t_IntoIter__phantom'0 = phantom ; t_IntoIter__cap'0 = cap ; t_IntoIter__alloc'0 = alloc ; t_IntoIter__ptr'0 = ptr ; t_IntoIter__end'0 = end'} -> inv'2 alloc + end - type t_NonNull'0 = - { t_NonNull__pointer'0: opaque_ptr } + predicate invariant'0 [#"../../../creusot-contracts/src/invariant.rs" 23 4 23 30] (self : t_IntoIter'0) = + [%#sinvariant2] inv'1 self - type t_IterMut'0 = - { t_IterMut__ptr'0: t_NonNull'0; t_IterMut__end_or_len'0: opaque_ptr; t_IterMut__qy95zmarker'0: () } + predicate inv'0 [#"../../../creusot-contracts/src/invariant.rs" 41 0 41 35] (_1 : t_IntoIter'0) - use seq.Seq + axiom inv_axiom'0 [@rewrite] : forall x : t_IntoIter'0 [inv'0 x] . inv'0 x = invariant'0 x - use prelude.prelude.Borrow + use prelude.prelude.Int type t_T'0 use seq.Seq - use seq.Seq + function view'0 [#"../../../creusot-contracts/src/std/vec.rs" 234 4 234 33] (self : t_IntoIter'0) : Seq.seq t_T'0 - use prelude.prelude.UIntSize + use seq.Seq - constant v_MAX'0 : usize = (18446744073709551615 : usize) + use seq.Seq - use prelude.prelude.UIntSize + predicate resolve'6 [#"../../../creusot-contracts/src/resolve.rs" 19 0 19 40] (_1 : t_T'0) - use prelude.prelude.Int + predicate resolve'0 [#"../../../creusot-contracts/src/std/vec.rs" 242 4 242 28] (self : t_IntoIter'0) = + [%#svec1] forall i : int . 0 <= i /\ i < Seq.length (view'0 self) -> resolve'6 (Seq.get (view'0 self) i) - use prelude.prelude.Slice + goal refines : [%#svec0] forall self : t_IntoIter'0 . structural_resolve'0 self /\ inv'0 self + -> structural_resolve'0 self /\ (forall result : () . resolve'0 self -> resolve'0 self) +end +module M_creusot_contracts__ghost__qyi2241556416362616690__resolve_coherence__refines [#"../../../creusot-contracts/src/ghost.rs" 117 4 117 31] (* as resolve::Resolve> *) + let%span sghost0 = "../../../creusot-contracts/src/ghost.rs" 117 4 117 31 + let%span sghost1 = "../../../creusot-contracts/src/ghost.rs" 110 8 110 24 + let%span sresolve2 = "../../../creusot-contracts/src/resolve.rs" 68 8 68 23 + let%span sinvariant3 = "../../../creusot-contracts/src/invariant.rs" 24 8 24 18 + let%span sboxed4 = "../../../creusot-contracts/src/std/boxed.rs" 28 8 28 18 - use prelude.prelude.Slice + use prelude.prelude.Borrow - use seq.Seq + type t_T'0 - function view'1 [#"../../../creusot-contracts/src/std/slice.rs" 30 4 30 33] (self : slice t_T'0) : Seq.seq t_T'0 + type t_GhostBox'0 = + { t_GhostBox__0'0: t_T'0 } - axiom view'1_spec : forall self : slice t_T'0 . ([%#sslice5] Seq.length (view'1 self) - <= UIntSize.to_int (v_MAX'0 : usize)) - && ([%#sslice6] view'1 self = Slice.id self) + predicate resolve'3 [#"../../../creusot-contracts/src/resolve.rs" 19 0 19 40] (_1 : t_T'0) - function view'0 [#"../../../creusot-contracts/src/std/slice.rs" 428 4 428 33] (self : t_IterMut'0) : borrowed (slice t_T'0) - + predicate resolve'2 [#"../../../creusot-contracts/src/resolve.rs" 67 4 67 28] (self : t_T'0) = + [%#sresolve2] resolve'3 self - axiom view'0_spec : forall self : t_IterMut'0 . [%#sslice2] Seq.length (view'1 (view'0 self).final) - = Seq.length (view'1 (view'0 self).current) + predicate resolve'1 [#"../../../creusot-contracts/src/resolve.rs" 19 0 19 40] (_1 : t_T'0) = + resolve'2 _1 - use seq.Seq + predicate structural_resolve'0 [#"../../../creusot-contracts/src/resolve.rs" 27 0 27 51] (_1 : t_GhostBox'0) = + match _1 with + | {t_GhostBox__0'0 = x0} -> resolve'1 x0 + end - function view'2 [#"../../../creusot-contracts/src/model.rs" 109 4 109 33] (self : borrowed (slice t_T'0)) : Seq.seq t_T'0 - - = - [%#smodel7] view'1 self.current + predicate inv'3 [#"../../../creusot-contracts/src/invariant.rs" 41 0 41 35] (_1 : t_T'0) - use seq.Seq + predicate invariant'1 [#"../../../creusot-contracts/src/std/boxed.rs" 27 4 27 30] (self : t_T'0) = + [%#sboxed4] inv'3 self - use seq.Seq + predicate inv'2 [#"../../../creusot-contracts/src/invariant.rs" 41 0 41 35] (_1 : t_T'0) - function index_logic'0 [@inline:trivial] [#"../../../creusot-contracts/src/logic/ops/index.rs" 48 4 48 47] (self : slice t_T'0) (ix : int) : t_T'0 - - = - [%#sindex8] Seq.get (view'1 self) ix + axiom inv_axiom'2 [@rewrite] : forall x : t_T'0 [inv'2 x] . inv'2 x = invariant'1 x - function to_mut_seq'0 [#"../../../creusot-contracts/src/std/slice.rs" 90 4 90 43] (self : borrowed (slice t_T'0)) : Seq.seq (borrowed t_T'0) - + predicate inv'1 [#"../../../creusot-contracts/src/invariant.rs" 41 0 41 35] (_1 : t_GhostBox'0) - axiom to_mut_seq'0_spec : forall self : borrowed (slice t_T'0) . ([%#sslice3] Seq.length (to_mut_seq'0 self) - = Seq.length (view'2 self)) - && ([%#sslice4] forall i : int . 0 <= i /\ i < Seq.length (to_mut_seq'0 self) - -> Seq.get (to_mut_seq'0 self) i - = Borrow.borrow_logic (index_logic'0 self.current i) (index_logic'0 self.final i) (Borrow.inherit_id (Borrow.get_id self) i)) + axiom inv_axiom'1 [@rewrite] : forall x : t_GhostBox'0 [inv'1 x] . inv'1 x + = match x with + | {t_GhostBox__0'0 = a_0} -> inv'2 a_0 + end - use seq.Seq + predicate invariant'0 [#"../../../creusot-contracts/src/invariant.rs" 23 4 23 30] (self : t_GhostBox'0) = + [%#sinvariant3] inv'1 self - predicate produces'0 [#"../../../creusot-contracts/src/std/slice.rs" 457 4 457 65] (self : t_IterMut'0) (visited : Seq.seq (borrowed t_T'0)) (tl : t_IterMut'0) - - = - [%#sslice1] to_mut_seq'0 (view'0 self) = Seq.(++) visited (to_mut_seq'0 (view'0 tl)) + predicate inv'0 [#"../../../creusot-contracts/src/invariant.rs" 41 0 41 35] (_1 : t_GhostBox'0) - goal refines : [%#sslice0] forall self : t_IterMut'0 . forall result : () . produces'0 self (Seq.empty : Seq.seq (borrowed t_T'0)) self - -> produces'0 self (Seq.empty : Seq.seq (borrowed t_T'0)) self -end -module M_creusot_contracts__stdqy35z1__slice__qyi7128337469104663169__produces_trans__refines [#"../../../creusot-contracts/src/std/slice.rs" 473 4 473 90] (* as std::iter::Iterator> *) - let%span sslice0 = "../../../creusot-contracts/src/std/slice.rs" 473 4 473 90 - let%span sslice1 = "../../../creusot-contracts/src/std/slice.rs" 459 12 459 66 - let%span sslice2 = "../../../creusot-contracts/src/std/slice.rs" 427 14 427 50 - let%span sslice3 = "../../../creusot-contracts/src/std/slice.rs" 87 14 87 41 - let%span sslice4 = "../../../creusot-contracts/src/std/slice.rs" 88 14 88 84 - let%span sslice5 = "../../../creusot-contracts/src/std/slice.rs" 28 14 28 41 - let%span sslice6 = "../../../creusot-contracts/src/std/slice.rs" 29 14 29 42 - let%span smodel7 = "../../../creusot-contracts/src/model.rs" 110 8 110 22 - let%span sindex8 = "../../../creusot-contracts/src/logic/ops/index.rs" 49 8 49 31 + axiom inv_axiom'0 [@rewrite] : forall x : t_GhostBox'0 [inv'0 x] . inv'0 x = invariant'0 x - use prelude.prelude.Opaque + predicate structural_resolve'1 [#"../../../creusot-contracts/src/resolve.rs" 27 0 27 51] (_1 : t_GhostBox'0) = + true - type t_NonNull'0 = - { t_NonNull__pointer'0: opaque_ptr } + predicate resolve'0 [#"../../../creusot-contracts/src/ghost.rs" 109 4 109 28] (self : t_GhostBox'0) = + [%#sghost1] resolve'1 self.t_GhostBox__0'0 - type t_IterMut'0 = - { t_IterMut__ptr'0: t_NonNull'0; t_IterMut__end_or_len'0: opaque_ptr; t_IterMut__qy95zmarker'0: () } + goal refines : [%#sghost0] forall self : t_GhostBox'0 . structural_resolve'0 self /\ inv'0 self + -> structural_resolve'1 self /\ (forall result : () . resolve'0 self -> resolve'0 self) +end +module M_creusot_contracts__resolve__qyi4855891653524509355__resolve_coherence__refines [#"../../../creusot-contracts/src/resolve.rs" 47 4 47 31] (* <(T1, T2) as resolve::Resolve> *) + let%span sresolve0 = "../../../creusot-contracts/src/resolve.rs" 47 4 47 31 + let%span sresolve1 = "../../../creusot-contracts/src/resolve.rs" 40 8 40 44 + let%span sinvariant2 = "../../../creusot-contracts/src/invariant.rs" 24 8 24 18 use prelude.prelude.Borrow - type t_T'0 + type t_T1'0 - use seq.Seq + type t_T2'0 - use seq.Seq + predicate resolve'1 [#"../../../creusot-contracts/src/resolve.rs" 19 0 19 40] (_1 : t_T2'0) - use prelude.prelude.UIntSize + predicate resolve'2 [#"../../../creusot-contracts/src/resolve.rs" 19 0 19 40] (_1 : t_T1'0) - constant v_MAX'0 : usize = (18446744073709551615 : usize) + predicate structural_resolve'0 [#"../../../creusot-contracts/src/resolve.rs" 27 0 27 51] (_1 : (t_T1'0, t_T2'0)) = + match _1 with + | (x0, x1) -> resolve'1 x1 /\ resolve'2 x0 + end - use prelude.prelude.UIntSize + predicate inv'2 [#"../../../creusot-contracts/src/invariant.rs" 41 0 41 35] (_1 : t_T1'0) - use prelude.prelude.Int + predicate inv'3 [#"../../../creusot-contracts/src/invariant.rs" 41 0 41 35] (_1 : t_T2'0) - use prelude.prelude.Slice + predicate inv'1 [#"../../../creusot-contracts/src/invariant.rs" 41 0 41 35] (_1 : (t_T1'0, t_T2'0)) - use prelude.prelude.Slice + axiom inv_axiom'1 [@rewrite] : forall x : (t_T1'0, t_T2'0) [inv'1 x] . inv'1 x + = (let (x0, x1) = x in inv'2 x0 /\ inv'3 x1) - use seq.Seq + predicate invariant'0 [#"../../../creusot-contracts/src/invariant.rs" 23 4 23 30] (self : (t_T1'0, t_T2'0)) = + [%#sinvariant2] inv'1 self - function view'1 [#"../../../creusot-contracts/src/std/slice.rs" 30 4 30 33] (self : slice t_T'0) : Seq.seq t_T'0 + predicate inv'0 [#"../../../creusot-contracts/src/invariant.rs" 41 0 41 35] (_1 : (t_T1'0, t_T2'0)) - axiom view'1_spec : forall self : slice t_T'0 . ([%#sslice5] Seq.length (view'1 self) - <= UIntSize.to_int (v_MAX'0 : usize)) - && ([%#sslice6] view'1 self = Slice.id self) + axiom inv_axiom'0 [@rewrite] : forall x : (t_T1'0, t_T2'0) [inv'0 x] . inv'0 x = invariant'0 x - function view'0 [#"../../../creusot-contracts/src/std/slice.rs" 428 4 428 33] (self : t_IterMut'0) : borrowed (slice t_T'0) - + predicate resolve'0 [#"../../../creusot-contracts/src/resolve.rs" 39 4 39 28] (self : (t_T1'0, t_T2'0)) = + [%#sresolve1] resolve'2 (let (a, _) = self in a) /\ resolve'1 (let (_, a) = self in a) - axiom view'0_spec : forall self : t_IterMut'0 . [%#sslice2] Seq.length (view'1 (view'0 self).final) - = Seq.length (view'1 (view'0 self).current) + goal refines : [%#sresolve0] forall self : (t_T1'0, t_T2'0) . structural_resolve'0 self /\ inv'0 self + -> structural_resolve'0 self /\ (forall result : () . resolve'0 self -> resolve'0 self) +end +module M_creusot_contracts__resolve__qyi6740873903368268328__resolve_coherence__refines [#"../../../creusot-contracts/src/resolve.rs" 61 4 61 31] (* <&mut T as resolve::Resolve> *) + let%span sresolve0 = "../../../creusot-contracts/src/resolve.rs" 61 4 61 31 + let%span sresolve1 = "../../../creusot-contracts/src/resolve.rs" 54 20 54 34 + let%span sinvariant2 = "../../../creusot-contracts/src/invariant.rs" 24 8 24 18 + let%span sinvariant3 = "../../../creusot-contracts/src/invariant.rs" 34 20 34 44 - use seq.Seq + use prelude.prelude.Borrow - function view'2 [#"../../../creusot-contracts/src/model.rs" 109 4 109 33] (self : borrowed (slice t_T'0)) : Seq.seq t_T'0 - - = - [%#smodel7] view'1 self.current + type t_T'0 - use seq.Seq + predicate structural_resolve'0 [#"../../../creusot-contracts/src/resolve.rs" 27 0 27 51] (_1 : borrowed t_T'0) = + _1.final = _1.current - use seq.Seq + predicate inv'2 [#"../../../creusot-contracts/src/invariant.rs" 41 0 41 35] (_1 : t_T'0) - function index_logic'0 [@inline:trivial] [#"../../../creusot-contracts/src/logic/ops/index.rs" 48 4 48 47] (self : slice t_T'0) (ix : int) : t_T'0 - - = - [%#sindex8] Seq.get (view'1 self) ix + predicate invariant'1 [#"../../../creusot-contracts/src/invariant.rs" 33 4 33 30] (self : borrowed t_T'0) = + [%#sinvariant3] inv'2 self.current /\ inv'2 self.final - function to_mut_seq'0 [#"../../../creusot-contracts/src/std/slice.rs" 90 4 90 43] (self : borrowed (slice t_T'0)) : Seq.seq (borrowed t_T'0) - + predicate inv'1 [#"../../../creusot-contracts/src/invariant.rs" 41 0 41 35] (_1 : borrowed t_T'0) - axiom to_mut_seq'0_spec : forall self : borrowed (slice t_T'0) . ([%#sslice3] Seq.length (to_mut_seq'0 self) - = Seq.length (view'2 self)) - && ([%#sslice4] forall i : int . 0 <= i /\ i < Seq.length (to_mut_seq'0 self) - -> Seq.get (to_mut_seq'0 self) i - = Borrow.borrow_logic (index_logic'0 self.current i) (index_logic'0 self.final i) (Borrow.inherit_id (Borrow.get_id self) i)) + axiom inv_axiom'1 [@rewrite] : forall x : borrowed t_T'0 [inv'1 x] . inv'1 x = invariant'1 x - use seq.Seq + predicate invariant'0 [#"../../../creusot-contracts/src/invariant.rs" 23 4 23 30] (self : borrowed t_T'0) = + [%#sinvariant2] inv'1 self - predicate produces'0 [#"../../../creusot-contracts/src/std/slice.rs" 457 4 457 65] (self : t_IterMut'0) (visited : Seq.seq (borrowed t_T'0)) (tl : t_IterMut'0) - - = - [%#sslice1] to_mut_seq'0 (view'0 self) = Seq.(++) visited (to_mut_seq'0 (view'0 tl)) + predicate inv'0 [#"../../../creusot-contracts/src/invariant.rs" 41 0 41 35] (_1 : borrowed t_T'0) - goal refines : [%#sslice0] forall a : t_IterMut'0 . forall ab : Seq.seq (borrowed t_T'0) . forall b : t_IterMut'0 . forall bc : Seq.seq (borrowed t_T'0) . forall c : t_IterMut'0 . produces'0 b bc c - /\ produces'0 a ab b - -> produces'0 b bc c - /\ produces'0 a ab b /\ (forall result : () . produces'0 a (Seq.(++) ab bc) c -> produces'0 a (Seq.(++) ab bc) c) + axiom inv_axiom'0 [@rewrite] : forall x : borrowed t_T'0 [inv'0 x] . inv'0 x = invariant'0 x + + predicate resolve'0 [#"../../../creusot-contracts/src/resolve.rs" 53 4 53 28] (self : borrowed t_T'0) = + [%#sresolve1] self.final = self.current + + goal refines : [%#sresolve0] forall self : borrowed t_T'0 . structural_resolve'0 self /\ inv'0 self + -> structural_resolve'0 self /\ (forall result : () . resolve'0 self -> resolve'0 self) end -module M_creusot_contracts__stdqy35z1__vec__qyi12862303518309667396__produces_trans__refines [#"../../../creusot-contracts/src/std/vec.rs" 278 4 278 72] (* as std::iter::Iterator> *) - let%span svec0 = "../../../creusot-contracts/src/std/vec.rs" 278 4 278 72 - let%span svec1 = "../../../creusot-contracts/src/std/vec.rs" 264 12 264 41 +module M_creusot_contracts__resolve__qyi10830812895881240411__resolve_coherence__refines [#"../../../creusot-contracts/src/resolve.rs" 75 4 75 31] (* as resolve::Resolve> *) + let%span sresolve0 = "../../../creusot-contracts/src/resolve.rs" 75 4 75 31 + let%span sresolve1 = "../../../creusot-contracts/src/resolve.rs" 68 8 68 23 + let%span sinvariant2 = "../../../creusot-contracts/src/invariant.rs" 24 8 24 18 + let%span sboxed3 = "../../../creusot-contracts/src/std/boxed.rs" 28 8 28 18 - use prelude.prelude.Opaque + use prelude.prelude.Borrow - type t_NonNull'0 = - { t_NonNull__pointer'0: opaque_ptr } + type t_T'0 - use prelude.prelude.UIntSize + predicate resolve'1 [#"../../../creusot-contracts/src/resolve.rs" 19 0 19 40] (_1 : t_T'0) - type t_A'0 + predicate structural_resolve'0 [#"../../../creusot-contracts/src/resolve.rs" 27 0 27 51] (_1 : t_T'0) = + resolve'1 _1 - type t_ManuallyDrop'0 = - { t_ManuallyDrop__value'0: t_A'0 } + predicate inv'2 [#"../../../creusot-contracts/src/invariant.rs" 41 0 41 35] (_1 : t_T'0) - type t_IntoIter'0 = - { t_IntoIter__buf'0: t_NonNull'0; - t_IntoIter__phantom'0: (); - t_IntoIter__cap'0: usize; - t_IntoIter__alloc'0: t_ManuallyDrop'0; - t_IntoIter__ptr'0: t_NonNull'0; - t_IntoIter__end'0: opaque_ptr } + predicate invariant'1 [#"../../../creusot-contracts/src/std/boxed.rs" 27 4 27 30] (self : t_T'0) = + [%#sboxed3] inv'2 self - type t_T'0 + predicate inv'1 [#"../../../creusot-contracts/src/invariant.rs" 41 0 41 35] (_1 : t_T'0) - use seq.Seq + axiom inv_axiom'1 [@rewrite] : forall x : t_T'0 [inv'1 x] . inv'1 x = invariant'1 x - function view'0 [#"../../../creusot-contracts/src/std/vec.rs" 234 4 234 33] (self : t_IntoIter'0) : Seq.seq t_T'0 + predicate invariant'0 [#"../../../creusot-contracts/src/invariant.rs" 23 4 23 30] (self : t_T'0) = + [%#sinvariant2] inv'1 self - use seq.Seq + predicate inv'0 [#"../../../creusot-contracts/src/invariant.rs" 41 0 41 35] (_1 : t_T'0) - predicate produces'0 [#"../../../creusot-contracts/src/std/vec.rs" 262 4 262 57] (self : t_IntoIter'0) (visited : Seq.seq t_T'0) (rhs : t_IntoIter'0) - - = - [%#svec1] view'0 self = Seq.(++) visited (view'0 rhs) + axiom inv_axiom'0 [@rewrite] : forall x : t_T'0 [inv'0 x] . inv'0 x = invariant'0 x - goal refines : [%#svec0] forall a : t_IntoIter'0 . forall ab : Seq.seq t_T'0 . forall b : t_IntoIter'0 . forall bc : Seq.seq t_T'0 . forall c : t_IntoIter'0 . produces'0 b bc c - /\ produces'0 a ab b - -> produces'0 b bc c - /\ produces'0 a ab b /\ (forall result : () . produces'0 a (Seq.(++) ab bc) c -> produces'0 a (Seq.(++) ab bc) c) + predicate resolve'0 [#"../../../creusot-contracts/src/resolve.rs" 67 4 67 28] (self : t_T'0) = + [%#sresolve1] resolve'1 self + + goal refines : [%#sresolve0] forall self : t_T'0 . structural_resolve'0 self /\ inv'0 self + -> structural_resolve'0 self /\ (forall result : () . resolve'0 self -> resolve'0 self) end -module M_creusot_contracts__stdqy35z1__vec__qyi12862303518309667396__produces_refl__refines [#"../../../creusot-contracts/src/std/vec.rs" 271 4 271 26] (* as std::iter::Iterator> *) - let%span svec0 = "../../../creusot-contracts/src/std/vec.rs" 271 4 271 26 - let%span svec1 = "../../../creusot-contracts/src/std/vec.rs" 264 12 264 41 +module M_creusot_contracts__resolve__qyi12875730110607858017__resolve_coherence__refines [#"../../../creusot-contracts/src/resolve.rs" 92 4 92 31] (* as resolve::Resolve> *) + let%span sresolve0 = "../../../creusot-contracts/src/resolve.rs" 92 4 92 31 + let%span sresolve1 = "../../../creusot-contracts/src/resolve.rs" 82 8 85 9 + let%span sinvariant2 = "../../../creusot-contracts/src/invariant.rs" 24 8 24 18 - use prelude.prelude.Opaque + use prelude.prelude.Borrow - type t_NonNull'0 = - { t_NonNull__pointer'0: opaque_ptr } + type t_T'0 - use prelude.prelude.UIntSize + type t_Option'0 = + | C_None'0 + | C_Some'0 t_T'0 - type t_A'0 + predicate resolve'1 [#"../../../creusot-contracts/src/resolve.rs" 19 0 19 40] (_1 : t_T'0) - type t_ManuallyDrop'0 = - { t_ManuallyDrop__value'0: t_A'0 } + predicate structural_resolve'0 [#"../../../creusot-contracts/src/resolve.rs" 27 0 27 51] (_1 : t_Option'0) = + match _1 with + | C_None'0 -> true + | C_Some'0 x0 -> resolve'1 x0 + end - type t_IntoIter'0 = - { t_IntoIter__buf'0: t_NonNull'0; - t_IntoIter__phantom'0: (); - t_IntoIter__cap'0: usize; - t_IntoIter__alloc'0: t_ManuallyDrop'0; - t_IntoIter__ptr'0: t_NonNull'0; - t_IntoIter__end'0: opaque_ptr } + predicate inv'2 [#"../../../creusot-contracts/src/invariant.rs" 41 0 41 35] (_1 : t_T'0) - use seq.Seq + predicate inv'1 [#"../../../creusot-contracts/src/invariant.rs" 41 0 41 35] (_1 : t_Option'0) - type t_T'0 + axiom inv_axiom'1 [@rewrite] : forall x : t_Option'0 [inv'1 x] . inv'1 x + = match x with + | C_None'0 -> true + | C_Some'0 a_0 -> inv'2 a_0 + end - use seq.Seq + predicate invariant'0 [#"../../../creusot-contracts/src/invariant.rs" 23 4 23 30] (self : t_Option'0) = + [%#sinvariant2] inv'1 self - function view'0 [#"../../../creusot-contracts/src/std/vec.rs" 234 4 234 33] (self : t_IntoIter'0) : Seq.seq t_T'0 + predicate inv'0 [#"../../../creusot-contracts/src/invariant.rs" 41 0 41 35] (_1 : t_Option'0) - use seq.Seq + axiom inv_axiom'0 [@rewrite] : forall x : t_Option'0 [inv'0 x] . inv'0 x = invariant'0 x - predicate produces'0 [#"../../../creusot-contracts/src/std/vec.rs" 262 4 262 57] (self : t_IntoIter'0) (visited : Seq.seq t_T'0) (rhs : t_IntoIter'0) - - = - [%#svec1] view'0 self = Seq.(++) visited (view'0 rhs) + predicate resolve'0 [#"../../../creusot-contracts/src/resolve.rs" 81 4 81 28] (self : t_Option'0) = + [%#sresolve1] match self with + | C_Some'0 x -> resolve'1 x + | C_None'0 -> true + end - goal refines : [%#svec0] forall self : t_IntoIter'0 . forall result : () . produces'0 self (Seq.empty : Seq.seq t_T'0) self - -> produces'0 self (Seq.empty : Seq.seq t_T'0) self + goal refines : [%#sresolve0] forall self : t_Option'0 . structural_resolve'0 self /\ inv'0 self + -> structural_resolve'0 self /\ (forall result : () . resolve'0 self -> resolve'0 self) end module M_creusot_contracts__stdqy35z1__iter__fuse__qyi7691061398646472980__is_fused__refines [#"../../../creusot-contracts/src/std/iter/fuse.rs" 66 4 66 62] (* as std::iter::fuse::FusedIterator> *) let%span sfuse0 = "../../../creusot-contracts/src/std/iter/fuse.rs" 66 4 66 62 diff --git a/creusot/tests/creusot-contracts/creusot-contracts/why3session.xml b/creusot/tests/creusot-contracts/creusot-contracts/why3session.xml index 5b920d707..e070cf024 100644 --- a/creusot/tests/creusot-contracts/creusot-contracts/why3session.xml +++ b/creusot/tests/creusot-contracts/creusot-contracts/why3session.xml @@ -8,6 +8,34 @@ + + + + + + + + + + + + + + + + + + + + + + + + + + + + @@ -1759,6 +1787,26 @@ + + + + + + + + + + + + + + + + + + + + diff --git a/creusot/tests/creusot-contracts/creusot-contracts/why3shapes.gz b/creusot/tests/creusot-contracts/creusot-contracts/why3shapes.gz index 18053c4de..5ca92942f 100644 Binary files a/creusot/tests/creusot-contracts/creusot-contracts/why3shapes.gz and b/creusot/tests/creusot-contracts/creusot-contracts/why3shapes.gz differ diff --git a/creusot/tests/should_fail/diagnostics/view_unimplemented.stderr b/creusot/tests/should_fail/diagnostics/view_unimplemented.stderr index 5967c1d5a..15b406d9b 100644 --- a/creusot/tests/should_fail/diagnostics/view_unimplemented.stderr +++ b/creusot/tests/should_fail/diagnostics/view_unimplemented.stderr @@ -40,7 +40,7 @@ error[E0277]: Cannot take the model of `S` [T] creusot_contracts::GhostBox creusot_contracts::Snapshot - and 31 others + and 32 others error[E0277]: Cannot take the model of `S` --> view_unimplemented.rs:11:25 @@ -58,7 +58,7 @@ error[E0277]: Cannot take the model of `S` [T] creusot_contracts::GhostBox creusot_contracts::Snapshot - and 31 others + and 32 others error: internal error: Cannot fetch THIR body diff --git a/creusot/tests/should_succeed/bug/final_borrows.coma b/creusot/tests/should_succeed/bug/final_borrows.coma index 332fba652..2bb331f3e 100644 --- a/creusot/tests/should_succeed/bug/final_borrows.coma +++ b/creusot/tests/should_succeed/bug/final_borrows.coma @@ -2103,7 +2103,7 @@ module M_final_borrows__index_mut_array [#"final_borrows.rs" 214 0 214 52] let%span sindex7 = "../../../../creusot-contracts/src/logic/ops/index.rs" 82 8 82 32 let%span sresolve8 = "../../../../creusot-contracts/src/resolve.rs" 54 20 54 34 let%span sinvariant9 = "../../../../creusot-contracts/src/invariant.rs" 34 20 34 44 - let%span sarray10 = "../../../../creusot-contracts/src/std/array.rs" 9 20 9 30 + let%span sarray10 = "../../../../creusot-contracts/src/std/array.rs" 14 20 14 30 let%span sseq11 = "../../../../creusot-contracts/src/logic/seq.rs" 623 20 623 95 let%span sboxed12 = "../../../../creusot-contracts/src/std/boxed.rs" 28 8 28 18 diff --git a/creusot/tests/should_succeed/cc/array.coma b/creusot/tests/should_succeed/cc/array.coma new file mode 100644 index 000000000..75f935b70 --- /dev/null +++ b/creusot/tests/should_succeed/cc/array.coma @@ -0,0 +1,532 @@ +module M_array__test_array [#"array.rs" 3 0 3 19] + let%span sarray0 = "array.rs" 9 54 9 55 + let%span sarray1 = "array.rs" 4 17 4 18 + let%span sarray2 = "array.rs" 4 20 4 21 + let%span sslice3 = "../../../../creusot-contracts/src/std/slice.rs" 245 0 354 1 + let%span siter4 = "../../../../creusot-contracts/src/std/iter.rs" 103 26 106 17 + let%span sarray5 = "array.rs" 5 31 5 32 + let%span soption6 = "../../../../creusot-contracts/src/std/option.rs" 23 26 23 75 + let%span sarray7 = "array.rs" 6 31 6 32 + let%span siter8 = "../../../../creusot-contracts/src/std/iter.rs" 97 0 205 1 + let%span sarray9 = "array.rs" 10 30 10 31 + let%span sslice10 = "../../../../creusot-contracts/src/std/slice.rs" 398 20 398 61 + let%span sslice11 = "../../../../creusot-contracts/src/std/slice.rs" 405 12 405 66 + let%span smodel12 = "../../../../creusot-contracts/src/model.rs" 83 8 83 28 + let%span sarray13 = "../../../../creusot-contracts/src/std/array.rs" 87 20 87 24 + let%span sarray14 = "../../../../creusot-contracts/src/std/array.rs" 93 20 93 33 + let%span sarray15 = "../../../../creusot-contracts/src/std/array.rs" 67 20 67 57 + let%span sarray16 = "../../../../creusot-contracts/src/std/array.rs" 61 20 61 47 + let%span sslice17 = "../../../../creusot-contracts/src/std/slice.rs" 411 14 411 45 + let%span sslice18 = "../../../../creusot-contracts/src/std/slice.rs" 409 4 409 10 + let%span sslice19 = "../../../../creusot-contracts/src/std/slice.rs" 416 15 416 32 + let%span sslice20 = "../../../../creusot-contracts/src/std/slice.rs" 417 15 417 32 + let%span sslice21 = "../../../../creusot-contracts/src/std/slice.rs" 418 14 418 42 + let%span sslice22 = "../../../../creusot-contracts/src/std/slice.rs" 414 4 414 10 + let%span sresolve23 = "../../../../creusot-contracts/src/resolve.rs" 54 20 54 34 + let%span smodel24 = "../../../../creusot-contracts/src/model.rs" 110 8 110 22 + let%span sslice25 = "../../../../creusot-contracts/src/std/slice.rs" 28 14 28 41 + let%span sslice26 = "../../../../creusot-contracts/src/std/slice.rs" 29 14 29 42 + let%span sslice27 = "../../../../creusot-contracts/src/std/slice.rs" 96 14 96 41 + let%span sslice28 = "../../../../creusot-contracts/src/std/slice.rs" 97 14 97 80 + let%span soption29 = "../../../../creusot-contracts/src/std/option.rs" 11 8 14 9 + let%span sarray30 = "../../../../creusot-contracts/src/std/array.rs" 72 14 72 45 + let%span sarray31 = "../../../../creusot-contracts/src/std/array.rs" 70 4 70 10 + let%span sarray32 = "../../../../creusot-contracts/src/std/array.rs" 77 15 77 32 + let%span sarray33 = "../../../../creusot-contracts/src/std/array.rs" 78 15 78 32 + let%span sarray34 = "../../../../creusot-contracts/src/std/array.rs" 79 14 79 42 + let%span sarray35 = "../../../../creusot-contracts/src/std/array.rs" 75 4 75 10 + let%span smodel36 = "../../../../creusot-contracts/src/model.rs" 92 8 92 22 + let%span sindex37 = "../../../../creusot-contracts/src/logic/ops/index.rs" 49 8 49 31 + let%span snum38 = "../../../../creusot-contracts/src/std/num.rs" 21 28 21 33 + + use prelude.prelude.Slice + + use prelude.prelude.Int32 + + use prelude.prelude.Borrow + + use prelude.prelude.Intrinsic + + let rec promoted5__test_array'0 (return' (ret:array int32))= bb0 + [ bb0 = s0 + [ s0 = any + [ any_ (__arr_temp:array int32)-> (! -{Seq.get __arr_temp.elts 0 = ([%#sarray1] (1 : int32)) + /\ Seq.get __arr_temp.elts 1 = ([%#sarray2] (2 : int32)) /\ Seq.length __arr_temp.elts = 2}- + [ &_1 <- __arr_temp ] + s1) ] + + | s1 = [ &_0 <- _1 ] s2 + | s2 = return' {_0} ] + ] + [ & _0 : array int32 = any_l () | & _1 : array int32 = any_l () ] + [ return' (result:array int32)-> return' {result} ] + + + predicate inv'0 (_1 : slice int32) + + axiom inv_axiom'0 [@rewrite] : forall x : slice int32 [inv'0 x] . inv'0 x = true + + use prelude.prelude.Opaque + + type t_NonNull'0 = + { t_NonNull__pointer'0: opaque_ptr } + + type t_Iter'0 = + { t_Iter__ptr'0: t_NonNull'0; t_Iter__end_or_len'0: opaque_ptr; t_Iter__qy95zmarker'0: () } + + function view'0 (self : t_Iter'0) : slice int32 + + let rec iter'0 (self:slice int32) (return' (ret:t_Iter'0))= {[@expl:iter 'self' type invariant] inv'0 self} + any [ return' (result:t_Iter'0)-> {[%#sslice3] view'0 result = self} (! return' {result}) ] + + type t_Option'0 = + | C_None'0 + | C_Some'0 int32 + + predicate inv'1 (_1 : t_Option'0) + + axiom inv_axiom'1 [@rewrite] : forall x : t_Option'0 [inv'1 x] . inv'1 x = true + + use seq.Seq + + use seq.Seq + + use seq.Seq + + use seq.Seq + + use prelude.prelude.UIntSize + + constant v_MAX'0 : usize = (18446744073709551615 : usize) + + use prelude.prelude.UIntSize + + use prelude.prelude.Int + + use prelude.prelude.Slice + + function view'2 (self : slice int32) : Seq.seq int32 + + axiom view'2_spec : forall self : slice int32 . ([%#sslice25] Seq.length (view'2 self) + <= UIntSize.to_int (v_MAX'0 : usize)) + && ([%#sslice26] view'2 self = Slice.id self) + + function view'5 (self : slice int32) : Seq.seq int32 = + [%#smodel36] view'2 self + + use seq.Seq + + use seq.Seq + + function index_logic'0 [@inline:trivial] (self : slice int32) (ix : int) : int32 = + [%#sindex37] Seq.get (view'2 self) ix + + function to_ref_seq'0 (self : slice int32) : Seq.seq int32 + + axiom to_ref_seq'0_spec : forall self : slice int32 . ([%#sslice27] Seq.length (to_ref_seq'0 self) + = Seq.length (view'5 self)) + && ([%#sslice28] forall i : int . 0 <= i /\ i < Seq.length (to_ref_seq'0 self) + -> Seq.get (to_ref_seq'0 self) i = index_logic'0 self i) + + use seq.Seq + + use seq.Seq + + predicate produces'0 (self : t_Iter'0) (visited : Seq.seq int32) (tl : t_Iter'0) = + [%#sslice11] to_ref_seq'0 (view'0 self) = Seq.(++) visited (to_ref_seq'0 (view'0 tl)) + + function produces_trans'0 (a : t_Iter'0) (ab : Seq.seq int32) (b : t_Iter'0) (bc : Seq.seq int32) (c : t_Iter'0) : () + = + [%#sslice22] () + + axiom produces_trans'0_spec : forall a : t_Iter'0, ab : Seq.seq int32, b : t_Iter'0, bc : Seq.seq int32, c : t_Iter'0 . ([%#sslice19] produces'0 a ab b) + -> ([%#sslice20] produces'0 b bc c) -> ([%#sslice21] produces'0 a (Seq.(++) ab bc) c) + + function produces_refl'0 (self : t_Iter'0) : () = + [%#sslice18] () + + axiom produces_refl'0_spec : forall self : t_Iter'0 . [%#sslice17] produces'0 self (Seq.empty : Seq.seq int32) self + + predicate resolve'0 (self : borrowed (t_Iter'0)) = + [%#sresolve23] self.final = self.current + + function view'1 (self : borrowed (t_Iter'0)) : slice int32 = + [%#smodel24] view'0 self.current + + use seq.Seq + + predicate completed'0 (self : borrowed (t_Iter'0)) = + [%#sslice10] resolve'0 self /\ view'2 (view'1 self) = (Seq.empty : Seq.seq int32) + + use seq.Seq + + let rec next'0 (self:borrowed (t_Iter'0)) (return' (ret:t_Option'0))= any + [ return' (result:t_Option'0)-> {inv'1 result} + {[%#siter4] match result with + | C_None'0 -> completed'0 self + | C_Some'0 v -> produces'0 self.current (Seq.singleton v) self.final + end} + (! return' {result}) ] + + + let rec promoted4__test_array'0 (return' (ret:t_Option'0))= bb0 + [ bb0 = s0 + [ s0 = [ &_1 <- C_Some'0 ([%#sarray5] (1 : int32)) ] s1 | s1 = [ &_0 <- _1 ] s2 | s2 = return' {_0} ] + ] + [ & _0 : t_Option'0 = any_l () | & _1 : t_Option'0 = any_l () ] + [ return' (result:t_Option'0)-> return' {result} ] + + + predicate inv'2 (_1 : t_Option'0) + + axiom inv_axiom'2 [@rewrite] : forall x : t_Option'0 [inv'2 x] . inv'2 x = true + + type t_Option'2 = + | C_None'2 + | C_Some'2 int + + use prelude.prelude.Int32 + + function deep_model'5 (self : int32) : int = + [%#snum38] Int32.to_int self + + function deep_model'4 (self : int32) : int = + [%#smodel12] deep_model'5 self + + function deep_model'2 (self : t_Option'0) : t_Option'2 = + [%#soption29] match self with + | C_Some'0 t -> C_Some'2 (deep_model'4 t) + | C_None'0 -> C_None'2 + end + + function deep_model'0 (self : t_Option'0) : t_Option'2 = + [%#smodel12] deep_model'2 self + + let rec eq'0 (self:t_Option'0) (other:t_Option'0) (return' (ret:bool))= {[@expl:eq 'self' type invariant] inv'2 self} + {[@expl:eq 'other' type invariant] inv'2 other} + any + [ return' (result:bool)-> {[%#soption6] result = (deep_model'0 self = deep_model'0 other)} (! return' {result}) ] + + + let rec promoted3__test_array'0 (return' (ret:t_Option'0))= bb0 + [ bb0 = s0 + [ s0 = [ &_1 <- C_Some'0 ([%#sarray7] (2 : int32)) ] s1 | s1 = [ &_0 <- _1 ] s2 | s2 = return' {_0} ] + ] + [ & _0 : t_Option'0 = any_l () | & _1 : t_Option'0 = any_l () ] + [ return' (result:t_Option'0)-> return' {result} ] + + + let rec promoted2__test_array'0 (return' (ret:t_Option'0))= bb0 + [ bb0 = s0 [ s0 = [ &_1 <- C_None'0 ] s1 | s1 = [ &_0 <- _1 ] s2 | s2 = return' {_0} ] ] + [ & _0 : t_Option'0 = any_l () | & _1 : t_Option'0 = any_l () ] + [ return' (result:t_Option'0)-> return' {result} ] + + + predicate inv'3 (_1 : array int32) + + axiom inv_axiom'3 [@rewrite] : forall x : array int32 [inv'3 x] . inv'3 x = true + + predicate into_iter_pre'0 (self : array int32) = + [%#sarray13] true + + type t_ManuallyDrop'0 = + { t_ManuallyDrop__value'0: int32 } + + type t_MaybeUninit'0 = + { t_MaybeUninit__uninit'0: (); t_MaybeUninit__value'0: t_ManuallyDrop'0 } + + type t_IndexRange'0 = + { t_IndexRange__start'0: usize; t_IndexRange__end'0: usize } + + type t_IntoIter'0 = + { t_IntoIter__data'0: array (t_MaybeUninit'0); t_IntoIter__alive'0: t_IndexRange'0 } + + predicate inv'4 (_1 : t_IntoIter'0) + + axiom inv_axiom'4 [@rewrite] : forall x : t_IntoIter'0 [inv'4 x] . inv'4 x = true + + use prelude.prelude.Slice + + function view'3 (self : t_IntoIter'0) : Seq.seq int32 + + predicate into_iter_post'0 (self : array int32) (res : t_IntoIter'0) = + [%#sarray14] Slice.id self = view'3 res + + let rec into_iter'0 (self:array int32) (return' (ret:t_IntoIter'0))= {[@expl:into_iter 'self' type invariant] inv'3 self} + {[@expl:into_iter requires] [%#siter8] into_iter_pre'0 self} + any + [ return' (result:t_IntoIter'0)-> {inv'4 result} {[%#siter8] into_iter_post'0 self result} (! return' {result}) ] + + + predicate inv'5 (_1 : borrowed (t_IntoIter'0)) + + axiom inv_axiom'5 [@rewrite] : forall x : borrowed (t_IntoIter'0) [inv'5 x] . inv'5 x = true + + type t_Option'1 = + | C_None'1 + | C_Some'1 int32 + + predicate inv'6 (_1 : t_Option'1) + + axiom inv_axiom'6 [@rewrite] : forall x : t_Option'1 [inv'6 x] . inv'6 x = true + + use seq.Seq + + predicate produces'1 (self : t_IntoIter'0) (visited : Seq.seq int32) (o : t_IntoIter'0) = + [%#sarray16] view'3 self = Seq.(++) visited (view'3 o) + + function produces_trans'1 (a : t_IntoIter'0) (ab : Seq.seq int32) (b : t_IntoIter'0) (bc : Seq.seq int32) (c : t_IntoIter'0) : () + + = + [%#sarray35] () + + axiom produces_trans'1_spec : forall a : t_IntoIter'0, ab : Seq.seq int32, b : t_IntoIter'0, bc : Seq.seq int32, c : t_IntoIter'0 . ([%#sarray32] produces'1 a ab b) + -> ([%#sarray33] produces'1 b bc c) -> ([%#sarray34] produces'1 a (Seq.(++) ab bc) c) + + function produces_refl'1 (self : t_IntoIter'0) : () = + [%#sarray31] () + + axiom produces_refl'1_spec : forall self : t_IntoIter'0 . [%#sarray30] produces'1 self (Seq.empty : Seq.seq int32) self + + predicate resolve'1 (self : borrowed (t_IntoIter'0)) = + [%#sresolve23] self.final = self.current + + function view'4 (self : borrowed (t_IntoIter'0)) : Seq.seq int32 = + [%#smodel24] view'3 self.current + + predicate completed'1 (self : borrowed (t_IntoIter'0)) = + [%#sarray15] resolve'1 self /\ view'4 self = (Seq.empty : Seq.seq int32) + + use seq.Seq + + let rec next'1 (self:borrowed (t_IntoIter'0)) (return' (ret:t_Option'1))= {[@expl:next 'self' type invariant] inv'5 self} + any + [ return' (result:t_Option'1)-> {inv'6 result} + {[%#siter4] match result with + | C_None'1 -> completed'1 self + | C_Some'1 v -> produces'1 self.current (Seq.singleton v) self.final + end} + (! return' {result}) ] + + + let rec promoted1__test_array'0 (return' (ret:t_Option'1))= bb0 + [ bb0 = s0 + [ s0 = [ &_1 <- C_Some'1 ([%#sarray9] (1 : int32)) ] s1 | s1 = [ &_0 <- _1 ] s2 | s2 = return' {_0} ] + ] + [ & _0 : t_Option'1 = any_l () | & _1 : t_Option'1 = any_l () ] + [ return' (result:t_Option'1)-> return' {result} ] + + + predicate inv'7 (_1 : t_Option'1) + + axiom inv_axiom'7 [@rewrite] : forall x : t_Option'1 [inv'7 x] . inv'7 x = true + + function deep_model'3 (self : t_Option'1) : t_Option'2 = + [%#soption29] match self with + | C_Some'1 t -> C_Some'2 (deep_model'5 t) + | C_None'1 -> C_None'2 + end + + function deep_model'1 (self : t_Option'1) : t_Option'2 = + [%#smodel12] deep_model'3 self + + let rec eq'1 (self:t_Option'1) (other:t_Option'1) (return' (ret:bool))= {[@expl:eq 'self' type invariant] inv'7 self} + {[@expl:eq 'other' type invariant] inv'7 other} + any + [ return' (result:bool)-> {[%#soption6] result = (deep_model'1 self = deep_model'1 other)} (! return' {result}) ] + + + let rec promoted0__test_array'0 (return' (ret:t_Option'1))= bb0 + [ bb0 = s0 [ s0 = [ &_1 <- C_None'1 ] s1 | s1 = [ &_0 <- _1 ] s2 | s2 = return' {_0} ] ] + [ & _0 : t_Option'1 = any_l () | & _1 : t_Option'1 = any_l () ] + [ return' (result:t_Option'1)-> return' {result} ] + + + type t_AssertKind'0 = + | C_Eq'0 + | C_Ne'0 + | C_Match'0 + + meta "compute_max_steps" 1000000 + + let rec test_array'0 (_1:()) (return' (ret:()))= (! bb0 + [ bb0 = s0 + [ s0 = promoted5__test_array'0 (fun (pr5:array int32) -> [ &_121 <- pr5 ] s1) + | s1 = iter'0 {_121} (fun (_ret':t_Iter'0) -> [ &a <- _ret' ] s2) + | s2 = bb1 ] + + | bb1 = s0 + [ s0 = Borrow.borrow_mut {a} + (fun (_ret':borrowed (t_Iter'0)) -> [ &_9 <- _ret' ] [ &a <- _ret'.final ] s1) + | s1 = next'0 {_9} (fun (_ret':t_Option'0) -> [ &_8 <- _ret' ] s2) + | s2 = bb2 ] + + | bb2 = s0 + [ s0 = promoted4__test_array'0 (fun (pr4:t_Option'0) -> [ &_120 <- pr4 ] s1) + | s1 = [ &_6 <- (_8, _120) ] s2 + | s2 = [ &left_val <- let (r'0, _) = _6 in r'0 ] s3 + | s3 = [ &right_val <- let (_, r'1) = _6 in r'1 ] s4 + | s4 = eq'0 {left_val} {right_val} (fun (_ret':bool) -> [ &_16 <- _ret' ] s5) + | s5 = bb3 ] + + | bb3 = any [ br0 -> {_16 = false} (! bb5) | br1 -> {_16} (! bb4) ] + | bb4 = s0 + [ s0 = Borrow.borrow_mut {a} + (fun (_ret':borrowed (t_Iter'0)) -> [ &_32 <- _ret' ] [ &a <- _ret'.final ] s1) + | s1 = next'0 {_32} (fun (_ret':t_Option'0) -> [ &_31 <- _ret' ] s2) + | s2 = bb6 ] + + | bb6 = s0 + [ s0 = promoted3__test_array'0 (fun (pr3:t_Option'0) -> [ &_119 <- pr3 ] s1) + | s1 = [ &_29 <- (_31, _119) ] s2 + | s2 = [ &left_val1 <- let (r'0, _) = _29 in r'0 ] s3 + | s3 = [ &right_val1 <- let (_, r'1) = _29 in r'1 ] s4 + | s4 = eq'0 {left_val1} {right_val1} (fun (_ret':bool) -> [ &_39 <- _ret' ] s5) + | s5 = bb7 ] + + | bb7 = any [ br0 -> {_39 = false} (! bb9) | br1 -> {_39} (! bb8) ] + | bb8 = s0 + [ s0 = Borrow.borrow_mut {a} + (fun (_ret':borrowed (t_Iter'0)) -> [ &_55 <- _ret' ] [ &a <- _ret'.final ] s1) + | s1 = next'0 {_55} (fun (_ret':t_Option'0) -> [ &_54 <- _ret' ] s2) + | s2 = bb10 ] + + | bb10 = s0 + [ s0 = promoted2__test_array'0 (fun (pr2:t_Option'0) -> [ &_118 <- pr2 ] s1) + | s1 = [ &_52 <- (_54, _118) ] s2 + | s2 = [ &left_val2 <- let (r'0, _) = _52 in r'0 ] s3 + | s3 = [ &right_val2 <- let (_, r'1) = _52 in r'1 ] s4 + | s4 = eq'0 {left_val2} {right_val2} (fun (_ret':bool) -> [ &_60 <- _ret' ] s5) + | s5 = bb11 ] + + | bb11 = any [ br0 -> {_60 = false} (! bb13) | br1 -> {_60} (! bb12) ] + | bb12 = s0 + [ s0 = any + [ any_ (__arr_temp:array int32)-> (! -{Seq.get __arr_temp.elts 0 = ([%#sarray0] (1 : int32)) + /\ Seq.length __arr_temp.elts = 1}- + [ &_73 <- __arr_temp ] + s1) ] + + | s1 = into_iter'0 {_73} (fun (_ret':t_IntoIter'0) -> [ &b <- _ret' ] s2) + | s2 = bb14 ] + + | bb14 = s0 + [ s0 = Borrow.borrow_mut {b} + (fun (_ret':borrowed (t_IntoIter'0)) -> [ &_78 <- _ret' ] [ &b <- _ret'.final ] s1) + | s1 = next'1 {_78} (fun (_ret':t_Option'1) -> [ &_77 <- _ret' ] s2) + | s2 = bb15 ] + + | bb15 = s0 + [ s0 = promoted1__test_array'0 (fun (pr1:t_Option'1) -> [ &_117 <- pr1 ] s1) + | s1 = [ &_75 <- (_77, _117) ] s2 + | s2 = [ &left_val3 <- let (r'0, _) = _75 in r'0 ] s3 + | s3 = [ &right_val3 <- let (_, r'1) = _75 in r'1 ] s4 + | s4 = eq'1 {left_val3} {right_val3} (fun (_ret':bool) -> [ &_83 <- _ret' ] s5) + | s5 = bb16 ] + + | bb16 = any [ br0 -> {_83 = false} (! bb18) | br1 -> {_83} (! bb17) ] + | bb17 = s0 + [ s0 = Borrow.borrow_mut {b} + (fun (_ret':borrowed (t_IntoIter'0)) -> [ &_99 <- _ret' ] [ &b <- _ret'.final ] s1) + | s1 = next'1 {_99} (fun (_ret':t_Option'1) -> [ &_98 <- _ret' ] s2) + | s2 = bb19 ] + + | bb19 = s0 + [ s0 = promoted0__test_array'0 (fun (pr0:t_Option'1) -> [ &_116 <- pr0 ] s1) + | s1 = [ &_96 <- (_98, _116) ] s2 + | s2 = [ &left_val4 <- let (r'0, _) = _96 in r'0 ] s3 + | s3 = [ &right_val4 <- let (_, r'1) = _96 in r'1 ] s4 + | s4 = eq'1 {left_val4} {right_val4} (fun (_ret':bool) -> [ &_104 <- _ret' ] s5) + | s5 = bb20 ] + + | bb20 = any [ br0 -> {_104 = false} (! bb22) | br1 -> {_104} (! bb21) ] + | bb21 = bb23 + | bb23 = return' {_0} + | bb22 = s0 + [ s0 = [ &kind4 <- C_Eq'0 ] s1 + | s1 = [ &_112 <- left_val4 ] s2 + | s2 = [ &_114 <- right_val4 ] s3 + | s3 = {false} any ] + + | bb18 = s0 + [ s0 = [ &kind3 <- C_Eq'0 ] s1 + | s1 = [ &_91 <- left_val3 ] s2 + | s2 = [ &_93 <- right_val3 ] s3 + | s3 = {false} any ] + + | bb13 = s0 + [ s0 = [ &kind2 <- C_Eq'0 ] s1 + | s1 = [ &_68 <- left_val2 ] s2 + | s2 = [ &_70 <- right_val2 ] s3 + | s3 = {false} any ] + + | bb9 = s0 + [ s0 = [ &kind1 <- C_Eq'0 ] s1 + | s1 = [ &_47 <- left_val1 ] s2 + | s2 = [ &_49 <- right_val1 ] s3 + | s3 = {false} any ] + + | bb5 = s0 + [ s0 = [ &kind <- C_Eq'0 ] s1 + | s1 = [ &_24 <- left_val ] s2 + | s2 = [ &_26 <- right_val ] s3 + | s3 = {false} any ] + ] + ) + [ & _0 : () = any_l () + | & a : t_Iter'0 = any_l () + | & _6 : (t_Option'0, t_Option'0) = any_l () + | & _8 : t_Option'0 = any_l () + | & _9 : borrowed (t_Iter'0) = any_l () + | & left_val : t_Option'0 = any_l () + | & right_val : t_Option'0 = any_l () + | & _16 : bool = any_l () + | & kind : t_AssertKind'0 = any_l () + | & _24 : t_Option'0 = any_l () + | & _26 : t_Option'0 = any_l () + | & _29 : (t_Option'0, t_Option'0) = any_l () + | & _31 : t_Option'0 = any_l () + | & _32 : borrowed (t_Iter'0) = any_l () + | & left_val1 : t_Option'0 = any_l () + | & right_val1 : t_Option'0 = any_l () + | & _39 : bool = any_l () + | & kind1 : t_AssertKind'0 = any_l () + | & _47 : t_Option'0 = any_l () + | & _49 : t_Option'0 = any_l () + | & _52 : (t_Option'0, t_Option'0) = any_l () + | & _54 : t_Option'0 = any_l () + | & _55 : borrowed (t_Iter'0) = any_l () + | & left_val2 : t_Option'0 = any_l () + | & right_val2 : t_Option'0 = any_l () + | & _60 : bool = any_l () + | & kind2 : t_AssertKind'0 = any_l () + | & _68 : t_Option'0 = any_l () + | & _70 : t_Option'0 = any_l () + | & b : t_IntoIter'0 = any_l () + | & _73 : array int32 = any_l () + | & _75 : (t_Option'1, t_Option'1) = any_l () + | & _77 : t_Option'1 = any_l () + | & _78 : borrowed (t_IntoIter'0) = any_l () + | & left_val3 : t_Option'1 = any_l () + | & right_val3 : t_Option'1 = any_l () + | & _83 : bool = any_l () + | & kind3 : t_AssertKind'0 = any_l () + | & _91 : t_Option'1 = any_l () + | & _93 : t_Option'1 = any_l () + | & _96 : (t_Option'1, t_Option'1) = any_l () + | & _98 : t_Option'1 = any_l () + | & _99 : borrowed (t_IntoIter'0) = any_l () + | & left_val4 : t_Option'1 = any_l () + | & right_val4 : t_Option'1 = any_l () + | & _104 : bool = any_l () + | & kind4 : t_AssertKind'0 = any_l () + | & _112 : t_Option'1 = any_l () + | & _114 : t_Option'1 = any_l () + | & _116 : t_Option'1 = any_l () + | & _117 : t_Option'1 = any_l () + | & _118 : t_Option'0 = any_l () + | & _119 : t_Option'0 = any_l () + | & _120 : t_Option'0 = any_l () + | & _121 : array int32 = any_l () ] + [ return' (result:())-> (! return' {result}) ] +end diff --git a/creusot/tests/should_succeed/cc/array.rs b/creusot/tests/should_succeed/cc/array.rs new file mode 100644 index 000000000..66673b127 --- /dev/null +++ b/creusot/tests/should_succeed/cc/array.rs @@ -0,0 +1,12 @@ +extern crate creusot_contracts; + +pub fn test_array() { + let mut a = [1, 2].iter(); + assert_eq!(a.next(), Some(&1)); + assert_eq!(a.next(), Some(&2)); + assert_eq!(a.next(), None); + + let mut b = ::std::iter::IntoIterator::into_iter([1]); + assert_eq!(b.next(), Some(1)); + assert_eq!(b.next(), None); +} diff --git a/creusot/tests/should_succeed/cc/array/why3session.xml b/creusot/tests/should_succeed/cc/array/why3session.xml new file mode 100644 index 000000000..1e7fdacb8 --- /dev/null +++ b/creusot/tests/should_succeed/cc/array/why3session.xml @@ -0,0 +1,14 @@ + + + + + + + + + + + + + diff --git a/creusot/tests/should_succeed/cc/array/why3shapes.gz b/creusot/tests/should_succeed/cc/array/why3shapes.gz new file mode 100644 index 000000000..345b77a22 Binary files /dev/null and b/creusot/tests/should_succeed/cc/array/why3shapes.gz differ diff --git a/creusot/tests/should_succeed/cc/iter.coma b/creusot/tests/should_succeed/cc/iter.coma new file mode 100644 index 000000000..ddb4b17c1 --- /dev/null +++ b/creusot/tests/should_succeed/cc/iter.coma @@ -0,0 +1,335 @@ +module M_iter__test_mut_ref [#"iter.rs" 3 0 3 21] + let%span siter0 = "iter.rs" 4 17 4 18 + let%span siter1 = "iter.rs" 4 20 4 21 + let%span sslice2 = "../../../../creusot-contracts/src/std/slice.rs" 245 0 354 1 + let%span siter3 = "../../../../creusot-contracts/src/std/iter.rs" 103 26 106 17 + let%span siter4 = "iter.rs" 5 38 5 39 + let%span soption5 = "../../../../creusot-contracts/src/std/option.rs" 23 26 23 75 + let%span siter6 = "iter.rs" 6 38 6 39 + let%span sslice7 = "../../../../creusot-contracts/src/std/slice.rs" 398 20 398 61 + let%span sslice8 = "../../../../creusot-contracts/src/std/slice.rs" 405 12 405 66 + let%span sresolve9 = "../../../../creusot-contracts/src/resolve.rs" 54 20 54 34 + let%span smodel10 = "../../../../creusot-contracts/src/model.rs" 83 8 83 28 + let%span sslice11 = "../../../../creusot-contracts/src/std/slice.rs" 411 14 411 45 + let%span sslice12 = "../../../../creusot-contracts/src/std/slice.rs" 409 4 409 10 + let%span sslice13 = "../../../../creusot-contracts/src/std/slice.rs" 416 15 416 32 + let%span sslice14 = "../../../../creusot-contracts/src/std/slice.rs" 417 15 417 32 + let%span sslice15 = "../../../../creusot-contracts/src/std/slice.rs" 418 14 418 42 + let%span sslice16 = "../../../../creusot-contracts/src/std/slice.rs" 414 4 414 10 + let%span smodel17 = "../../../../creusot-contracts/src/model.rs" 110 8 110 22 + let%span sslice18 = "../../../../creusot-contracts/src/std/slice.rs" 28 14 28 41 + let%span sslice19 = "../../../../creusot-contracts/src/std/slice.rs" 29 14 29 42 + let%span sslice20 = "../../../../creusot-contracts/src/std/slice.rs" 96 14 96 41 + let%span sslice21 = "../../../../creusot-contracts/src/std/slice.rs" 97 14 97 80 + let%span soption22 = "../../../../creusot-contracts/src/std/option.rs" 11 8 14 9 + let%span smodel23 = "../../../../creusot-contracts/src/model.rs" 92 8 92 22 + let%span sindex24 = "../../../../creusot-contracts/src/logic/ops/index.rs" 49 8 49 31 + let%span snum25 = "../../../../creusot-contracts/src/std/num.rs" 21 28 21 33 + + use prelude.prelude.Slice + + use prelude.prelude.Int32 + + use prelude.prelude.Borrow + + use prelude.prelude.Intrinsic + + let rec promoted3__test_mut_ref'0 (return' (ret:array int32))= bb0 + [ bb0 = s0 + [ s0 = any + [ any_ (__arr_temp:array int32)-> (! -{Seq.get __arr_temp.elts 0 = ([%#siter0] (1 : int32)) + /\ Seq.get __arr_temp.elts 1 = ([%#siter1] (2 : int32)) /\ Seq.length __arr_temp.elts = 2}- + [ &_1 <- __arr_temp ] + s1) ] + + | s1 = [ &_0 <- _1 ] s2 + | s2 = return' {_0} ] + ] + [ & _0 : array int32 = any_l () | & _1 : array int32 = any_l () ] + [ return' (result:array int32)-> return' {result} ] + + + predicate inv'0 (_1 : slice int32) + + axiom inv_axiom'0 [@rewrite] : forall x : slice int32 [inv'0 x] . inv'0 x = true + + use prelude.prelude.Opaque + + type t_NonNull'0 = + { t_NonNull__pointer'0: opaque_ptr } + + type t_Iter'0 = + { t_Iter__ptr'0: t_NonNull'0; t_Iter__end_or_len'0: opaque_ptr; t_Iter__qy95zmarker'0: () } + + function view'0 (self : t_Iter'0) : slice int32 + + let rec iter'0 (self:slice int32) (return' (ret:t_Iter'0))= {[@expl:iter 'self' type invariant] inv'0 self} + any [ return' (result:t_Iter'0)-> {[%#sslice2] view'0 result = self} (! return' {result}) ] + + type t_Option'0 = + | C_None'0 + | C_Some'0 int32 + + predicate inv'1 (_1 : t_Option'0) + + axiom inv_axiom'1 [@rewrite] : forall x : t_Option'0 [inv'1 x] . inv'1 x = true + + use seq.Seq + + use seq.Seq + + use seq.Seq + + use seq.Seq + + use prelude.prelude.UIntSize + + constant v_MAX'0 : usize = (18446744073709551615 : usize) + + use prelude.prelude.UIntSize + + use prelude.prelude.Int + + use prelude.prelude.Slice + + function view'2 (self : slice int32) : Seq.seq int32 + + axiom view'2_spec : forall self : slice int32 . ([%#sslice18] Seq.length (view'2 self) + <= UIntSize.to_int (v_MAX'0 : usize)) + && ([%#sslice19] view'2 self = Slice.id self) + + function view'3 (self : slice int32) : Seq.seq int32 = + [%#smodel23] view'2 self + + use seq.Seq + + use seq.Seq + + function index_logic'0 [@inline:trivial] (self : slice int32) (ix : int) : int32 = + [%#sindex24] Seq.get (view'2 self) ix + + function to_ref_seq'0 (self : slice int32) : Seq.seq int32 + + axiom to_ref_seq'0_spec : forall self : slice int32 . ([%#sslice20] Seq.length (to_ref_seq'0 self) + = Seq.length (view'3 self)) + && ([%#sslice21] forall i : int . 0 <= i /\ i < Seq.length (to_ref_seq'0 self) + -> Seq.get (to_ref_seq'0 self) i = index_logic'0 self i) + + use seq.Seq + + use seq.Seq + + predicate produces'0 (self : t_Iter'0) (visited : Seq.seq int32) (tl : t_Iter'0) = + [%#sslice8] to_ref_seq'0 (view'0 self) = Seq.(++) visited (to_ref_seq'0 (view'0 tl)) + + function produces_trans'0 (a : t_Iter'0) (ab : Seq.seq int32) (b : t_Iter'0) (bc : Seq.seq int32) (c : t_Iter'0) : () + = + [%#sslice16] () + + axiom produces_trans'0_spec : forall a : t_Iter'0, ab : Seq.seq int32, b : t_Iter'0, bc : Seq.seq int32, c : t_Iter'0 . ([%#sslice13] produces'0 a ab b) + -> ([%#sslice14] produces'0 b bc c) -> ([%#sslice15] produces'0 a (Seq.(++) ab bc) c) + + function produces_refl'0 (self : t_Iter'0) : () = + [%#sslice12] () + + axiom produces_refl'0_spec : forall self : t_Iter'0 . [%#sslice11] produces'0 self (Seq.empty : Seq.seq int32) self + + predicate resolve'1 (self : borrowed (t_Iter'0)) = + [%#sresolve9] self.final = self.current + + function view'1 (self : borrowed (t_Iter'0)) : slice int32 = + [%#smodel17] view'0 self.current + + use seq.Seq + + predicate completed'0 (self : borrowed (t_Iter'0)) = + [%#sslice7] resolve'1 self /\ view'2 (view'1 self) = (Seq.empty : Seq.seq int32) + + use seq.Seq + + let rec next'0 (self:borrowed (t_Iter'0)) (return' (ret:t_Option'0))= any + [ return' (result:t_Option'0)-> {inv'1 result} + {[%#siter3] match result with + | C_None'0 -> completed'0 self + | C_Some'0 v -> produces'0 self.current (Seq.singleton v) self.final + end} + (! return' {result}) ] + + + predicate resolve'0 (_1 : borrowed (t_Iter'0)) = + resolve'1 _1 + + let rec promoted2__test_mut_ref'0 (return' (ret:t_Option'0))= bb0 + [ bb0 = s0 [ s0 = [ &_1 <- C_Some'0 ([%#siter4] (1 : int32)) ] s1 | s1 = [ &_0 <- _1 ] s2 | s2 = return' {_0} ] ] + [ & _0 : t_Option'0 = any_l () | & _1 : t_Option'0 = any_l () ] + [ return' (result:t_Option'0)-> return' {result} ] + + + predicate inv'2 (_1 : t_Option'0) + + axiom inv_axiom'2 [@rewrite] : forall x : t_Option'0 [inv'2 x] . inv'2 x = true + + type t_Option'1 = + | C_None'1 + | C_Some'1 int + + use prelude.prelude.Int32 + + function deep_model'3 (self : int32) : int = + [%#snum25] Int32.to_int self + + function deep_model'2 (self : int32) : int = + [%#smodel10] deep_model'3 self + + function deep_model'1 (self : t_Option'0) : t_Option'1 = + [%#soption22] match self with + | C_Some'0 t -> C_Some'1 (deep_model'2 t) + | C_None'0 -> C_None'1 + end + + function deep_model'0 (self : t_Option'0) : t_Option'1 = + [%#smodel10] deep_model'1 self + + let rec eq'0 (self:t_Option'0) (other:t_Option'0) (return' (ret:bool))= {[@expl:eq 'self' type invariant] inv'2 self} + {[@expl:eq 'other' type invariant] inv'2 other} + any + [ return' (result:bool)-> {[%#soption5] result = (deep_model'0 self = deep_model'0 other)} (! return' {result}) ] + + + let rec promoted1__test_mut_ref'0 (return' (ret:t_Option'0))= bb0 + [ bb0 = s0 [ s0 = [ &_1 <- C_Some'0 ([%#siter6] (2 : int32)) ] s1 | s1 = [ &_0 <- _1 ] s2 | s2 = return' {_0} ] ] + [ & _0 : t_Option'0 = any_l () | & _1 : t_Option'0 = any_l () ] + [ return' (result:t_Option'0)-> return' {result} ] + + + let rec promoted0__test_mut_ref'0 (return' (ret:t_Option'0))= bb0 + [ bb0 = s0 [ s0 = [ &_1 <- C_None'0 ] s1 | s1 = [ &_0 <- _1 ] s2 | s2 = return' {_0} ] ] + [ & _0 : t_Option'0 = any_l () | & _1 : t_Option'0 = any_l () ] + [ return' (result:t_Option'0)-> return' {result} ] + + + type t_AssertKind'0 = + | C_Eq'0 + | C_Ne'0 + | C_Match'0 + + meta "compute_max_steps" 1000000 + + let rec test_mut_ref'0 (_1:()) (return' (ret:()))= (! bb0 + [ bb0 = s0 + [ s0 = promoted3__test_mut_ref'0 (fun (pr3:array int32) -> [ &_78 <- pr3 ] s1) + | s1 = iter'0 {_78} (fun (_ret':t_Iter'0) -> [ &a <- _ret' ] s2) + | s2 = bb1 ] + + | bb1 = s0 + [ s0 = Borrow.borrow_mut {a} + (fun (_ret':borrowed (t_Iter'0)) -> [ &_10 <- _ret' ] [ &a <- _ret'.final ] s1) + | s1 = Borrow.borrow_final {_10.current} {Borrow.get_id _10} + (fun (_ret':borrowed (t_Iter'0)) -> [ &_9 <- _ret' ] [ &_10 <- { _10 with current = _ret'.final } ] s2) + | s2 = next'0 {_9} (fun (_ret':t_Option'0) -> [ &_8 <- _ret' ] s3) + | s3 = bb2 ] + + | bb2 = s0 + [ s0 = -{resolve'0 _10}- s1 + | s1 = promoted2__test_mut_ref'0 (fun (pr2:t_Option'0) -> [ &_77 <- pr2 ] s2) + | s2 = [ &_6 <- (_8, _77) ] s3 + | s3 = [ &left_val <- let (r'0, _) = _6 in r'0 ] s4 + | s4 = [ &right_val <- let (_, r'1) = _6 in r'1 ] s5 + | s5 = eq'0 {left_val} {right_val} (fun (_ret':bool) -> [ &_17 <- _ret' ] s6) + | s6 = bb3 ] + + | bb3 = any [ br0 -> {_17 = false} (! bb5) | br1 -> {_17} (! bb4) ] + | bb4 = s0 + [ s0 = Borrow.borrow_mut {a} + (fun (_ret':borrowed (t_Iter'0)) -> [ &_34 <- _ret' ] [ &a <- _ret'.final ] s1) + | s1 = Borrow.borrow_final {_34.current} {Borrow.get_id _34} + (fun (_ret':borrowed (t_Iter'0)) -> [ &_33 <- _ret' ] [ &_34 <- { _34 with current = _ret'.final } ] s2) + | s2 = next'0 {_33} (fun (_ret':t_Option'0) -> [ &_32 <- _ret' ] s3) + | s3 = bb6 ] + + | bb6 = s0 + [ s0 = -{resolve'0 _34}- s1 + | s1 = promoted1__test_mut_ref'0 (fun (pr1:t_Option'0) -> [ &_76 <- pr1 ] s2) + | s2 = [ &_30 <- (_32, _76) ] s3 + | s3 = [ &left_val1 <- let (r'0, _) = _30 in r'0 ] s4 + | s4 = [ &right_val1 <- let (_, r'1) = _30 in r'1 ] s5 + | s5 = eq'0 {left_val1} {right_val1} (fun (_ret':bool) -> [ &_41 <- _ret' ] s6) + | s6 = bb7 ] + + | bb7 = any [ br0 -> {_41 = false} (! bb9) | br1 -> {_41} (! bb8) ] + | bb8 = s0 + [ s0 = Borrow.borrow_mut {a} + (fun (_ret':borrowed (t_Iter'0)) -> [ &_58 <- _ret' ] [ &a <- _ret'.final ] s1) + | s1 = Borrow.borrow_final {_58.current} {Borrow.get_id _58} + (fun (_ret':borrowed (t_Iter'0)) -> [ &_57 <- _ret' ] [ &_58 <- { _58 with current = _ret'.final } ] s2) + | s2 = next'0 {_57} (fun (_ret':t_Option'0) -> [ &_56 <- _ret' ] s3) + | s3 = bb10 ] + + | bb10 = s0 + [ s0 = -{resolve'0 _58}- s1 + | s1 = promoted0__test_mut_ref'0 (fun (pr0:t_Option'0) -> [ &_75 <- pr0 ] s2) + | s2 = [ &_54 <- (_56, _75) ] s3 + | s3 = [ &left_val2 <- let (r'0, _) = _54 in r'0 ] s4 + | s4 = [ &right_val2 <- let (_, r'1) = _54 in r'1 ] s5 + | s5 = eq'0 {left_val2} {right_val2} (fun (_ret':bool) -> [ &_63 <- _ret' ] s6) + | s6 = bb11 ] + + | bb11 = any [ br0 -> {_63 = false} (! bb13) | br1 -> {_63} (! bb12) ] + | bb12 = return' {_0} + | bb13 = s0 + [ s0 = [ &kind2 <- C_Eq'0 ] s1 + | s1 = [ &_71 <- left_val2 ] s2 + | s2 = [ &_73 <- right_val2 ] s3 + | s3 = {false} any ] + + | bb9 = s0 + [ s0 = [ &kind1 <- C_Eq'0 ] s1 + | s1 = [ &_49 <- left_val1 ] s2 + | s2 = [ &_51 <- right_val1 ] s3 + | s3 = {false} any ] + + | bb5 = s0 + [ s0 = [ &kind <- C_Eq'0 ] s1 + | s1 = [ &_25 <- left_val ] s2 + | s2 = [ &_27 <- right_val ] s3 + | s3 = {false} any ] + ] + ) + [ & _0 : () = any_l () + | & a : t_Iter'0 = any_l () + | & _6 : (t_Option'0, t_Option'0) = any_l () + | & _8 : t_Option'0 = any_l () + | & _9 : borrowed (t_Iter'0) = any_l () + | & _10 : borrowed (t_Iter'0) = any_l () + | & left_val : t_Option'0 = any_l () + | & right_val : t_Option'0 = any_l () + | & _17 : bool = any_l () + | & kind : t_AssertKind'0 = any_l () + | & _25 : t_Option'0 = any_l () + | & _27 : t_Option'0 = any_l () + | & _30 : (t_Option'0, t_Option'0) = any_l () + | & _32 : t_Option'0 = any_l () + | & _33 : borrowed (t_Iter'0) = any_l () + | & _34 : borrowed (t_Iter'0) = any_l () + | & left_val1 : t_Option'0 = any_l () + | & right_val1 : t_Option'0 = any_l () + | & _41 : bool = any_l () + | & kind1 : t_AssertKind'0 = any_l () + | & _49 : t_Option'0 = any_l () + | & _51 : t_Option'0 = any_l () + | & _54 : (t_Option'0, t_Option'0) = any_l () + | & _56 : t_Option'0 = any_l () + | & _57 : borrowed (t_Iter'0) = any_l () + | & _58 : borrowed (t_Iter'0) = any_l () + | & left_val2 : t_Option'0 = any_l () + | & right_val2 : t_Option'0 = any_l () + | & _63 : bool = any_l () + | & kind2 : t_AssertKind'0 = any_l () + | & _71 : t_Option'0 = any_l () + | & _73 : t_Option'0 = any_l () + | & _75 : t_Option'0 = any_l () + | & _76 : t_Option'0 = any_l () + | & _77 : t_Option'0 = any_l () + | & _78 : array int32 = any_l () ] + [ return' (result:())-> (! return' {result}) ] +end diff --git a/creusot/tests/should_succeed/cc/iter.rs b/creusot/tests/should_succeed/cc/iter.rs new file mode 100644 index 000000000..a74861d6f --- /dev/null +++ b/creusot/tests/should_succeed/cc/iter.rs @@ -0,0 +1,8 @@ +extern crate creusot_contracts; + +pub fn test_mut_ref() { + let mut a = [1, 2].iter(); + assert_eq!((&mut a).next(), Some(&1)); + assert_eq!((&mut a).next(), Some(&2)); + assert_eq!((&mut a).next(), None); +} diff --git a/creusot/tests/should_succeed/cc/iter/why3session.xml b/creusot/tests/should_succeed/cc/iter/why3session.xml new file mode 100644 index 000000000..64f15028f --- /dev/null +++ b/creusot/tests/should_succeed/cc/iter/why3session.xml @@ -0,0 +1,14 @@ + + + + + + + + + + + + + diff --git a/creusot/tests/should_succeed/cc/iter/why3shapes.gz b/creusot/tests/should_succeed/cc/iter/why3shapes.gz new file mode 100644 index 000000000..4834e6dca Binary files /dev/null and b/creusot/tests/should_succeed/cc/iter/why3shapes.gz differ diff --git a/creusot/tests/should_succeed/iterators/03_std_iterators.coma b/creusot/tests/should_succeed/iterators/03_std_iterators.coma index 8b0b49862..cb7da2c3f 100644 --- a/creusot/tests/should_succeed/iterators/03_std_iterators.coma +++ b/creusot/tests/should_succeed/iterators/03_std_iterators.coma @@ -1928,7 +1928,7 @@ module M_03_std_iterators__enumerate_range [#"03_std_iterators.rs" 72 0 72 24] let%span s03_std_iterators4 = "03_std_iterators.rs" 73 16 73 93 let%span s03_std_iterators5 = "03_std_iterators.rs" 74 4 74 7 let%span s03_std_iterators6 = "03_std_iterators.rs" 74 4 74 7 - let%span siter7 = "../../../../creusot-contracts/src/std/iter.rs" 150 27 150 93 + let%span siter7 = "../../../../creusot-contracts/src/std/iter.rs" 150 27 150 99 let%span siter8 = "../../../../creusot-contracts/src/std/iter.rs" 151 27 151 115 let%span siter9 = "../../../../creusot-contracts/src/std/iter.rs" 97 0 205 1 let%span sindex10 = "../../../../creusot-contracts/src/logic/ops/index.rs" 93 8 93 33 @@ -2276,7 +2276,7 @@ module M_03_std_iterators__my_reverse [#"03_std_iterators.rs" 94 0 94 37] let%span szip43 = "../../../../creusot-contracts/src/std/iter/zip.rs" 61 15 61 32 let%span szip44 = "../../../../creusot-contracts/src/std/iter/zip.rs" 62 14 62 42 let%span srange45 = "../../../../creusot-contracts/src/std/iter/range.rs" 22 12 26 70 - let%span szip46 = "../../../../creusot-contracts/src/std/iter/zip.rs" 32 12 37 71 + let%span szip46 = "../../../../creusot-contracts/src/std/iter/zip.rs" 32 12 37 74 let%span sresolve47 = "../../../../creusot-contracts/src/resolve.rs" 54 20 54 34 let%span srange48 = "../../../../creusot-contracts/src/std/iter/range.rs" 32 14 32 45 let%span srange49 = "../../../../creusot-contracts/src/std/iter/range.rs" 37 15 37 32