From bd3495cbf2d428d92d61dbf90bcefa8e83f58fcb Mon Sep 17 00:00:00 2001 From: Xavier Denis Date: Thu, 24 Oct 2024 23:14:51 +0200 Subject: [PATCH 01/10] Add pre and post conditions to Pearlite --- creusot/src/backend/logic/vcgen.rs | 5 +++- creusot/src/backend/term.rs | 13 +++++++++++ creusot/src/translation/pearlite.rs | 36 +++++++++++++++++++++++++++++ 3 files changed, 53 insertions(+), 1 deletion(-) diff --git a/creusot/src/backend/logic/vcgen.rs b/creusot/src/backend/logic/vcgen.rs index b87c2ad0b..ad35de8dc 100644 --- a/creusot/src/backend/logic/vcgen.rs +++ b/creusot/src/backend/logic/vcgen.rs @@ -432,6 +432,8 @@ impl<'a, 'tcx> VCGen<'a, 'tcx> { self.build_vc(lhs, &|lhs| k(lhs.field(&field))) } + TermKind::Precondition { .. } => Err(VCError::Closure(t.span)), + TermKind::Postcondition { .. } => Err(VCError::Closure(t.span)), TermKind::Old { .. } => Err(VCError::Old(t.span)), TermKind::Closure { .. } => Err(VCError::Closure(t.span)), TermKind::Reborrow { .. } => Err(VCError::Reborrow(t.span)), @@ -613,7 +615,8 @@ pub(crate) fn get_func_name<'tcx>( // Add dependency names.value(id, subst); - QName::from_string(&a.as_str()).without_search_path() + QName::from_string(&a.as_str()) }) + .map(QName::without_search_path) .unwrap_or_else(|| names.value(id, subst)) } diff --git a/creusot/src/backend/term.rs b/creusot/src/backend/term.rs index 0b0daae1e..8de9260bd 100644 --- a/creusot/src/backend/term.rs +++ b/creusot/src/backend/term.rs @@ -223,6 +223,19 @@ impl<'tcx, N: Namer<'tcx>> Lower<'_, 'tcx, N> { // Discard cond, use unit Exp::Tuple(vec![]) } + TermKind::Precondition { item, args, params } => { + let params: Vec<_> = params.iter().map(|p| self.lower_term(p)).collect(); + let mut sym = self.names.value(*item, args); + sym.name = format!("{}'pre", &*sym.name).into(); + + Exp::qvar(sym).app(params) + } + TermKind::Postcondition { item, args, params } => { + let params: Vec<_> = params.iter().map(|p| self.lower_term(p)).collect(); + let mut sym = self.names.value(*item, args); + sym.name = format!("{}'post'return'", &*sym.name).into(); + Exp::qvar(sym).app(params) + } } } diff --git a/creusot/src/translation/pearlite.rs b/creusot/src/translation/pearlite.rs index 0afb640b0..de5a94648 100644 --- a/creusot/src/translation/pearlite.rs +++ b/creusot/src/translation/pearlite.rs @@ -169,6 +169,18 @@ pub enum TermKind<'tcx> { fin: Box>, projection: ProjectionVec, Ty<'tcx>>, }, + /// Inferred preconditions for `(item, args)` + Precondition { + item: DefId, + args: GenericArgsRef<'tcx>, + params: Vec>, + }, + /// Inferred postconditions for `(item, args)` + Postcondition { + item: DefId, + args: GenericArgsRef<'tcx>, + params: Vec>, + }, } impl<'tcx> TermKind<'tcx> { @@ -1270,6 +1282,12 @@ pub fn super_visit_term<'tcx, V: TermVisitor<'tcx>>(term: &Term<'tcx>, visitor: visit_projections(projection, |term| visitor.visit_term(term)) } TermKind::Assert { cond } => visitor.visit_term(&*cond), + TermKind::Precondition { params, .. } => { + params.iter().for_each(|a| visitor.visit_term(&*a)) + } + TermKind::Postcondition { params, .. } => { + params.iter().for_each(|a| visitor.visit_term(&*a)) + } } } @@ -1327,6 +1345,12 @@ pub(crate) fn super_visit_mut_term<'tcx, V: TermVisitorMut<'tcx>>( visit_projections_mut(projection, |term| visitor.visit_mut_term(term)) } TermKind::Assert { cond } => visitor.visit_mut_term(&mut *cond), + TermKind::Precondition { params, .. } => { + params.iter_mut().for_each(|a| visitor.visit_mut_term(a)) + } + TermKind::Postcondition { params, .. } => { + params.iter_mut().for_each(|a| visitor.visit_mut_term(a)) + } } } @@ -1573,6 +1597,12 @@ impl<'tcx> Term<'tcx> { visit_projections_mut(projection, |term| term.subst_with_inner(bound, inv_subst)) } TermKind::Assert { cond } => cond.subst_with_inner(bound, inv_subst), + TermKind::Precondition { params, .. } => { + params.iter_mut().for_each(|p| p.subst_with_inner(bound, inv_subst)) + } + TermKind::Postcondition { params, .. } => { + params.iter_mut().for_each(|p| p.subst_with_inner(bound, inv_subst)) + } } } @@ -1654,6 +1684,12 @@ impl<'tcx> Term<'tcx> { visit_projections(projection, |term| term.free_vars_inner(bound, free)) } TermKind::Assert { cond } => cond.free_vars_inner(bound, free), + TermKind::Precondition { params, .. } => { + params.iter().for_each(|p| p.free_vars_inner(bound, free)) + } + TermKind::Postcondition { params, .. } => { + params.iter().for_each(|p| p.free_vars_inner(bound, free)) + } } } From dbdf7a4c7fdab4d8001e0f8d41a8e8188cbfb71e Mon Sep 17 00:00:00 2001 From: Xavier Denis Date: Sun, 20 Oct 2024 23:02:23 +0200 Subject: [PATCH 02/10] Add attributes to coma definitions --- creusot/src/backend/program.rs | 16 +++++++++++++--- creusot/src/backend/ty.rs | 3 +++ why3/src/coma.rs | 17 ++++++++++++----- why3/src/name.rs | 12 ++++++++++-- 4 files changed, 38 insertions(+), 10 deletions(-) diff --git a/creusot/src/backend/program.rs b/creusot/src/backend/program.rs index 05848092b..17d72a382 100644 --- a/creusot/src/backend/program.rs +++ b/creusot/src/backend/program.rs @@ -100,11 +100,19 @@ pub fn val<'tcx>(_: &mut Why3Generator<'tcx>, sig: Signature) -> Decl { vec![Defn { name: "return".into(), writes: Vec::new(), + attrs: vec![], + params: vec![Param::Term("result".into(), sig.retty.clone().unwrap())], body: postcond, }], ); - why3::declaration::Decl::Coma(Defn { name: sig.name, writes: Vec::new(), params, body }) + why3::declaration::Decl::Coma(Defn { + name: sig.name, + writes: Vec::new(), + attrs: vec![], + params, + body, + }) } // TODO: move to a more "central" location @@ -191,6 +199,7 @@ pub fn to_why<'tcx, N: Namer<'tcx>>( vec![Defn { name: "return".into(), writes: Vec::new(), + attrs: vec![], params: vec![Param::Term("result".into(), sig.retty.clone().unwrap())], body: postcond, }], @@ -210,7 +219,7 @@ pub fn to_why<'tcx, N: Namer<'tcx>>( vec![Param::Term("ret".into(), sig.retty.unwrap())], )]) .collect(); - coma::Defn { name: sig.name, writes: Vec::new(), params, body } + coma::Defn { name: sig.name, writes: Vec::new(), attrs: vec![], params, body } } fn component_to_defn<'tcx, N: Namer<'tcx>>( @@ -655,7 +664,7 @@ fn mk_adt_switch<'tcx, N: Namer<'tcx>>( ); let name = format!("br{}", ix.as_usize()).into(); - coma::Defn { name, body, params, writes: Vec::new() } + coma::Defn { name, body, params, writes: Vec::new(), attrs: vec![] } }) .collect(); assert!(brch.next().is_none()); @@ -747,6 +756,7 @@ where vec![Defn { name: "any_".into(), writes: vec![], + attrs: vec![], params: vec![Param::Term(id, ty)], body: Expr::BlackBox(Box::new(tail)), }], diff --git a/creusot/src/backend/ty.rs b/creusot/src/backend/ty.rs index bb84ffbc8..672d9fa54 100644 --- a/creusot/src/backend/ty.rs +++ b/creusot/src/backend/ty.rs @@ -268,6 +268,7 @@ pub(crate) fn eliminator<'tcx, N: Namer<'tcx>>( let good_branch: coma::Defn = coma::Defn { name: format!("good").into(), writes: vec![], + attrs: vec![], params: field_args.clone(), body: Expr::Assert( Box::new(cons_test.clone().eq(Exp::var("input"))), @@ -296,6 +297,7 @@ pub(crate) fn eliminator<'tcx, N: Namer<'tcx>>( name: format!("bad").into(), writes: vec![], params: vec![], + attrs: vec![], body: Expr::Assert(Box::new(negative_assertion), Box::new(fail)), }) } else { @@ -312,6 +314,7 @@ pub(crate) fn eliminator<'tcx, N: Namer<'tcx>>( writes: vec![], params: vec![input, ret_cont], body: Expr::Defn(Box::new(Expr::Any), false, branches), + attrs: vec![], }) } diff --git a/why3/src/coma.rs b/why3/src/coma.rs index 59562cf95..75b61b343 100644 --- a/why3/src/coma.rs +++ b/why3/src/coma.rs @@ -1,6 +1,11 @@ -use crate::{declaration::Use, printer::Print, ty::Type, Ident, QName}; -use pretty::docs; +use crate::{ + declaration::{Attribute, Use}, + printer::Print, + ty::Type, + Ident, QName, +}; +use pretty::docs; #[cfg(feature = "serialize")] use serde::{Deserialize, Serialize}; @@ -109,6 +114,7 @@ pub enum Arg { #[cfg_attr(feature = "serialize", derive(Serialize, Deserialize))] pub struct Defn { pub name: Ident, + pub attrs: Vec, /// Only relevant if using references pub writes: Vec, pub params: Vec, @@ -130,7 +136,7 @@ pub struct Module(pub Vec); impl Defn { pub fn simple(name: impl Into, body: Expr) -> Self { - Defn { name: name.into(), writes: vec![], params: vec![], body } + Defn { name: name.into(), attrs: vec![], writes: vec![], params: vec![], body } } } @@ -154,7 +160,7 @@ impl Expr { // If we have `x [ x = z ]` replace this by `z` if defs.len() == 1 && !defs[0].body.occurs_cont(&defs[0].name) - && self.as_symbol().is_some_and(|s| s.is_ident(&defs[0].name)) + && self.as_symbol().and_then(QName::ident) == Some(&defs[0].name) { defs.remove(0).body } else { @@ -185,7 +191,7 @@ impl Expr { /// Checks whether a symbol of name `cont` occurs in `self` pub fn occurs_cont(&self, cont: &Ident) -> bool { match self { - Expr::Symbol(v) => v.is_ident(&cont), + Expr::Symbol(v) => v.ident() == Some(&cont), Expr::App(e, arg) => { let arg = if let Arg::Cont(e) = &**arg { e.occurs_cont(cont) } else { false }; arg || e.occurs_cont(cont) @@ -443,6 +449,7 @@ where docs![ alloc, defn.name.pretty(alloc), + alloc.intersperse(defn.attrs.iter().map(|a| a.pretty(alloc)), alloc.space()), alloc.space(), bracket_list(alloc, defn.writes.iter().map(|a| a.pretty(alloc)), " "), if defn.writes.is_empty() { alloc.nil() } else { alloc.space() }, diff --git a/why3/src/name.rs b/why3/src/name.rs index fab92420f..5ed9673d4 100644 --- a/why3/src/name.rs +++ b/why3/src/name.rs @@ -95,9 +95,17 @@ impl QName { self.module.is_empty() && &self.name == id } - pub fn as_ident(self) -> Ident { + pub fn as_ident(&self) -> Ident { assert!(self.module.is_empty()); - self.name + self.name.clone() + } + + pub fn ident(&self) -> Option<&Ident> { + if self.module.is_empty() { + Some(&self.name) + } else { + None + } } // ooof this is a bad function From 490b59024cf89c052c291deba72a8669ed2d082b Mon Sep 17 00:00:00 2001 From: Xavier Denis Date: Sun, 17 Nov 2024 18:51:44 +0100 Subject: [PATCH 03/10] Track if precontracts come from users or not --- creusot/src/translation/specification.rs | 7 +++++++ 1 file changed, 7 insertions(+) diff --git a/creusot/src/translation/specification.rs b/creusot/src/translation/specification.rs index d8fd5b9f8..1f5777c78 100644 --- a/creusot/src/translation/specification.rs +++ b/creusot/src/translation/specification.rs @@ -44,6 +44,8 @@ pub struct PreContract<'tcx> { pub(crate) no_panic: bool, pub(crate) terminates: bool, pub(crate) extern_no_spec: bool, + /// Are any of the contract clauses here user provided? or merely Creusot inferred / provided? + pub(crate) has_user_contract: bool, } impl<'tcx> PreContract<'tcx> { @@ -105,6 +107,9 @@ impl<'tcx> PreContract<'tcx> { } } +/// [ContractClauses] is the most "raw" form of contract we have in Creusot, +/// in this stage, we have only gathered the [DefId]s of the items that hold the various contract +/// expressions. #[derive(Clone, Debug, TyEncodable, TyDecodable)] pub struct ContractClauses { variant: Option, @@ -131,6 +136,8 @@ impl ContractClauses { fn_name: &str, ) -> EarlyBinder<'tcx, PreContract<'tcx>> { let mut out = PreContract::default(); + out.has_user_contract = + !self.requires.is_empty() || !self.ensures.is_empty() || self.variant.is_some(); let n_requires = self.requires.len(); for req_id in self.requires { log::trace!("require clause {:?}", req_id); From c10685fe9cf26ab2c51017eed08c4b7eae0d4b18 Mon Sep 17 00:00:00 2001 From: Xavier Denis Date: Sun, 20 Oct 2024 23:22:48 +0200 Subject: [PATCH 04/10] Remove barrier for non-specified closures --- creusot/src/backend/program.rs | 13 +++++++++++-- 1 file changed, 11 insertions(+), 2 deletions(-) diff --git a/creusot/src/backend/program.rs b/creusot/src/backend/program.rs index 17d72a382..ea824e823 100644 --- a/creusot/src/backend/program.rs +++ b/creusot/src/backend/program.rs @@ -181,13 +181,22 @@ pub fn to_why<'tcx, N: Namer<'tcx>>( let mut postcond = Expr::Symbol("return".into()).app(vec![Arg::Term(Exp::var("result"))]); - if body_id.promoted.is_none() && !is_ghost_closure(ctx.tcx, body_id.def_id()) { + // We remove the barrier around the definition in the following edge cases: + let open_body = false + // a closure with no contract + || (ctx.is_closure_like(body_id.def_id()) && !ctx.sig(body_id.def_id()).contract.has_user_contract) + // a promoted item + || body_id.promoted.is_some() + // a ghost closure + || is_ghost_closure(ctx.tcx, body_id.def_id()); + + if !open_body { postcond = Expr::BlackBox(Box::new(postcond)); } let ensures = sig.contract.ensures.into_iter().map(Condition::labelled_exp); postcond = ensures.rfold(postcond, |acc, cond| Expr::Assert(Box::new(cond), Box::new(acc))); - if body_id.promoted.is_none() && !is_ghost_closure(ctx.tcx, body_id.def_id()) { + if !open_body { body = Expr::BlackBox(Box::new(body)) }; From 77bb25dd195fecba30afe4fc599a4d158deb0cbc Mon Sep 17 00:00:00 2001 From: Xavier Denis Date: Thu, 24 Oct 2024 23:01:38 +0200 Subject: [PATCH 05/10] Bug fixes and update tests --- creusot/src/backend/program.rs | 13 ++++++++++--- 1 file changed, 10 insertions(+), 3 deletions(-) diff --git a/creusot/src/backend/program.rs b/creusot/src/backend/program.rs index ea824e823..896c2f471 100644 --- a/creusot/src/backend/program.rs +++ b/creusot/src/backend/program.rs @@ -164,7 +164,7 @@ pub fn to_why<'tcx, N: Namer<'tcx>>( }) .collect(); - let sig = if body_id.promoted.is_none() { + let mut sig = if body_id.promoted.is_none() { signature_of(ctx, names, name, body_id.def_id()) } else { let ret = ret.unwrap(); @@ -181,10 +181,13 @@ pub fn to_why<'tcx, N: Namer<'tcx>>( let mut postcond = Expr::Symbol("return".into()).app(vec![Arg::Term(Exp::var("result"))]); + let inferred_closure_spec = ctx.is_closure_like(body_id.def_id()) + && !ctx.sig(body_id.def_id()).contract.has_user_contract; + // We remove the barrier around the definition in the following edge cases: let open_body = false // a closure with no contract - || (ctx.is_closure_like(body_id.def_id()) && !ctx.sig(body_id.def_id()).contract.has_user_contract) + || inferred_closure_spec // a promoted item || body_id.promoted.is_some() // a ghost closure @@ -200,6 +203,10 @@ pub fn to_why<'tcx, N: Namer<'tcx>>( body = Expr::BlackBox(Box::new(body)) }; + if inferred_closure_spec { + sig.attrs.push(Attribute::Attr("coma:extspec".into())); + } + body = Expr::Let(Box::new(body), vars); body = Expr::Defn( @@ -228,7 +235,7 @@ pub fn to_why<'tcx, N: Namer<'tcx>>( vec![Param::Term("ret".into(), sig.retty.unwrap())], )]) .collect(); - coma::Defn { name: sig.name, writes: Vec::new(), attrs: vec![], params, body } + coma::Defn { name: sig.name, writes: Vec::new(), attrs: sig.attrs, params, body } } fn component_to_defn<'tcx, N: Namer<'tcx>>( From 507a75e559a8a16c25ec98f562be1e52689dfa51 Mon Sep 17 00:00:00 2001 From: Xavier Denis Date: Mon, 18 Nov 2024 11:04:43 +0100 Subject: [PATCH 06/10] hack --- creusot/src/backend/clone_map.rs | 1 - creusot/src/backend/program.rs | 12 +++++++++--- creusot/src/translation/function.rs | 21 +++++++++++++++++++-- 3 files changed, 28 insertions(+), 6 deletions(-) diff --git a/creusot/src/backend/clone_map.rs b/creusot/src/backend/clone_map.rs index 53cc46079..3148e2037 100644 --- a/creusot/src/backend/clone_map.rs +++ b/creusot/src/backend/clone_map.rs @@ -377,7 +377,6 @@ impl<'tcx> Dependencies<'tcx> { // Update the clone graph with any new entries. let (graph, mut bodies) = graph.update_graph(ctx); - // First we find components including weak dependencies for scc in petgraph::algo::tarjan_scc(&graph).into_iter() { if scc.iter().any(|node| node == &self_node) { assert_eq!(scc.len(), 1); diff --git a/creusot/src/backend/program.rs b/creusot/src/backend/program.rs index 896c2f471..bbfb33b60 100644 --- a/creusot/src/backend/program.rs +++ b/creusot/src/backend/program.rs @@ -164,6 +164,7 @@ pub fn to_why<'tcx, N: Namer<'tcx>>( }) .collect(); + // Remove the invariant from the contract here?? let mut sig = if body_id.promoted.is_none() { signature_of(ctx, names, name, body_id.def_id()) } else { @@ -184,6 +185,7 @@ pub fn to_why<'tcx, N: Namer<'tcx>>( let inferred_closure_spec = ctx.is_closure_like(body_id.def_id()) && !ctx.sig(body_id.def_id()).contract.has_user_contract; + eprintln!("{body_id:?} {inferred_closure_spec:?}"); // We remove the barrier around the definition in the following edge cases: let open_body = false // a closure with no contract @@ -197,7 +199,10 @@ pub fn to_why<'tcx, N: Namer<'tcx>>( postcond = Expr::BlackBox(Box::new(postcond)); } let ensures = sig.contract.ensures.into_iter().map(Condition::labelled_exp); - postcond = ensures.rfold(postcond, |acc, cond| Expr::Assert(Box::new(cond), Box::new(acc))); + + if open_body { + // postcond = ensures.rfold(postcond, |acc, cond| Expr::Assert(Box::new(cond), Box::new(acc))); + } if !open_body { body = Expr::BlackBox(Box::new(body)) @@ -222,8 +227,9 @@ pub fn to_why<'tcx, N: Namer<'tcx>>( ); let requires = sig.contract.requires.into_iter().map(Condition::labelled_exp); - body = requires.rfold(body, |acc, req| Expr::Assert(Box::new(req), Box::new(acc))); - + if open_body { + // body = requires.rfold(body, |acc, req| Expr::Assert(Box::new(req), Box::new(acc))); + } let params = sig .args .into_iter() diff --git a/creusot/src/translation/function.rs b/creusot/src/translation/function.rs index b3601fa6d..ac7e22deb 100644 --- a/creusot/src/translation/function.rs +++ b/creusot/src/translation/function.rs @@ -803,8 +803,8 @@ impl<'tcx> TranslationCtx<'tcx> { let kind = subst.as_closure().kind(); let contract = contract_of(self, def_id); - let mut postcondition: Term<'_> = contract.ensures_conj(self.tcx); - let mut precondition: Term<'_> = contract.requires_conj(self.tcx); + + let span = self.def_span(def_id); let (args_nms, args_tys): (Vec<_>, Vec<_>) = self.sig(def_id).inputs.iter().skip(1).map(|&(nm, _, ref ty)| (nm, ty.clone())).unzip(); @@ -828,6 +828,23 @@ impl<'tcx> TranslationCtx<'tcx> { .collect(), ); + let (mut precondition, mut postcondition) = if contract.is_empty() { + let params: Vec<_> = + args_nms.iter().cloned().zip(args_tys).map(|(nm, ty)| Term::var(nm, ty)).collect(); + let ret_params = params.clone(); + eprintln!("{subst:?}"); + ( + Term::mk_true(self.tcx), + Term { + kind: TermKind::Postcondition { item: def_id, args: subst, params: ret_params }, + ty: self.types.bool, + span, + }, + ) + } else { + (contract.requires_conj(self.tcx), contract.ensures_conj(self.tcx)) + }; + postcondition = pearlite::Term { span: postcondition.span, kind: TermKind::Let { From 0d3f5d0b98b77b854351f5e86f2e9f51b499d2d9 Mon Sep 17 00:00:00 2001 From: Xavier Denis Date: Tue, 19 Nov 2024 23:32:27 +0100 Subject: [PATCH 07/10] status --- loop.rs | 12 ++++++++++++ 1 file changed, 12 insertions(+) create mode 100644 loop.rs diff --git a/loop.rs b/loop.rs new file mode 100644 index 000000000..d461cfced --- /dev/null +++ b/loop.rs @@ -0,0 +1,12 @@ +extern crate creusot_contracts; +use creusot_contracts::*; + +fn example() -> bool { + let mut j = 0; + let loop_len = 5; + #[invariant( 0usize <= j && j <= loop_len)] + while 0 < 5 { + return true; + } + return true; +} From 7c941debc7b3abfe010c8689399fa414fbeccbd5 Mon Sep 17 00:00:00 2001 From: Xavier Denis Date: Sun, 8 Dec 2024 14:42:04 +0100 Subject: [PATCH 08/10] works --- creusot/src/backend/program.rs | 13 +- creusot/src/translation/function.rs | 179 +++++-- creusot/src/translation/pearlite.rs | 6 + .../iterators/03_std_iterators.coma | 381 +++++++------- .../iterators/03_std_iterators.rs | 15 +- .../03_std_iterators/why3session.xml | 23 +- .../iterators/03_std_iterators/why3shapes.gz | Bin 6595 -> 6610 bytes .../iterators/06_map_precond.coma | 470 +++++++++--------- .../iterators/06_map_precond.rs | 23 +- .../iterators/06_map_precond/why3session.xml | 25 +- .../iterators/06_map_precond/why3shapes.gz | Bin 5381 -> 5260 bytes 11 files changed, 600 insertions(+), 535 deletions(-) diff --git a/creusot/src/backend/program.rs b/creusot/src/backend/program.rs index bbfb33b60..42237097e 100644 --- a/creusot/src/backend/program.rs +++ b/creusot/src/backend/program.rs @@ -185,7 +185,6 @@ pub fn to_why<'tcx, N: Namer<'tcx>>( let inferred_closure_spec = ctx.is_closure_like(body_id.def_id()) && !ctx.sig(body_id.def_id()).contract.has_user_contract; - eprintln!("{body_id:?} {inferred_closure_spec:?}"); // We remove the barrier around the definition in the following edge cases: let open_body = false // a closure with no contract @@ -195,13 +194,11 @@ pub fn to_why<'tcx, N: Namer<'tcx>>( // a ghost closure || is_ghost_closure(ctx.tcx, body_id.def_id()); - if !open_body { - postcond = Expr::BlackBox(Box::new(postcond)); - } let ensures = sig.contract.ensures.into_iter().map(Condition::labelled_exp); - if open_body { - // postcond = ensures.rfold(postcond, |acc, cond| Expr::Assert(Box::new(cond), Box::new(acc))); + if !open_body { + postcond = Expr::BlackBox(Box::new(postcond)); + postcond = ensures.rfold(postcond, |acc, cond| Expr::Assert(Box::new(cond), Box::new(acc))); } if !open_body { @@ -227,8 +224,8 @@ pub fn to_why<'tcx, N: Namer<'tcx>>( ); let requires = sig.contract.requires.into_iter().map(Condition::labelled_exp); - if open_body { - // body = requires.rfold(body, |acc, req| Expr::Assert(Box::new(req), Box::new(acc))); + if !open_body { + body = requires.rfold(body, |acc, req| Expr::Assert(Box::new(req), Box::new(acc))); } let params = sig .args diff --git a/creusot/src/translation/function.rs b/creusot/src/translation/function.rs index ac7e22deb..f519d3711 100644 --- a/creusot/src/translation/function.rs +++ b/creusot/src/translation/function.rs @@ -25,8 +25,8 @@ use rustc_hir::def_id::DefId; use rustc_index::{bit_set::BitSet, Idx}; use rustc_middle::{ mir::{ - self, traversal::reverse_postorder, BasicBlock, Body, Local, Location, Operand, Place, - PlaceRef, TerminatorKind, START_BLOCK, + self, traversal::reverse_postorder, BasicBlock, Body, Local, Location, Mutability, Operand, + Place, PlaceRef, TerminatorKind, START_BLOCK, }, ty::{ BorrowKind, ClosureKind, GenericArg, GenericArgsRef, ParamEnv, Ty, TyCtxt, TyKind, @@ -49,6 +49,8 @@ mod statement; mod terminator; use terminator::discriminator_for_switch; +use self::pearlite::BinOp; + /// Translate a function from rustc's MIR to fMIR. pub(crate) fn fmir<'tcx>(ctx: &mut TranslationCtx<'tcx>, body_id: BodyId) -> fmir::Body<'tcx> { let body = ctx.body(body_id).clone(); @@ -828,37 +830,63 @@ impl<'tcx> TranslationCtx<'tcx> { .collect(), ); - let (mut precondition, mut postcondition) = if contract.is_empty() { - let params: Vec<_> = - args_nms.iter().cloned().zip(args_tys).map(|(nm, ty)| Term::var(nm, ty)).collect(); - let ret_params = params.clone(); - eprintln!("{subst:?}"); - ( - Term::mk_true(self.tcx), - Term { - kind: TermKind::Postcondition { item: def_id, args: subst, params: ret_params }, - ty: self.types.bool, - span, - }, + let env_ty = self.closure_env_ty( + self.type_of(def_id).instantiate_identity(), + kind, + self.lifetimes.re_erased, + ); + let self_ = Term::var(Symbol::intern("self"), env_ty); + let params: Vec<_> = + args_nms.iter().cloned().zip(args_tys).map(|(nm, ty)| Term::var(nm, ty)).collect(); + + let mut precondition = if contract.is_empty() { + self.inferred_precondition_term( + def_id, + subst, + kind, + self_.clone(), + params.clone(), + span, ) } else { - (contract.requires_conj(self.tcx), contract.ensures_conj(self.tcx)) + contract.requires_conj(self.tcx) }; - postcondition = pearlite::Term { - span: postcondition.span, - kind: TermKind::Let { - pattern: arg_pat.clone(), - arg: Box::new(arg_tuple.clone()), - body: Box::new(postcondition), - }, - ty: self.types.bool, + let retty = self.sig(def_id).output; + let postcond = |target_kind| { + let postcondition = if contract.is_empty() { + let mut ret_params = params.clone(); + ret_params.push(Term::var(Symbol::intern("result"), retty)); + + self.inferred_postcondition_term( + target_kind, + def_id, + subst, + kind, + self_.clone(), + ret_params, + span, + ) + } else { + contract.ensures_conj(self.tcx) + }; + + pearlite::Term { + span: postcondition.span, + kind: TermKind::Let { + pattern: arg_pat.clone(), + arg: Box::new(arg_tuple.clone()), + body: Box::new(postcondition), + }, + ty: self.types.bool, + } }; + precondition = pearlite::Term { span: precondition.span, kind: TermKind::Let { - pattern: arg_pat, - arg: Box::new(arg_tuple), + pattern: arg_pat.clone(), + arg: Box::new(arg_tuple.clone()), body: Box::new(precondition), }, ty: self.types.bool, @@ -896,7 +924,7 @@ impl<'tcx> TranslationCtx<'tcx> { let self_ = Term::var(Symbol::intern("self"), env_ty); let mut csubst = closure_capture_subst(self, def_id, subst, false, Some(self_.clone()), self_); - let mut postcondition = postcondition.clone(); + let mut postcondition = postcond(ClosureKind::Fn); csubst.visit_mut_term(&mut postcondition); @@ -915,7 +943,7 @@ impl<'tcx> TranslationCtx<'tcx> { result_state.clone(), ); - let mut postcondition = postcondition.clone(); + let mut postcondition = postcond(ClosureKind::FnMut); csubst.visit_mut_term(&mut postcondition); let args = subst.as_closure().sig().inputs().skip_binder()[0]; @@ -945,12 +973,107 @@ impl<'tcx> TranslationCtx<'tcx> { let mut csubst = closure_capture_subst(self, def_id, subst, true, Some(self_.clone()), self_); - let mut postcondition = postcondition.clone(); + let mut postcondition = postcond(ClosureKind::FnOnce); csubst.visit_mut_term(&mut postcondition); contracts.postcond_once = Some(postcondition); contracts } + + fn inferred_precondition_term( + &self, + def_id: DefId, + args: GenericArgsRef<'tcx>, + kind: ClosureKind, + closure_env: Term<'tcx>, + mut closure_args: Vec>, + span: Span, + ) -> Term<'tcx> { + let env_ty = closure_env.ty; + + let bor_self = Term::var( + Symbol::intern("__bor_self"), + Ty::new_ref(self.tcx, self.tcx.lifetimes.re_erased, env_ty, Mutability::Mut), + ); + // Based on the underlying kind of closure we may need to wrap the call in a quantifier (at least for FnMut ones) + match kind { + ClosureKind::Fn | ClosureKind::FnOnce => { + closure_args.insert(0, closure_env.clone()); + + Term { + kind: TermKind::Precondition { item: def_id, args, params: closure_args }, + ty: self.types.bool, + span, + } + } + ClosureKind::FnMut => { + closure_args.insert(0, bor_self.clone()); + let base = Term { + kind: TermKind::Precondition { item: def_id, args, params: closure_args }, + ty: self.types.bool, + span, + }; + (bor_self.clone().cur().bin_op(self.tcx, BinOp::Eq, closure_env)) + .implies(base) + .forall(self.tcx, (Symbol::intern("__bor_self"), env_ty)) + } + } + } + + /// Infers the `postcond_kind` version of the postcondition predicate for the provided closure. + fn inferred_postcondition_term( + &self, + postcond_kind: ClosureKind, + def_id: DefId, + args: GenericArgsRef<'tcx>, + closure_kind: ClosureKind, + closure_env: Term<'tcx>, + mut closure_args: Vec>, + span: Span, + ) -> Term<'tcx> { + let env_ty = closure_env.ty; + + match closure_kind { + ClosureKind::Fn | ClosureKind::FnOnce => { + closure_args.insert(0, closure_env.clone()); + + let base = Term { + kind: TermKind::Postcondition { item: def_id, args, params: closure_args }, + ty: self.types.bool, + span, + }; + base + } + ClosureKind::FnMut => { + let bor_self = Term::var(Symbol::intern("__bor_self"), env_ty); + closure_args.insert(0, bor_self.clone()); + + let base = Term { + kind: TermKind::Postcondition { item: def_id, args, params: closure_args }, + ty: self.types.bool, + span, + }; + + match postcond_kind { + ClosureKind::FnOnce => base + .conj(bor_self.cur().bin_op(self.tcx, BinOp::Eq, closure_env)) + .exists(self.tcx, (Symbol::intern("__bor_self"), env_ty)), + ClosureKind::FnMut => base + .conj(bor_self.clone().cur().bin_op(self.tcx, BinOp::Eq, closure_env)) + .conj(bor_self.fin().bin_op( + self.tcx, + BinOp::Eq, + Term::var(Symbol::intern("result_state"), env_ty), + )) + .exists(self.tcx, (Symbol::intern("__bor_self"), env_ty)), + ClosureKind::Fn => self.crash_and_error( + span, + "An `FnMut` closure cannot have an `Fn` postcondition", + ), + } + } + } + } } pub(crate) fn closure_resolve<'tcx>( diff --git a/creusot/src/translation/pearlite.rs b/creusot/src/translation/pearlite.rs index de5a94648..a672e34d4 100644 --- a/creusot/src/translation/pearlite.rs +++ b/creusot/src/translation/pearlite.rs @@ -1481,6 +1481,12 @@ impl<'tcx> Term<'tcx> { self.forall_trig(tcx, binder, vec![]) } + pub(crate) fn exists(self, tcx: TyCtxt<'tcx>, binder: (Symbol, Ty<'tcx>)) -> Self { + let ty = Ty::new_tup(tcx, &[binder.1]); + + self.quant(QuantKind::Exists, (vec![Ident::new(binder.0, DUMMY_SP)], ty), vec![]) + } + pub(crate) fn quant( self, quant_kind: QuantKind, diff --git a/creusot/tests/should_succeed/iterators/03_std_iterators.coma b/creusot/tests/should_succeed/iterators/03_std_iterators.coma index cb7da2c3f..acc1ae9cb 100644 --- a/creusot/tests/should_succeed/iterators/03_std_iterators.coma +++ b/creusot/tests/should_succeed/iterators/03_std_iterators.coma @@ -243,7 +243,7 @@ module M_03_std_iterators__slice_iter [#"03_std_iterators.rs" 6 0 6 42] meta "compute_max_steps" 1000000 - let rec slice_iter'0 (slice:slice t_T'0) (return' (ret:usize))= {[@expl:slice_iter 'slice' type invariant] [%#s03_std_iterators7] inv'2 slice} + let rec slice_iter'0[#"03_std_iterators.rs" 6 0 6 42] (slice:slice t_T'0) (return' (ret:usize))= {[@expl:slice_iter 'slice' type invariant] [%#s03_std_iterators7] inv'2 slice} {[@expl:slice_iter requires] [%#s03_std_iterators8] Seq.length (view'0 slice) < 1000} (! bb0 [ bb0 = s0 @@ -572,7 +572,7 @@ module M_03_std_iterators__vec_iter [#"03_std_iterators.rs" 17 0 17 41] meta "compute_max_steps" 1000000 - let rec vec_iter'0 (vec:t_Vec'0) (return' (ret:usize))= {[@expl:vec_iter 'vec' type invariant] [%#s03_std_iterators7] inv'2 vec} + let rec vec_iter'0[#"03_std_iterators.rs" 17 0 17 41] (vec:t_Vec'0) (return' (ret:usize))= {[@expl:vec_iter 'vec' type invariant] [%#s03_std_iterators7] inv'2 vec} {[@expl:vec_iter requires] [%#s03_std_iterators8] Seq.length (view'0 vec) < 1000} (! bb0 [ bb0 = s0 @@ -902,7 +902,7 @@ module M_03_std_iterators__all_zero [#"03_std_iterators.rs" 28 0 28 35] meta "compute_max_steps" 1000000 - let rec all_zero'0 (v:borrowed (t_Vec'0)) (return' (ret:()))= (! bb0 + let rec all_zero'0[#"03_std_iterators.rs" 28 0 28 35] (v:borrowed (t_Vec'0)) (return' (ret:()))= (! bb0 [ bb0 = s0 [ s0 = Borrow.borrow_final {v.current} {Borrow.get_id v} (fun (_ret':borrowed (t_Vec'0)) -> [ &_8 <- _ret' ] [ &v <- { v with current = _ret'.final } ] s1) @@ -1226,7 +1226,7 @@ module M_03_std_iterators__skip_take [#"03_std_iterators.rs" 35 0 35 48] meta "compute_max_steps" 1000000 - let rec skip_take'0 (iter:t_I'0) (n:usize) (return' (ret:()))= {[@expl:skip_take 'iter' type invariant] [%#s03_std_iterators1] inv'2 iter} + let rec skip_take'0[#"03_std_iterators.rs" 35 0 35 48] (iter:t_I'0) (n:usize) (return' (ret:()))= {[@expl:skip_take 'iter' type invariant] [%#s03_std_iterators1] inv'2 iter} (! bb0 [ bb0 = s0 [ s0 = take'0 {iter} {n} (fun (_ret':t_Take'0) -> [ &_6 <- _ret' ] s1) | s1 = bb1 ] | bb1 = s0 [ s0 = skip'0 {_6} {n} (fun (_ret':t_Skip'0) -> [ &_5 <- _ret' ] s1) | s1 = bb2 ] @@ -1259,58 +1259,57 @@ module M_03_std_iterators__skip_take [#"03_std_iterators.rs" 35 0 35 48] [ return' (result:())-> (! return' {result}) ] end module M_03_std_iterators__counter [#"03_std_iterators.rs" 41 0 41 27] - let%span s03_std_iterators0 = "03_std_iterators.rs" 42 18 42 19 - let%span s03_std_iterators1 = "03_std_iterators.rs" 56 20 56 40 - let%span s03_std_iterators2 = "03_std_iterators.rs" 57 20 57 33 - let%span s03_std_iterators3 = "03_std_iterators.rs" 58 20 58 36 + let%span s03_std_iterators0 = "03_std_iterators.rs" 42 25 42 26 + let%span s03_std_iterators1 = "03_std_iterators.rs" 53 20 53 40 + let%span s03_std_iterators2 = "03_std_iterators.rs" 54 20 54 33 + let%span s03_std_iterators3 = "03_std_iterators.rs" 55 20 55 36 let%span svec4 = "../../../../creusot-contracts/src/std/vec.rs" 169 26 169 42 let%span sslice5 = "../../../../creusot-contracts/src/std/slice.rs" 245 0 354 1 - let%span s03_std_iterators6 = "03_std_iterators.rs" 50 23 50 24 - let%span s03_std_iterators7 = "03_std_iterators.rs" 47 23 47 65 - let%span s03_std_iterators8 = "03_std_iterators.rs" 48 22 48 89 - let%span siter9 = "../../../../creusot-contracts/src/std/iter.rs" 55 21 55 25 - let%span siter10 = "../../../../creusot-contracts/src/std/iter.rs" 55 27 55 31 - let%span siter11 = "../../../../creusot-contracts/src/std/iter.rs" 49 15 51 69 - let%span siter12 = "../../../../creusot-contracts/src/std/iter.rs" 52 15 52 51 - let%span siter13 = "../../../../creusot-contracts/src/std/iter.rs" 53 15 53 70 - let%span siter14 = "../../../../creusot-contracts/src/std/iter.rs" 55 4 58 61 - let%span siter15 = "../../../../creusot-contracts/src/std/iter.rs" 54 14 54 88 - let%span siter16 = "../../../../creusot-contracts/src/std/iter.rs" 166 26 167 120 - let%span svec17 = "../../../../creusot-contracts/src/std/vec.rs" 18 14 18 41 - let%span smodel18 = "../../../../creusot-contracts/src/model.rs" 92 8 92 22 - let%span sslice19 = "../../../../creusot-contracts/src/std/slice.rs" 411 14 411 45 - let%span sslice20 = "../../../../creusot-contracts/src/std/slice.rs" 409 4 409 10 - let%span sslice21 = "../../../../creusot-contracts/src/std/slice.rs" 416 15 416 32 - let%span sslice22 = "../../../../creusot-contracts/src/std/slice.rs" 417 15 417 32 - let%span sslice23 = "../../../../creusot-contracts/src/std/slice.rs" 418 14 418 42 - let%span sslice24 = "../../../../creusot-contracts/src/std/slice.rs" 414 4 414 10 - let%span sslice25 = "../../../../creusot-contracts/src/std/slice.rs" 405 12 405 66 - let%span smap_inv26 = "../../../../creusot-contracts/src/std/iter/map_inv.rs" 153 12 156 47 - let%span smap_inv27 = "../../../../creusot-contracts/src/std/iter/map_inv.rs" 140 12 145 71 - let%span smap_inv28 = "../../../../creusot-contracts/src/std/iter/map_inv.rs" 15 8 18 9 - let%span smap_inv29 = "../../../../creusot-contracts/src/std/iter/map_inv.rs" 37 8 49 9 - let%span svec30 = "../../../../creusot-contracts/src/std/vec.rs" 285 20 285 32 - let%span sslice31 = "../../../../creusot-contracts/src/std/slice.rs" 28 14 28 41 - let%span sslice32 = "../../../../creusot-contracts/src/std/slice.rs" 29 14 29 42 - let%span sresolve33 = "../../../../creusot-contracts/src/resolve.rs" 54 20 54 34 - let%span sops34 = "../../../../creusot-contracts/src/std/ops.rs" 109 15 109 59 - let%span sops35 = "../../../../creusot-contracts/src/std/ops.rs" 110 14 110 36 - let%span sops36 = "../../../../creusot-contracts/src/std/ops.rs" 115 14 115 31 - let%span sops37 = "../../../../creusot-contracts/src/std/ops.rs" 120 15 120 29 - let%span sops38 = "../../../../creusot-contracts/src/std/ops.rs" 121 15 121 26 - let%span sops39 = "../../../../creusot-contracts/src/std/ops.rs" 122 14 122 28 - let%span sops40 = "../../../../creusot-contracts/src/std/ops.rs" 127 14 128 105 - let%span sslice41 = "../../../../creusot-contracts/src/std/slice.rs" 96 14 96 41 - let%span sslice42 = "../../../../creusot-contracts/src/std/slice.rs" 97 14 97 80 - let%span sslice43 = "../../../../creusot-contracts/src/std/slice.rs" 398 20 398 61 - let%span smap_inv44 = "../../../../creusot-contracts/src/std/iter/map_inv.rs" 117 12 119 63 - let%span smap_inv45 = "../../../../creusot-contracts/src/std/iter/map_inv.rs" 57 8 57 50 - let%span smap_inv46 = "../../../../creusot-contracts/src/std/iter/map_inv.rs" 23 14 23 45 - let%span smap_inv47 = "../../../../creusot-contracts/src/std/iter/map_inv.rs" 28 15 28 32 - let%span smap_inv48 = "../../../../creusot-contracts/src/std/iter/map_inv.rs" 29 15 29 32 - let%span smap_inv49 = "../../../../creusot-contracts/src/std/iter/map_inv.rs" 30 14 30 42 - let%span sindex50 = "../../../../creusot-contracts/src/logic/ops/index.rs" 49 8 49 31 - let%span smodel51 = "../../../../creusot-contracts/src/model.rs" 110 8 110 22 + let%span s03_std_iterators6 = "03_std_iterators.rs" 47 26 47 45 + let%span s03_std_iterators7 = "03_std_iterators.rs" 48 19 48 20 + let%span siter8 = "../../../../creusot-contracts/src/std/iter.rs" 55 21 55 25 + let%span siter9 = "../../../../creusot-contracts/src/std/iter.rs" 55 27 55 31 + let%span siter10 = "../../../../creusot-contracts/src/std/iter.rs" 49 15 51 69 + let%span siter11 = "../../../../creusot-contracts/src/std/iter.rs" 52 15 52 51 + let%span siter12 = "../../../../creusot-contracts/src/std/iter.rs" 53 15 53 70 + let%span siter13 = "../../../../creusot-contracts/src/std/iter.rs" 55 4 58 61 + let%span siter14 = "../../../../creusot-contracts/src/std/iter.rs" 54 14 54 88 + let%span siter15 = "../../../../creusot-contracts/src/std/iter.rs" 166 26 167 120 + let%span svec16 = "../../../../creusot-contracts/src/std/vec.rs" 18 14 18 41 + let%span smodel17 = "../../../../creusot-contracts/src/model.rs" 92 8 92 22 + let%span sslice18 = "../../../../creusot-contracts/src/std/slice.rs" 411 14 411 45 + let%span sslice19 = "../../../../creusot-contracts/src/std/slice.rs" 409 4 409 10 + let%span sslice20 = "../../../../creusot-contracts/src/std/slice.rs" 416 15 416 32 + let%span sslice21 = "../../../../creusot-contracts/src/std/slice.rs" 417 15 417 32 + let%span sslice22 = "../../../../creusot-contracts/src/std/slice.rs" 418 14 418 42 + let%span sslice23 = "../../../../creusot-contracts/src/std/slice.rs" 414 4 414 10 + let%span sslice24 = "../../../../creusot-contracts/src/std/slice.rs" 405 12 405 66 + let%span smap_inv25 = "../../../../creusot-contracts/src/std/iter/map_inv.rs" 153 12 156 47 + let%span smap_inv26 = "../../../../creusot-contracts/src/std/iter/map_inv.rs" 140 12 145 71 + let%span smap_inv27 = "../../../../creusot-contracts/src/std/iter/map_inv.rs" 15 8 18 9 + let%span smap_inv28 = "../../../../creusot-contracts/src/std/iter/map_inv.rs" 37 8 49 9 + let%span svec29 = "../../../../creusot-contracts/src/std/vec.rs" 285 20 285 32 + let%span sslice30 = "../../../../creusot-contracts/src/std/slice.rs" 28 14 28 41 + let%span sslice31 = "../../../../creusot-contracts/src/std/slice.rs" 29 14 29 42 + let%span sresolve32 = "../../../../creusot-contracts/src/resolve.rs" 54 20 54 34 + let%span sops33 = "../../../../creusot-contracts/src/std/ops.rs" 109 15 109 59 + let%span sops34 = "../../../../creusot-contracts/src/std/ops.rs" 110 14 110 36 + let%span sops35 = "../../../../creusot-contracts/src/std/ops.rs" 115 14 115 31 + let%span sops36 = "../../../../creusot-contracts/src/std/ops.rs" 120 15 120 29 + let%span sops37 = "../../../../creusot-contracts/src/std/ops.rs" 121 15 121 26 + let%span sops38 = "../../../../creusot-contracts/src/std/ops.rs" 122 14 122 28 + let%span sops39 = "../../../../creusot-contracts/src/std/ops.rs" 127 14 128 105 + let%span sslice40 = "../../../../creusot-contracts/src/std/slice.rs" 96 14 96 41 + let%span sslice41 = "../../../../creusot-contracts/src/std/slice.rs" 97 14 97 80 + let%span sslice42 = "../../../../creusot-contracts/src/std/slice.rs" 398 20 398 61 + let%span smap_inv43 = "../../../../creusot-contracts/src/std/iter/map_inv.rs" 117 12 119 63 + let%span smap_inv44 = "../../../../creusot-contracts/src/std/iter/map_inv.rs" 57 8 57 50 + let%span smap_inv45 = "../../../../creusot-contracts/src/std/iter/map_inv.rs" 23 14 23 45 + let%span smap_inv46 = "../../../../creusot-contracts/src/std/iter/map_inv.rs" 28 15 28 32 + let%span smap_inv47 = "../../../../creusot-contracts/src/std/iter/map_inv.rs" 29 15 29 32 + let%span smap_inv48 = "../../../../creusot-contracts/src/std/iter/map_inv.rs" 30 14 30 42 + let%span sindex49 = "../../../../creusot-contracts/src/logic/ops/index.rs" 49 8 49 31 + let%span smodel50 = "../../../../creusot-contracts/src/model.rs" 110 8 110 22 use prelude.prelude.UIntSize @@ -1359,19 +1358,19 @@ module M_03_std_iterators__counter [#"03_std_iterators.rs" 41 0 41 27] function view'4 (self : slice uint32) : Seq.seq uint32 - axiom view'4_spec : forall self : slice uint32 . ([%#sslice31] Seq.length (view'4 self) + axiom view'4_spec : forall self : slice uint32 . ([%#sslice30] Seq.length (view'4 self) <= UIntSize.to_int (v_MAX'0 : usize)) - && ([%#sslice32] view'4 self = Slice.id self) + && ([%#sslice31] view'4 self = Slice.id self) function view'1 (self : slice uint32) : Seq.seq uint32 = - [%#smodel18] view'4 self + [%#smodel17] view'4 self function view'0 (self : t_Vec'0) : Seq.seq uint32 - axiom view'0_spec : forall self : t_Vec'0 . [%#svec17] Seq.length (view'0 self) <= UIntSize.to_int (v_MAX'0 : usize) + axiom view'0_spec : forall self : t_Vec'0 . [%#svec16] Seq.length (view'0 self) <= UIntSize.to_int (v_MAX'0 : usize) function view'2 (self : t_Vec'0) : Seq.seq uint32 = - [%#smodel18] view'0 self + [%#smodel17] view'0 self let rec deref'0 (self:t_Vec'0) (return' (ret:slice uint32))= {[@expl:deref 'self' type invariant] inv'0 self} any [ return' (result:slice uint32)-> {inv'1 result} {[%#svec4] view'1 result = view'2 self} (! return' {result}) ] @@ -1384,34 +1383,27 @@ module M_03_std_iterators__counter [#"03_std_iterators.rs" 41 0 41 27] let rec iter'0 (self:slice uint32) (return' (ret:t_Iter'0))= {[@expl:iter 'self' type invariant] inv'1 self} any [ return' (result:t_Iter'0)-> {[%#sslice5] view'3 result = self} (! return' {result}) ] + use prelude.prelude.Snapshot + + use seq.Seq + type closure0'1 = { field_0'0: borrowed usize } predicate resolve'2 (self : borrowed closure0'1) = - [%#sresolve33] self.final = self.current + [%#sresolve32] self.final = self.current predicate resolve'0 (_1 : borrowed closure0'1) = resolve'2 _1 use prelude.prelude.Intrinsic - use prelude.prelude.Snapshot - - use seq.Seq - use seq.Seq use prelude.prelude.Snapshot - predicate postcondition_once'0 (self : closure0'1) (args : (uint32, Snapshot.snap_ty (Seq.seq uint32))) (result : uint32) - - = - [%#s03_std_iterators8] let (x, _prod) = args in UIntSize.to_int (self.field_0'0).final - = UIntSize.to_int (self.field_0'0).current + 1 - /\ UIntSize.to_int (self.field_0'0).final = Seq.length (Snapshot.inner _prod) + 1 /\ result = x - predicate resolve'8 (self : borrowed usize) = - [%#sresolve33] self.final = self.current + [%#sresolve32] self.final = self.current predicate resolve'7 (_1 : borrowed usize) = resolve'8 _1 @@ -1422,62 +1414,58 @@ module M_03_std_iterators__counter [#"03_std_iterators.rs" 41 0 41 27] predicate unnest'0 (self : closure0'1) (_2 : closure0'1) = (_2.field_0'0).final = (self.field_0'0).final + let rec closure0'0[#"03_std_iterators.rs" 46 17 46 27] [@coma:extspec] (_1:borrowed closure0'1) (x:uint32) (_prod:Snapshot.snap_ty (Seq.seq uint32)) (return' (ret:uint32))= bb0 + [ bb0 = s0 + [ s0 = {[@expl:assertion] [%#s03_std_iterators6] UIntSize.to_int ((_1.current).field_0'0).current + = Seq.length (Snapshot.inner _prod)} + s1 + | s1 = UIntSize.add {((_1.current).field_0'0).current} {[%#s03_std_iterators7] (1 : usize)} + (fun (_ret':usize) -> + [ &_1 <- { _1 with current = { field_0'0 = { (_1.current).field_0'0 with current = _ret' } } } ] + s2) + | s2 = -{resolve'0 _1}- s3 + | s3 = [ &_0 <- x ] s4 + | s4 = return' {_0} ] + ] + + [ & _0 : uint32 = any_l () + | & _1 : borrowed closure0'1 = _1 + | & x : uint32 = x + | & _prod : Snapshot.snap_ty (Seq.seq uint32) = _prod ] + [ return' (result:uint32)-> return' {result} ] + + predicate postcondition_once'0 (self : closure0'1) (args : (uint32, Snapshot.snap_ty (Seq.seq uint32))) (result : uint32) + + = + let (x, _prod) = args in exists __bor_self : borrowed closure0'1 . closure0'0'post'return' __bor_self x _prod result + /\ __bor_self.current = self + predicate postcondition_mut'0 (self : closure0'1) (args : (uint32, Snapshot.snap_ty (Seq.seq uint32))) (result_state : closure0'1) (result : uint32) = - (let (x, _prod) = args in UIntSize.to_int (result_state.field_0'0).current - = UIntSize.to_int (self.field_0'0).current + 1 - /\ UIntSize.to_int (result_state.field_0'0).current = Seq.length (Snapshot.inner _prod) + 1 /\ result = x) + (let (x, _prod) = args in exists __bor_self : borrowed closure0'1 . closure0'0'post'return' __bor_self x _prod result + /\ __bor_self.current = self /\ __bor_self.final = result_state) /\ unnest'0 self result_state function fn_mut_once'0 (self : closure0'1) (args : (uint32, Snapshot.snap_ty (Seq.seq uint32))) (res : uint32) : () - axiom fn_mut_once'0_spec : forall self : closure0'1, args : (uint32, Snapshot.snap_ty (Seq.seq uint32)), res : uint32 . [%#sops40] postcondition_once'0 self args res + axiom fn_mut_once'0_spec : forall self : closure0'1, args : (uint32, Snapshot.snap_ty (Seq.seq uint32)), res : uint32 . [%#sops39] postcondition_once'0 self args res = (exists res_state : closure0'1 . postcondition_mut'0 self args res_state res /\ resolve'4 res_state) function unnest_trans'0 (self : closure0'1) (b : closure0'1) (c : closure0'1) : () - axiom unnest_trans'0_spec : forall self : closure0'1, b : closure0'1, c : closure0'1 . ([%#sops37] unnest'0 self b) - -> ([%#sops38] unnest'0 b c) -> ([%#sops39] unnest'0 self c) + axiom unnest_trans'0_spec : forall self : closure0'1, b : closure0'1, c : closure0'1 . ([%#sops36] unnest'0 self b) + -> ([%#sops37] unnest'0 b c) -> ([%#sops38] unnest'0 self c) function unnest_refl'0 (self : closure0'1) : () - axiom unnest_refl'0_spec : forall self : closure0'1 . [%#sops36] unnest'0 self self + axiom unnest_refl'0_spec : forall self : closure0'1 . [%#sops35] unnest'0 self self function postcondition_mut_unnest'0 (self : closure0'1) (args : (uint32, Snapshot.snap_ty (Seq.seq uint32))) (res_state : closure0'1) (res : uint32) : () - axiom postcondition_mut_unnest'0_spec : forall self : closure0'1, args : (uint32, Snapshot.snap_ty (Seq.seq uint32)), res_state : closure0'1, res : uint32 . ([%#sops34] postcondition_mut'0 self args res_state res) - -> ([%#sops35] unnest'0 self res_state) - - let rec closure0'0 (_1:borrowed closure0'1) (x:uint32) (_prod:Snapshot.snap_ty (Seq.seq uint32)) (return' (ret:uint32))= {[@expl:closure requires] [%#s03_std_iterators7] UIntSize.to_int ((_1.current).field_0'0).current - = Seq.length (Snapshot.inner _prod) - /\ ((_1.current).field_0'0).current < (v_MAX'0 : usize)} - (! bb0 - [ bb0 = s0 - [ s0 = UIntSize.add {((_1.current).field_0'0).current} {[%#s03_std_iterators6] (1 : usize)} - (fun (_ret':usize) -> - [ &_1 <- { _1 with current = { field_0'0 = { (_1.current).field_0'0 with current = _ret' } } } ] - s1) - | s1 = -{resolve'0 _1}- s2 - | s2 = [ &res1 <- x ] s3 - | s3 = [ &res <- res1 ] s4 - | s4 = [ &_0 <- res ] s5 - | s5 = return' {_0} ] - ] - ) - [ & _0 : uint32 = any_l () - | & _1 : borrowed closure0'1 = _1 - | & x : uint32 = x - | & res : uint32 = any_l () - | & res1 : uint32 = any_l () ] - - [ return' (result:uint32)-> {[@expl:closure ensures] [%#s03_std_iterators8] UIntSize.to_int ((_1.final).field_0'0).current - = UIntSize.to_int ((_1.current).field_0'0).current + 1 - /\ UIntSize.to_int ((_1.final).field_0'0).current = Seq.length (Snapshot.inner _prod) + 1 /\ result = x} - {[@expl:closure unnest] unnest'0 _1.current _1.final} - (! return' {result}) ] - + axiom postcondition_mut_unnest'0_spec : forall self : closure0'1, args : (uint32, Snapshot.snap_ty (Seq.seq uint32)), res_state : closure0'1, res : uint32 . ([%#sops33] postcondition_mut'0 self args res_state res) + -> ([%#sops34] unnest'0 self res_state) use seq.Seq @@ -1488,43 +1476,43 @@ module M_03_std_iterators__counter [#"03_std_iterators.rs" 41 0 41 27] use seq.Seq function index_logic'0 [@inline:trivial] (self : slice uint32) (ix : int) : uint32 = - [%#sindex50] Seq.get (view'4 self) ix + [%#sindex49] Seq.get (view'4 self) ix function to_ref_seq'0 (self : slice uint32) : Seq.seq uint32 - axiom to_ref_seq'0_spec : forall self : slice uint32 . ([%#sslice41] Seq.length (to_ref_seq'0 self) + axiom to_ref_seq'0_spec : forall self : slice uint32 . ([%#sslice40] Seq.length (to_ref_seq'0 self) = Seq.length (view'1 self)) - && ([%#sslice42] forall i : int . 0 <= i /\ i < Seq.length (to_ref_seq'0 self) + && ([%#sslice41] forall i : int . 0 <= i /\ i < Seq.length (to_ref_seq'0 self) -> Seq.get (to_ref_seq'0 self) i = index_logic'0 self i) predicate produces'0 (self : t_Iter'0) (visited : Seq.seq uint32) (tl : t_Iter'0) = - [%#sslice25] to_ref_seq'0 (view'3 self) = Seq.(++) visited (to_ref_seq'0 (view'3 tl)) + [%#sslice24] to_ref_seq'0 (view'3 self) = Seq.(++) visited (to_ref_seq'0 (view'3 tl)) function produces_trans'1 (a : t_Iter'0) (ab : Seq.seq uint32) (b : t_Iter'0) (bc : Seq.seq uint32) (c : t_Iter'0) : () = - [%#sslice24] () + [%#sslice23] () - axiom produces_trans'1_spec : forall a : t_Iter'0, ab : Seq.seq uint32, b : t_Iter'0, bc : Seq.seq uint32, c : t_Iter'0 . ([%#sslice21] produces'0 a ab b) - -> ([%#sslice22] produces'0 b bc c) -> ([%#sslice23] produces'0 a (Seq.(++) ab bc) c) + axiom produces_trans'1_spec : forall a : t_Iter'0, ab : Seq.seq uint32, b : t_Iter'0, bc : Seq.seq uint32, c : t_Iter'0 . ([%#sslice20] produces'0 a ab b) + -> ([%#sslice21] produces'0 b bc c) -> ([%#sslice22] produces'0 a (Seq.(++) ab bc) c) function produces_refl'1 (self : t_Iter'0) : () = - [%#sslice20] () + [%#sslice19] () - axiom produces_refl'1_spec : forall self : t_Iter'0 . [%#sslice19] produces'0 self (Seq.empty : Seq.seq uint32) self + axiom produces_refl'1_spec : forall self : t_Iter'0 . [%#sslice18] produces'0 self (Seq.empty : Seq.seq uint32) self function produces_trans'0 (a : t_Iter'0) (ab : Seq.seq uint32) (b : t_Iter'0) (bc : Seq.seq uint32) (c : t_Iter'0) : () = - [%#sslice24] () + [%#sslice23] () - axiom produces_trans'0_spec : forall a : t_Iter'0, ab : Seq.seq uint32, b : t_Iter'0, bc : Seq.seq uint32, c : t_Iter'0 . ([%#sslice21] produces'0 a ab b) - -> ([%#sslice22] produces'0 b bc c) -> ([%#sslice23] produces'0 a (Seq.(++) ab bc) c) + axiom produces_trans'0_spec : forall a : t_Iter'0, ab : Seq.seq uint32, b : t_Iter'0, bc : Seq.seq uint32, c : t_Iter'0 . ([%#sslice20] produces'0 a ab b) + -> ([%#sslice21] produces'0 b bc c) -> ([%#sslice22] produces'0 a (Seq.(++) ab bc) c) function produces_refl'0 (self : t_Iter'0) : () = - [%#sslice20] () + [%#sslice19] () - axiom produces_refl'0_spec : forall self : t_Iter'0 . [%#sslice19] produces'0 self (Seq.empty : Seq.seq uint32) self + axiom produces_refl'0_spec : forall self : t_Iter'0 . [%#sslice18] produces'0 self (Seq.empty : Seq.seq uint32) self predicate inv'2 (_1 : t_Iter'0) @@ -1539,36 +1527,35 @@ module M_03_std_iterators__counter [#"03_std_iterators.rs" 41 0 41 27] use prelude.prelude.Snapshot predicate precondition'0 (self : closure0'1) (args : (uint32, Snapshot.snap_ty (Seq.seq uint32))) = - [%#s03_std_iterators7] let (x, _prod) = args in UIntSize.to_int (self.field_0'0).current - = Seq.length (Snapshot.inner _prod) - /\ (self.field_0'0).current < (v_MAX'0 : usize) + let (x, _prod) = args in forall __bor_self : borrowed closure0'1 . __bor_self.current = self + -> closure0'0'pre __bor_self x _prod predicate resolve'5 (self : borrowed (t_Iter'0)) = - [%#sresolve33] self.final = self.current + [%#sresolve32] self.final = self.current function view'5 (self : borrowed (t_Iter'0)) : slice uint32 = - [%#smodel51] view'3 self.current + [%#smodel50] view'3 self.current use seq.Seq predicate completed'1 (self : borrowed (t_Iter'0)) = - [%#sslice43] resolve'5 self /\ view'4 (view'5 self) = (Seq.empty : Seq.seq uint32) + [%#sslice42] resolve'5 self /\ view'4 (view'5 self) = (Seq.empty : Seq.seq uint32) predicate next_precondition'0 (iter : t_Iter'0) (func : closure0'1) (produced : Seq.seq uint32) = - [%#smap_inv44] forall e : uint32, i : t_Iter'0 . produces'0 iter (Seq.singleton e) i + [%#smap_inv43] forall e : uint32, i : t_Iter'0 . produces'0 iter (Seq.singleton e) i -> precondition'0 func (e, Snapshot.new produced) use seq.Seq predicate preservation'0 (iter : t_Iter'0) (func : closure0'1) = - [%#smap_inv27] forall s : Seq.seq uint32, e1 : uint32, e2 : uint32, f : borrowed closure0'1, b : uint32, i : t_Iter'0 . unnest'0 func f.current + [%#smap_inv26] forall s : Seq.seq uint32, e1 : uint32, e2 : uint32, f : borrowed closure0'1, b : uint32, i : t_Iter'0 . unnest'0 func f.current -> produces'0 iter (Seq.snoc (Seq.snoc s e1) e2) i -> precondition'0 f.current (e1, Snapshot.new s) -> postcondition_mut'0 f.current (e1, Snapshot.new s) f.final b -> precondition'0 f.final (e2, Snapshot.new (Seq.snoc s e1)) predicate reinitialize'0 (_1 : ()) = - [%#smap_inv26] forall iter : borrowed (t_Iter'0), func : closure0'1 . completed'1 iter + [%#smap_inv25] forall iter : borrowed (t_Iter'0), func : closure0'1 . completed'1 iter -> next_precondition'0 iter.final func (Seq.empty : Seq.seq uint32) /\ preservation'0 iter.final func type t_MapInv'0 = @@ -1586,15 +1573,15 @@ module M_03_std_iterators__counter [#"03_std_iterators.rs" 41 0 41 27] | {t_MapInv__iter'0 = iter ; t_MapInv__func'0 = func ; t_MapInv__produced'0 = produced} -> true end) - let rec map_inv'0 (self:t_Iter'0) (func:closure0'1) (return' (ret:t_MapInv'0))= {[@expl:map_inv 'self' type invariant] [%#siter9] inv'2 self} - {[@expl:map_inv 'func' type invariant] [%#siter10] inv'3 func} - {[@expl:map_inv requires #0] [%#siter11] forall e : uint32, i2 : t_Iter'0 . produces'0 self (Seq.singleton e) i2 + let rec map_inv'0 (self:t_Iter'0) (func:closure0'1) (return' (ret:t_MapInv'0))= {[@expl:map_inv 'self' type invariant] [%#siter8] inv'2 self} + {[@expl:map_inv 'func' type invariant] [%#siter9] inv'3 func} + {[@expl:map_inv requires #0] [%#siter10] forall e : uint32, i2 : t_Iter'0 . produces'0 self (Seq.singleton e) i2 -> precondition'0 func (e, Snapshot.new (Seq.empty : Seq.seq uint32))} - {[@expl:map_inv requires #1] [%#siter12] reinitialize'0 ()} - {[@expl:map_inv requires #2] [%#siter13] preservation'0 self func} + {[@expl:map_inv requires #1] [%#siter11] reinitialize'0 ()} + {[@expl:map_inv requires #2] [%#siter12] preservation'0 self func} any - [ return' (result:t_MapInv'0)-> {[%#siter14] inv'4 result} - {[%#siter15] result + [ return' (result:t_MapInv'0)-> {[%#siter13] inv'4 result} + {[%#siter14] result = { t_MapInv__iter'0 = self; t_MapInv__func'0 = func; t_MapInv__produced'0 = Snapshot.new (Seq.empty : Seq.seq uint32) }} @@ -1609,7 +1596,7 @@ module M_03_std_iterators__counter [#"03_std_iterators.rs" 41 0 41 27] true predicate resolve'3 (self : t_MapInv'0) = - [%#smap_inv45] resolve'6 self.t_MapInv__iter'0 /\ resolve'4 self.t_MapInv__func'0 + [%#smap_inv44] resolve'6 self.t_MapInv__iter'0 /\ resolve'4 self.t_MapInv__func'0 predicate resolve'1 (_1 : t_MapInv'0) = resolve'3 _1 @@ -1627,7 +1614,7 @@ module M_03_std_iterators__counter [#"03_std_iterators.rs" 41 0 41 27] use seq.Seq predicate produces'1 [@inline:trivial] (self : t_MapInv'0) (visited : Seq.seq uint32) (succ : t_MapInv'0) = - [%#smap_inv29] unnest'0 self.t_MapInv__func'0 succ.t_MapInv__func'0 + [%#smap_inv28] unnest'0 self.t_MapInv__func'0 succ.t_MapInv__func'0 /\ (exists fs : Seq.seq (borrowed closure0'1) . Seq.length fs = Seq.length visited /\ (exists s : Seq.seq uint32 . Seq.length s = Seq.length visited /\ produces'0 self.t_MapInv__iter'0 s succ.t_MapInv__iter'0 @@ -1647,25 +1634,25 @@ module M_03_std_iterators__counter [#"03_std_iterators.rs" 41 0 41 27] function produces_trans'2 (a : t_MapInv'0) (ab : Seq.seq uint32) (b : t_MapInv'0) (bc : Seq.seq uint32) (c : t_MapInv'0) : () - axiom produces_trans'2_spec : forall a : t_MapInv'0, ab : Seq.seq uint32, b : t_MapInv'0, bc : Seq.seq uint32, c : t_MapInv'0 . ([%#smap_inv47] produces'1 a ab b) - -> ([%#smap_inv48] produces'1 b bc c) -> ([%#smap_inv49] produces'1 a (Seq.(++) ab bc) c) + axiom produces_trans'2_spec : forall a : t_MapInv'0, ab : Seq.seq uint32, b : t_MapInv'0, bc : Seq.seq uint32, c : t_MapInv'0 . ([%#smap_inv46] produces'1 a ab b) + -> ([%#smap_inv47] produces'1 b bc c) -> ([%#smap_inv48] produces'1 a (Seq.(++) ab bc) c) function produces_refl'2 (self : t_MapInv'0) : () - axiom produces_refl'2_spec : forall self : t_MapInv'0 . [%#smap_inv46] produces'1 self (Seq.empty : Seq.seq uint32) self + axiom produces_refl'2_spec : forall self : t_MapInv'0 . [%#smap_inv45] produces'1 self (Seq.empty : Seq.seq uint32) self predicate completed'0 (self : borrowed (t_MapInv'0)) = - [%#smap_inv28] Snapshot.inner (self.final).t_MapInv__produced'0 = (Seq.empty : Seq.seq uint32) + [%#smap_inv27] Snapshot.inner (self.final).t_MapInv__produced'0 = (Seq.empty : Seq.seq uint32) /\ completed'1 (Borrow.borrow_logic (self.current).t_MapInv__iter'0 (self.final).t_MapInv__iter'0 (Borrow.inherit_id (Borrow.get_id self) 1)) /\ (self.current).t_MapInv__func'0 = (self.final).t_MapInv__func'0 predicate from_iter_post'0 (prod : Seq.seq uint32) (res : t_Vec'0) = - [%#svec30] prod = view'0 res + [%#svec29] prod = view'0 res let rec collect'0 (self:t_MapInv'0) (return' (ret:t_Vec'0))= {[@expl:collect 'self' type invariant] inv'4 self} any [ return' (result:t_Vec'0)-> {inv'5 result} - {[%#siter16] exists done' : borrowed (t_MapInv'0), prod : Seq.seq uint32 . resolve'1 done'.final + {[%#siter15] exists done' : borrowed (t_MapInv'0), prod : Seq.seq uint32 . resolve'1 done'.final /\ completed'0 done' /\ produces'1 self prod done'.current /\ from_iter_post'0 prod result} (! return' {result}) ] @@ -1674,7 +1661,7 @@ module M_03_std_iterators__counter [#"03_std_iterators.rs" 41 0 41 27] meta "compute_max_steps" 1000000 - let rec counter'0 (v:t_Vec'0) (return' (ret:()))= (! bb0 + let rec counter'0[#"03_std_iterators.rs" 41 0 41 27] (v:t_Vec'0) (return' (ret:()))= (! bb0 [ bb0 = s0 [ s0 = [ &cnt <- [%#s03_std_iterators0] (0 : usize) ] s1 | s1 = deref'0 {v} (fun (_ret':slice uint32) -> [ &_7 <- _ret' ] s2) @@ -1711,17 +1698,17 @@ module M_03_std_iterators__counter [#"03_std_iterators.rs" 41 0 41 27] | & _10 : borrowed usize = any_l () ] [ return' (result:())-> (! return' {result}) ] end -module M_03_std_iterators__sum_range [#"03_std_iterators.rs" 63 0 63 35] - let%span s03_std_iterators0 = "03_std_iterators.rs" 64 16 64 17 - let%span s03_std_iterators1 = "03_std_iterators.rs" 66 13 66 14 - let%span s03_std_iterators2 = "03_std_iterators.rs" 66 4 66 7 - let%span s03_std_iterators3 = "03_std_iterators.rs" 66 4 66 7 - let%span s03_std_iterators4 = "03_std_iterators.rs" 65 16 65 46 - let%span s03_std_iterators5 = "03_std_iterators.rs" 66 4 66 7 - let%span s03_std_iterators6 = "03_std_iterators.rs" 66 4 66 7 - let%span s03_std_iterators7 = "03_std_iterators.rs" 67 13 67 14 - let%span s03_std_iterators8 = "03_std_iterators.rs" 61 11 61 18 - let%span s03_std_iterators9 = "03_std_iterators.rs" 62 10 62 21 +module M_03_std_iterators__sum_range [#"03_std_iterators.rs" 60 0 60 35] + let%span s03_std_iterators0 = "03_std_iterators.rs" 61 16 61 17 + let%span s03_std_iterators1 = "03_std_iterators.rs" 63 13 63 14 + let%span s03_std_iterators2 = "03_std_iterators.rs" 63 4 63 7 + let%span s03_std_iterators3 = "03_std_iterators.rs" 63 4 63 7 + let%span s03_std_iterators4 = "03_std_iterators.rs" 62 16 62 46 + let%span s03_std_iterators5 = "03_std_iterators.rs" 63 4 63 7 + let%span s03_std_iterators6 = "03_std_iterators.rs" 63 4 63 7 + let%span s03_std_iterators7 = "03_std_iterators.rs" 64 13 64 14 + let%span s03_std_iterators8 = "03_std_iterators.rs" 58 11 58 18 + let%span s03_std_iterators9 = "03_std_iterators.rs" 59 10 59 21 let%span siter10 = "../../../../creusot-contracts/src/std/iter.rs" 97 0 205 1 let%span srange11 = "../../../../creusot-contracts/src/std/iter/range.rs" 22 12 26 70 let%span siter12 = "../../../../creusot-contracts/src/std/iter.rs" 103 26 106 17 @@ -1852,7 +1839,7 @@ module M_03_std_iterators__sum_range [#"03_std_iterators.rs" 63 0 63 35] meta "compute_max_steps" 1000000 - let rec sum_range'0 (n:isize) (return' (ret:isize))= {[@expl:sum_range requires] [%#s03_std_iterators8] IntSize.to_int n + let rec sum_range'0[#"03_std_iterators.rs" 60 0 60 35] (n:isize) (return' (ret:isize))= {[@expl:sum_range requires] [%#s03_std_iterators8] IntSize.to_int n >= 0} (! bb0 [ bb0 = s0 @@ -1920,14 +1907,14 @@ module M_03_std_iterators__sum_range [#"03_std_iterators.rs" 63 0 63 35] | & _24 : Snapshot.snap_ty (Seq.seq isize) = any_l () ] [ return' (result:isize)-> {[@expl:sum_range ensures] [%#s03_std_iterators9] result = n} (! return' {result}) ] end -module M_03_std_iterators__enumerate_range [#"03_std_iterators.rs" 72 0 72 24] - let%span s03_std_iterators0 = "03_std_iterators.rs" 74 20 74 21 - let%span s03_std_iterators1 = "03_std_iterators.rs" 74 23 74 25 - let%span s03_std_iterators2 = "03_std_iterators.rs" 74 4 74 7 - let%span s03_std_iterators3 = "03_std_iterators.rs" 74 4 74 7 - let%span s03_std_iterators4 = "03_std_iterators.rs" 73 16 73 93 - let%span s03_std_iterators5 = "03_std_iterators.rs" 74 4 74 7 - let%span s03_std_iterators6 = "03_std_iterators.rs" 74 4 74 7 +module M_03_std_iterators__enumerate_range [#"03_std_iterators.rs" 69 0 69 24] + let%span s03_std_iterators0 = "03_std_iterators.rs" 71 20 71 21 + let%span s03_std_iterators1 = "03_std_iterators.rs" 71 23 71 25 + let%span s03_std_iterators2 = "03_std_iterators.rs" 71 4 71 7 + let%span s03_std_iterators3 = "03_std_iterators.rs" 71 4 71 7 + let%span s03_std_iterators4 = "03_std_iterators.rs" 70 16 70 93 + let%span s03_std_iterators5 = "03_std_iterators.rs" 71 4 71 7 + let%span s03_std_iterators6 = "03_std_iterators.rs" 71 4 71 7 let%span siter7 = "../../../../creusot-contracts/src/std/iter.rs" 150 27 150 99 let%span siter8 = "../../../../creusot-contracts/src/std/iter.rs" 151 27 151 115 let%span siter9 = "../../../../creusot-contracts/src/std/iter.rs" 97 0 205 1 @@ -2148,7 +2135,7 @@ module M_03_std_iterators__enumerate_range [#"03_std_iterators.rs" 72 0 72 24] meta "compute_max_steps" 1000000 - let rec enumerate_range'0 (_1:()) (return' (ret:()))= (! bb0 + let rec enumerate_range'0[#"03_std_iterators.rs" 69 0 69 24] (_1:()) (return' (ret:()))= (! bb0 [ bb0 = s0 [ s0 = [ &_3 <- { t_Range__start'0 = ([%#s03_std_iterators0] (0 : usize)); @@ -2229,35 +2216,35 @@ module M_03_std_iterators__enumerate_range [#"03_std_iterators.rs" 72 0 72 24] | & x : usize = any_l () ] [ return' (result:())-> (! return' {result}) ] end -module M_03_std_iterators__my_reverse [#"03_std_iterators.rs" 94 0 94 37] - let%span s03_std_iterators0 = "03_std_iterators.rs" 96 34 96 54 - let%span s03_std_iterators1 = "03_std_iterators.rs" 101 26 101 27 - let%span s03_std_iterators2 = "03_std_iterators.rs" 101 22 101 27 - let%span s03_std_iterators3 = "03_std_iterators.rs" 101 19 101 20 - let%span s03_std_iterators4 = "03_std_iterators.rs" 101 40 101 41 - let%span s03_std_iterators5 = "03_std_iterators.rs" 101 36 101 41 - let%span s03_std_iterators6 = "03_std_iterators.rs" 101 33 101 34 - let%span s03_std_iterators7 = "03_std_iterators.rs" 101 4 101 7 - let%span s03_std_iterators8 = "03_std_iterators.rs" 101 4 101 7 - let%span s03_std_iterators9 = "03_std_iterators.rs" 100 16 100 80 - let%span s03_std_iterators10 = "03_std_iterators.rs" 99 16 99 76 - let%span s03_std_iterators11 = "03_std_iterators.rs" 98 16 98 78 - let%span s03_std_iterators12 = "03_std_iterators.rs" 97 16 97 34 - let%span s03_std_iterators13 = "03_std_iterators.rs" 101 4 101 7 - let%span s03_std_iterators14 = "03_std_iterators.rs" 101 4 101 7 - let%span s03_std_iterators15 = "03_std_iterators.rs" 102 30 102 31 - let%span s03_std_iterators16 = "03_std_iterators.rs" 103 22 103 28 - let%span s03_std_iterators17 = "03_std_iterators.rs" 104 22 104 54 - let%span s03_std_iterators18 = "03_std_iterators.rs" 105 22 105 54 - let%span s03_std_iterators19 = "03_std_iterators.rs" 94 21 94 26 - let%span s03_std_iterators20 = "03_std_iterators.rs" 93 10 93 44 +module M_03_std_iterators__my_reverse [#"03_std_iterators.rs" 91 0 91 37] + let%span s03_std_iterators0 = "03_std_iterators.rs" 93 34 93 54 + let%span s03_std_iterators1 = "03_std_iterators.rs" 98 26 98 27 + let%span s03_std_iterators2 = "03_std_iterators.rs" 98 22 98 27 + let%span s03_std_iterators3 = "03_std_iterators.rs" 98 19 98 20 + let%span s03_std_iterators4 = "03_std_iterators.rs" 98 40 98 41 + let%span s03_std_iterators5 = "03_std_iterators.rs" 98 36 98 41 + let%span s03_std_iterators6 = "03_std_iterators.rs" 98 33 98 34 + let%span s03_std_iterators7 = "03_std_iterators.rs" 98 4 98 7 + let%span s03_std_iterators8 = "03_std_iterators.rs" 98 4 98 7 + let%span s03_std_iterators9 = "03_std_iterators.rs" 97 16 97 80 + let%span s03_std_iterators10 = "03_std_iterators.rs" 96 16 96 76 + let%span s03_std_iterators11 = "03_std_iterators.rs" 95 16 95 78 + let%span s03_std_iterators12 = "03_std_iterators.rs" 94 16 94 34 + let%span s03_std_iterators13 = "03_std_iterators.rs" 98 4 98 7 + let%span s03_std_iterators14 = "03_std_iterators.rs" 98 4 98 7 + let%span s03_std_iterators15 = "03_std_iterators.rs" 99 30 99 31 + let%span s03_std_iterators16 = "03_std_iterators.rs" 100 22 100 28 + let%span s03_std_iterators17 = "03_std_iterators.rs" 101 22 101 54 + let%span s03_std_iterators18 = "03_std_iterators.rs" 102 22 102 54 + let%span s03_std_iterators19 = "03_std_iterators.rs" 91 21 91 26 + let%span s03_std_iterators20 = "03_std_iterators.rs" 90 10 90 44 let%span sslice21 = "../../../../creusot-contracts/src/std/slice.rs" 245 0 354 1 let%span smodel22 = "../../../../creusot-contracts/src/model.rs" 110 8 110 22 let%span siter23 = "../../../../creusot-contracts/src/std/iter.rs" 159 27 159 48 let%span siter24 = "../../../../creusot-contracts/src/std/iter.rs" 97 0 205 1 let%span siter25 = "../../../../creusot-contracts/src/std/iter.rs" 161 26 161 62 - let%span s03_std_iterators26 = "03_std_iterators.rs" 89 8 89 60 - let%span s03_std_iterators27 = "03_std_iterators.rs" 82 8 82 58 + let%span s03_std_iterators26 = "03_std_iterators.rs" 86 8 86 60 + let%span s03_std_iterators27 = "03_std_iterators.rs" 79 8 79 58 let%span szip28 = "../../../../creusot-contracts/src/std/iter/zip.rs" 46 12 49 95 let%span siter29 = "../../../../creusot-contracts/src/std/iter.rs" 103 26 106 17 let%span sslice30 = "../../../../creusot-contracts/src/std/slice.rs" 257 19 257 35 @@ -2427,12 +2414,12 @@ module M_03_std_iterators__my_reverse [#"03_std_iterators.rs" 94 0 94 37] use seq.Seq - predicate equiv_reverse_range'0 [#"03_std_iterators.rs" 87 0 87 81] (s1 : Seq.seq t_T'0) (s2 : Seq.seq t_T'0) (l : int) (u : int) (n : int) + predicate equiv_reverse_range'0 [#"03_std_iterators.rs" 84 0 84 81] (s1 : Seq.seq t_T'0) (s2 : Seq.seq t_T'0) (l : int) (u : int) (n : int) = [%#s03_std_iterators26] forall i : int . l <= i /\ i < u -> Seq.get s1 i = Seq.get s2 (n - i) - predicate equiv_range'0 [#"03_std_iterators.rs" 80 0 80 65] (s1 : Seq.seq t_T'0) (s2 : Seq.seq t_T'0) (l : int) (u : int) + predicate equiv_range'0 [#"03_std_iterators.rs" 77 0 77 65] (s1 : Seq.seq t_T'0) (s2 : Seq.seq t_T'0) (l : int) (u : int) = [%#s03_std_iterators27] forall i : int . l <= i /\ i < u -> Seq.get s1 i = Seq.get s2 i @@ -2604,7 +2591,7 @@ module M_03_std_iterators__my_reverse [#"03_std_iterators.rs" 94 0 94 37] meta "compute_max_steps" 1000000 - let rec my_reverse'0 (slice:borrowed (slice t_T'0)) (return' (ret:()))= {[@expl:my_reverse 'slice' type invariant] [%#s03_std_iterators19] inv'3 slice} + let rec my_reverse'0[#"03_std_iterators.rs" 91 0 91 37] (slice:borrowed (slice t_T'0)) (return' (ret:()))= {[@expl:my_reverse 'slice' type invariant] [%#s03_std_iterators19] inv'3 slice} (! bb0 [ bb0 = s0 [ s0 = len'0 {slice.current} (fun (_ret':usize) -> [ &n <- _ret' ] s1) | s1 = bb1 ] | bb1 = s0 [ s0 = [ &old_v <- [%#s03_std_iterators0] Snapshot.new (view'0 slice) ] s1 | s1 = bb2 ] diff --git a/creusot/tests/should_succeed/iterators/03_std_iterators.rs b/creusot/tests/should_succeed/iterators/03_std_iterators.rs index 4b8892881..2645742d8 100644 --- a/creusot/tests/should_succeed/iterators/03_std_iterators.rs +++ b/creusot/tests/should_succeed/iterators/03_std_iterators.rs @@ -39,18 +39,15 @@ pub fn skip_take(iter: I, n: usize) { } pub fn counter(v: Vec) { - let mut cnt = 0; + let mut cnt: usize = 0; let x: Vec = v .iter() - .map_inv( - #[requires(cnt@ == (*_prod).len() && cnt < usize::MAX)] - #[ensures(cnt@ == old(cnt)@ + 1 && cnt@ == (*_prod).len() + 1 && result == *x)] - |x, _prod| { - cnt += 1; - *x - }, - ) + .map_inv(|x, _prod| { + proof_assert!(cnt@ == _prod.len()); + cnt += 1; + *x + }) .collect(); proof_assert! { x@.len() == v@.len() }; diff --git a/creusot/tests/should_succeed/iterators/03_std_iterators/why3session.xml b/creusot/tests/should_succeed/iterators/03_std_iterators/why3session.xml index bdca7a90e..1263a909a 100644 --- a/creusot/tests/should_succeed/iterators/03_std_iterators/why3session.xml +++ b/creusot/tests/should_succeed/iterators/03_std_iterators/why3session.xml @@ -29,43 +29,40 @@ - - - - + - + - + - + - + - + - + - + - + - + diff --git a/creusot/tests/should_succeed/iterators/03_std_iterators/why3shapes.gz b/creusot/tests/should_succeed/iterators/03_std_iterators/why3shapes.gz index 3ecf27ac9653667043d29a7928190d0a1c167c3e..b3b72740e7dcde61833c3eab55278468669a09ad 100644 GIT binary patch literal 6610 zcmV;@87<}?iwFP!00000|Lt2{ZyYz4eeYi(U?04@g8_K?%|*O`VWd$4cJi<@XzZK8 zB3X$rvgAmzlgzK*!>S^?s=B(>vK7a10;p|v6+bR7FV8*qlKt=hd2#=Pf0ynrKBT+* ztJ|CZy3iN@`5znq(to&0KfT~P=C9(8z4G6@^w;U;`-dO)FCK2+T-`kQ4{!eV>i=G_ z?Z#i-eDHTy{^sF@-qDZw>kGG|Z7EDEs2v|F*d5=N!nA_iiJ^ktiESxNE6`3375GkW zOJVacJYzexErmRp@6$sT_bzpB?$eKWs&@wOWBU2c_3igpVR&-szro{in)B*e0fFtz z_LYCRUSp;ne1|^X-QC9bA>HGv^?&)x4mzM6@yqE8Vk-}AuFB>;knrj4yN6#;n5kOq zXjFtkX1^x z1ihN5WM6&9>5R5Ju3n8sQA+1DyPQe-mr~|@ECt%;&fc`Q?{DJ$YK6<0E-32)kMQ6A zDR-8Sc*%3m+o(`Kjc+uZ}0AIe@gMi+kfu3!Q^&aU%vL?_U$`N0?!v! z1Zw3i@#ZQXyvS|$>pihQE~Z-PyVx56x0mD6V`|&&<=RY&axYIWA!=Z(%d${oY5#Jf zroavjr{5#zSjn)NI8~FNLzC$1WC8Mc59#jByW9J`Q+TdkMI6?@R=Mk!lhuCNWkFNQ z4asd^jc}D0^_zo*4#XI{tW~y~UWzw8PH)b_;c+;%QyIL~0eI&ZD~&!kNQw-S6|f6- zu?2RCie0K=ms(&Kuh=CkcIDCn-%Q0fQ}NBL;hUS{o2~d}E56x3@$Gr>t=}bo;@g*m zZzoWV_v^KUF3x7q#aZ3mK&e8}Sa~K2GZdK_zATWyGi31t$jUDcAZt+vrnd%bvu=EM zb>pvxFLEarFT?x0yOf)cucxs1_Wi>I76-E$aB+r_ymWGao_rX4eEvhayXp;eu+ueU zos4({Stm6XUSW@{RFO58%F_i8oTC|cu>S4z``#u;1P%9XP8}s zU_P{6hhV;dU_FIkb2-{8)I5dYHH*wpFXX6Ixj<-9lq$E6Vl{-|6|4CItHt(=eKFv$ zP@^#FD5MWEsk1Ep3E;l&MnQ2#Q?S_-Hm?ic^bc?T;s1&1xz=vS3RtrO)@(CW_1Q0E zyDy$m42XP#XL5nVul#?HF9I<6_1HjTtiS*B>RlO2t;Ozr)nP2!*|HS2j72-QJ{Det zc}^n7+7*X!ne~G zlot!#XQ#}2!Z3NoY2_ig(Sy%=0qq;jM$R(}*p0b+>}m_BpCuwP+d6!x`pRbB3s7-1 z^}+29=20M%%Kpe?0&c74iLdt6iqk~J;)G{abC)}@Mh^kRb~JvJCicD)x@-?|iY^L; z_d8)$Aqo3+0!a=vCzc^bd&~omL7iOf`m)Ngts<$6VA)QEs`Oh_jZoiK)`n_qDEf!P zW)gCxVSWsEQ8%Tm(Pnv=OOv>ZmCeQ`jG@|jWoGgiGm~q~toomw0i1zUhTEHX^>B52 zGp?xIsh!#BZ+~38y}b!(e4R6B?}27LBemG5m;0}7{?+c>v@-Qub@~9CEA#RdL1?xc zSAyVv_b$B4xTC+xZ`R`6>bL25EWF~k7YV;UXPEag^{!{S1KG+$vctw-Z0?dah&Lac+_ijs(!~VG|S9@Z!aN zy6#?FJpA%5T~v`bqYsAlzrTK{TcB@!AN?Ry)%?)Y@`*1yA^`*2DS z#532o_wVl#dqL3f3YX2EzjoBUzX^vOO}I!Ar~;x-{)*=+sqU%_<&O{Q|M4DB4E64b zN|oa-{rLV0LtXqE`-HA{QcOwEsac@vPRbs%u5K`rzrOlc_5yuJY(=i#_ow@G_rZ^H zl|G-M?|py6xd&XwY(qSy(}^0x?e%pE52x%xja_5h?(X*OEb^DKyqwTbdJf5Q*Tu_A z_^XLK?!WJ2je#;q@$E8tFN$6ykFcTqJ(eRc2AaHFR^Hc|ll8Tp_jPu1d88x3GivYn zR!ia_Hp_1p4?xilw5^6tk12X5)hQiA!ksh|4XZtml5U}4x1wS9?d6D{a?f8rMS{y` z=;PI5bDh=v)%xar^#lMJu&Y4*sWXs38#X6HybI7O+pm-~#DR2hB>g_Ux0 zT!1Yz=5u7p6YlF~n_4i2-lJ#oG!t1IJOOvuE!yhQhNg+5nk6@T*KUhvw|mF#ieGoj zL=x+h=9BL|eOxAxLFQI-!z-y8n&z(gv2;1Drg;`^!T5?I=~TLW(QKakt=VvTEL~1V z(&br@AzeN_R_#xTUiR#i)pw^e<79?l^F*kVneJ+4Jio|oS7RWWrpI{S#q@Zjgc?*Z zggOloEcpkW51B9_-9dO`a@4`ww-JF)hVhR|=(OA(o73H0f4 z;Y4Dphl9Kx4(8G%$?j^N$(5VQrgq#z$SU2F>*T8S=|H2neKd(j6?0) z6>;XW(B^PMjzUZ-tZd{>cYAjvaN5@_%z4pv-*wI!4Enq}f<92z>%3?qQTgdu%GqDN z&N<_u+E2UV)i&3+x9<*v*kRal7O^NPtL3b@m4;)BmlI(QWG;0vt=HM99+7!cE$3eN z0-ww4G4;Y(4ccMZlOmN+dg6?FDf^czo~ph?K(o0?Kc5V)YW%dBx?%dL!PdO-@P6u# zhn}iO-bXTrv+Qe*6IlwsN-Ab8uq#VQRYog;{Lc)3eX_8=>8{dse8cAAtP!lesq7OA zW8<@T(HVUWR#!`c()u&ZJ{HfB9f-Jga`4q4^wAuLZG^L70puS11n zUT&z+Tai0<2JD{W4ES|UH$LW&cap!(5&dHx8TGQrawQC&o)k;|F(<|Qr1Y_y-E{h9 zw=6fib6B#irTL9LUM_$0a`~IjPhv$qDX0ep^ZR_VFlbo_wA|n%XFKgQA}WY8ta z**nS{LzJ~M+v%$|pBqijlP7^of8I*t;m|zFp_PYjh|v~@w&l2$7RRmBAGhWsB-`Hr zoxU<_562Va#lcHCZk=4S%E!UmS}IS05`0@r<*CW0TTA7s&HJyG=CKY}B~;{UTT3OX zxxc;&sZgL2l?)GIUB?eQX4jVH4T~ApAR+L;eyl76yZ-Kd+AO~B(=(waT-fHjWvh7g z;VS>$;iCQJ;$P|Rwy#mzh5n91$>5;sT#{NZ2NUUggc7$O(p`6b`_m-DT$s{{*2@Wr z#e~FJ6WX_$4I@vEJZyt`R8^VUzpmb$K0a7&Cx>>o4?iGqdo&t5(ZzaPrplcHzkhUW z0*|Fss)|M&*bgxmlcq2BqUeJGYQ=qxm-RwWLE^!tho{5Fc>Dh0%!pARi5T_4x-X73 z#vM3|@cK+ZR`Q28cY{`DwI@T(9QQpvCmrlH z`*@3^o!fd=bkMCkRd-PKbb;n`>nDY^;+y-Q{82Ce%|g=UdHdP@&vMV-Ea&mbo#s9M zbNC@|?1>HWC-itQ(Yc5NE|0IK3!QI?t&GxlJB4hFQEdNUsKfAY0YQ(LPxxp_&gl9v z=@yeYo4lNvs5>^*{V913!O8sN7=(!dB}6Z^%~>nx$I~Wz?T#TE8%%A zZAxi4Dc%1HyH*kN7=OH*>Pm!;!e%U}%UMlTDlC3)tjm2=U6KG}?9RuSeSa`mDwuhe zz?M{$Em;CPhM+rlIjdRE;l^V)Rj+{O(#Y@Y1#i}0@Sdj;sOEr(A0!f{C(Q?GfE?|s zA-13A672(GeEE3%KLqfL+DC)y zq4p<}tIJjLbDU_29&;{N_)C91`y-M4s&93a)E-dOeAM_+BkhEE;!tSOXJW-i;a*AC zijP&z_><752+aE{-rRhO!2PczP6i^M=!({2;g4`ekH$-%>M@_g`8^tNt)Gi!WGcIC zuGNQ0#YvmkTg#BoK~Mb@aq@7KLV z$AEH8*?*lWtX_dW5eek6N6VghLqNGT(4g|} zLfb~0kMEx`%@Rw7$BtUjIOjH^p@Vha#uzP!q3Dh&E+ScrkOM!FVwnq9+Vtn1%Jffp# z9+Xli6;@7iXMmkfTE$x#v64o)C{sTufBtcUldWt;NWc~wLgFMv$Fxhzk;Crk;n6kD zHqJCoH%>K9=7wz|iK@Yq*3_o9gC}8JYcTvM6!X3R!Fa^rG?>K)E`w=&6h3&z@;i7B zmfaKEm>2|6hH9Uvm0m{e&{n9}ML{85Q1)YRWaoD16n1+joinbLNyN5QLW>lWVK$1; zqC+&wF0%KL=Xcz88vd1pNy2n_wQNY*ImVsyD#?hB(Mk4@aFImnNu76{(;TiZp`sx! zSv1P0l(-Mxb_r_bSq{+=AVSV8=o1ClBO_2TE<;Y7uO~C*~YCrd6njeF&Zd zszl&Q1hPcjJ`|-@Pj;pNET6Bp?2JNbp2i34d>R|9zz!pIj30x6O;8zi#vqC20 zOcab;r-cnBBWovF3V~-c0&m6IdzqkfY|6+lCovQfP+ybJ)nomVcCctzoD>TG%WC?^u4Dj5vIO=gtlx>d0i(e+5kL7EAn6@gz72o@oXBb}pO z^b4v*;93N-MPOS5x<%ky1j0pNTm;HR;9LaKMM`cIM`*6#v!pgjAudc^3&s$nPtgM? zE(p;TnLHqWwn0e%^&*1Y^Sz z3jQT}Fa!kLh=(HH%E$%*5S9FzLPV_`W6nDkJMDe)5kx8(#VkBvt04p;GC0LwU62lj zuUU422z;%K%4lb!7TCxZQHC0|fd-)U2KBoV~&OBB9?kRh~EJH%9oz=gF!gMDPWk;734pM_Ol>;$+nl1U9S7nTc16x)tP z2PfBR1KxrOSO{yr=t;B=qkDuEt@JIN48eA^lAgmMf{TX>P7K1jFMc8_cp;NbAdATe z*LrZXx7g-XbWscxR+cXzUPzW>{{|R`kl>BB=5B8K$=A75=Y$Hde(uU zs%R*=*atyeU{c)ut|v;eb*{s7!48BGBtX2JP~3?mc{FyMX#UXeezH-fWW2K8bFW+M zLx5+bAUmmi$H3ybzyw6Ta3Q{m2?xfam55H6Z#Dd%SFBASBuQYsAv`9Gi3$BxO&T1f z;~co;oq#i;K$3zLh|o+clVg}PCL`=uH*thc$+RS#3oZyHq=;}ih^At63}JpgzvdG2 z%v9kknRALJseIi6Y*a?p=9^1OfyD{%Yo^UGXa3dAn;QdB2>w_5E=uN-&L_$)O4S82 z-7s(QRnEP&fydTM!>pE|_AdD7B3GcmtrnIIIS!()Rsm5&MjZp1wXx;-P&1#E>trOC zU5v3FDt^sMFj10sPFdi4t5Uv2(SflsrKM2Xx$ywge)WogzYCz@)>v?GOSf8$>-gF0A)xrt;kmz1Kgg82r+|iu|Zmg8L-X_IU}k5KnhU+hXk~+tp;Fv1BdB# zGy(ytlI@U(lKKy&6y_PU(RS2nAzLDD1vrv-(zV=D8;9JMWq&H>PsNO!gH)1Q2PZ(T ztYba~?GZ_3-ocdQgJO*P!zo60Oi(_q?kH-KPIMyc2?dvou%pF5fM-z*Ccuq)7Ugh* zcKO1`L_yr-o4Hh##GxP#1#u{d>-;MTj0pvCD2PKr917x45Ql;|6vUw*4h3%{O6~6(V2GZ-pI|mo+|IBl=T`he}NO z_JmXce{Cln?|8l^fXH7PjxgU0IetrjNZex4wM=junb94%Vbls_nJ1rw<83!2YIBP3 QcR08I2N54D=8Ap*0J+~G4gdfE literal 6595 zcmV;!89e46iwFP!00000|LuEOj~q9a?tA`<1m>ac9bo{Th1e!a(H-n`0*@^|MTzL#~=Lr{J8y?A0GGj zcmKIn+kgMR8~@sW+~=RJun~Tr8u7+|_uAj)yYHWVI5a%n-|X+6{KuRBdGr6T#BSsF zcOU)3-rqf4sRn+mKd)>9yP+`cARFvDmN==~c0*y>0UGW)V8gqiuzBk0 zL?d@Yp)Th8{8ZU}$mQlS|9B-D)o8!JOZn%U+xzeLv8%cE-!*zz=Dd3qKopJMz45Qt zd(6Zm8nxT__Ye2!L(Gp?qA~u}tHw3}4dC^(0mMqBsa?gK0+7$|-aq}b0h)=L8t4Tf z8|WobOVd8sfb9Bk1HEKwY1&6Lpt?TLfZC0v&D$sc_U5nmclk;T#EpM@^SAqV`ARem z=x!7>pm$?w^Vh%n*N0vt8Z^7fJvY)D6l8)%9B+@87+@%}+Tk zyHJC=9*LWMI%=q65BojQKcuNtS`r5(Ky%%1J(}HacfGcfLAclFx3EEOkgkV~>Pv^l ziI}1|R-E>XT%sl2VL}*H0*+Op?Nb@3^F8HvR^`v0!KC;;D|JdcB-A*ym71slr zLLCTp_oj!dx~bnCZFB@7#P!%^w`sY!X>odU5f1m$$wpT2mPg=S8&(GW+8{|4BuBs= zuuCkki$?5{BX-FJcHxL!JYrWZE$~f`_@+mE(`)!&C4b`E z*Mx6pPz~GtT0$3!8FZl-Pd7GVFww+NM}uWZ)iQiNKmu0C!XwD44M&i*=p!0hgS8nM zU-ozYw)?>iFB;>AhlgB;_svsSeD~pL0*jqmb+|agNF0b9p(l28_w_&IhkdJ{ot~~C z>tx0g$U5ngz zUP5zJtk(A+2%PSGr|skTqd|uS@C^SzAI8)bOnXv`Ts`wk2!=U~susiKIS9rIvuhBH z-Pm;q#svhcDFo~5USCnqAb3q9E7TMBQso6g(;!sdJ&V=UAdXm#3#_Ky1?Qr}VUj&F z@+72pJjshR{u97`{Tc;3sDi1guz5S!oBrwM@BSb8O4MFWBL=V*16Yeq*VWg1q3Zo` zGg61hcUPj}1rERQ|J64{vFqoeM){|kzx`wXewa(H`R;AkZZ2rduoY&Q3mUsV7c@4` zV-nTZ9>GtH;3w7$K%5$YFajxzKnfGz9IJ2s>Qw{PCE3uLc?b=eUilj`6Mb(;4abAdnTsSF zQVr=0}manX8z7jxfSBWNG)?s999ng+!6;isMdG>x5hhW4mVE3koTm#;7av(q?? z81)g~mnIx>~D%?&IzK^Zw&yL#vl@dH=&5a7N;jQH!lwkAk%Dy)Z9&NdK<3tOYto z!wpUcLsks8MZ~ua8dorf*7le}uvn=C(;@!?-G{g_(xQP|*q0s1&&jK`O74(Qf{JSGXT^pw^jPeeLF*e}A*T`*@BKI*kgwGgD2!kx=Xspc|Iw zWZbZ7SWhG@54RiJg@o;jgzaChd;H{s0sAE!T)zN~H;cn{(eO9xhxg4V07%bA4<8cN z;iGbMKn@9w#KAPbgv&lpEqB+4kSEIuKZ6g$JjoX^4*@+M0>y{ERi_pfLwloF>v_g9 z9o0aC&0?(Tb!Zwn9MdHFaJ8G^W;ch6-46GCsIZvBU42B875njBb()xk7* zfv55%uo~xEjBQ}dm%zDv$zs?%_&=sY;JJJWoXD3{M!I~-G_T&K317GFi5T0?r$#_` z(S|d=Zgq85QzNyZj$L(vVHzLBmc%qaHu#z_U;8dPv*!tF| z8}lr%$g@B_MBhykEh}?=YWf9^BXlrE=-~47i+{TLfBx?KE(RC-CnDoQR`N2(1NvEy z8?I|~Y+P$Rq-f?5zG*ON4O8F^$fX&G%j{RS3jM{AYP`Th$k1IsYWpiJ|{e)KGmc@>NMmsEJ zz9|vJCJ%BsWwlMu^L{GgL$s{pdkC{lNG|N@<;VubbZDE|n;H&te-e(l_m7pOF&X%{ z@Wod-fx(?RcuEH|I*LhPu=kvfWj3CH)0Xc1kn~d>#trPud4bLGf$W)>bXYman{xkf z!f`tE94zO>*aPVrHR$BIKY>0Q|N3p+wBAtp=~T|a@88y>LD%i4=5)8s?fw1xV<)zo zwqHdWgjB_H(b|TA{fO5SW{!9s`Zg%u)=TvS&y#L7_JRw19-8~m3yRTcFZ;Vm5jMxS zRLf=CxN=jCjeegtclqbD&eiBYZKl^SeAZ-Zw{h1#y^lLeLO062J^X7 zcL@*mOv-a-@**O0D|_InORVKv#eJW@$lk_ zcylHZzslBgbB+o1Lpp4dW#?Jt>$eS`y6f63zkS>Asavk=&}xxA^$5Ve#3O*WHQe~z zh1@W{tsebzH*&*RS>_ctc=}X;@pGOE9D>rPp7z7}r~N!U?XPahZY<58Y~t|xABWff zI8VjXm?;<&1@i};JXp{?7|?u(`;X5+*!eNZrQ zT-t;?^x46=mjf%6w)4>zS^FX14vTy{wE6a$LNe_W;AxXytL&c;ED|q6zJ2n}uD%D@ zjisShHHf>hG}P*jy8}@XzhP^22@GV;C3P zM=nDIC+$DZIT`y^XCi-}AGY@&^Fz74|7j9o9xSCZqn8V!#e(Rf1sz7srs1-gaX0S%>4*IAyf=1+#JXQ5hesv;P<3hn&xKS*5%oB5m}1T*OdAfY zsG|wSj)xwv#}{D(5_dY?)piHt-G`?OJw|oHV^l}`zDR5ICvfKBwUK}-jXkPq+c`sb+qSNy{(M9S47iq}S z?|xo8;G8nRMcOb@-zVHW{^U>I^4~2uUFO>_ray~4f45x67Za^#{O9;XJ=hZ+!cU-hw9q+= z9WM7x(~YjL#8zf$$xb2L@6(|BM^hcUe+vkDMt$OEb8-Rc=eS!e=3?XJ!a&`z+Mm&u zb89_uw_Pl%OKqV`*7dCQa8Vrc5_f&{@#|U|SUB)Q2ty3+c`a>*QkN+`e1<=Ep}CLW zKTfuThi;qBU%ax7yq@)xLx;r&=W2M6tcD;!@4I8~vmX+JLkB&N5||+rWriq$>0Qvq zUe9`tdAL3eC&zC9YH4%Gu8yT;7y-r@5a3ZDVVY?^3IkMcUv|FzJeHu=D!I>!FFyh3 zg9-L13{dm4&_=0v{$LZ=D*KnCN1p)n!35ba4Qh05ENzDHfgS@1{pG3K4_}AUW(XbF zF^FL2K?D-x)ATXnOoNrsevLZoJ$*6Sxy#qj`~RH-zvz9^x$b&@v2k_1YW$oww5Y|L z>lOQ@eV_lC$i8n!oiu8XOw^ic{H&Q8qEDQvA!;MB^jWw!glp+@Mbm#1{3#4$`@|dd zmoVIZCUe#i`NFGc%@_WR%jj8u=}T|Sm$>|%b-32^VilQ&Q?`;9Yk_NZWcx6uAo77QM=-2~ z)IljFI2OfQU!fO0I}`;<%&*~SosAr(W)C6}$TPMOcA zUo2}R$u<{;;Jq*8H7BEl@gWwu)#$Wv8tT8FJxio$6blg2u(df;wmx$NYY?*#wAIpS zcACC;A_c%I`5289Qsfk)%*p#m#Z!`YtF_bWW#$6wmBvuC)}D$-&)O)m(xV_Hv)UTr zv~}9N*o;1VmP$jAf=TCGqOjFUV_s%P!6XxBlMLyQl3>p&O>LOT%3fshVFrA!V4IuNkYDH1@=RD6cOo|Cd5EXh<7 zLCjlduR^$(pp}qKVQaMwoGFDMNl{K&3zH~@Er4`TxvbahClC%r6~#b0lP*^0Xku2@ z3bfYC%xMeto(1Ee-m;)RiFheiAu5wWXbs3BY3Xy$=%Y6!`z;_ksCPL+_y2{2lM<$6 zDVlx~`^6J^ zzz8|ivz9`PJ_~D6>mWf;pdhzEMN%24GtPjd z1JVvi^=1C-`4~zF5TXqLMtOi3t$-4PwK8iChxyEl&MS>pib@tNN(wU9NmYpg3Rq?2aiQl zk*H)TF;EdCJs6EWb5i_f43f%57|ark_9Z4SGIJ0hqK~QCwJmx`bRc{5_zjtjg;Vxy zWDY7QWjIP^jM;l;m4xcd1p0M(Ql_A^l(R;T8U+X~6{;Xppk!MlM8gg=I?&)i3kS+N zP{x6(p0jeGqyxnc6gg1nK!F2QWo;eEsvz2dR1T!vNYp|~X$mWyr3Rl%$jV0cIeBgM z7PNGr>xA@TlL8f0QqU?}#R|cvB+){QtWvbeZovo#+B(q2fvzC|^`Z;})+Mrq2r>gD zPZ(6n#c~44oJ7ZffnSt~q@)$XdMi><-e;fC$E>9=GNhm?6Xd|)FV0BeD3z#}ph?Ma zl3H1l6bXZdWxeuSX=n#VIWW>etAM{8L!7;am>?)FDwQMz1xSf0Q%GRUVS9c>rc_cG zJ(%oOB9*N75Tan=buk8+=iBuwGKNAK#fE~)hNwszDTf@rjhql`w9Zy()%cqERT(oz zb2R8nvR+xihEfEJhD5fch2DZi2Nr%4<}_NJSz@+qqD9hH8}v4jCqvP~7A!lk^qVnQ zsDuQPytPRO3M4~Dp+f;tN|EXqu1tPKOe?541z?OCQ&uVG0!Bgh zY#DvQmT9cE*;mH6iBe${Qjzl33Y8d4NV$f4K%&Ae3h7YrSIKFitO_DTOU95= z0;;)D-O(+I%B=co7l2Z;U}Z!ig9O&5P(-pN)!>ZRuti}V3iDMjB3Q7>qY8n207;;8 zRFXYP%t>P0B7j2>U;RR4^u*cZ1R-m(!6#DLO06SimO8Z&6$IlDv_nu1K{~8XRE@0m z&Kd%K6^rp2B}EMsJz1}978qot63A#xIk(XnY_q25u;xusI0XB zA{mFIzo|thTMD8l=`B&t5P=~Y0wf(cTd_qJ4#|FV3lA8x4nWpM8%YvVlA;tFQnCUp z)dV&&I;^I`H?roObe2ZOg2HeTp}u^Q5(Nd^MXjWMDNLH!%Pai%*G2$(R$G+Ch} zhb|7q`VS=(;e`n*6ex-~0HC3itha0f8VIS2Z5jAeFndy&Rw`NoU5phzMdhsu z)$S0Iu@{W^!wE(eK~U4x1(E``RH({{E!nKe^cth>%Lqnmhg!Xea8OH!^})wPK&Z)K zE0|75sOy}cDs(_bC$sjXkpUGk diff --git a/creusot/tests/should_succeed/iterators/06_map_precond.coma b/creusot/tests/should_succeed/iterators/06_map_precond.coma index fc4f16487..72a38ffba 100644 --- a/creusot/tests/should_succeed/iterators/06_map_precond.coma +++ b/creusot/tests/should_succeed/iterators/06_map_precond.coma @@ -674,7 +674,7 @@ module M_06_map_precond__qyi16809708214464407778__next [#"06_map_precond.rs" 65 meta "compute_max_steps" 1000000 - let rec next'0 (self:borrowed (t_Map'0)) (return' (ret:t_Option'1))= {[@expl:next 'self' type invariant] [%#s06_map_precond4] inv'2 self} + let rec next'0[#"06_map_precond.rs" 65 4 65 44] (self:borrowed (t_Map'0)) (return' (ret:t_Option'1))= {[@expl:next 'self' type invariant] [%#s06_map_precond4] inv'2 self} (! bb0 [ bb0 = s0 [ s0 = {inv'0 (self.current).t_Map__iter'0} @@ -1346,7 +1346,7 @@ module M_06_map_precond__map [#"06_map_precond.rs" 178 0 181 14] meta "compute_max_steps" 1000000 - let rec map'0 (iter:t_I'0) (func:t_F'0) (return' (ret:t_Map'0))= {[@expl:map 'iter' type invariant] [%#s06_map_precond1] inv'0 iter} + let rec map'0[#"06_map_precond.rs" 178 0 181 14] (iter:t_I'0) (func:t_F'0) (return' (ret:t_Map'0))= {[@expl:map 'iter' type invariant] [%#s06_map_precond1] inv'0 iter} {[@expl:map 'func' type invariant] [%#s06_map_precond2] inv'1 func} {[@expl:map requires #0] [%#s06_map_precond3] forall e : t_Item'0, i2 : t_I'0 . produces'0 iter (Seq.singleton e) i2 -> precondition'0 func (e, Snapshot.new (Seq.empty : Seq.seq t_Item'0))} @@ -1445,21 +1445,30 @@ module M_06_map_precond__identity [#"06_map_precond.rs" 185 0 185 37] use prelude.prelude.Snapshot - predicate postcondition_once'0 (self : ()) (args : (t_Item'0, Snapshot.snap_ty (Seq.seq t_Item'0))) (result : t_Item'0) - - = - let (x, _3) = args in true - predicate resolve'5 (_1 : ()) = true predicate unnest'0 (self : ()) (_2 : ()) = true + let rec closure0'0[#"06_map_precond.rs" 186 14 186 20] [@coma:extspec] (_1:borrowed ()) (x:t_Item'0) (_3:Snapshot.snap_ty (Seq.seq t_Item'0)) (return' (ret:t_Item'0))= bb0 + [ bb0 = s0 [ s0 = -{resolve'1 _1}- s1 | s1 = [ &_0 <- x ] s2 | s2 = bb1 ] | bb1 = return' {_0} ] + [ & _0 : t_Item'0 = any_l () | & _1 : borrowed () = _1 | & x : t_Item'0 = x ] + [ return' (result:t_Item'0)-> return' {result} ] + + + predicate postcondition_once'0 (self : ()) (args : (t_Item'0, Snapshot.snap_ty (Seq.seq t_Item'0))) (result : t_Item'0) + + = + let (x, _3) = args in exists __bor_self : borrowed () . closure0'0'post'return' __bor_self x _3 result + /\ __bor_self.current = self + predicate postcondition_mut'0 (self : ()) (args : (t_Item'0, Snapshot.snap_ty (Seq.seq t_Item'0))) (result_state : ()) (result : t_Item'0) = - (let (x, _3) = args in true) /\ unnest'0 self result_state + (let (x, _3) = args in exists __bor_self : borrowed () . closure0'0'post'return' __bor_self x _3 result + /\ __bor_self.current = self /\ __bor_self.final = result_state) + /\ unnest'0 self result_state function fn_mut_once'0 (self : ()) (args : (t_Item'0, Snapshot.snap_ty (Seq.seq t_Item'0))) (res : t_Item'0) : () @@ -1481,15 +1490,6 @@ module M_06_map_precond__identity [#"06_map_precond.rs" 185 0 185 37] axiom postcondition_mut_unnest'0_spec : forall self : (), args : (t_Item'0, Snapshot.snap_ty (Seq.seq t_Item'0)), res_state : (), res : t_Item'0 . ([%#sops18] postcondition_mut'0 self args res_state res) -> ([%#sops19] unnest'0 self res_state) - let rec closure0'0 (_1:borrowed ()) (x:t_Item'0) (_3:Snapshot.snap_ty (Seq.seq t_Item'0)) (return' (ret:t_Item'0))= {[@expl:closure 'x' type invariant] [%#s06_map_precond1] inv'2 x} - (! bb0 [ bb0 = s0 [ s0 = -{resolve'1 _1}- s1 | s1 = [ &_0 <- x ] s2 | s2 = bb1 ] | bb1 = return' {_0} ] ) - [ & _0 : t_Item'0 = any_l () | & _1 : borrowed () = _1 | & x : t_Item'0 = x ] - - [ return' (result:t_Item'0)-> {[@expl:closure result type invariant] [%#s06_map_precond2] inv'2 result} - {[@expl:closure unnest] unnest'0 _1.current _1.final} - (! return' {result}) ] - - predicate inv'1 (_1 : t_I'0) predicate inv'3 (_1 : ()) @@ -1501,7 +1501,7 @@ module M_06_map_precond__identity [#"06_map_precond.rs" 185 0 185 37] use prelude.prelude.Snapshot predicate precondition'0 (self : ()) (args : (t_Item'0, Snapshot.snap_ty (Seq.seq t_Item'0))) = - let (x, _3) = args in true + let (x, _3) = args in forall __bor_self : borrowed () . __bor_self.current = self -> closure0'0'pre __bor_self x _3 predicate completed'0 [#"common.rs" 11 4 11 36] (self : borrowed t_I'0) @@ -1583,7 +1583,7 @@ module M_06_map_precond__identity [#"06_map_precond.rs" 185 0 185 37] meta "compute_max_steps" 1000000 - let rec identity'0 (iter:t_I'0) (return' (ret:()))= {[@expl:identity 'iter' type invariant] [%#s06_map_precond0] inv'1 iter} + let rec identity'0[#"06_map_precond.rs" 185 0 185 37] (iter:t_I'0) (return' (ret:()))= {[@expl:identity 'iter' type invariant] [%#s06_map_precond0] inv'1 iter} (! bb0 [ bb0 = s0 [ s0 = [ &_4 <- () ] s1 @@ -1600,51 +1600,49 @@ module M_06_map_precond__identity [#"06_map_precond.rs" 185 0 185 37] end module M_06_map_precond__increment [#"06_map_precond.rs" 193 0 193 50] - let%span s06_map_precond0 = "06_map_precond.rs" 202 8 203 71 + let%span s06_map_precond0 = "06_map_precond.rs" 197 8 198 71 let%span s06_map_precond1 = "06_map_precond.rs" 193 42 193 46 let%span s06_map_precond2 = "06_map_precond.rs" 189 11 189 156 let%span s06_map_precond3 = "06_map_precond.rs" 190 11 191 63 - let%span s06_map_precond4 = "06_map_precond.rs" 198 24 198 25 - let%span s06_map_precond5 = "06_map_precond.rs" 196 19 196 27 - let%span s06_map_precond6 = "06_map_precond.rs" 197 18 197 33 - let%span s06_map_precond7 = "06_map_precond.rs" 179 4 179 8 - let%span s06_map_precond8 = "06_map_precond.rs" 180 4 180 8 - let%span s06_map_precond9 = "06_map_precond.rs" 172 11 174 65 - let%span s06_map_precond10 = "06_map_precond.rs" 175 11 175 38 - let%span s06_map_precond11 = "06_map_precond.rs" 176 11 176 48 - let%span s06_map_precond12 = "06_map_precond.rs" 181 5 181 14 - let%span s06_map_precond13 = "06_map_precond.rs" 177 10 177 75 - let%span s06_map_precond14 = "06_map_precond.rs" 44 8 58 9 - let%span s06_map_precond15 = "06_map_precond.rs" 123 12 126 47 - let%span s06_map_precond16 = "06_map_precond.rs" 111 12 116 71 - let%span s06_map_precond17 = "06_map_precond.rs" 11 4 13 36 - let%span s06_map_precond18 = "06_map_precond.rs" 30 14 30 45 - let%span s06_map_precond19 = "06_map_precond.rs" 28 4 28 10 - let%span s06_map_precond20 = "06_map_precond.rs" 35 15 35 32 - let%span s06_map_precond21 = "06_map_precond.rs" 36 15 36 32 - let%span s06_map_precond22 = "06_map_precond.rs" 37 14 37 42 - let%span s06_map_precond23 = "06_map_precond.rs" 33 4 33 10 - let%span scommon24 = "common.rs" 14 14 14 45 - let%span scommon25 = "common.rs" 18 15 18 32 - let%span scommon26 = "common.rs" 19 15 19 32 - let%span scommon27 = "common.rs" 20 14 20 42 - let%span sresolve28 = "../../../../creusot-contracts/src/resolve.rs" 54 20 54 34 - let%span sops29 = "../../../../creusot-contracts/src/std/ops.rs" 109 15 109 59 - let%span sops30 = "../../../../creusot-contracts/src/std/ops.rs" 110 14 110 36 - let%span sops31 = "../../../../creusot-contracts/src/std/ops.rs" 115 14 115 31 - let%span sops32 = "../../../../creusot-contracts/src/std/ops.rs" 120 15 120 29 - let%span sops33 = "../../../../creusot-contracts/src/std/ops.rs" 121 15 121 26 - let%span sops34 = "../../../../creusot-contracts/src/std/ops.rs" 122 14 122 28 - let%span sops35 = "../../../../creusot-contracts/src/std/ops.rs" 127 14 128 105 - let%span s06_map_precond36 = "06_map_precond.rs" 87 12 90 63 - let%span s06_map_precond37 = "06_map_precond.rs" 165 12 167 73 - let%span s06_map_precond38 = "06_map_precond.rs" 95 14 95 81 - let%span s06_map_precond39 = "06_map_precond.rs" 98 12 104 88 + let%span s06_map_precond4 = "06_map_precond.rs" 194 38 194 39 + let%span s06_map_precond5 = "06_map_precond.rs" 179 4 179 8 + let%span s06_map_precond6 = "06_map_precond.rs" 180 4 180 8 + let%span s06_map_precond7 = "06_map_precond.rs" 172 11 174 65 + let%span s06_map_precond8 = "06_map_precond.rs" 175 11 175 38 + let%span s06_map_precond9 = "06_map_precond.rs" 176 11 176 48 + let%span s06_map_precond10 = "06_map_precond.rs" 181 5 181 14 + let%span s06_map_precond11 = "06_map_precond.rs" 177 10 177 75 + let%span s06_map_precond12 = "06_map_precond.rs" 44 8 58 9 + let%span s06_map_precond13 = "06_map_precond.rs" 123 12 126 47 + let%span s06_map_precond14 = "06_map_precond.rs" 111 12 116 71 + let%span s06_map_precond15 = "06_map_precond.rs" 11 4 13 36 + let%span s06_map_precond16 = "06_map_precond.rs" 30 14 30 45 + let%span s06_map_precond17 = "06_map_precond.rs" 28 4 28 10 + let%span s06_map_precond18 = "06_map_precond.rs" 35 15 35 32 + let%span s06_map_precond19 = "06_map_precond.rs" 36 15 36 32 + let%span s06_map_precond20 = "06_map_precond.rs" 37 14 37 42 + let%span s06_map_precond21 = "06_map_precond.rs" 33 4 33 10 + let%span scommon22 = "common.rs" 14 14 14 45 + let%span scommon23 = "common.rs" 18 15 18 32 + let%span scommon24 = "common.rs" 19 15 19 32 + let%span scommon25 = "common.rs" 20 14 20 42 + let%span sresolve26 = "../../../../creusot-contracts/src/resolve.rs" 54 20 54 34 + let%span sops27 = "../../../../creusot-contracts/src/std/ops.rs" 109 15 109 59 + let%span sops28 = "../../../../creusot-contracts/src/std/ops.rs" 110 14 110 36 + let%span sops29 = "../../../../creusot-contracts/src/std/ops.rs" 115 14 115 31 + let%span sops30 = "../../../../creusot-contracts/src/std/ops.rs" 120 15 120 29 + let%span sops31 = "../../../../creusot-contracts/src/std/ops.rs" 121 15 121 26 + let%span sops32 = "../../../../creusot-contracts/src/std/ops.rs" 122 14 122 28 + let%span sops33 = "../../../../creusot-contracts/src/std/ops.rs" 127 14 128 105 + let%span s06_map_precond34 = "06_map_precond.rs" 87 12 90 63 + let%span s06_map_precond35 = "06_map_precond.rs" 165 12 167 73 + let%span s06_map_precond36 = "06_map_precond.rs" 95 14 95 81 + let%span s06_map_precond37 = "06_map_precond.rs" 98 12 104 88 use prelude.prelude.Borrow predicate resolve'3 (self : borrowed ()) = - [%#sresolve28] self.final = self.current + [%#sresolve26] self.final = self.current predicate resolve'1 (_1 : borrowed ()) = resolve'3 _1 @@ -1653,70 +1651,56 @@ module M_06_map_precond__increment [#"06_map_precond.rs" 193 0 193 50] use prelude.prelude.Intrinsic - use prelude.prelude.UInt32 - - use prelude.prelude.Int - use seq.Seq use prelude.prelude.Snapshot - predicate postcondition_once'0 (self : ()) (args : (uint32, Snapshot.snap_ty (Seq.seq uint32))) (result : uint32) = - [%#s06_map_precond6] let (x, _3) = args in UInt32.to_int result = UInt32.to_int x + 1 - predicate resolve'5 (_1 : ()) = true predicate unnest'0 (self : ()) (_2 : ()) = true + let rec closure0'0[#"06_map_precond.rs" 194 22 194 33] [@coma:extspec] (_1:borrowed ()) (x:uint32) (_3:Snapshot.snap_ty (Seq.seq uint32)) (return' (ret:uint32))= bb0 + [ bb0 = s0 + [ s0 = -{resolve'1 _1}- s1 + | s1 = UInt32.add {x} {[%#s06_map_precond4] (1 : uint32)} (fun (_ret':uint32) -> [ &_0 <- _ret' ] s2) + | s2 = return' {_0} ] + ] + [ & _0 : uint32 = any_l () | & _1 : borrowed () = _1 | & x : uint32 = x ] + [ return' (result:uint32)-> return' {result} ] + + + predicate postcondition_once'0 (self : ()) (args : (uint32, Snapshot.snap_ty (Seq.seq uint32))) (result : uint32) = + let (x, _3) = args in exists __bor_self : borrowed () . closure0'0'post'return' __bor_self x _3 result + /\ __bor_self.current = self + predicate postcondition_mut'0 (self : ()) (args : (uint32, Snapshot.snap_ty (Seq.seq uint32))) (result_state : ()) (result : uint32) = - (let (x, _3) = args in UInt32.to_int result = UInt32.to_int x + 1) /\ unnest'0 self result_state + (let (x, _3) = args in exists __bor_self : borrowed () . closure0'0'post'return' __bor_self x _3 result + /\ __bor_self.current = self /\ __bor_self.final = result_state) + /\ unnest'0 self result_state function fn_mut_once'0 (self : ()) (args : (uint32, Snapshot.snap_ty (Seq.seq uint32))) (res : uint32) : () - axiom fn_mut_once'0_spec : forall self : (), args : (uint32, Snapshot.snap_ty (Seq.seq uint32)), res : uint32 . [%#sops35] postcondition_once'0 self args res + axiom fn_mut_once'0_spec : forall self : (), args : (uint32, Snapshot.snap_ty (Seq.seq uint32)), res : uint32 . [%#sops33] postcondition_once'0 self args res = (exists res_state : () . postcondition_mut'0 self args res_state res /\ resolve'5 res_state) function unnest_trans'0 (self : ()) (b : ()) (c : ()) : () - axiom unnest_trans'0_spec : forall self : (), b : (), c : () . ([%#sops32] unnest'0 self b) - -> ([%#sops33] unnest'0 b c) -> ([%#sops34] unnest'0 self c) + axiom unnest_trans'0_spec : forall self : (), b : (), c : () . ([%#sops30] unnest'0 self b) + -> ([%#sops31] unnest'0 b c) -> ([%#sops32] unnest'0 self c) function unnest_refl'0 (self : ()) : () - axiom unnest_refl'0_spec : forall self : () . [%#sops31] unnest'0 self self + axiom unnest_refl'0_spec : forall self : () . [%#sops29] unnest'0 self self function postcondition_mut_unnest'0 (self : ()) (args : (uint32, Snapshot.snap_ty (Seq.seq uint32))) (res_state : ()) (res : uint32) : () - axiom postcondition_mut_unnest'0_spec : forall self : (), args : (uint32, Snapshot.snap_ty (Seq.seq uint32)), res_state : (), res : uint32 . ([%#sops29] postcondition_mut'0 self args res_state res) - -> ([%#sops30] unnest'0 self res_state) - - let rec closure2'0 (_1:borrowed ()) (x:uint32) (_3:Snapshot.snap_ty (Seq.seq uint32)) (return' (ret:uint32))= {[@expl:closure requires] [%#s06_map_precond5] UInt32.to_int x - <= 15} - (! bb0 - [ bb0 = s0 - [ s0 = -{resolve'1 _1}- s1 - | s1 = UInt32.add {x} {[%#s06_map_precond4] (1 : uint32)} (fun (_ret':uint32) -> [ &res1 <- _ret' ] s2) - | s2 = [ &res <- res1 ] s3 - | s3 = [ &_0 <- res ] s4 - | s4 = return' {_0} ] - ] - ) - [ & _0 : uint32 = any_l () - | & _1 : borrowed () = _1 - | & x : uint32 = x - | & res : uint32 = any_l () - | & res1 : uint32 = any_l () ] - - [ return' (result:uint32)-> {[@expl:closure ensures] [%#s06_map_precond6] UInt32.to_int result - = UInt32.to_int x + 1} - {[@expl:closure unnest] unnest'0 _1.current _1.final} - (! return' {result}) ] - + axiom postcondition_mut_unnest'0_spec : forall self : (), args : (uint32, Snapshot.snap_ty (Seq.seq uint32)), res_state : (), res : uint32 . ([%#sops27] postcondition_mut'0 self args res_state res) + -> ([%#sops28] unnest'0 self res_state) type t_U'0 @@ -1737,36 +1721,36 @@ module M_06_map_precond__increment [#"06_map_precond.rs" 193 0 193 50] function produces_trans'1 [#"common.rs" 21 4 21 91] (a : t_U'0) (ab : Seq.seq uint32) (b : t_U'0) (bc : Seq.seq uint32) (c : t_U'0) : () - axiom produces_trans'1_spec : forall a : t_U'0, ab : Seq.seq uint32, b : t_U'0, bc : Seq.seq uint32, c : t_U'0 . ([%#scommon25] produces'1 a ab b) - -> ([%#scommon26] produces'1 b bc c) -> ([%#scommon27] produces'1 a (Seq.(++) ab bc) c) + axiom produces_trans'1_spec : forall a : t_U'0, ab : Seq.seq uint32, b : t_U'0, bc : Seq.seq uint32, c : t_U'0 . ([%#scommon23] produces'1 a ab b) + -> ([%#scommon24] produces'1 b bc c) -> ([%#scommon25] produces'1 a (Seq.(++) ab bc) c) function produces_refl'1 [#"common.rs" 15 4 15 27] (self : t_U'0) : () - axiom produces_refl'1_spec : forall self : t_U'0 . [%#scommon24] produces'1 self (Seq.empty : Seq.seq uint32) self + axiom produces_refl'1_spec : forall self : t_U'0 . [%#scommon22] produces'1 self (Seq.empty : Seq.seq uint32) self use prelude.prelude.Snapshot predicate precondition'0 (self : ()) (args : (uint32, Snapshot.snap_ty (Seq.seq uint32))) = - [%#s06_map_precond5] let (x, _3) = args in UInt32.to_int x <= 15 + let (x, _3) = args in forall __bor_self : borrowed () . __bor_self.current = self -> closure0'0'pre __bor_self x _3 predicate completed'0 [#"common.rs" 11 4 11 36] (self : borrowed t_U'0) predicate next_precondition'0 [#"06_map_precond.rs" 85 4 85 74] (iter : t_U'0) (func : ()) (produced : Seq.seq uint32) = - [%#s06_map_precond36] forall e : uint32, i : t_U'0 [produces'1 iter (Seq.singleton e) i] . produces'1 iter (Seq.singleton e) i + [%#s06_map_precond34] forall e : uint32, i : t_U'0 [produces'1 iter (Seq.singleton e) i] . produces'1 iter (Seq.singleton e) i -> precondition'0 func (e, Snapshot.new produced) use seq.Seq predicate preservation'0 [#"06_map_precond.rs" 109 4 109 45] (iter : t_U'0) (func : ()) = - [%#s06_map_precond16] forall s : Seq.seq uint32, e1 : uint32, e2 : uint32, f : borrowed (), b : uint32, i : t_U'0 . unnest'0 func f.current + [%#s06_map_precond14] forall s : Seq.seq uint32, e1 : uint32, e2 : uint32, f : borrowed (), b : uint32, i : t_U'0 . unnest'0 func f.current -> produces'1 iter (Seq.snoc (Seq.snoc s e1) e2) i -> precondition'0 f.current (e1, Snapshot.new s) -> postcondition_mut'0 f.current (e1, Snapshot.new s) f.final b -> precondition'0 f.final (e2, Snapshot.new (Seq.snoc s e1)) predicate reinitialize'0 [#"06_map_precond.rs" 121 4 121 29] (_1 : ()) = - [%#s06_map_precond15] forall iter : borrowed t_U'0, func : () . completed'0 iter + [%#s06_map_precond13] forall iter : borrowed t_U'0, func : () . completed'0 iter -> next_precondition'0 iter.final func (Seq.empty : Seq.seq uint32) /\ preservation'0 iter.final func type t_Map'0 = @@ -1776,17 +1760,17 @@ module M_06_map_precond__increment [#"06_map_precond.rs" 193 0 193 50] predicate preservation_inv'0 [#"06_map_precond.rs" 96 4 96 73] (iter : t_U'0) (func : ()) (produced : Seq.seq uint32) = - [%#s06_map_precond39] forall s : Seq.seq uint32, e1 : uint32, e2 : uint32, f : borrowed (), b : uint32, i : t_U'0 [produces'1 iter (Seq.snoc (Seq.snoc s e1) e2) i, postcondition_mut'0 f.current (e1, Snapshot.new (Seq.(++) produced s)) f.final b] . unnest'0 func f.current + [%#s06_map_precond37] forall s : Seq.seq uint32, e1 : uint32, e2 : uint32, f : borrowed (), b : uint32, i : t_U'0 [produces'1 iter (Seq.snoc (Seq.snoc s e1) e2) i, postcondition_mut'0 f.current (e1, Snapshot.new (Seq.(++) produced s)) f.final b] . unnest'0 func f.current -> produces'1 iter (Seq.snoc (Seq.snoc s e1) e2) i -> precondition'0 f.current (e1, Snapshot.new (Seq.(++) produced s)) -> postcondition_mut'0 f.current (e1, Snapshot.new (Seq.(++) produced s)) f.final b -> precondition'0 f.final (e2, Snapshot.new (Seq.snoc (Seq.(++) produced s) e1)) - axiom preservation_inv'0_spec : forall iter : t_U'0, func : (), produced : Seq.seq uint32 . [%#s06_map_precond38] produced + axiom preservation_inv'0_spec : forall iter : t_U'0, func : (), produced : Seq.seq uint32 . [%#s06_map_precond36] produced = (Seq.empty : Seq.seq uint32) -> preservation_inv'0 iter func produced = preservation'0 iter func predicate invariant'0 [#"06_map_precond.rs" 163 4 163 30] (self : t_Map'0) = - [%#s06_map_precond37] reinitialize'0 () + [%#s06_map_precond35] reinitialize'0 () /\ preservation_inv'0 self.t_Map__iter'0 self.t_Map__func'0 (Snapshot.inner self.t_Map__produced'0) /\ next_precondition'0 self.t_Map__iter'0 self.t_Map__func'0 (Snapshot.inner self.t_Map__produced'0) @@ -1798,15 +1782,15 @@ module M_06_map_precond__increment [#"06_map_precond.rs" 193 0 193 50] | {t_Map__iter'0 = iter ; t_Map__func'0 = func ; t_Map__produced'0 = produced} -> inv'1 iter end) - let rec map'0 (iter:t_U'0) (func:()) (return' (ret:t_Map'0))= {[@expl:map 'iter' type invariant] [%#s06_map_precond7] inv'1 iter} - {[@expl:map 'func' type invariant] [%#s06_map_precond8] inv'2 func} - {[@expl:map requires #0] [%#s06_map_precond9] forall e : uint32, i2 : t_U'0 . produces'1 iter (Seq.singleton e) i2 + let rec map'0 (iter:t_U'0) (func:()) (return' (ret:t_Map'0))= {[@expl:map 'iter' type invariant] [%#s06_map_precond5] inv'1 iter} + {[@expl:map 'func' type invariant] [%#s06_map_precond6] inv'2 func} + {[@expl:map requires #0] [%#s06_map_precond7] forall e : uint32, i2 : t_U'0 . produces'1 iter (Seq.singleton e) i2 -> precondition'0 func (e, Snapshot.new (Seq.empty : Seq.seq uint32))} - {[@expl:map requires #1] [%#s06_map_precond10] reinitialize'0 ()} - {[@expl:map requires #2] [%#s06_map_precond11] preservation'0 iter func} + {[@expl:map requires #1] [%#s06_map_precond8] reinitialize'0 ()} + {[@expl:map requires #2] [%#s06_map_precond9] preservation'0 iter func} any - [ return' (result:t_Map'0)-> {[%#s06_map_precond12] inv'0 result} - {[%#s06_map_precond13] result + [ return' (result:t_Map'0)-> {[%#s06_map_precond10] inv'0 result} + {[%#s06_map_precond11] result = { t_Map__iter'0 = iter; t_Map__func'0 = func; t_Map__produced'0 = Snapshot.new (Seq.empty : Seq.seq uint32) }} (! return' {result}) ] @@ -1817,7 +1801,7 @@ module M_06_map_precond__increment [#"06_map_precond.rs" 193 0 193 50] true predicate resolve'2 [#"06_map_precond.rs" 9 9 9 16] (self : t_Map'0) = - [%#s06_map_precond17] resolve'4 self.t_Map__iter'0 + [%#s06_map_precond15] resolve'4 self.t_Map__iter'0 /\ resolve'5 self.t_Map__func'0 /\ resolve'6 self.t_Map__produced'0 predicate resolve'0 (_1 : t_Map'0) = @@ -1831,6 +1815,8 @@ module M_06_map_precond__increment [#"06_map_precond.rs" 193 0 193 50] use prelude.prelude.Snapshot + use prelude.prelude.Int + use seq.Seq use seq.Seq @@ -1840,7 +1826,7 @@ module M_06_map_precond__increment [#"06_map_precond.rs" 193 0 193 50] predicate produces'0 [@inline:trivial] [#"06_map_precond.rs" 43 4 43 67] (self : t_Map'0) (visited : Seq.seq uint32) (succ : t_Map'0) = - [%#s06_map_precond14] unnest'0 self.t_Map__func'0 succ.t_Map__func'0 + [%#s06_map_precond12] unnest'0 self.t_Map__func'0 succ.t_Map__func'0 /\ (exists fs : Seq.seq (borrowed ()) . Seq.length fs = Seq.length visited /\ (exists s : Seq.seq uint32 [produces'1 self.t_Map__iter'0 s succ.t_Map__iter'0] . Seq.length s = Seq.length visited @@ -1860,19 +1846,19 @@ module M_06_map_precond__increment [#"06_map_precond.rs" 193 0 193 50] function produces_trans'0 [#"06_map_precond.rs" 38 4 38 90] (a : t_Map'0) (ab : Seq.seq uint32) (b : t_Map'0) (bc : Seq.seq uint32) (c : t_Map'0) : () = - [%#s06_map_precond23] () + [%#s06_map_precond21] () - axiom produces_trans'0_spec : forall a : t_Map'0, ab : Seq.seq uint32, b : t_Map'0, bc : Seq.seq uint32, c : t_Map'0 . ([%#s06_map_precond20] produces'0 a ab b) - -> ([%#s06_map_precond21] produces'0 b bc c) -> ([%#s06_map_precond22] produces'0 a (Seq.(++) ab bc) c) + axiom produces_trans'0_spec : forall a : t_Map'0, ab : Seq.seq uint32, b : t_Map'0, bc : Seq.seq uint32, c : t_Map'0 . ([%#s06_map_precond18] produces'0 a ab b) + -> ([%#s06_map_precond19] produces'0 b bc c) -> ([%#s06_map_precond20] produces'0 a (Seq.(++) ab bc) c) function produces_refl'0 [#"06_map_precond.rs" 31 4 31 26] (self : t_Map'0) : () = - [%#s06_map_precond19] () + [%#s06_map_precond17] () - axiom produces_refl'0_spec : forall self : t_Map'0 . [%#s06_map_precond18] produces'0 self (Seq.empty : Seq.seq uint32) self + axiom produces_refl'0_spec : forall self : t_Map'0 . [%#s06_map_precond16] produces'0 self (Seq.empty : Seq.seq uint32) self meta "compute_max_steps" 1000000 - let rec increment'0 (iter:t_U'0) (return' (ret:()))= {[@expl:increment 'iter' type invariant] [%#s06_map_precond1] inv'1 iter} + let rec increment'0[#"06_map_precond.rs" 193 0 193 50] (iter:t_U'0) (return' (ret:()))= {[@expl:increment 'iter' type invariant] [%#s06_map_precond1] inv'1 iter} {[@expl:increment requires #0] [%#s06_map_precond2] forall done' : borrowed t_U'0 . completed'0 done' -> (forall next : t_U'0, steps : Seq.seq uint32 . produces'1 done'.final steps next -> steps = (Seq.empty : Seq.seq uint32) /\ done'.final = next)} @@ -1898,152 +1884,139 @@ module M_06_map_precond__increment [#"06_map_precond.rs" 193 0 193 50] [ return' (result:())-> (! return' {result}) ] end -module M_06_map_precond__counter [#"06_map_precond.rs" 209 0 209 48] - let%span s06_map_precond0 = "06_map_precond.rs" 210 18 210 19 - let%span s06_map_precond1 = "06_map_precond.rs" 209 40 209 44 - let%span s06_map_precond2 = "06_map_precond.rs" 207 11 207 156 - let%span s06_map_precond3 = "06_map_precond.rs" 208 11 208 90 - let%span s06_map_precond4 = "06_map_precond.rs" 216 19 216 20 - let%span s06_map_precond5 = "06_map_precond.rs" 213 19 213 61 - let%span s06_map_precond6 = "06_map_precond.rs" 214 18 214 39 - let%span s06_map_precond7 = "06_map_precond.rs" 179 4 179 8 - let%span s06_map_precond8 = "06_map_precond.rs" 180 4 180 8 - let%span s06_map_precond9 = "06_map_precond.rs" 172 11 174 65 - let%span s06_map_precond10 = "06_map_precond.rs" 175 11 175 38 - let%span s06_map_precond11 = "06_map_precond.rs" 176 11 176 48 - let%span s06_map_precond12 = "06_map_precond.rs" 181 5 181 14 - let%span s06_map_precond13 = "06_map_precond.rs" 177 10 177 75 - let%span s06_map_precond14 = "06_map_precond.rs" 123 12 126 47 - let%span s06_map_precond15 = "06_map_precond.rs" 111 12 116 71 - let%span s06_map_precond16 = "06_map_precond.rs" 11 4 13 36 - let%span scommon17 = "common.rs" 14 14 14 45 - let%span scommon18 = "common.rs" 18 15 18 32 - let%span scommon19 = "common.rs" 19 15 19 32 - let%span scommon20 = "common.rs" 20 14 20 42 - let%span sresolve21 = "../../../../creusot-contracts/src/resolve.rs" 54 20 54 34 - let%span sops22 = "../../../../creusot-contracts/src/std/ops.rs" 109 15 109 59 - let%span sops23 = "../../../../creusot-contracts/src/std/ops.rs" 110 14 110 36 - let%span sops24 = "../../../../creusot-contracts/src/std/ops.rs" 115 14 115 31 - let%span sops25 = "../../../../creusot-contracts/src/std/ops.rs" 120 15 120 29 - let%span sops26 = "../../../../creusot-contracts/src/std/ops.rs" 121 15 121 26 - let%span sops27 = "../../../../creusot-contracts/src/std/ops.rs" 122 14 122 28 - let%span sops28 = "../../../../creusot-contracts/src/std/ops.rs" 127 14 128 105 - let%span s06_map_precond29 = "06_map_precond.rs" 87 12 90 63 - let%span s06_map_precond30 = "06_map_precond.rs" 165 12 167 73 - let%span s06_map_precond31 = "06_map_precond.rs" 95 14 95 81 - let%span s06_map_precond32 = "06_map_precond.rs" 98 12 104 88 +module M_06_map_precond__counter [#"06_map_precond.rs" 204 0 204 48] + let%span s06_map_precond0 = "06_map_precond.rs" 205 25 205 26 + let%span s06_map_precond1 = "06_map_precond.rs" 204 40 204 44 + let%span s06_map_precond2 = "06_map_precond.rs" 202 11 202 156 + let%span s06_map_precond3 = "06_map_precond.rs" 203 11 203 90 + let%span s06_map_precond4 = "06_map_precond.rs" 207 22 207 41 + let%span s06_map_precond5 = "06_map_precond.rs" 208 15 208 16 + let%span s06_map_precond6 = "06_map_precond.rs" 179 4 179 8 + let%span s06_map_precond7 = "06_map_precond.rs" 180 4 180 8 + let%span s06_map_precond8 = "06_map_precond.rs" 172 11 174 65 + let%span s06_map_precond9 = "06_map_precond.rs" 175 11 175 38 + let%span s06_map_precond10 = "06_map_precond.rs" 176 11 176 48 + let%span s06_map_precond11 = "06_map_precond.rs" 181 5 181 14 + let%span s06_map_precond12 = "06_map_precond.rs" 177 10 177 75 + let%span s06_map_precond13 = "06_map_precond.rs" 123 12 126 47 + let%span s06_map_precond14 = "06_map_precond.rs" 111 12 116 71 + let%span s06_map_precond15 = "06_map_precond.rs" 11 4 13 36 + let%span scommon16 = "common.rs" 14 14 14 45 + let%span scommon17 = "common.rs" 18 15 18 32 + let%span scommon18 = "common.rs" 19 15 19 32 + let%span scommon19 = "common.rs" 20 14 20 42 + let%span sresolve20 = "../../../../creusot-contracts/src/resolve.rs" 54 20 54 34 + let%span sops21 = "../../../../creusot-contracts/src/std/ops.rs" 109 15 109 59 + let%span sops22 = "../../../../creusot-contracts/src/std/ops.rs" 110 14 110 36 + let%span sops23 = "../../../../creusot-contracts/src/std/ops.rs" 115 14 115 31 + let%span sops24 = "../../../../creusot-contracts/src/std/ops.rs" 120 15 120 29 + let%span sops25 = "../../../../creusot-contracts/src/std/ops.rs" 121 15 121 26 + let%span sops26 = "../../../../creusot-contracts/src/std/ops.rs" 122 14 122 28 + let%span sops27 = "../../../../creusot-contracts/src/std/ops.rs" 127 14 128 105 + let%span s06_map_precond28 = "06_map_precond.rs" 87 12 90 63 + let%span s06_map_precond29 = "06_map_precond.rs" 165 12 167 73 + let%span s06_map_precond30 = "06_map_precond.rs" 95 14 95 81 + let%span s06_map_precond31 = "06_map_precond.rs" 98 12 104 88 use prelude.prelude.UIntSize use prelude.prelude.Borrow - type closure2'1 = + use prelude.prelude.UIntSize + + use prelude.prelude.Snapshot + + use seq.Seq + + type closure0'1 = { field_0'0: borrowed usize } - predicate resolve'3 (self : borrowed closure2'1) = - [%#sresolve21] self.final = self.current + predicate resolve'3 (self : borrowed closure0'1) = + [%#sresolve20] self.final = self.current - predicate resolve'1 (_1 : borrowed closure2'1) = + predicate resolve'1 (_1 : borrowed closure0'1) = resolve'3 _1 use prelude.prelude.UInt32 use prelude.prelude.Intrinsic - use prelude.prelude.UIntSize - - use prelude.prelude.Snapshot - - use seq.Seq - - constant v_MAX'0 : usize = (18446744073709551615 : usize) - - use prelude.prelude.Int - use seq.Seq use prelude.prelude.Snapshot - predicate postcondition_once'0 (self : closure2'1) (args : (uint32, Snapshot.snap_ty (Seq.seq uint32))) (result : uint32) - - = - [%#s06_map_precond6] let (x, _prod) = args in UIntSize.to_int (self.field_0'0).final - = UIntSize.to_int (self.field_0'0).current + 1 - predicate resolve'8 (self : borrowed usize) = - [%#sresolve21] self.final = self.current + [%#sresolve20] self.final = self.current predicate resolve'7 (_1 : borrowed usize) = resolve'8 _1 - predicate resolve'5 (_1 : closure2'1) = + predicate resolve'5 (_1 : closure0'1) = resolve'7 _1.field_0'0 - predicate unnest'0 (self : closure2'1) (_2 : closure2'1) = + predicate unnest'0 (self : closure0'1) (_2 : closure0'1) = (_2.field_0'0).final = (self.field_0'0).final - predicate postcondition_mut'0 (self : closure2'1) (args : (uint32, Snapshot.snap_ty (Seq.seq uint32))) (result_state : closure2'1) (result : uint32) + let rec closure0'0[#"06_map_precond.rs" 206 14 206 42] [@coma:extspec] (_1:borrowed closure0'1) (x:uint32) (_prod:Snapshot.snap_ty (Seq.seq uint32)) (return' (ret:uint32))= bb0 + [ bb0 = s0 + [ s0 = {[@expl:assertion] [%#s06_map_precond4] UIntSize.to_int ((_1.current).field_0'0).current + = Seq.length (Snapshot.inner _prod)} + s1 + | s1 = UIntSize.add {((_1.current).field_0'0).current} {[%#s06_map_precond5] (1 : usize)} + (fun (_ret':usize) -> + [ &_1 <- { _1 with current = { field_0'0 = { (_1.current).field_0'0 with current = _ret' } } } ] + s2) + | s2 = -{resolve'1 _1}- s3 + | s3 = [ &_0 <- x ] s4 + | s4 = return' {_0} ] + ] + + [ & _0 : uint32 = any_l () + | & _1 : borrowed closure0'1 = _1 + | & x : uint32 = x + | & _prod : Snapshot.snap_ty (Seq.seq uint32) = _prod ] + [ return' (result:uint32)-> return' {result} ] + + predicate postcondition_once'0 (self : closure0'1) (args : (uint32, Snapshot.snap_ty (Seq.seq uint32))) (result : uint32) + + = + let (x, _prod) = args in exists __bor_self : borrowed closure0'1 . closure0'0'post'return' __bor_self x _prod result + /\ __bor_self.current = self + + predicate postcondition_mut'0 (self : closure0'1) (args : (uint32, Snapshot.snap_ty (Seq.seq uint32))) (result_state : closure0'1) (result : uint32) = - (let (x, _prod) = args in UIntSize.to_int (result_state.field_0'0).current - = UIntSize.to_int (self.field_0'0).current + 1) + (let (x, _prod) = args in exists __bor_self : borrowed closure0'1 . closure0'0'post'return' __bor_self x _prod result + /\ __bor_self.current = self /\ __bor_self.final = result_state) /\ unnest'0 self result_state - function fn_mut_once'0 (self : closure2'1) (args : (uint32, Snapshot.snap_ty (Seq.seq uint32))) (res : uint32) : () + function fn_mut_once'0 (self : closure0'1) (args : (uint32, Snapshot.snap_ty (Seq.seq uint32))) (res : uint32) : () - axiom fn_mut_once'0_spec : forall self : closure2'1, args : (uint32, Snapshot.snap_ty (Seq.seq uint32)), res : uint32 . [%#sops28] postcondition_once'0 self args res - = (exists res_state : closure2'1 . postcondition_mut'0 self args res_state res /\ resolve'5 res_state) + axiom fn_mut_once'0_spec : forall self : closure0'1, args : (uint32, Snapshot.snap_ty (Seq.seq uint32)), res : uint32 . [%#sops27] postcondition_once'0 self args res + = (exists res_state : closure0'1 . postcondition_mut'0 self args res_state res /\ resolve'5 res_state) - function unnest_trans'0 (self : closure2'1) (b : closure2'1) (c : closure2'1) : () + function unnest_trans'0 (self : closure0'1) (b : closure0'1) (c : closure0'1) : () - axiom unnest_trans'0_spec : forall self : closure2'1, b : closure2'1, c : closure2'1 . ([%#sops25] unnest'0 self b) - -> ([%#sops26] unnest'0 b c) -> ([%#sops27] unnest'0 self c) + axiom unnest_trans'0_spec : forall self : closure0'1, b : closure0'1, c : closure0'1 . ([%#sops24] unnest'0 self b) + -> ([%#sops25] unnest'0 b c) -> ([%#sops26] unnest'0 self c) - function unnest_refl'0 (self : closure2'1) : () + function unnest_refl'0 (self : closure0'1) : () - axiom unnest_refl'0_spec : forall self : closure2'1 . [%#sops24] unnest'0 self self + axiom unnest_refl'0_spec : forall self : closure0'1 . [%#sops23] unnest'0 self self - function postcondition_mut_unnest'0 (self : closure2'1) (args : (uint32, Snapshot.snap_ty (Seq.seq uint32))) (res_state : closure2'1) (res : uint32) : () + function postcondition_mut_unnest'0 (self : closure0'1) (args : (uint32, Snapshot.snap_ty (Seq.seq uint32))) (res_state : closure0'1) (res : uint32) : () - axiom postcondition_mut_unnest'0_spec : forall self : closure2'1, args : (uint32, Snapshot.snap_ty (Seq.seq uint32)), res_state : closure2'1, res : uint32 . ([%#sops22] postcondition_mut'0 self args res_state res) - -> ([%#sops23] unnest'0 self res_state) - - let rec closure2'0 (_1:borrowed closure2'1) (x:uint32) (_prod:Snapshot.snap_ty (Seq.seq uint32)) (return' (ret:uint32))= {[@expl:closure requires] [%#s06_map_precond5] UIntSize.to_int ((_1.current).field_0'0).current - = Seq.length (Snapshot.inner _prod) - /\ ((_1.current).field_0'0).current < (v_MAX'0 : usize)} - (! bb0 - [ bb0 = s0 - [ s0 = UIntSize.add {((_1.current).field_0'0).current} {[%#s06_map_precond4] (1 : usize)} - (fun (_ret':usize) -> - [ &_1 <- { _1 with current = { field_0'0 = { (_1.current).field_0'0 with current = _ret' } } } ] - s1) - | s1 = -{resolve'1 _1}- s2 - | s2 = [ &res1 <- x ] s3 - | s3 = [ &res <- res1 ] s4 - | s4 = [ &_0 <- res ] s5 - | s5 = return' {_0} ] - ] - ) - [ & _0 : uint32 = any_l () - | & _1 : borrowed closure2'1 = _1 - | & x : uint32 = x - | & res : uint32 = any_l () - | & res1 : uint32 = any_l () ] - - [ return' (result:uint32)-> {[@expl:closure ensures] [%#s06_map_precond6] UIntSize.to_int ((_1.final).field_0'0).current - = UIntSize.to_int ((_1.current).field_0'0).current + 1} - {[@expl:closure unnest] unnest'0 _1.current _1.final} - (! return' {result}) ] - + axiom postcondition_mut_unnest'0_spec : forall self : closure0'1, args : (uint32, Snapshot.snap_ty (Seq.seq uint32)), res_state : closure0'1, res : uint32 . ([%#sops21] postcondition_mut'0 self args res_state res) + -> ([%#sops22] unnest'0 self res_state) type t_I'0 predicate inv'1 (_1 : t_I'0) - predicate inv'2 (_1 : closure2'1) + predicate inv'2 (_1 : closure0'1) - axiom inv_axiom'1 [@rewrite] : forall x : closure2'1 [inv'2 x] . inv'2 x = true + axiom inv_axiom'1 [@rewrite] : forall x : closure0'1 [inv'2 x] . inv'2 x = true use seq.Seq @@ -2056,58 +2029,57 @@ module M_06_map_precond__counter [#"06_map_precond.rs" 209 0 209 48] function produces_trans'0 [#"common.rs" 21 4 21 91] (a : t_I'0) (ab : Seq.seq uint32) (b : t_I'0) (bc : Seq.seq uint32) (c : t_I'0) : () - axiom produces_trans'0_spec : forall a : t_I'0, ab : Seq.seq uint32, b : t_I'0, bc : Seq.seq uint32, c : t_I'0 . ([%#scommon18] produces'0 a ab b) - -> ([%#scommon19] produces'0 b bc c) -> ([%#scommon20] produces'0 a (Seq.(++) ab bc) c) + axiom produces_trans'0_spec : forall a : t_I'0, ab : Seq.seq uint32, b : t_I'0, bc : Seq.seq uint32, c : t_I'0 . ([%#scommon17] produces'0 a ab b) + -> ([%#scommon18] produces'0 b bc c) -> ([%#scommon19] produces'0 a (Seq.(++) ab bc) c) function produces_refl'0 [#"common.rs" 15 4 15 27] (self : t_I'0) : () - axiom produces_refl'0_spec : forall self : t_I'0 . [%#scommon17] produces'0 self (Seq.empty : Seq.seq uint32) self + axiom produces_refl'0_spec : forall self : t_I'0 . [%#scommon16] produces'0 self (Seq.empty : Seq.seq uint32) self use prelude.prelude.Snapshot - predicate precondition'0 (self : closure2'1) (args : (uint32, Snapshot.snap_ty (Seq.seq uint32))) = - [%#s06_map_precond5] let (x, _prod) = args in UIntSize.to_int (self.field_0'0).current - = Seq.length (Snapshot.inner _prod) - /\ (self.field_0'0).current < (v_MAX'0 : usize) + predicate precondition'0 (self : closure0'1) (args : (uint32, Snapshot.snap_ty (Seq.seq uint32))) = + let (x, _prod) = args in forall __bor_self : borrowed closure0'1 . __bor_self.current = self + -> closure0'0'pre __bor_self x _prod predicate completed'0 [#"common.rs" 11 4 11 36] (self : borrowed t_I'0) - predicate next_precondition'0 [#"06_map_precond.rs" 85 4 85 74] (iter : t_I'0) (func : closure2'1) (produced : Seq.seq uint32) + predicate next_precondition'0 [#"06_map_precond.rs" 85 4 85 74] (iter : t_I'0) (func : closure0'1) (produced : Seq.seq uint32) = - [%#s06_map_precond29] forall e : uint32, i : t_I'0 [produces'0 iter (Seq.singleton e) i] . produces'0 iter (Seq.singleton e) i + [%#s06_map_precond28] forall e : uint32, i : t_I'0 [produces'0 iter (Seq.singleton e) i] . produces'0 iter (Seq.singleton e) i -> precondition'0 func (e, Snapshot.new produced) use seq.Seq - predicate preservation'0 [#"06_map_precond.rs" 109 4 109 45] (iter : t_I'0) (func : closure2'1) = - [%#s06_map_precond15] forall s : Seq.seq uint32, e1 : uint32, e2 : uint32, f : borrowed closure2'1, b : uint32, i : t_I'0 . unnest'0 func f.current + predicate preservation'0 [#"06_map_precond.rs" 109 4 109 45] (iter : t_I'0) (func : closure0'1) = + [%#s06_map_precond14] forall s : Seq.seq uint32, e1 : uint32, e2 : uint32, f : borrowed closure0'1, b : uint32, i : t_I'0 . unnest'0 func f.current -> produces'0 iter (Seq.snoc (Seq.snoc s e1) e2) i -> precondition'0 f.current (e1, Snapshot.new s) -> postcondition_mut'0 f.current (e1, Snapshot.new s) f.final b -> precondition'0 f.final (e2, Snapshot.new (Seq.snoc s e1)) predicate reinitialize'0 [#"06_map_precond.rs" 121 4 121 29] (_1 : ()) = - [%#s06_map_precond14] forall iter : borrowed t_I'0, func : closure2'1 . completed'0 iter + [%#s06_map_precond13] forall iter : borrowed t_I'0, func : closure0'1 . completed'0 iter -> next_precondition'0 iter.final func (Seq.empty : Seq.seq uint32) /\ preservation'0 iter.final func type t_Map'0 = - { t_Map__iter'0: t_I'0; t_Map__func'0: closure2'1; t_Map__produced'0: Snapshot.snap_ty (Seq.seq uint32) } + { t_Map__iter'0: t_I'0; t_Map__func'0: closure0'1; t_Map__produced'0: Snapshot.snap_ty (Seq.seq uint32) } - predicate preservation_inv'0 [#"06_map_precond.rs" 96 4 96 73] (iter : t_I'0) (func : closure2'1) (produced : Seq.seq uint32) + predicate preservation_inv'0 [#"06_map_precond.rs" 96 4 96 73] (iter : t_I'0) (func : closure0'1) (produced : Seq.seq uint32) = - [%#s06_map_precond32] forall s : Seq.seq uint32, e1 : uint32, e2 : uint32, f : borrowed closure2'1, b : uint32, i : t_I'0 [produces'0 iter (Seq.snoc (Seq.snoc s e1) e2) i, postcondition_mut'0 f.current (e1, Snapshot.new (Seq.(++) produced s)) f.final b] . unnest'0 func f.current + [%#s06_map_precond31] forall s : Seq.seq uint32, e1 : uint32, e2 : uint32, f : borrowed closure0'1, b : uint32, i : t_I'0 [produces'0 iter (Seq.snoc (Seq.snoc s e1) e2) i, postcondition_mut'0 f.current (e1, Snapshot.new (Seq.(++) produced s)) f.final b] . unnest'0 func f.current -> produces'0 iter (Seq.snoc (Seq.snoc s e1) e2) i -> precondition'0 f.current (e1, Snapshot.new (Seq.(++) produced s)) -> postcondition_mut'0 f.current (e1, Snapshot.new (Seq.(++) produced s)) f.final b -> precondition'0 f.final (e2, Snapshot.new (Seq.snoc (Seq.(++) produced s) e1)) - axiom preservation_inv'0_spec : forall iter : t_I'0, func : closure2'1, produced : Seq.seq uint32 . [%#s06_map_precond31] produced + axiom preservation_inv'0_spec : forall iter : t_I'0, func : closure0'1, produced : Seq.seq uint32 . [%#s06_map_precond30] produced = (Seq.empty : Seq.seq uint32) -> preservation_inv'0 iter func produced = preservation'0 iter func predicate invariant'0 [#"06_map_precond.rs" 163 4 163 30] (self : t_Map'0) = - [%#s06_map_precond30] reinitialize'0 () + [%#s06_map_precond29] reinitialize'0 () /\ preservation_inv'0 self.t_Map__iter'0 self.t_Map__func'0 (Snapshot.inner self.t_Map__produced'0) /\ next_precondition'0 self.t_Map__iter'0 self.t_Map__func'0 (Snapshot.inner self.t_Map__produced'0) @@ -2119,15 +2091,15 @@ module M_06_map_precond__counter [#"06_map_precond.rs" 209 0 209 48] | {t_Map__iter'0 = iter ; t_Map__func'0 = func ; t_Map__produced'0 = produced} -> inv'1 iter end) - let rec map'0 (iter:t_I'0) (func:closure2'1) (return' (ret:t_Map'0))= {[@expl:map 'iter' type invariant] [%#s06_map_precond7] inv'1 iter} - {[@expl:map 'func' type invariant] [%#s06_map_precond8] inv'2 func} - {[@expl:map requires #0] [%#s06_map_precond9] forall e : uint32, i2 : t_I'0 . produces'0 iter (Seq.singleton e) i2 + let rec map'0 (iter:t_I'0) (func:closure0'1) (return' (ret:t_Map'0))= {[@expl:map 'iter' type invariant] [%#s06_map_precond6] inv'1 iter} + {[@expl:map 'func' type invariant] [%#s06_map_precond7] inv'2 func} + {[@expl:map requires #0] [%#s06_map_precond8] forall e : uint32, i2 : t_I'0 . produces'0 iter (Seq.singleton e) i2 -> precondition'0 func (e, Snapshot.new (Seq.empty : Seq.seq uint32))} - {[@expl:map requires #1] [%#s06_map_precond10] reinitialize'0 ()} - {[@expl:map requires #2] [%#s06_map_precond11] preservation'0 iter func} + {[@expl:map requires #1] [%#s06_map_precond9] reinitialize'0 ()} + {[@expl:map requires #2] [%#s06_map_precond10] preservation'0 iter func} any - [ return' (result:t_Map'0)-> {[%#s06_map_precond12] inv'0 result} - {[%#s06_map_precond13] result + [ return' (result:t_Map'0)-> {[%#s06_map_precond11] inv'0 result} + {[%#s06_map_precond12] result = { t_Map__iter'0 = iter; t_Map__func'0 = func; t_Map__produced'0 = Snapshot.new (Seq.empty : Seq.seq uint32) }} (! return' {result}) ] @@ -2138,15 +2110,19 @@ module M_06_map_precond__counter [#"06_map_precond.rs" 209 0 209 48] true predicate resolve'2 [#"06_map_precond.rs" 9 9 9 16] (self : t_Map'0) = - [%#s06_map_precond16] resolve'4 self.t_Map__iter'0 + [%#s06_map_precond15] resolve'4 self.t_Map__iter'0 /\ resolve'5 self.t_Map__func'0 /\ resolve'6 self.t_Map__produced'0 predicate resolve'0 (_1 : t_Map'0) = resolve'2 _1 + constant v_MAX'0 : usize = (18446744073709551615 : usize) + + use prelude.prelude.Int + meta "compute_max_steps" 1000000 - let rec counter'0 (iter:t_I'0) (return' (ret:()))= {[@expl:counter 'iter' type invariant] [%#s06_map_precond1] inv'1 iter} + let rec counter'0[#"06_map_precond.rs" 204 0 204 48] (iter:t_I'0) (return' (ret:()))= {[@expl:counter 'iter' type invariant] [%#s06_map_precond1] inv'1 iter} {[@expl:counter requires #0] [%#s06_map_precond2] forall done' : borrowed t_I'0 . completed'0 done' -> (forall next : t_I'0, steps : Seq.seq uint32 . produces'0 done'.final steps next -> steps = (Seq.empty : Seq.seq uint32) /\ done'.final = next)} @@ -2172,7 +2148,7 @@ module M_06_map_precond__counter [#"06_map_precond.rs" 209 0 209 48] | & iter : t_I'0 = iter | & cnt : usize = any_l () | & _5 : t_Map'0 = any_l () - | & _7 : closure2'1 = any_l () + | & _7 : closure0'1 = any_l () | & _8 : borrowed usize = any_l () ] [ return' (result:())-> (! return' {result}) ] end diff --git a/creusot/tests/should_succeed/iterators/06_map_precond.rs b/creusot/tests/should_succeed/iterators/06_map_precond.rs index d6b99fa2e..7842e7848 100644 --- a/creusot/tests/should_succeed/iterators/06_map_precond.rs +++ b/creusot/tests/should_succeed/iterators/06_map_precond.rs @@ -191,12 +191,7 @@ pub fn identity(iter: I) { forall 0 <= x && x < prod.len() ==> prod[x] <= 10u32 )] pub fn increment>(iter: U) { - let i = map( - iter, - #[requires(x@ <= 15)] - #[ensures(result@ == x@+1)] - |x: u32, _| x + 1, - ); + let i = map(iter, |x: u32, _| x + 1); proof_assert! { forall> i.produces(prod, fin) ==> @@ -207,14 +202,10 @@ pub fn increment>(iter: U) { #[requires(forall done.completed() ==> forall> (^done).produces(steps, next) ==> steps == Seq::EMPTY && ^done == next)] #[requires(forall iter.produces(prod, fin) ==> prod.len() <= usize::MAX@)] pub fn counter>(iter: I) { - let mut cnt = 0; - map( - iter, - #[requires(cnt@ == (*_prod).len() && cnt < usize::MAX)] - #[ensures(cnt@ == old(cnt)@ + 1)] - |x, _prod: Snapshot>| { - cnt += 1; - x - }, - ); + let mut cnt: usize = 0; + map(iter, |x, _prod: Snapshot>| { + proof_assert!(cnt@ == _prod.len()); + cnt += 1; + x + }); } diff --git a/creusot/tests/should_succeed/iterators/06_map_precond/why3session.xml b/creusot/tests/should_succeed/iterators/06_map_precond/why3session.xml index da3b93c0c..6da3805e7 100644 --- a/creusot/tests/should_succeed/iterators/06_map_precond/why3session.xml +++ b/creusot/tests/should_succeed/iterators/06_map_precond/why3session.xml @@ -243,49 +243,40 @@ - - - - + - - - - + - + - + - + - + - + - - - - + diff --git a/creusot/tests/should_succeed/iterators/06_map_precond/why3shapes.gz b/creusot/tests/should_succeed/iterators/06_map_precond/why3shapes.gz index 5a21487da5ff83bb9ac6c9bee45ae214d3924d74..8775f384c1c63d194fbe3fe4fbf9d45bf0e3bf6a 100644 GIT binary patch literal 5260 zcmV;76m#nziwFP!00000|Lt5^j~qF2e(zr)zz?!_u>kMG7(FxwQ^*Fq^Rh<4ZvwBJ zDXi2jb+=|`{p|!@kia25A>)G-NQ|OaE~W<{|sW3d@djI)1iO5agXWg z;lpn!ztOwV+u_zdJwJX4&tD$hhxg-t?RdJ{<#1Ex{=Nukz{NeK5B1&RsPbtb0J~OY!cj+kv`6#P=gHTH`;gkt26VpM->0WW zm`BR)2Jdw8-iTn(!13RxK^!S`wltaiN#g5~>Mw=y}M0&hlu`{QiCY2KTeahP20I9y(S&rd$!DMKUmj9-=M?K-w*Op12wStLa}naDaq z-IVGGp|pD(wU3)uG3s*132e7O>bK;PiA_;T0aHe1Foju?ED1&i3u%GM$Q-Ejj8w>M zic~*GDxE>q&7eAy>sfqYvJ0x1Egiw8G+e+<5md;|X}reVkRP4L(*?L*$#@m9Zh=ox z)BsN{WEtHL*`fEu1hYcVz7-9Sy`S_!mxUf1NbbhGme1`e-V|KA6aIFm*(%0}KQHc2 z?lgh@`P*r{)Uvh=xJw8PH$SfpTx2vig7w)>sm{Vd5d)cvq1DVTK#fGO!@R&~1aiFZ z!#FyQ{l}>_EqA(PSy%AfZ&vPfHxy%MRQtq|v2`9fn(gG%t_U_6Gf5DJpPFDgZoDAQ zZ#viAfp|5{}1TZ?;xAK=g2Noio~lown~j?Y}O+MPG30-iu|wXi~_w7iN`P zUofrQePLd?c{nk=Z({G&C$-bMhkQ%uWK(C^1yF2vPG9ejr%BI-*S{QCmcq*I+T4ze zuZ1>zDr@GmIN4=){BV19M85rsJm7XucCjDld;lqEGB;dA6Z&Pf^JR4N3A*`SbYC-- zmt%Ua-w~$y|5{9obxe!0X0eKCaRsJZH?{`n>^@eJyx?1YdKs5~+VuV7T8+M?OXUvGRN?KB5OAuR@a5eLNCeW~%;b4S)F~NS8_scA2STV4fhz71@?1?-uF*#`C|t+|n0hBP(#KyHAla;ClmRn%rEkb&GA zQe#MyO-NtMd?%y}oAJ@(6w+i0X==U(($st#Naxuc8J$2nuWNi#ho%nF^cqMvN9U_B zq;>;_=acSTklv0CE2` zzHVl+yKaW>?w>{%kW9I!)BP_W((}Xpk?A8dpZm}6AMR7>(tN-)pWTn|e=e=<4LB!g z`OCw{-0#Tj=l0s0*+c(y(>`%_`=bjFAED3Ztg0iYXKDkHw#vz$&okp~n%oTP7;<*^ z65`Ez1`Li|ER#Llw$kGLH9OCT`e)&?qx#&cs=e&T!%RT-Xa;ok=T^=7&^-)E@?$GM zb!^3lhZY+4NV{7NV4*7`(0v(!9+eTWBUQ_H?D+~@lxuCdcF*2+k)w-pT`uU(?`HC@ z%Ps1;ft6@6Y@lVcur#M~72R0(VP;7TMxhohseA!4izVr?B|)>KQz5fcOER}(D={r> z^W)+Ccr&s$&OUdTXNUgj2L9;x=l5ebcI3K)6|C$2A*^{Tz#0&|U0U7CNNhUsOrnJj z@V-Q$XLaOA{@x7-j$9|Yj=bL}BxO1SgB4i9-AK-y4?PGiGBihSI}4$(JkvQfZVvs^ zsH8-Y0T+RHHgi~lG#?H(Kj&Ma-T;L@3i!dn`|X-<5d0|HtPRf%l=yj~k_@VJoPT(H zeE1t=`SGtqs0nct%~ko90*5Sx=~=o{>>0Cf$YB{dlN_NR-{A;kw%OPsqDI4#9A<(3 zN(PNw^ox3{xfB;BkOg|W|1~|Hp5LEh&JglntMXr8$kv1=ItYCj6Sj>!vmAP`nAa8M z-N-^rwvg;mg&edh%xV~1hZfNo^Dc8(pK6A1Qz7+2{O=$+4Jj_WE0+g+o{F+z-q#Ow zyR2ed$O$|7b>VNz=bnk2%Vh@Rdsc0|)>0OHiN?qkmqnF{=Kt%{%o23_JUB0UK>e_f z!0WB^UH_?9&BorN?vnqs0N_$o*K90m_c*-guP2z8*4#}tQiV_-QNSy=kJ9Klg|V#M zlS|ZLo~Mg!`XTwEWx(@l3d1C73m5CTR+D$M#?i`kGpaOYjf)A;{}7d>MC!#v{;fgX zs9^GCnrP))4$?L>aqf1wo55{8%~}TR-30^K-sQi@()LxaZWg1CD{A3kn#x(0i*w)g zye6yo61J+GW>T4aE~D2^dh+*uKwUYpxG2Kc@^!zRp0K94T2@p#FNyA40ohBbo;UU6 z7rLj-?wg|BII)>(Zd64znCrMeYq*GcLD}%@X>l#>#FuKz)+G4zMLH`}n4NYucvxS~ zDwkQLR zMdK|k2#Mvd=Y*A~sZP!@T^xpZBDev_loBrc=efG0! zy0M7H_jSW>`!4QY>Yz6+J$6Ll+m}X`7ulE`T^Qu#Y8P7beSbbtT(c;-W>Ip#MO`_y zue6_4a7^q+{-3rVwPio5h)8YNkGk4^THm{2HrdH-S<99a+_*YiC;i>BzFXFJ%la0U zwHV^I_F5Nj;6;|=5ajvpYbVHMD7Uug8Yoqb$PAkQZVgSjuBY380iI@fN(E)%<`-;1Zamo+>rm0D9szot!# zS?B=zKfSs{_v&(53-n!=|A4yeYMZ($L2{`|kn~l8tgjMeU6tV5(b#ifDt9q=i*;D} zmj85*^|%kG|IAnY%~jd-0{a~EvM(OdJYV|AY2D$WD}rFEtGQ#t-;I&i{cg;2S6M{+ z$|7p!g`4?$YPoQ;xeceK+>B1k&AO8Fvm)3;5v(u8WPK?nYZO67ifCm=hJxGE>vpCx z)n8>Us%>VWEyatfo0W_nx^j??@K}*$pEpz_Usfb3KQqME6xsd0P+wCh@((WcZ*ue| zj-vubebmEObEIUs7|{Sq?GFb%ccw%8f7b9uC46_| zGTW?>ACTfbz)YGvjLTfS*fa!M{zU=rGcqpQ43z7`h)bSP849F)bf4b5Ew1>@^WQ(E zH@zKoeyf35)33PPS-%P8@#PSk-ENJLk1prpq0Hkkeg1L+df)sL*&cc1X3=J*lR&>C zx5XqD>~g}BE*CH@_FZr&!`_2+O$Bx?-?}(-R+_NUx%ABtYJVf+_k3IVdzY)`j}!Pb z1Ag!EgVjG_?Rn)hpm6}^+_3CU_st8v z7CiVOt%(Qk`+S`T=V}>^neG6KDjVbN$h0~So(t?JLN~brcVyjy^g=hS&;>b67`BkV z>zz)i(9KRq@KvXi`|w=IJ9avP9?o_DlV4|B^T=e$Ba=msOeP+ADfosD4^Lkn6M0KB z^atgMd2^k8@TKVe0s>2c{o?Swh`BtEE*-GD(t#Y5dNA#nWuG4upmjK+9prv{|L5EP zcsmPoylDOmrnZj$U3LJo84mi$#<)ijj30(s%8iUd)geihlod|Z$@{=4OIEYQsg7@C zB`RLAidN)Cdm|XHX)+F-X>>ABpG2s&azrG8&Z=}YGHS~)yGW?^!dvg1G0dtMXbj&C!9Tis8-Wy&kZu1~99b{6nl+zHDt+{nVhUj>r zGzLR4iY*SZB-M@(<_y!pFo}+uF{xtkQJGrjL2^3C1!;wFS|x!2H3cj0Sb`jwppNIo zOFbRrt>Z>`qZ$4tj(MVeuvS|sA@F4KAT{G8buA6owbPO)r-Tn)TN0UK!E%<@#975@ z#Yx3%#Z1L?#Z<*)#YDxREmkpFF;Y=mQBzS&YsRD|iJO``s*;pE*1|#{k_hW+h_5h_ z@>(WI7;b}0oS0y=GSYj`Wi3Q$X@ zq3~l!=b2%I1foSWN@ONiLs&^TJ5LD@wNR=2Yuf<3)Do*pUS*wdb-kT%I8-4)IMhni z8kx1%@W!V0%*e75TX9oyeJv|W5?m0aMg{^GO(f@uSj%8RH6WIKpP-c>SNoR)?`jDn zBKj;lXow3apWEaB?hG@*D{(c_R1LYAx;Dup1S!S5)WrE<@P{X#^&`Y9@DXstEI3aE z%gBzk6kgXnaE18k8$P-csuEX2E^1;RGlXCpSn`Q73k$VOVx3XCj0Qc^z(+JK(L>FdG*Up<$~=C5s4YlTJ-I05|(;3^`|BAmgys zz=|W#$7+WtOcTtE*us#$4l9Fbim*mtuXW0SMC`xBn?71@~lLdRvJ;38sv^4ii}CcE5#~BD@7`4D`{q4 zPU%$F8ZlE#SdAvwDsv+dK)upIanR7{rz@>0jb~A5UTIcoT4_=#TPag1T`5&5a1$ld z^ezIoL`N%wakYY(M2EoO>SzfJG}E-hiR3}TBDM6)c}su;N<)lTPfQ4i$R%S~9K@1| z-caSEAPhN~G|>Re+;IsMn;g>2bk!wkrtlI-kujEtAh@Aa)mVPStQGR3wQ&dmJZML> zPCEF+0ywH5j5QXSaRHRUf1)zHGORMRGGu`a{4bC2#L025kyXP_*22L7ClXcNOj}n* zT_6)gj7?6Wg?Gdzh1678cs`<{FCsH$7bTCpn;C=yTALh5gJK9lG!PnrVOG+70MXLQ zl9@eISaU?~jlG3IR;*xY7+3R}1Y=8DfxN7;sJFA6oWml{$>$pu!)bwJ!zmP=8S z3=e=h7N=^>UScFLr74LdFE_!Hc{psvT}q&;Ln>3_yTw++G!Rk@>;;>w0PjMuOY=GL zq}U=BYHTmHV1%Ub;U3;WB3v1%M5-C!tFTe@d2ej(USdE3k2!aU(P48euuDlwD5{m> zhBd@?uM>VgZ`NzZovg80aLH?6g+uyWq_P*q&S5V#Y`c|A@C!ENtqnyA6{Yk6Bm;Ay zz=L22p*jEDNt6pM88#OYfl5#)(5#u%+}2Xl=pE!6H5WxuITy;&WYGdSRnFwCP4t0#>ur>g z5vnAR#L6yudpu$%Hhb{Ko^v4><4Gd4(ggSC5-BHSNXjT%3Zc9ff^fJX?TMs0q*Gu) z5+v^MQ=~XemQ%R=cRu|ZoV8KboaJFdn==^LCk@#8If-RkYh%u!JoX&r3=EukKB^OE zS{$@ENFbj?AVFJBl=2L*CPN+71V)~aib_K?0#A}iQ#o@ksW*s+7=(%OOjx(i`xz)k zeT|(r^pjNE7U?Yb_zZ_{r z#;Ii)z9!_Kv?Npn4JII(Pg!M#G>AzMlk9571g;qA9j%Mwq&ZEitq&1>kPJ1^L(wxS SmD$-vQvU_vvlCI)X#fB}C^q!~ literal 5381 zcmV+g75eHQiwFP!00000|Lt5^ZzM-@e(zsFzz<_DAs{0nPeb$25Y#9FUcIbQ@Eeh* z)YutvhU93q{`E#?9bH#f7pFP)+8zOts`7}4jQk=ZDykj-6&!r}NcvhrZ2 zJeVsFhRPeP%Ixi@$LAOS_z;dS$H#~Jk6*HKWUXpb>z_YQdLJKrY`gVgXTLl=#OFqt zHQ?Rg9VYLM3I+{S1C1JZ4f1YLnA|05kTs|=9zeHi0)2O;{V4!P6b-k$Ar_Bqc@#|Qht{u*DhWIxoPJy`$c z=_x+Ew5?^oe#~0!m$0`#zW0zfYPmG}OVI!|hI-m~2j3}iK`XZ)s2_vf)SV^Vg*>uP60cw+*ULBaC2E8ZO|bD9UH&G+twF$dA_52p8abCF8S*wF`X8 zMh)=PLKa~=WQX4K_O@*3$+zC#TIK=6aR5+P0JoHS=JRix0{tc-VN2*8PztmWNe*gj-;J*ZHi!%Ig{HC&Q4!q-OS@mPylW;ul-L0)~fau}kI%l*6JMGwQyZ^TQ7Jb37doPy#Dxqq` z1*vlDE5ypf7v###L&0jqRqVaFP#dj#$hU+}oI1-cfZ}0){Ca;pJ@l-2{mX%6DXi?z z$yOts3vD%0Su@SzWOurw!~W`sy#I=Gz<$f=Vmr=h0I3==H(W$hjhMHcmeEZUbkkOJ zUn9!vF+Jbk5vJ*XEvET-O!Km4eiqaG3QV_d>>Ql4`#6i_1>f@X>u7z){CCX%f5ZHK z)3@jayC|UJBNS3@*nmRHnBk`_X-SPOfv;J@)y%hJ##SYz+R;_HKjl6CPRS@ z^xlvfLz=BZ`da22Azj#vuO6q6W>ZLm{u)Sw{x*=#($okONauBpZ|Z8$9i-tJNHdrs z-D`+9>lrYpi7%5q>|1S7pJu0gsee)~*79?^Rc*4L*K(#HQ|kd;^|{?^TL_OIll;%d@vb#3)g&N`mh6t|#xR zWKmBISfa(S0m{e1l1wEP-B|ZwW=SY&l#7;BdTLa~lGNCepeELBA)2Wr>HXMBbPL=3 zcsM=oM)pSdxx+jj`lp?Jh=07?kKI^Js)LoZ&kv9OoVTipYHGaTbak&IvFgM#i55D< z7b*0tY7%#+V4Ww9TxU%*@_wU`l<5o%me-{2MtUY1dJrf&)HRvTLZGfmcTSD;p??~c zlyElS!lC9kb6A`;9f#d7IV;o~AXhaPhvEDFoNwS%i}uu3^VTWTNl?KCRXWx^K0Q7D zErxd=|2l*k=QVFqtvHM_gZEV~UEJ9Tw~`3-nhq zX!N39HCoQKxFA4Q=<(sV_;h@^KZbll$p1U5|MLr36KJvrz7J#Ew2^0ah8`^DZB=nF8r+^qA_yCWl=@Y{Ga}qS%PkV4$g}nP(N%V z@OJBb-*@#}v-0hcy2F250B|X)Yd$QJeH!NZ(*zUKn!Cw|R3X$y6dQ{oM#tzmg|V*e zvyEUQmVDqkn|?}8vuOYK${H6BK>tHjmJU*{Ch~6$ z>P7{VuiJ@MzvUurWhYL<4tF!Soj+zR1NQEM0jz)Jzsl0KRj;lVqmCOSX@-$Tlu=*kI%=K7|xazmBCA@J5@mTT1xY# zp8Ue_xH^1QwJSF^)14btQ4M4r7ibL^F)t_^_8u44(h9y*TXs%^zg(nqMugdIXM>0H z%Q?$sdMs>qc2QrOaI&Jam2Bf^L zvKB+!+PBul3_Q$!vB;gCSGiE2(bMn^CI{TvQ?mjLaAWt_41KAhvH1o(Fo#!%Pmx*26-;1}qmv?wrDs^r{`ZcXu z%))^9A^rU38r`~=(^{bKd-)HzmtAdBS0%_URSB}bN)Y=hLF}po-;L&;0#nJw+%48& zJ1KA2F>vJak16D7%_F9R6;Mc%$Eq>Gz<| zPDB5LJ~^x3@q?0L@7fQ$m##Dk`qCuO^UBYh-&(HxY|`ma>eXOcuh!M9pLP-_JBfWQ zC-$|R*z6=5?PRNbHq`upIMV$ zwCAZ1HRYntVy+85W5N@btFsozE;zg4=)t~uIBPJh&}Ifk4HNsjSDxMzJaBVZpN7RH=t zjzY$$-qL?~eE#wj@g3y1K~D}&ZB@zwL3<3#?Y&&bP(ssEtXmazJqm7{nt$kI`*{2N z{h#;$@s6$PdoZi@0ObRv`N_dy5!AW3%9i3PTa2r05?7awcW3u4-~Z%Ddg*-l3Ia<< z$BWaq+WloYx&x=#bl}WKi{2${kg`947I)Ek1DIfAdRU=izbBW_{;9|N?8avj4#tSa zMUT!QbQqq4cOr0^d=xTD!>vrwIgfzRD2xOu+=z--RAB`b+bO3xQi7_$|w4AdehLnLfqpd5F`Ijc1q83Lpf?Tx5_D!>Y$0#=zyS86AbJEm;_D}zNX zL0I61C+9RJNhVL?(@8o;0|eenlgL;ue6SP&g4aMv;^HL3VzP{()u_BiK}jk^A%k~8 z>ZI}{F`Z<+Fq~T@BNvnsaN(WB$SoiTOL_4^O(!{HNpq(aTGGs-W6F7Blo29I6Lp>> zXPkseLX%2X2_~)N&O2pTK#ATE<~0#k1QoFgO@+EbRiUgpqzFILh>G%&nvl_NemIZVVpB2 z5Uh3pj4ACQT8984Gr4->(R-Ky`7NZmJ6$dPm(7^+Bzju)XAY1WhJH}U6Hz$6|ktB2hhSZL&OA8WX7OLCIN`- z`#4mbUF~0@)o2(p9$eO)hCrMml8IIzWSDWP_|-_0$#S7n($O&wbv(9U+HAR>A zhx0e!!=;tztpko3*&zw;R3cAOChrjkOai6Q3+cRQS-sK1Y~+?J z8w}SHgVfRJ;91g6J5JU>%kAwnX@fwBLTlj?naEH{#ZiFvQTV_!CM8u8D+!fkl`xgi zGcPAqOi3jON=TU$3pSA!$$KZ2mvkd4r7NW>B`YN=#VbXX!b(AKxMabk*h142ir?%4uNSbJ74ZNtr@qN^(u-=8?AKm1Rmr zB%K4Pmq--BGYC3(EXRB>m4V8znLPuC z6cTVEp`CX!l4KAPCFZp$#|i*d8Ce-o8D1HxOp#=fnzN{rG6p0I+K>t{D3=mTMuSvT zJ_A5*r3PLp&Z5hPD3dqQc_8C4A;=&wyHc}Rvj!0*DSc?2$S+<^8v)> zg*r4kDTZDW2Oy@UqbLP%&6#n$P~%&vDI!5Uct*;nq@^Lj6U*?BDTLxwjowO(d6WuR zV0pPQNbMX4Nj63jT=`f;qs?kdAgq>AyNE^^Pg*eVtjh;a@Up=cZl&fm7hn>&fJy|f zwU9g}M2ph9;PSVzF5pXUZ-|Cf2=1YD-vVEMyEWN z6pSMt%eN>nwv`%pOo|v?GCqIW06Gzba9(-t(fR@ph7~Z#=g*Bqi7SE3_`ogapg1Xk zf-qRYxQ(VE$}3>6*jx-+*+i0j{*eygI=fcIe83cW`P65!0=C&MlF^a0SEvAE;K`;$ z-ja>LV)Qx`it05KdGf$XBqk#$3dxDc6gdlA32urL0A?y+I>+RVLu6crQ80m3wWH zlSK<8kXGkUo8UY-<4h0%8AyRKVEKw(pD&G9!gBye#5p2G;S`7HIM~R_4H-fOxD-NV zG}bvqE>}!5&Ykv}xx_iLz4PRR0!AVr2c^jf9t8`| zQ4B%z!dkKlNL4`cBm(7sc?Co>l3Eao%X| z0j4BK%Yb=L!DSbgPmBsY=pcf-0ZtWgyow3qG2d09R@N$^1q0+MTZ_=7t;QSRvI3s3 zG5OWZg5*wztSFVZS16@+KtiDoTyU0EW-8#Bfx3QWOeh~%HYX;f(;^v47E=f=pPa=F z2&h1?H)F_2sf3!eBx|Jik!e(l=MXEs)A9xcRUokW_iI;WjN^%G$w`_NV!!|@2^L~V zz&zf7FcoB*&9}k%a#!TrWPUYc4Z)BSI;g-jT0!1`G{&ctd`hC6lqAfiImRt$@cDAY jJ0ZvghCcCRebfqNnZ{2NNUA{Mq6Gg1TBV|WA8h~t4$)s< From fa8fe05d2004fac0ec0727bcaa8ff8f2815d69d9 Mon Sep 17 00:00:00 2001 From: Xavier Denis Date: Tue, 17 Dec 2024 19:09:40 +0100 Subject: [PATCH 09/10] Fix both open bodies --- creusot/src/backend/program.rs | 2 -- 1 file changed, 2 deletions(-) diff --git a/creusot/src/backend/program.rs b/creusot/src/backend/program.rs index 42237097e..11fcbd3af 100644 --- a/creusot/src/backend/program.rs +++ b/creusot/src/backend/program.rs @@ -199,9 +199,7 @@ pub fn to_why<'tcx, N: Namer<'tcx>>( if !open_body { postcond = Expr::BlackBox(Box::new(postcond)); postcond = ensures.rfold(postcond, |acc, cond| Expr::Assert(Box::new(cond), Box::new(acc))); - } - if !open_body { body = Expr::BlackBox(Box::new(body)) }; From 8ed9b723b6bf4098b1c4b393f69b1ff588755ba1 Mon Sep 17 00:00:00 2001 From: Xavier Denis Date: Tue, 17 Dec 2024 19:26:07 +0100 Subject: [PATCH 10/10] Address review update tests --- creusot/src/backend/clone_map/elaborator.rs | 4 +- creusot/src/translation/function.rs | 95 +++++++------- .../bug/01_resolve_unsoundness.coma | 2 +- creusot/tests/should_fail/bug/222.coma | 2 +- creusot/tests/should_fail/bug/492.coma | 4 +- creusot/tests/should_fail/bug/692.coma | 8 +- creusot/tests/should_fail/bug/695.coma | 8 +- creusot/tests/should_fail/bug/869.coma | 2 +- creusot/tests/should_fail/bug/878.coma | 6 +- creusot/tests/should_fail/bug/specialize.coma | 6 +- creusot/tests/should_fail/bug/subregion.coma | 2 +- creusot/tests/should_fail/final_borrows.coma | 12 +- .../tests/should_fail/opaque_unproveable.coma | 2 +- .../traits/17_impl_refinement.coma | 2 +- .../should_fail/type_invariants/borrows.coma | 23 ++-- creusot/tests/should_succeed/100doors.coma | 2 +- creusot/tests/should_succeed/all_zero.coma | 2 +- creusot/tests/should_succeed/bdd.coma | 42 +++---- .../tests/should_succeed/binary_search.coma | 6 +- .../tests/should_succeed/bug/02_derive.coma | 6 +- creusot/tests/should_succeed/bug/164.coma | 2 +- creusot/tests/should_succeed/bug/168.coma | 2 +- creusot/tests/should_succeed/bug/173.coma | 2 +- .../tests/should_succeed/bug/181_ident.coma | 2 +- creusot/tests/should_succeed/bug/195.coma | 2 +- creusot/tests/should_succeed/bug/206.coma | 6 +- creusot/tests/should_succeed/bug/235.coma | 2 +- creusot/tests/should_succeed/bug/256.coma | 4 +- creusot/tests/should_succeed/bug/258.coma | 12 +- creusot/tests/should_succeed/bug/271.coma | 6 +- creusot/tests/should_succeed/bug/273.coma | 2 +- creusot/tests/should_succeed/bug/387.coma | 8 +- creusot/tests/should_succeed/bug/395.coma | 2 +- creusot/tests/should_succeed/bug/463.coma | 4 +- creusot/tests/should_succeed/bug/486.coma | 2 +- creusot/tests/should_succeed/bug/510.coma | 4 +- creusot/tests/should_succeed/bug/511.coma | 12 +- creusot/tests/should_succeed/bug/528.coma | 2 +- creusot/tests/should_succeed/bug/545.coma | 2 +- creusot/tests/should_succeed/bug/552.coma | 4 +- creusot/tests/should_succeed/bug/570.coma | 4 +- creusot/tests/should_succeed/bug/594.coma | 10 +- creusot/tests/should_succeed/bug/641.coma | 2 +- creusot/tests/should_succeed/bug/653.coma | 6 +- creusot/tests/should_succeed/bug/682.coma | 5 +- creusot/tests/should_succeed/bug/691.coma | 2 +- creusot/tests/should_succeed/bug/693.coma | 4 +- creusot/tests/should_succeed/bug/766.coma | 2 +- creusot/tests/should_succeed/bug/789.coma | 6 +- creusot/tests/should_succeed/bug/791.coma | 6 +- creusot/tests/should_succeed/bug/874.coma | 2 +- creusot/tests/should_succeed/bug/922.coma | 10 +- creusot/tests/should_succeed/bug/991.coma | 2 +- .../bug/box_borrow_resolve.coma | 2 +- .../tests/should_succeed/bug/eq_panic.coma | 2 +- .../should_succeed/bug/final_borrows.coma | 52 ++++---- .../tests/should_succeed/bug/minus_assoc.coma | 6 +- .../should_succeed/bug/nonreturning.coma | 8 +- .../tests/should_succeed/bug/two_phase.coma | 2 +- creusot/tests/should_succeed/cc/array.coma | 2 +- creusot/tests/should_succeed/cc/iter.coma | 2 +- creusot/tests/should_succeed/cell/01.coma | 2 +- creusot/tests/should_succeed/cell/02.coma | 2 +- creusot/tests/should_succeed/checked_ops.coma | 60 ++++----- creusot/tests/should_succeed/clones/01.coma | 10 +- creusot/tests/should_succeed/clones/02.coma | 2 +- creusot/tests/should_succeed/clones/03.coma | 10 +- creusot/tests/should_succeed/clones/04.coma | 2 +- .../should_succeed/closures/01_basic.coma | 100 ++++++++------- .../should_succeed/closures/02_nested.coma | 12 +- .../closures/03_generic_bound.coma | 10 +- .../closures/04_generic_closure.coma | 9 +- .../tests/should_succeed/closures/05_map.coma | 2 +- .../should_succeed/closures/06_fn_specs.coma | 19 +-- .../closures/07_mutable_capture.coma | 4 +- .../closures/08_multiple_calls.coma | 4 +- .../closures/09_fnonce_resolve.coma | 4 +- .../should_succeed/closures/10_tyinv.coma | 6 +- .../closures/11_proof_assert_in_closure.coma | 12 +- .../should_succeed/constrained_types.coma | 2 +- creusot/tests/should_succeed/drop_pair.coma | 6 +- creusot/tests/should_succeed/duration.coma | 2 +- .../tests/should_succeed/filter_positive.coma | 2 +- .../tests/should_succeed/fmap_indexing.coma | 2 +- .../should_succeed/ghost/assert_in_ghost.coma | 16 +-- .../ghost/disjoint_raw_ptr.coma | 4 +- .../tests/should_succeed/ghost/ghost_map.coma | 4 +- .../tests/should_succeed/ghost/ghost_set.coma | 4 +- .../tests/should_succeed/ghost/ghost_vec.coma | 6 +- .../tests/should_succeed/ghost/integers.coma | 10 +- .../ghost/snapshot_in_ghost.coma | 6 +- .../tests/should_succeed/ghost/typing.coma | 14 +-- creusot/tests/should_succeed/hashmap.coma | 12 +- .../should_succeed/heapsort_generic.coma | 4 +- creusot/tests/should_succeed/hillel.coma | 10 +- creusot/tests/should_succeed/immut.coma | 2 +- creusot/tests/should_succeed/index_range.coma | 12 +- .../should_succeed/inferred_invariants.coma | 16 +-- .../should_succeed/inplace_list_reversal.coma | 2 +- .../tests/should_succeed/insertion_sort.coma | 2 +- creusot/tests/should_succeed/instant.coma | 2 +- .../tests/should_succeed/invariant_moves.coma | 2 +- .../tests/should_succeed/ite_normalize.coma | 18 +-- .../should_succeed/iterators/01_range.coma | 6 +- .../should_succeed/iterators/02_iter_mut.coma | 8 +- .../iterators/03_std_iterators.coma | 9 +- .../should_succeed/iterators/04_skip.coma | 2 +- .../should_succeed/iterators/05_map.coma | 4 +- .../iterators/06_map_precond.coma | 24 ++-- .../should_succeed/iterators/07_fuse.coma | 2 +- .../iterators/08_collect_extend.coma | 8 +- .../should_succeed/iterators/09_empty.coma | 2 +- .../should_succeed/iterators/10_once.coma | 2 +- .../should_succeed/iterators/11_repeat.coma | 2 +- .../should_succeed/iterators/12_zip.coma | 2 +- .../should_succeed/iterators/13_cloned.coma | 2 +- .../should_succeed/iterators/14_copied.coma | 2 +- .../iterators/15_enumerate.coma | 4 +- .../should_succeed/iterators/16_take.coma | 2 +- .../should_succeed/iterators/17_filter.coma | 8 +- creusot/tests/should_succeed/knapsack.coma | 4 +- .../tests/should_succeed/knapsack_full.coma | 4 +- .../tests/should_succeed/lang/assoc_type.coma | 2 +- .../should_succeed/lang/branch_borrow_2.coma | 6 +- creusot/tests/should_succeed/lang/const.coma | 2 +- creusot/tests/should_succeed/lang/empty.coma | 6 +- .../tests/should_succeed/lang/float_ops.coma | 12 +- .../tests/should_succeed/lang/literals.coma | 2 +- .../should_succeed/lang/module_paths.coma | 6 +- .../tests/should_succeed/lang/modules.coma | 6 +- .../tests/should_succeed/lang/move_path.coma | 2 +- .../should_succeed/lang/multiple_scopes.coma | 2 +- .../lang/promoted_constants.coma | 12 +- .../tests/should_succeed/lang/unary_op.coma | 2 +- creusot/tests/should_succeed/lang/unions.coma | 6 +- .../tests/should_succeed/lang/while_let.coma | 2 +- creusot/tests/should_succeed/linked_list.coma | 20 ++- .../tests/should_succeed/list_index_mut.coma | 6 +- .../should_succeed/list_reversal_lasso.coma | 12 +- creusot/tests/should_succeed/loop.coma | 2 +- .../should_succeed/mapping_indexing.coma | 2 +- .../tests/should_succeed/mapping_test.coma | 4 +- creusot/tests/should_succeed/match_int.coma | 2 +- creusot/tests/should_succeed/mc91.coma | 2 +- creusot/tests/should_succeed/mutex.coma | 4 +- .../tests/should_succeed/one_side_update.coma | 2 +- creusot/tests/should_succeed/open_inv.coma | 10 +- creusot/tests/should_succeed/option.coma | 118 +++++++++--------- creusot/tests/should_succeed/ord_trait.coma | 6 +- creusot/tests/should_succeed/printing.coma | 2 +- .../should_succeed/projection_toggle.coma | 4 +- creusot/tests/should_succeed/projections.coma | 8 +- creusot/tests/should_succeed/prophecy.coma | 2 +- creusot/tests/should_succeed/purity.coma | 10 +- .../tests/should_succeed/red_black_tree.coma | 38 +++--- creusot/tests/should_succeed/replace.coma | 2 +- .../tests/should_succeed/resolve_drop.coma | 2 +- .../tests/should_succeed/resolve_uninit.coma | 4 +- creusot/tests/should_succeed/result/own.coma | 36 +++--- .../tests/should_succeed/result/result.coma | 2 +- .../should_succeed/rusthorn/inc_max.coma | 4 +- .../should_succeed/rusthorn/inc_max_3.coma | 4 +- .../should_succeed/rusthorn/inc_max_many.coma | 4 +- .../rusthorn/inc_max_repeat.coma | 4 +- .../rusthorn/inc_some_2_list.coma | 6 +- .../rusthorn/inc_some_2_tree.coma | 6 +- .../rusthorn/inc_some_list.coma | 6 +- .../rusthorn/inc_some_tree.coma | 6 +- .../selection_sort_generic.coma | 2 +- .../tests/should_succeed/simple_trigger.coma | 6 +- creusot/tests/should_succeed/slices/01.coma | 6 +- .../tests/should_succeed/slices/02_std.coma | 2 +- .../tests/should_succeed/sparse_array.coma | 8 +- creusot/tests/should_succeed/spec_tests.coma | 4 +- .../specification/division.coma | 2 +- .../should_succeed/specification/forall.coma | 4 +- .../specification/logic_call.coma | 2 +- .../specification/logic_functions.coma | 10 +- .../should_succeed/specification/loops.coma | 2 +- .../should_succeed/specification/model.coma | 4 +- .../should_succeed/specification/opaque.coma | 2 +- .../should_succeed/specification/trusted.coma | 4 +- .../tests/should_succeed/split_borrow.coma | 6 +- creusot/tests/should_succeed/std_types.coma | 6 +- creusot/tests/should_succeed/such_that.coma | 4 +- creusot/tests/should_succeed/sum.coma | 2 +- creusot/tests/should_succeed/sum_of_odds.coma | 5 +- .../tests/should_succeed/swap_borrows.coma | 4 +- creusot/tests/should_succeed/switch.coma | 4 +- .../tests/should_succeed/switch_struct.coma | 2 +- .../should_succeed/syntax/01_idents.coma | 50 ++++---- .../should_succeed/syntax/02_operators.coma | 20 +-- .../should_succeed/syntax/04_assoc_prec.coma | 12 +- .../should_succeed/syntax/05_annotations.coma | 2 +- .../should_succeed/syntax/05_pearlite.coma | 14 ++- .../should_succeed/syntax/07_extern_spec.coma | 4 +- .../should_succeed/syntax/09_maintains.coma | 10 +- .../syntax/10_mutual_rec_types.coma | 8 +- .../should_succeed/syntax/11_array_types.coma | 4 +- .../should_succeed/syntax/12_ghost_code.coma | 12 +- .../should_succeed/syntax/13_vec_macro.coma | 2 +- .../should_succeed/syntax/14_const_fns.coma | 3 +- .../syntax/derive_macros/mixed.coma | 8 +- .../should_succeed/syntax/int_suffix.coma | 4 +- .../tests/should_succeed/take_first_mut.coma | 2 +- creusot/tests/should_succeed/trait.coma | 4 +- creusot/tests/should_succeed/trait_impl.coma | 8 +- creusot/tests/should_succeed/traits/01.coma | 2 +- creusot/tests/should_succeed/traits/02.coma | 2 +- creusot/tests/should_succeed/traits/03.coma | 6 +- creusot/tests/should_succeed/traits/04.coma | 2 +- creusot/tests/should_succeed/traits/06.coma | 2 +- creusot/tests/should_succeed/traits/07.coma | 10 +- creusot/tests/should_succeed/traits/08.coma | 4 +- creusot/tests/should_succeed/traits/09.coma | 4 +- creusot/tests/should_succeed/traits/11.coma | 2 +- .../traits/12_default_method.coma | 4 +- .../should_succeed/traits/13_assoc_types.coma | 2 +- .../traits/15_impl_interfaces.coma | 3 +- .../traits/16_impl_cloning.coma | 2 +- creusot/tests/should_succeed/trigger.coma | 2 +- creusot/tests/should_succeed/two_modules.coma | 4 +- .../should_succeed/type_constructors.coma | 6 +- .../type_invariants/generated.coma | 2 +- .../type_invariants/non_zero.coma | 7 +- .../type_invariants/type_invariants.coma | 2 +- .../type_invariants/vec_inv.coma | 2 +- creusot/tests/should_succeed/unnest.coma | 2 +- .../tests/should_succeed/unused_in_loop.coma | 2 +- creusot/tests/should_succeed/vecdeque.coma | 2 +- creusot/tests/should_succeed/vector/01.coma | 2 +- .../tests/should_succeed/vector/02_gnome.coma | 2 +- .../vector/03_knuth_shuffle.coma | 2 +- .../vector/04_binary_search.coma | 2 +- .../vector/05_binary_search_generic.coma | 2 +- .../vector/06_knights_tour.coma | 18 +-- .../should_succeed/vector/07_read_write.coma | 2 +- .../should_succeed/vector/08_haystack.coma | 2 +- .../should_succeed/vector/09_capacity.coma | 4 +- 239 files changed, 876 insertions(+), 884 deletions(-) diff --git a/creusot/src/backend/clone_map/elaborator.rs b/creusot/src/backend/clone_map/elaborator.rs index 7ec6a41bc..f59e0c9dd 100644 --- a/creusot/src/backend/clone_map/elaborator.rs +++ b/creusot/src/backend/clone_map/elaborator.rs @@ -535,7 +535,7 @@ fn fn_mut_postcond_term<'tcx>( ); let res = Term::var(Symbol::intern("result"), ty_res); match ty_self.kind() { - TyKind::Closure(did, _) => Some(ctx.closure_contract(*did).postcond_mut.clone().unwrap()), + TyKind::Closure(did, _) => ctx.closure_contract(*did).postcond_mut.clone(), TyKind::Ref(_, cl, Mutability::Mut) => { let mut subst_postcond = subst.to_vec(); subst_postcond[1] = GenericArg::from(*cl); @@ -576,7 +576,7 @@ fn fn_postcond_term<'tcx>( ); let res = Term::var(Symbol::intern("result"), ty_res); match ty_self.kind() { - TyKind::Closure(did, _) => Some(ctx.closure_contract(*did).postcond.clone().unwrap()), + TyKind::Closure(did, _) => ctx.closure_contract(*did).postcond.clone(), TyKind::Ref(_, cl, Mutability::Not) => { let mut subst_postcond = subst.to_vec(); subst_postcond[1] = GenericArg::from(*cl); diff --git a/creusot/src/translation/function.rs b/creusot/src/translation/function.rs index f519d3711..ddbd917e4 100644 --- a/creusot/src/translation/function.rs +++ b/creusot/src/translation/function.rs @@ -858,20 +858,23 @@ impl<'tcx> TranslationCtx<'tcx> { let mut ret_params = params.clone(); ret_params.push(Term::var(Symbol::intern("result"), retty)); - self.inferred_postcondition_term( - target_kind, - def_id, - subst, - kind, - self_.clone(), - ret_params, - span, - ) + if target_kind == kind { + self.inferred_postcondition_term( + def_id, + subst, + kind, + self_.clone(), + ret_params, + span, + ) + } else { + return None; + } } else { contract.ensures_conj(self.tcx) }; - pearlite::Term { + Some(pearlite::Term { span: postcondition.span, kind: TermKind::Let { pattern: arg_pat.clone(), @@ -879,7 +882,7 @@ impl<'tcx> TranslationCtx<'tcx> { body: Box::new(postcondition), }, ty: self.types.bool, - } + }) }; precondition = pearlite::Term { @@ -924,11 +927,11 @@ impl<'tcx> TranslationCtx<'tcx> { let self_ = Term::var(Symbol::intern("self"), env_ty); let mut csubst = closure_capture_subst(self, def_id, subst, false, Some(self_.clone()), self_); - let mut postcondition = postcond(ClosureKind::Fn); - - csubst.visit_mut_term(&mut postcondition); + if let Some(mut postcondition) = postcond(ClosureKind::Fn) { + csubst.visit_mut_term(&mut postcondition); - contracts.postcond = Some(postcondition); + contracts.postcond = Some(postcondition); + } } if kind.extends(ClosureKind::FnMut) { @@ -943,29 +946,31 @@ impl<'tcx> TranslationCtx<'tcx> { result_state.clone(), ); - let mut postcondition = postcond(ClosureKind::FnMut); - csubst.visit_mut_term(&mut postcondition); + if let Some(mut postcondition) = postcond(ClosureKind::FnMut) { + csubst.visit_mut_term(&mut postcondition); - let args = subst.as_closure().sig().inputs().skip_binder()[0]; - let unnest_subst = self.mk_args(&[GenericArg::from(args), GenericArg::from(env_ty)]); + let args = subst.as_closure().sig().inputs().skip_binder()[0]; + let unnest_subst = + self.mk_args(&[GenericArg::from(args), GenericArg::from(env_ty)]); - let unnest_id = get_fn_mut_impl_unnest(self.tcx); + let unnest_id = get_fn_mut_impl_unnest(self.tcx); - let mut postcondition: Term<'tcx> = postcondition; - postcondition = postcondition.conj(Term::call_no_normalize( - self.tcx, - unnest_id, - unnest_subst, - vec![self_, result_state], - )); + let mut postcondition: Term<'tcx> = postcondition; + postcondition = postcondition.conj(Term::call_no_normalize( + self.tcx, + unnest_id, + unnest_subst, + vec![self_, result_state], + )); - postcondition = normalize(self.tcx, self.param_env(def_id), postcondition); + postcondition = normalize(self.tcx, self.param_env(def_id), postcondition); + contracts.postcond_mut = Some(postcondition); + } let mut unnest = closure_unnest(self.tcx, def_id, subst); unnest = normalize(self.tcx, self.param_env(def_id), unnest); contracts.unnest = Some(unnest); - contracts.postcond_mut = Some(postcondition); } // FnOnce @@ -973,9 +978,10 @@ impl<'tcx> TranslationCtx<'tcx> { let mut csubst = closure_capture_subst(self, def_id, subst, true, Some(self_.clone()), self_); - let mut postcondition = postcond(ClosureKind::FnOnce); - csubst.visit_mut_term(&mut postcondition); - contracts.postcond_once = Some(postcondition); + if let Some(mut postcondition) = postcond(ClosureKind::FnOnce) { + csubst.visit_mut_term(&mut postcondition); + contracts.postcond_once = Some(postcondition); + } contracts } @@ -1023,7 +1029,6 @@ impl<'tcx> TranslationCtx<'tcx> { /// Infers the `postcond_kind` version of the postcondition predicate for the provided closure. fn inferred_postcondition_term( &self, - postcond_kind: ClosureKind, def_id: DefId, args: GenericArgsRef<'tcx>, closure_kind: ClosureKind, @@ -1054,23 +1059,13 @@ impl<'tcx> TranslationCtx<'tcx> { span, }; - match postcond_kind { - ClosureKind::FnOnce => base - .conj(bor_self.cur().bin_op(self.tcx, BinOp::Eq, closure_env)) - .exists(self.tcx, (Symbol::intern("__bor_self"), env_ty)), - ClosureKind::FnMut => base - .conj(bor_self.clone().cur().bin_op(self.tcx, BinOp::Eq, closure_env)) - .conj(bor_self.fin().bin_op( - self.tcx, - BinOp::Eq, - Term::var(Symbol::intern("result_state"), env_ty), - )) - .exists(self.tcx, (Symbol::intern("__bor_self"), env_ty)), - ClosureKind::Fn => self.crash_and_error( - span, - "An `FnMut` closure cannot have an `Fn` postcondition", - ), - } + base.conj(bor_self.clone().cur().bin_op(self.tcx, BinOp::Eq, closure_env)) + .conj(bor_self.fin().bin_op( + self.tcx, + BinOp::Eq, + Term::var(Symbol::intern("result_state"), env_ty), + )) + .exists(self.tcx, (Symbol::intern("__bor_self"), env_ty)) } } } diff --git a/creusot/tests/should_fail/bug/01_resolve_unsoundness.coma b/creusot/tests/should_fail/bug/01_resolve_unsoundness.coma index d81da5189..694a1a9be 100644 --- a/creusot/tests/should_fail/bug/01_resolve_unsoundness.coma +++ b/creusot/tests/should_fail/bug/01_resolve_unsoundness.coma @@ -74,7 +74,7 @@ module M_01_resolve_unsoundness__make_vec_of_size [#"01_resolve_unsoundness.rs" meta "compute_max_steps" 1000000 - let rec make_vec_of_size'0 (n:usize) (return' (ret:t_Vec'0))= (! bb0 + let rec make_vec_of_size'0[#"01_resolve_unsoundness.rs" 9 0 9 46] (n:usize) (return' (ret:t_Vec'0))= (! bb0 [ bb0 = s0 [ s0 = new'0 {[%#s01_resolve_unsoundness0] ()} (fun (_ret':t_Vec'0) -> [ &out <- _ret' ] s1) | s1 = bb1 ] diff --git a/creusot/tests/should_fail/bug/222.coma b/creusot/tests/should_fail/bug/222.coma index f20c26634..c8e8b9e1c 100644 --- a/creusot/tests/should_fail/bug/222.coma +++ b/creusot/tests/should_fail/bug/222.coma @@ -94,7 +94,7 @@ module M_222__uses_invariant [#"222.rs" 40 0 40 41] meta "compute_max_steps" 1000000 - let rec uses_invariant'0 (x:borrowed (t_Once'0)) (return' (ret:()))= {[@expl:uses_invariant 'x' type invariant] [%#s2220] inv'1 x} + let rec uses_invariant'0[#"222.rs" 40 0 40 41] (x:borrowed (t_Once'0)) (return' (ret:()))= {[@expl:uses_invariant 'x' type invariant] [%#s2220] inv'1 x} {[@expl:uses_invariant requires] [%#s2221] invariant'0 x.current} (! bb0 [ bb0 = s0 diff --git a/creusot/tests/should_fail/bug/492.coma b/creusot/tests/should_fail/bug/492.coma index aa43ba2c7..beef47d53 100644 --- a/creusot/tests/should_fail/bug/492.coma +++ b/creusot/tests/should_fail/bug/492.coma @@ -36,7 +36,7 @@ module M_492__reborrow_tuple [#"492.rs" 5 0 5 52] meta "compute_max_steps" 1000000 - let rec reborrow_tuple'0 (x:borrowed t_T'0) (return' (ret:(borrowed t_T'0, uint32)))= {[@expl:reborrow_tuple 'x' type invariant] [%#s4921] inv'1 x} + let rec reborrow_tuple'0[#"492.rs" 5 0 5 52] (x:borrowed t_T'0) (return' (ret:(borrowed t_T'0, uint32)))= {[@expl:reborrow_tuple 'x' type invariant] [%#s4921] inv'1 x} (! bb0 [ bb0 = s0 [ s0 = {inv'0 x.current} @@ -98,7 +98,7 @@ module M_492__test [#"492.rs" 10 0 10 13] meta "compute_max_steps" 1000000 - let rec test'0 (_1:()) (return' (ret:()))= (! bb0 + let rec test'0[#"492.rs" 10 0 10 13] (_1:()) (return' (ret:()))= (! bb0 [ bb0 = s0 [ s0 = [ &x <- [%#s4920] (5 : int32) ] s1 | s1 = Borrow.borrow_mut {x} (fun (_ret':borrowed int32) -> [ &_6 <- _ret' ] [ &x <- _ret'.final ] s2) diff --git a/creusot/tests/should_fail/bug/692.coma b/creusot/tests/should_fail/bug/692.coma index 67f4aa80a..38169f44a 100644 --- a/creusot/tests/should_fail/bug/692.coma +++ b/creusot/tests/should_fail/bug/692.coma @@ -72,7 +72,7 @@ module M_692__incorrect [#"692.rs" 8 0 8 76] meta "compute_max_steps" 1000000 - let rec incorrect'0 (cond:t_C'0) (branch:t_B'0) (return' (ret:()))= {[@expl:incorrect 'cond' type invariant] [%#s6920] inv'1 cond} + let rec incorrect'0[#"692.rs" 8 0 8 76] (cond:t_C'0) (branch:t_B'0) (return' (ret:()))= {[@expl:incorrect 'cond' type invariant] [%#s6920] inv'1 cond} {[@expl:incorrect 'branch' type invariant] [%#s6921] inv'0 branch} {[@expl:incorrect requires] [%#s6922] precondition'0 cond () /\ (forall b : bool . precondition'1 branch (b) @@ -126,7 +126,7 @@ module M_692__valid_normal [#"692.rs" 11 0 11 34] use prelude.prelude.Int - let rec closure1'0 (_1:closure1'1) (return' (ret:bool))= (! bb0 + let rec closure1'0[#"692.rs" 13 15 13 47] (_1:closure1'1) (return' (ret:bool))= (! bb0 [ bb0 = s0 [ s0 = UInt32.gt {_1.field_0'0} {[%#s6922] (7 : uint32)} (fun (_ret':bool) -> [ &res <- _ret' ] s1) | s1 = [ &_0 <- res ] s2 @@ -186,7 +186,7 @@ module M_692__valid_normal [#"692.rs" 11 0 11 34] axiom postcondition_mut_unnest'0_spec : forall self : closure2'1, args : bool, res_state : closure2'1, res : () . ([%#sops12] postcondition_mut'0 self args res_state res) -> ([%#sops13] unnest'0 self res_state) - let rec closure2'0 (_1:borrowed closure2'1) (b:bool) (return' (ret:()))= (! bb0 + let rec closure2'0[#"692.rs" 15 17 15 64] (_1:borrowed closure2'1) (b:bool) (return' (ret:()))= (! bb0 [ bb0 = any [ br0 -> {b = false} (! bb2) | br1 -> {b} (! bb1) ] | bb1 = s0 [ s0 = [ &_4 <- [%#s6924] (2 : uint32) ] s1 | s1 = bb3 ] | bb2 = s0 [ s0 = [ &_4 <- [%#s6925] (1 : uint32) ] s1 | s1 = bb3 ] @@ -269,7 +269,7 @@ module M_692__valid_normal [#"692.rs" 11 0 11 34] meta "compute_max_steps" 1000000 - let rec valid_normal'0 (n:uint32) (return' (ret:uint32))= (! bb0 + let rec valid_normal'0[#"692.rs" 11 0 11 34] (n:uint32) (return' (ret:uint32))= (! bb0 [ bb0 = s0 [ s0 = [ &r <- [%#s6920] (0 : uint32) ] s1 | s1 = [ &cond <- { field_0'0 = n } ] s2 diff --git a/creusot/tests/should_fail/bug/695.coma b/creusot/tests/should_fail/bug/695.coma index ebb351efe..fa077fcfb 100644 --- a/creusot/tests/should_fail/bug/695.coma +++ b/creusot/tests/should_fail/bug/695.coma @@ -107,7 +107,7 @@ module M_695__inversed_if [#"695.rs" 6 0 6 78] meta "compute_max_steps" 1000000 - let rec inversed_if'0 (cond:t_C'0) (branch:t_B'0) (return' (ret:()))= {[@expl:inversed_if 'cond' type invariant] [%#s6952] inv'0 cond} + let rec inversed_if'0[#"695.rs" 6 0 6 78] (cond:t_C'0) (branch:t_B'0) (return' (ret:()))= {[@expl:inversed_if 'cond' type invariant] [%#s6952] inv'0 cond} {[@expl:inversed_if 'branch' type invariant] [%#s6953] inv'1 branch} {[@expl:inversed_if requires] [%#s6954] precondition'0 cond () /\ (forall b : bool . precondition'1 branch (b))} (! bb0 @@ -183,7 +183,7 @@ module M_695__valid [#"695.rs" 15 0 15 27] use prelude.prelude.Int - let rec closure1'0 (_1:closure1'1) (return' (ret:bool))= (! bb0 + let rec closure1'0[#"695.rs" 17 15 17 47] (_1:closure1'1) (return' (ret:bool))= (! bb0 [ bb0 = s0 [ s0 = UInt32.gt {_1.field_0'0} {[%#s6953] (7 : uint32)} (fun (_ret':bool) -> [ &res <- _ret' ] s1) | s1 = [ &_0 <- res ] s2 @@ -243,7 +243,7 @@ module M_695__valid [#"695.rs" 15 0 15 27] axiom postcondition_mut_unnest'0_spec : forall self : closure2'1, args : bool, res_state : closure2'1, res : () . ([%#sops13] postcondition_mut'0 self args res_state res) -> ([%#sops14] unnest'0 self res_state) - let rec closure2'0 (_1:borrowed closure2'1) (b:bool) (return' (ret:()))= (! bb0 + let rec closure2'0[#"695.rs" 19 17 19 64] (_1:borrowed closure2'1) (b:bool) (return' (ret:()))= (! bb0 [ bb0 = any [ br0 -> {b = false} (! bb2) | br1 -> {b} (! bb1) ] | bb1 = s0 [ s0 = [ &_4 <- [%#s6955] (2 : uint32) ] s1 | s1 = bb3 ] | bb2 = s0 [ s0 = [ &_4 <- [%#s6956] (1 : uint32) ] s1 | s1 = bb3 ] @@ -328,7 +328,7 @@ module M_695__valid [#"695.rs" 15 0 15 27] meta "compute_max_steps" 1000000 - let rec valid'0 (n:uint32) (return' (ret:uint32))= (! bb0 + let rec valid'0[#"695.rs" 15 0 15 27] (n:uint32) (return' (ret:uint32))= (! bb0 [ bb0 = s0 [ s0 = [ &r <- [%#s6950] (0 : uint32) ] s1 | s1 = [ &cond <- { field_0'0 = n } ] s2 diff --git a/creusot/tests/should_fail/bug/869.coma b/creusot/tests/should_fail/bug/869.coma index 49893f77d..a0a453d7e 100644 --- a/creusot/tests/should_fail/bug/869.coma +++ b/creusot/tests/should_fail/bug/869.coma @@ -32,7 +32,7 @@ module M_869__unsound [#"869.rs" 4 0 4 16] meta "compute_max_steps" 1000000 - let rec unsound'0 (_1:()) (return' (ret:()))= (! bb0 + let rec unsound'0[#"869.rs" 4 0 4 16] (_1:()) (return' (ret:()))= (! bb0 [ bb0 = s0 [ s0 = [ &x <- [%#s8690] Snapshot.new true ] s1 | s1 = bb1 ] | bb1 = s0 [ s0 = Borrow.borrow_mut {x} diff --git a/creusot/tests/should_fail/bug/878.coma b/creusot/tests/should_fail/bug/878.coma index eba933955..50c7048a4 100644 --- a/creusot/tests/should_fail/bug/878.coma +++ b/creusot/tests/should_fail/bug/878.coma @@ -75,7 +75,7 @@ module M_878__test [#"878.rs" 4 0 4 13] meta "compute_max_steps" 1000000 - let rec test'0 (_1:()) (return' (ret:()))= (! bb0 + let rec test'0[#"878.rs" 4 0 4 13] (_1:()) (return' (ret:()))= (! bb0 [ bb0 = s0 [ s0 = any [ any_ (__arr_temp:array int32)-> (! -{Seq.get __arr_temp.elts 0 = ([%#s8780] (1 : int32)) @@ -221,7 +221,7 @@ module M_878__test2 [#"878.rs" 19 0 19 14] meta "compute_max_steps" 1000000 - let rec test2'0 (_1:()) (return' (ret:()))= (! bb0 + let rec test2'0[#"878.rs" 19 0 19 14] (_1:()) (return' (ret:()))= (! bb0 [ bb0 = s0 [ s0 = [ &_5 <- { t_S__0'0 = ([%#s8780] (0 : uint32)) } ] s1 | s1 = any @@ -365,7 +365,7 @@ module M_878__test3 [#"878.rs" 25 0 25 14] meta "compute_max_steps" 1000000 - let rec test3'0 (_1:()) (return' (ret:()))= (! bb0 + let rec test3'0[#"878.rs" 25 0 25 14] (_1:()) (return' (ret:()))= (! bb0 [ bb0 = s0 [ s0 = [ &_5 <- { t_S__0'0 = ([%#s8780] (0 : uint32)) } ] s1 | s1 = any diff --git a/creusot/tests/should_fail/bug/specialize.coma b/creusot/tests/should_fail/bug/specialize.coma index d6c798deb..3ca698fa8 100644 --- a/creusot/tests/should_fail/bug/specialize.coma +++ b/creusot/tests/should_fail/bug/specialize.coma @@ -29,7 +29,7 @@ module M_specialize__f [#"specialize.rs" 21 0 21 17] meta "compute_max_steps" 1000000 - let rec f'0 (v:t_Vec'0) (return' (ret:()))= (! bb0 + let rec f'0[#"specialize.rs" 21 0 21 17] (v:t_Vec'0) (return' (ret:()))= (! bb0 [ bb0 = s0 [ s0 = x'0 {v} (fun (_ret':()) -> [ &_2 <- _ret' ] s1) | s1 = bb1 ] | bb1 = s0 [ s0 = {[@expl:assertion] [%#sspecialize0] false} s1 | s1 = bb2 ] | bb2 = return' {_0} ] @@ -113,7 +113,7 @@ module M_specialize__g [#"specialize.rs" 27 0 27 18] meta "compute_max_steps" 1000000 - let rec g'0 (v:t_Vec'0) (return' (ret:()))= {[@expl:g 'v' type invariant] [%#sspecialize1] inv'0 v} + let rec g'0[#"specialize.rs" 27 0 27 18] (v:t_Vec'0) (return' (ret:()))= {[@expl:g 'v' type invariant] [%#sspecialize1] inv'0 v} (! bb0 [ bb0 = s0 [ s0 = x'0 {v} (fun (_ret':()) -> [ &_2 <- _ret' ] s1) | s1 = bb1 ] | bb1 = s0 [ s0 = {[@expl:assertion] [%#sspecialize0] false} s1 | s1 = bb2 ] @@ -157,7 +157,7 @@ module M_specialize__h [#"specialize.rs" 34 0 34 17] meta "compute_max_steps" 1000000 - let rec h'0 (v:t_Vec'0) (return' (ret:()))= (! bb0 + let rec h'0[#"specialize.rs" 34 0 34 17] (v:t_Vec'0) (return' (ret:()))= (! bb0 [ bb0 = s0 [ s0 = x'0 {v} (fun (_ret':()) -> [ &_2 <- _ret' ] s1) | s1 = bb1 ] | bb1 = s0 [ s0 = {[@expl:assertion] [%#sspecialize0] false} s1 | s1 = bb2 ] | bb2 = return' {_0} ] diff --git a/creusot/tests/should_fail/bug/subregion.coma b/creusot/tests/should_fail/bug/subregion.coma index 0bce05695..7af23a1e4 100644 --- a/creusot/tests/should_fail/bug/subregion.coma +++ b/creusot/tests/should_fail/bug/subregion.coma @@ -10,7 +10,7 @@ module M_subregion__list_reversal_h [#"subregion.rs" 3 0 3 37] meta "compute_max_steps" 1000000 - let rec list_reversal_h'0 (l:usize) (return' (ret:usize))= (! bb0 + let rec list_reversal_h'0[#"subregion.rs" 3 0 3 37] (l:usize) (return' (ret:usize))= (! bb0 [ bb0 = s0 [ s0 = [ &r <- [%#ssubregion0] (0 : usize) ] s1 | s1 = bb1 ] | bb1 = bb1 [ bb1 = {[@expl:loop invariant] [%#ssubregion1] true} diff --git a/creusot/tests/should_fail/final_borrows.coma b/creusot/tests/should_fail/final_borrows.coma index 2bef340ec..d8d801ed6 100644 --- a/creusot/tests/should_fail/final_borrows.coma +++ b/creusot/tests/should_fail/final_borrows.coma @@ -27,7 +27,7 @@ module M_final_borrows__not_final_borrow [#"final_borrows.rs" 5 0 5 45] meta "compute_max_steps" 1000000 - let rec not_final_borrow'0 (bor:borrowed t_T'0) (return' (ret:()))= {[@expl:not_final_borrow 'bor' type invariant] [%#sfinal_borrows1] inv'1 bor} + let rec not_final_borrow'0[#"final_borrows.rs" 5 0 5 45] (bor:borrowed t_T'0) (return' (ret:()))= {[@expl:not_final_borrow 'bor' type invariant] [%#sfinal_borrows1] inv'1 bor} (! bb0 [ bb0 = s0 [ s0 = {inv'0 bor.current} @@ -89,7 +89,7 @@ module M_final_borrows__store_changes_prophecy [#"final_borrows.rs" 11 0 11 51] meta "compute_max_steps" 1000000 - let rec store_changes_prophecy'0 (bor:borrowed t_T'0) (return' (ret:()))= {[@expl:store_changes_prophecy 'bor' type invariant] [%#sfinal_borrows1] inv'1 bor} + let rec store_changes_prophecy'0[#"final_borrows.rs" 11 0 11 51] (bor:borrowed t_T'0) (return' (ret:()))= {[@expl:store_changes_prophecy 'bor' type invariant] [%#sfinal_borrows1] inv'1 bor} (! bb0 [ bb0 = s0 [ s0 = {inv'0 bor.current} @@ -145,7 +145,7 @@ module M_final_borrows__store_changes_prophecy_2 [#"final_borrows.rs" 19 0 19 59 meta "compute_max_steps" 1000000 - let rec store_changes_prophecy_2'0 (bor:borrowed t_T'0) (x:t_T'0) (return' (ret:()))= {[@expl:store_changes_prophecy_2 'bor' type invariant] [%#sfinal_borrows1] inv'1 bor} + let rec store_changes_prophecy_2'0[#"final_borrows.rs" 19 0 19 59] (bor:borrowed t_T'0) (x:t_T'0) (return' (ret:()))= {[@expl:store_changes_prophecy_2 'bor' type invariant] [%#sfinal_borrows1] inv'1 bor} {[@expl:store_changes_prophecy_2 'x' type invariant] [%#sfinal_borrows2] inv'0 x} (! bb0 [ bb0 = s0 @@ -204,7 +204,7 @@ module M_final_borrows__call_changes_prophecy [#"final_borrows.rs" 27 0 27 43] meta "compute_max_steps" 1000000 - let rec call_changes_prophecy'0 (bor:borrowed int32) (return' (ret:()))= (! bb0 + let rec call_changes_prophecy'0[#"final_borrows.rs" 27 0 27 43] (bor:borrowed int32) (return' (ret:()))= (! bb0 [ bb0 = s0 [ s0 = [ &bor_snap <- [%#sfinal_borrows0] Snapshot.new bor ] s1 | s1 = bb1 ] | bb1 = s0 [ s0 = Borrow.borrow_mut {bor.current} @@ -260,7 +260,7 @@ module M_final_borrows__unnesting_fails [#"final_borrows.rs" 42 0 42 24] meta "compute_max_steps" 1000000 - let rec unnesting_fails'0 (_1:()) (return' (ret:()))= (! bb0 + let rec unnesting_fails'0[#"final_borrows.rs" 42 0 42 24] (_1:()) (return' (ret:()))= (! bb0 [ bb0 = s0 [ s0 = [ &x <- [%#sfinal_borrows0] (0 : int32) ] s1 | s1 = Borrow.borrow_mut {x} (fun (_ret':borrowed int32) -> [ &bor <- _ret' ] [ &x <- _ret'.final ] s2) @@ -334,7 +334,7 @@ module M_final_borrows__move_place_without_deref [#"final_borrows.rs" 53 0 53 52 meta "compute_max_steps" 1000000 - let rec move_place_without_deref'0 (bor:borrowed t_T'0) (return' (ret:()))= {[@expl:move_place_without_deref 'bor' type invariant] [%#sfinal_borrows1] inv'2 bor} + let rec move_place_without_deref'0[#"final_borrows.rs" 53 0 53 52] (bor:borrowed t_T'0) (return' (ret:()))= {[@expl:move_place_without_deref 'bor' type invariant] [%#sfinal_borrows1] inv'2 bor} (! bb0 [ bb0 = s0 [ s0 = {inv'0 bor.current} diff --git a/creusot/tests/should_fail/opaque_unproveable.coma b/creusot/tests/should_fail/opaque_unproveable.coma index 7e5a4f1cc..3fbf59505 100644 --- a/creusot/tests/should_fail/opaque_unproveable.coma +++ b/creusot/tests/should_fail/opaque_unproveable.coma @@ -7,7 +7,7 @@ module M_opaque_unproveable__test [#"opaque_unproveable.rs" 14 0 14 13] meta "compute_max_steps" 1000000 - let rec test'0 (_1:()) (return' (ret:()))= (! bb0 + let rec test'0[#"opaque_unproveable.rs" 14 0 14 13] (_1:()) (return' (ret:()))= (! bb0 [ bb0 = s0 [ s0 = {[@expl:assertion] [%#sopaque_unproveable0] opaque'0 ()} s1 | s1 = return' {_0} ] ] ) [ & _0 : () = any_l () ] [ return' (result:())-> (! return' {result}) ] end diff --git a/creusot/tests/should_fail/traits/17_impl_refinement.coma b/creusot/tests/should_fail/traits/17_impl_refinement.coma index f12aed133..ab93fd97a 100644 --- a/creusot/tests/should_fail/traits/17_impl_refinement.coma +++ b/creusot/tests/should_fail/traits/17_impl_refinement.coma @@ -15,7 +15,7 @@ module M_17_impl_refinement__qyi14398438181735515246__my_function [#"17_impl_ref meta "compute_max_steps" 1000000 - let rec my_function'0 (self:()) (return' (ret:usize))= {[@expl:my_function requires] [%#s17_impl_refinement1] true} + let rec my_function'0[#"17_impl_refinement.rs" 14 4 14 34] (self:()) (return' (ret:usize))= {[@expl:my_function requires] [%#s17_impl_refinement1] true} (! bb0 [ bb0 = s0 [ s0 = [ &_0 <- [%#s17_impl_refinement0] (20 : usize) ] s1 | s1 = return' {_0} ] ] ) [ & _0 : usize = any_l () ] diff --git a/creusot/tests/should_fail/type_invariants/borrows.coma b/creusot/tests/should_fail/type_invariants/borrows.coma index d4c7018b2..45f2a71b2 100644 --- a/creusot/tests/should_fail/type_invariants/borrows.coma +++ b/creusot/tests/should_fail/type_invariants/borrows.coma @@ -26,7 +26,8 @@ module M_borrows__qyi5649894289181344863__new [#"borrows.rs" 17 4 17 30] (* NonZ meta "compute_max_steps" 1000000 - let rec new'0 (n:int32) (return' (ret:t_NonZero'0))= {[@expl:new requires] [%#sborrows0] Int32.to_int n <> 0} + let rec new'0[#"borrows.rs" 17 4 17 30] (n:int32) (return' (ret:t_NonZero'0))= {[@expl:new requires] [%#sborrows0] Int32.to_int n + <> 0} (! bb0 [ bb0 = s0 [ s0 = [ &_0 <- { t_NonZero__0'0 = n } ] s1 | s1 = return' {_0} ] ] ) [ & _0 : t_NonZero'0 = any_l () | & n : int32 = n ] @@ -86,7 +87,7 @@ module M_borrows__qyi5649894289181344863__inner_mut [#"borrows.rs" 23 4 23 43] ( meta "compute_max_steps" 1000000 - let rec inner_mut'0 (self:borrowed (t_NonZero'0)) (return' (ret:borrowed int32))= {[@expl:inner_mut 'self' type invariant] [%#sborrows0] inv'0 self} + let rec inner_mut'0[#"borrows.rs" 23 4 23 43] (self:borrowed (t_NonZero'0)) (return' (ret:borrowed int32))= {[@expl:inner_mut 'self' type invariant] [%#sborrows0] inv'0 self} (! bb0 [ bb0 = s0 [ s0 = Borrow.borrow_final {(self.current).t_NonZero__0'0} {Borrow.inherit_id (Borrow.get_id self) 1} @@ -181,7 +182,7 @@ module M_borrows__simple [#"borrows.rs" 31 0 31 30] meta "compute_max_steps" 1000000 - let rec simple'0 (x:borrowed (t_NonZero'0)) (return' (ret:()))= {[@expl:simple 'x' type invariant] [%#sborrows0] inv'0 x} + let rec simple'0[#"borrows.rs" 31 0 31 30] (x:borrowed (t_NonZero'0)) (return' (ret:()))= {[@expl:simple 'x' type invariant] [%#sborrows0] inv'0 x} {[@expl:simple requires #0] [%#sborrows1] Int32.to_int (x.current).t_NonZero__0'0 < Int32.to_int (v_MAX'0 : int32)} {[@expl:simple requires #1] [%#sborrows2] Int32.to_int (x.current).t_NonZero__0'0 <> - 1} (! bb0 @@ -286,7 +287,7 @@ module M_borrows__hard [#"borrows.rs" 38 0 38 28] meta "compute_max_steps" 1000000 - let rec hard'0 (x:borrowed (t_NonZero'0)) (return' (ret:()))= {[@expl:hard 'x' type invariant] [%#sborrows0] inv'1 x} + let rec hard'0[#"borrows.rs" 38 0 38 28] (x:borrowed (t_NonZero'0)) (return' (ret:()))= {[@expl:hard 'x' type invariant] [%#sborrows0] inv'1 x} {[@expl:hard requires #0] [%#sborrows1] Int32.to_int (x.current).t_NonZero__0'0 < Int32.to_int (v_MAX'0 : int32)} {[@expl:hard requires #1] [%#sborrows2] Int32.to_int (x.current).t_NonZero__0'0 <> - 1} (! bb0 @@ -403,7 +404,7 @@ module M_borrows__tuple [#"borrows.rs" 45 0 45 44] meta "compute_max_steps" 1000000 - let rec tuple'0 (x:(t_NonZero'0, borrowed (t_NonZero'0))) (return' (ret:()))= {[@expl:tuple 'x' type invariant] [%#sborrows1] inv'0 x} + let rec tuple'0[#"borrows.rs" 45 0 45 44] (x:(t_NonZero'0, borrowed (t_NonZero'0))) (return' (ret:()))= {[@expl:tuple 'x' type invariant] [%#sborrows1] inv'0 x} {[@expl:tuple requires #0] [%#sborrows2] Int32.to_int ((let (_, a) = x in a).current).t_NonZero__0'0 < Int32.to_int (v_MAX'0 : int32)} {[@expl:tuple requires #1] [%#sborrows3] Int32.to_int ((let (_, a) = x in a).current).t_NonZero__0'0 <> - 1} @@ -510,7 +511,7 @@ module M_borrows__partial_move [#"borrows.rs" 53 0 53 47] meta "compute_max_steps" 1000000 - let rec partial_move'0 (x:(t_NonZero'0, borrowed (t_NonZero'0))) (return' (ret:()))= {[@expl:partial_move 'x' type invariant] [%#sborrows1] inv'1 x} + let rec partial_move'0[#"borrows.rs" 53 0 53 47] (x:(t_NonZero'0, borrowed (t_NonZero'0))) (return' (ret:()))= {[@expl:partial_move 'x' type invariant] [%#sborrows1] inv'1 x} {[@expl:partial_move requires #0] [%#sborrows2] Int32.to_int ((let (_, a) = x in a).current).t_NonZero__0'0 < Int32.to_int (v_MAX'0 : int32)} {[@expl:partial_move requires #1] [%#sborrows3] Int32.to_int ((let (_, a) = x in a).current).t_NonZero__0'0 <> - 1} @@ -627,7 +628,7 @@ module M_borrows__destruct [#"borrows.rs" 61 0 61 43] meta "compute_max_steps" 1000000 - let rec destruct'0 (x:(t_NonZero'0, borrowed (t_NonZero'0))) (return' (ret:()))= {[@expl:destruct 'x' type invariant] [%#sborrows1] inv'1 x} + let rec destruct'0[#"borrows.rs" 61 0 61 43] (x:(t_NonZero'0, borrowed (t_NonZero'0))) (return' (ret:()))= {[@expl:destruct 'x' type invariant] [%#sborrows1] inv'1 x} {[@expl:destruct requires #0] [%#sborrows2] Int32.to_int ((let (_, a) = x in a).current).t_NonZero__0'0 < Int32.to_int (v_MAX'0 : int32)} {[@expl:destruct requires #1] [%#sborrows3] Int32.to_int ((let (_, a) = x in a).current).t_NonZero__0'0 <> - 1} @@ -728,7 +729,7 @@ module M_borrows__frozen_dead [#"borrows.rs" 69 0 69 66] meta "compute_max_steps" 1000000 - let rec frozen_dead'0 (x:borrowed (t_NonZero'0)) (y:borrowed (t_NonZero'0)) (return' (ret:()))= {[@expl:frozen_dead 'x' type invariant] [%#sborrows0] inv'1 x} + let rec frozen_dead'0[#"borrows.rs" 69 0 69 66] (x:borrowed (t_NonZero'0)) (y:borrowed (t_NonZero'0)) (return' (ret:()))= {[@expl:frozen_dead 'x' type invariant] [%#sborrows0] inv'1 x} {[@expl:frozen_dead 'y' type invariant] [%#sborrows1] inv'1 y} {[@expl:frozen_dead requires #0] [%#sborrows2] Int32.to_int (x.current).t_NonZero__0'0 < Int32.to_int (v_MAX'0 : int32)} @@ -845,7 +846,7 @@ module M_borrows__qyi5556307355051076399__foo [#"borrows.rs" 93 4 93 25] (* SumT meta "compute_max_steps" 1000000 - let rec foo'0 (self:borrowed (t_SumTo10'0)) (return' (ret:()))= {[@expl:foo 'self' type invariant] [%#sborrows0] inv'0 self} + let rec foo'0[#"borrows.rs" 93 4 93 25] (self:borrowed (t_SumTo10'0)) (return' (ret:()))= {[@expl:foo 'self' type invariant] [%#sborrows0] inv'0 self} {[@expl:foo requires] [%#sborrows1] Int32.to_int (self.current).t_SumTo10__a'0 < Int32.to_int (v_MAX'0 : int32)} (! bb0 [ bb0 = s0 @@ -918,7 +919,7 @@ module M_borrows__inc [#"borrows.rs" 101 0 101 23] meta "compute_max_steps" 1000000 - let rec inc'0 (x:borrowed int32) (return' (ret:()))= {[@expl:inc requires] [%#sborrows1] view'0 x + let rec inc'0[#"borrows.rs" 101 0 101 23] (x:borrowed int32) (return' (ret:()))= {[@expl:inc requires] [%#sborrows1] view'0 x < Int32.to_int (v_MAX'0 : int32)} (! bb0 [ bb0 = s0 @@ -962,7 +963,7 @@ module M_borrows__dec [#"borrows.rs" 107 0 107 23] meta "compute_max_steps" 1000000 - let rec dec'0 (x:borrowed int32) (return' (ret:()))= {[@expl:dec requires] [%#sborrows1] view'0 x + let rec dec'0[#"borrows.rs" 107 0 107 23] (x:borrowed int32) (return' (ret:()))= {[@expl:dec requires] [%#sborrows1] view'0 x > Int32.to_int (v_MIN'0 : int32)} (! bb0 [ bb0 = s0 diff --git a/creusot/tests/should_succeed/100doors.coma b/creusot/tests/should_succeed/100doors.coma index ef30ab805..5e451d892 100644 --- a/creusot/tests/should_succeed/100doors.coma +++ b/creusot/tests/should_succeed/100doors.coma @@ -268,7 +268,7 @@ module M_100doors__f [#"100doors.rs" 18 0 18 10] meta "compute_max_steps" 1000000 - let rec f'0 (_1:()) (return' (ret:()))= (! bb0 + let rec f'0[#"100doors.rs" 18 0 18 10] (_1:()) (return' (ret:()))= (! bb0 [ bb0 = s0 [ s0 = from_elem'0 {[%#s100doors0] false} {[%#s100doors1] (100 : usize)} (fun (_ret':t_Vec'0) -> [ &door_open <- _ret' ] s1) diff --git a/creusot/tests/should_succeed/all_zero.coma b/creusot/tests/should_succeed/all_zero.coma index 1added9e3..5a1c59fb2 100644 --- a/creusot/tests/should_succeed/all_zero.coma +++ b/creusot/tests/should_succeed/all_zero.coma @@ -71,7 +71,7 @@ module M_all_zero__all_zero [#"all_zero.rs" 34 0 34 29] meta "compute_max_steps" 1000000 - let rec all_zero'0 (l:borrowed (t_List'0)) (return' (ret:()))= (! bb0 + let rec all_zero'0[#"all_zero.rs" 34 0 34 29] (l:borrowed (t_List'0)) (return' (ret:()))= (! bb0 [ bb0 = s0 [ s0 = [ &old_l <- [%#sall_zero0] Snapshot.new l ] s1 | s1 = bb1 ] | bb1 = s0 [ s0 = [ &loop_l <- l ] s1 | s1 = bb2 ] | bb2 = bb2 diff --git a/creusot/tests/should_succeed/bdd.coma b/creusot/tests/should_succeed/bdd.coma index 8850901ad..3b3894748 100644 --- a/creusot/tests/should_succeed/bdd.coma +++ b/creusot/tests/should_succeed/bdd.coma @@ -157,7 +157,7 @@ module M_bdd__hashmap__qyi11648407051195780326__hash [#"bdd.rs" 79 8 79 29] (* < meta "compute_max_steps" 1000000 - let rec hash'0 (self:(t_U'0, t_V'0)) (return' (ret:uint64))= {[@expl:hash 'self' type invariant] [%#sbdd1] inv'0 self} + let rec hash'0[#"bdd.rs" 79 8 79 29] (self:(t_U'0, t_V'0)) (return' (ret:uint64))= {[@expl:hash 'self' type invariant] [%#sbdd1] inv'0 self} (! bb0 [ bb0 = s0 [ s0 = hash'1 {let (r'0, _) = self in r'0} (fun (_ret':uint64) -> [ &_3 <- _ret' ] s1) | s1 = bb1 ] | bb1 = s0 [ s0 = hash'2 {let (_, r'0) = self in r'0} (fun (_ret':uint64) -> [ &_6 <- _ret' ] s1) | s1 = bb2 ] @@ -193,9 +193,9 @@ module M_bdd__qyi2024536649982164874__assert_receiver_is_total_eq [#"bdd.rs" 93 meta "compute_max_steps" 1000000 - let rec assert_receiver_is_total_eq'0 (self:t_Node'0) (return' (ret:()))= (! bb0 [ bb0 = return' {_0} ] ) - [ & _0 : () = any_l () ] - [ return' (result:())-> (! return' {result}) ] + let rec assert_receiver_is_total_eq'0[#"bdd.rs" 93 9 93 11] (self:t_Node'0) (return' (ret:()))= (! bb0 + [ bb0 = return' {_0} ] + ) [ & _0 : () = any_l () ] [ return' (result:())-> (! return' {result}) ] end module M_bdd__qyi4854841669736991510__eq [#"bdd.rs" 93 13 93 22] (* as creusot_contracts::PartialEq> *) let%span sbdd0 = "bdd.rs" 93 13 93 22 @@ -273,7 +273,7 @@ module M_bdd__qyi4854841669736991510__eq [#"bdd.rs" 93 13 93 22] (* {self = C_False'0 } (! bb2) | br1 -> {self = C_True'0 } (! bb3) @@ -443,9 +443,9 @@ module M_bdd__qyi1284786238026687571__assert_receiver_is_total_eq [#"bdd.rs" 107 meta "compute_max_steps" 1000000 - let rec assert_receiver_is_total_eq'0 (self:t_Bdd'0) (return' (ret:()))= (! bb0 [ bb0 = return' {_0} ] ) - [ & _0 : () = any_l () ] - [ return' (result:())-> (! return' {result}) ] + let rec assert_receiver_is_total_eq'0[#"bdd.rs" 107 15 107 17] (self:t_Bdd'0) (return' (ret:()))= (! bb0 + [ bb0 = return' {_0} ] + ) [ & _0 : () = any_l () ] [ return' (result:())-> (! return' {result}) ] end module M_bdd__qyi2820858787824331484__clone [#"bdd.rs" 112 4 112 27] (* as creusot_contracts::Clone> *) let%span sbdd0 = "bdd.rs" 111 14 111 29 @@ -465,7 +465,7 @@ module M_bdd__qyi2820858787824331484__clone [#"bdd.rs" 112 4 112 27] (* {[@expl:clone ensures] [%#sbdd0] result = self} (! return' {result}) ] @@ -599,7 +599,7 @@ module M_bdd__qyi699402059438633899__hash [#"bdd.rs" 119 4 119 25] (* {self = C_False'0 } (! bb2) | br1 -> {self = C_True'0 } (! bb3) @@ -676,7 +676,7 @@ module M_bdd__qyi14323183011761258016__hash [#"bdd.rs" 145 4 145 25] (* {[@expl:hash ensures] [%#sbdd0] UInt64.to_int result = hash_log'0 (view'0 self)} @@ -713,7 +713,7 @@ module M_bdd__qyi2581120635339165136__eq [#"bdd.rs" 205 4 205 34] (* [ &_0 <- _ret' ] s1) | s1 = return' {_0} ] ] @@ -1860,7 +1860,7 @@ module M_bdd__qyi11078426090797403070__new [#"bdd.rs" 430 4 430 52] (* Context<' meta "compute_max_steps" 1000000 - let rec new'0 (alloc:()) (return' (ret:t_Context'0))= (! bb0 + let rec new'0[#"bdd.rs" 430 4 430 52] (alloc:()) (return' (ret:t_Context'0))= (! bb0 [ bb0 = s0 [ s0 = promoted0__new'0 (fun (pr0:t_Node'0) -> [ &_10 <- pr0 ] s1) | s1 = [ &t <- _10 ] s2 @@ -2176,7 +2176,7 @@ module M_bdd__qyi11078426090797403070__hashcons [#"bdd.rs" 446 4 446 58] (* Cont meta "compute_max_steps" 1000000 - let rec hashcons'0 (self:borrowed (t_Context'0)) (n:t_Node'0) (return' (ret:t_Bdd'0))= {[@expl:hashcons 'self' type invariant] [%#sbdd5] inv'0 self} + let rec hashcons'0[#"bdd.rs" 446 4 446 58] (self:borrowed (t_Context'0)) (n:t_Node'0) (return' (ret:t_Bdd'0))= {[@expl:hashcons 'self' type invariant] [%#sbdd5] inv'0 self} {[@expl:hashcons requires] [%#sbdd6] is_valid_node'0 self.current n} (! bb0 [ bb0 = s0 @@ -2493,7 +2493,7 @@ module M_bdd__qyi11078426090797403070__node [#"bdd.rs" 471 4 471 87] (* Context< meta "compute_max_steps" 1000000 - let rec node'0 (self:borrowed (t_Context'0)) (x:uint64) (childt:t_Bdd'0) (childf:t_Bdd'0) (return' (ret:t_Bdd'0))= {[@expl:node 'self' type invariant] [%#sbdd0] inv'0 self} + let rec node'0[#"bdd.rs" 471 4 471 87] (self:borrowed (t_Context'0)) (x:uint64) (childt:t_Bdd'0) (childf:t_Bdd'0) (return' (ret:t_Bdd'0))= {[@expl:node 'self' type invariant] [%#sbdd0] inv'0 self} {[@expl:node requires #0] [%#sbdd1] is_valid_bdd'0 self.current childt} {[@expl:node requires #1] [%#sbdd2] is_valid_bdd'0 self.current childf} {[@expl:node requires #2] [%#sbdd3] UInt64.to_int x < leastvar'0 childt /\ UInt64.to_int x < leastvar'0 childf} @@ -2740,7 +2740,7 @@ module M_bdd__qyi11078426090797403070__trueqy95z [#"bdd.rs" 482 4 482 42] (* Con meta "compute_max_steps" 1000000 - let rec trueqy95z'0 (self:borrowed (t_Context'0)) (return' (ret:t_Bdd'0))= {[@expl:true_ 'self' type invariant] [%#sbdd0] inv'1 self} + let rec trueqy95z'0[#"bdd.rs" 482 4 482 42] (self:borrowed (t_Context'0)) (return' (ret:t_Bdd'0))= {[@expl:true_ 'self' type invariant] [%#sbdd0] inv'1 self} (! bb0 [ bb0 = s0 [ s0 = {inv'0 self.current} @@ -2970,7 +2970,7 @@ module M_bdd__qyi11078426090797403070__falseqy95z [#"bdd.rs" 490 4 490 43] (* Co meta "compute_max_steps" 1000000 - let rec falseqy95z'0 (self:borrowed (t_Context'0)) (return' (ret:t_Bdd'0))= {[@expl:false_ 'self' type invariant] [%#sbdd0] inv'1 self} + let rec falseqy95z'0[#"bdd.rs" 490 4 490 43] (self:borrowed (t_Context'0)) (return' (ret:t_Bdd'0))= {[@expl:false_ 'self' type invariant] [%#sbdd0] inv'1 self} (! bb0 [ bb0 = s0 [ s0 = {inv'0 self.current} @@ -3234,7 +3234,7 @@ module M_bdd__qyi11078426090797403070__v [#"bdd.rs" 497 4 497 46] (* Context<'ar meta "compute_max_steps" 1000000 - let rec v'0 (self:borrowed (t_Context'0)) (x:uint64) (return' (ret:t_Bdd'0))= {[@expl:v 'self' type invariant] [%#sbdd0] inv'1 self} + let rec v'0[#"bdd.rs" 497 4 497 46] (self:borrowed (t_Context'0)) (x:uint64) (return' (ret:t_Bdd'0))= {[@expl:v 'self' type invariant] [%#sbdd0] inv'1 self} (! bb0 [ bb0 = s0 [ s0 = {inv'0 self.current} @@ -3604,7 +3604,7 @@ module M_bdd__qyi11078426090797403070__not [#"bdd.rs" 509 4 509 56] (* Context<' meta "compute_max_steps" 1000000 - let rec not'0 (self:borrowed (t_Context'0)) (x:t_Bdd'0) (return' (ret:t_Bdd'0))= {[@expl:not 'self' type invariant] [%#sbdd0] inv'1 self} + let rec not'0[#"bdd.rs" 509 4 509 56] (self:borrowed (t_Context'0)) (x:t_Bdd'0) (return' (ret:t_Bdd'0))= {[@expl:not 'self' type invariant] [%#sbdd0] inv'1 self} {[@expl:not requires] [%#sbdd1] is_valid_bdd'0 self.current x} (! bb0 [ bb0 = s0 @@ -4120,7 +4120,7 @@ module M_bdd__qyi11078426090797403070__and [#"bdd.rs" 533 4 533 72] (* Context<' meta "compute_max_steps" 1000000 - let rec and'0 (self:borrowed (t_Context'0)) (a:t_Bdd'0) (b:t_Bdd'0) (return' (ret:t_Bdd'0))= {[@expl:and 'self' type invariant] [%#sbdd1] inv'0 self} + let rec and'0[#"bdd.rs" 533 4 533 72] (self:borrowed (t_Context'0)) (a:t_Bdd'0) (b:t_Bdd'0) (return' (ret:t_Bdd'0))= {[@expl:and 'self' type invariant] [%#sbdd1] inv'0 self} {[@expl:and requires #0] [%#sbdd2] is_valid_bdd'0 self.current a} {[@expl:and requires #1] [%#sbdd3] is_valid_bdd'0 self.current b} (! bb0 diff --git a/creusot/tests/should_succeed/binary_search.coma b/creusot/tests/should_succeed/binary_search.coma index 793a6e7a3..1c3309d1e 100644 --- a/creusot/tests/should_succeed/binary_search.coma +++ b/creusot/tests/should_succeed/binary_search.coma @@ -110,7 +110,7 @@ module M_binary_search__qyi13868011053250380720__index [#"binary_search.rs" 45 4 meta "compute_max_steps" 1000000 - let rec index'0 (self:t_List'0) (ix:usize) (return' (ret:t_T'0))= {[@expl:index 'self' type invariant] [%#sbinary_search5] inv'0 self} + let rec index'0[#"binary_search.rs" 45 4 45 40] (self:t_List'0) (ix:usize) (return' (ret:t_T'0))= {[@expl:index 'self' type invariant] [%#sbinary_search5] inv'0 self} {[@expl:index requires] [%#sbinary_search6] UIntSize.to_int ix < len_logic'0 self} (! bb0 [ bb0 = s0 [ s0 = [ &orig_ix <- ix ] s1 | s1 = [ &l <- self ] s2 | s2 = bb1 ] @@ -226,7 +226,7 @@ module M_binary_search__qyi13868011053250380720__len [#"binary_search.rs" 67 4 6 meta "compute_max_steps" 1000000 - let rec len'0 (self:t_List'0) (return' (ret:usize))= {[@expl:len 'self' type invariant] [%#sbinary_search4] inv'0 self} + let rec len'0[#"binary_search.rs" 67 4 67 26] (self:t_List'0) (return' (ret:usize))= {[@expl:len 'self' type invariant] [%#sbinary_search4] inv'0 self} {[@expl:len requires] [%#sbinary_search5] len_logic'0 self <= 1000000} (! bb0 [ bb0 = s0 [ s0 = [ &len <- [%#sbinary_search0] (0 : usize) ] s1 | s1 = [ &l <- self ] s2 | s2 = bb1 ] @@ -365,7 +365,7 @@ module M_binary_search__binary_search [#"binary_search.rs" 111 0 111 72] meta "compute_max_steps" 1000000 - let rec binary_search'0 (arr:t_List'0) (elem:uint32) (return' (ret:t_Result'0))= {[@expl:binary_search requires #0] [%#sbinary_search10] len_logic'0 arr + let rec binary_search'0[#"binary_search.rs" 111 0 111 72] (arr:t_List'0) (elem:uint32) (return' (ret:t_Result'0))= {[@expl:binary_search requires #0] [%#sbinary_search10] len_logic'0 arr <= 1000000} {[@expl:binary_search requires #1] [%#sbinary_search11] is_sorted'0 arr} (! bb0 diff --git a/creusot/tests/should_succeed/bug/02_derive.coma b/creusot/tests/should_succeed/bug/02_derive.coma index 716840c26..2ccb59fb4 100644 --- a/creusot/tests/should_succeed/bug/02_derive.coma +++ b/creusot/tests/should_succeed/bug/02_derive.coma @@ -5,9 +5,9 @@ module M_02_derive__qyi1286730707956131195__clone [#"02_derive.rs" 3 9 3 14] (* meta "compute_max_steps" 1000000 - let rec clone'0 (self:()) (return' (ret:()))= (! bb0 [ bb0 = s0 [ s0 = [ &_0 <- () ] s1 | s1 = return' {_0} ] ] ) - [ & _0 : () = any_l () ] - [ return' (result:())-> (! return' {result}) ] + let rec clone'0[#"02_derive.rs" 3 9 3 14] (self:()) (return' (ret:()))= (! bb0 + [ bb0 = s0 [ s0 = [ &_0 <- () ] s1 | s1 = return' {_0} ] ] + ) [ & _0 : () = any_l () ] [ return' (result:())-> (! return' {result}) ] end module M_02_derive__qyi1286730707956131195__clone__refines [#"02_derive.rs" 3 9 3 14] (* *) let%span s02_derive0 = "02_derive.rs" 3 9 3 14 diff --git a/creusot/tests/should_succeed/bug/164.coma b/creusot/tests/should_succeed/bug/164.coma index 2780aeba4..8a774669b 100644 --- a/creusot/tests/should_succeed/bug/164.coma +++ b/creusot/tests/should_succeed/bug/164.coma @@ -159,7 +159,7 @@ module M_164__main [#"164.rs" 5 0 5 13] meta "compute_max_steps" 1000000 - let rec main'0 (_1:()) (return' (ret:()))= (! bb0 + let rec main'0[#"164.rs" 5 0 5 13] (_1:()) (return' (ret:()))= (! bb0 [ bb0 = s0 [ s0 = [ &x <- [%#s1640] (0 : usize) ] s1 | s1 = bb1 ] | bb1 = s0 [ s0 = {[@expl:loop invariant] [%#s1641] x = (0 : usize)} s1 diff --git a/creusot/tests/should_succeed/bug/168.coma b/creusot/tests/should_succeed/bug/168.coma index dc497c2b6..4e2e26b26 100644 --- a/creusot/tests/should_succeed/bug/168.coma +++ b/creusot/tests/should_succeed/bug/168.coma @@ -7,7 +7,7 @@ module M_168__max_int [#"168.rs" 3 0 3 25] meta "compute_max_steps" 1000000 - let rec max_int'0 (_1:()) (return' (ret:usize))= (! bb0 + let rec max_int'0[#"168.rs" 3 0 3 25] (_1:()) (return' (ret:usize))= (! bb0 [ bb0 = s0 [ s0 = [ &_0 <- [%#s1680] (18446744073709551615 : usize) ] s1 | s1 = return' {_0} ] ] ) [ & _0 : usize = any_l () ] [ return' (result:usize)-> (! return' {result}) ] end diff --git a/creusot/tests/should_succeed/bug/173.coma b/creusot/tests/should_succeed/bug/173.coma index 1fdfdf847..74f18b434 100644 --- a/creusot/tests/should_succeed/bug/173.coma +++ b/creusot/tests/should_succeed/bug/173.coma @@ -12,7 +12,7 @@ module M_173__test_233 [#"173.rs" 19 0 19 17] meta "compute_max_steps" 1000000 - let rec test_233'0 (_1:()) (return' (ret:()))= (! bb0 + let rec test_233'0[#"173.rs" 19 0 19 17] (_1:()) (return' (ret:()))= (! bb0 [ bb0 = s0 [ s0 = [ &x <- [%#s1730] (17 : int32) ] s1 | s1 = {[@expl:assertion] [%#s1731] Int32.to_int x = 17} s2 diff --git a/creusot/tests/should_succeed/bug/181_ident.coma b/creusot/tests/should_succeed/bug/181_ident.coma index afec2f4e5..0fb708277 100644 --- a/creusot/tests/should_succeed/bug/181_ident.coma +++ b/creusot/tests/should_succeed/bug/181_ident.coma @@ -15,7 +15,7 @@ module M_181_ident__max_usize [#"181_ident.rs" 17 0 17 45] meta "compute_max_steps" 1000000 - let rec max_usize'0 (a:usize) (b:usize) (return' (ret:usize))= (! bb0 + let rec max_usize'0[#"181_ident.rs" 17 0 17 45] (a:usize) (b:usize) (return' (ret:usize))= (! bb0 [ bb0 = s0 [ s0 = UIntSize.lt {a} {b} (fun (_ret':bool) -> [ &_4 <- _ret' ] s1) | s1 = any [ br0 -> {_4 = false} (! bb2) | br1 -> {_4} (! bb1) ] ] diff --git a/creusot/tests/should_succeed/bug/195.coma b/creusot/tests/should_succeed/bug/195.coma index a0a191cb9..5c1ee4467 100644 --- a/creusot/tests/should_succeed/bug/195.coma +++ b/creusot/tests/should_succeed/bug/195.coma @@ -5,7 +5,7 @@ module M_195__example [#"195.rs" 4 0 4 40] meta "compute_max_steps" 1000000 - let rec example'0 (_example_parameter:bool) (return' (ret:()))= {[@expl:example requires] [%#s1950] _example_parameter + let rec example'0[#"195.rs" 4 0 4 40] (_example_parameter:bool) (return' (ret:()))= {[@expl:example requires] [%#s1950] _example_parameter = _example_parameter} (! bb0 [ bb0 = return' {_0} ] ) [ & _0 : () = any_l () ] [ return' (result:())-> (! return' {result}) ] end diff --git a/creusot/tests/should_succeed/bug/206.coma b/creusot/tests/should_succeed/bug/206.coma index a826b27bb..ce8703abe 100644 --- a/creusot/tests/should_succeed/bug/206.coma +++ b/creusot/tests/should_succeed/bug/206.coma @@ -102,7 +102,7 @@ module M_206__ex [#"206.rs" 20 0 20 16] meta "compute_max_steps" 1000000 - let rec ex'0 (a:t_A'0) (return' (ret:()))= (! bb0 [ bb0 = return' {_0} ] ) [ & _0 : () = any_l () ] - [ return' (result:())-> {[@expl:ex ensures] [%#s2060] u'0 a = u'0 a} (! return' {result}) ] - + let rec ex'0[#"206.rs" 20 0 20 16] (a:t_A'0) (return' (ret:()))= (! bb0 [ bb0 = return' {_0} ] ) + [ & _0 : () = any_l () ] + [ return' (result:())-> {[@expl:ex ensures] [%#s2060] u'0 a = u'0 a} (! return' {result}) ] end diff --git a/creusot/tests/should_succeed/bug/235.coma b/creusot/tests/should_succeed/bug/235.coma index 52281e7bc..9587c34dd 100644 --- a/creusot/tests/should_succeed/bug/235.coma +++ b/creusot/tests/should_succeed/bug/235.coma @@ -8,7 +8,7 @@ module M_235__f [#"235.rs" 5 0 5 10] meta "compute_max_steps" 1000000 - let rec f'0 (_1:()) (return' (ret:()))= (! bb0 + let rec f'0[#"235.rs" 5 0 5 10] (_1:()) (return' (ret:()))= (! bb0 [ bb0 = bb1 | bb1 = bb1 [ bb1 = {[@expl:loop invariant] [%#s2350] 0 <= 1} diff --git a/creusot/tests/should_succeed/bug/256.coma b/creusot/tests/should_succeed/bug/256.coma index 7590a2532..975dc5a9e 100644 --- a/creusot/tests/should_succeed/bug/256.coma +++ b/creusot/tests/should_succeed/bug/256.coma @@ -7,7 +7,7 @@ module M_256__u8_safe [#"256.rs" 3 0 3 21] meta "compute_max_steps" 1000000 - let rec u8_safe'0 (u:uint8) (return' (ret:()))= (! bb0 + let rec u8_safe'0[#"256.rs" 3 0 3 21] (u:uint8) (return' (ret:()))= (! bb0 [ bb0 = s0 [ s0 = UInt8.add {u} {[%#s2560] (0 : uint8)} (fun (_ret':uint8) -> [ &_2 <- _ret' ] s1) | s1 = return' {_0} ] ] @@ -42,7 +42,7 @@ module M_256__bug_256 [#"256.rs" 8 0 8 26] meta "compute_max_steps" 1000000 - let rec bug_256'0 (_x:t_String'0) (return' (ret:()))= (! bb0 [ bb0 = bb1 | bb1 = return' {_0} ] ) + let rec bug_256'0[#"256.rs" 8 0 8 26] (_x:t_String'0) (return' (ret:()))= (! bb0 [ bb0 = bb1 | bb1 = return' {_0} ] ) [ & _0 : () = any_l () ] [ return' (result:())-> (! return' {result}) ] end diff --git a/creusot/tests/should_succeed/bug/258.coma b/creusot/tests/should_succeed/bug/258.coma index 23d86683d..7963d8239 100644 --- a/creusot/tests/should_succeed/bug/258.coma +++ b/creusot/tests/should_succeed/bug/258.coma @@ -5,9 +5,9 @@ module M_258__err [#"258.rs" 3 0 3 22] meta "compute_max_steps" 1000000 - let rec err'0 (_to:usize) (return' (ret:()))= (! bb0 [ bb0 = return' {_0} ] ) [ & _0 : () = any_l () ] - [ return' (result:())-> (! return' {result}) ] - + let rec err'0[#"258.rs" 3 0 3 22] (_to:usize) (return' (ret:()))= (! bb0 [ bb0 = return' {_0} ] ) + [ & _0 : () = any_l () ] + [ return' (result:())-> (! return' {result}) ] end module M_258__err2 [#"258.rs" 5 0 5 24] use prelude.prelude.Intrinsic @@ -16,7 +16,7 @@ module M_258__err2 [#"258.rs" 5 0 5 24] meta "compute_max_steps" 1000000 - let rec err2'0 (_bbb:usize) (return' (ret:()))= (! bb0 [ bb0 = return' {_0} ] ) [ & _0 : () = any_l () ] - [ return' (result:())-> (! return' {result}) ] - + let rec err2'0[#"258.rs" 5 0 5 24] (_bbb:usize) (return' (ret:()))= (! bb0 [ bb0 = return' {_0} ] ) + [ & _0 : () = any_l () ] + [ return' (result:())-> (! return' {result}) ] end diff --git a/creusot/tests/should_succeed/bug/271.coma b/creusot/tests/should_succeed/bug/271.coma index 136e62aa8..71249da91 100644 --- a/creusot/tests/should_succeed/bug/271.coma +++ b/creusot/tests/should_succeed/bug/271.coma @@ -7,7 +7,7 @@ module M_271__ex [#"271.rs" 5 0 5 11] meta "compute_max_steps" 1000000 - let rec ex'0 (_1:()) (return' (ret:()))= (! bb0 + let rec ex'0[#"271.rs" 5 0 5 11] (_1:()) (return' (ret:()))= (! bb0 [ bb0 = s0 [ s0 = [ &a <- [%#s2710] (0 : int32) ] s1 | s1 = bb4 ] | bb4 = bb5 | bb5 = return' {_0} ] ) [ & _0 : () = any_l () | & a : int32 = any_l () ] [ return' (result:())-> (! return' {result}) ] end @@ -20,7 +20,7 @@ module M_271__ex2 [#"271.rs" 13 0 13 12] meta "compute_max_steps" 1000000 - let rec ex2'0 (_1:()) (return' (ret:()))= (! bb0 + let rec ex2'0[#"271.rs" 13 0 13 12] (_1:()) (return' (ret:()))= (! bb0 [ bb0 = s0 [ s0 = [ &a <- [%#s2710] (0 : int32) ] s1 | s1 = any [ br0 -> {a = 0} (! bb3) | br1 -> {a = 1} (! bb3) | default -> (! bb1) ] ] @@ -40,7 +40,7 @@ module M_271__ex3 [#"271.rs" 22 0 22 12] meta "compute_max_steps" 1000000 - let rec ex3'0 (_1:()) (return' (ret:()))= (! bb0 + let rec ex3'0[#"271.rs" 22 0 22 12] (_1:()) (return' (ret:()))= (! bb0 [ bb0 = s0 [ s0 = [ &a <- [%#s2710] (0 : int32) ] s1 | s1 = any [ br0 -> {a = 0} (! bb2) | br1 -> {a = 1} (! bb2) | br2 -> {a = 2} (! bb3) | default -> (! bb1) ] ] diff --git a/creusot/tests/should_succeed/bug/273.coma b/creusot/tests/should_succeed/bug/273.coma index 315729df0..e6b2f9899 100644 --- a/creusot/tests/should_succeed/bug/273.coma +++ b/creusot/tests/should_succeed/bug/273.coma @@ -15,7 +15,7 @@ module M_273__ex [#"273.rs" 4 0 4 11] meta "compute_max_steps" 1000000 - let rec ex'0 (_1:()) (return' (ret:()))= (! bb0 + let rec ex'0[#"273.rs" 4 0 4 11] (_1:()) (return' (ret:()))= (! bb0 [ bb0 = s0 [ s0 = [ &_1 <- C_Some'0 ([%#s2730] true) ] s1 | s1 = any [ br0 -> {_1 = C_None'0 } (! bb3) | br1 (x0:bool)-> {_1 = C_Some'0 x0} (! bb1) ] ] diff --git a/creusot/tests/should_succeed/bug/387.coma b/creusot/tests/should_succeed/bug/387.coma index 075eaee0d..3e429005d 100644 --- a/creusot/tests/should_succeed/bug/387.coma +++ b/creusot/tests/should_succeed/bug/387.coma @@ -15,9 +15,9 @@ module M_387__use_tree [#"387.rs" 15 0 15 25] meta "compute_max_steps" 1000000 - let rec use_tree'0 (_1:t_Tree'0) (return' (ret:()))= (! bb0 [ bb0 = return' {_0} ] ) [ & _0 : () = any_l () ] - [ return' (result:())-> (! return' {result}) ] - + let rec use_tree'0[#"387.rs" 15 0 15 25] (_1:t_Tree'0) (return' (ret:()))= (! bb0 [ bb0 = return' {_0} ] ) + [ & _0 : () = any_l () ] + [ return' (result:())-> (! return' {result}) ] end module M_387__qyi16446429885017832241__height [#"387.rs" 18 4 18 31] (* Tree *) let%span s3870 = "387.rs" 21 69 21 70 @@ -73,7 +73,7 @@ module M_387__qyi16446429885017832241__height [#"387.rs" 18 4 18 31] (* Tree *) meta "compute_max_steps" 1000000 - let rec height'0 (self:t_Tree'0) (return' (ret:uint64))= (! bb0 + let rec height'0[#"387.rs" 18 4 18 31] (self:t_Tree'0) (return' (ret:uint64))= (! bb0 [ bb0 = any [ br0 -> {self.t_Tree__0'0 = C_None'0 } (! bb2) | br1 (x0:t_Node'0)-> {self.t_Tree__0'0 = C_Some'0 x0} (! bb3) ] diff --git a/creusot/tests/should_succeed/bug/395.coma b/creusot/tests/should_succeed/bug/395.coma index 2f4fd406d..040402848 100644 --- a/creusot/tests/should_succeed/bug/395.coma +++ b/creusot/tests/should_succeed/bug/395.coma @@ -11,7 +11,7 @@ module M_395__signed_division [#"395.rs" 3 0 3 24] meta "compute_max_steps" 1000000 - let rec signed_division'0 (_1:()) (return' (ret:()))= (! bb0 + let rec signed_division'0[#"395.rs" 3 0 3 24] (_1:()) (return' (ret:()))= (! bb0 [ bb0 = s0 [ s0 = [ &x <- [%#s3950] (10 : int32) ] s1 | s1 = [ &y <- [%#s3951] (1 : int32) ] s2 diff --git a/creusot/tests/should_succeed/bug/463.coma b/creusot/tests/should_succeed/bug/463.coma index d9f3b7f1b..b0beaab72 100644 --- a/creusot/tests/should_succeed/bug/463.coma +++ b/creusot/tests/should_succeed/bug/463.coma @@ -15,7 +15,7 @@ module M_463__test [#"463.rs" 3 0 3 13] use prelude.prelude.Borrow - let rec closure0'0 (_1:()) (x:usize) (return' (ret:usize))= {[@expl:closure requires] [%#s4633] UIntSize.to_int x + let rec closure0'0[#"463.rs" 6 8 6 37] (_1:()) (x:usize) (return' (ret:usize))= {[@expl:closure requires] [%#s4633] UIntSize.to_int x < 1000} (! bb0 [ bb0 = s0 @@ -31,7 +31,7 @@ module M_463__test [#"463.rs" 3 0 3 13] meta "compute_max_steps" 1000000 - let rec test'0 (_1:()) (return' (ret:()))= (! bb0 + let rec test'0[#"463.rs" 3 0 3 13] (_1:()) (return' (ret:()))= (! bb0 [ bb0 = s0 [ s0 = [ &c <- () ] s1 | s1 = [ &_4 <- (([%#s4630] (2 : usize))) ] s2 diff --git a/creusot/tests/should_succeed/bug/486.coma b/creusot/tests/should_succeed/bug/486.coma index cb7135616..b3b1af61a 100644 --- a/creusot/tests/should_succeed/bug/486.coma +++ b/creusot/tests/should_succeed/bug/486.coma @@ -22,7 +22,7 @@ module M_486__test [#"486.rs" 7 0 7 34] meta "compute_max_steps" 1000000 - let rec test'0 (x:t_HasMutRef'0) (return' (ret:()))= (! bb0 + let rec test'0[#"486.rs" 7 0 7 34] (x:t_HasMutRef'0) (return' (ret:()))= (! bb0 [ bb0 = s0 [ s0 = [ &x <- { t_HasMutRef__0'0 = { x.t_HasMutRef__0'0 with current = ([%#s4860] (5 : uint32)) } } ] s1 | s1 = -{match x with diff --git a/creusot/tests/should_succeed/bug/510.coma b/creusot/tests/should_succeed/bug/510.coma index 1391845ec..5712e759f 100644 --- a/creusot/tests/should_succeed/bug/510.coma +++ b/creusot/tests/should_succeed/bug/510.coma @@ -7,7 +7,7 @@ module M_510__test_bool [#"510.rs" 3 0 3 27] meta "compute_max_steps" 1000000 - let rec test_bool'0 (inp:bool) (return' (ret:()))= (! bb0 + let rec test_bool'0[#"510.rs" 3 0 3 27] (inp:bool) (return' (ret:()))= (! bb0 [ bb0 = s0 [ s0 = UInt8.of_int {Bool.to_int inp} (fun (_res:uint8) -> [ &_bing <- _res ] s1) | s1 = return' {_0} ] ] @@ -26,7 +26,7 @@ module M_510__test_char [#"510.rs" 7 0 7 18] meta "compute_max_steps" 1000000 - let rec test_char'0 (_1:()) (return' (ret:()))= (! bb0 + let rec test_char'0[#"510.rs" 7 0 7 18] (_1:()) (return' (ret:()))= (! bb0 [ bb0 = s0 [ s0 = Char.chr {UInt8.to_int ([%#s5100] (22 : uint8))} (fun (_res:char) -> [ &_1 <- _res ] s1) | s1 = return' {_0} ] diff --git a/creusot/tests/should_succeed/bug/511.coma b/creusot/tests/should_succeed/bug/511.coma index 86756dac1..81dfadd4f 100644 --- a/creusot/tests/should_succeed/bug/511.coma +++ b/creusot/tests/should_succeed/bug/511.coma @@ -7,7 +7,7 @@ module M_511__test_u8 [#"511.rs" 5 0 5 23] meta "compute_max_steps" 1000000 - let rec test_u8'0 (inp:uint8) (return' (ret:()))= (! bb0 + let rec test_u8'0[#"511.rs" 5 0 5 23] (inp:uint8) (return' (ret:()))= (! bb0 [ bb0 = s0 [ s0 = UIntSize.of_int {UInt8.to_int inp} (fun (_res:usize) -> [ &_bing <- _res ] s1) | s1 = return' {_0} ] ] @@ -24,7 +24,7 @@ module M_511__test_u16 [#"511.rs" 9 0 9 25] meta "compute_max_steps" 1000000 - let rec test_u16'0 (inp:uint16) (return' (ret:()))= (! bb0 + let rec test_u16'0[#"511.rs" 9 0 9 25] (inp:uint16) (return' (ret:()))= (! bb0 [ bb0 = s0 [ s0 = UIntSize.of_int {UInt16.to_int inp} (fun (_res:usize) -> [ &_bing <- _res ] s1) | s1 = return' {_0} ] ] @@ -41,7 +41,7 @@ module M_511__test_u128 [#"511.rs" 13 0 13 27] meta "compute_max_steps" 1000000 - let rec test_u128'0 (inp:uint128) (return' (ret:()))= (! bb0 + let rec test_u128'0[#"511.rs" 13 0 13 27] (inp:uint128) (return' (ret:()))= (! bb0 [ bb0 = s0 [ s0 = UIntSize.of_int {UInt128.to_int inp} (fun (_res:usize) -> [ &_bing <- _res ] s1) | s1 = return' {_0} ] ] @@ -58,7 +58,7 @@ module M_511__test_i8 [#"511.rs" 17 0 17 23] meta "compute_max_steps" 1000000 - let rec test_i8'0 (inp:int8) (return' (ret:()))= (! bb0 + let rec test_i8'0[#"511.rs" 17 0 17 23] (inp:int8) (return' (ret:()))= (! bb0 [ bb0 = s0 [ s0 = UIntSize.of_int {Int8.to_int inp} (fun (_res:usize) -> [ &_bing <- _res ] s1) | s1 = return' {_0} ] ] @@ -75,7 +75,7 @@ module M_511__test_i16 [#"511.rs" 21 0 21 25] meta "compute_max_steps" 1000000 - let rec test_i16'0 (inp:int16) (return' (ret:()))= (! bb0 + let rec test_i16'0[#"511.rs" 21 0 21 25] (inp:int16) (return' (ret:()))= (! bb0 [ bb0 = s0 [ s0 = UIntSize.of_int {Int16.to_int inp} (fun (_res:usize) -> [ &_bing <- _res ] s1) | s1 = return' {_0} ] ] @@ -92,7 +92,7 @@ module M_511__test_i128 [#"511.rs" 25 0 25 27] meta "compute_max_steps" 1000000 - let rec test_i128'0 (inp:int128) (return' (ret:()))= (! bb0 + let rec test_i128'0[#"511.rs" 25 0 25 27] (inp:int128) (return' (ret:()))= (! bb0 [ bb0 = s0 [ s0 = UIntSize.of_int {Int128.to_int inp} (fun (_res:usize) -> [ &_bing <- _res ] s1) | s1 = return' {_0} ] ] diff --git a/creusot/tests/should_succeed/bug/528.coma b/creusot/tests/should_succeed/bug/528.coma index 946e064d2..b3608e826 100644 --- a/creusot/tests/should_succeed/bug/528.coma +++ b/creusot/tests/should_succeed/bug/528.coma @@ -5,7 +5,7 @@ module M_528__neq [#"528.rs" 3 0 3 36] meta "compute_max_steps" 1000000 - let rec neq'0 (a:bool) (b:bool) (return' (ret:bool))= (! bb0 + let rec neq'0[#"528.rs" 3 0 3 36] (a:bool) (b:bool) (return' (ret:bool))= (! bb0 [ bb0 = s0 [ s0 = [ &_0 <- Bool.ne a b ] s1 | s1 = return' {_0} ] ] ) [ & _0 : bool = any_l () | & a : bool = a | & b : bool = b ] [ return' (result:bool)-> (! return' {result}) ] end diff --git a/creusot/tests/should_succeed/bug/545.coma b/creusot/tests/should_succeed/bug/545.coma index b81b30661..d3031eec1 100644 --- a/creusot/tests/should_succeed/bug/545.coma +++ b/creusot/tests/should_succeed/bug/545.coma @@ -7,7 +7,7 @@ module M_545__negative_is_negative [#"545.rs" 4 0 4 29] meta "compute_max_steps" 1000000 - let rec negative_is_negative'0 (_1:()) (return' (ret:()))= (! bb0 + let rec negative_is_negative'0[#"545.rs" 4 0 4 29] (_1:()) (return' (ret:()))= (! bb0 [ bb0 = s0 [ s0 = {[@expl:assertion] [%#s5450] 0 > - 100} s1 | s1 = return' {_0} ] ] ) [ & _0 : () = any_l () ] [ return' (result:())-> (! return' {result}) ] end diff --git a/creusot/tests/should_succeed/bug/552.coma b/creusot/tests/should_succeed/bug/552.coma index 08c3bb6cc..6e4ae62ce 100644 --- a/creusot/tests/should_succeed/bug/552.coma +++ b/creusot/tests/should_succeed/bug/552.coma @@ -23,7 +23,7 @@ module M_552__qyi3871915588092409085__step [#"552.rs" 23 4 23 30] (* [ &_4 <- _ret' ] s1) | s1 = bb1 ] | bb1 = s0 [ s0 = -{resolve'0 self}- s1 | s1 = [ &_0 <- [%#s5520] false ] s2 | s2 = return' {_0} ] ] @@ -44,7 +44,7 @@ module M_552__qyi8357961562374244852__transition [#"552.rs" 31 4 31 42] (* Machi meta "compute_max_steps" 1000000 - let rec transition'0 (self:()) (return' (ret:()))= {[@expl:transition requires] [%#s5520] invariants'0 self} + let rec transition'0[#"552.rs" 31 4 31 42] (self:()) (return' (ret:()))= {[@expl:transition requires] [%#s5520] invariants'0 self} (! bb0 [ bb0 = s0 [ s0 = [ &_0 <- () ] s1 | s1 = return' {_0} ] ] ) [ & _0 : () = any_l () ] [ return' (result:())-> (! return' {result}) ] diff --git a/creusot/tests/should_succeed/bug/570.coma b/creusot/tests/should_succeed/bug/570.coma index 5bc97fd34..d21dec598 100644 --- a/creusot/tests/should_succeed/bug/570.coma +++ b/creusot/tests/should_succeed/bug/570.coma @@ -11,7 +11,7 @@ module M_570__test_program [#"570.rs" 12 0 12 26] meta "compute_max_steps" 1000000 - let rec test_program'0 (s:t_S2'0) (return' (ret:()))= (! bb0 [ bb0 = return' {_0} ] ) + let rec test_program'0[#"570.rs" 12 0 12 26] (s:t_S2'0) (return' (ret:()))= (! bb0 [ bb0 = return' {_0} ] ) [ & _0 : () = any_l () | & s : t_S2'0 = s ] [ return' (result:())-> (! return' {result}) ] end @@ -30,7 +30,7 @@ module M_570__test_assign [#"570.rs" 16 0 16 29] meta "compute_max_steps" 1000000 - let rec test_assign'0 (s:t_S2'0) (return' (ret:()))= (! bb0 + let rec test_assign'0[#"570.rs" 16 0 16 29] (s:t_S2'0) (return' (ret:()))= (! bb0 [ bb0 = s0 [ s0 = [ &s <- { t_S2__s1'0 = { t_S1__f'0 = ([%#s5700] (2 : int32)) } } ] s1 | s1 = return' {_0} ] ] ) [ & _0 : () = any_l () | & s : t_S2'0 = s ] [ return' (result:())-> (! return' {result}) ] end diff --git a/creusot/tests/should_succeed/bug/594.coma b/creusot/tests/should_succeed/bug/594.coma index b06e5da88..7b92608f5 100644 --- a/creusot/tests/should_succeed/bug/594.coma +++ b/creusot/tests/should_succeed/bug/594.coma @@ -7,7 +7,7 @@ module M_594__test_program [#"594.rs" 11 0 11 46] meta "compute_max_steps" 1000000 - let rec test_program'0 (_1:(uint32, uint32)) (return' (ret:uint32))= (! bb0 + let rec test_program'0[#"594.rs" 11 0 11 46] (_1:(uint32, uint32)) (return' (ret:uint32))= (! bb0 [ bb0 = s0 [ s0 = [ &x <- let (r'0, _) = _1 in r'0 ] s1 | s1 = [ &_0 <- x ] s2 | s2 = return' {_0} ] ] ) [ & _0 : uint32 = any_l () | & _1 : (uint32, uint32) = _1 | & x : uint32 = any_l () ] [ return' (result:uint32)-> {[@expl:test_program ensures] [%#s5940] let (x, _) = _1 in result = x} @@ -29,7 +29,7 @@ module M_594__test_closure [#"594.rs" 15 0 15 21] use prelude.prelude.Borrow - let rec closure0'0 (_1:()) (_c:int32) (_3:(int32, int32)) (return' (ret:int32))= (! bb0 + let rec closure0'0[#"594.rs" 16 14 16 37] (_1:()) (_c:int32) (_3:(int32, int32)) (return' (ret:int32))= (! bb0 [ bb0 = s0 [ s0 = [ &_a <- let (r'0, _) = _3 in r'0 ] s1 | s1 = [ &b <- let (_, r'1) = _3 in r'1 ] s2 @@ -47,7 +47,7 @@ module M_594__test_closure [#"594.rs" 15 0 15 21] [ return' (result:int32)-> {[@expl:closure ensures] [%#s5945] let (_a, b) = _3 in result = b} (! return' {result}) ] - let rec closure1'0 (_1:()) (_2:(int32, int32)) (return' (ret:int32))= (! bb0 + let rec closure1'0[#"594.rs" 18 14 18 37] (_1:()) (_2:(int32, int32)) (return' (ret:int32))= (! bb0 [ bb0 = s0 [ s0 = [ &_a <- let (r'0, _) = _2 in r'0 ] s1 | s1 = [ &b <- let (_, r'1) = _2 in r'1 ] s2 @@ -67,7 +67,7 @@ module M_594__test_closure [#"594.rs" 15 0 15 21] meta "compute_max_steps" 1000000 - let rec test_closure'0 (_1:()) (return' (ret:()))= (! bb0 + let rec test_closure'0[#"594.rs" 15 0 15 21] (_1:()) (return' (ret:()))= (! bb0 [ bb0 = s0 [ s0 = [ &cl1 <- () ] s1 | s1 = [ &cl2 <- () ] s2 @@ -108,7 +108,7 @@ module M_594__qyi1704796797730763899__test_method [#"594.rs" 33 4 33 55] (* T *) meta "compute_max_steps" 1000000 - let rec test_method'0 (self:t_T'0) (_2:(uint32, uint32)) (return' (ret:uint32))= (! bb0 + let rec test_method'0[#"594.rs" 33 4 33 55] (self:t_T'0) (_2:(uint32, uint32)) (return' (ret:uint32))= (! bb0 [ bb0 = s0 [ s0 = [ &x <- let (r'0, _) = _2 in r'0 ] s1 | s1 = [ &_0 <- x ] s2 | s2 = return' {_0} ] ] ) [ & _0 : uint32 = any_l () | & _2 : (uint32, uint32) = _2 | & x : uint32 = any_l () ] [ return' (result:uint32)-> {[@expl:test_method ensures] [%#s5940] let (x, _) = _2 in result = x} diff --git a/creusot/tests/should_succeed/bug/641.coma b/creusot/tests/should_succeed/bug/641.coma index 5f26c07c4..b9a249d2a 100644 --- a/creusot/tests/should_succeed/bug/641.coma +++ b/creusot/tests/should_succeed/bug/641.coma @@ -9,7 +9,7 @@ module M_641__test_maintains [#"641.rs" 16 0 16 23] meta "compute_max_steps" 1000000 - let rec test_maintains'0 (_1:()) (return' (ret:()))= {[@expl:test_maintains requires] [%#s6410] test'0 ()} + let rec test_maintains'0[#"641.rs" 16 0 16 23] (_1:()) (return' (ret:()))= {[@expl:test_maintains requires] [%#s6410] test'0 ()} (! bb0 [ bb0 = return' {_0} ] ) [ & _0 : () = any_l () ] [ return' (result:())-> {[@expl:test_maintains ensures] [%#s6410] test'0 ()} (! return' {result}) ] diff --git a/creusot/tests/should_succeed/bug/653.coma b/creusot/tests/should_succeed/bug/653.coma index 104470dcf..38e05a18a 100644 --- a/creusot/tests/should_succeed/bug/653.coma +++ b/creusot/tests/should_succeed/bug/653.coma @@ -11,9 +11,9 @@ module M_653__omg [#"653.rs" 8 0 8 29] meta "compute_max_steps" 1000000 - let rec omg'0 (n:usize) (return' (ret:usize))= (! bb0 [ bb0 = s0 [ s0 = [ &_0 <- n ] s1 | s1 = return' {_0} ] ] ) - [ & _0 : usize = any_l () | & n : usize = n ] - + let rec omg'0[#"653.rs" 8 0 8 29] (n:usize) (return' (ret:usize))= (! bb0 + [ bb0 = s0 [ s0 = [ &_0 <- n ] s1 | s1 = return' {_0} ] ] + ) [ & _0 : usize = any_l () | & n : usize = n ] [ return' (result:usize)-> {[@expl:omg ensures] [%#s6530] UIntSize.to_int result = div (UIntSize.to_int n * (UIntSize.to_int n + 1)) 2} (! return' {result}) ] diff --git a/creusot/tests/should_succeed/bug/682.coma b/creusot/tests/should_succeed/bug/682.coma index af8a0b44a..b3f9a92cf 100644 --- a/creusot/tests/should_succeed/bug/682.coma +++ b/creusot/tests/should_succeed/bug/682.coma @@ -24,7 +24,7 @@ module M_682__add_some [#"682.rs" 6 0 6 24] meta "compute_max_steps" 1000000 - let rec add_some'0 (a:borrowed uint64) (return' (ret:()))= {[@expl:add_some requires] [%#s6821] UInt64.to_int a.current + let rec add_some'0[#"682.rs" 6 0 6 24] (a:borrowed uint64) (return' (ret:()))= {[@expl:add_some requires] [%#s6821] UInt64.to_int a.current <= div (UInt64.to_int (v_MAX'0 : uint64)) 2} (! bb0 [ bb0 = s0 @@ -76,7 +76,8 @@ module M_682__foo [#"682.rs" 12 0 12 23] meta "compute_max_steps" 1000000 - let rec foo'0 (a:borrowed uint64) (return' (ret:()))= {[@expl:foo requires] [%#s6822] a.current = (3 : uint64)} + let rec foo'0[#"682.rs" 12 0 12 23] (a:borrowed uint64) (return' (ret:()))= {[@expl:foo requires] [%#s6822] a.current + = (3 : uint64)} (! bb0 [ bb0 = s0 [ s0 = [ &a_p <- [%#s6820] Snapshot.new a.current ] s1 | s1 = bb1 ] | bb1 = s0 diff --git a/creusot/tests/should_succeed/bug/691.coma b/creusot/tests/should_succeed/bug/691.coma index b5f4424ee..c4f17f67b 100644 --- a/creusot/tests/should_succeed/bug/691.coma +++ b/creusot/tests/should_succeed/bug/691.coma @@ -10,7 +10,7 @@ module M_691__example [#"691.rs" 8 0 8 16] meta "compute_max_steps" 1000000 - let rec example'0 (_1:()) (return' (ret:()))= (! bb0 + let rec example'0[#"691.rs" 8 0 8 16] (_1:()) (return' (ret:()))= (! bb0 [ bb0 = s0 [ s0 = [ &c <- { t_Foo__bar'0 = ([%#s6910] (2 : uint32)) } ] s1 | s1 = return' {_0} ] ] ) [ & _0 : () = any_l () | & c : t_Foo'0 = any_l () ] [ return' (result:())-> (! return' {result}) ] end diff --git a/creusot/tests/should_succeed/bug/693.coma b/creusot/tests/should_succeed/bug/693.coma index 46dfeaf65..ed056a92b 100644 --- a/creusot/tests/should_succeed/bug/693.coma +++ b/creusot/tests/should_succeed/bug/693.coma @@ -11,7 +11,7 @@ module M_693__f [#"693.rs" 3 0 3 21] meta "compute_max_steps" 1000000 - let rec f'0 (_1:t_IfC'0) (return' (ret:()))= {[@expl:f '_1' type invariant] inv'0 _1} + let rec f'0[#"693.rs" 3 0 3 21] (_1:t_IfC'0) (return' (ret:()))= {[@expl:f '_1' type invariant] inv'0 _1} (! bb0 [ bb0 = s0 [ s0 = {[@expl:type invariant] inv'0 _1} s1 | s1 = -{resolve'0 _1}- s2 | s2 = bb1 ] | bb1 = return' {_0} ] @@ -33,7 +33,7 @@ module M_693__g [#"693.rs" 5 0 5 10] meta "compute_max_steps" 1000000 - let rec g'0 (_1:()) (return' (ret:()))= (! bb0 + let rec g'0[#"693.rs" 5 0 5 10] (_1:()) (return' (ret:()))= (! bb0 [ bb0 = s0 [ s0 = f'0 {[%#s6930] (0 : int32)} (fun (_ret':()) -> [ &_0 <- _ret' ] s1) | s1 = bb1 ] | bb1 = return' {_0} ] ) [ & _0 : () = any_l () ] [ return' (result:())-> (! return' {result}) ] diff --git a/creusot/tests/should_succeed/bug/766.coma b/creusot/tests/should_succeed/bug/766.coma index dcbd6b2d2..eff66b7cc 100644 --- a/creusot/tests/should_succeed/bug/766.coma +++ b/creusot/tests/should_succeed/bug/766.coma @@ -39,7 +39,7 @@ module M_766__Trait__goo [#"766.rs" 10 4 10 21] meta "compute_max_steps" 1000000 - let rec goo'0 (self:borrowed t_Self'0) (return' (ret:()))= {[@expl:goo 'self' type invariant] [%#s7660] inv'1 self} + let rec goo'0[#"766.rs" 10 4 10 21] (self:borrowed t_Self'0) (return' (ret:()))= {[@expl:goo 'self' type invariant] [%#s7660] inv'1 self} (! bb0 [ bb0 = s0 [ s0 = {inv'0 self.current} diff --git a/creusot/tests/should_succeed/bug/789.coma b/creusot/tests/should_succeed/bug/789.coma index a599ea1c8..95e9f96de 100644 --- a/creusot/tests/should_succeed/bug/789.coma +++ b/creusot/tests/should_succeed/bug/789.coma @@ -5,7 +5,7 @@ module M_789__meta [#"789.rs" 3 0 3 22] meta "compute_max_steps" 1000000 - let rec meta'0 (_x:usize) (return' (ret:()))= (! bb0 [ bb0 = return' {_0} ] ) [ & _0 : () = any_l () ] - [ return' (result:())-> (! return' {result}) ] - + let rec meta'0[#"789.rs" 3 0 3 22] (_x:usize) (return' (ret:()))= (! bb0 [ bb0 = return' {_0} ] ) + [ & _0 : () = any_l () ] + [ return' (result:())-> (! return' {result}) ] end diff --git a/creusot/tests/should_succeed/bug/791.coma b/creusot/tests/should_succeed/bug/791.coma index 11cd1035a..c72f6c733 100644 --- a/creusot/tests/should_succeed/bug/791.coma +++ b/creusot/tests/should_succeed/bug/791.coma @@ -3,7 +3,7 @@ module M_791__i_love_floats [#"791.rs" 3 0 3 22] meta "compute_max_steps" 1000000 - let rec i_love_floats'0 (_1:()) (return' (ret:()))= (! bb0 [ bb0 = return' {_0} ] ) [ & _0 : () = any_l () ] - [ return' (result:())-> (! return' {result}) ] - + let rec i_love_floats'0[#"791.rs" 3 0 3 22] (_1:()) (return' (ret:()))= (! bb0 [ bb0 = return' {_0} ] ) + [ & _0 : () = any_l () ] + [ return' (result:())-> (! return' {result}) ] end diff --git a/creusot/tests/should_succeed/bug/874.coma b/creusot/tests/should_succeed/bug/874.coma index 1325def4a..db324cbfa 100644 --- a/creusot/tests/should_succeed/bug/874.coma +++ b/creusot/tests/should_succeed/bug/874.coma @@ -178,7 +178,7 @@ module M_874__can_extend [#"874.rs" 4 0 4 19] meta "compute_max_steps" 1000000 - let rec can_extend'0 (_1:()) (return' (ret:()))= (! bb0 + let rec can_extend'0[#"874.rs" 4 0 4 19] (_1:()) (return' (ret:()))= (! bb0 [ bb0 = s0 [ s0 = any [ any_ (__arr_temp:array int32)-> (! -{Seq.get __arr_temp.elts 0 = ([%#s8740] (1 : int32)) diff --git a/creusot/tests/should_succeed/bug/922.coma b/creusot/tests/should_succeed/bug/922.coma index a1c7c8da0..05b807318 100644 --- a/creusot/tests/should_succeed/bug/922.coma +++ b/creusot/tests/should_succeed/bug/922.coma @@ -32,7 +32,7 @@ module M_922__g [#"922.rs" 5 0 5 57] meta "compute_max_steps" 1000000 - let rec g'0 (x:((int32, borrowed int32), int32)) (return' (ret:borrowed int32))= (! bb0 + let rec g'0[#"922.rs" 5 0 5 57] (x:((int32, borrowed int32), int32)) (return' (ret:borrowed int32))= (! bb0 [ bb0 = s0 [ s0 = Borrow.borrow_final @@ -89,7 +89,7 @@ module M_922__f1 [#"922.rs" 12 0 12 59] meta "compute_max_steps" 1000000 - let rec f1'0 (b:borrowed (int32, borrowed int32)) (return' (ret:borrowed int32))= (! bb0 + let rec f1'0[#"922.rs" 12 0 12 59] (b:borrowed (int32, borrowed int32)) (return' (ret:borrowed int32))= (! bb0 [ bb0 = s0 [ s0 = Borrow.borrow_mut {(let (_, r'0) = b.current in r'0).current} (fun (_ret':borrowed int32) -> @@ -146,7 +146,7 @@ module M_922__f2 [#"922.rs" 19 0 19 60] meta "compute_max_steps" 1000000 - let rec f2'0 (x0:borrowed (int32, borrowed int32)) (return' (ret:borrowed int32))= (! bb0 + let rec f2'0[#"922.rs" 19 0 19 60] (x0:borrowed (int32, borrowed int32)) (return' (ret:borrowed int32))= (! bb0 [ bb0 = s0 [ s0 = Borrow.borrow_mut {(let (_, r'0) = x0.current in r'0).current} (fun (_ret':borrowed int32) -> @@ -203,7 +203,7 @@ module M_922__f3 [#"922.rs" 26 0 26 60] meta "compute_max_steps" 1000000 - let rec f3'0 (x1:borrowed (int32, borrowed int32)) (return' (ret:borrowed int32))= (! bb0 + let rec f3'0[#"922.rs" 26 0 26 60] (x1:borrowed (int32, borrowed int32)) (return' (ret:borrowed int32))= (! bb0 [ bb0 = s0 [ s0 = Borrow.borrow_mut {(let (_, r'0) = x1.current in r'0).current} (fun (_ret':borrowed int32) -> @@ -260,7 +260,7 @@ module M_922__f4 [#"922.rs" 33 0 33 60] meta "compute_max_steps" 1000000 - let rec f4'0 (x2:borrowed (int32, borrowed int32)) (return' (ret:borrowed int32))= (! bb0 + let rec f4'0[#"922.rs" 33 0 33 60] (x2:borrowed (int32, borrowed int32)) (return' (ret:borrowed int32))= (! bb0 [ bb0 = s0 [ s0 = Borrow.borrow_mut {(let (_, r'0) = x2.current in r'0).current} (fun (_ret':borrowed int32) -> diff --git a/creusot/tests/should_succeed/bug/991.coma b/creusot/tests/should_succeed/bug/991.coma index bcf8cee0d..e25fbbd96 100644 --- a/creusot/tests/should_succeed/bug/991.coma +++ b/creusot/tests/should_succeed/bug/991.coma @@ -52,7 +52,7 @@ module M_991__qyi6256438357931963096__love_and_hope [#"991.rs" 22 4 22 27] (* Fo meta "compute_max_steps" 1000000 - let rec love_and_hope'0 (self:t_Formula'0) (return' (ret:()))= (! bb0 [ bb0 = return' {_0} ] ) + let rec love_and_hope'0[#"991.rs" 22 4 22 27] (self:t_Formula'0) (return' (ret:()))= (! bb0 [ bb0 = return' {_0} ] ) [ & _0 : () = any_l () ] [ return' (result:())-> {[@expl:love_and_hope ensures] [%#s9910] view'0 self = view'0 self} (! return' {result}) ] end diff --git a/creusot/tests/should_succeed/bug/box_borrow_resolve.coma b/creusot/tests/should_succeed/bug/box_borrow_resolve.coma index eb81bfa1e..f5d8db8d8 100644 --- a/creusot/tests/should_succeed/bug/box_borrow_resolve.coma +++ b/creusot/tests/should_succeed/bug/box_borrow_resolve.coma @@ -23,7 +23,7 @@ module M_box_borrow_resolve__borrow_in_box [#"box_borrow_resolve.rs" 6 0 6 50] meta "compute_max_steps" 1000000 - let rec borrow_in_box'0 (x:borrowed int32) (return' (ret:borrowed int32))= (! bb0 + let rec borrow_in_box'0[#"box_borrow_resolve.rs" 6 0 6 50] (x:borrowed int32) (return' (ret:borrowed int32))= (! bb0 [ bb0 = s0 [ s0 = Borrow.borrow_final {x.current} {Borrow.get_id x} (fun (_ret':borrowed int32) -> [ &_4 <- _ret' ] [ &x <- { x with current = _ret'.final } ] s1) diff --git a/creusot/tests/should_succeed/bug/eq_panic.coma b/creusot/tests/should_succeed/bug/eq_panic.coma index c3d9ef2cd..0d4dca42a 100644 --- a/creusot/tests/should_succeed/bug/eq_panic.coma +++ b/creusot/tests/should_succeed/bug/eq_panic.coma @@ -43,7 +43,7 @@ module M_eq_panic__omg [#"eq_panic.rs" 6 0 6 51] meta "compute_max_steps" 1000000 - let rec omg'0 (x:t_T'0) (y:t_T'0) (return' (ret:bool))= {[@expl:omg 'x' type invariant] [%#seq_panic0] inv'0 x} + let rec omg'0[#"eq_panic.rs" 6 0 6 51] (x:t_T'0) (y:t_T'0) (return' (ret:bool))= {[@expl:omg 'x' type invariant] [%#seq_panic0] inv'0 x} {[@expl:omg 'y' type invariant] [%#seq_panic1] inv'0 y} (! bb0 [ bb0 = s0 [ s0 = eq'0 {x} {y} (fun (_ret':bool) -> [ &_0 <- _ret' ] s1) | s1 = bb1 ] | bb1 = return' {_0} ] diff --git a/creusot/tests/should_succeed/bug/final_borrows.coma b/creusot/tests/should_succeed/bug/final_borrows.coma index 2bb331f3e..8496bddd9 100644 --- a/creusot/tests/should_succeed/bug/final_borrows.coma +++ b/creusot/tests/should_succeed/bug/final_borrows.coma @@ -28,7 +28,7 @@ module M_final_borrows__reborrow_id [#"final_borrows.rs" 5 0 5 42] meta "compute_max_steps" 1000000 - let rec reborrow_id'0 (r:borrowed t_T'0) (return' (ret:borrowed t_T'0))= {[@expl:reborrow_id 'r' type invariant] [%#sfinal_borrows0] inv'1 r} + let rec reborrow_id'0[#"final_borrows.rs" 5 0 5 42] (r:borrowed t_T'0) (return' (ret:borrowed t_T'0))= {[@expl:reborrow_id 'r' type invariant] [%#sfinal_borrows0] inv'1 r} (! bb0 [ bb0 = s0 [ s0 = {inv'0 r.current} @@ -88,7 +88,7 @@ module M_final_borrows__select [#"final_borrows.rs" 10 0 10 72] meta "compute_max_steps" 1000000 - let rec select'0 (b:bool) (r1:borrowed t_T'0) (r2:borrowed t_T'0) (return' (ret:borrowed t_T'0))= {[@expl:select 'r1' type invariant] [%#sfinal_borrows0] inv'0 r1} + let rec select'0[#"final_borrows.rs" 10 0 10 72] (b:bool) (r1:borrowed t_T'0) (r2:borrowed t_T'0) (return' (ret:borrowed t_T'0))= {[@expl:select 'r1' type invariant] [%#sfinal_borrows0] inv'0 r1} {[@expl:select 'r2' type invariant] [%#sfinal_borrows1] inv'0 r2} (! bb0 [ bb0 = any [ br0 -> {b = false} (! bb2) | br1 -> {b} (! bb1) ] @@ -212,7 +212,7 @@ module M_final_borrows__reborrow_field [#"final_borrows.rs" 19 0 19 50] meta "compute_max_steps" 1000000 - let rec reborrow_field'0 (r:borrowed (t_T'0, t_T'0)) (return' (ret:borrowed t_T'0))= {[@expl:reborrow_field 'r' type invariant] [%#sfinal_borrows0] inv'2 r} + let rec reborrow_field'0[#"final_borrows.rs" 19 0 19 50] (r:borrowed (t_T'0, t_T'0)) (return' (ret:borrowed t_T'0))= {[@expl:reborrow_field 'r' type invariant] [%#sfinal_borrows0] inv'2 r} (! bb0 [ bb0 = s0 [ s0 = {inv'0 (let (r'0, _) = r.current in r'0)} @@ -310,7 +310,7 @@ module M_final_borrows__disjoint_fields [#"final_borrows.rs" 25 0 25 61] meta "compute_max_steps" 1000000 - let rec disjoint_fields'0 (r:borrowed (t_T'0, t_T'0)) (return' (ret:(borrowed t_T'0, borrowed t_T'0)))= {[@expl:disjoint_fields 'r' type invariant] [%#sfinal_borrows0] inv'2 r} + let rec disjoint_fields'0[#"final_borrows.rs" 25 0 25 61] (r:borrowed (t_T'0, t_T'0)) (return' (ret:(borrowed t_T'0, borrowed t_T'0)))= {[@expl:disjoint_fields 'r' type invariant] [%#sfinal_borrows0] inv'2 r} (! bb0 [ bb0 = s0 [ s0 = {inv'0 (let (r'0, _) = r.current in r'0)} @@ -432,7 +432,7 @@ module M_final_borrows__nested_fields [#"final_borrows.rs" 32 0 32 54] meta "compute_max_steps" 1000000 - let rec nested_fields'0 (r:borrowed ((t_T'0, t_T'0), t_T'0)) (return' (ret:borrowed t_T'0))= {[@expl:nested_fields 'r' type invariant] [%#sfinal_borrows0] inv'4 r} + let rec nested_fields'0[#"final_borrows.rs" 32 0 32 54] (r:borrowed ((t_T'0, t_T'0), t_T'0)) (return' (ret:borrowed t_T'0))= {[@expl:nested_fields 'r' type invariant] [%#sfinal_borrows0] inv'4 r} (! bb0 [ bb0 = s0 [ s0 = {inv'0 (let (r'0, _) = r.current in r'0)} @@ -551,7 +551,7 @@ module M_final_borrows__really_nested_fields [#"final_borrows.rs" 38 0 38 61] meta "compute_max_steps" 1000000 - let rec really_nested_fields'0 (x:(borrowed (t_T'0, t_T'0), t_T'0)) (return' (ret:borrowed t_T'0))= {[@expl:really_nested_fields 'x' type invariant] [%#sfinal_borrows0] inv'2 x} + let rec really_nested_fields'0[#"final_borrows.rs" 38 0 38 61] (x:(borrowed (t_T'0, t_T'0), t_T'0)) (return' (ret:borrowed t_T'0))= {[@expl:really_nested_fields 'x' type invariant] [%#sfinal_borrows0] inv'2 x} (! bb0 [ bb0 = bb1 | bb1 = s0 @@ -680,7 +680,7 @@ module M_final_borrows__select_field [#"final_borrows.rs" 47 0 47 56] meta "compute_max_steps" 1000000 - let rec select_field'0 (x:borrowed (t_Option'0, t_T'0)) (return' (ret:borrowed t_T'0))= {[@expl:select_field 'x' type invariant] [%#sfinal_borrows0] inv'4 x} + let rec select_field'0[#"final_borrows.rs" 47 0 47 56] (x:borrowed (t_Option'0, t_T'0)) (return' (ret:borrowed t_T'0))= {[@expl:select_field 'x' type invariant] [%#sfinal_borrows0] inv'4 x} (! bb0 [ bb0 = s0 [ s0 = {inv'0 (let (r'0, _) = x.current in r'0)} @@ -774,7 +774,7 @@ module M_final_borrows__set_7 [#"final_borrows.rs" 56 0 56 21] meta "compute_max_steps" 1000000 - let rec set_7'0 (r:borrowed int32) (return' (ret:()))= (! bb0 + let rec set_7'0[#"final_borrows.rs" 56 0 56 21] (r:borrowed int32) (return' (ret:()))= (! bb0 [ bb0 = s0 [ s0 = [ &r <- { r with current = ([%#sfinal_borrows0] (7 : int32)) } ] s1 | s1 = -{resolve'0 r}- s2 @@ -811,7 +811,7 @@ module M_final_borrows__not_final_borrow_works [#"final_borrows.rs" 61 0 61 38] meta "compute_max_steps" 1000000 - let rec not_final_borrow_works'0 (_1:()) (return' (ret:int32))= (! bb0 + let rec not_final_borrow_works'0[#"final_borrows.rs" 61 0 61 38] (_1:()) (return' (ret:int32))= (! bb0 [ bb0 = s0 [ s0 = [ &x <- [%#sfinal_borrows0] (1 : int32) ] s1 | s1 = Borrow.borrow_mut {x} (fun (_ret':borrowed int32) -> [ &r <- _ret' ] [ &x <- _ret'.final ] s2) @@ -864,7 +864,7 @@ module M_final_borrows__branching [#"final_borrows.rs" 72 0 72 32] meta "compute_max_steps" 1000000 - let rec branching'0 (b:bool) (return' (ret:int32))= (! bb0 + let rec branching'0[#"final_borrows.rs" 72 0 72 32] (b:bool) (return' (ret:int32))= (! bb0 [ bb0 = s0 [ s0 = [ &x <- [%#sfinal_borrows0] (3 : int32) ] s1 | s1 = Borrow.borrow_mut {x} (fun (_ret':borrowed int32) -> [ &r1 <- _ret' ] [ &x <- _ret'.final ] s2) @@ -953,7 +953,7 @@ module M_final_borrows__unnesting_non_extensional [#"final_borrows.rs" 93 0 93 8 meta "compute_max_steps" 1000000 - let rec unnesting_non_extensional'0 (x:borrowed (borrowed t_T'0)) (return' (ret:borrowed t_T'0))= {[@expl:unnesting_non_extensional 'x' type invariant] [%#sfinal_borrows0] inv'2 x} + let rec unnesting_non_extensional'0[#"final_borrows.rs" 93 0 93 82] (x:borrowed (borrowed t_T'0)) (return' (ret:borrowed t_T'0))= {[@expl:unnesting_non_extensional 'x' type invariant] [%#sfinal_borrows0] inv'2 x} (! bb0 [ bb0 = s0 [ s0 = {inv'0 (x.current).current} @@ -1050,7 +1050,7 @@ module M_final_borrows__write_inner_borrow [#"final_borrows.rs" 97 0 97 75] meta "compute_max_steps" 1000000 - let rec write_inner_borrow'0 (x:borrowed (borrowed t_T'0)) (b:borrowed t_T'0) (value:t_T'0) (return' (ret:()))= {[@expl:write_inner_borrow 'x' type invariant] [%#sfinal_borrows2] inv'2 x} + let rec write_inner_borrow'0[#"final_borrows.rs" 97 0 97 75] (x:borrowed (borrowed t_T'0)) (b:borrowed t_T'0) (value:t_T'0) (return' (ret:()))= {[@expl:write_inner_borrow 'x' type invariant] [%#sfinal_borrows2] inv'2 x} {[@expl:write_inner_borrow 'b' type invariant] [%#sfinal_borrows3] inv'1 b} {[@expl:write_inner_borrow 'value' type invariant] [%#sfinal_borrows4] inv'0 value} (! bb0 @@ -1140,7 +1140,7 @@ module M_final_borrows__box_deref [#"final_borrows.rs" 110 0 110 35] meta "compute_max_steps" 1000000 - let rec box_deref'0 (x:t_T'0) (return' (ret:t_T'0))= {[@expl:box_deref 'x' type invariant] [%#sfinal_borrows0] inv'0 x} + let rec box_deref'0[#"final_borrows.rs" 110 0 110 35] (x:t_T'0) (return' (ret:t_T'0))= {[@expl:box_deref 'x' type invariant] [%#sfinal_borrows0] inv'0 x} (! bb0 [ bb0 = bb1 | bb1 = s0 [ s0 = [ &_0 <- x ] s1 | s1 = bb2 ] | bb2 = return' {_0} ] ) [ & _0 : t_T'0 = any_l () | & x : t_T'0 = x ] @@ -1196,7 +1196,7 @@ module M_final_borrows__box_reborrow_direct [#"final_borrows.rs" 115 0 115 44] meta "compute_max_steps" 1000000 - let rec box_reborrow_direct'0 (x:t_T'0) (return' (ret:()))= {[@expl:box_reborrow_direct 'x' type invariant] [%#sfinal_borrows1] inv'2 x} + let rec box_reborrow_direct'0[#"final_borrows.rs" 115 0 115 44] (x:t_T'0) (return' (ret:()))= {[@expl:box_reborrow_direct 'x' type invariant] [%#sfinal_borrows1] inv'2 x} (! bb0 [ bb0 = s0 [ s0 = {inv'0 x} @@ -1275,7 +1275,7 @@ module M_final_borrows__box_reborrow_indirect [#"final_borrows.rs" 123 0 123 58] meta "compute_max_steps" 1000000 - let rec box_reborrow_indirect'0 (x:borrowed t_T'0) (return' (ret:t_T'0))= {[@expl:box_reborrow_indirect 'x' type invariant] [%#sfinal_borrows0] inv'2 x} + let rec box_reborrow_indirect'0[#"final_borrows.rs" 123 0 123 58] (x:borrowed t_T'0) (return' (ret:t_T'0))= {[@expl:box_reborrow_indirect 'x' type invariant] [%#sfinal_borrows0] inv'2 x} (! bb0 [ bb0 = s0 [ s0 = {inv'0 x.current} @@ -1339,7 +1339,7 @@ module M_final_borrows__box_reborrow_in_struct [#"final_borrows.rs" 130 0 130 66 meta "compute_max_steps" 1000000 - let rec box_reborrow_in_struct'0 (x:borrowed (int32, borrowed int32)) (return' (ret:int32))= {[@expl:box_reborrow_in_struct requires] [%#sfinal_borrows0] Int32.to_int (let (_, a) = x.current in a).current + let rec box_reborrow_in_struct'0[#"final_borrows.rs" 130 0 130 66] (x:borrowed (int32, borrowed int32)) (return' (ret:int32))= {[@expl:box_reborrow_in_struct requires] [%#sfinal_borrows0] Int32.to_int (let (_, a) = x.current in a).current = 3} (! bb0 [ bb0 = s0 @@ -1413,7 +1413,7 @@ module M_final_borrows__borrow_in_box [#"final_borrows.rs" 136 0 136 49] meta "compute_max_steps" 1000000 - let rec borrow_in_box'0 (x:borrowed t_T'0) (return' (ret:borrowed t_T'0))= {[@expl:borrow_in_box 'x' type invariant] [%#sfinal_borrows0] inv'2 x} + let rec borrow_in_box'0[#"final_borrows.rs" 136 0 136 49] (x:borrowed t_T'0) (return' (ret:borrowed t_T'0))= {[@expl:borrow_in_box 'x' type invariant] [%#sfinal_borrows0] inv'2 x} (! bb0 [ bb0 = s0 [ s0 = {inv'0 x.current} @@ -1495,7 +1495,7 @@ module M_final_borrows__borrow_in_box_tuple_1 [#"final_borrows.rs" 142 0 142 60] meta "compute_max_steps" 1000000 - let rec borrow_in_box_tuple_1'0 (x:(int32, borrowed int32)) (return' (ret:int32))= {[@expl:borrow_in_box_tuple_1 requires] [%#sfinal_borrows0] Int32.to_int (let (_, a) = x in a).current + let rec borrow_in_box_tuple_1'0[#"final_borrows.rs" 142 0 142 60] (x:(int32, borrowed int32)) (return' (ret:int32))= {[@expl:borrow_in_box_tuple_1 requires] [%#sfinal_borrows0] Int32.to_int (let (_, a) = x in a).current = 2} (! bb0 [ bb0 = bb1 @@ -1562,7 +1562,7 @@ module M_final_borrows__borrow_in_box_tuple_2 [#"final_borrows.rs" 149 0 149 60] meta "compute_max_steps" 1000000 - let rec borrow_in_box_tuple_2'0 (x:(int32, borrowed int32)) (return' (ret:int32))= {[@expl:borrow_in_box_tuple_2 requires] [%#sfinal_borrows0] Int32.to_int (let (_, a) = x in a).current + let rec borrow_in_box_tuple_2'0[#"final_borrows.rs" 149 0 149 60] (x:(int32, borrowed int32)) (return' (ret:int32))= {[@expl:borrow_in_box_tuple_2 requires] [%#sfinal_borrows0] Int32.to_int (let (_, a) = x in a).current = 2} (! bb0 [ bb0 = bb1 @@ -1642,7 +1642,7 @@ module M_final_borrows__reborrow_in_box [#"final_borrows.rs" 155 0 155 51] meta "compute_max_steps" 1000000 - let rec reborrow_in_box'0 (x:borrowed t_T'0) (return' (ret:borrowed t_T'0))= {[@expl:reborrow_in_box 'x' type invariant] [%#sfinal_borrows0] inv'2 x} + let rec reborrow_in_box'0[#"final_borrows.rs" 155 0 155 51] (x:borrowed t_T'0) (return' (ret:borrowed t_T'0))= {[@expl:reborrow_in_box 'x' type invariant] [%#sfinal_borrows0] inv'2 x} (! bb0 [ bb0 = s0 [ s0 = {inv'0 x.current} @@ -1715,7 +1715,7 @@ module M_final_borrows__shared_borrow_no_gen [#"final_borrows.rs" 170 0 170 43] meta "compute_max_steps" 1000000 - let rec shared_borrow_no_gen'0 (bor:borrowed t_T'0) (return' (ret:()))= {[@expl:shared_borrow_no_gen 'bor' type invariant] [%#sfinal_borrows1] inv'1 bor} + let rec shared_borrow_no_gen'0[#"final_borrows.rs" 170 0 170 43] (bor:borrowed t_T'0) (return' (ret:()))= {[@expl:shared_borrow_no_gen 'bor' type invariant] [%#sfinal_borrows1] inv'1 bor} (! bb0 [ bb0 = s0 [ s0 = {inv'0 bor.current} @@ -1781,7 +1781,7 @@ module M_final_borrows__inspect_no_gen [#"final_borrows.rs" 176 0 176 43] meta "compute_max_steps" 1000000 - let rec inspect_no_gen'0 (x:borrowed (t_Option'0)) (return' (ret:()))= {[@expl:inspect_no_gen 'x' type invariant] [%#sfinal_borrows1] inv'1 x} + let rec inspect_no_gen'0[#"final_borrows.rs" 176 0 176 43] (x:borrowed (t_Option'0)) (return' (ret:()))= {[@expl:inspect_no_gen 'x' type invariant] [%#sfinal_borrows1] inv'1 x} (! bb0 [ bb0 = s0 [ s0 = {inv'0 x.current} @@ -1852,7 +1852,7 @@ module M_final_borrows__place_mention_no_gen [#"final_borrows.rs" 185 0 185 49] meta "compute_max_steps" 1000000 - let rec place_mention_no_gen'0 (x:borrowed (t_Option'0)) (return' (ret:()))= {[@expl:place_mention_no_gen 'x' type invariant] [%#sfinal_borrows1] inv'1 x} + let rec place_mention_no_gen'0[#"final_borrows.rs" 185 0 185 49] (x:borrowed (t_Option'0)) (return' (ret:()))= {[@expl:place_mention_no_gen 'x' type invariant] [%#sfinal_borrows1] inv'1 x} (! bb0 [ bb0 = s0 [ s0 = {inv'0 x.current} @@ -1901,7 +1901,7 @@ module M_final_borrows__shallow_borrow_no_gen [#"final_borrows.rs" 191 0 191 49] meta "compute_max_steps" 1000000 - let rec shallow_borrow_no_gen'0 (x:borrowed (t_Option'0)) (return' (ret:()))= (! bb0 + let rec shallow_borrow_no_gen'0[#"final_borrows.rs" 191 0 191 49] (x:borrowed (t_Option'0)) (return' (ret:()))= (! bb0 [ bb0 = s0 [ s0 = Borrow.borrow_final {x.current} {Borrow.get_id x} (fun (_ret':borrowed (t_Option'0)) -> [ &_r <- _ret' ] [ &x <- { x with current = _ret'.final } ] s1) @@ -2035,7 +2035,7 @@ module M_final_borrows__index_mut_slice [#"final_borrows.rs" 208 0 208 48] meta "compute_max_steps" 1000000 - let rec index_mut_slice'0 (v:borrowed (slice t_T'0)) (return' (ret:borrowed t_T'0))= {[@expl:index_mut_slice 'v' type invariant] [%#sfinal_borrows2] inv'2 v} + let rec index_mut_slice'0[#"final_borrows.rs" 208 0 208 48] (v:borrowed (slice t_T'0)) (return' (ret:borrowed t_T'0))= {[@expl:index_mut_slice 'v' type invariant] [%#sfinal_borrows2] inv'2 v} {[@expl:index_mut_slice requires] [%#sfinal_borrows3] Seq.length (view'0 v) = 42} (! bb0 [ bb0 = s0 @@ -2188,7 +2188,7 @@ module M_final_borrows__index_mut_array [#"final_borrows.rs" 214 0 214 52] meta "compute_max_steps" 1000000 - let rec index_mut_array'0 (v:borrowed (array t_T'0)) (return' (ret:borrowed t_T'0))= {[@expl:index_mut_array 'v' type invariant] [%#sfinal_borrows2] inv'2 v} + let rec index_mut_array'0[#"final_borrows.rs" 214 0 214 52] (v:borrowed (array t_T'0)) (return' (ret:borrowed t_T'0))= {[@expl:index_mut_array 'v' type invariant] [%#sfinal_borrows2] inv'2 v} {[@expl:index_mut_array requires] [%#sfinal_borrows3] Seq.length (view'0 v) = 31} (! bb0 [ bb0 = s0 diff --git a/creusot/tests/should_succeed/bug/minus_assoc.coma b/creusot/tests/should_succeed/bug/minus_assoc.coma index dfa4fcda0..d4cfaede7 100644 --- a/creusot/tests/should_succeed/bug/minus_assoc.coma +++ b/creusot/tests/should_succeed/bug/minus_assoc.coma @@ -7,7 +7,7 @@ module M_minus_assoc__f [#"minus_assoc.rs" 6 0 6 10] meta "compute_max_steps" 1000000 - let rec f'0 (_1:()) (return' (ret:()))= (! bb0 [ bb0 = return' {_0} ] ) [ & _0 : () = any_l () ] - [ return' (result:())-> {[@expl:f ensures] [%#sminus_assoc0] 0 - (1 - 1) = 0} (! return' {result}) ] - + let rec f'0[#"minus_assoc.rs" 6 0 6 10] (_1:()) (return' (ret:()))= (! bb0 [ bb0 = return' {_0} ] ) + [ & _0 : () = any_l () ] + [ return' (result:())-> {[@expl:f ensures] [%#sminus_assoc0] 0 - (1 - 1) = 0} (! return' {result}) ] end diff --git a/creusot/tests/should_succeed/bug/nonreturning.coma b/creusot/tests/should_succeed/bug/nonreturning.coma index ff9f4e770..1b9103752 100644 --- a/creusot/tests/should_succeed/bug/nonreturning.coma +++ b/creusot/tests/should_succeed/bug/nonreturning.coma @@ -11,9 +11,9 @@ module M_nonreturning__f [#"nonreturning.rs" 5 0 5 11] meta "compute_max_steps" 1000000 - let rec f'0 (_1:()) (return' (ret:()))= (! bb0 [ bb0 = bb1 | bb1 = bb1 [ bb1 = (! bb2) [ bb2 = bb1 ] ] ] ) - [ return' (result:())-> {[@expl:f result type invariant] [%#snonreturning0] inv'0 result} (! return' {result}) ] - + let rec f'0[#"nonreturning.rs" 5 0 5 11] (_1:()) (return' (ret:()))= (! bb0 + [ bb0 = bb1 | bb1 = bb1 [ bb1 = (! bb2) [ bb2 = bb1 ] ] ] + ) [ return' (result:())-> {[@expl:f result type invariant] [%#snonreturning0] inv'0 result} (! return' {result}) ] end module M_nonreturning__g [#"nonreturning.rs" 11 0 11 17] let%span snonreturning0 = "nonreturning.rs" 13 8 13 11 @@ -36,7 +36,7 @@ module M_nonreturning__g [#"nonreturning.rs" 11 0 11 17] meta "compute_max_steps" 1000000 - let rec g'0 (b:bool) (return' (ret:()))= (! bb0 + let rec g'0[#"nonreturning.rs" 11 0 11 17] (b:bool) (return' (ret:()))= (! bb0 [ bb0 = any [ br0 -> {b = false} (! bb2) | br1 -> {b} (! bb1) ] | bb1 = s0 [ s0 = f'0 {[%#snonreturning0] ()} (fun (_ret':()) -> [ &_5 <- _ret' ] s1) diff --git a/creusot/tests/should_succeed/bug/two_phase.coma b/creusot/tests/should_succeed/bug/two_phase.coma index c5adbaa3b..5d6e13629 100644 --- a/creusot/tests/should_succeed/bug/two_phase.coma +++ b/creusot/tests/should_succeed/bug/two_phase.coma @@ -85,7 +85,7 @@ module M_two_phase__test [#"two_phase.rs" 6 0 6 31] meta "compute_max_steps" 1000000 - let rec test'0 (v:borrowed (t_Vec'0)) (return' (ret:()))= (! bb0 + let rec test'0[#"two_phase.rs" 6 0 6 31] (v:borrowed (t_Vec'0)) (return' (ret:()))= (! bb0 [ bb0 = s0 [ s0 = Borrow.borrow_final {v.current} {Borrow.get_id v} (fun (_ret':borrowed (t_Vec'0)) -> [ &_4 <- _ret' ] [ &v <- { v with current = _ret'.final } ] s1) diff --git a/creusot/tests/should_succeed/cc/array.coma b/creusot/tests/should_succeed/cc/array.coma index 75f935b70..f0581db18 100644 --- a/creusot/tests/should_succeed/cc/array.coma +++ b/creusot/tests/should_succeed/cc/array.coma @@ -349,7 +349,7 @@ module M_array__test_array [#"array.rs" 3 0 3 19] meta "compute_max_steps" 1000000 - let rec test_array'0 (_1:()) (return' (ret:()))= (! bb0 + let rec test_array'0[#"array.rs" 3 0 3 19] (_1:()) (return' (ret:()))= (! bb0 [ bb0 = s0 [ s0 = promoted5__test_array'0 (fun (pr5:array int32) -> [ &_121 <- pr5 ] s1) | s1 = iter'0 {_121} (fun (_ret':t_Iter'0) -> [ &a <- _ret' ] s2) diff --git a/creusot/tests/should_succeed/cc/iter.coma b/creusot/tests/should_succeed/cc/iter.coma index ddb4b17c1..f1d6054aa 100644 --- a/creusot/tests/should_succeed/cc/iter.coma +++ b/creusot/tests/should_succeed/cc/iter.coma @@ -215,7 +215,7 @@ module M_iter__test_mut_ref [#"iter.rs" 3 0 3 21] meta "compute_max_steps" 1000000 - let rec test_mut_ref'0 (_1:()) (return' (ret:()))= (! bb0 + let rec test_mut_ref'0[#"iter.rs" 3 0 3 21] (_1:()) (return' (ret:()))= (! bb0 [ bb0 = s0 [ s0 = promoted3__test_mut_ref'0 (fun (pr3:array int32) -> [ &_78 <- pr3 ] s1) | s1 = iter'0 {_78} (fun (_ret':t_Iter'0) -> [ &a <- _ret' ] s2) diff --git a/creusot/tests/should_succeed/cell/01.coma b/creusot/tests/should_succeed/cell/01.coma index a31161d15..0d3029f4a 100644 --- a/creusot/tests/should_succeed/cell/01.coma +++ b/creusot/tests/should_succeed/cell/01.coma @@ -50,7 +50,7 @@ module M_01__adds_two [#"01.rs" 40 0 40 36] meta "compute_max_steps" 1000000 - let rec adds_two'0 (c:t_Cell'0) (return' (ret:()))= (! bb0 + let rec adds_two'0[#"01.rs" 40 0 40 36] (c:t_Cell'0) (return' (ret:()))= (! bb0 [ bb0 = s0 [ s0 = get'0 {c} (fun (_ret':uint32) -> [ &v <- _ret' ] s1) | s1 = bb1 ] | bb1 = s0 [ s0 = UInt32.lt {v} {[%#s010] (100000 : uint32)} (fun (_ret':bool) -> [ &_4 <- _ret' ] s1) diff --git a/creusot/tests/should_succeed/cell/02.coma b/creusot/tests/should_succeed/cell/02.coma index 183ebd43f..277ee6b5f 100644 --- a/creusot/tests/should_succeed/cell/02.coma +++ b/creusot/tests/should_succeed/cell/02.coma @@ -243,7 +243,7 @@ module M_02__fib_memo [#"02.rs" 95 0 95 50] meta "compute_max_steps" 1000000 - let rec fib_memo'0 (mem:t_Vec'0) (i:usize) (return' (ret:usize))= {[@expl:fib_memo requires #0] [%#s029] fib_cell'0 mem} + let rec fib_memo'0[#"02.rs" 95 0 95 50] (mem:t_Vec'0) (i:usize) (return' (ret:usize))= {[@expl:fib_memo requires #0] [%#s029] fib_cell'0 mem} {[@expl:fib_memo requires #1] [%#s0210] UIntSize.to_int i < Seq.length (view'0 mem)} {[@expl:fib_memo requires #2] [%#s0211] UIntSize.to_int i <= 63} (! bb0 diff --git a/creusot/tests/should_succeed/checked_ops.coma b/creusot/tests/should_succeed/checked_ops.coma index 8fd3732e4..60efe8c96 100644 --- a/creusot/tests/should_succeed/checked_ops.coma +++ b/creusot/tests/should_succeed/checked_ops.coma @@ -162,7 +162,7 @@ module M_checked_ops__test_u8_add_example [#"checked_ops.rs" 5 0 5 28] meta "compute_max_steps" 1000000 - let rec test_u8_add_example'0 (_1:()) (return' (ret:()))= (! bb0 + let rec test_u8_add_example'0[#"checked_ops.rs" 5 0 5 28] (_1:()) (return' (ret:()))= (! bb0 [ bb0 = s0 [ s0 = checked_add'0 {[%#schecked_ops0] (5 : uint8)} {[%#schecked_ops1] (10 : uint8)} (fun (_ret':t_Option'0) -> [ &_4 <- _ret' ] s1) @@ -411,7 +411,7 @@ module M_checked_ops__test_u8_add_overflow [#"checked_ops.rs" 23 0 23 34] meta "compute_max_steps" 1000000 - let rec test_u8_add_overflow'0 (a:uint8) (return' (ret:()))= {[@expl:test_u8_add_overflow requires] [%#schecked_ops12] UInt8.to_int a + let rec test_u8_add_overflow'0[#"checked_ops.rs" 23 0 23 34] (a:uint8) (return' (ret:()))= {[@expl:test_u8_add_overflow requires] [%#schecked_ops12] UInt8.to_int a <> 0} (! bb0 [ bb0 = s0 @@ -525,7 +525,7 @@ module M_checked_ops__test_u8_wrapping_add [#"checked_ops.rs" 34 0 34 47] meta "compute_max_steps" 1000000 - let rec test_u8_wrapping_add'0 (a:uint8) (b:uint8) (return' (ret:uint8))= (! bb0 + let rec test_u8_wrapping_add'0[#"checked_ops.rs" 34 0 34 47] (a:uint8) (b:uint8) (return' (ret:uint8))= (! bb0 [ bb0 = s0 [ s0 = wrapping_add'0 {a} {b} (fun (_ret':uint8) -> [ &_0 <- _ret' ] s1) | s1 = bb1 ] | bb1 = return' {_0} ] ) [ & _0 : uint8 = any_l () | & a : uint8 = a | & b : uint8 = b ] @@ -641,7 +641,7 @@ module M_checked_ops__test_u8_overflowing_add [#"checked_ops.rs" 39 0 39 44] meta "compute_max_steps" 1000000 - let rec test_u8_overflowing_add'0 (a:uint8) (b:uint8) (return' (ret:()))= (! bb0 + let rec test_u8_overflowing_add'0[#"checked_ops.rs" 39 0 39 44] (a:uint8) (b:uint8) (return' (ret:()))= (! bb0 [ bb0 = s0 [ s0 = overflowing_add'0 {a} {b} (fun (_ret':(uint8, bool)) -> [ &_6 <- _ret' ] s1) | s1 = bb1 ] | bb1 = s0 [ s0 = wrapping_add'0 {a} {b} (fun (_ret':uint8) -> [ &_9 <- _ret' ] s1) | s1 = bb2 ] | bb2 = s0 @@ -835,7 +835,7 @@ module M_checked_ops__test_u8_sub_example [#"checked_ops.rs" 45 0 45 28] meta "compute_max_steps" 1000000 - let rec test_u8_sub_example'0 (_1:()) (return' (ret:()))= (! bb0 + let rec test_u8_sub_example'0[#"checked_ops.rs" 45 0 45 28] (_1:()) (return' (ret:()))= (! bb0 [ bb0 = s0 [ s0 = checked_sub'0 {[%#schecked_ops0] (5 : uint8)} {[%#schecked_ops1] (10 : uint8)} (fun (_ret':t_Option'0) -> [ &_4 <- _ret' ] s1) @@ -1086,7 +1086,7 @@ module M_checked_ops__test_u8_sub_overflow [#"checked_ops.rs" 63 0 63 34] meta "compute_max_steps" 1000000 - let rec test_u8_sub_overflow'0 (a:uint8) (return' (ret:()))= {[@expl:test_u8_sub_overflow requires] [%#schecked_ops14] UInt8.to_int a + let rec test_u8_sub_overflow'0[#"checked_ops.rs" 63 0 63 34] (a:uint8) (return' (ret:()))= {[@expl:test_u8_sub_overflow requires] [%#schecked_ops14] UInt8.to_int a <> 0} (! bb0 [ bb0 = s0 @@ -1203,7 +1203,7 @@ module M_checked_ops__test_u8_wrapping_sub [#"checked_ops.rs" 74 0 74 47] meta "compute_max_steps" 1000000 - let rec test_u8_wrapping_sub'0 (a:uint8) (b:uint8) (return' (ret:uint8))= (! bb0 + let rec test_u8_wrapping_sub'0[#"checked_ops.rs" 74 0 74 47] (a:uint8) (b:uint8) (return' (ret:uint8))= (! bb0 [ bb0 = s0 [ s0 = wrapping_sub'0 {a} {b} (fun (_ret':uint8) -> [ &_0 <- _ret' ] s1) | s1 = bb1 ] | bb1 = return' {_0} ] ) [ & _0 : uint8 = any_l () | & a : uint8 = a | & b : uint8 = b ] @@ -1319,7 +1319,7 @@ module M_checked_ops__test_u8_overflowing_sub [#"checked_ops.rs" 79 0 79 44] meta "compute_max_steps" 1000000 - let rec test_u8_overflowing_sub'0 (a:uint8) (b:uint8) (return' (ret:()))= (! bb0 + let rec test_u8_overflowing_sub'0[#"checked_ops.rs" 79 0 79 44] (a:uint8) (b:uint8) (return' (ret:()))= (! bb0 [ bb0 = s0 [ s0 = overflowing_sub'0 {a} {b} (fun (_ret':(uint8, bool)) -> [ &_6 <- _ret' ] s1) | s1 = bb1 ] | bb1 = s0 [ s0 = wrapping_sub'0 {a} {b} (fun (_ret':uint8) -> [ &_9 <- _ret' ] s1) | s1 = bb2 ] | bb2 = s0 @@ -1513,7 +1513,7 @@ module M_checked_ops__test_u8_mul_example [#"checked_ops.rs" 85 0 85 28] meta "compute_max_steps" 1000000 - let rec test_u8_mul_example'0 (_1:()) (return' (ret:()))= (! bb0 + let rec test_u8_mul_example'0[#"checked_ops.rs" 85 0 85 28] (_1:()) (return' (ret:()))= (! bb0 [ bb0 = s0 [ s0 = checked_mul'0 {[%#schecked_ops0] (5 : uint8)} {[%#schecked_ops1] (10 : uint8)} (fun (_ret':t_Option'0) -> [ &_4 <- _ret' ] s1) @@ -1765,7 +1765,7 @@ module M_checked_ops__test_u8_mul_zero [#"checked_ops.rs" 102 0 102 30] meta "compute_max_steps" 1000000 - let rec test_u8_mul_zero'0 (a:uint8) (return' (ret:()))= (! bb0 + let rec test_u8_mul_zero'0[#"checked_ops.rs" 102 0 102 30] (a:uint8) (return' (ret:()))= (! bb0 [ bb0 = s0 [ s0 = checked_mul'0 {[%#schecked_ops0] (0 : uint8)} {a} (fun (_ret':t_Option'0) -> [ &_5 <- _ret' ] s1) | s1 = bb1 ] @@ -1932,7 +1932,7 @@ module M_checked_ops__test_u8_overflowing_mul [#"checked_ops.rs" 111 0 111 44] meta "compute_max_steps" 1000000 - let rec test_u8_overflowing_mul'0 (a:uint8) (b:uint8) (return' (ret:()))= (! bb0 + let rec test_u8_overflowing_mul'0[#"checked_ops.rs" 111 0 111 44] (a:uint8) (b:uint8) (return' (ret:()))= (! bb0 [ bb0 = s0 [ s0 = overflowing_mul'0 {a} {b} (fun (_ret':(uint8, bool)) -> [ &_6 <- _ret' ] s1) | s1 = bb1 ] | bb1 = s0 [ s0 = wrapping_mul'0 {a} {b} (fun (_ret':uint8) -> [ &_9 <- _ret' ] s1) | s1 = bb2 ] | bb2 = s0 @@ -2077,7 +2077,7 @@ module M_checked_ops__test_u8_div_example [#"checked_ops.rs" 117 0 117 28] meta "compute_max_steps" 1000000 - let rec test_u8_div_example'0 (_1:()) (return' (ret:()))= (! bb0 + let rec test_u8_div_example'0[#"checked_ops.rs" 117 0 117 28] (_1:()) (return' (ret:()))= (! bb0 [ bb0 = s0 [ s0 = checked_div'0 {[%#schecked_ops0] (5 : uint8)} {[%#schecked_ops1] (0 : uint8)} (fun (_ret':t_Option'0) -> [ &_4 <- _ret' ] s1) @@ -2246,7 +2246,7 @@ module M_checked_ops__test_u8_div_no_overflow [#"checked_ops.rs" 128 0 128 44] meta "compute_max_steps" 1000000 - let rec test_u8_div_no_overflow'0 (a:uint8) (b:uint8) (return' (ret:()))= {[@expl:test_u8_div_no_overflow requires] [%#schecked_ops9] UInt8.to_int b + let rec test_u8_div_no_overflow'0[#"checked_ops.rs" 128 0 128 44] (a:uint8) (b:uint8) (return' (ret:()))= {[@expl:test_u8_div_no_overflow requires] [%#schecked_ops9] UInt8.to_int b <> 0} (! bb0 [ bb0 = s0 [ s0 = checked_div'0 {a} {b} (fun (_ret':t_Option'0) -> [ &_7 <- _ret' ] s1) | s1 = bb1 ] @@ -2376,7 +2376,7 @@ module M_checked_ops__test_u8_div_zero [#"checked_ops.rs" 137 0 137 30] meta "compute_max_steps" 1000000 - let rec test_u8_div_zero'0 (a:uint8) (return' (ret:()))= (! bb0 + let rec test_u8_div_zero'0[#"checked_ops.rs" 137 0 137 30] (a:uint8) (return' (ret:()))= (! bb0 [ bb0 = s0 [ s0 = checked_div'0 {a} {[%#schecked_ops0] (0 : uint8)} (fun (_ret':t_Option'0) -> [ &_5 <- _ret' ] s1) | s1 = bb1 ] @@ -2565,7 +2565,7 @@ module M_checked_ops__test_i8_add_example [#"checked_ops.rs" 142 0 142 28] meta "compute_max_steps" 1000000 - let rec test_i8_add_example'0 (_1:()) (return' (ret:()))= (! bb0 + let rec test_i8_add_example'0[#"checked_ops.rs" 142 0 142 28] (_1:()) (return' (ret:()))= (! bb0 [ bb0 = s0 [ s0 = checked_add'0 {[%#schecked_ops0] (5 : int8)} {[%#schecked_ops1] (10 : int8)} (fun (_ret':t_Option'0) -> [ &_4 <- _ret' ] s1) @@ -2866,7 +2866,7 @@ module M_checked_ops__test_i8_add_overflow_pos [#"checked_ops.rs" 165 0 165 38] meta "compute_max_steps" 1000000 - let rec test_i8_add_overflow_pos'0 (a:int8) (return' (ret:()))= {[@expl:test_i8_add_overflow_pos requires] [%#schecked_ops14] Int8.to_int a + let rec test_i8_add_overflow_pos'0[#"checked_ops.rs" 165 0 165 38] (a:int8) (return' (ret:()))= {[@expl:test_i8_add_overflow_pos requires] [%#schecked_ops14] Int8.to_int a > 0} (! bb0 [ bb0 = s0 @@ -3061,7 +3061,7 @@ module M_checked_ops__test_i8_add_overflow_neg [#"checked_ops.rs" 175 0 175 38] meta "compute_max_steps" 1000000 - let rec test_i8_add_overflow_neg'0 (a:int8) (return' (ret:()))= {[@expl:test_i8_add_overflow_neg requires] [%#schecked_ops14] Int8.to_int a + let rec test_i8_add_overflow_neg'0[#"checked_ops.rs" 175 0 175 38] (a:int8) (return' (ret:()))= {[@expl:test_i8_add_overflow_neg requires] [%#schecked_ops14] Int8.to_int a < 0} (! bb0 [ bb0 = s0 @@ -3176,7 +3176,7 @@ module M_checked_ops__test_i8_wrapping_add [#"checked_ops.rs" 186 0 186 47] meta "compute_max_steps" 1000000 - let rec test_i8_wrapping_add'0 (a:int8) (b:int8) (return' (ret:int8))= (! bb0 + let rec test_i8_wrapping_add'0[#"checked_ops.rs" 186 0 186 47] (a:int8) (b:int8) (return' (ret:int8))= (! bb0 [ bb0 = s0 [ s0 = wrapping_add'0 {a} {b} (fun (_ret':int8) -> [ &_0 <- _ret' ] s1) | s1 = bb1 ] | bb1 = return' {_0} ] ) [ & _0 : int8 = any_l () | & a : int8 = a | & b : int8 = b ] @@ -3289,7 +3289,7 @@ module M_checked_ops__test_i8_overflowing_add [#"checked_ops.rs" 191 0 191 44] meta "compute_max_steps" 1000000 - let rec test_i8_overflowing_add'0 (a:int8) (b:int8) (return' (ret:()))= (! bb0 + let rec test_i8_overflowing_add'0[#"checked_ops.rs" 191 0 191 44] (a:int8) (b:int8) (return' (ret:()))= (! bb0 [ bb0 = s0 [ s0 = overflowing_add'0 {a} {b} (fun (_ret':(int8, bool)) -> [ &_6 <- _ret' ] s1) | s1 = bb1 ] | bb1 = s0 [ s0 = wrapping_add'0 {a} {b} (fun (_ret':int8) -> [ &_9 <- _ret' ] s1) | s1 = bb2 ] | bb2 = s0 @@ -3496,7 +3496,7 @@ module M_checked_ops__test_i8_sub_example [#"checked_ops.rs" 197 0 197 28] meta "compute_max_steps" 1000000 - let rec test_i8_sub_example'0 (_1:()) (return' (ret:()))= (! bb0 + let rec test_i8_sub_example'0[#"checked_ops.rs" 197 0 197 28] (_1:()) (return' (ret:()))= (! bb0 [ bb0 = s0 [ s0 = checked_sub'0 {[%#schecked_ops0] (5 : int8)} {[%#schecked_ops1] (10 : int8)} (fun (_ret':t_Option'0) -> [ &_4 <- _ret' ] s1) @@ -3801,7 +3801,7 @@ module M_checked_ops__test_i8_sub_overflow_pos [#"checked_ops.rs" 220 0 220 38] meta "compute_max_steps" 1000000 - let rec test_i8_sub_overflow_pos'0 (a:int8) (return' (ret:()))= {[@expl:test_i8_sub_overflow_pos requires] [%#schecked_ops14] Int8.to_int a + let rec test_i8_sub_overflow_pos'0[#"checked_ops.rs" 220 0 220 38] (a:int8) (return' (ret:()))= {[@expl:test_i8_sub_overflow_pos requires] [%#schecked_ops14] Int8.to_int a > 0} (! bb0 [ bb0 = s0 @@ -3996,7 +3996,7 @@ module M_checked_ops__test_i8_sub_overflow_neg [#"checked_ops.rs" 230 0 230 38] meta "compute_max_steps" 1000000 - let rec test_i8_sub_overflow_neg'0 (a:int8) (return' (ret:()))= {[@expl:test_i8_sub_overflow_neg requires] [%#schecked_ops14] Int8.to_int a + let rec test_i8_sub_overflow_neg'0[#"checked_ops.rs" 230 0 230 38] (a:int8) (return' (ret:()))= {[@expl:test_i8_sub_overflow_neg requires] [%#schecked_ops14] Int8.to_int a < 0} (! bb0 [ bb0 = s0 @@ -4115,7 +4115,7 @@ module M_checked_ops__test_i8_wrapping_sub [#"checked_ops.rs" 241 0 241 47] meta "compute_max_steps" 1000000 - let rec test_i8_wrapping_sub'0 (a:int8) (b:int8) (return' (ret:int8))= (! bb0 + let rec test_i8_wrapping_sub'0[#"checked_ops.rs" 241 0 241 47] (a:int8) (b:int8) (return' (ret:int8))= (! bb0 [ bb0 = s0 [ s0 = wrapping_sub'0 {a} {b} (fun (_ret':int8) -> [ &_0 <- _ret' ] s1) | s1 = bb1 ] | bb1 = return' {_0} ] ) [ & _0 : int8 = any_l () | & a : int8 = a | & b : int8 = b ] @@ -4228,7 +4228,7 @@ module M_checked_ops__test_i8_overflowing_sub [#"checked_ops.rs" 246 0 246 44] meta "compute_max_steps" 1000000 - let rec test_i8_overflowing_sub'0 (a:int8) (b:int8) (return' (ret:()))= (! bb0 + let rec test_i8_overflowing_sub'0[#"checked_ops.rs" 246 0 246 44] (a:int8) (b:int8) (return' (ret:()))= (! bb0 [ bb0 = s0 [ s0 = overflowing_sub'0 {a} {b} (fun (_ret':(int8, bool)) -> [ &_6 <- _ret' ] s1) | s1 = bb1 ] | bb1 = s0 [ s0 = wrapping_sub'0 {a} {b} (fun (_ret':int8) -> [ &_9 <- _ret' ] s1) | s1 = bb2 ] | bb2 = s0 @@ -4434,7 +4434,7 @@ module M_checked_ops__test_i8_mul_example [#"checked_ops.rs" 252 0 252 28] meta "compute_max_steps" 1000000 - let rec test_i8_mul_example'0 (_1:()) (return' (ret:()))= (! bb0 + let rec test_i8_mul_example'0[#"checked_ops.rs" 252 0 252 28] (_1:()) (return' (ret:()))= (! bb0 [ bb0 = s0 [ s0 = checked_mul'0 {[%#schecked_ops0] (5 : int8)} {[%#schecked_ops1] (10 : int8)} (fun (_ret':t_Option'0) -> [ &_4 <- _ret' ] s1) @@ -4736,7 +4736,7 @@ module M_checked_ops__test_i8_mul_zero [#"checked_ops.rs" 274 0 274 30] meta "compute_max_steps" 1000000 - let rec test_i8_mul_zero'0 (a:int8) (return' (ret:()))= (! bb0 + let rec test_i8_mul_zero'0[#"checked_ops.rs" 274 0 274 30] (a:int8) (return' (ret:()))= (! bb0 [ bb0 = s0 [ s0 = checked_mul'0 {[%#schecked_ops0] (0 : int8)} {a} (fun (_ret':t_Option'0) -> [ &_5 <- _ret' ] s1) | s1 = bb1 ] @@ -4898,7 +4898,7 @@ module M_checked_ops__test_i8_overflowing_mul [#"checked_ops.rs" 283 0 283 44] meta "compute_max_steps" 1000000 - let rec test_i8_overflowing_mul'0 (a:int8) (b:int8) (return' (ret:()))= (! bb0 + let rec test_i8_overflowing_mul'0[#"checked_ops.rs" 283 0 283 44] (a:int8) (b:int8) (return' (ret:()))= (! bb0 [ bb0 = s0 [ s0 = overflowing_mul'0 {a} {b} (fun (_ret':(int8, bool)) -> [ &_6 <- _ret' ] s1) | s1 = bb1 ] | bb1 = s0 [ s0 = wrapping_mul'0 {a} {b} (fun (_ret':int8) -> [ &_9 <- _ret' ] s1) | s1 = bb2 ] | bb2 = s0 @@ -5075,7 +5075,7 @@ module M_checked_ops__test_i8_div_example [#"checked_ops.rs" 289 0 289 28] meta "compute_max_steps" 1000000 - let rec test_i8_div_example'0 (_1:()) (return' (ret:()))= (! bb0 + let rec test_i8_div_example'0[#"checked_ops.rs" 289 0 289 28] (_1:()) (return' (ret:()))= (! bb0 [ bb0 = s0 [ s0 = checked_div'0 {[%#schecked_ops0] (5 : int8)} {[%#schecked_ops1] (0 : int8)} (fun (_ret':t_Option'0) -> [ &_4 <- _ret' ] s1) @@ -5355,7 +5355,7 @@ module M_checked_ops__test_i8_div_no_overflow [#"checked_ops.rs" 313 0 313 44] meta "compute_max_steps" 1000000 - let rec test_i8_div_no_overflow'0 (a:int8) (b:int8) (return' (ret:()))= {[@expl:test_i8_div_no_overflow requires] [%#schecked_ops9] Int8.to_int b + let rec test_i8_div_no_overflow'0[#"checked_ops.rs" 313 0 313 44] (a:int8) (b:int8) (return' (ret:()))= {[@expl:test_i8_div_no_overflow requires] [%#schecked_ops9] Int8.to_int b <> 0 /\ (Int8.to_int a <> - 128 \/ Int8.to_int b <> - 1)} (! bb0 @@ -5534,7 +5534,7 @@ module M_checked_ops__test_i8_div_zero [#"checked_ops.rs" 322 0 322 30] meta "compute_max_steps" 1000000 - let rec test_i8_div_zero'0 (a:int8) (return' (ret:()))= (! bb0 + let rec test_i8_div_zero'0[#"checked_ops.rs" 322 0 322 30] (a:int8) (return' (ret:()))= (! bb0 [ bb0 = s0 [ s0 = checked_div'0 {a} {[%#schecked_ops0] (0 : int8)} (fun (_ret':t_Option'0) -> [ &_5 <- _ret' ] s1) | s1 = bb1 ] diff --git a/creusot/tests/should_succeed/clones/01.coma b/creusot/tests/should_succeed/clones/01.coma index a383b99ff..1edc5e50f 100644 --- a/creusot/tests/should_succeed/clones/01.coma +++ b/creusot/tests/should_succeed/clones/01.coma @@ -3,9 +3,9 @@ module M_01__func1 [#"01.rs" 6 0 6 10] meta "compute_max_steps" 1000000 - let rec func1'0 (_1:()) (return' (ret:()))= (! bb0 [ bb0 = return' {_0} ] ) [ & _0 : () = any_l () ] - [ return' (result:())-> (! return' {result}) ] - + let rec func1'0[#"01.rs" 6 0 6 10] (_1:()) (return' (ret:()))= (! bb0 [ bb0 = return' {_0} ] ) + [ & _0 : () = any_l () ] + [ return' (result:())-> (! return' {result}) ] end module M_01__func2 [#"01.rs" 8 0 8 10] let%span s010 = "01.rs" 9 4 9 11 @@ -16,7 +16,7 @@ module M_01__func2 [#"01.rs" 8 0 8 10] meta "compute_max_steps" 1000000 - let rec func2'0 (_1:()) (return' (ret:()))= (! bb0 + let rec func2'0[#"01.rs" 8 0 8 10] (_1:()) (return' (ret:()))= (! bb0 [ bb0 = s0 [ s0 = func1'0 {[%#s010] ()} (fun (_ret':()) -> [ &_0 <- _ret' ] s1) | s1 = bb1 ] | bb1 = return' {_0} ] ) [ & _0 : () = any_l () ] [ return' (result:())-> (! return' {result}) ] @@ -30,7 +30,7 @@ module M_01__func3 [#"01.rs" 12 0 12 14] meta "compute_max_steps" 1000000 - let rec func3'0 (_1:()) (return' (ret:()))= (! bb0 + let rec func3'0[#"01.rs" 12 0 12 14] (_1:()) (return' (ret:()))= (! bb0 [ bb0 = s0 [ s0 = func2'0 {[%#s010] ()} (fun (_ret':()) -> [ &_0 <- _ret' ] s1) | s1 = bb1 ] | bb1 = return' {_0} ] ) [ & _0 : () = any_l () ] [ return' (result:())-> (! return' {result}) ] diff --git a/creusot/tests/should_succeed/clones/02.coma b/creusot/tests/should_succeed/clones/02.coma index b44d7453a..833c71bed 100644 --- a/creusot/tests/should_succeed/clones/02.coma +++ b/creusot/tests/should_succeed/clones/02.coma @@ -14,7 +14,7 @@ module M_02__program [#"02.rs" 20 0 20 16] meta "compute_max_steps" 1000000 - let rec program'0 (_1:()) (return' (ret:()))= {[@expl:program requires] [%#s020] uses_simple'0 ()} + let rec program'0[#"02.rs" 20 0 20 16] (_1:()) (return' (ret:()))= {[@expl:program requires] [%#s020] uses_simple'0 ()} (! bb0 [ bb0 = return' {_0} ] ) [ & _0 : () = any_l () ] [ return' (result:())-> {[@expl:program ensures] [%#s021] simple'0 ()} (! return' {result}) ] diff --git a/creusot/tests/should_succeed/clones/03.coma b/creusot/tests/should_succeed/clones/03.coma index 37230209c..8587f0f3b 100644 --- a/creusot/tests/should_succeed/clones/03.coma +++ b/creusot/tests/should_succeed/clones/03.coma @@ -18,7 +18,7 @@ module M_03__prog [#"03.rs" 11 0 11 16] meta "compute_max_steps" 1000000 - let rec prog'0 (x:t_T'0) (return' (ret:()))= {[@expl:prog 'x' type invariant] [%#s030] inv'0 x} + let rec prog'0[#"03.rs" 11 0 11 16] (x:t_T'0) (return' (ret:()))= {[@expl:prog 'x' type invariant] [%#s030] inv'0 x} (! bb0 [ bb0 = s0 [ s0 = {[@expl:type invariant] inv'0 x} s1 | s1 = -{resolve'0 x}- s2 | s2 = bb1 ] | bb1 = bb2 @@ -55,7 +55,7 @@ module M_03__prog2 [#"03.rs" 14 0 14 14] meta "compute_max_steps" 1000000 - let rec prog2'0 (_1:()) (return' (ret:()))= (! bb0 + let rec prog2'0[#"03.rs" 14 0 14 14] (_1:()) (return' (ret:()))= (! bb0 [ bb0 = s0 [ s0 = prog'0 {[%#s030] (0 : int32)} (fun (_ret':()) -> [ &_2 <- _ret' ] s1) | s1 = bb1 ] | bb1 = return' {_0} ] ) [ & _0 : () = any_l () | & _2 : () = any_l () ] @@ -75,7 +75,7 @@ module M_03__prog3 [#"03.rs" 19 0 19 14] meta "compute_max_steps" 1000000 - let rec prog3'0 (_1:()) (return' (ret:()))= (! bb0 [ bb0 = return' {_0} ] ) [ & _0 : () = any_l () ] - [ return' (result:())-> {[@expl:prog3 ensures] [%#s030] omg'0 (0, 0)} (! return' {result}) ] - + let rec prog3'0[#"03.rs" 19 0 19 14] (_1:()) (return' (ret:()))= (! bb0 [ bb0 = return' {_0} ] ) + [ & _0 : () = any_l () ] + [ return' (result:())-> {[@expl:prog3 ensures] [%#s030] omg'0 (0, 0)} (! return' {result}) ] end diff --git a/creusot/tests/should_succeed/clones/04.coma b/creusot/tests/should_succeed/clones/04.coma index 85f601db3..995a8ed6d 100644 --- a/creusot/tests/should_succeed/clones/04.coma +++ b/creusot/tests/should_succeed/clones/04.coma @@ -21,6 +21,6 @@ module M_04__f [#"04.rs" 21 0 21 16] meta "compute_max_steps" 1000000 - let rec f'0 (x:uint32) (return' (ret:()))= {[@expl:f requires] [%#s040] c'0 x} + let rec f'0[#"04.rs" 21 0 21 16] (x:uint32) (return' (ret:()))= {[@expl:f requires] [%#s040] c'0 x} (! bb0 [ bb0 = return' {_0} ] ) [ & _0 : () = any_l () ] [ return' (result:())-> (! return' {result}) ] end diff --git a/creusot/tests/should_succeed/closures/01_basic.coma b/creusot/tests/should_succeed/closures/01_basic.coma index 15f05879a..be5a0b999 100644 --- a/creusot/tests/should_succeed/closures/01_basic.coma +++ b/creusot/tests/should_succeed/closures/01_basic.coma @@ -8,13 +8,13 @@ module M_01_basic__uses_closure [#"01_basic.rs" 6 0 6 21] type closure0'1 = { field_0'0: bool } - let rec closure0'0 (_1:closure0'1) (return' (ret:bool))= (! bb0 + let rec closure0'0[#"01_basic.rs" 8 14 8 16] [@coma:extspec] (_1:closure0'1) (return' (ret:bool))= bb0 [ bb0 = s0 [ s0 = [ &_0 <- _1.field_0'0 ] s1 | s1 = return' {_0} ] ] - ) [ & _0 : bool = any_l () | & _1 : closure0'1 = _1 ] [ return' (result:bool)-> (! return' {result}) ] + [ & _0 : bool = any_l () | & _1 : closure0'1 = _1 ] [ return' (result:bool)-> return' {result} ] meta "compute_max_steps" 1000000 - let rec uses_closure'0 (_1:()) (return' (ret:()))= (! bb0 + let rec uses_closure'0[#"01_basic.rs" 6 0 6 21] (_1:()) (return' (ret:()))= (! bb0 [ bb0 = s0 [ s0 = [ &y <- [%#s01_basic0] true ] s1 | s1 = [ &_4 <- { field_0'0 = y } ] s2 @@ -40,15 +40,13 @@ module M_01_basic__multi_arg [#"01_basic.rs" 11 0 11 18] use prelude.prelude.Borrow - let rec closure0'0 (_1:()) (a:int32) (b:int32) (return' (ret:int32))= (! bb0 + let rec closure0'0[#"01_basic.rs" 12 12 12 18] [@coma:extspec] (_1:()) (a:int32) (b:int32) (return' (ret:int32))= bb0 [ bb0 = s0 [ s0 = Int32.add {a} {b} (fun (_ret':int32) -> [ &_0 <- _ret' ] s1) | s1 = return' {_0} ] ] - ) [ & _0 : int32 = any_l () | & a : int32 = a | & b : int32 = b ] - [ return' (result:int32)-> (! return' {result}) ] - + [ & _0 : int32 = any_l () | & a : int32 = a | & b : int32 = b ] [ return' (result:int32)-> return' {result} ] meta "compute_max_steps" 1000000 - let rec multi_arg'0 (_1:()) (return' (ret:()))= (! bb0 + let rec multi_arg'0[#"01_basic.rs" 11 0 11 18] (_1:()) (return' (ret:()))= (! bb0 [ bb0 = s0 [ s0 = [ &x <- () ] s1 | s1 = [ &_4 <- (([%#s01_basic0] (0 : int32)), ([%#s01_basic1] (3 : int32))) ] s2 @@ -88,8 +86,7 @@ module M_01_basic__move_closure [#"01_basic.rs" 18 0 18 21] use prelude.prelude.Intrinsic - predicate postcondition_once'0 (self : closure0'1) (args : ()) (result : ()) = - let () = args in true + predicate postcondition_once'0 (self : closure0'1) (args : ()) (result : ()) predicate resolve'4 (self : borrowed int32) = [%#sresolve2] self.final = self.current @@ -103,8 +100,21 @@ module M_01_basic__move_closure [#"01_basic.rs" 18 0 18 21] predicate unnest'0 (self : closure0'1) (_2 : closure0'1) = true + let rec closure0'0[#"01_basic.rs" 21 16 21 23] [@coma:extspec] (_1:borrowed closure0'1) (return' (ret:()))= bb0 + [ bb0 = s0 + [ s0 = Int32.add {((_1.current).field_0'0).current} {[%#s01_basic1] (1 : int32)} + (fun (_ret':int32) -> + [ &_1 <- { _1 with current = { field_0'0 = { (_1.current).field_0'0 with current = _ret' } } } ] + s1) + | s1 = -{resolve'1 _1}- s2 + | s2 = return' {_0} ] + ] + [ & _0 : () = any_l () | & _1 : borrowed closure0'1 = _1 ] [ return' (result:())-> return' {result} ] + predicate postcondition_mut'0 (self : closure0'1) (args : ()) (result_state : closure0'1) (result : ()) = - (let () = args in true) /\ unnest'0 self result_state + (let () = args in exists __bor_self : borrowed closure0'1 . closure0'0'post'return' __bor_self result + /\ __bor_self.current = self /\ __bor_self.final = result_state) + /\ unnest'0 self result_state function fn_mut_once'0 (self : closure0'1) (args : ()) (res : ()) : () @@ -125,22 +135,9 @@ module M_01_basic__move_closure [#"01_basic.rs" 18 0 18 21] axiom postcondition_mut_unnest'0_spec : forall self : closure0'1, args : (), res_state : closure0'1, res : () . ([%#sops3] postcondition_mut'0 self args res_state res) -> ([%#sops4] unnest'0 self res_state) - let rec closure0'0 (_1:borrowed closure0'1) (return' (ret:()))= (! bb0 - [ bb0 = s0 - [ s0 = Int32.add {((_1.current).field_0'0).current} {[%#s01_basic1] (1 : int32)} - (fun (_ret':int32) -> - [ &_1 <- { _1 with current = { field_0'0 = { (_1.current).field_0'0 with current = _ret' } } } ] - s1) - | s1 = -{resolve'1 _1}- s2 - | s2 = return' {_0} ] - ] - ) [ & _0 : () = any_l () | & _1 : borrowed closure0'1 = _1 ] - [ return' (result:())-> {[@expl:closure unnest] unnest'0 _1.current _1.final} (! return' {result}) ] - - meta "compute_max_steps" 1000000 - let rec move_closure'0 (_1:()) (return' (ret:()))= (! bb0 + let rec move_closure'0[#"01_basic.rs" 18 0 18 21] (_1:()) (return' (ret:()))= (! bb0 [ bb0 = s0 [ s0 = [ &_2 <- [%#s01_basic0] (0 : int32) ] s1 | s1 = Borrow.borrow_mut {_2} (fun (_ret':borrowed int32) -> [ &a <- _ret' ] [ &_2 <- _ret'.final ] s2) @@ -212,8 +209,7 @@ module M_01_basic__move_mut [#"01_basic.rs" 34 0 34 17] use prelude.prelude.Intrinsic - predicate postcondition_once'0 (self : closure0'1) (args : ()) (result : ()) = - let () = args in true + predicate postcondition_once'0 (self : closure0'1) (args : ()) (result : ()) predicate resolve'0 (_1 : closure0'1) = resolve'1 _1.field_0'0 @@ -221,8 +217,32 @@ module M_01_basic__move_mut [#"01_basic.rs" 34 0 34 17] predicate unnest'0 (self : closure0'1) (_2 : closure0'1) = true + let rec closure0'0[#"01_basic.rs" 37 16 37 23] [@coma:extspec] (_1:borrowed closure0'1) (return' (ret:()))= bb0 + [ bb0 = s0 [ s0 = new_ref'0 {[%#s01_basic1] ()} (fun (_ret':borrowed uint32) -> [ &_3 <- _ret' ] s1) | s1 = bb1 ] + | bb1 = s0 + [ s0 = Borrow.borrow_final {_3.current} {Borrow.get_id _3} + (fun (_ret':borrowed uint32) -> [ &_2 <- _ret' ] [ &_3 <- { _3 with current = _ret'.final } ] s1) + | s1 = -{match _1 with + | {current = {field_0'0 = x'0}} -> resolve'1 x'0 + | _ -> true + end}- + s2 + | s2 = [ &_1 <- { _1 with current = { field_0'0 = _2 } } ] s3 + | s3 = -{resolve'2 _1}- s4 + | s4 = -{resolve'1 _3}- s5 + | s5 = return' {_0} ] + ] + + [ & _0 : () = any_l () + | & _1 : borrowed closure0'1 = _1 + | & _2 : borrowed uint32 = any_l () + | & _3 : borrowed uint32 = any_l () ] + [ return' (result:())-> return' {result} ] + predicate postcondition_mut'0 (self : closure0'1) (args : ()) (result_state : closure0'1) (result : ()) = - (let () = args in true) /\ unnest'0 self result_state + (let () = args in exists __bor_self : borrowed closure0'1 . closure0'0'post'return' __bor_self result + /\ __bor_self.current = self /\ __bor_self.final = result_state) + /\ unnest'0 self result_state function fn_mut_once'0 (self : closure0'1) (args : ()) (res : ()) : () @@ -243,31 +263,9 @@ module M_01_basic__move_mut [#"01_basic.rs" 34 0 34 17] axiom postcondition_mut_unnest'0_spec : forall self : closure0'1, args : (), res_state : closure0'1, res : () . ([%#sops4] postcondition_mut'0 self args res_state res) -> ([%#sops5] unnest'0 self res_state) - let rec closure0'0 (_1:borrowed closure0'1) (return' (ret:()))= (! bb0 - [ bb0 = s0 [ s0 = new_ref'0 {[%#s01_basic1] ()} (fun (_ret':borrowed uint32) -> [ &_3 <- _ret' ] s1) | s1 = bb1 ] - | bb1 = s0 - [ s0 = Borrow.borrow_final {_3.current} {Borrow.get_id _3} - (fun (_ret':borrowed uint32) -> [ &_2 <- _ret' ] [ &_3 <- { _3 with current = _ret'.final } ] s1) - | s1 = -{match _1 with - | {current = {field_0'0 = x'0}} -> resolve'1 x'0 - | _ -> true - end}- - s2 - | s2 = [ &_1 <- { _1 with current = { field_0'0 = _2 } } ] s3 - | s3 = -{resolve'2 _1}- s4 - | s4 = -{resolve'1 _3}- s5 - | s5 = return' {_0} ] - ] - ) - [ & _0 : () = any_l () - | & _1 : borrowed closure0'1 = _1 - | & _2 : borrowed uint32 = any_l () - | & _3 : borrowed uint32 = any_l () ] - [ return' (result:())-> {[@expl:closure unnest] unnest'0 _1.current _1.final} (! return' {result}) ] - meta "compute_max_steps" 1000000 - let rec move_mut'0 (_1:()) (return' (ret:()))= (! bb0 + let rec move_mut'0[#"01_basic.rs" 34 0 34 17] (_1:()) (return' (ret:()))= (! bb0 [ bb0 = s0 [ s0 = [ &_2 <- [%#s01_basic0] (0 : uint32) ] s1 | s1 = Borrow.borrow_mut {_2} diff --git a/creusot/tests/should_succeed/closures/02_nested.coma b/creusot/tests/should_succeed/closures/02_nested.coma index ad18d5f96..c18805b05 100644 --- a/creusot/tests/should_succeed/closures/02_nested.coma +++ b/creusot/tests/should_succeed/closures/02_nested.coma @@ -8,27 +8,27 @@ module M_02_nested__nested_closure [#"02_nested.rs" 3 0 3 23] type closure0'3 = { field_0'1: bool } - let rec closure0'2 (_1:closure0'3) (return' (ret:bool))= (! bb0 + let rec closure0'2[#"02_nested.rs" 6 18 6 20] [@coma:extspec] (_1:closure0'3) (return' (ret:bool))= bb0 [ bb0 = s0 [ s0 = [ &_0 <- _1.field_0'1 ] s1 | s1 = return' {_0} ] ] - ) [ & _0 : bool = any_l () | & _1 : closure0'3 = _1 ] [ return' (result:bool)-> (! return' {result}) ] + [ & _0 : bool = any_l () | & _1 : closure0'3 = _1 ] [ return' (result:bool)-> return' {result} ] type closure0'1 = { field_0'0: bool } - let rec closure0'0 (_1:closure0'1) (return' (ret:bool))= (! bb0 + let rec closure0'0[#"02_nested.rs" 5 14 5 16] [@coma:extspec] (_1:closure0'1) (return' (ret:bool))= bb0 [ bb0 = s0 [ s0 = [ &omg <- { field_0'1 = _1.field_0'0 } ] s1 | s1 = closure0'2 {omg} (fun (_ret':bool) -> [ &_0 <- _ret' ] s2) | s2 = bb1 ] | bb1 = return' {_0} ] - ) [ & _0 : bool = any_l () | & _1 : closure0'1 = _1 | & omg : closure0'3 = any_l () | & _5 : () = any_l () ] - [ return' (result:bool)-> (! return' {result}) ] + [ & _0 : bool = any_l () | & _1 : closure0'1 = _1 | & omg : closure0'3 = any_l () | & _5 : () = any_l () ] + [ return' (result:bool)-> return' {result} ] meta "compute_max_steps" 1000000 - let rec nested_closure'0 (_1:()) (return' (ret:()))= (! bb0 + let rec nested_closure'0[#"02_nested.rs" 3 0 3 23] (_1:()) (return' (ret:()))= (! bb0 [ bb0 = s0 [ s0 = [ &a <- [%#s02_nested0] true ] s1 | s1 = [ &_4 <- { field_0'0 = a } ] s2 diff --git a/creusot/tests/should_succeed/closures/03_generic_bound.coma b/creusot/tests/should_succeed/closures/03_generic_bound.coma index a7bd4df00..c69ea79f7 100644 --- a/creusot/tests/should_succeed/closures/03_generic_bound.coma +++ b/creusot/tests/should_succeed/closures/03_generic_bound.coma @@ -87,7 +87,7 @@ module M_03_generic_bound__closure_param [#"03_generic_bound.rs" 5 0 5 34] meta "compute_max_steps" 1000000 - let rec closure_param'0 (f:t_F'0) (return' (ret:()))= {[@expl:closure_param 'f' type invariant] [%#s03_generic_bound1] inv'0 f} + let rec closure_param'0[#"03_generic_bound.rs" 5 0 5 34] (f:t_F'0) (return' (ret:()))= {[@expl:closure_param 'f' type invariant] [%#s03_generic_bound1] inv'0 f} (! bb0 [ bb0 = s0 [ s0 = [ &_3 <- (([%#s03_generic_bound0] (0 : uint32))) ] s1 @@ -109,9 +109,9 @@ module M_03_generic_bound__caller [#"03_generic_bound.rs" 9 0 9 15] use prelude.prelude.UInt32 - let rec closure0'0 (_1:()) (_x:uint32) (return' (ret:()))= (! bb0 [ bb0 = return' {_0} ] ) [ & _0 : () = any_l () ] - [ return' (result:())-> (! return' {result}) ] - + let rec closure0'0[#"03_generic_bound.rs" 10 18 10 27] [@coma:extspec] (_1:()) (_x:uint32) (return' (ret:()))= bb0 + [ bb0 = return' {_0} ] + [ & _0 : () = any_l () ] [ return' (result:())-> return' {result} ] predicate inv'0 (_1 : ()) @@ -122,7 +122,7 @@ module M_03_generic_bound__caller [#"03_generic_bound.rs" 9 0 9 15] meta "compute_max_steps" 1000000 - let rec caller'0 (_1:()) (return' (ret:()))= (! bb0 + let rec caller'0[#"03_generic_bound.rs" 9 0 9 15] (_1:()) (return' (ret:()))= (! bb0 [ bb0 = s0 [ s0 = [ &_1 <- () ] s1 | s1 = closure_param'0 {_1} (fun (_ret':()) -> [ &_0 <- _ret' ] s2) | s2 = bb1 ] diff --git a/creusot/tests/should_succeed/closures/04_generic_closure.coma b/creusot/tests/should_succeed/closures/04_generic_closure.coma index 6b53f0b9d..352080243 100644 --- a/creusot/tests/should_succeed/closures/04_generic_closure.coma +++ b/creusot/tests/should_succeed/closures/04_generic_closure.coma @@ -90,7 +90,7 @@ module M_04_generic_closure__generic_closure [#"04_generic_closure.rs" 5 0 5 56] meta "compute_max_steps" 1000000 - let rec generic_closure'0 (f:t_F'0) (a:t_A'0) (return' (ret:t_B'0))= {[@expl:generic_closure 'f' type invariant] [%#s04_generic_closure0] inv'0 f} + let rec generic_closure'0[#"04_generic_closure.rs" 5 0 5 56] (f:t_F'0) (a:t_A'0) (return' (ret:t_B'0))= {[@expl:generic_closure 'f' type invariant] [%#s04_generic_closure0] inv'0 f} {[@expl:generic_closure 'a' type invariant] [%#s04_generic_closure1] inv'1 a} (! bb0 [ bb0 = s0 @@ -122,11 +122,10 @@ module M_04_generic_closure__mapper [#"04_generic_closure.rs" 9 0 9 22] use prelude.prelude.Intrinsic - let rec closure0'0 (_1:()) (_a:t_A'0) (return' (ret:()))= {[@expl:closure '_a' type invariant] [%#s04_generic_closure1] inv'0 _a} - (! bb0 + let rec closure0'0[#"04_generic_closure.rs" 10 28 10 32] [@coma:extspec] (_1:()) (_a:t_A'0) (return' (ret:()))= bb0 [ bb0 = s0 [ s0 = {[@expl:type invariant] inv'0 _a} s1 | s1 = -{resolve'0 _a}- s2 | s2 = bb1 ] | bb1 = return' {_0} ] - ) [ & _0 : () = any_l () | & _a : t_A'0 = _a ] [ return' (result:())-> (! return' {result}) ] + [ & _0 : () = any_l () | & _a : t_A'0 = _a ] [ return' (result:())-> return' {result} ] predicate inv'1 (_1 : ()) @@ -142,7 +141,7 @@ module M_04_generic_closure__mapper [#"04_generic_closure.rs" 9 0 9 22] meta "compute_max_steps" 1000000 - let rec mapper'0 (x:t_A'0) (return' (ret:()))= {[@expl:mapper 'x' type invariant] [%#s04_generic_closure0] inv'0 x} + let rec mapper'0[#"04_generic_closure.rs" 9 0 9 22] (x:t_A'0) (return' (ret:()))= {[@expl:mapper 'x' type invariant] [%#s04_generic_closure0] inv'0 x} (! bb0 [ bb0 = s0 [ s0 = [ &_3 <- () ] s1 | s1 = generic_closure'0 {_3} {x} (fun (_ret':()) -> [ &_2 <- _ret' ] s2) | s2 = bb1 ] diff --git a/creusot/tests/should_succeed/closures/05_map.coma b/creusot/tests/should_succeed/closures/05_map.coma index 60bec017b..6f9d8539c 100644 --- a/creusot/tests/should_succeed/closures/05_map.coma +++ b/creusot/tests/should_succeed/closures/05_map.coma @@ -159,7 +159,7 @@ module M_05_map__qyi6135204174218663437__next [#"05_map.rs" 20 4 20 44] (* (! return' {result}) ] - + let rec closure0'0[#"06_fn_specs.rs" 31 17 31 20] [@coma:extspec] (_1:()) (_2:usize) (return' (ret:()))= bb0 + [ bb0 = return' {_0} ] + [ & _0 : () = any_l () ] [ return' (result:())-> return' {result} ] predicate inv'0 (_1 : ()) axiom inv_axiom'0 [@rewrite] : forall x : () [inv'0 x] . inv'0 x = true predicate precondition'0 (self : ()) (args : usize) = - let (_2) = args in true + [%#s06_fn_specs2] let (_2) = args in closure0'0'pre self _2 let rec fn_once_user'0 (f:()) (return' (ret:()))= {[@expl:fn_once_user 'f' type invariant] [%#s06_fn_specs0] inv'0 f} {[@expl:fn_once_user requires] [%#s06_fn_specs1] precondition'0 f ((0 : usize))} @@ -321,7 +322,7 @@ module M_06_fn_specs__caller [#"06_fn_specs.rs" 30 0 30 15] meta "compute_max_steps" 1000000 - let rec caller'0 (_1:()) (return' (ret:()))= (! bb0 + let rec caller'0[#"06_fn_specs.rs" 30 0 30 15] (_1:()) (return' (ret:()))= (! bb0 [ bb0 = s0 [ s0 = [ &_1 <- () ] s1 | s1 = fn_once_user'0 {_1} (fun (_ret':()) -> [ &_0 <- _ret' ] s2) | s2 = bb1 ] diff --git a/creusot/tests/should_succeed/closures/07_mutable_capture.coma b/creusot/tests/should_succeed/closures/07_mutable_capture.coma index dcff658f6..e90ea2887 100644 --- a/creusot/tests/should_succeed/closures/07_mutable_capture.coma +++ b/creusot/tests/should_succeed/closures/07_mutable_capture.coma @@ -74,7 +74,7 @@ module M_07_mutable_capture__test_fnmut [#"07_mutable_capture.rs" 5 0 5 29] axiom postcondition_mut_unnest'0_spec : forall self : closure1'1, args : (), res_state : closure1'1, res : int32 . ([%#sops7] postcondition_mut'0 self args res_state res) -> ([%#sops8] unnest'0 self res_state) - let rec closure1'0 (_1:borrowed closure1'1) (return' (ret:int32))= {[@expl:closure requires] [%#s07_mutable_capture4] UInt32.to_int ((_1.current).field_0'0).current + let rec closure1'0[#"07_mutable_capture.rs" 8 8 8 37] (_1:borrowed closure1'1) (return' (ret:int32))= {[@expl:closure requires] [%#s07_mutable_capture4] UInt32.to_int ((_1.current).field_0'0).current < 1000000} (! bb0 [ bb0 = s0 @@ -99,7 +99,7 @@ module M_07_mutable_capture__test_fnmut [#"07_mutable_capture.rs" 5 0 5 29] meta "compute_max_steps" 1000000 - let rec test_fnmut'0 (x:uint32) (return' (ret:()))= {[@expl:test_fnmut requires] [%#s07_mutable_capture1] UInt32.to_int x + let rec test_fnmut'0[#"07_mutable_capture.rs" 5 0 5 29] (x:uint32) (return' (ret:()))= {[@expl:test_fnmut requires] [%#s07_mutable_capture1] UInt32.to_int x = 100000} (! bb0 [ bb0 = s0 diff --git a/creusot/tests/should_succeed/closures/08_multiple_calls.coma b/creusot/tests/should_succeed/closures/08_multiple_calls.coma index 8cdcc2274..68e86d2c5 100644 --- a/creusot/tests/should_succeed/closures/08_multiple_calls.coma +++ b/creusot/tests/should_succeed/closures/08_multiple_calls.coma @@ -54,7 +54,7 @@ module M_08_multiple_calls__multi_use [#"08_multiple_calls.rs" 4 0 4 26] axiom inv_axiom'1 [@rewrite] : forall x : closure0'1 [inv'1 x] . inv'1 x = invariant'1 x - let rec closure0'0 (_1:closure0'1) (return' (ret:uint32))= {[@expl:closure '_1' type invariant] inv'1 _1} + let rec closure0'0[#"08_multiple_calls.rs" 5 12 5 31] (_1:closure0'1) (return' (ret:uint32))= {[@expl:closure '_1' type invariant] inv'1 _1} {[@expl:closure requires] [%#s08_multiple_calls2] _1.field_0'0 = _1.field_0'0} (! bb0 [ bb0 = s0 @@ -164,7 +164,7 @@ module M_08_multiple_calls__multi_use [#"08_multiple_calls.rs" 4 0 4 26] meta "compute_max_steps" 1000000 - let rec multi_use'0 (x:t_T'0) (return' (ret:()))= {[@expl:multi_use 'x' type invariant] [%#s08_multiple_calls0] inv'0 x} + let rec multi_use'0[#"08_multiple_calls.rs" 4 0 4 26] (x:t_T'0) (return' (ret:()))= {[@expl:multi_use 'x' type invariant] [%#s08_multiple_calls0] inv'0 x} (! bb0 [ bb0 = s0 [ s0 = [ &c <- { field_0'0 = x } ] s1 | s1 = uses_fn'0 {c} (fun (_ret':()) -> [ &_4 <- _ret' ] s2) | s2 = bb1 ] diff --git a/creusot/tests/should_succeed/closures/09_fnonce_resolve.coma b/creusot/tests/should_succeed/closures/09_fnonce_resolve.coma index 49625e3dd..8cfba753f 100644 --- a/creusot/tests/should_succeed/closures/09_fnonce_resolve.coma +++ b/creusot/tests/should_succeed/closures/09_fnonce_resolve.coma @@ -40,7 +40,7 @@ module M_09_fnonce_resolve__f [#"09_fnonce_resolve.rs" 4 0 4 17] use prelude.prelude.Int - let rec closure0'0 (_1:closure0'1) (return' (ret:()))= {[@expl:closure requires] [%#s09_fnonce_resolve5] Int32.to_int (_1.field_1'0).current + let rec closure0'0[#"09_fnonce_resolve.rs" 10 4 10 49] (_1:closure0'1) (return' (ret:()))= {[@expl:closure requires] [%#s09_fnonce_resolve5] Int32.to_int (_1.field_1'0).current = 1 /\ Int32.to_int (_1.field_2'0).current = 1} (! bb0 @@ -88,7 +88,7 @@ module M_09_fnonce_resolve__f [#"09_fnonce_resolve.rs" 4 0 4 17] meta "compute_max_steps" 1000000 - let rec f'0 (c:bool) (return' (ret:()))= (! bb0 + let rec f'0[#"09_fnonce_resolve.rs" 4 0 4 17] (c:bool) (return' (ret:()))= (! bb0 [ bb0 = s0 [ s0 = [ &x <- [%#s09_fnonce_resolve0] (1 : int32) ] s1 | s1 = [ &y <- [%#s09_fnonce_resolve1] (1 : int32) ] s2 diff --git a/creusot/tests/should_succeed/closures/10_tyinv.coma b/creusot/tests/should_succeed/closures/10_tyinv.coma index 1c226e42a..21ca3d191 100644 --- a/creusot/tests/should_succeed/closures/10_tyinv.coma +++ b/creusot/tests/should_succeed/closures/10_tyinv.coma @@ -55,7 +55,7 @@ module M_10_tyinv__f [#"10_tyinv.rs" 14 0 14 35] axiom inv_axiom'2 [@rewrite] : forall x : closure1'1 [inv'2 x] . inv'2 x = invariant'2 x - let rec closure1'0 (_1:closure1'1) (return' (ret:uint32))= {[@expl:closure '_1' type invariant] inv'2 _1} + let rec closure1'0[#"10_tyinv.rs" 18 20 18 44] (_1:closure1'1) (return' (ret:uint32))= {[@expl:closure '_1' type invariant] inv'2 _1} (! bb0 [ bb0 = s0 [ s0 = {[@expl:assertion] [%#s10_tyinv4] UInt32.to_int (_1.field_0'1).t_Zero__0'0 = 0} s1 @@ -82,7 +82,7 @@ module M_10_tyinv__f [#"10_tyinv.rs" 14 0 14 35] axiom inv_axiom'1 [@rewrite] : forall x : closure0'1 [inv'1 x] . inv'1 x = invariant'1 x - let rec closure0'0 (_1:closure0'1) (return' (ret:uint32))= {[@expl:closure '_1' type invariant] inv'1 _1} + let rec closure0'0[#"10_tyinv.rs" 15 15 15 39] (_1:closure0'1) (return' (ret:uint32))= {[@expl:closure '_1' type invariant] inv'1 _1} (! bb0 [ bb0 = s0 [ s0 = {[@expl:assertion] [%#s10_tyinv2] UInt32.to_int (_1.field_0'0).t_Zero__0'0 = 0} s1 @@ -104,7 +104,7 @@ module M_10_tyinv__f [#"10_tyinv.rs" 14 0 14 35] meta "compute_max_steps" 1000000 - let rec f'0 (x:t_Zero'0) (y:t_Zero'0) (return' (ret:()))= {[@expl:f 'x' type invariant] [%#s10_tyinv0] inv'0 x} + let rec f'0[#"10_tyinv.rs" 14 0 14 35] (x:t_Zero'0) (y:t_Zero'0) (return' (ret:()))= {[@expl:f 'x' type invariant] [%#s10_tyinv0] inv'0 x} {[@expl:f 'y' type invariant] [%#s10_tyinv1] inv'0 y} (! bb0 [ bb0 = s0 diff --git a/creusot/tests/should_succeed/closures/11_proof_assert_in_closure.coma b/creusot/tests/should_succeed/closures/11_proof_assert_in_closure.coma index 139527487..6dc588473 100644 --- a/creusot/tests/should_succeed/closures/11_proof_assert_in_closure.coma +++ b/creusot/tests/should_succeed/closures/11_proof_assert_in_closure.coma @@ -12,7 +12,7 @@ module M_11_proof_assert_in_closure__immutable_capture [#"11_proof_assert_in_clo type closure0'1 = { field_0'0: int32 } - let rec closure0'0 (_1:closure0'1) (return' (ret:()))= {[@expl:closure requires] [%#s11_proof_assert_in_closure2] _1.field_0'0 + let rec closure0'0[#"11_proof_assert_in_closure.rs" 7 4 7 6] (_1:closure0'1) (return' (ret:()))= {[@expl:closure requires] [%#s11_proof_assert_in_closure2] _1.field_0'0 = (1 : int32)} (! bb0 [ bb0 = s0 @@ -22,7 +22,7 @@ module M_11_proof_assert_in_closure__immutable_capture [#"11_proof_assert_in_clo meta "compute_max_steps" 1000000 - let rec immutable_capture'0 (_1:()) (return' (ret:()))= (! bb0 + let rec immutable_capture'0[#"11_proof_assert_in_closure.rs" 4 0 4 26] (_1:()) (return' (ret:()))= (! bb0 [ bb0 = s0 [ s0 = [ &x <- [%#s11_proof_assert_in_closure0] (1 : int32) ] s1 | s1 = [ &_4 <- { field_0'0 = x } ] s2 @@ -105,7 +105,7 @@ module M_11_proof_assert_in_closure__mutable_capture [#"11_proof_assert_in_closu axiom postcondition_mut_unnest'0_spec : forall self : closure0'1, args : (), res_state : closure0'1, res : () . ([%#sops6] postcondition_mut'0 self args res_state res) -> ([%#sops7] unnest'0 self res_state) - let rec closure0'0 (_1:borrowed closure0'1) (return' (ret:()))= {[@expl:closure requires] [%#s11_proof_assert_in_closure4] ((_1.current).field_0'0).current + let rec closure0'0[#"11_proof_assert_in_closure.rs" 15 4 15 6] (_1:borrowed closure0'1) (return' (ret:()))= {[@expl:closure requires] [%#s11_proof_assert_in_closure4] ((_1.current).field_0'0).current = (1 : int32)} (! bb0 [ bb0 = s0 @@ -124,7 +124,7 @@ module M_11_proof_assert_in_closure__mutable_capture [#"11_proof_assert_in_closu meta "compute_max_steps" 1000000 - let rec mutable_capture'0 (_1:()) (return' (ret:()))= (! bb0 + let rec mutable_capture'0[#"11_proof_assert_in_closure.rs" 12 0 12 24] (_1:()) (return' (ret:()))= (! bb0 [ bb0 = s0 [ s0 = [ &x <- [%#s11_proof_assert_in_closure0] (1 : int32) ] s1 | s1 = Borrow.borrow_mut {x} (fun (_ret':borrowed int32) -> [ &_5 <- _ret' ] [ &x <- _ret'.final ] s2) @@ -217,7 +217,7 @@ module M_11_proof_assert_in_closure__captures_and_call [#"11_proof_assert_in_clo axiom postcondition_mut_unnest'0_spec : forall self : closure0'1, args : (), res_state : closure0'1, res : () . ([%#sops11] postcondition_mut'0 self args res_state res) -> ([%#sops12] unnest'0 self res_state) - let rec closure0'0 (_1:borrowed closure0'1) (return' (ret:()))= {[@expl:closure requires] [%#s11_proof_assert_in_closure5] ((_1.current).field_0'0).current + let rec closure0'0[#"11_proof_assert_in_closure.rs" 32 4 32 25] (_1:borrowed closure0'1) (return' (ret:()))= {[@expl:closure requires] [%#s11_proof_assert_in_closure5] ((_1.current).field_0'0).current = (1 : int32)} (! bb0 [ bb0 = s0 @@ -250,7 +250,7 @@ module M_11_proof_assert_in_closure__captures_and_call [#"11_proof_assert_in_clo meta "compute_max_steps" 1000000 - let rec captures_and_call'0 (_1:()) (return' (ret:()))= (! bb0 + let rec captures_and_call'0[#"11_proof_assert_in_closure.rs" 29 0 29 26] (_1:()) (return' (ret:()))= (! bb0 [ bb0 = s0 [ s0 = [ &x <- [%#s11_proof_assert_in_closure0] (1 : int32) ] s1 | s1 = Borrow.borrow_mut {x} (fun (_ret':borrowed int32) -> [ &_3 <- _ret' ] [ &x <- _ret'.final ] s2) diff --git a/creusot/tests/should_succeed/constrained_types.coma b/creusot/tests/should_succeed/constrained_types.coma index 4d3be16c1..6761fea34 100644 --- a/creusot/tests/should_succeed/constrained_types.coma +++ b/creusot/tests/should_succeed/constrained_types.coma @@ -179,7 +179,7 @@ module M_constrained_types__uses_concrete_instance [#"constrained_types.rs" 14 0 meta "compute_max_steps" 1000000 - let rec uses_concrete_instance'0 (x:(uint32, uint32)) (y:(uint32, uint32)) (return' (ret:bool))= (! bb0 + let rec uses_concrete_instance'0[#"constrained_types.rs" 14 0 14 67] (x:(uint32, uint32)) (y:(uint32, uint32)) (return' (ret:bool))= (! bb0 [ bb0 = s0 [ s0 = lt'0 {x} {y} (fun (_ret':bool) -> [ &_0 <- _ret' ] s1) | s1 = bb1 ] | bb1 = return' {_0} ] ) [ & _0 : bool = any_l () | & x : (uint32, uint32) = x | & y : (uint32, uint32) = y ] [ return' (result:bool)-> (! return' {result}) ] diff --git a/creusot/tests/should_succeed/drop_pair.coma b/creusot/tests/should_succeed/drop_pair.coma index 6d254fe0f..510629de1 100644 --- a/creusot/tests/should_succeed/drop_pair.coma +++ b/creusot/tests/should_succeed/drop_pair.coma @@ -25,7 +25,7 @@ module M_drop_pair__drop_pair [#"drop_pair.rs" 7 0 7 42] meta "compute_max_steps" 1000000 - let rec drop_pair'0 (_x:(borrowed uint32, borrowed uint32)) (return' (ret:()))= (! bb0 + let rec drop_pair'0[#"drop_pair.rs" 7 0 7 42] (_x:(borrowed uint32, borrowed uint32)) (return' (ret:()))= (! bb0 [ bb0 = s0 [ s0 = -{resolve'0 _x}- s1 | s1 = return' {_0} ] ] ) [ & _0 : () = any_l () | & _x : (borrowed uint32, borrowed uint32) = _x ] [ return' (result:())-> {[@expl:drop_pair ensures #0] [%#sdrop_pair0] resolve'0 _x} @@ -58,7 +58,7 @@ module M_drop_pair__drop_pair2 [#"drop_pair.rs" 9 0 9 42] meta "compute_max_steps" 1000000 - let rec drop_pair2'0 (x:(borrowed uint32, borrowed uint32)) (return' (ret:()))= (! bb0 + let rec drop_pair2'0[#"drop_pair.rs" 9 0 9 42] (x:(borrowed uint32, borrowed uint32)) (return' (ret:()))= (! bb0 [ bb0 = s0 [ s0 = -{resolve'0 x}- s1 | s1 = return' {_0} ] ] ) [ & _0 : () = any_l () | & x : (borrowed uint32, borrowed uint32) = x ] [ return' (result:())-> (! return' {result}) ] @@ -81,7 +81,7 @@ module M_drop_pair__drop [#"drop_pair.rs" 15 0 15 52] meta "compute_max_steps" 1000000 - let rec drop'0 (_x:borrowed uint32) (y:borrowed uint32) (return' (ret:()))= (! bb0 + let rec drop'0[#"drop_pair.rs" 15 0 15 52] (_x:borrowed uint32) (y:borrowed uint32) (return' (ret:()))= (! bb0 [ bb0 = s0 [ s0 = -{resolve'0 _x}- s1 | s1 = Borrow.borrow_final {y.current} {Borrow.get_id y} diff --git a/creusot/tests/should_succeed/duration.coma b/creusot/tests/should_succeed/duration.coma index a18fae485..9958779ee 100644 --- a/creusot/tests/should_succeed/duration.coma +++ b/creusot/tests/should_succeed/duration.coma @@ -262,7 +262,7 @@ module M_duration__test_duration [#"duration.rs" 7 0 7 22] meta "compute_max_steps" 1000000 - let rec test_duration'0 (_1:()) (return' (ret:()))= (! bb0 + let rec test_duration'0[#"duration.rs" 7 0 7 22] (_1:()) (return' (ret:()))= (! bb0 [ bb0 = s0 [ s0 = new'0 {[%#sduration0] (0 : uint64)} {[%#sduration1] (0 : uint32)} (fun (_ret':t_Duration'0) -> [ &zero <- _ret' ] s1) diff --git a/creusot/tests/should_succeed/filter_positive.coma b/creusot/tests/should_succeed/filter_positive.coma index 4f44d47ec..a9e803e54 100644 --- a/creusot/tests/should_succeed/filter_positive.coma +++ b/creusot/tests/should_succeed/filter_positive.coma @@ -324,7 +324,7 @@ module M_filter_positive__m [#"filter_positive.rs" 82 0 82 33] meta "compute_max_steps" 1000000 - let rec m'0 (t:t_Vec'0) (return' (ret:t_Vec'0))= (! bb0 + let rec m'0[#"filter_positive.rs" 82 0 82 33] (t:t_Vec'0) (return' (ret:t_Vec'0))= (! bb0 [ bb0 = s0 [ s0 = [ &count <- [%#sfilter_positive0] (0 : usize) ] s1 | s1 = [ &i <- [%#sfilter_positive1] (0 : usize) ] s2 diff --git a/creusot/tests/should_succeed/fmap_indexing.coma b/creusot/tests/should_succeed/fmap_indexing.coma index a16cb2939..2c677ffda 100644 --- a/creusot/tests/should_succeed/fmap_indexing.coma +++ b/creusot/tests/should_succeed/fmap_indexing.coma @@ -95,7 +95,7 @@ module M_fmap_indexing__foo [#"fmap_indexing.rs" 4 0 4 12] meta "compute_max_steps" 1000000 - let rec foo'0 (_1:()) (return' (ret:()))= (! bb0 + let rec foo'0[#"fmap_indexing.rs" 4 0 4 12] (_1:()) (return' (ret:()))= (! bb0 [ bb0 = s0 [ s0 = [ &map <- [%#sfmap_indexing0] Snapshot.new (empty'0 ()) ] s1 | s1 = bb1 ] | bb1 = s0 [ s0 = [ &_3 <- [%#sfmap_indexing1] Snapshot.new (insert'0 (Snapshot.inner map) 1 3) ] s1 | s1 = bb2 ] | bb2 = s0 diff --git a/creusot/tests/should_succeed/ghost/assert_in_ghost.coma b/creusot/tests/should_succeed/ghost/assert_in_ghost.coma index 54be8f402..39f377cff 100644 --- a/creusot/tests/should_succeed/ghost/assert_in_ghost.coma +++ b/creusot/tests/should_succeed/ghost/assert_in_ghost.coma @@ -27,7 +27,7 @@ module M_assert_in_ghost__ghost_only [#"assert_in_ghost.rs" 4 0 4 19] use prelude.prelude.Intrinsic - let rec closure0'0 (_1:()) (return' (ret:t_GhostBox'0))= bb0 + let rec closure0'0[#"assert_in_ghost.rs" 5 4 8 5] [@coma:extspec] (_1:()) (return' (ret:t_GhostBox'0))= bb0 [ bb0 = s0 [ s0 = [ &x <- [%#sassert_in_ghost0] (1 : int32) ] s1 | s1 = {[@expl:assertion] [%#sassert_in_ghost1] x = (1 : int32)} s2 @@ -41,7 +41,7 @@ module M_assert_in_ghost__ghost_only [#"assert_in_ghost.rs" 4 0 4 19] meta "compute_max_steps" 1000000 - let rec ghost_only'0 (_1:()) (return' (ret:()))= (! bb0 + let rec ghost_only'0[#"assert_in_ghost.rs" 4 0 4 19] (_1:()) (return' (ret:()))= (! bb0 [ bb0 = s0 [ s0 = [ &_2 <- () ] s1 | s1 = closure0'0 {_2} (fun (_ret':t_GhostBox'0) -> [ &_1 <- _ret' ] s2) | s2 = bb1 ] @@ -85,7 +85,7 @@ module M_assert_in_ghost__ghost_capture [#"assert_in_ghost.rs" 11 0 11 22] type closure0'1 = { field_0'0: int32 } - let rec closure0'0 (_1:closure0'1) (return' (ret:t_GhostBox'0))= bb0 + let rec closure0'0[#"assert_in_ghost.rs" 14 4 17 5] [@coma:extspec] (_1:closure0'1) (return' (ret:t_GhostBox'0))= bb0 [ bb0 = s0 [ s0 = [ &y <- _1.field_0'0 ] s1 | s1 = {[@expl:assertion] [%#sassert_in_ghost1] y = (42 : int32)} s2 @@ -99,7 +99,7 @@ module M_assert_in_ghost__ghost_capture [#"assert_in_ghost.rs" 11 0 11 22] meta "compute_max_steps" 1000000 - let rec ghost_capture'0 (_1:()) (return' (ret:()))= (! bb0 + let rec ghost_capture'0[#"assert_in_ghost.rs" 11 0 11 22] (_1:()) (return' (ret:()))= (! bb0 [ bb0 = s0 [ s0 = [ &x <- [%#sassert_in_ghost0] (42 : int32) ] s1 | s1 = [ &_3 <- { field_0'0 = x } ] s2 @@ -153,7 +153,7 @@ module M_assert_in_ghost__ghost_mutate [#"assert_in_ghost.rs" 20 0 20 21] use prelude.prelude.Intrinsic - let rec closure0'0 (_1:()) (return' (ret:t_GhostBox'0))= bb0 + let rec closure0'0[#"assert_in_ghost.rs" 21 16 21 37] [@coma:extspec] (_1:()) (return' (ret:t_GhostBox'0))= bb0 [ bb0 = s0 [ s0 = [ &_2 <- (([%#sassert_in_ghost0] (2 : int32)), ([%#sassert_in_ghost1] (3 : int32))) ] s1 | s1 = new'0 {_2} (fun (_ret':t_GhostBox'0) -> [ &_0 <- _ret' ] s2) @@ -218,7 +218,7 @@ module M_assert_in_ghost__ghost_mutate [#"assert_in_ghost.rs" 20 0 20 21] (! return' {result}) ] - let rec closure1'0 (_1:closure1'1) (return' (ret:t_GhostBox'1))= bb0 + let rec closure1'0[#"assert_in_ghost.rs" 23 4 25 5] [@coma:extspec] (_1:closure1'1) (return' (ret:t_GhostBox'1))= bb0 [ bb0 = s0 [ s0 = Borrow.borrow_final {(_1.field_0'0).current} {Borrow.get_id _1.field_0'0} (fun (_ret':borrowed (t_GhostBox'0)) -> @@ -253,7 +253,7 @@ module M_assert_in_ghost__ghost_mutate [#"assert_in_ghost.rs" 20 0 20 21] type closure2'1 = { field_0'1: t_GhostBox'0 } - let rec closure2'0 (_1:closure2'1) (return' (ret:t_GhostBox'1))= bb0 + let rec closure2'0[#"assert_in_ghost.rs" 27 4 30 5] [@coma:extspec] (_1:closure2'1) (return' (ret:t_GhostBox'1))= bb0 [ bb0 = s0 [ s0 = {[@expl:assertion] [%#sassert_in_ghost3] (let (a, _) = inner_logic'0 _1.field_0'1 in a) = (4 : int32)} s1 | s1 = {[@expl:assertion] [%#sassert_in_ghost4] (let (_, a) = inner_logic'0 _1.field_0'1 in a) = (3 : int32)} s2 @@ -267,7 +267,7 @@ module M_assert_in_ghost__ghost_mutate [#"assert_in_ghost.rs" 20 0 20 21] meta "compute_max_steps" 1000000 - let rec ghost_mutate'0 (_1:()) (return' (ret:()))= (! bb0 + let rec ghost_mutate'0[#"assert_in_ghost.rs" 20 0 20 21] (_1:()) (return' (ret:()))= (! bb0 [ bb0 = s0 [ s0 = [ &_2 <- () ] s1 | s1 = closure0'0 {_2} (fun (_ret':t_GhostBox'0) -> [ &p <- _ret' ] s2) | s2 = bb1 ] diff --git a/creusot/tests/should_succeed/ghost/disjoint_raw_ptr.coma b/creusot/tests/should_succeed/ghost/disjoint_raw_ptr.coma index a90bb0110..6bcc9302c 100644 --- a/creusot/tests/should_succeed/ghost/disjoint_raw_ptr.coma +++ b/creusot/tests/should_succeed/ghost/disjoint_raw_ptr.coma @@ -223,7 +223,7 @@ module M_disjoint_raw_ptr__foo [#"disjoint_raw_ptr.rs" 4 0 4 12] use prelude.prelude.Intrinsic - let rec closure0'0 (_1:closure0'1) (return' (ret:t_GhostBox'1))= bb0 + let rec closure0'0[#"disjoint_raw_ptr.rs" 8 4 10 5] [@coma:extspec] (_1:closure0'1) (return' (ret:t_GhostBox'1))= bb0 [ bb0 = s0 [ s0 = Borrow.borrow_final {(_1.field_0'0).current} {Borrow.get_id _1.field_0'0} (fun (_ret':borrowed (t_GhostBox'0)) -> @@ -274,7 +274,7 @@ module M_disjoint_raw_ptr__foo [#"disjoint_raw_ptr.rs" 4 0 4 12] meta "compute_max_steps" 1000000 - let rec foo'0 (_1:()) (return' (ret:()))= (! bb0 + let rec foo'0[#"disjoint_raw_ptr.rs" 4 0 4 12] (_1:()) (return' (ret:()))= (! bb0 [ bb0 = s0 [ s0 = new'0 {[%#sdisjoint_raw_ptr0] (1 : int32)} (fun (_ret':(opaque_ptr, t_GhostBox'0)) -> [ &_3 <- _ret' ] s1) | s1 = bb1 ] diff --git a/creusot/tests/should_succeed/ghost/ghost_map.coma b/creusot/tests/should_succeed/ghost/ghost_map.coma index 90e4d6a56..4caf2bfc6 100644 --- a/creusot/tests/should_succeed/ghost/ghost_map.coma +++ b/creusot/tests/should_succeed/ghost/ghost_map.coma @@ -362,7 +362,7 @@ module M_ghost_map__ghost_map [#"ghost_map.rs" 4 0 4 18] use prelude.prelude.Intrinsic - let rec closure0'0 (_1:closure0'1) (return' (ret:t_GhostBox'1))= bb0 + let rec closure0'0[#"ghost_map.rs" 6 4 48 5] [@coma:extspec] (_1:closure0'1) (return' (ret:t_GhostBox'1))= bb0 [ bb0 = s0 [ s0 = {[@expl:assertion] [%#sghost_map3] forall k : int32 . not contains'0 (inner_logic'0 (_1.field_0'0).current) k} s1 @@ -659,7 +659,7 @@ module M_ghost_map__ghost_map [#"ghost_map.rs" 4 0 4 18] meta "compute_max_steps" 1000000 - let rec ghost_map'0 (_1:()) (return' (ret:()))= (! bb0 + let rec ghost_map'0[#"ghost_map.rs" 4 0 4 18] (_1:()) (return' (ret:()))= (! bb0 [ bb0 = s0 [ s0 = new'0 {[%#sghost_map0] ()} (fun (_ret':t_GhostBox'0) -> [ &map <- _ret' ] s1) | s1 = bb1 ] | bb1 = s0 [ s0 = Borrow.borrow_mut {map} diff --git a/creusot/tests/should_succeed/ghost/ghost_set.coma b/creusot/tests/should_succeed/ghost/ghost_set.coma index e4e93b45f..26bfcffac 100644 --- a/creusot/tests/should_succeed/ghost/ghost_set.coma +++ b/creusot/tests/should_succeed/ghost/ghost_set.coma @@ -191,7 +191,7 @@ module M_ghost_set__ghost_map [#"ghost_set.rs" 4 0 4 18] use prelude.prelude.Intrinsic - let rec closure0'0 (_1:closure0'1) (return' (ret:t_GhostBox'1))= bb0 + let rec closure0'0[#"ghost_set.rs" 6 4 34 5] [@coma:extspec] (_1:closure0'1) (return' (ret:t_GhostBox'1))= bb0 [ bb0 = s0 [ s0 = {[@expl:assertion] [%#sghost_set3] forall k : int32 . not contains'0 (inner_logic'0 (_1.field_0'0).current) k} s1 @@ -421,7 +421,7 @@ module M_ghost_set__ghost_map [#"ghost_set.rs" 4 0 4 18] meta "compute_max_steps" 1000000 - let rec ghost_map'0 (_1:()) (return' (ret:()))= (! bb0 + let rec ghost_map'0[#"ghost_set.rs" 4 0 4 18] (_1:()) (return' (ret:()))= (! bb0 [ bb0 = s0 [ s0 = new'0 {[%#sghost_set0] ()} (fun (_ret':t_GhostBox'0) -> [ &set <- _ret' ] s1) | s1 = bb1 ] | bb1 = s0 [ s0 = Borrow.borrow_mut {set} diff --git a/creusot/tests/should_succeed/ghost/ghost_vec.coma b/creusot/tests/should_succeed/ghost/ghost_vec.coma index d7d4f155e..841fdbef9 100644 --- a/creusot/tests/should_succeed/ghost/ghost_vec.coma +++ b/creusot/tests/should_succeed/ghost/ghost_vec.coma @@ -283,7 +283,7 @@ module M_ghost_vec__ghost_vec [#"ghost_vec.rs" 4 0 4 18] use prelude.prelude.Intrinsic - let rec closure1'0 (_1:closure1'1) (return' (ret:t_GhostBox'1))= bb0 + let rec closure1'0[#"ghost_vec.rs" 7 4 38 5] [@coma:extspec] (_1:closure1'1) (return' (ret:t_GhostBox'1))= bb0 [ bb0 = s0 [ s0 = Borrow.borrow_mut {(_1.field_0'0).current} (fun (_ret':borrowed (t_GhostBox'0)) -> @@ -594,7 +594,7 @@ module M_ghost_vec__ghost_vec [#"ghost_vec.rs" 4 0 4 18] predicate resolve'3 (_1 : closure2'1) = resolve'6 _1.field_0'1 - let rec closure2'0 (_1:closure2'1) (return' (ret:t_GhostBox'1))= bb0 + let rec closure2'0[#"ghost_vec.rs" 41 4 53 5] [@coma:extspec] (_1:closure2'1) (return' (ret:t_GhostBox'1))= bb0 [ bb0 = s0 [ s0 = Borrow.borrow_mut {(_1.field_0'1).current} (fun (_ret':borrowed (t_GhostBox'0)) -> @@ -768,7 +768,7 @@ module M_ghost_vec__ghost_vec [#"ghost_vec.rs" 4 0 4 18] meta "compute_max_steps" 1000000 - let rec ghost_vec'0 (_1:()) (return' (ret:()))= (! bb0 + let rec ghost_vec'0[#"ghost_vec.rs" 4 0 4 18] (_1:()) (return' (ret:()))= (! bb0 [ bb0 = s0 [ s0 = new'0 {[%#sghost_vec0] ()} (fun (_ret':t_GhostBox'0) -> [ &v <- _ret' ] s1) | s1 = bb1 ] | bb1 = s0 [ s0 = {[@expl:assertion] [%#sghost_vec1] forall i : int . get'0 (inner_logic'0 v) i = C_None'0} s1 diff --git a/creusot/tests/should_succeed/ghost/integers.coma b/creusot/tests/should_succeed/ghost/integers.coma index 5fcc060d0..537ae4146 100644 --- a/creusot/tests/should_succeed/ghost/integers.coma +++ b/creusot/tests/should_succeed/ghost/integers.coma @@ -62,7 +62,7 @@ module M_integers__in_ghost_block [#"integers.rs" 4 0 4 23] use prelude.prelude.Intrinsic - let rec closure0'0 (_1:()) (return' (ret:t_GhostBox'0))= bb0 + let rec closure0'0[#"integers.rs" 5 12 5 24] [@coma:extspec] (_1:()) (return' (ret:t_GhostBox'0))= bb0 [ bb0 = s0 [ s0 = new'0 {[%#sintegers0] (1 : int128)} (fun (_ret':t_GhostBox'0) -> [ &_3 <- _ret' ] s1) | s1 = bb1 ] @@ -119,7 +119,7 @@ module M_integers__in_ghost_block [#"integers.rs" 4 0 4 23] type closure1'1 = { field_0'0: t_GhostBox'0 } - let rec closure1'0 (_1:closure1'1) (return' (ret:t_GhostBox'1))= bb0 + let rec closure1'0[#"integers.rs" 6 4 11 5] [@coma:extspec] (_1:closure1'1) (return' (ret:t_GhostBox'1))= bb0 [ bb0 = s0 [ s0 = new'0 {[%#sintegers1] (2 : int128)} (fun (_ret':t_GhostBox'0) -> [ &_4 <- _ret' ] s1) | s1 = bb1 ] @@ -154,7 +154,7 @@ module M_integers__in_ghost_block [#"integers.rs" 4 0 4 23] [ return' (result:int)-> {[%#sintegers20] result = x + mod y z} (! return' {result}) ] - let rec closure2'0 (_1:()) (return' (ret:t_GhostBox'1))= bb0 + let rec closure2'0[#"integers.rs" 13 4 16 5] [@coma:extspec] (_1:()) (return' (ret:t_GhostBox'1))= bb0 [ bb0 = s0 [ s0 = new'0 {[%#sintegers4] (4 : int128)} (fun (_ret':t_GhostBox'0) -> [ &_5 <- _ret' ] s1) | s1 = bb1 ] @@ -188,7 +188,7 @@ module M_integers__in_ghost_block [#"integers.rs" 4 0 4 23] meta "compute_max_steps" 1000000 - let rec in_ghost_block'0 (_1:()) (return' (ret:()))= (! bb0 + let rec in_ghost_block'0[#"integers.rs" 4 0 4 23] (_1:()) (return' (ret:()))= (! bb0 [ bb0 = s0 [ s0 = [ &_2 <- () ] s1 | s1 = closure0'0 {_2} (fun (_ret':t_GhostBox'0) -> [ &x <- _ret' ] s2) | s2 = bb1 ] @@ -236,7 +236,7 @@ module M_integers__ghost_function [#"integers.rs" 21 0 21 52] meta "compute_max_steps" 1000000 - let rec ghost_function'0 (x:int) (y:int) (z:int) (return' (ret:int))= (! bb0 + let rec ghost_function'0[#"integers.rs" 21 0 21 52] (x:int) (y:int) (z:int) (return' (ret:int))= (! bb0 [ bb0 = s0 [ s0 = rem'0 {y} {z} (fun (_ret':int) -> [ &_6 <- _ret' ] s1) | s1 = bb1 ] | bb1 = s0 [ s0 = add'0 {x} {_6} (fun (_ret':int) -> [ &_0 <- _ret' ] s1) | s1 = bb2 ] | bb2 = return' {_0} ] diff --git a/creusot/tests/should_succeed/ghost/snapshot_in_ghost.coma b/creusot/tests/should_succeed/ghost/snapshot_in_ghost.coma index 627f795ab..03da76f3a 100644 --- a/creusot/tests/should_succeed/ghost/snapshot_in_ghost.coma +++ b/creusot/tests/should_succeed/ghost/snapshot_in_ghost.coma @@ -33,7 +33,7 @@ module M_snapshot_in_ghost__foo [#"snapshot_in_ghost.rs" 5 0 5 12] use prelude.prelude.Snapshot - let rec closure0'0 (_1:()) (return' (ret:t_GhostBox'0))= bb0 + let rec closure0'0[#"snapshot_in_ghost.rs" 6 4 9 5] [@coma:extspec] (_1:()) (return' (ret:t_GhostBox'0))= bb0 [ bb0 = s0 [ s0 = [ &x <- [%#ssnapshot_in_ghost0] Snapshot.new 1 ] s1 | s1 = bb1 ] | bb1 = s0 [ s0 = {[@expl:assertion] [%#ssnapshot_in_ghost1] Snapshot.inner x = 1} s1 @@ -47,7 +47,7 @@ module M_snapshot_in_ghost__foo [#"snapshot_in_ghost.rs" 5 0 5 12] meta "compute_max_steps" 1000000 - let rec foo'0 (_1:()) (return' (ret:()))= (! bb0 + let rec foo'0[#"snapshot_in_ghost.rs" 5 0 5 12] (_1:()) (return' (ret:()))= (! bb0 [ bb0 = s0 [ s0 = [ &_2 <- () ] s1 | s1 = closure0'0 {_2} (fun (_ret':t_GhostBox'0) -> [ &_1 <- _ret' ] s2) | s2 = bb1 ] @@ -73,7 +73,7 @@ module M_snapshot_in_ghost__is_pure [#"snapshot_in_ghost.rs" 14 0 14 16] meta "compute_max_steps" 1000000 - let rec is_pure'0 (_1:()) (return' (ret:()))= (! bb0 + let rec is_pure'0[#"snapshot_in_ghost.rs" 14 0 14 16] (_1:()) (return' (ret:()))= (! bb0 [ bb0 = s0 [ s0 = [ &x <- [%#ssnapshot_in_ghost0] Snapshot.new 1 ] s1 | s1 = bb1 ] | bb1 = s0 [ s0 = {[@expl:assertion] [%#ssnapshot_in_ghost1] Snapshot.inner x = 1} s1 | s1 = return' {_0} ] ] ) [ & _0 : () = any_l () | & x : Snapshot.snap_ty int = any_l () ] [ return' (result:())-> (! return' {result}) ] diff --git a/creusot/tests/should_succeed/ghost/typing.coma b/creusot/tests/should_succeed/ghost/typing.coma index 770ac654b..c99bbf229 100644 --- a/creusot/tests/should_succeed/ghost/typing.coma +++ b/creusot/tests/should_succeed/ghost/typing.coma @@ -44,7 +44,7 @@ module M_typing__ghost_enter_ghost [#"typing.rs" 14 0 14 26] use prelude.prelude.Intrinsic - let rec closure0'0 (_1:()) (return' (ret:t_GhostBox'0))= bb0 + let rec closure0'0[#"typing.rs" 15 17 15 35] [@coma:extspec] (_1:()) (return' (ret:t_GhostBox'0))= bb0 [ bb0 = s0 [ s0 = [ &_2 <- { t_NonCopy__0'0 = ([%#styping2] (1 : int32)) } ] s1 | s1 = new'0 {_2} (fun (_ret':t_GhostBox'0) -> [ &_0 <- _ret' ] s2) @@ -55,7 +55,7 @@ module M_typing__ghost_enter_ghost [#"typing.rs" 14 0 14 26] [ return' (result:t_GhostBox'0)-> return' {result} ] - let rec closure1'0 (_1:()) (return' (ret:t_GhostBox'0))= bb0 + let rec closure1'0[#"typing.rs" 16 17 16 35] [@coma:extspec] (_1:()) (return' (ret:t_GhostBox'0))= bb0 [ bb0 = s0 [ s0 = [ &_2 <- { t_NonCopy__0'0 = ([%#styping3] (2 : int32)) } ] s1 | s1 = new'0 {_2} (fun (_ret':t_GhostBox'0) -> [ &_0 <- _ret' ] s2) @@ -66,7 +66,7 @@ module M_typing__ghost_enter_ghost [#"typing.rs" 14 0 14 26] [ return' (result:t_GhostBox'0)-> return' {result} ] - let rec closure2'0 (_1:()) (return' (ret:t_GhostBox'0))= bb0 + let rec closure2'0[#"typing.rs" 17 20 17 38] [@coma:extspec] (_1:()) (return' (ret:t_GhostBox'0))= bb0 [ bb0 = s0 [ s0 = [ &_2 <- { t_NonCopy__0'0 = ([%#styping4] (3 : int32)) } ] s1 | s1 = new'0 {_2} (fun (_ret':t_GhostBox'0) -> [ &_0 <- _ret' ] s2) @@ -146,7 +146,7 @@ module M_typing__ghost_enter_ghost [#"typing.rs" 14 0 14 26] (! return' {result}) ] - let rec closure3'0 (_1:closure3'1) (return' (ret:t_GhostBox'1))= bb0 + let rec closure3'0[#"typing.rs" 19 4 23 5] [@coma:extspec] (_1:closure3'1) (return' (ret:t_GhostBox'1))= bb0 [ bb0 = s0 [ s0 = deref'0 {_1.field_0'0} (fun (_ret':t_NonCopy'0) -> [ &_3 <- _ret' ] s1) | s1 = bb1 ] | bb1 = s0 [ s0 = [ &_5 <- { t_NonCopy__0'0 = ([%#styping5] (4 : int32)) } ] s1 @@ -191,7 +191,7 @@ module M_typing__ghost_enter_ghost [#"typing.rs" 14 0 14 26] meta "compute_max_steps" 1000000 - let rec ghost_enter_ghost'0 (_1:()) (return' (ret:()))= (! bb0 + let rec ghost_enter_ghost'0[#"typing.rs" 14 0 14 26] (_1:()) (return' (ret:()))= (! bb0 [ bb0 = s0 [ s0 = [ &_2 <- () ] s1 | s1 = closure0'0 {_2} (fun (_ret':t_GhostBox'0) -> [ &g_move <- _ret' ] s2) @@ -273,7 +273,7 @@ module M_typing__copy_enter_ghost [#"typing.rs" 29 0 29 25] type closure0'1 = { field_0'0: int32; field_1'0: (); field_2'0: (int32, int32) } - let rec closure0'0 (_1:closure0'1) (return' (ret:t_GhostBox'0))= bb0 + let rec closure0'0[#"typing.rs" 34 4 38 5] [@coma:extspec] (_1:closure0'1) (return' (ret:t_GhostBox'0))= bb0 [ bb0 = s0 [ s0 = [ &_x <- _1.field_0'0 ] s1 | s1 = [ &_pair <- _1.field_2'0 ] s2 @@ -293,7 +293,7 @@ module M_typing__copy_enter_ghost [#"typing.rs" 29 0 29 25] meta "compute_max_steps" 1000000 - let rec copy_enter_ghost'0 (_1:()) (return' (ret:()))= (! bb0 + let rec copy_enter_ghost'0[#"typing.rs" 29 0 29 25] (_1:()) (return' (ret:()))= (! bb0 [ bb0 = s0 [ s0 = [ &x <- [%#styping0] (2 : int32) ] s1 | s1 = [ &pair <- (([%#styping1] (6 : int32)), ([%#styping2] (42 : int32))) ] s2 diff --git a/creusot/tests/should_succeed/hashmap.coma b/creusot/tests/should_succeed/hashmap.coma index 6d4455377..93b35ff5a 100644 --- a/creusot/tests/should_succeed/hashmap.coma +++ b/creusot/tests/should_succeed/hashmap.coma @@ -106,7 +106,7 @@ module M_hashmap__qyi9060063638777358169__hash [#"hashmap.rs" 77 4 77 25] (* [ &_0 <- _res ] s1) | s1 = return' {_0} ] ] @@ -507,7 +507,7 @@ module M_hashmap__qyi7664122466964245986__new [#"hashmap.rs" 152 4 152 46] (* My meta "compute_max_steps" 1000000 - let rec new'0 (size:usize) (return' (ret:t_MyHashMap'0))= {[@expl:new requires] [%#shashmap0] 0 + let rec new'0[#"hashmap.rs" 152 4 152 46] (size:usize) (return' (ret:t_MyHashMap'0))= {[@expl:new requires] [%#shashmap0] 0 < UIntSize.to_int size} (! bb0 [ bb0 = s0 @@ -911,7 +911,7 @@ module M_hashmap__qyi7664122466964245986__add [#"hashmap.rs" 158 4 158 41] (* My meta "compute_max_steps" 1000000 - let rec add'0 (self:borrowed (t_MyHashMap'0)) (key:t_K'0) (val':t_V'0) (return' (ret:()))= {[@expl:add 'self' type invariant] [%#shashmap10] inv'9 self} + let rec add'0[#"hashmap.rs" 158 4 158 41] (self:borrowed (t_MyHashMap'0)) (key:t_K'0) (val':t_V'0) (return' (ret:()))= {[@expl:add 'self' type invariant] [%#shashmap10] inv'9 self} {[@expl:add 'key' type invariant] [%#shashmap11] inv'3 key} {[@expl:add 'val' type invariant] [%#shashmap12] inv'4 val'} (! bb0 @@ -1405,7 +1405,7 @@ module M_hashmap__qyi7664122466964245986__get [#"hashmap.rs" 190 4 190 43] (* My meta "compute_max_steps" 1000000 - let rec get'0 (self:t_MyHashMap'0) (key:t_K'0) (return' (ret:t_Option'0))= {[@expl:get 'self' type invariant] [%#shashmap3] inv'1 self} + let rec get'0[#"hashmap.rs" 190 4 190 43] (self:t_MyHashMap'0) (key:t_K'0) (return' (ret:t_Option'0))= {[@expl:get 'self' type invariant] [%#shashmap3] inv'1 self} {[@expl:get 'key' type invariant] [%#shashmap4] inv'2 key} (! bb0 [ bb0 = s0 [ s0 = hash'0 {key} (fun (_ret':uint64) -> [ &_7 <- _ret' ] s1) | s1 = bb1 ] @@ -1836,7 +1836,7 @@ module M_hashmap__qyi7664122466964245986__resize [#"hashmap.rs" 209 4 209 24] (* meta "compute_max_steps" 1000000 - let rec resize'0 (self:borrowed (t_MyHashMap'0)) (return' (ret:()))= {[@expl:resize 'self' type invariant] [%#shashmap19] inv'1 self} + let rec resize'0[#"hashmap.rs" 209 4 209 24] (self:borrowed (t_MyHashMap'0)) (return' (ret:()))= {[@expl:resize 'self' type invariant] [%#shashmap19] inv'1 self} {[@expl:resize requires] [%#shashmap20] Seq.length (view'0 (self.current).t_MyHashMap__buckets'0) < 1000} (! bb0 [ bb0 = s0 [ s0 = [ &old_self <- [%#shashmap0] Snapshot.new self ] s1 | s1 = bb1 ] @@ -2249,7 +2249,7 @@ module M_hashmap__main [#"hashmap.rs" 249 0 249 13] meta "compute_max_steps" 1000000 - let rec main'0 (_1:()) (return' (ret:()))= (! bb0 + let rec main'0[#"hashmap.rs" 249 0 249 13] (_1:()) (return' (ret:()))= (! bb0 [ bb0 = s0 [ s0 = new'0 {[%#shashmap0] (17 : usize)} (fun (_ret':t_MyHashMap'0) -> [ &h1 <- _ret' ] s1) | s1 = bb1 ] diff --git a/creusot/tests/should_succeed/heapsort_generic.coma b/creusot/tests/should_succeed/heapsort_generic.coma index 82e61416d..70e80015a 100644 --- a/creusot/tests/should_succeed/heapsort_generic.coma +++ b/creusot/tests/should_succeed/heapsort_generic.coma @@ -471,7 +471,7 @@ module M_heapsort_generic__sift_down [#"heapsort_generic.rs" 41 0 43 29] meta "compute_max_steps" 1000000 - let rec sift_down'0 (v:borrowed (t_Vec'0)) (start:usize) (end':usize) (return' (ret:()))= {[@expl:sift_down 'v' type invariant] [%#sheapsort_generic15] inv'0 v} + let rec sift_down'0[#"heapsort_generic.rs" 41 0 43 29] (v:borrowed (t_Vec'0)) (start:usize) (end':usize) (return' (ret:()))= {[@expl:sift_down 'v' type invariant] [%#sheapsort_generic15] inv'0 v} {[@expl:sift_down requires #0] [%#sheapsort_generic16] heap_frag'0 (deep_model'0 v) (UIntSize.to_int start + 1) (UIntSize.to_int end')} {[@expl:sift_down requires #1] [%#sheapsort_generic17] UIntSize.to_int start < UIntSize.to_int end'} @@ -982,7 +982,7 @@ module M_heapsort_generic__heap_sort [#"heapsort_generic.rs" 94 0 96 29] meta "compute_max_steps" 1000000 - let rec heap_sort'0 (v:borrowed (t_Vec'0)) (return' (ret:()))= {[@expl:heap_sort 'v' type invariant] [%#sheapsort_generic19] inv'1 v} + let rec heap_sort'0[#"heapsort_generic.rs" 94 0 96 29] (v:borrowed (t_Vec'0)) (return' (ret:()))= {[@expl:heap_sort 'v' type invariant] [%#sheapsort_generic19] inv'1 v} {[@expl:heap_sort requires] [%#sheapsort_generic20] Seq.length (view'0 v) < div (UIntSize.to_int v_MAX'0) 2} (! bb0 [ bb0 = s0 [ s0 = [ &old_v <- [%#sheapsort_generic0] Snapshot.new v ] s1 | s1 = bb1 ] diff --git a/creusot/tests/should_succeed/hillel.coma b/creusot/tests/should_succeed/hillel.coma index 70594d91f..e0206d18e 100644 --- a/creusot/tests/should_succeed/hillel.coma +++ b/creusot/tests/should_succeed/hillel.coma @@ -147,7 +147,7 @@ module M_hillel__right_pad [#"hillel.rs" 17 0 17 59] meta "compute_max_steps" 1000000 - let rec right_pad'0 (str:borrowed (t_Vec'0)) (len:usize) (pad:t_T'0) (return' (ret:()))= {[@expl:right_pad 'str' type invariant] [%#shillel6] inv'1 str} + let rec right_pad'0[#"hillel.rs" 17 0 17 59] (str:borrowed (t_Vec'0)) (len:usize) (pad:t_T'0) (return' (ret:()))= {[@expl:right_pad 'str' type invariant] [%#shillel6] inv'1 str} {[@expl:right_pad 'pad' type invariant] [%#shillel7] inv'2 pad} (! bb0 [ bb0 = s0 [ s0 = [ &old_str <- [%#shillel0] Snapshot.new str ] s1 | s1 = bb1 ] @@ -378,7 +378,7 @@ module M_hillel__left_pad [#"hillel.rs" 34 0 34 58] meta "compute_max_steps" 1000000 - let rec left_pad'0 (str:borrowed (t_Vec'0)) (len:usize) (pad:t_T'0) (return' (ret:()))= {[@expl:left_pad 'str' type invariant] [%#shillel10] inv'1 str} + let rec left_pad'0[#"hillel.rs" 34 0 34 58] (str:borrowed (t_Vec'0)) (len:usize) (pad:t_T'0) (return' (ret:()))= {[@expl:left_pad 'str' type invariant] [%#shillel10] inv'1 str} {[@expl:left_pad 'pad' type invariant] [%#shillel11] inv'2 pad} (! bb0 [ bb0 = s0 [ s0 = [ &old_str <- [%#shillel0] Snapshot.new str ] s1 | s1 = bb1 ] @@ -879,7 +879,7 @@ module M_hillel__insert_unique [#"hillel.rs" 80 0 80 62] meta "compute_max_steps" 1000000 - let rec insert_unique'0 (vec:borrowed (t_Vec'0)) (elem:t_T'0) (return' (ret:()))= {[@expl:insert_unique 'vec' type invariant] [%#shillel12] inv'3 vec} + let rec insert_unique'0[#"hillel.rs" 80 0 80 62] (vec:borrowed (t_Vec'0)) (elem:t_T'0) (return' (ret:()))= {[@expl:insert_unique 'vec' type invariant] [%#shillel12] inv'3 vec} {[@expl:insert_unique 'elem' type invariant] [%#shillel13] inv'2 elem} {[@expl:insert_unique requires] [%#shillel14] is_unique'0 (deep_model'0 vec)} (! bb0 @@ -1354,7 +1354,7 @@ module M_hillel__unique [#"hillel.rs" 102 0 102 56] meta "compute_max_steps" 1000000 - let rec unique'0 (str:slice t_T'0) (return' (ret:t_Vec'0))= {[@expl:unique 'str' type invariant] [%#shillel15] inv'4 str} + let rec unique'0[#"hillel.rs" 102 0 102 56] (str:slice t_T'0) (return' (ret:t_Vec'0))= {[@expl:unique 'str' type invariant] [%#shillel15] inv'4 str} (! bb0 [ bb0 = s0 [ s0 = new'0 {[%#shillel0] ()} (fun (_ret':t_Vec'0) -> [ &unique <- _ret' ] s1) | s1 = bb1 ] | bb1 = s0 [ s0 = [ &sub_str <- [%#shillel1] Snapshot.new (Seq.empty : Seq.seq t_T'0) ] s1 | s1 = bb2 ] @@ -2019,7 +2019,7 @@ module M_hillel__fulcrum [#"hillel.rs" 159 0 159 30] meta "compute_max_steps" 1000000 - let rec fulcrum'0 (s:slice uint32) (return' (ret:usize))= {[@expl:fulcrum requires #0] [%#shillel21] sum_range'0 (view'0 s) 0 (Seq.length (view'0 s)) + let rec fulcrum'0[#"hillel.rs" 159 0 159 30] (s:slice uint32) (return' (ret:usize))= {[@expl:fulcrum requires #0] [%#shillel21] sum_range'0 (view'0 s) 0 (Seq.length (view'0 s)) <= 1000} {[@expl:fulcrum requires #1] [%#shillel22] Seq.length (view'0 s) > 0} (! bb0 diff --git a/creusot/tests/should_succeed/immut.coma b/creusot/tests/should_succeed/immut.coma index 33a24c9ad..15abad4e4 100644 --- a/creusot/tests/should_succeed/immut.coma +++ b/creusot/tests/should_succeed/immut.coma @@ -16,7 +16,7 @@ module M_immut__f [#"immut.rs" 3 0 3 10] meta "compute_max_steps" 1000000 - let rec f'0 (_1:()) (return' (ret:()))= (! bb0 + let rec f'0[#"immut.rs" 3 0 3 10] (_1:()) (return' (ret:()))= (! bb0 [ bb0 = s0 [ s0 = [ &a <- [%#simmut0] (10 : uint32) ] s1 | s1 = Borrow.borrow_mut {a} (fun (_ret':borrowed uint32) -> [ &b <- _ret' ] [ &a <- _ret'.final ] s2) diff --git a/creusot/tests/should_succeed/index_range.coma b/creusot/tests/should_succeed/index_range.coma index 08b3cd649..37c561027 100644 --- a/creusot/tests/should_succeed/index_range.coma +++ b/creusot/tests/should_succeed/index_range.coma @@ -85,7 +85,7 @@ module M_index_range__create_arr [#"index_range.rs" 14 0 14 27] meta "compute_max_steps" 1000000 - let rec create_arr'0 (_1:()) (return' (ret:t_Vec'0))= (! bb0 + let rec create_arr'0[#"index_range.rs" 14 0 14 27] (_1:()) (return' (ret:t_Vec'0))= (! bb0 [ bb0 = s0 [ s0 = new'0 {[%#sindex_range0] ()} (fun (_ret':t_Vec'0) -> [ &arr <- _ret' ] s1) | s1 = bb1 ] | bb1 = s0 [ s0 = Borrow.borrow_mut {arr} @@ -441,7 +441,7 @@ module M_index_range__test_range [#"index_range.rs" 27 0 27 19] meta "compute_max_steps" 1000000 - let rec test_range'0 (_1:()) (return' (ret:()))= (! bb0 + let rec test_range'0[#"index_range.rs" 27 0 27 19] (_1:()) (return' (ret:()))= (! bb0 [ bb0 = s0 [ s0 = create_arr'0 {[%#sindex_range0] ()} (fun (_ret':t_Vec'0) -> [ &arr <- _ret' ] s1) | s1 = bb1 ] | bb1 = s0 [ s0 = @@ -1070,7 +1070,7 @@ module M_index_range__test_range_to [#"index_range.rs" 78 0 78 22] meta "compute_max_steps" 1000000 - let rec test_range_to'0 (_1:()) (return' (ret:()))= (! bb0 + let rec test_range_to'0[#"index_range.rs" 78 0 78 22] (_1:()) (return' (ret:()))= (! bb0 [ bb0 = s0 [ s0 = create_arr'0 {[%#sindex_range0] ()} (fun (_ret':t_Vec'0) -> [ &arr <- _ret' ] s1) | s1 = bb1 ] | bb1 = s0 [ s0 = [ &_5 <- { t_RangeTo__end'0 = ([%#sindex_range1] (2 : usize)) } ] s1 @@ -1558,7 +1558,7 @@ module M_index_range__test_range_from [#"index_range.rs" 115 0 115 24] meta "compute_max_steps" 1000000 - let rec test_range_from'0 (_1:()) (return' (ret:()))= (! bb0 + let rec test_range_from'0[#"index_range.rs" 115 0 115 24] (_1:()) (return' (ret:()))= (! bb0 [ bb0 = s0 [ s0 = create_arr'0 {[%#sindex_range0] ()} (fun (_ret':t_Vec'0) -> [ &arr <- _ret' ] s1) | s1 = bb1 ] | bb1 = s0 [ s0 = [ &_5 <- { t_RangeFrom__start'0 = ([%#sindex_range1] (3 : usize)) } ] s1 @@ -2017,7 +2017,7 @@ module M_index_range__test_range_full [#"index_range.rs" 154 0 154 24] meta "compute_max_steps" 1000000 - let rec test_range_full'0 (_1:()) (return' (ret:()))= (! bb0 + let rec test_range_full'0[#"index_range.rs" 154 0 154 24] (_1:()) (return' (ret:()))= (! bb0 [ bb0 = s0 [ s0 = create_arr'0 {[%#sindex_range0] ()} (fun (_ret':t_Vec'0) -> [ &arr <- _ret' ] s1) | s1 = bb1 ] | bb1 = s0 [ s0 = [ &_5 <- () ] s1 | s1 = index'0 {arr} {_5} (fun (_ret':slice int32) -> [ &_3 <- _ret' ] s2) | s2 = bb2 ] @@ -2509,7 +2509,7 @@ module M_index_range__test_range_to_inclusive [#"index_range.rs" 179 0 179 32] meta "compute_max_steps" 1000000 - let rec test_range_to_inclusive'0 (_1:()) (return' (ret:()))= (! bb0 + let rec test_range_to_inclusive'0[#"index_range.rs" 179 0 179 32] (_1:()) (return' (ret:()))= (! bb0 [ bb0 = s0 [ s0 = create_arr'0 {[%#sindex_range0] ()} (fun (_ret':t_Vec'0) -> [ &arr <- _ret' ] s1) | s1 = bb1 ] | bb1 = s0 [ s0 = [ &_5 <- { t_RangeToInclusive__end'0 = ([%#sindex_range1] (1 : usize)) } ] s1 diff --git a/creusot/tests/should_succeed/inferred_invariants.coma b/creusot/tests/should_succeed/inferred_invariants.coma index f941ed1c8..0bf909523 100644 --- a/creusot/tests/should_succeed/inferred_invariants.coma +++ b/creusot/tests/should_succeed/inferred_invariants.coma @@ -25,7 +25,7 @@ module M_inferred_invariants__f [#"inferred_invariants.rs" 4 0 4 18] meta "compute_max_steps" 1000000 - let rec f'0 (_1:borrowed t_T'0) (return' (ret:()))= {[@expl:f '_1' type invariant] inv'0 _1} + let rec f'0[#"inferred_invariants.rs" 4 0 4 18] (_1:borrowed t_T'0) (return' (ret:()))= {[@expl:f '_1' type invariant] inv'0 _1} (! bb0 [ bb0 = s0 [ s0 = {[@expl:type invariant] inv'0 _1} s1 | s1 = -{resolve'0 _1}- s2 | s2 = return' {_0} ] ] ) [ & _0 : () = any_l () | & _1 : borrowed t_T'0 = _1 ] [ return' (result:())-> (! return' {result}) ] @@ -61,7 +61,7 @@ module M_inferred_invariants__simple [#"inferred_invariants.rs" 6 0 6 27] meta "compute_max_steps" 1000000 - let rec simple'0 (x:borrowed t_T'0) (return' (ret:()))= {[@expl:simple 'x' type invariant] [%#sinferred_invariants1] inv'0 x} + let rec simple'0[#"inferred_invariants.rs" 6 0 6 27] (x:borrowed t_T'0) (return' (ret:()))= {[@expl:simple 'x' type invariant] [%#sinferred_invariants1] inv'0 x} (! bb0 [ bb0 = s0 [ s0 = [ &old_1_0 <- Snapshot.new x ] s1 | s1 = bb1 ] | bb1 = bb1 @@ -120,7 +120,7 @@ module M_inferred_invariants__swapper [#"inferred_invariants.rs" 13 0 13 57] meta "compute_max_steps" 1000000 - let rec swapper'0 (x:borrowed t_T'0) (y:borrowed t_T'0) (return' (ret:()))= {[@expl:swapper 'x' type invariant] [%#sinferred_invariants2] inv'0 x} + let rec swapper'0[#"inferred_invariants.rs" 13 0 13 57] (x:borrowed t_T'0) (y:borrowed t_T'0) (return' (ret:()))= {[@expl:swapper 'x' type invariant] [%#sinferred_invariants2] inv'0 x} {[@expl:swapper 'y' type invariant] [%#sinferred_invariants3] inv'0 y} (! bb0 [ bb0 = bb1 @@ -190,7 +190,7 @@ module M_inferred_invariants__tuple [#"inferred_invariants.rs" 23 0 23 71] meta "compute_max_steps" 1000000 - let rec tuple'0 (d:(borrowed t_T'0, bool)) (e:(borrowed t_T'0, bool)) (return' (ret:()))= {[@expl:tuple 'd' type invariant] [%#sinferred_invariants2] inv'0 d} + let rec tuple'0[#"inferred_invariants.rs" 23 0 23 71] (d:(borrowed t_T'0, bool)) (e:(borrowed t_T'0, bool)) (return' (ret:()))= {[@expl:tuple 'd' type invariant] [%#sinferred_invariants2] inv'0 d} {[@expl:tuple 'e' type invariant] [%#sinferred_invariants3] inv'0 e} (! bb0 [ bb0 = bb1 @@ -234,7 +234,7 @@ module M_inferred_invariants__temp_move [#"inferred_invariants.rs" 33 0 33 41] meta "compute_max_steps" 1000000 - let rec temp_move'0 (x:borrowed t_T'0) (return' (ret:()))= {[@expl:temp_move 'x' type invariant] [%#sinferred_invariants1] inv'0 x} + let rec temp_move'0[#"inferred_invariants.rs" 33 0 33 41] (x:borrowed t_T'0) (return' (ret:()))= {[@expl:temp_move 'x' type invariant] [%#sinferred_invariants1] inv'0 x} (! bb0 [ bb0 = bb1 | bb1 = bb1 @@ -397,7 +397,7 @@ module M_inferred_invariants__y [#"inferred_invariants.rs" 41 0 41 26] meta "compute_max_steps" 1000000 - let rec y'0 (v:borrowed (t_Vec'0)) (return' (ret:()))= (! bb0 + let rec y'0[#"inferred_invariants.rs" 41 0 41 26] (v:borrowed (t_Vec'0)) (return' (ret:()))= (! bb0 [ bb0 = s0 [ s0 = [ &old_v <- [%#sinferred_invariants0] Snapshot.new v ] s1 | s1 = bb1 ] | bb1 = s0 [ s0 = [ &i <- [%#sinferred_invariants1] (0 : usize) ] s1 | s1 = [ &old_2_0 <- Snapshot.new v ] s2 | s2 = bb2 ] @@ -480,7 +480,7 @@ module M_inferred_invariants__nested_loops [#"inferred_invariants.rs" 60 0 60 32 meta "compute_max_steps" 1000000 - let rec nested_loops'0 (x:borrowed int32) (return' (ret:()))= {[@expl:nested_loops requires] [%#sinferred_invariants9] x.current + let rec nested_loops'0[#"inferred_invariants.rs" 60 0 60 32] (x:borrowed int32) (return' (ret:()))= {[@expl:nested_loops requires] [%#sinferred_invariants9] x.current = (0 : int32)} (! bb0 [ bb0 = s0 @@ -596,7 +596,7 @@ module M_inferred_invariants__nested_borrows [#"inferred_invariants.rs" 86 0 86 meta "compute_max_steps" 1000000 - let rec nested_borrows'0 (x:borrowed (borrowed int32)) (y:borrowed int32) (return' (ret:()))= {[@expl:nested_borrows requires] [%#sinferred_invariants6] (x.current).current + let rec nested_borrows'0[#"inferred_invariants.rs" 86 0 86 69] (x:borrowed (borrowed int32)) (y:borrowed int32) (return' (ret:()))= {[@expl:nested_borrows requires] [%#sinferred_invariants6] (x.current).current = (0 : int32)} (! bb0 [ bb0 = s0 diff --git a/creusot/tests/should_succeed/inplace_list_reversal.coma b/creusot/tests/should_succeed/inplace_list_reversal.coma index 632a67120..95686f56d 100644 --- a/creusot/tests/should_succeed/inplace_list_reversal.coma +++ b/creusot/tests/should_succeed/inplace_list_reversal.coma @@ -106,7 +106,7 @@ module M_inplace_list_reversal__rev [#"inplace_list_reversal.rs" 24 0 24 30] meta "compute_max_steps" 1000000 - let rec rev'0 (l:borrowed (t_List'0)) (return' (ret:()))= {[@expl:rev 'l' type invariant] [%#sinplace_list_reversal4] inv'2 l} + let rec rev'0[#"inplace_list_reversal.rs" 24 0 24 30] (l:borrowed (t_List'0)) (return' (ret:()))= {[@expl:rev 'l' type invariant] [%#sinplace_list_reversal4] inv'2 l} (! bb0 [ bb0 = s0 [ s0 = [ &old_l <- [%#sinplace_list_reversal0] Snapshot.new l ] s1 | s1 = bb1 ] | bb1 = s0 diff --git a/creusot/tests/should_succeed/insertion_sort.coma b/creusot/tests/should_succeed/insertion_sort.coma index 76c9889d8..4bbca81ee 100644 --- a/creusot/tests/should_succeed/insertion_sort.coma +++ b/creusot/tests/should_succeed/insertion_sort.coma @@ -250,7 +250,7 @@ module M_insertion_sort__insertion_sort [#"insertion_sort.rs" 21 0 21 40] meta "compute_max_steps" 1000000 - let rec insertion_sort'0 (array:borrowed (slice int32)) (return' (ret:()))= (! bb0 + let rec insertion_sort'0[#"insertion_sort.rs" 21 0 21 40] (array:borrowed (slice int32)) (return' (ret:()))= (! bb0 [ bb0 = s0 [ s0 = [ &original <- [%#sinsertion_sort0] Snapshot.new array ] s1 | s1 = bb1 ] | bb1 = s0 [ s0 = len'0 {array.current} (fun (_ret':usize) -> [ &n <- _ret' ] s1) | s1 = bb2 ] | bb2 = s0 diff --git a/creusot/tests/should_succeed/instant.coma b/creusot/tests/should_succeed/instant.coma index 450293ef2..014258aca 100644 --- a/creusot/tests/should_succeed/instant.coma +++ b/creusot/tests/should_succeed/instant.coma @@ -376,7 +376,7 @@ module M_instant__test_instant [#"instant.rs" 7 0 7 21] meta "compute_max_steps" 1000000 - let rec test_instant'0 (_1:()) (return' (ret:()))= (! bb0 + let rec test_instant'0[#"instant.rs" 7 0 7 21] (_1:()) (return' (ret:()))= (! bb0 [ bb0 = s0 [ s0 = now'0 {[%#sinstant0] ()} (fun (_ret':t_Instant'0) -> [ &instant <- _ret' ] s1) | s1 = bb1 ] | bb1 = s0 [ s0 = from_secs'0 {[%#sinstant1] (0 : uint64)} (fun (_ret':t_Duration'0) -> [ &zero_dur <- _ret' ] s1) diff --git a/creusot/tests/should_succeed/invariant_moves.coma b/creusot/tests/should_succeed/invariant_moves.coma index 3d863dacd..9a66d3c31 100644 --- a/creusot/tests/should_succeed/invariant_moves.coma +++ b/creusot/tests/should_succeed/invariant_moves.coma @@ -82,7 +82,7 @@ module M_invariant_moves__test_invariant_move [#"invariant_moves.rs" 5 0 5 43] meta "compute_max_steps" 1000000 - let rec test_invariant_move'0 (x:t_Vec'0) (return' (ret:()))= (! bb0 + let rec test_invariant_move'0[#"invariant_moves.rs" 5 0 5 43] (x:t_Vec'0) (return' (ret:()))= (! bb0 [ bb0 = bb1 | bb1 = bb1 [ bb1 = {[@expl:loop invariant] [%#sinvariant_moves0] x = x} diff --git a/creusot/tests/should_succeed/ite_normalize.coma b/creusot/tests/should_succeed/ite_normalize.coma index 687d1bf00..a4475d9d0 100644 --- a/creusot/tests/should_succeed/ite_normalize.coma +++ b/creusot/tests/should_succeed/ite_normalize.coma @@ -45,7 +45,7 @@ module M_ite_normalize__qyi15119799284333837974__clone [#"ite_normalize.rs" 55 9 meta "compute_max_steps" 1000000 - let rec clone'0 (self:t_Expr'0) (return' (ret:t_Expr'0))= (! bb0 + let rec clone'0[#"ite_normalize.rs" 55 9 55 14] (self:t_Expr'0) (return' (ret:t_Expr'0))= (! bb0 [ bb0 = any [ br0 (x0:t_Expr'0) (x1:t_Expr'0) (x2:t_Expr'0)-> {self = C_IfThenElse'0 x0 x1 x2} (! bb2) | br1 (x0:usize)-> {self = C_Var'0 x0} (! bb3) @@ -115,7 +115,7 @@ module M_ite_normalize__qyi12210208226808281580__from [#"ite_normalize.rs" 80 4 meta "compute_max_steps" 1000000 - let rec from'0 (a:usize) (return' (ret:t_Expr'0))= (! bb0 + let rec from'0[#"ite_normalize.rs" 80 4 80 29] (a:usize) (return' (ret:t_Expr'0))= (! bb0 [ bb0 = s0 [ s0 = variable'0 {a} (fun (_ret':t_Expr'0) -> [ &_0 <- _ret' ] s1) | s1 = bb1 ] | bb1 = return' {_0} ] ) [ & _0 : t_Expr'0 = any_l () | & a : usize = a ] [ return' (result:t_Expr'0)-> (! return' {result}) ] end @@ -132,7 +132,7 @@ module M_ite_normalize__qyi1874907776010341903__from [#"ite_normalize.rs" 86 4 8 meta "compute_max_steps" 1000000 - let rec from'0 (b:bool) (return' (ret:t_Expr'0))= (! bb0 + let rec from'0[#"ite_normalize.rs" 86 4 86 28] (b:bool) (return' (ret:t_Expr'0))= (! bb0 [ bb0 = any [ br0 -> {b = false} (! bb2) | br1 -> {b} (! bb1) ] | bb1 = s0 [ s0 = [ &_0 <- C_True'0 ] s1 | s1 = bb3 ] | bb2 = s0 [ s0 = [ &_0 <- C_False'0 ] s1 | s1 = bb3 ] @@ -154,7 +154,7 @@ module M_ite_normalize__qyi17570407315987535457__ite [#"ite_normalize.rs" 97 4 9 meta "compute_max_steps" 1000000 - let rec ite'0 (c:t_Expr'0) (t:t_Expr'0) (e:t_Expr'0) (return' (ret:t_Expr'0))= (! bb0 + let rec ite'0[#"ite_normalize.rs" 97 4 97 49] (c:t_Expr'0) (t:t_Expr'0) (e:t_Expr'0) (return' (ret:t_Expr'0))= (! bb0 [ bb0 = bb1 | bb1 = bb2 | bb2 = bb3 @@ -184,7 +184,7 @@ module M_ite_normalize__qyi17570407315987535457__variable [#"ite_normalize.rs" 1 meta "compute_max_steps" 1000000 - let rec variable'0 (v:usize) (return' (ret:t_Expr'0))= (! bb0 + let rec variable'0[#"ite_normalize.rs" 101 4 101 37] (v:usize) (return' (ret:t_Expr'0))= (! bb0 [ bb0 = s0 [ s0 = [ &_0 <- C_Var'0 v ] s1 | s1 = return' {_0} ] ] ) [ & _0 : t_Expr'0 = any_l () | & v : usize = v ] [ return' (result:t_Expr'0)-> (! return' {result}) ] end @@ -237,7 +237,7 @@ module M_ite_normalize__qyi17570407315987535457__transpose [#"ite_normalize.rs" meta "compute_max_steps" 1000000 - let rec transpose'0 (self:t_Expr'0) (a:t_Expr'0) (b:t_Expr'0) (return' (ret:t_Expr'0))= {[@expl:transpose requires #0] [%#site_normalize0] is_normalized'0 self} + let rec transpose'0[#"ite_normalize.rs" 110 4 110 52] (self:t_Expr'0) (a:t_Expr'0) (b:t_Expr'0) (return' (ret:t_Expr'0))= {[@expl:transpose requires #0] [%#site_normalize0] is_normalized'0 self} {[@expl:transpose requires #1] [%#site_normalize1] is_normalized'0 a} {[@expl:transpose requires #2] [%#site_normalize2] is_normalized'0 b} (! bb0 @@ -359,7 +359,7 @@ module M_ite_normalize__qyi17570407315987535457__normalize [#"ite_normalize.rs" meta "compute_max_steps" 1000000 - let rec normalize'0 (self:t_Expr'0) (return' (ret:t_Expr'0))= (! bb0 + let rec normalize'0[#"ite_normalize.rs" 145 4 145 35] (self:t_Expr'0) (return' (ret:t_Expr'0))= (! bb0 [ bb0 = any [ br0 (x0:t_Expr'0) (x1:t_Expr'0) (x2:t_Expr'0)-> {self = C_IfThenElse'0 x0 x1 x2} (! bb2) | br1 (x0:usize)-> {self = C_Var'0 x0} (! bb1) @@ -481,7 +481,7 @@ module M_ite_normalize__qyi17570407315987535457__simplify [#"ite_normalize.rs" 1 meta "compute_max_steps" 1000000 - let rec simplify'0 (self:t_Expr'0) (return' (ret:t_Expr'0))= {[@expl:simplify requires] [%#site_normalize1] is_normalized'0 self} + let rec simplify'0[#"ite_normalize.rs" 181 4 181 33] (self:t_Expr'0) (return' (ret:t_Expr'0))= {[@expl:simplify requires] [%#site_normalize1] is_normalized'0 self} (! bb0 [ bb0 = bb1 | bb1 = s0 [ s0 = new'0 {[%#site_normalize0] ()} (fun (_ret':t_BTreeMap'0) -> [ &_5 <- _ret' ] s1) | s1 = bb2 ] @@ -653,7 +653,7 @@ module M_ite_normalize__qyi17570407315987535457__simplify_helper [#"ite_normaliz meta "compute_max_steps" 1000000 - let rec simplify_helper'0 (self:t_Expr'0) (state:t_BTreeMap'0) (return' (ret:t_Expr'0))= {[@expl:simplify_helper requires] [%#site_normalize2] is_normalized'0 self} + let rec simplify_helper'0[#"ite_normalize.rs" 189 4 189 66] (self:t_Expr'0) (state:t_BTreeMap'0) (return' (ret:t_Expr'0))= {[@expl:simplify_helper requires] [%#site_normalize2] is_normalized'0 self} (! bb0 [ bb0 = bb1 | bb1 = bb2 diff --git a/creusot/tests/should_succeed/iterators/01_range.coma b/creusot/tests/should_succeed/iterators/01_range.coma index eaa2d6d1a..c36d41fca 100644 --- a/creusot/tests/should_succeed/iterators/01_range.coma +++ b/creusot/tests/should_succeed/iterators/01_range.coma @@ -133,7 +133,7 @@ module M_01_range__qyi16572111325853806140__next [#"01_range.rs" 57 4 57 39] (* meta "compute_max_steps" 1000000 - let rec next'0 (self:borrowed (t_Range'0)) (return' (ret:t_Option'0))= (! bb0 + let rec next'0[#"01_range.rs" 57 4 57 39] (self:borrowed (t_Range'0)) (return' (ret:t_Option'0))= (! bb0 [ bb0 = s0 [ s0 = IntSize.ge {(self.current).t_Range__start'0} {(self.current).t_Range__end'0} (fun (_ret':bool) -> [ &_3 <- _ret' ] s1) @@ -174,7 +174,7 @@ module M_01_range__qyi2180657552132013455__into_iter [#"01_range.rs" 70 4 70 34] meta "compute_max_steps" 1000000 - let rec into_iter'0 (self:t_Range'0) (return' (ret:t_Range'0))= (! bb0 + let rec into_iter'0[#"01_range.rs" 70 4 70 34] (self:t_Range'0) (return' (ret:t_Range'0))= (! bb0 [ bb0 = s0 [ s0 = [ &_0 <- self ] s1 | s1 = return' {_0} ] ] ) [ & _0 : t_Range'0 = any_l () | & self : t_Range'0 = self ] [ return' (result:t_Range'0)-> {[@expl:into_iter ensures] [%#s01_range0] result = self} (! return' {result}) ] @@ -297,7 +297,7 @@ module M_01_range__sum_range [#"01_range.rs" 77 0 77 35] meta "compute_max_steps" 1000000 - let rec sum_range'0 (n:isize) (return' (ret:isize))= {[@expl:sum_range requires] [%#s01_range9] IntSize.to_int n + let rec sum_range'0[#"01_range.rs" 77 0 77 35] (n:isize) (return' (ret:isize))= {[@expl:sum_range requires] [%#s01_range9] IntSize.to_int n >= 0} (! bb0 [ bb0 = s0 diff --git a/creusot/tests/should_succeed/iterators/02_iter_mut.coma b/creusot/tests/should_succeed/iterators/02_iter_mut.coma index 6dc2b28ac..fa03dd77f 100644 --- a/creusot/tests/should_succeed/iterators/02_iter_mut.coma +++ b/creusot/tests/should_succeed/iterators/02_iter_mut.coma @@ -417,7 +417,7 @@ module M_02_iter_mut__qyi4305820612590367313__next [#"02_iter_mut.rs" 64 4 64 44 meta "compute_max_steps" 1000000 - let rec next'0 (self:borrowed (t_IterMut'0)) (return' (ret:t_Option'0))= {[@expl:next 'self' type invariant] [%#s02_iter_mut0] inv'1 self} + let rec next'0[#"02_iter_mut.rs" 64 4 64 44] (self:borrowed (t_IterMut'0)) (return' (ret:t_Option'0))= {[@expl:next 'self' type invariant] [%#s02_iter_mut0] inv'1 self} (! bb0 [ bb0 = s0 [ s0 = {inv'0 (self.current).t_IterMut__inner'0} @@ -536,7 +536,7 @@ module M_02_iter_mut__qyi7060081090368749043__into_iter [#"02_iter_mut.rs" 71 4 meta "compute_max_steps" 1000000 - let rec into_iter'0 (self:t_IterMut'0) (return' (ret:t_IterMut'0))= {[@expl:into_iter 'self' type invariant] [%#s02_iter_mut0] inv'0 self} + let rec into_iter'0[#"02_iter_mut.rs" 71 4 71 30] (self:t_IterMut'0) (return' (ret:t_IterMut'0))= {[@expl:into_iter 'self' type invariant] [%#s02_iter_mut0] inv'0 self} (! bb0 [ bb0 = s0 [ s0 = [ &_0 <- self ] s1 | s1 = return' {_0} ] ] ) [ & _0 : t_IterMut'0 = any_l () | & self : t_IterMut'0 = self ] @@ -726,7 +726,7 @@ module M_02_iter_mut__iter_mut [#"02_iter_mut.rs" 79 0 79 55] meta "compute_max_steps" 1000000 - let rec iter_mut'0 (v:borrowed (t_Vec'0)) (return' (ret:t_IterMut'0))= {[@expl:iter_mut 'v' type invariant] [%#s02_iter_mut0] inv'3 v} + let rec iter_mut'0[#"02_iter_mut.rs" 79 0 79 55] (v:borrowed (t_Vec'0)) (return' (ret:t_IterMut'0))= {[@expl:iter_mut 'v' type invariant] [%#s02_iter_mut0] inv'3 v} (! bb0 [ bb0 = s0 [ s0 = {inv'0 v.current} @@ -1048,7 +1048,7 @@ module M_02_iter_mut__all_zero [#"02_iter_mut.rs" 85 0 85 35] meta "compute_max_steps" 1000000 - let rec all_zero'0 (v:borrowed (t_Vec'0)) (return' (ret:()))= (! bb0 + let rec all_zero'0[#"02_iter_mut.rs" 85 0 85 35] (v:borrowed (t_Vec'0)) (return' (ret:()))= (! bb0 [ bb0 = s0 [ s0 = Borrow.borrow_final {v.current} {Borrow.get_id v} (fun (_ret':borrowed (t_Vec'0)) -> [ &_6 <- _ret' ] [ &v <- { v with current = _ret'.final } ] s1) diff --git a/creusot/tests/should_succeed/iterators/03_std_iterators.coma b/creusot/tests/should_succeed/iterators/03_std_iterators.coma index acc1ae9cb..bdf9fb0bd 100644 --- a/creusot/tests/should_succeed/iterators/03_std_iterators.coma +++ b/creusot/tests/should_succeed/iterators/03_std_iterators.coma @@ -1402,6 +1402,9 @@ module M_03_std_iterators__counter [#"03_std_iterators.rs" 41 0 41 27] use prelude.prelude.Snapshot + predicate postcondition_once'0 (self : closure0'1) (args : (uint32, Snapshot.snap_ty (Seq.seq uint32))) (result : uint32) + + predicate resolve'8 (self : borrowed usize) = [%#sresolve32] self.final = self.current @@ -1434,12 +1437,6 @@ module M_03_std_iterators__counter [#"03_std_iterators.rs" 41 0 41 27] | & _prod : Snapshot.snap_ty (Seq.seq uint32) = _prod ] [ return' (result:uint32)-> return' {result} ] - predicate postcondition_once'0 (self : closure0'1) (args : (uint32, Snapshot.snap_ty (Seq.seq uint32))) (result : uint32) - - = - let (x, _prod) = args in exists __bor_self : borrowed closure0'1 . closure0'0'post'return' __bor_self x _prod result - /\ __bor_self.current = self - predicate postcondition_mut'0 (self : closure0'1) (args : (uint32, Snapshot.snap_ty (Seq.seq uint32))) (result_state : closure0'1) (result : uint32) = diff --git a/creusot/tests/should_succeed/iterators/04_skip.coma b/creusot/tests/should_succeed/iterators/04_skip.coma index 6f5a2de22..7b6bb18e5 100644 --- a/creusot/tests/should_succeed/iterators/04_skip.coma +++ b/creusot/tests/should_succeed/iterators/04_skip.coma @@ -359,7 +359,7 @@ module M_04_skip__qyi17349041008065389927__next [#"04_skip.rs" 64 4 64 41] (* precondition'0 func (e)} diff --git a/creusot/tests/should_succeed/iterators/06_map_precond.coma b/creusot/tests/should_succeed/iterators/06_map_precond.coma index 72a38ffba..1ece408a0 100644 --- a/creusot/tests/should_succeed/iterators/06_map_precond.coma +++ b/creusot/tests/should_succeed/iterators/06_map_precond.coma @@ -1445,6 +1445,9 @@ module M_06_map_precond__identity [#"06_map_precond.rs" 185 0 185 37] use prelude.prelude.Snapshot + predicate postcondition_once'0 (self : ()) (args : (t_Item'0, Snapshot.snap_ty (Seq.seq t_Item'0))) (result : t_Item'0) + + predicate resolve'5 (_1 : ()) = true @@ -1457,12 +1460,6 @@ module M_06_map_precond__identity [#"06_map_precond.rs" 185 0 185 37] [ return' (result:t_Item'0)-> return' {result} ] - predicate postcondition_once'0 (self : ()) (args : (t_Item'0, Snapshot.snap_ty (Seq.seq t_Item'0))) (result : t_Item'0) - - = - let (x, _3) = args in exists __bor_self : borrowed () . closure0'0'post'return' __bor_self x _3 result - /\ __bor_self.current = self - predicate postcondition_mut'0 (self : ()) (args : (t_Item'0, Snapshot.snap_ty (Seq.seq t_Item'0))) (result_state : ()) (result : t_Item'0) = @@ -1655,6 +1652,8 @@ module M_06_map_precond__increment [#"06_map_precond.rs" 193 0 193 50] use prelude.prelude.Snapshot + predicate postcondition_once'0 (self : ()) (args : (uint32, Snapshot.snap_ty (Seq.seq uint32))) (result : uint32) + predicate resolve'5 (_1 : ()) = true @@ -1671,10 +1670,6 @@ module M_06_map_precond__increment [#"06_map_precond.rs" 193 0 193 50] [ return' (result:uint32)-> return' {result} ] - predicate postcondition_once'0 (self : ()) (args : (uint32, Snapshot.snap_ty (Seq.seq uint32))) (result : uint32) = - let (x, _3) = args in exists __bor_self : borrowed () . closure0'0'post'return' __bor_self x _3 result - /\ __bor_self.current = self - predicate postcondition_mut'0 (self : ()) (args : (uint32, Snapshot.snap_ty (Seq.seq uint32))) (result_state : ()) (result : uint32) = @@ -1945,6 +1940,9 @@ module M_06_map_precond__counter [#"06_map_precond.rs" 204 0 204 48] use prelude.prelude.Snapshot + predicate postcondition_once'0 (self : closure0'1) (args : (uint32, Snapshot.snap_ty (Seq.seq uint32))) (result : uint32) + + predicate resolve'8 (self : borrowed usize) = [%#sresolve20] self.final = self.current @@ -1977,12 +1975,6 @@ module M_06_map_precond__counter [#"06_map_precond.rs" 204 0 204 48] | & _prod : Snapshot.snap_ty (Seq.seq uint32) = _prod ] [ return' (result:uint32)-> return' {result} ] - predicate postcondition_once'0 (self : closure0'1) (args : (uint32, Snapshot.snap_ty (Seq.seq uint32))) (result : uint32) - - = - let (x, _prod) = args in exists __bor_self : borrowed closure0'1 . closure0'0'post'return' __bor_self x _prod result - /\ __bor_self.current = self - predicate postcondition_mut'0 (self : closure0'1) (args : (uint32, Snapshot.snap_ty (Seq.seq uint32))) (result_state : closure0'1) (result : uint32) = diff --git a/creusot/tests/should_succeed/iterators/07_fuse.coma b/creusot/tests/should_succeed/iterators/07_fuse.coma index 0b4fe1aaa..be1c7e877 100644 --- a/creusot/tests/should_succeed/iterators/07_fuse.coma +++ b/creusot/tests/should_succeed/iterators/07_fuse.coma @@ -217,7 +217,7 @@ module M_07_fuse__qyi2452592938496686347__next [#"07_fuse.rs" 40 4 40 44] (* [ &res <- _ret' ] s1) | s1 = bb2 ] @@ -779,7 +779,7 @@ module M_08_collect_extend__extend_index [#"08_collect_extend.rs" 55 0 55 51] meta "compute_max_steps" 1000000 - let rec extend_index'0 (v1:t_Vec'0) (v2:t_Vec'0) (return' (ret:()))= (! bb0 + let rec extend_index'0[#"08_collect_extend.rs" 55 0 55 51] (v1:t_Vec'0) (v2:t_Vec'0) (return' (ret:()))= (! bb0 [ bb0 = s0 [ s0 = [ &oldv1 <- [%#s08_collect_extend0] Snapshot.new v1 ] s1 | s1 = bb1 ] | bb1 = s0 [ s0 = [ &oldv2 <- [%#s08_collect_extend1] Snapshot.new v2 ] s1 | s1 = bb2 ] | bb2 = s0 @@ -909,7 +909,7 @@ module M_08_collect_extend__collect_example [#"08_collect_extend.rs" 65 0 65 56] meta "compute_max_steps" 1000000 - let rec collect_example'0 (iter:t_I'0) (return' (ret:()))= {[@expl:collect_example 'iter' type invariant] [%#s08_collect_extend1] inv'0 iter} + let rec collect_example'0[#"08_collect_extend.rs" 65 0 65 56] (iter:t_I'0) (return' (ret:()))= {[@expl:collect_example 'iter' type invariant] [%#s08_collect_extend1] inv'0 iter} {[@expl:collect_example requires] [%#s08_collect_extend2] forall prod : Seq.seq uint32, fin : t_I'0 . produces'0 iter prod fin -> (forall i : int . 0 <= i /\ i < Seq.length prod -> UInt32.to_int (Seq.get prod i) = i)} (! bb0 diff --git a/creusot/tests/should_succeed/iterators/09_empty.coma b/creusot/tests/should_succeed/iterators/09_empty.coma index d9bd0ab7c..fa7a5603a 100644 --- a/creusot/tests/should_succeed/iterators/09_empty.coma +++ b/creusot/tests/should_succeed/iterators/09_empty.coma @@ -108,7 +108,7 @@ module M_09_empty__qyi9513254493468142860__next [#"09_empty.rs" 41 4 41 35] (* < meta "compute_max_steps" 1000000 - let rec next'0 (self:borrowed (t_Empty'0)) (return' (ret:t_Option'0))= (! bb0 + let rec next'0[#"09_empty.rs" 41 4 41 35] (self:borrowed (t_Empty'0)) (return' (ret:t_Option'0))= (! bb0 [ bb0 = s0 [ s0 = -{resolve'0 self}- s1 | s1 = [ &_0 <- C_None'0 ] s2 | s2 = return' {_0} ] ] ) [ & _0 : t_Option'0 = any_l () | & self : borrowed (t_Empty'0) = self ] [ return' (result:t_Option'0)-> {[@expl:next result type invariant] [%#s09_empty0] inv'0 result} diff --git a/creusot/tests/should_succeed/iterators/10_once.coma b/creusot/tests/should_succeed/iterators/10_once.coma index 8d1103405..bea80dec1 100644 --- a/creusot/tests/should_succeed/iterators/10_once.coma +++ b/creusot/tests/should_succeed/iterators/10_once.coma @@ -199,7 +199,7 @@ module M_10_once__qyi9558967427796228243__next [#"10_once.rs" 45 4 45 35] (* [ &_3 <- _ret' ] s1) | s1 = bb1 ] diff --git a/creusot/tests/should_succeed/iterators/12_zip.coma b/creusot/tests/should_succeed/iterators/12_zip.coma index a7d62aba2..2237ceed4 100644 --- a/creusot/tests/should_succeed/iterators/12_zip.coma +++ b/creusot/tests/should_succeed/iterators/12_zip.coma @@ -443,7 +443,7 @@ module M_12_zip__qyi1592645166739554830__next [#"12_zip.rs" 56 4 56 44] (* produces'0 i.current (Seq.empty : Seq.seq t_Item'0) i.final} {[@expl:enumerate requires #1] [%#s15_enumerate3] forall s : Seq.seq t_Item'0, i : t_I'0 . produces'0 iter s i diff --git a/creusot/tests/should_succeed/iterators/16_take.coma b/creusot/tests/should_succeed/iterators/16_take.coma index 03df9c886..008c94f7e 100644 --- a/creusot/tests/should_succeed/iterators/16_take.coma +++ b/creusot/tests/should_succeed/iterators/16_take.coma @@ -271,7 +271,7 @@ module M_16_take__qyi16574350389265959367__next [#"16_take.rs" 54 4 54 41] (* ([%#sops23] unnest'0 self res_state) - let rec closure2'0 (_1:borrowed closure2'1) (i:uint32) (return' (ret:bool))= (! bb0 + let rec closure2'0[#"17_filter.rs" 123 12 123 42] (_1:borrowed closure2'1) (i:uint32) (return' (ret:bool))= (! bb0 [ bb0 = s0 [ s0 = -{resolve'0 _1}- s1 | s1 = UInt32.lt {i} {(_1.current).field_0'0} (fun (_ret':bool) -> [ &res <- _ret' ] s2) @@ -1078,7 +1078,7 @@ module M_17_filter__less_than [#"17_filter.rs" 120 0 120 49] meta "compute_max_steps" 1000000 - let rec less_than'0 (v:t_Vec'0) (n:uint32) (return' (ret:t_Vec'0))= (! bb0 + let rec less_than'0[#"17_filter.rs" 120 0 120 49] (v:t_Vec'0) (n:uint32) (return' (ret:t_Vec'0))= (! bb0 [ bb0 = bb1 | bb1 = s0 [ s0 = into_iter'0 {v} (fun (_ret':t_IntoIter'0) -> [ &_6 <- _ret' ] s1) | s1 = bb2 ] | bb2 = s0 diff --git a/creusot/tests/should_succeed/knapsack.coma b/creusot/tests/should_succeed/knapsack.coma index 7dd3a4f21..1488f4b59 100644 --- a/creusot/tests/should_succeed/knapsack.coma +++ b/creusot/tests/should_succeed/knapsack.coma @@ -12,7 +12,7 @@ module M_knapsack__max [#"knapsack.rs" 16 0 16 35] meta "compute_max_steps" 1000000 - let rec max'0 (a:usize) (b:usize) (return' (ret:usize))= {[@expl:max requires] [%#sknapsack0] true} + let rec max'0[#"knapsack.rs" 16 0 16 35] (a:usize) (b:usize) (return' (ret:usize))= {[@expl:max requires] [%#sknapsack0] true} (! bb0 [ bb0 = s0 [ s0 = UIntSize.lt {a} {b} (fun (_ret':bool) -> [ &_5 <- _ret' ] s1) @@ -545,7 +545,7 @@ module M_knapsack__knapsack01_dyn [#"knapsack.rs" 49 0 49 91] meta "compute_max_steps" 1000000 - let rec knapsack01_dyn'0 (items:t_Vec'3) (max_weight:usize) (return' (ret:t_Vec'2))= {[@expl:knapsack01_dyn 'items' type invariant] [%#sknapsack23] inv'1 items} + let rec knapsack01_dyn'0[#"knapsack.rs" 49 0 49 91] (items:t_Vec'3) (max_weight:usize) (return' (ret:t_Vec'2))= {[@expl:knapsack01_dyn 'items' type invariant] [%#sknapsack23] inv'1 items} {[@expl:knapsack01_dyn requires #0] [%#sknapsack24] Seq.length (view'0 items) < 10000000} {[@expl:knapsack01_dyn requires #1] [%#sknapsack25] UIntSize.to_int max_weight < 10000000} {[@expl:knapsack01_dyn requires #2] [%#sknapsack26] forall i : int . 0 <= i /\ i < Seq.length (view'0 items) diff --git a/creusot/tests/should_succeed/knapsack_full.coma b/creusot/tests/should_succeed/knapsack_full.coma index 0e6106397..f753ec56e 100644 --- a/creusot/tests/should_succeed/knapsack_full.coma +++ b/creusot/tests/should_succeed/knapsack_full.coma @@ -11,7 +11,7 @@ module M_knapsack_full__max [#"knapsack_full.rs" 16 0 16 35] meta "compute_max_steps" 1000000 - let rec max'0 (a:usize) (b:usize) (return' (ret:usize))= (! bb0 + let rec max'0[#"knapsack_full.rs" 16 0 16 35] (a:usize) (b:usize) (return' (ret:usize))= (! bb0 [ bb0 = s0 [ s0 = UIntSize.lt {a} {b} (fun (_ret':bool) -> [ &_4 <- _ret' ] s1) | s1 = any [ br0 -> {_4 = false} (! bb2) | br1 -> {_4} (! bb1) ] ] @@ -1049,7 +1049,7 @@ module M_knapsack_full__knapsack01_dyn [#"knapsack_full.rs" 86 0 86 91] meta "compute_max_steps" 1000000 - let rec knapsack01_dyn'0 (items:t_Vec'3) (max_weight:usize) (return' (ret:t_Vec'2))= {[@expl:knapsack01_dyn 'items' type invariant] [%#sknapsack_full32] inv'4 items} + let rec knapsack01_dyn'0[#"knapsack_full.rs" 86 0 86 91] (items:t_Vec'3) (max_weight:usize) (return' (ret:t_Vec'2))= {[@expl:knapsack01_dyn 'items' type invariant] [%#sknapsack_full32] inv'4 items} {[@expl:knapsack01_dyn requires #0] [%#sknapsack_full33] Seq.length (view'0 items) < 10000000} {[@expl:knapsack01_dyn requires #1] [%#sknapsack_full34] UIntSize.to_int max_weight < 10000000} {[@expl:knapsack01_dyn requires #2] [%#sknapsack_full35] forall i : int . 0 <= i /\ i < Seq.length (view'0 items) diff --git a/creusot/tests/should_succeed/lang/assoc_type.coma b/creusot/tests/should_succeed/lang/assoc_type.coma index 23d501169..4d0bdcf0a 100644 --- a/creusot/tests/should_succeed/lang/assoc_type.coma +++ b/creusot/tests/should_succeed/lang/assoc_type.coma @@ -27,7 +27,7 @@ module M_assoc_type__uses3 [#"assoc_type.rs" 36 0 36 33] meta "compute_max_steps" 1000000 - let rec uses3'0 (_1:t_Nested'0) (return' (ret:()))= {[@expl:uses3 '_1' type invariant] inv'0 _1} + let rec uses3'0[#"assoc_type.rs" 36 0 36 33] (_1:t_Nested'0) (return' (ret:()))= {[@expl:uses3 '_1' type invariant] inv'0 _1} (! bb0 [ bb0 = s0 [ s0 = {[@expl:type invariant] inv'0 _1} s1 | s1 = bb1 ] | bb1 = return' {_0} ] ) [ & _0 : () = any_l () | & _1 : t_Nested'0 = _1 ] [ return' (result:())-> (! return' {result}) ] diff --git a/creusot/tests/should_succeed/lang/branch_borrow_2.coma b/creusot/tests/should_succeed/lang/branch_borrow_2.coma index 7cb664dc6..835340d5d 100644 --- a/creusot/tests/should_succeed/lang/branch_borrow_2.coma +++ b/creusot/tests/should_succeed/lang/branch_borrow_2.coma @@ -25,7 +25,7 @@ module M_branch_borrow_2__f [#"branch_borrow_2.rs" 3 0 3 10] meta "compute_max_steps" 1000000 - let rec f'0 (_1:()) (return' (ret:()))= (! bb0 + let rec f'0[#"branch_borrow_2.rs" 3 0 3 10] (_1:()) (return' (ret:()))= (! bb0 [ bb0 = s0 [ s0 = [ &a <- [%#sbranch_borrow_21] (10 : int32) ] s1 | s1 = [ &b <- [%#sbranch_borrow_22] (10 : int32) ] s2 @@ -112,7 +112,7 @@ module M_branch_borrow_2__g [#"branch_borrow_2.rs" 35 0 35 10] meta "compute_max_steps" 1000000 - let rec g'0 (_1:()) (return' (ret:()))= (! bb0 + let rec g'0[#"branch_borrow_2.rs" 35 0 35 10] (_1:()) (return' (ret:()))= (! bb0 [ bb0 = s0 [ s0 = [ &_2 <- { t_MyInt__0'0 = ([%#sbranch_borrow_20] (10 : usize)) } ] s1 | s1 = [ &_3 <- { t_MyInt__0'0 = ([%#sbranch_borrow_21] (5 : usize)) } ] s2 @@ -166,7 +166,7 @@ module M_branch_borrow_2__h [#"branch_borrow_2.rs" 45 0 45 10] meta "compute_max_steps" 1000000 - let rec h'0 (_1:()) (return' (ret:()))= (! bb0 + let rec h'0[#"branch_borrow_2.rs" 45 0 45 10] (_1:()) (return' (ret:()))= (! bb0 [ bb0 = s0 [ s0 = [ &a <- [%#sbranch_borrow_21] (10 : int32) ] s1 | s1 = [ &b <- [%#sbranch_borrow_22] (10 : int32) ] s2 diff --git a/creusot/tests/should_succeed/lang/const.coma b/creusot/tests/should_succeed/lang/const.coma index aef5814ce..d60ad1e84 100644 --- a/creusot/tests/should_succeed/lang/const.coma +++ b/creusot/tests/should_succeed/lang/const.coma @@ -8,7 +8,7 @@ module M_const__foo [#"const.rs" 8 0 8 21] meta "compute_max_steps" 1000000 - let rec foo'0 (_1:()) (return' (ret:usize))= (! bb0 + let rec foo'0[#"const.rs" 8 0 8 21] (_1:()) (return' (ret:usize))= (! bb0 [ bb0 = s0 [ s0 = [ &_0 <- [%#sconst0] (42 : usize) ] s1 | s1 = return' {_0} ] ] ) [ & _0 : usize = any_l () ] [ return' (result:usize)-> {[@expl:foo ensures] [%#sconst1] result = (42 : usize)} (! return' {result}) ] diff --git a/creusot/tests/should_succeed/lang/empty.coma b/creusot/tests/should_succeed/lang/empty.coma index 5f2a9b196..d051cf2c2 100644 --- a/creusot/tests/should_succeed/lang/empty.coma +++ b/creusot/tests/should_succeed/lang/empty.coma @@ -3,7 +3,7 @@ module M_empty__f [#"empty.rs" 3 0 3 10] meta "compute_max_steps" 1000000 - let rec f'0 (_1:()) (return' (ret:()))= (! bb0 [ bb0 = return' {_0} ] ) [ & _0 : () = any_l () ] - [ return' (result:())-> (! return' {result}) ] - + let rec f'0[#"empty.rs" 3 0 3 10] (_1:()) (return' (ret:()))= (! bb0 [ bb0 = return' {_0} ] ) + [ & _0 : () = any_l () ] + [ return' (result:())-> (! return' {result}) ] end diff --git a/creusot/tests/should_succeed/lang/float_ops.coma b/creusot/tests/should_succeed/lang/float_ops.coma index 16790807d..2685de26b 100644 --- a/creusot/tests/should_succeed/lang/float_ops.coma +++ b/creusot/tests/should_succeed/lang/float_ops.coma @@ -9,7 +9,7 @@ module M_float_ops__eq [#"float_ops.rs" 8 0 8 19] meta "compute_max_steps" 1000000 - let rec eq'0 (_1:()) (return' (ret:bool))= (! bb0 + let rec eq'0[#"float_ops.rs" 8 0 8 19] (_1:()) (return' (ret:bool))= (! bb0 [ bb0 = s0 [ s0 = Float64.eq {[%#sfloat_ops0] (1.0 : Float64.t)} {[%#sfloat_ops1] (2.0 : Float64.t)} (fun (_ret':bool) -> [ &_0 <- _ret' ] s1) @@ -30,7 +30,7 @@ module M_float_ops__lt [#"float_ops.rs" 13 0 13 19] meta "compute_max_steps" 1000000 - let rec lt'0 (_1:()) (return' (ret:bool))= (! bb0 + let rec lt'0[#"float_ops.rs" 13 0 13 19] (_1:()) (return' (ret:bool))= (! bb0 [ bb0 = s0 [ s0 = Float64.lt {[%#sfloat_ops0] (1.0 : Float64.t)} {[%#sfloat_ops1] (2.0 : Float64.t)} (fun (_ret':bool) -> [ &_0 <- _ret' ] s1) @@ -51,7 +51,7 @@ module M_float_ops__le [#"float_ops.rs" 18 0 18 19] meta "compute_max_steps" 1000000 - let rec le'0 (_1:()) (return' (ret:bool))= (! bb0 + let rec le'0[#"float_ops.rs" 18 0 18 19] (_1:()) (return' (ret:bool))= (! bb0 [ bb0 = s0 [ s0 = Float64.le {[%#sfloat_ops0] (1.0 : Float64.t)} {[%#sfloat_ops1] (2.0 : Float64.t)} (fun (_ret':bool) -> [ &_0 <- _ret' ] s1) @@ -72,7 +72,7 @@ module M_float_ops__gt [#"float_ops.rs" 23 0 23 19] meta "compute_max_steps" 1000000 - let rec gt'0 (_1:()) (return' (ret:bool))= (! bb0 + let rec gt'0[#"float_ops.rs" 23 0 23 19] (_1:()) (return' (ret:bool))= (! bb0 [ bb0 = s0 [ s0 = Float64.gt {[%#sfloat_ops0] (2.0 : Float64.t)} {[%#sfloat_ops1] (1.0 : Float64.t)} (fun (_ret':bool) -> [ &_0 <- _ret' ] s1) @@ -93,7 +93,7 @@ module M_float_ops__ge [#"float_ops.rs" 28 0 28 19] meta "compute_max_steps" 1000000 - let rec ge'0 (_1:()) (return' (ret:bool))= (! bb0 + let rec ge'0[#"float_ops.rs" 28 0 28 19] (_1:()) (return' (ret:bool))= (! bb0 [ bb0 = s0 [ s0 = Float64.ge {[%#sfloat_ops0] (2.0 : Float64.t)} {[%#sfloat_ops1] (1.0 : Float64.t)} (fun (_ret':bool) -> [ &_0 <- _ret' ] s1) @@ -114,7 +114,7 @@ module M_float_ops__neg [#"float_ops.rs" 33 0 33 20] meta "compute_max_steps" 1000000 - let rec neg'0 (_1:()) (return' (ret:bool))= (! bb0 + let rec neg'0[#"float_ops.rs" 33 0 33 20] (_1:()) (return' (ret:bool))= (! bb0 [ bb0 = s0 [ s0 = Float64.le {[%#sfloat_ops0] (-2.0 : Float64.t)} {[%#sfloat_ops1] (1.0 : Float64.t)} (fun (_ret':bool) -> [ &_0 <- _ret' ] s1) diff --git a/creusot/tests/should_succeed/lang/literals.coma b/creusot/tests/should_succeed/lang/literals.coma index 6fe563699..017e077ff 100644 --- a/creusot/tests/should_succeed/lang/literals.coma +++ b/creusot/tests/should_succeed/lang/literals.coma @@ -12,7 +12,7 @@ module M_literals__float_operation [#"literals.rs" 3 0 3 31] meta "compute_max_steps" 1000000 - let rec float_operation'0 (_1:()) (return' (ret:Float32.t))= (! bb0 + let rec float_operation'0[#"literals.rs" 3 0 3 31] (_1:()) (return' (ret:Float32.t))= (! bb0 [ bb0 = s0 [ s0 = [ &x <- [%#sliterals0] (0.0 : Float32.t) ] s1 | s1 = Float32.add {x} {[%#sliterals1] (0x1.020c40000000p0 : Float32.t)} diff --git a/creusot/tests/should_succeed/lang/module_paths.coma b/creusot/tests/should_succeed/lang/module_paths.coma index 8f352dc5e..ee880b3b5 100644 --- a/creusot/tests/should_succeed/lang/module_paths.coma +++ b/creusot/tests/should_succeed/lang/module_paths.coma @@ -17,7 +17,7 @@ module M_module_paths__test [#"module_paths.rs" 22 0 22 51] meta "compute_max_steps" 1000000 - let rec test'0 (_a:t_T'0) (_b:t_S'0) (_c:t_O'0) (_d:t_T'1) (return' (ret:()))= (! bb0 [ bb0 = return' {_0} ] ) - [ & _0 : () = any_l () ] - [ return' (result:())-> (! return' {result}) ] + let rec test'0[#"module_paths.rs" 22 0 22 51] (_a:t_T'0) (_b:t_S'0) (_c:t_O'0) (_d:t_T'1) (return' (ret:()))= (! bb0 + [ bb0 = return' {_0} ] + ) [ & _0 : () = any_l () ] [ return' (result:())-> (! return' {result}) ] end diff --git a/creusot/tests/should_succeed/lang/modules.coma b/creusot/tests/should_succeed/lang/modules.coma index 226902ab3..18bbc2e7b 100644 --- a/creusot/tests/should_succeed/lang/modules.coma +++ b/creusot/tests/should_succeed/lang/modules.coma @@ -31,7 +31,7 @@ module M_modules__nested__inner_func [#"modules.rs" 13 4 13 31] meta "compute_max_steps" 1000000 - let rec inner_func'0 (_1:()) (return' (ret:bool))= (! bb0 + let rec inner_func'0[#"modules.rs" 13 4 13 31] (_1:()) (return' (ret:bool))= (! bb0 [ bb0 = s0 [ s0 = [ &_0 <- [%#smodules0] true ] s1 | s1 = return' {_0} ] ] ) [ & _0 : bool = any_l () ] [ return' (result:bool)-> {[@expl:inner_func ensures] [%#smodules1] result = true} (! return' {result}) ] @@ -44,7 +44,7 @@ module M_modules__nested__further__another [#"modules.rs" 19 8 19 32] meta "compute_max_steps" 1000000 - let rec another'0 (_1:()) (return' (ret:bool))= (! bb0 + let rec another'0[#"modules.rs" 19 8 19 32] (_1:()) (return' (ret:bool))= (! bb0 [ bb0 = s0 [ s0 = [ &_0 <- [%#smodules0] false ] s1 | s1 = return' {_0} ] ] ) [ & _0 : bool = any_l () ] [ return' (result:bool)-> (! return' {result}) ] end @@ -63,7 +63,7 @@ module M_modules__f [#"modules.rs" 25 0 25 10] meta "compute_max_steps" 1000000 - let rec f'0 (_1:()) (return' (ret:()))= (! bb0 + let rec f'0[#"modules.rs" 25 0 25 10] (_1:()) (return' (ret:()))= (! bb0 [ bb0 = s0 [ s0 = inner_func'0 {[%#smodules0] ()} (fun (_ret':bool) -> [ &_1 <- _ret' ] s1) | s1 = bb1 ] | bb1 = s0 [ s0 = another'0 {[%#smodules1] ()} (fun (_ret':bool) -> [ &_2 <- _ret' ] s1) | s1 = bb2 ] | bb2 = return' {_0} ] diff --git a/creusot/tests/should_succeed/lang/move_path.coma b/creusot/tests/should_succeed/lang/move_path.coma index 228373a29..ae6f1c238 100644 --- a/creusot/tests/should_succeed/lang/move_path.coma +++ b/creusot/tests/should_succeed/lang/move_path.coma @@ -17,7 +17,7 @@ module M_move_path__f [#"move_path.rs" 3 0 3 10] meta "compute_max_steps" 1000000 - let rec f'0 (_1:()) (return' (ret:()))= (! bb0 + let rec f'0[#"move_path.rs" 3 0 3 10] (_1:()) (return' (ret:()))= (! bb0 [ bb0 = s0 [ s0 = [ &x <- [%#smove_path0] (1 : int32) ] s1 | s1 = Borrow.borrow_mut {x} (fun (_ret':borrowed int32) -> [ &y <- _ret' ] [ &x <- _ret'.final ] s2) diff --git a/creusot/tests/should_succeed/lang/multiple_scopes.coma b/creusot/tests/should_succeed/lang/multiple_scopes.coma index e8fc56fb3..b1331e47e 100644 --- a/creusot/tests/should_succeed/lang/multiple_scopes.coma +++ b/creusot/tests/should_succeed/lang/multiple_scopes.coma @@ -9,7 +9,7 @@ module M_multiple_scopes__multiple_scopes [#"multiple_scopes.rs" 4 0 4 24] meta "compute_max_steps" 1000000 - let rec multiple_scopes'0 (_1:()) (return' (ret:()))= (! bb0 + let rec multiple_scopes'0[#"multiple_scopes.rs" 4 0 4 24] (_1:()) (return' (ret:()))= (! bb0 [ bb0 = s0 [ s0 = [ &_x <- [%#smultiple_scopes0] (1 : int32) ] s1 | s1 = [ &_y <- [%#smultiple_scopes1] (2 : int32) ] s2 diff --git a/creusot/tests/should_succeed/lang/promoted_constants.coma b/creusot/tests/should_succeed/lang/promoted_constants.coma index 113f38601..ca13e0454 100644 --- a/creusot/tests/should_succeed/lang/promoted_constants.coma +++ b/creusot/tests/should_succeed/lang/promoted_constants.coma @@ -35,7 +35,7 @@ module M_promoted_constants__promoted_none [#"promoted_constants.rs" 3 0 3 22] meta "compute_max_steps" 1000000 - let rec promoted_none'0 (_1:()) (return' (ret:()))= (! bb0 + let rec promoted_none'0[#"promoted_constants.rs" 3 0 3 22] (_1:()) (return' (ret:()))= (! bb0 [ bb0 = s0 [ s0 = [ &_ix <- C_Some'0 ([%#spromoted_constants0] (0 : int32)) ] s1 | s1 = promoted1__promoted_none'0 (fun (pr1:t_Option'0) -> [ &_11 <- pr1 ] s2) @@ -88,7 +88,7 @@ module M_promoted_constants__promoted_int [#"promoted_constants.rs" 12 0 12 21] meta "compute_max_steps" 1000000 - let rec promoted_int'0 (_1:()) (return' (ret:()))= (! bb0 + let rec promoted_int'0[#"promoted_constants.rs" 12 0 12 21] (_1:()) (return' (ret:()))= (! bb0 [ bb0 = s0 [ s0 = promoted0__promoted_int'0 (fun (pr0:int32) -> [ &_9 <- pr0 ] s1) | s1 = [ &ix <- _9 ] s2 @@ -128,9 +128,9 @@ module M_promoted_constants__string [#"promoted_constants.rs" 20 0 20 25] meta "compute_max_steps" 1000000 - let rec string'0 (_s:t_String'0) (return' (ret:()))= (! bb0 [ bb0 = bb1 | bb1 = return' {_0} ] ) - [ & _0 : () = any_l () ] - [ return' (result:())-> (! return' {result}) ] + let rec string'0[#"promoted_constants.rs" 20 0 20 25] (_s:t_String'0) (return' (ret:()))= (! bb0 + [ bb0 = bb1 | bb1 = return' {_0} ] + ) [ & _0 : () = any_l () ] [ return' (result:())-> (! return' {result}) ] end module M_promoted_constants__str [#"promoted_constants.rs" 22 0 22 12] let%span spromoted_constants0 = "promoted_constants.rs" 23 13 23 115 @@ -141,7 +141,7 @@ module M_promoted_constants__str [#"promoted_constants.rs" 22 0 22 12] meta "compute_max_steps" 1000000 - let rec str'0 (_1:()) (return' (ret:()))= (! bb0 + let rec str'0[#"promoted_constants.rs" 22 0 22 12] (_1:()) (return' (ret:()))= (! bb0 [ bb0 = s0 [ s0 = [ &_s <- [%#spromoted_constants0] "1234567890123456789012345678901234567890123456789012345678901234567890123456789012345678901234567890" ] diff --git a/creusot/tests/should_succeed/lang/unary_op.coma b/creusot/tests/should_succeed/lang/unary_op.coma index 8e221d8ed..41e1d8679 100644 --- a/creusot/tests/should_succeed/lang/unary_op.coma +++ b/creusot/tests/should_succeed/lang/unary_op.coma @@ -6,7 +6,7 @@ module M_unary_op__f [#"unary_op.rs" 4 0 4 10] meta "compute_max_steps" 1000000 - let rec f'0 (_1:()) (return' (ret:()))= (! bb0 + let rec f'0[#"unary_op.rs" 4 0 4 10] (_1:()) (return' (ret:()))= (! bb0 [ bb0 = any [ br0 -> {([%#sunary_op0] false) = false} (! bb2) | br1 -> {[%#sunary_op0] false} (! bb1) ] | bb1 = {[%#sunary_op1] false} any | bb2 = return' {_0} ] diff --git a/creusot/tests/should_succeed/lang/unions.coma b/creusot/tests/should_succeed/lang/unions.coma index bb00d4184..ca15af6e8 100644 --- a/creusot/tests/should_succeed/lang/unions.coma +++ b/creusot/tests/should_succeed/lang/unions.coma @@ -10,7 +10,7 @@ module M_unions__x [#"unions.rs" 11 0 11 23] meta "compute_max_steps" 1000000 - let rec x'0 (_1:t_DummyUnion'0) (return' (ret:()))= (! bb0 [ bb0 = return' {_0} ] ) [ & _0 : () = any_l () ] - [ return' (result:())-> (! return' {result}) ] - + let rec x'0[#"unions.rs" 11 0 11 23] (_1:t_DummyUnion'0) (return' (ret:()))= (! bb0 [ bb0 = return' {_0} ] ) + [ & _0 : () = any_l () ] + [ return' (result:())-> (! return' {result}) ] end diff --git a/creusot/tests/should_succeed/lang/while_let.coma b/creusot/tests/should_succeed/lang/while_let.coma index 907f37f1c..f52b33def 100644 --- a/creusot/tests/should_succeed/lang/while_let.coma +++ b/creusot/tests/should_succeed/lang/while_let.coma @@ -27,7 +27,7 @@ module M_while_let__f [#"while_let.rs" 4 0 4 10] meta "compute_max_steps" 1000000 - let rec f'0 (_1:()) (return' (ret:()))= (! bb0 + let rec f'0[#"while_let.rs" 4 0 4 10] (_1:()) (return' (ret:()))= (! bb0 [ bb0 = s0 [ s0 = [ &a <- C_Some'0 ([%#swhile_let0] (10 : int32)) ] s1 | s1 = Borrow.borrow_mut {a} diff --git a/creusot/tests/should_succeed/linked_list.coma b/creusot/tests/should_succeed/linked_list.coma index 484004290..3fd65d0a9 100644 --- a/creusot/tests/should_succeed/linked_list.coma +++ b/creusot/tests/should_succeed/linked_list.coma @@ -168,7 +168,7 @@ module M_linked_list__qyi14323471455460008969__new [#"linked_list.rs" 72 4 72 27 meta "compute_max_steps" 1000000 - let rec new'0 (_1:()) (return' (ret:t_List'0))= (! bb0 + let rec new'0[#"linked_list.rs" 72 4 72 27] (_1:()) (return' (ret:t_List'0))= (! bb0 [ bb0 = s0 [ s0 = null'0 {[%#slinked_list0] ()} (fun (_ret':opaque_ptr) -> [ &_2 <- _ret' ] s1) | s1 = bb1 ] | bb1 = s0 [ s0 = null'0 {[%#slinked_list1] ()} (fun (_ret':opaque_ptr) -> [ &_3 <- _ret' ] s1) | s1 = bb2 ] | bb2 = s0 [ s0 = new'1 {[%#slinked_list2] ()} (fun (_ret':t_GhostBox'0) -> [ &_4 <- _ret' ] s1) | s1 = bb3 ] @@ -481,8 +481,7 @@ module M_linked_list__qyi14323471455460008969__push_back [#"linked_list.rs" 77 4 axiom inv_axiom'11 [@rewrite] : forall x : closure1'1 [inv'12 x] . inv'12 x = (let {field_0'0 = x0 ; field_1'0 = x1} = x in inv'11 x0 /\ inv'3 x1) - let rec closure1'0 (_1:closure1'1) (return' (ret:t_GhostBox'3))= {[@expl:closure '_1' type invariant] inv'12 _1} - bb0 + let rec closure1'0[#"linked_list.rs" 84 12 84 65] [@coma:extspec] (_1:closure1'1) (return' (ret:t_GhostBox'3))= bb0 [ bb0 = s0 [ s0 = {inv'1 (_1.field_0'0).current} Borrow.borrow_final {(_1.field_0'0).current} {Borrow.get_id _1.field_0'0} @@ -733,8 +732,7 @@ module M_linked_list__qyi14323471455460008969__push_back [#"linked_list.rs" 77 4 axiom inv_axiom'15 [@rewrite] : forall x : closure2'1 [inv'16 x] . inv'16 x = (let {field_0'1 = x0} = x in inv'1 x0) - let rec closure2'0 (_1:closure2'1) (return' (ret:t_GhostBox'4))= {[@expl:closure '_1' type invariant] inv'16 _1} - bb0 + let rec closure2'0[#"linked_list.rs" 89 16 92 17] [@coma:extspec] (_1:closure2'1) (return' (ret:t_GhostBox'4))= bb0 [ bb0 = s0 [ s0 = deref'0 {_1.field_0'1} (fun (_ret':borrowed (Seq.seq (t_PtrOwn'0))) -> [ &_7 <- _ret' ] s1) | s1 = bb1 ] @@ -786,10 +784,7 @@ module M_linked_list__qyi14323471455460008969__push_back [#"linked_list.rs" 77 4 | & _9 : t_Option'0 = any_l () | & _10 : borrowed (Seq.seq (t_PtrOwn'0)) = any_l () | & _11 : borrowed (Seq.seq (t_PtrOwn'0)) = any_l () ] - - [ return' (result:t_GhostBox'4)-> {[@expl:closure result type invariant] [%#slinked_list12] inv'17 result} - return' {result} ] - + [ return' (result:t_GhostBox'4)-> return' {result} ] function inner_logic'1 (self : t_GhostBox'4) : borrowed (t_PtrOwn'0) = [%#sghost22] self.t_GhostBox__0'4 @@ -841,7 +836,7 @@ module M_linked_list__qyi14323471455460008969__push_back [#"linked_list.rs" 77 4 meta "compute_max_steps" 1000000 - let rec push_back'0 (self:borrowed (t_List'0)) (x:t_T'0) (return' (ret:()))= {[@expl:push_back 'self' type invariant] [%#slinked_list1] inv'2 self} + let rec push_back'0[#"linked_list.rs" 77 4 77 37] (self:borrowed (t_List'0)) (x:t_T'0) (return' (ret:()))= {[@expl:push_back 'self' type invariant] [%#slinked_list1] inv'2 self} {[@expl:push_back 'x' type invariant] [%#slinked_list2] inv'5 x} (! bb0 [ bb0 = bb1 @@ -1227,8 +1222,7 @@ module M_linked_list__qyi14323471455460008969__push_front [#"linked_list.rs" 100 axiom inv_axiom'9 [@rewrite] : forall x : closure1'1 [inv'10 x] . inv'10 x = (let {field_0'0 = x0 ; field_1'0 = x1} = x in inv'9 x0 /\ inv'13 x1) - let rec closure1'0 (_1:closure1'1) (return' (ret:t_GhostBox'3))= {[@expl:closure '_1' type invariant] inv'10 _1} - bb0 + let rec closure1'0[#"linked_list.rs" 107 8 107 62] [@coma:extspec] (_1:closure1'1) (return' (ret:t_GhostBox'3))= bb0 [ bb0 = s0 [ s0 = {inv'1 (_1.field_0'0).current} Borrow.borrow_final {(_1.field_0'0).current} {Borrow.get_id _1.field_0'0} @@ -1366,7 +1360,7 @@ module M_linked_list__qyi14323471455460008969__push_front [#"linked_list.rs" 100 meta "compute_max_steps" 1000000 - let rec push_front'0 (self:borrowed (t_List'0)) (x:t_T'0) (return' (ret:()))= {[@expl:push_front 'self' type invariant] [%#slinked_list0] inv'2 self} + let rec push_front'0[#"linked_list.rs" 100 4 100 38] (self:borrowed (t_List'0)) (x:t_T'0) (return' (ret:()))= {[@expl:push_front 'self' type invariant] [%#slinked_list0] inv'2 self} {[@expl:push_front 'x' type invariant] [%#slinked_list1] inv'3 x} (! bb0 [ bb0 = bb1 diff --git a/creusot/tests/should_succeed/list_index_mut.coma b/creusot/tests/should_succeed/list_index_mut.coma index 06bec0cfb..c900d76fc 100644 --- a/creusot/tests/should_succeed/list_index_mut.coma +++ b/creusot/tests/should_succeed/list_index_mut.coma @@ -133,7 +133,7 @@ module M_list_index_mut__index_mut [#"list_index_mut.rs" 37 0 37 61] meta "compute_max_steps" 1000000 - let rec index_mut'0 (l:borrowed (t_List'0)) (ix:usize) (return' (ret:borrowed uint32))= {[@expl:index_mut requires] [%#slist_index_mut9] UIntSize.to_int ix + let rec index_mut'0[#"list_index_mut.rs" 37 0 37 61] (l:borrowed (t_List'0)) (ix:usize) (return' (ret:borrowed uint32))= {[@expl:index_mut requires] [%#slist_index_mut9] UIntSize.to_int ix < len'0 l.current} (! bb0 [ bb0 = s0 [ s0 = [ &old_l <- [%#slist_index_mut0] Snapshot.new l ] s1 | s1 = bb1 ] @@ -294,7 +294,7 @@ module M_list_index_mut__write [#"list_index_mut.rs" 63 0 63 45] meta "compute_max_steps" 1000000 - let rec write'0 (l:borrowed (t_List'0)) (ix:usize) (v:uint32) (return' (ret:()))= {[@expl:write requires] [%#slist_index_mut0] UIntSize.to_int ix + let rec write'0[#"list_index_mut.rs" 63 0 63 45] (l:borrowed (t_List'0)) (ix:usize) (v:uint32) (return' (ret:()))= {[@expl:write requires] [%#slist_index_mut0] UIntSize.to_int ix < len'0 l.current} (! bb0 [ bb0 = s0 @@ -395,7 +395,7 @@ module M_list_index_mut__f [#"list_index_mut.rs" 67 0 67 10] meta "compute_max_steps" 1000000 - let rec f'0 (_1:()) (return' (ret:()))= (! bb0 + let rec f'0[#"list_index_mut.rs" 67 0 67 10] (_1:()) (return' (ret:()))= (! bb0 [ bb0 = s0 [ s0 = [ &_5 <- C_None'0 ] s1 | s1 = [ &_4 <- { t_List__0'0 = ([%#slist_index_mut0] (10 : uint32)); t_List__1'0 = _5 } ] s2 diff --git a/creusot/tests/should_succeed/list_reversal_lasso.coma b/creusot/tests/should_succeed/list_reversal_lasso.coma index e59eb2cb8..0d461aa75 100644 --- a/creusot/tests/should_succeed/list_reversal_lasso.coma +++ b/creusot/tests/should_succeed/list_reversal_lasso.coma @@ -93,7 +93,7 @@ module M_list_reversal_lasso__qyi13715866738248475091__index [#"list_reversal_la meta "compute_max_steps" 1000000 - let rec index'0 (self:t_Memory'0) (i:usize) (return' (ret:usize))= {[@expl:index requires] [%#slist_reversal_lasso0] nonnull_ptr'0 self i} + let rec index'0[#"list_reversal_lasso.rs" 30 4 30 35] (self:t_Memory'0) (i:usize) (return' (ret:usize))= {[@expl:index requires] [%#slist_reversal_lasso0] nonnull_ptr'0 self i} (! bb0 [ bb0 = s0 [ s0 = index'1 {self.t_Memory__0'0} {i} (fun (_ret':usize) -> [ &_6 <- _ret' ] s1) | s1 = bb1 ] | bb1 = s0 [ s0 = [ &_5 <- _6 ] s1 | s1 = [ &_0 <- _5 ] s2 | s2 = return' {_0} ] ] @@ -232,7 +232,7 @@ module M_list_reversal_lasso__qyi14823043098042356205__index_mut [#"list_reversa meta "compute_max_steps" 1000000 - let rec index_mut'0 (self:borrowed (t_Memory'0)) (i:usize) (return' (ret:borrowed usize))= {[@expl:index_mut requires] [%#slist_reversal_lasso0] nonnull_ptr'0 self.current i} + let rec index_mut'0[#"list_reversal_lasso.rs" 41 4 41 47] (self:borrowed (t_Memory'0)) (i:usize) (return' (ret:borrowed usize))= {[@expl:index_mut requires] [%#slist_reversal_lasso0] nonnull_ptr'0 self.current i} (! bb0 [ bb0 = s0 [ s0 = Borrow.borrow_final {(self.current).t_Memory__0'0} {Borrow.inherit_id (Borrow.get_id self) 1} @@ -390,7 +390,7 @@ module M_list_reversal_lasso__qyi2644757663130641572__list_reversal_safe [#"list meta "compute_max_steps" 1000000 - let rec list_reversal_safe'0 (self:borrowed (t_Memory'0)) (l:usize) (return' (ret:usize))= {[@expl:list_reversal_safe requires #0] [%#slist_reversal_lasso5] mem_is_well_formed'0 self.current} + let rec list_reversal_safe'0[#"list_reversal_lasso.rs" 65 4 65 59] (self:borrowed (t_Memory'0)) (l:usize) (return' (ret:usize))= {[@expl:list_reversal_safe requires #0] [%#slist_reversal_lasso5] mem_is_well_formed'0 self.current} {[@expl:list_reversal_safe requires #1] [%#slist_reversal_lasso6] l = v_NULL'0 \/ nonnull_ptr'0 self.current l} (! bb0 [ bb0 = s0 @@ -598,7 +598,7 @@ module M_list_reversal_lasso__qyi2644757663130641572__list_reversal_list [#"list meta "compute_max_steps" 1000000 - let rec list_reversal_list'0 (self:borrowed (t_Memory'0)) (l:usize) (s:Snapshot.snap_ty (Seq.seq usize)) (return' (ret:usize))= {[@expl:list_reversal_list requires] [%#slist_reversal_lasso7] list'0 self.current l (Snapshot.inner s)} + let rec list_reversal_list'0[#"list_reversal_lasso.rs" 99 4 99 82] (self:borrowed (t_Memory'0)) (l:usize) (s:Snapshot.snap_ty (Seq.seq usize)) (return' (ret:usize))= {[@expl:list_reversal_list requires] [%#slist_reversal_lasso7] list'0 self.current l (Snapshot.inner s)} (! bb0 [ bb0 = s0 [ s0 = [ &r <- [%#slist_reversal_lasso0] (18446744073709551615 : usize) ] s1 @@ -848,7 +848,7 @@ module M_list_reversal_lasso__qyi2644757663130641572__list_reversal_loop [#"list meta "compute_max_steps" 1000000 - let rec list_reversal_loop'0 (self:borrowed (t_Memory'0)) (l:usize) (s:Snapshot.snap_ty (Seq.seq usize)) (return' (ret:usize))= {[@expl:list_reversal_loop requires #0] [%#slist_reversal_lasso10] Seq.length (Snapshot.inner s) + let rec list_reversal_loop'0[#"list_reversal_lasso.rs" 125 4 125 82] (self:borrowed (t_Memory'0)) (l:usize) (s:Snapshot.snap_ty (Seq.seq usize)) (return' (ret:usize))= {[@expl:list_reversal_loop requires #0] [%#slist_reversal_lasso10] Seq.length (Snapshot.inner s) > 0} {[@expl:list_reversal_loop requires #1] [%#slist_reversal_lasso11] loopqy95z'0 self.current l (Snapshot.inner s)} (! bb0 @@ -1117,7 +1117,7 @@ module M_list_reversal_lasso__qyi2644757663130641572__list_reversal_lasso [#"lis meta "compute_max_steps" 1000000 - let rec list_reversal_lasso'0 (self:borrowed (t_Memory'0)) (l:usize) (s1:Snapshot.snap_ty (Seq.seq usize)) (s2:Snapshot.snap_ty (Seq.seq usize)) (return' (ret:usize))= {[@expl:list_reversal_lasso requires] [%#slist_reversal_lasso7] lasso'0 self.current l (Snapshot.inner s1) (Snapshot.inner s2)} + let rec list_reversal_lasso'0[#"list_reversal_lasso.rs" 163 4 168 12] (self:borrowed (t_Memory'0)) (l:usize) (s1:Snapshot.snap_ty (Seq.seq usize)) (s2:Snapshot.snap_ty (Seq.seq usize)) (return' (ret:usize))= {[@expl:list_reversal_lasso requires] [%#slist_reversal_lasso7] lasso'0 self.current l (Snapshot.inner s1) (Snapshot.inner s2)} (! bb0 [ bb0 = s0 [ s0 = [ &r <- [%#slist_reversal_lasso0] (18446744073709551615 : usize) ] s1 diff --git a/creusot/tests/should_succeed/loop.coma b/creusot/tests/should_succeed/loop.coma index 71f18110d..045444f43 100644 --- a/creusot/tests/should_succeed/loop.coma +++ b/creusot/tests/should_succeed/loop.coma @@ -18,7 +18,7 @@ module M_loop__f [#"loop.rs" 3 0 3 10] meta "compute_max_steps" 1000000 - let rec f'0 (_1:()) (return' (ret:()))= (! bb0 + let rec f'0[#"loop.rs" 3 0 3 10] (_1:()) (return' (ret:()))= (! bb0 [ bb0 = s0 [ s0 = [ &a <- [%#sloop0] (10 : int32) ] s1 | s1 = Borrow.borrow_mut {a} (fun (_ret':borrowed int32) -> [ &b <- _ret' ] [ &a <- _ret'.final ] s2) diff --git a/creusot/tests/should_succeed/mapping_indexing.coma b/creusot/tests/should_succeed/mapping_indexing.coma index d11b18c2a..8b84fd7e8 100644 --- a/creusot/tests/should_succeed/mapping_indexing.coma +++ b/creusot/tests/should_succeed/mapping_indexing.coma @@ -34,7 +34,7 @@ module M_mapping_indexing__foo [#"mapping_indexing.rs" 4 0 4 12] meta "compute_max_steps" 1000000 - let rec foo'0 (_1:()) (return' (ret:()))= (! bb0 + let rec foo'0[#"mapping_indexing.rs" 4 0 4 12] (_1:()) (return' (ret:()))= (! bb0 [ bb0 = s0 [ s0 = [ &mapping <- [%#smapping_indexing0] Snapshot.new (Mapping.from_fn (fun (_2 : int) -> 42)) ] s1 | s1 = bb1 ] diff --git a/creusot/tests/should_succeed/mapping_test.coma b/creusot/tests/should_succeed/mapping_test.coma index c03443cf5..91cf8923f 100644 --- a/creusot/tests/should_succeed/mapping_test.coma +++ b/creusot/tests/should_succeed/mapping_test.coma @@ -58,7 +58,7 @@ module M_mapping_test__incr [#"mapping_test.rs" 29 0 29 18] meta "compute_max_steps" 1000000 - let rec incr'0 (t:borrowed (t_T'0)) (return' (ret:()))= {[@expl:incr requires #0] [%#smapping_test3] 0 + let rec incr'0[#"mapping_test.rs" 29 0 29 18] (t:borrowed (t_T'0)) (return' (ret:()))= {[@expl:incr requires #0] [%#smapping_test3] 0 <= Int32.to_int (t.current).t_T__a'0} {[@expl:incr requires #1] [%#smapping_test4] Int32.to_int (t.current).t_T__a'0 < 1000} (! bb0 @@ -135,7 +135,7 @@ module M_mapping_test__f [#"mapping_test.rs" 37 0 37 10] meta "compute_max_steps" 1000000 - let rec f'0 (_1:()) (return' (ret:()))= (! bb0 + let rec f'0[#"mapping_test.rs" 37 0 37 10] (_1:()) (return' (ret:()))= (! bb0 [ bb0 = s0 [ s0 = [ &x <- { t_T__a'0 = ([%#smapping_test0] (42 : int32)) } ] s1 | s1 = {[@expl:assertion] [%#smapping_test1] Map.get (view'0 x) 13 = 1} s2 diff --git a/creusot/tests/should_succeed/match_int.coma b/creusot/tests/should_succeed/match_int.coma index fd1aaabce..80bd7b303 100644 --- a/creusot/tests/should_succeed/match_int.coma +++ b/creusot/tests/should_succeed/match_int.coma @@ -14,7 +14,7 @@ module M_match_int__f [#"match_int.rs" 6 0 6 10] meta "compute_max_steps" 1000000 - let rec f'0 (_1:()) (return' (ret:()))= (! bb0 + let rec f'0[#"match_int.rs" 6 0 6 10] (_1:()) (return' (ret:()))= (! bb0 [ bb0 = s0 [ s0 = [ &_1 <- [%#smatch_int0] (1 : int32) ] s1 | s1 = Int32.le {[%#smatch_int1] (0 : int32)} {_1} (fun (_ret':bool) -> [ &_2 <- _ret' ] s2) diff --git a/creusot/tests/should_succeed/mc91.coma b/creusot/tests/should_succeed/mc91.coma index b89a7f1a1..03e292303 100644 --- a/creusot/tests/should_succeed/mc91.coma +++ b/creusot/tests/should_succeed/mc91.coma @@ -14,7 +14,7 @@ module M_mc91__mc91 [#"mc91.rs" 7 0 7 26] meta "compute_max_steps" 1000000 - let rec mc91'0 (x:uint32) (return' (ret:uint32))= (! bb0 + let rec mc91'0[#"mc91.rs" 7 0 7 26] (x:uint32) (return' (ret:uint32))= (! bb0 [ bb0 = s0 [ s0 = UInt32.gt {x} {[%#smc910] (100 : uint32)} (fun (_ret':bool) -> [ &_3 <- _ret' ] s1) | s1 = any [ br0 -> {_3 = false} (! bb2) | br1 -> {_3} (! bb1) ] ] diff --git a/creusot/tests/should_succeed/mutex.coma b/creusot/tests/should_succeed/mutex.coma index 981f825a4..ba312ff19 100644 --- a/creusot/tests/should_succeed/mutex.coma +++ b/creusot/tests/should_succeed/mutex.coma @@ -70,7 +70,7 @@ module M_mutex__qyi5425553346843331945__call [#"mutex.rs" 100 4 100 23] (* [ &v <- _ret' ] s1) | s1 = bb1 ] | bb1 = s0 [ s0 = deref'0 {v} (fun (_ret':uint32) -> [ &_5 <- _ret' ] s1) | s1 = bb2 ] | bb2 = s0 @@ -235,7 +235,7 @@ module M_mutex__concurrent [#"mutex.rs" 163 0 163 19] meta "compute_max_steps" 1000000 - let rec concurrent'0 (_1:()) (return' (ret:()))= (! bb0 + let rec concurrent'0[#"mutex.rs" 163 0 163 19] (_1:()) (return' (ret:()))= (! bb0 [ bb0 = s0 [ s0 = [ &_5 <- () ] s1 | s1 = new'0 {[%#smutex0] (0 : uint32)} {_5} (fun (_ret':t_Mutex'0) -> [ &_4 <- _ret' ] s2) diff --git a/creusot/tests/should_succeed/one_side_update.coma b/creusot/tests/should_succeed/one_side_update.coma index 042dd80f5..c4354c0d3 100644 --- a/creusot/tests/should_succeed/one_side_update.coma +++ b/creusot/tests/should_succeed/one_side_update.coma @@ -21,7 +21,7 @@ module M_one_side_update__f [#"one_side_update.rs" 5 0 5 10] meta "compute_max_steps" 1000000 - let rec f'0 (_1:()) (return' (ret:()))= (! bb0 + let rec f'0[#"one_side_update.rs" 5 0 5 10] (_1:()) (return' (ret:()))= (! bb0 [ bb0 = s0 [ s0 = [ &a <- { t_MyInt__0'0 = ([%#sone_side_update1] (10 : usize)) } ] s1 | s1 = Borrow.borrow_mut {a} diff --git a/creusot/tests/should_succeed/open_inv.coma b/creusot/tests/should_succeed/open_inv.coma index b14844b87..541cfc7c0 100644 --- a/creusot/tests/should_succeed/open_inv.coma +++ b/creusot/tests/should_succeed/open_inv.coma @@ -8,9 +8,9 @@ module M_open_inv__test_open_inv_param [#"open_inv.rs" 15 0 15 58] meta "compute_max_steps" 1000000 - let rec test_open_inv_param'0 (_1:t_IsZero'0) (return' (ret:()))= (! bb0 [ bb0 = return' {_0} ] ) - [ & _0 : () = any_l () ] - [ return' (result:())-> (! return' {result}) ] + let rec test_open_inv_param'0[#"open_inv.rs" 15 0 15 58] (_1:t_IsZero'0) (return' (ret:()))= (! bb0 + [ bb0 = return' {_0} ] + ) [ & _0 : () = any_l () ] [ return' (result:())-> (! return' {result}) ] end module M_open_inv__test_open_inv_param_call [#"open_inv.rs" 16 0 16 33] let%span sopen_inv0 = "open_inv.rs" 17 23 17 24 @@ -27,7 +27,7 @@ module M_open_inv__test_open_inv_param_call [#"open_inv.rs" 16 0 16 33] meta "compute_max_steps" 1000000 - let rec test_open_inv_param_call'0 (_1:()) (return' (ret:()))= (! bb0 + let rec test_open_inv_param_call'0[#"open_inv.rs" 16 0 16 33] (_1:()) (return' (ret:()))= (! bb0 [ bb0 = s0 [ s0 = [ &a <- { t_IsZero__0'0 = ([%#sopen_inv0] (0 : int32)) } ] s1 | s1 = Int32.sub {a.t_IsZero__0'0} {[%#sopen_inv1] (1 : int32)} @@ -53,7 +53,7 @@ module M_open_inv__test_open_inv_result [#"open_inv.rs" 23 0 23 39] meta "compute_max_steps" 1000000 - let rec test_open_inv_result'0 (_1:()) (return' (ret:t_IsZero'0))= (! bb0 + let rec test_open_inv_result'0[#"open_inv.rs" 23 0 23 39] (_1:()) (return' (ret:t_IsZero'0))= (! bb0 [ bb0 = s0 [ s0 = [ &a <- { t_IsZero__0'0 = ([%#sopen_inv0] (0 : int32)) } ] s1 | s1 = Int32.sub {a.t_IsZero__0'0} {[%#sopen_inv1] (1 : int32)} diff --git a/creusot/tests/should_succeed/option.coma b/creusot/tests/should_succeed/option.coma index 7d44d64cf..1608f88bc 100644 --- a/creusot/tests/should_succeed/option.coma +++ b/creusot/tests/should_succeed/option.coma @@ -27,7 +27,7 @@ module M_option__is_some_none [#"option.rs" 6 0 6 21] meta "compute_max_steps" 1000000 - let rec is_some_none'0 (_1:()) (return' (ret:()))= (! bb0 + let rec is_some_none'0[#"option.rs" 6 0 6 21] (_1:()) (return' (ret:()))= (! bb0 [ bb0 = s0 [ s0 = [ &none <- C_None'0 ] s1 | s1 = [ &some <- C_Some'0 ([%#soption0] (1 : int32)) ] s2 @@ -132,7 +132,7 @@ module M_option__unwrap [#"option.rs" 15 0 15 15] (! return' {result}) ] - let rec closure0'0 (_1:()) (return' (ret:int32))= {[@expl:closure requires] [%#soption23] false} + let rec closure0'0[#"option.rs" 30 12 30 30] (_1:()) (return' (ret:int32))= {[@expl:closure requires] [%#soption23] false} (! bb0 [ bb0 = {false} any ] ) [ return' (result:int32)-> (! return' {result}) ] predicate inv'2 (_1 : ()) @@ -159,7 +159,7 @@ module M_option__unwrap [#"option.rs" 15 0 15 15] use prelude.prelude.Intrinsic - let rec closure1'0 (_1:()) (return' (ret:int32))= (! bb0 + let rec closure1'0[#"option.rs" 36 12 36 38] (_1:()) (return' (ret:int32))= (! bb0 [ bb0 = s0 [ s0 = [ &res <- [%#soption25] (3 : int32) ] s1 | s1 = [ &_0 <- res ] s2 | s2 = return' {_0} ] ] ) [ & _0 : int32 = any_l () | & res : int32 = any_l () ] [ return' (result:int32)-> {[@expl:closure ensures] [%#soption26] result = (3 : int32)} (! return' {result}) ] @@ -193,7 +193,7 @@ module M_option__unwrap [#"option.rs" 15 0 15 15] meta "compute_max_steps" 1000000 - let rec unwrap'0 (_1:()) (return' (ret:()))= (! bb0 + let rec unwrap'0[#"option.rs" 15 0 15 15] (_1:()) (return' (ret:()))= (! bb0 [ bb0 = s0 [ s0 = [ &none <- C_None'0 ] s1 | s1 = [ &some <- C_Some'0 ([%#soption0] (1 : int32)) ] s2 @@ -324,7 +324,7 @@ module M_option__map [#"option.rs" 44 0 44 12] | C_None'0 | C_Some'0 int32 - let rec closure0'0 (_1:()) (_2:int32) (return' (ret:()))= {[@expl:closure requires] [%#soption4] false} + let rec closure0'0[#"option.rs" 50 12 50 30] (_1:()) (_2:int32) (return' (ret:()))= {[@expl:closure requires] [%#soption4] false} (! bb0 [ bb0 = {false} any ] ) [ return' (result:())-> (! return' {result}) ] predicate inv'0 (_1 : t_Option'1) @@ -396,7 +396,7 @@ module M_option__map [#"option.rs" 44 0 44 12] [ return' (result:bool)-> {[%#soption7] result = (deep_model'0 self = deep_model'0 other)} (! return' {result}) ] - let rec closure1'0 (_1:()) (_2:int32) (return' (ret:int32))= (! bb0 + let rec closure1'0[#"option.rs" 56 12 56 38] (_1:()) (_2:int32) (return' (ret:int32))= (! bb0 [ bb0 = s0 [ s0 = [ &res <- [%#soption8] (3 : int32) ] s1 | s1 = [ &_0 <- res ] s2 | s2 = return' {_0} ] ] ) [ & _0 : int32 = any_l () | & res : int32 = any_l () ] [ return' (result:int32)-> {[@expl:closure ensures] [%#soption9] result = (3 : int32)} (! return' {result}) ] @@ -467,7 +467,7 @@ module M_option__map [#"option.rs" 44 0 44 12] constant v_MAX'0 : int32 = (2147483647 : int32) - let rec closure2'0 (_1:()) (x:int32) (return' (ret:int32))= {[@expl:closure requires] [%#soption12] x + let rec closure2'0[#"option.rs" 63 12 63 41] (_1:()) (x:int32) (return' (ret:int32))= {[@expl:closure requires] [%#soption12] x < (v_MAX'0 : int32)} (! bb0 [ bb0 = s0 @@ -516,7 +516,7 @@ module M_option__map [#"option.rs" 44 0 44 12] meta "compute_max_steps" 1000000 - let rec map'0 (_1:()) (return' (ret:()))= (! bb0 + let rec map'0[#"option.rs" 44 0 44 12] (_1:()) (return' (ret:()))= (! bb0 [ bb0 = s0 [ s0 = [ &none <- C_None'0 ] s1 | s1 = [ &some <- C_Some'0 ([%#soption0] (1 : int32)) ] s2 @@ -593,7 +593,7 @@ module M_option__inspect [#"option.rs" 69 0 69 16] use prelude.prelude.Borrow - let rec closure0'0 (_1:()) (_2:int32) (return' (ret:()))= {[@expl:closure requires] [%#soption3] false} + let rec closure0'0[#"option.rs" 75 12 75 30] (_1:()) (_2:int32) (return' (ret:()))= {[@expl:closure requires] [%#soption3] false} (! bb0 [ bb0 = {false} any ] ) [ return' (result:())-> (! return' {result}) ] predicate inv'0 (_1 : t_Option'0) @@ -664,9 +664,9 @@ module M_option__inspect [#"option.rs" 69 0 69 16] [ return' (result:bool)-> {[%#soption7] result = (deep_model'0 self = deep_model'0 other)} (! return' {result}) ] - let rec closure1'0 (_1:()) (_2:int32) (return' (ret:()))= (! bb0 [ bb0 = return' {_0} ] ) [ & _0 : () = any_l () ] - [ return' (result:())-> {[@expl:closure ensures] [%#soption8] true} (! return' {result}) ] - + let rec closure1'0[#"option.rs" 81 12 81 28] (_1:()) (_2:int32) (return' (ret:()))= (! bb0 [ bb0 = return' {_0} ] ) + [ & _0 : () = any_l () ] + [ return' (result:())-> {[@expl:closure ensures] [%#soption8] true} (! return' {result}) ] predicate inv'3 (_1 : ()) @@ -704,7 +704,7 @@ module M_option__inspect [#"option.rs" 69 0 69 16] meta "compute_max_steps" 1000000 - let rec inspect'0 (_1:()) (return' (ret:()))= (! bb0 + let rec inspect'0[#"option.rs" 69 0 69 16] (_1:()) (return' (ret:()))= (! bb0 [ bb0 = s0 [ s0 = [ &none <- C_None'0 ] s1 | s1 = [ &some <- C_Some'0 ([%#soption0] (1 : int32)) ] s2 @@ -785,7 +785,7 @@ module M_option__map_or [#"option.rs" 87 0 87 15] | C_None'0 | C_Some'0 int32 - let rec closure0'0 (_1:()) (_2:int32) (return' (ret:int32))= {[@expl:closure requires] [%#soption14] false} + let rec closure0'0[#"option.rs" 95 12 95 30] (_1:()) (_2:int32) (return' (ret:int32))= {[@expl:closure requires] [%#soption14] false} (! bb0 [ bb0 = {false} any ] ) [ return' (result:int32)-> (! return' {result}) ] predicate inv'0 (_1 : t_Option'0) @@ -824,7 +824,7 @@ module M_option__map_or [#"option.rs" 87 0 87 15] use prelude.prelude.Intrinsic - let rec closure1'0 (_1:()) (_2:int32) (return' (ret:int32))= (! bb0 + let rec closure1'0[#"option.rs" 102 12 102 38] (_1:()) (_2:int32) (return' (ret:int32))= (! bb0 [ bb0 = s0 [ s0 = [ &res <- [%#soption17] (3 : int32) ] s1 | s1 = [ &_0 <- res ] s2 | s2 = return' {_0} ] ] ) [ & _0 : int32 = any_l () | & res : int32 = any_l () ] [ return' (result:int32)-> {[@expl:closure ensures] [%#soption18] result = (3 : int32)} (! return' {result}) ] @@ -862,7 +862,7 @@ module M_option__map_or [#"option.rs" 87 0 87 15] use prelude.prelude.Int32 - let rec closure2'0 (_1:()) (x:int32) (return' (ret:int32))= {[@expl:closure requires] [%#soption20] x + let rec closure2'0[#"option.rs" 110 12 110 41] (_1:()) (x:int32) (return' (ret:int32))= {[@expl:closure requires] [%#soption20] x < (v_MAX'0 : int32)} (! bb0 [ bb0 = s0 @@ -902,13 +902,13 @@ module M_option__map_or [#"option.rs" 87 0 87 15] (! return' {result}) ] - let rec closure3'0 (_1:()) (return' (ret:int32))= (! bb0 + let rec closure3'0[#"option.rs" 118 12 118 38] (_1:()) (return' (ret:int32))= (! bb0 [ bb0 = s0 [ s0 = [ &res <- [%#soption22] (2 : int32) ] s1 | s1 = [ &_0 <- res ] s2 | s2 = return' {_0} ] ] ) [ & _0 : int32 = any_l () | & res : int32 = any_l () ] [ return' (result:int32)-> {[@expl:closure ensures] [%#soption23] result = (2 : int32)} (! return' {result}) ] - let rec closure4'0 (_1:()) (_2:int32) (return' (ret:int32))= {[@expl:closure requires] [%#soption24] false} + let rec closure4'0[#"option.rs" 120 12 120 30] (_1:()) (_2:int32) (return' (ret:int32))= {[@expl:closure requires] [%#soption24] false} (! bb0 [ bb0 = {false} any ] ) [ return' (result:int32)-> (! return' {result}) ] predicate inv'5 (_1 : ()) @@ -947,10 +947,10 @@ module M_option__map_or [#"option.rs" 87 0 87 15] (! return' {result}) ] - let rec closure5'0 (_1:()) (return' (ret:int32))= {[@expl:closure requires] [%#soption27] false} + let rec closure5'0[#"option.rs" 126 12 126 30] (_1:()) (return' (ret:int32))= {[@expl:closure requires] [%#soption27] false} (! bb0 [ bb0 = {false} any ] ) [ return' (result:int32)-> (! return' {result}) ] - let rec closure6'0 (_1:()) (x:int32) (return' (ret:int32))= {[@expl:closure requires] [%#soption29] x + let rec closure6'0[#"option.rs" 129 12 129 41] (_1:()) (x:int32) (return' (ret:int32))= {[@expl:closure requires] [%#soption29] x < (v_MAX'0 : int32)} (! bb0 [ bb0 = s0 @@ -1002,7 +1002,7 @@ module M_option__map_or [#"option.rs" 87 0 87 15] meta "compute_max_steps" 1000000 - let rec map_or'0 (_1:()) (return' (ret:()))= (! bb0 + let rec map_or'0[#"option.rs" 87 0 87 15] (_1:()) (return' (ret:()))= (! bb0 [ bb0 = s0 [ s0 = [ &none <- C_None'0 ] s1 | s1 = [ &some <- C_Some'0 ([%#soption0] (1 : int32)) ] s2 @@ -1132,7 +1132,7 @@ module M_option__ok_or [#"option.rs" 135 0 135 14] use prelude.prelude.Intrinsic - let rec closure2'0 (_1:()) (return' (ret:bool))= (! bb0 + let rec closure2'0[#"option.rs" 145 8 145 26] (_1:()) (return' (ret:bool))= (! bb0 [ bb0 = s0 [ s0 = [ &res <- [%#soption8] true ] s1 | s1 = [ &_0 <- res ] s2 | s2 = return' {_0} ] ] ) [ & _0 : bool = any_l () | & res : bool = any_l () ] [ return' (result:bool)-> {[@expl:closure ensures] [%#soption9] result} (! return' {result}) ] @@ -1160,7 +1160,7 @@ module M_option__ok_or [#"option.rs" 135 0 135 14] (! return' {result}) ] - let rec closure4'0 (_1:()) (return' (ret:bool))= {[@expl:closure requires] [%#soption13] false} + let rec closure4'0[#"option.rs" 150 8 150 26] (_1:()) (return' (ret:bool))= {[@expl:closure requires] [%#soption13] false} (! bb0 [ bb0 = s0 [ s0 = [ &res <- [%#soption12] false ] s1 | s1 = [ &_0 <- res ] s2 | s2 = return' {_0} ] ] ) [ & _0 : bool = any_l () | & res : bool = any_l () ] [ return' (result:bool)-> (! return' {result}) ] @@ -1189,7 +1189,7 @@ module M_option__ok_or [#"option.rs" 135 0 135 14] meta "compute_max_steps" 1000000 - let rec ok_or'0 (_1:()) (return' (ret:()))= (! bb0 + let rec ok_or'0[#"option.rs" 135 0 135 14] (_1:()) (return' (ret:()))= (! bb0 [ bb0 = s0 [ s0 = [ &none <- C_None'0 ] s1 | s1 = [ &some <- C_Some'0 ([%#soption0] (1 : int32)) ] s2 @@ -1320,7 +1320,7 @@ module M_option__as_mut [#"option.rs" 156 0 156 15] meta "compute_max_steps" 1000000 - let rec as_mut'0 (_1:()) (return' (ret:()))= (! bb0 + let rec as_mut'0[#"option.rs" 156 0 156 15] (_1:()) (return' (ret:()))= (! bb0 [ bb0 = s0 [ s0 = [ &none <- C_None'0 ] s1 | s1 = [ &some <- C_Some'0 ([%#soption0] (1 : int32)) ] s2 @@ -1445,7 +1445,7 @@ module M_option__as_ref [#"option.rs" 167 0 167 15] meta "compute_max_steps" 1000000 - let rec as_ref'0 (_1:()) (return' (ret:()))= (! bb0 + let rec as_ref'0[#"option.rs" 167 0 167 15] (_1:()) (return' (ret:()))= (! bb0 [ bb0 = s0 [ s0 = [ &none <- C_None'0 ] s1 | s1 = [ &some <- C_Some'0 ([%#soption0] (1 : int32)) ] s2 @@ -1536,7 +1536,7 @@ module M_option__replace [#"option.rs" 175 0 175 16] meta "compute_max_steps" 1000000 - let rec replace'0 (_1:()) (return' (ret:()))= (! bb0 + let rec replace'0[#"option.rs" 175 0 175 16] (_1:()) (return' (ret:()))= (! bb0 [ bb0 = s0 [ s0 = [ &none <- C_None'0 ] s1 | s1 = [ &some <- C_Some'0 ([%#soption0] (1 : int32)) ] s2 @@ -1818,7 +1818,7 @@ module M_option__and_or_xor [#"option.rs" 187 0 187 19] meta "compute_max_steps" 1000000 - let rec and_or_xor'0 (_1:()) (return' (ret:()))= (! bb0 + let rec and_or_xor'0[#"option.rs" 187 0 187 19] (_1:()) (return' (ret:()))= (! bb0 [ bb0 = s0 [ s0 = [ &none <- C_None'0 ] s1 | s1 = [ &some <- C_Some'0 ([%#soption0] (1 : int32)) ] s2 @@ -2017,7 +2017,7 @@ module M_option__and_then [#"option.rs" 208 0 208 17] | C_None'0 | C_Some'0 int32 - let rec closure0'0 (_1:()) (_2:int32) (return' (ret:t_Option'0))= {[@expl:closure requires] [%#soption5] false} + let rec closure0'0[#"option.rs" 215 12 215 30] (_1:()) (_2:int32) (return' (ret:t_Option'0))= {[@expl:closure requires] [%#soption5] false} (! bb0 [ bb0 = {false} any ] ) [ return' (result:t_Option'0)-> (! return' {result}) ] predicate inv'0 (_1 : t_Option'0) @@ -2089,7 +2089,7 @@ module M_option__and_then [#"option.rs" 208 0 208 17] [ return' (result:bool)-> {[%#soption8] result = (deep_model'0 self = deep_model'0 other)} (! return' {result}) ] - let rec closure1'0 (_1:()) (x:int32) (return' (ret:t_Option'0))= (! bb0 + let rec closure1'0[#"option.rs" 219 15 223 7] (_1:()) (x:int32) (return' (ret:t_Option'0))= (! bb0 [ bb0 = s0 [ s0 = Int32.eq {x} {[%#soption9] (1 : int32)} (fun (_ret':bool) -> [ &_4 <- _ret' ] s1) | s1 = any [ br0 -> {_4 = false} (! bb2) | br1 -> {_4} (! bb1) ] ] @@ -2161,7 +2161,7 @@ module M_option__and_then [#"option.rs" 208 0 208 17] meta "compute_max_steps" 1000000 - let rec and_then'0 (_1:()) (return' (ret:()))= (! bb0 + let rec and_then'0[#"option.rs" 208 0 208 17] (_1:()) (return' (ret:()))= (! bb0 [ bb0 = s0 [ s0 = [ &none <- C_None'0 ] s1 | s1 = [ &some1 <- C_Some'0 ([%#soption0] (1 : int32)) ] s2 @@ -2243,7 +2243,7 @@ module M_option__filter [#"option.rs" 235 0 235 15] use prelude.prelude.Borrow - let rec closure0'0 (_1:()) (_2:int32) (return' (ret:bool))= {[@expl:closure requires] [%#soption4] false} + let rec closure0'0[#"option.rs" 241 12 241 30] (_1:()) (_2:int32) (return' (ret:bool))= {[@expl:closure requires] [%#soption4] false} (! bb0 [ bb0 = {false} any ] ) [ return' (result:bool)-> (! return' {result}) ] predicate inv'0 (_1 : t_Option'0) @@ -2322,7 +2322,7 @@ module M_option__filter [#"option.rs" 235 0 235 15] function view'0 (self : int32) : int = [%#smodel14] Int32.to_int self - let rec closure1'0 (_1:()) (x:int32) (return' (ret:bool))= (! bb0 + let rec closure1'0[#"option.rs" 247 12 247 43] (_1:()) (x:int32) (return' (ret:bool))= (! bb0 [ bb0 = s0 [ s0 = Int32.eq {x} {[%#soption8] (1 : int32)} (fun (_ret':bool) -> [ &res <- _ret' ] s1) | s1 = [ &_0 <- res ] s2 @@ -2368,7 +2368,7 @@ module M_option__filter [#"option.rs" 235 0 235 15] [ return' (result:t_Option'0)-> return' {result} ] - let rec closure2'0 (_1:()) (x:int32) (return' (ret:bool))= (! bb0 + let rec closure2'0[#"option.rs" 253 12 253 43] (_1:()) (x:int32) (return' (ret:bool))= (! bb0 [ bb0 = s0 [ s0 = Int32.eq {x} {[%#soption11] (2 : int32)} (fun (_ret':bool) -> [ &res <- _ret' ] s1) | s1 = [ &_0 <- res ] s2 @@ -2414,7 +2414,7 @@ module M_option__filter [#"option.rs" 235 0 235 15] meta "compute_max_steps" 1000000 - let rec filter'0 (_1:()) (return' (ret:()))= (! bb0 + let rec filter'0[#"option.rs" 235 0 235 15] (_1:()) (return' (ret:()))= (! bb0 [ bb0 = s0 [ s0 = [ &none <- C_None'0 ] s1 | s1 = [ &some <- C_Some'0 ([%#soption0] (1 : int32)) ] s2 @@ -2495,7 +2495,7 @@ module M_option__is_some_and [#"option.rs" 259 0 259 20] use prelude.prelude.Intrinsic - let rec closure0'0 (_1:()) (x:int32) (return' (ret:bool))= (! bb0 + let rec closure0'0[#"option.rs" 265 8 265 41] (_1:()) (x:int32) (return' (ret:bool))= (! bb0 [ bb0 = s0 [ s0 = Int32.eq {x} {[%#soption5] (1 : int32)} (fun (_ret':bool) -> [ &res <- _ret' ] s1) | s1 = [ &_0 <- res ] s2 @@ -2538,7 +2538,7 @@ module M_option__is_some_and [#"option.rs" 259 0 259 20] (! return' {result}) ] - let rec closure1'0 (_1:()) (x:int32) (return' (ret:bool))= (! bb0 + let rec closure1'0[#"option.rs" 269 8 269 41] (_1:()) (x:int32) (return' (ret:bool))= (! bb0 [ bb0 = s0 [ s0 = Int32.eq {x} {[%#soption9] (1 : int32)} (fun (_ret':bool) -> [ &res <- _ret' ] s1) | s1 = [ &_0 <- res ] s2 @@ -2572,7 +2572,7 @@ module M_option__is_some_and [#"option.rs" 259 0 259 20] (! return' {result}) ] - let rec closure2'0 (_1:()) (_2:int32) (return' (ret:bool))= (! bb0 + let rec closure2'0[#"option.rs" 273 8 273 26] (_1:()) (_2:int32) (return' (ret:bool))= (! bb0 [ bb0 = s0 [ s0 = [ &res <- [%#soption11] true ] s1 | s1 = [ &_0 <- res ] s2 | s2 = return' {_0} ] ] ) [ & _0 : bool = any_l () | & res : bool = any_l () ] [ return' (result:bool)-> {[@expl:closure ensures] [%#soption12] result} (! return' {result}) ] @@ -2604,7 +2604,7 @@ module M_option__is_some_and [#"option.rs" 259 0 259 20] meta "compute_max_steps" 1000000 - let rec is_some_and'0 (_1:()) (return' (ret:()))= (! bb0 + let rec is_some_and'0[#"option.rs" 259 0 259 20] (_1:()) (return' (ret:()))= (! bb0 [ bb0 = s0 [ s0 = [ &none <- C_None'0 ] s1 | s1 = [ &some1 <- C_Some'0 ([%#soption0] (1 : int32)) ] s2 @@ -2669,7 +2669,7 @@ module M_option__or_else [#"option.rs" 278 0 278 16] use prelude.prelude.Intrinsic - let rec closure0'0 (_1:()) (return' (ret:t_Option'0))= (! bb0 + let rec closure0'0[#"option.rs" 284 12 284 44] (_1:()) (return' (ret:t_Option'0))= (! bb0 [ bb0 = s0 [ s0 = [ &res <- C_Some'0 ([%#soption4] (2 : int32)) ] s1 | s1 = [ &_0 <- res ] s2 | s2 = return' {_0} ] ] @@ -2744,7 +2744,7 @@ module M_option__or_else [#"option.rs" 278 0 278 16] [ return' (result:bool)-> {[%#soption9] result = (deep_model'0 self = deep_model'0 other)} (! return' {result}) ] - let rec closure1'0 (_1:()) (return' (ret:t_Option'0))= (! bb0 + let rec closure1'0[#"option.rs" 290 12 290 38] (_1:()) (return' (ret:t_Option'0))= (! bb0 [ bb0 = s0 [ s0 = [ &res <- C_None'0 ] s1 | s1 = [ &_0 <- res ] s2 | s2 = return' {_0} ] ] ) [ & _0 : t_Option'0 = any_l () | & res : t_Option'0 = any_l () ] [ return' (result:t_Option'0)-> {[@expl:closure ensures] [%#soption10] result = C_None'0} (! return' {result}) ] @@ -2778,7 +2778,7 @@ module M_option__or_else [#"option.rs" 278 0 278 16] [ return' (result:t_Option'0)-> return' {result} ] - let rec closure2'0 (_1:()) (return' (ret:t_Option'0))= {[@expl:closure requires] [%#soption11] false} + let rec closure2'0[#"option.rs" 296 12 296 30] (_1:()) (return' (ret:t_Option'0))= {[@expl:closure requires] [%#soption11] false} (! bb0 [ bb0 = {false} any ] ) [ return' (result:t_Option'0)-> (! return' {result}) ] predicate inv'4 (_1 : ()) @@ -2813,7 +2813,7 @@ module M_option__or_else [#"option.rs" 278 0 278 16] meta "compute_max_steps" 1000000 - let rec or_else'0 (_1:()) (return' (ret:()))= (! bb0 + let rec or_else'0[#"option.rs" 278 0 278 16] (_1:()) (return' (ret:()))= (! bb0 [ bb0 = s0 [ s0 = [ &none <- C_None'0 ] s1 | s1 = [ &some <- C_Some'0 ([%#soption0] (1 : int32)) ] s2 @@ -2984,7 +2984,7 @@ module M_option__insert [#"option.rs" 302 0 302 15] meta "compute_max_steps" 1000000 - let rec insert'0 (_1:()) (return' (ret:()))= (! bb0 + let rec insert'0[#"option.rs" 302 0 302 15] (_1:()) (return' (ret:()))= (! bb0 [ bb0 = s0 [ s0 = [ &none <- C_None'0 ] s1 | s1 = [ &some <- C_Some'0 ([%#soption0] (1 : int32)) ] s2 @@ -3170,7 +3170,7 @@ module M_option__get_or_insert [#"option.rs" 316 0 316 22] [ return' (result:t_Option'0)-> return' {result} ] - let rec closure0'0 (_1:()) (return' (ret:int32))= (! bb0 + let rec closure0'0[#"option.rs" 335 8 335 34] (_1:()) (return' (ret:int32))= (! bb0 [ bb0 = s0 [ s0 = [ &res <- [%#soption24] (2 : int32) ] s1 | s1 = [ &_0 <- res ] s2 | s2 = return' {_0} ] ] ) [ & _0 : int32 = any_l () | & res : int32 = any_l () ] [ return' (result:int32)-> {[@expl:closure ensures] [%#soption25] result = (2 : int32)} (! return' {result}) ] @@ -3206,7 +3206,7 @@ module M_option__get_or_insert [#"option.rs" 316 0 316 22] [ return' (result:t_Option'0)-> return' {result} ] - let rec closure1'0 (_1:()) (return' (ret:int32))= {[@expl:closure requires] [%#soption29] false} + let rec closure1'0[#"option.rs" 342 8 342 26] (_1:()) (return' (ret:int32))= {[@expl:closure requires] [%#soption29] false} (! bb0 [ bb0 = {false} any ] ) [ return' (result:int32)-> (! return' {result}) ] predicate inv'5 (_1 : ()) @@ -3241,7 +3241,7 @@ module M_option__get_or_insert [#"option.rs" 316 0 316 22] meta "compute_max_steps" 1000000 - let rec get_or_insert'0 (_1:()) (return' (ret:()))= (! bb0 + let rec get_or_insert'0[#"option.rs" 316 0 316 22] (_1:()) (return' (ret:()))= (! bb0 [ bb0 = s0 [ s0 = [ &none <- C_None'0 ] s1 | s1 = [ &some <- C_Some'0 ([%#soption0] (1 : int32)) ] s2 @@ -3413,7 +3413,7 @@ module M_option__take [#"option.rs" 350 0 350 13] meta "compute_max_steps" 1000000 - let rec take'0 (_1:()) (return' (ret:()))= (! bb0 + let rec take'0[#"option.rs" 350 0 350 13] (_1:()) (return' (ret:()))= (! bb0 [ bb0 = s0 [ s0 = [ &none <- C_None'0 ] s1 | s1 = [ &some <- C_Some'0 ([%#soption0] (1 : int32)) ] s2 @@ -3498,7 +3498,7 @@ module M_option__take_if [#"option.rs" 360 0 360 16] predicate resolve'0 (_1 : borrowed int32) = resolve'1 _1 - let rec closure0'0 (_1:()) (_2:borrowed int32) (return' (ret:bool))= {[@expl:closure requires] [%#soption6] false} + let rec closure0'0[#"option.rs" 366 12 366 30] (_1:()) (_2:borrowed int32) (return' (ret:bool))= {[@expl:closure requires] [%#soption6] false} (! bb0 [ bb0 = s0 [ s0 = -{resolve'0 _2}- s1 | s1 = {false} any ] ] ) [ & _2 : borrowed int32 = _2 ] [ return' (result:bool)-> (! return' {result}) ] @@ -3585,7 +3585,7 @@ module M_option__take_if [#"option.rs" 360 0 360 16] [ return' (result:bool)-> {[%#soption9] result = (deep_model'0 self = deep_model'0 other)} (! return' {result}) ] - let rec closure1'0 (_1:()) (x:borrowed int32) (return' (ret:bool))= (! bb0 + let rec closure1'0[#"option.rs" 373 12 373 32] (_1:()) (x:borrowed int32) (return' (ret:bool))= (! bb0 [ bb0 = s0 [ s0 = -{resolve'0 x}- s1 | s1 = Int32.eq {x.current} {[%#soption10] (2 : int32)} (fun (_ret':bool) -> [ &res1 <- _ret' ] s2) @@ -3645,7 +3645,7 @@ module M_option__take_if [#"option.rs" 360 0 360 16] [ return' (result:t_Option'0)-> return' {result} ] - let rec closure2'0 (_1:()) (x:borrowed int32) (return' (ret:bool))= (! bb0 + let rec closure2'0[#"option.rs" 381 12 381 34] (_1:()) (x:borrowed int32) (return' (ret:bool))= (! bb0 [ bb0 = s0 [ s0 = Int32.eq {x.current} {[%#soption14] (1 : int32)} (fun (_ret':bool) -> [ &res2 <- _ret' ] s1) | s1 = [ &x <- { x with current = ([%#soption15] (3 : int32)) } ] s2 @@ -3715,7 +3715,7 @@ module M_option__take_if [#"option.rs" 360 0 360 16] meta "compute_max_steps" 1000000 - let rec take_if'0 (_1:()) (return' (ret:()))= (! bb0 + let rec take_if'0[#"option.rs" 360 0 360 16] (_1:()) (return' (ret:()))= (! bb0 [ bb0 = s0 [ s0 = [ &none <- C_None'0 ] s1 | s1 = [ &some <- C_Some'0 ([%#soption0] (1 : int32)) ] s2 @@ -3928,7 +3928,7 @@ module M_option__copied_cloned [#"option.rs" 392 0 392 22] meta "compute_max_steps" 1000000 - let rec copied_cloned'0 (_1:()) (return' (ret:()))= (! bb0 + let rec copied_cloned'0[#"option.rs" 392 0 392 22] (_1:()) (return' (ret:()))= (! bb0 [ bb0 = s0 [ s0 = [ &none <- C_None'0 ] s1 | s1 = [ &some <- C_Some'0 ([%#soption0] (1 : int32)) ] s2 @@ -4281,7 +4281,7 @@ module M_option__zip_unzip [#"option.rs" 408 0 408 18] meta "compute_max_steps" 1000000 - let rec zip_unzip'0 (_1:()) (return' (ret:()))= (! bb0 + let rec zip_unzip'0[#"option.rs" 408 0 408 18] (_1:()) (return' (ret:()))= (! bb0 [ bb0 = s0 [ s0 = [ &none_int <- C_None'0 ] s1 | s1 = [ &none_bool <- C_None'1 ] s2 @@ -4515,7 +4515,7 @@ module M_option__transpose [#"option.rs" 430 0 430 18] meta "compute_max_steps" 1000000 - let rec transpose'0 (_1:()) (return' (ret:()))= (! bb0 + let rec transpose'0[#"option.rs" 430 0 430 18] (_1:()) (return' (ret:()))= (! bb0 [ bb0 = s0 [ s0 = [ &none <- C_None'0 ] s1 | s1 = [ &_3 <- C_Ok'0 ([%#soption0] (1 : int32)) ] s2 @@ -4626,7 +4626,7 @@ module M_option__flatten [#"option.rs" 440 0 440 16] meta "compute_max_steps" 1000000 - let rec flatten'0 (_1:()) (return' (ret:()))= (! bb0 + let rec flatten'0[#"option.rs" 440 0 440 16] (_1:()) (return' (ret:()))= (! bb0 [ bb0 = s0 [ s0 = [ &opt <- C_None'0 ] s1 | s1 = flatten'1 {opt} (fun (_ret':t_Option'0) -> [ &_5 <- _ret' ] s2) @@ -4749,7 +4749,7 @@ module M_option__resolve [#"option.rs" 449 0 449 16] use prelude.prelude.Intrinsic - let rec closure0'0 (_1:()) (_2:borrowed int32) (return' (ret:bool))= (! bb0 + let rec closure0'0[#"option.rs" 454 8 454 26] (_1:()) (_2:borrowed int32) (return' (ret:bool))= (! bb0 [ bb0 = s0 [ s0 = -{resolve'2 _2}- s1 | s1 = [ &res <- [%#soption41] true ] s2 @@ -4823,7 +4823,7 @@ module M_option__resolve [#"option.rs" 449 0 449 16] predicate resolve'1 (_1 : t_Option'1) = resolve'5 _1 - let rec closure1'0 (_1:()) (_2:borrowed int32) (return' (ret:bool))= (! bb0 + let rec closure1'0[#"option.rs" 474 8 474 27] (_1:()) (_2:borrowed int32) (return' (ret:bool))= (! bb0 [ bb0 = s0 [ s0 = [ &res <- [%#soption46] false ] s1 | s1 = [ &_0 <- res ] s2 | s2 = return' {_0} ] ] ) [ & _0 : bool = any_l () | & res : bool = any_l () ] [ return' (result:bool)-> {[@expl:closure ensures] [%#soption47] not result} (! return' {result}) ] @@ -4976,7 +4976,7 @@ module M_option__resolve [#"option.rs" 449 0 449 16] meta "compute_max_steps" 1000000 - let rec resolve'0 (_1:()) (return' (ret:()))= (! bb0 + let rec resolve'0[#"option.rs" 449 0 449 16] (_1:()) (return' (ret:()))= (! bb0 [ bb0 = s0 [ s0 = [ &x <- [%#soption0] (1 : int32) ] s1 | s1 = Borrow.borrow_mut {x} (fun (_ret':borrowed int32) -> [ &_3 <- _ret' ] [ &x <- _ret'.final ] s2) diff --git a/creusot/tests/should_succeed/ord_trait.coma b/creusot/tests/should_succeed/ord_trait.coma index 5b4291dba..c7c07cb6d 100644 --- a/creusot/tests/should_succeed/ord_trait.coma +++ b/creusot/tests/should_succeed/ord_trait.coma @@ -118,7 +118,7 @@ module M_ord_trait__x [#"ord_trait.rs" 5 0 7 29] meta "compute_max_steps" 1000000 - let rec x'0 (x:t_T'0) (return' (ret:bool))= {[@expl:x 'x' type invariant] [%#sord_trait0] inv'0 x} + let rec x'0[#"ord_trait.rs" 5 0 7 29] (x:t_T'0) (return' (ret:bool))= {[@expl:x 'x' type invariant] [%#sord_trait0] inv'0 x} (! bb0 [ bb0 = s0 [ s0 = le'0 {x} {x} (fun (_ret':bool) -> [ &_0 <- _ret' ] s1) | s1 = bb1 ] | bb1 = return' {_0} ] ) [ & _0 : bool = any_l () | & x : t_T'0 = x ] @@ -246,7 +246,7 @@ module M_ord_trait__gt_or_le [#"ord_trait.rs" 13 0 15 29] meta "compute_max_steps" 1000000 - let rec gt_or_le'0 (x:t_T'0) (y:t_T'0) (return' (ret:bool))= {[@expl:gt_or_le 'x' type invariant] [%#sord_trait0] inv'0 x} + let rec gt_or_le'0[#"ord_trait.rs" 13 0 15 29] (x:t_T'0) (y:t_T'0) (return' (ret:bool))= {[@expl:gt_or_le 'x' type invariant] [%#sord_trait0] inv'0 x} {[@expl:gt_or_le 'y' type invariant] [%#sord_trait1] inv'0 y} (! bb0 [ bb0 = s0 [ s0 = ge'0 {x} {y} (fun (_ret':bool) -> [ &_0 <- _ret' ] s1) | s1 = bb1 ] | bb1 = return' {_0} ] @@ -269,7 +269,7 @@ module M_ord_trait__gt_or_le_int [#"ord_trait.rs" 21 0 21 47] meta "compute_max_steps" 1000000 - let rec gt_or_le_int'0 (x:usize) (y:usize) (return' (ret:bool))= (! bb0 + let rec gt_or_le_int'0[#"ord_trait.rs" 21 0 21 47] (x:usize) (y:usize) (return' (ret:bool))= (! bb0 [ bb0 = s0 [ s0 = UIntSize.le {x} {y} (fun (_ret':bool) -> [ &_0 <- _ret' ] s1) | s1 = return' {_0} ] ] ) [ & _0 : bool = any_l () | & x : usize = x | & y : usize = y ] [ return' (result:bool)-> {[@expl:gt_or_le_int ensures] [%#sord_trait0] result diff --git a/creusot/tests/should_succeed/printing.coma b/creusot/tests/should_succeed/printing.coma index fa8dbbd4b..d79ef582e 100644 --- a/creusot/tests/should_succeed/printing.coma +++ b/creusot/tests/should_succeed/printing.coma @@ -127,7 +127,7 @@ module M_printing__f [#"printing.rs" 5 0 5 10] meta "compute_max_steps" 1000000 - let rec f'0 (_1:()) (return' (ret:()))= (! bb0 + let rec f'0[#"printing.rs" 5 0 5 10] (_1:()) (return' (ret:()))= (! bb0 [ bb0 = s0 [ s0 = promoted3__f'0 (fun (pr3:array string) -> [ &_30 <- pr3 ] s1) | s1 = [ &_5 <- _30 ] s2 diff --git a/creusot/tests/should_succeed/projection_toggle.coma b/creusot/tests/should_succeed/projection_toggle.coma index 8a92f573f..cc5ee8954 100644 --- a/creusot/tests/should_succeed/projection_toggle.coma +++ b/creusot/tests/should_succeed/projection_toggle.coma @@ -29,7 +29,7 @@ module M_projection_toggle__proj_toggle [#"projection_toggle.rs" 5 0 5 87] meta "compute_max_steps" 1000000 - let rec proj_toggle'0 (toggle:bool) (a:borrowed t_T'0) (b:borrowed t_T'0) (return' (ret:borrowed t_T'0))= {[@expl:proj_toggle 'a' type invariant] [%#sprojection_toggle0] inv'0 a} + let rec proj_toggle'0[#"projection_toggle.rs" 5 0 5 87] (toggle:bool) (a:borrowed t_T'0) (b:borrowed t_T'0) (return' (ret:borrowed t_T'0))= {[@expl:proj_toggle 'a' type invariant] [%#sprojection_toggle0] inv'0 a} {[@expl:proj_toggle 'b' type invariant] [%#sprojection_toggle1] inv'0 b} (! bb0 [ bb0 = any [ br0 -> {toggle = false} (! bb2) | br1 -> {toggle} (! bb1) ] @@ -148,7 +148,7 @@ module M_projection_toggle__f [#"projection_toggle.rs" 13 0 13 10] meta "compute_max_steps" 1000000 - let rec f'0 (_1:()) (return' (ret:()))= (! bb0 + let rec f'0[#"projection_toggle.rs" 13 0 13 10] (_1:()) (return' (ret:()))= (! bb0 [ bb0 = s0 [ s0 = [ &a <- [%#sprojection_toggle0] (10 : int32) ] s1 | s1 = [ &b <- [%#sprojection_toggle1] (5 : int32) ] s2 diff --git a/creusot/tests/should_succeed/projections.coma b/creusot/tests/should_succeed/projections.coma index 9357b11aa..e06d01cf3 100644 --- a/creusot/tests/should_succeed/projections.coma +++ b/creusot/tests/should_succeed/projections.coma @@ -7,7 +7,7 @@ module M_projections__copy_out_of_ref [#"projections.rs" 5 0 5 38] meta "compute_max_steps" 1000000 - let rec copy_out_of_ref'0 (x:uint32) (return' (ret:uint32))= (! bb0 + let rec copy_out_of_ref'0[#"projections.rs" 5 0 5 38] (x:uint32) (return' (ret:uint32))= (! bb0 [ bb0 = s0 [ s0 = [ &_0 <- x ] s1 | s1 = return' {_0} ] ] ) [ & _0 : uint32 = any_l () | & x : uint32 = x ] [ return' (result:uint32)-> (! return' {result}) ] end @@ -46,7 +46,7 @@ module M_projections__copy_out_of_sum [#"projections.rs" 9 0 9 60] meta "compute_max_steps" 1000000 - let rec copy_out_of_sum'0 (x:t_Result'0) (return' (ret:uint32))= (! bb0 + let rec copy_out_of_sum'0[#"projections.rs" 9 0 9 60] (x:t_Result'0) (return' (ret:uint32))= (! bb0 [ bb0 = any [ br0 (x0:borrowed uint32)-> {x = C_Ok'0 x0} (! bb2) | br1 (x0:borrowed uint32)-> {x = C_Err'0 x0} (! bb3) ] @@ -104,7 +104,7 @@ module M_projections__write_into_sum [#"projections.rs" 16 0 16 42] meta "compute_max_steps" 1000000 - let rec write_into_sum'0 (x:borrowed (t_Option'0)) (return' (ret:()))= (! bb0 + let rec write_into_sum'0[#"projections.rs" 16 0 16 42] (x:borrowed (t_Option'0)) (return' (ret:()))= (! bb0 [ bb0 = any [ br0 -> {x.current = C_None'0 } (! bb3) | br1 (x0:uint32)-> {x.current = C_Some'0 x0} (! bb2) ] | bb2 = bb4 | bb4 = s0 @@ -143,7 +143,7 @@ module M_projections__f [#"projections.rs" 23 0 23 10] meta "compute_max_steps" 1000000 - let rec f'0 (_1:()) (return' (ret:()))= (! bb0 + let rec f'0[#"projections.rs" 23 0 23 10] (_1:()) (return' (ret:()))= (! bb0 [ bb0 = s0 [ s0 = [ &_2 <- C_Some'0 ([%#sprojections0] (10 : int32)) ] s1 | s1 = any [ br0 -> {_2 = C_None'0 } (! bb3) | br1 (x0:int32)-> {_2 = C_Some'0 x0} (! bb2) ] ] diff --git a/creusot/tests/should_succeed/prophecy.coma b/creusot/tests/should_succeed/prophecy.coma index 8e63b0197..6ce17b350 100644 --- a/creusot/tests/should_succeed/prophecy.coma +++ b/creusot/tests/should_succeed/prophecy.coma @@ -17,7 +17,7 @@ module M_prophecy__f [#"prophecy.rs" 3 0 3 10] meta "compute_max_steps" 1000000 - let rec f'0 (_1:()) (return' (ret:()))= (! bb0 + let rec f'0[#"prophecy.rs" 3 0 3 10] (_1:()) (return' (ret:()))= (! bb0 [ bb0 = s0 [ s0 = [ &x <- [%#sprophecy0] (0 : int32) ] s1 | s1 = Borrow.borrow_mut {x} (fun (_ret':borrowed int32) -> [ &y <- _ret' ] [ &x <- _ret'.final ] s2) diff --git a/creusot/tests/should_succeed/purity.coma b/creusot/tests/should_succeed/purity.coma index d86f64c9e..f4e5cbbe8 100644 --- a/creusot/tests/should_succeed/purity.coma +++ b/creusot/tests/should_succeed/purity.coma @@ -3,9 +3,9 @@ module M_purity__qyi14899607085053415061__f [#"purity.rs" 12 4 12 10] (* (! return' {result}) ] - + let rec f'0[#"purity.rs" 12 4 12 10] (_1:()) (return' (ret:()))= (! bb0 [ bb0 = return' {_0} ] ) + [ & _0 : () = any_l () ] + [ return' (result:())-> (! return' {result}) ] end module M_purity__calls_f [#"purity.rs" 16 0 16 16] let%span spurity0 = "purity.rs" 17 4 17 21 @@ -16,7 +16,7 @@ module M_purity__calls_f [#"purity.rs" 16 0 16 16] meta "compute_max_steps" 1000000 - let rec calls_f'0 (_1:()) (return' (ret:()))= (! bb0 + let rec calls_f'0[#"purity.rs" 16 0 16 16] (_1:()) (return' (ret:()))= (! bb0 [ bb0 = s0 [ s0 = f'0 {[%#spurity0] ()} (fun (_ret':()) -> [ &_0 <- _ret' ] s1) | s1 = bb1 ] | bb1 = return' {_0} ] ) [ & _0 : () = any_l () ] [ return' (result:())-> (! return' {result}) ] @@ -38,7 +38,7 @@ module M_purity__result [#"purity.rs" 39 0 39 15] meta "compute_max_steps" 1000000 - let rec result'0 (_1:()) (return' (ret:()))= (! bb0 + let rec result'0[#"purity.rs" 39 0 39 15] (_1:()) (return' (ret:()))= (! bb0 [ bb0 = s0 [ s0 = {[@expl:assertion] [%#spurity0] calls_g'0 () = 1} s1 | s1 = return' {_0} ] ] ) [ & _0 : () = any_l () ] [ return' (result:())-> (! return' {result}) ] end diff --git a/creusot/tests/should_succeed/red_black_tree.coma b/creusot/tests/should_succeed/red_black_tree.coma index 1059f4a6b..acd0088ad 100644 --- a/creusot/tests/should_succeed/red_black_tree.coma +++ b/creusot/tests/should_succeed/red_black_tree.coma @@ -11,7 +11,7 @@ module M_red_black_tree__qyi11959472507597060150__clone [#"red_black_tree.rs" 12 meta "compute_max_steps" 1000000 - let rec clone'0 (self:t_Color'0) (return' (ret:t_Color'0))= (! bb0 + let rec clone'0[#"red_black_tree.rs" 12 9 12 14] (self:t_Color'0) (return' (ret:t_Color'0))= (! bb0 [ bb0 = any [ br0 -> {self = C_Red'0 } (! bb2) | br1 -> {self = C_Black'0 } (! bb3) ] | bb3 = s0 [ s0 = [ &_0 <- C_Black'0 ] s1 | s1 = bb5 ] | bb2 = bb4 @@ -1083,7 +1083,7 @@ module M_red_black_tree__qyi2476155906044564626__is_red [#"red_black_tree.rs" 41 meta "compute_max_steps" 1000000 - let rec is_red'0 (self:t_Tree'0) (return' (ret:bool))= {[@expl:is_red 'self' type invariant] [%#sred_black_tree2] inv'0 self} + let rec is_red'0[#"red_black_tree.rs" 412 4 412 28] (self:t_Tree'0) (return' (ret:bool))= {[@expl:is_red 'self' type invariant] [%#sred_black_tree2] inv'0 self} (! bb0 [ bb0 = any [ br0 -> {self.t_Tree__node'0 = C_None'0 } (! bb6) @@ -1468,7 +1468,7 @@ module M_red_black_tree__qyi17561227306860881838__rotate_right [#"red_black_tree meta "compute_max_steps" 1000000 - let rec rotate_right'0 (self:borrowed (t_Node'0)) (return' (ret:()))= {[@expl:rotate_right 'self' type invariant] [%#sred_black_tree2] inv'7 self} + let rec rotate_right'0[#"red_black_tree.rs" 436 4 436 30] (self:borrowed (t_Node'0)) (return' (ret:()))= {[@expl:rotate_right 'self' type invariant] [%#sred_black_tree2] inv'7 self} {[@expl:rotate_right requires #0] [%#sred_black_tree3] internal_invariant'0 self.current} {[@expl:rotate_right requires #1] [%#sred_black_tree4] color'0 (self.current).t_Node__left'0 = C_Red'0} (! bb0 @@ -2009,7 +2009,7 @@ module M_red_black_tree__qyi17561227306860881838__rotate_left [#"red_black_tree. meta "compute_max_steps" 1000000 - let rec rotate_left'0 (self:borrowed (t_Node'0)) (return' (ret:()))= {[@expl:rotate_left 'self' type invariant] [%#sred_black_tree2] inv'7 self} + let rec rotate_left'0[#"red_black_tree.rs" 486 4 486 29] (self:borrowed (t_Node'0)) (return' (ret:()))= {[@expl:rotate_left 'self' type invariant] [%#sred_black_tree2] inv'7 self} {[@expl:rotate_left requires #0] [%#sred_black_tree3] internal_invariant'0 self.current} {[@expl:rotate_left requires #1] [%#sred_black_tree4] color'0 (self.current).t_Node__right'0 = C_Red'0} (! bb0 @@ -2517,7 +2517,7 @@ module M_red_black_tree__qyi17561227306860881838__flip_colors [#"red_black_tree. meta "compute_max_steps" 1000000 - let rec flip_colors'0 (self:borrowed (t_Node'0)) (return' (ret:()))= {[@expl:flip_colors 'self' type invariant] [%#sred_black_tree0] inv'2 self} + let rec flip_colors'0[#"red_black_tree.rs" 510 4 510 29] (self:borrowed (t_Node'0)) (return' (ret:()))= {[@expl:flip_colors 'self' type invariant] [%#sred_black_tree0] inv'2 self} {[@expl:flip_colors requires #0] [%#sred_black_tree1] internal_invariant'0 self.current} {[@expl:flip_colors requires #1] [%#sred_black_tree2] ((self.current).t_Node__left'0).t_Tree__node'0 <> C_None'0} {[@expl:flip_colors requires #2] [%#sred_black_tree3] ((self.current).t_Node__right'0).t_Tree__node'0 <> C_None'0} @@ -3082,7 +3082,7 @@ module M_red_black_tree__qyi17561227306860881838__balance [#"red_black_tree.rs" meta "compute_max_steps" 1000000 - let rec balance'0 (self:borrowed (t_Node'0)) (return' (ret:()))= {[@expl:balance 'self' type invariant] [%#sred_black_tree0] inv'1 self} + let rec balance'0[#"red_black_tree.rs" 534 4 534 25] (self:borrowed (t_Node'0)) (return' (ret:()))= {[@expl:balance 'self' type invariant] [%#sred_black_tree0] inv'1 self} {[@expl:balance requires #0] [%#sred_black_tree1] internal_invariant'0 self.current} {[@expl:balance requires #1] [%#sred_black_tree2] (self.current).t_Node__color'0 = C_Red'0 /\ color'0 (self.current).t_Node__left'0 = C_Red'0 -> color_invariant'0 (self.current).t_Node__left'0} @@ -3665,7 +3665,7 @@ module M_red_black_tree__qyi17561227306860881838__move_red_left [#"red_black_tre meta "compute_max_steps" 1000000 - let rec move_red_left'0 (self:borrowed (t_Node'0)) (return' (ret:borrowed (t_Node'0)))= {[@expl:move_red_left 'self' type invariant] [%#sred_black_tree0] inv'3 self} + let rec move_red_left'0[#"red_black_tree.rs" 566 4 566 44] (self:borrowed (t_Node'0)) (return' (ret:borrowed (t_Node'0)))= {[@expl:move_red_left 'self' type invariant] [%#sred_black_tree0] inv'3 self} {[@expl:move_red_left requires #0] [%#sred_black_tree1] ((self.current).t_Node__right'0).t_Tree__node'0 <> C_None'0} {[@expl:move_red_left requires #1] [%#sred_black_tree2] internal_invariant'0 self.current} {[@expl:move_red_left requires #2] [%#sred_black_tree3] match_n'0 (cpn'0 (C_Red'0) (cpn'0 (C_Black'0) (C_CPL'0 (C_Black'0)) (C_CPL'0 (C_Black'0))) (C_CPL'0 (C_Black'0))) self.current} @@ -4268,7 +4268,7 @@ module M_red_black_tree__qyi17561227306860881838__move_red_right [#"red_black_tr meta "compute_max_steps" 1000000 - let rec move_red_right'0 (self:borrowed (t_Node'0)) (return' (ret:borrowed (t_Node'0)))= {[@expl:move_red_right 'self' type invariant] [%#sred_black_tree0] inv'3 self} + let rec move_red_right'0[#"red_black_tree.rs" 595 4 595 45] (self:borrowed (t_Node'0)) (return' (ret:borrowed (t_Node'0)))= {[@expl:move_red_right 'self' type invariant] [%#sred_black_tree0] inv'3 self} {[@expl:move_red_right requires #0] [%#sred_black_tree1] ((self.current).t_Node__left'0).t_Tree__node'0 <> C_None'0} {[@expl:move_red_right requires #1] [%#sred_black_tree2] internal_invariant'0 self.current} {[@expl:move_red_right requires #2] [%#sred_black_tree3] match_n'0 (cpn'0 (C_Red'0) (C_CPL'0 (C_Black'0)) (cpn'0 (C_Black'0) (C_CPL'0 (C_Black'0)) (C_CPL'0 (C_Black'0)))) self.current} @@ -4824,7 +4824,7 @@ module M_red_black_tree__qyi2476155906044564626__insert_rec [#"red_black_tree.rs meta "compute_max_steps" 1000000 - let rec insert_rec'0 (self:borrowed (t_Tree'0)) (key:t_K'0) (val':t_V'0) (return' (ret:()))= {[@expl:insert_rec 'self' type invariant] [%#sred_black_tree0] inv'2 self} + let rec insert_rec'0[#"red_black_tree.rs" 618 4 618 44] (self:borrowed (t_Tree'0)) (key:t_K'0) (val':t_V'0) (return' (ret:()))= {[@expl:insert_rec 'self' type invariant] [%#sred_black_tree0] inv'2 self} {[@expl:insert_rec 'key' type invariant] [%#sred_black_tree1] inv'5 key} {[@expl:insert_rec 'val' type invariant] [%#sred_black_tree2] inv'6 val'} {[@expl:insert_rec requires #0] [%#sred_black_tree3] internal_invariant'0 self.current} @@ -5597,7 +5597,7 @@ module M_red_black_tree__qyi2476155906044564626__delete_max_rec [#"red_black_tre meta "compute_max_steps" 1000000 - let rec delete_max_rec'0 (self:borrowed (t_Tree'0)) (return' (ret:(t_K'0, t_V'0)))= {[@expl:delete_max_rec 'self' type invariant] [%#sred_black_tree0] inv'6 self} + let rec delete_max_rec'0[#"red_black_tree.rs" 652 4 652 42] (self:borrowed (t_Tree'0)) (return' (ret:(t_K'0, t_V'0)))= {[@expl:delete_max_rec 'self' type invariant] [%#sred_black_tree0] inv'6 self} {[@expl:delete_max_rec requires #0] [%#sred_black_tree1] internal_invariant'0 self.current} {[@expl:delete_max_rec requires #1] [%#sred_black_tree2] match_t'0 (C_CPL'0 (C_Red'0)) self.current \/ match_t'0 (cpn'0 (C_Black'0) (C_CPL'0 (C_Red'0)) (C_CPL'0 (C_Black'0))) self.current} @@ -6371,7 +6371,7 @@ module M_red_black_tree__qyi2476155906044564626__delete_min_rec [#"red_black_tre meta "compute_max_steps" 1000000 - let rec delete_min_rec'0 (self:borrowed (t_Tree'0)) (return' (ret:(t_K'0, t_V'0)))= {[@expl:delete_min_rec 'self' type invariant] [%#sred_black_tree0] inv'6 self} + let rec delete_min_rec'0[#"red_black_tree.rs" 680 4 680 42] (self:borrowed (t_Tree'0)) (return' (ret:(t_K'0, t_V'0)))= {[@expl:delete_min_rec 'self' type invariant] [%#sred_black_tree0] inv'6 self} {[@expl:delete_min_rec requires #0] [%#sred_black_tree1] internal_invariant'0 self.current} {[@expl:delete_min_rec requires #1] [%#sred_black_tree2] match_t'0 (C_CPL'0 (C_Red'0)) self.current \/ match_t'0 (cpn'0 (C_Black'0) (C_CPL'0 (C_Red'0)) (C_CPL'0 (C_Black'0))) self.current} @@ -7386,7 +7386,7 @@ module M_red_black_tree__qyi2476155906044564626__delete_rec [#"red_black_tree.rs meta "compute_max_steps" 1000000 - let rec delete_rec'0 (self:borrowed (t_Tree'0)) (key:t_K'0) (return' (ret:t_Option'2))= {[@expl:delete_rec 'self' type invariant] [%#sred_black_tree1] inv'7 self} + let rec delete_rec'0[#"red_black_tree.rs" 706 4 706 55] (self:borrowed (t_Tree'0)) (key:t_K'0) (return' (ret:t_Option'2))= {[@expl:delete_rec 'self' type invariant] [%#sred_black_tree1] inv'7 self} {[@expl:delete_rec 'key' type invariant] [%#sred_black_tree2] inv'12 key} {[@expl:delete_rec requires #0] [%#sred_black_tree3] internal_invariant'0 self.current} {[@expl:delete_rec requires #1] [%#sred_black_tree4] match_t'0 (C_CPL'0 (C_Red'0)) self.current @@ -8325,7 +8325,7 @@ module M_red_black_tree__qyi1501420612169366910__new [#"red_black_tree.rs" 803 4 meta "compute_max_steps" 1000000 - let rec new'0 (_1:()) (return' (ret:t_Map'0))= (! bb0 + let rec new'0[#"red_black_tree.rs" 803 4 803 24] (_1:()) (return' (ret:t_Map'0))= (! bb0 [ bb0 = s0 [ s0 = [ &_3 <- C_None'0 ] s1 | s1 = [ &_2 <- { t_Tree__node'0 = _3 } ] s2 | s2 = bb1 ] | bb1 = s0 [ s0 = [ &_0 <- { t_Map__0'0 = _2 } ] s1 | s1 = bb2 ] | bb2 = return' {_0} ] @@ -8762,7 +8762,7 @@ module M_red_black_tree__qyi1501420612169366910__insert [#"red_black_tree.rs" 80 meta "compute_max_steps" 1000000 - let rec insert'0 (self:borrowed (t_Map'0)) (key:t_K'0) (val':t_V'0) (return' (ret:()))= {[@expl:insert 'self' type invariant] [%#sred_black_tree1] inv'3 self} + let rec insert'0[#"red_black_tree.rs" 808 4 808 44] (self:borrowed (t_Map'0)) (key:t_K'0) (val':t_V'0) (return' (ret:()))= {[@expl:insert 'self' type invariant] [%#sred_black_tree1] inv'3 self} {[@expl:insert 'key' type invariant] [%#sred_black_tree2] inv'4 key} {[@expl:insert 'val' type invariant] [%#sred_black_tree3] inv'5 val'} (! bb0 @@ -9305,7 +9305,7 @@ module M_red_black_tree__qyi1501420612169366910__delete_max [#"red_black_tree.rs meta "compute_max_steps" 1000000 - let rec delete_max'0 (self:borrowed (t_Map'0)) (return' (ret:t_Option'2))= {[@expl:delete_max 'self' type invariant] [%#sred_black_tree3] inv'2 self} + let rec delete_max'0[#"red_black_tree.rs" 820 4 820 50] (self:borrowed (t_Map'0)) (return' (ret:t_Option'2))= {[@expl:delete_max 'self' type invariant] [%#sred_black_tree3] inv'2 self} (! bb0 [ bb0 = s0 [ s0 = [ &old_self <- [%#sred_black_tree0] Snapshot.new self ] s1 | s1 = bb1 ] | bb1 = s0 @@ -9898,7 +9898,7 @@ module M_red_black_tree__qyi1501420612169366910__delete_min [#"red_black_tree.rs meta "compute_max_steps" 1000000 - let rec delete_min'0 (self:borrowed (t_Map'0)) (return' (ret:t_Option'2))= {[@expl:delete_min 'self' type invariant] [%#sred_black_tree1] inv'2 self} + let rec delete_min'0[#"red_black_tree.rs" 845 4 845 50] (self:borrowed (t_Map'0)) (return' (ret:t_Option'2))= {[@expl:delete_min 'self' type invariant] [%#sred_black_tree1] inv'2 self} (! bb0 [ bb0 = s0 [ s0 = [ &_3 <- [%#sred_black_tree0] Snapshot.new () ] s1 | s1 = bb1 ] | bb1 = s0 @@ -10502,7 +10502,7 @@ module M_red_black_tree__qyi1501420612169366910__delete [#"red_black_tree.rs" 86 meta "compute_max_steps" 1000000 - let rec delete'0 (self:borrowed (t_Map'0)) (key:t_K'0) (return' (ret:t_Option'1))= {[@expl:delete 'self' type invariant] [%#sred_black_tree1] inv'2 self} + let rec delete'0[#"red_black_tree.rs" 868 4 868 55] (self:borrowed (t_Map'0)) (key:t_K'0) (return' (ret:t_Option'1))= {[@expl:delete 'self' type invariant] [%#sred_black_tree1] inv'2 self} {[@expl:delete 'key' type invariant] [%#sred_black_tree2] inv'6 key} (! bb0 [ bb0 = s0 [ s0 = [ &_5 <- [%#sred_black_tree0] Snapshot.new () ] s1 | s1 = bb1 ] @@ -10993,7 +10993,7 @@ module M_red_black_tree__qyi1501420612169366910__get [#"red_black_tree.rs" 889 4 meta "compute_max_steps" 1000000 - let rec get'0 (self:t_Map'0) (key:t_K'0) (return' (ret:t_Option'0))= {[@expl:get 'self' type invariant] [%#sred_black_tree4] inv'1 self} + let rec get'0[#"red_black_tree.rs" 889 4 889 44] (self:t_Map'0) (key:t_K'0) (return' (ret:t_Option'0))= {[@expl:get 'self' type invariant] [%#sred_black_tree4] inv'1 self} {[@expl:get 'key' type invariant] [%#sred_black_tree5] inv'2 key} (! bb0 [ bb0 = s0 [ s0 = [ &_5 <- [%#sred_black_tree0] Snapshot.new () ] s1 | s1 = bb1 ] @@ -11494,7 +11494,7 @@ module M_red_black_tree__qyi1501420612169366910__get_mut [#"red_black_tree.rs" 9 meta "compute_max_steps" 1000000 - let rec get_mut'0 (self:borrowed (t_Map'0)) (key:t_K'0) (return' (ret:t_Option'1))= {[@expl:get_mut 'self' type invariant] [%#sred_black_tree12] inv'8 self} + let rec get_mut'0[#"red_black_tree.rs" 910 4 910 56] (self:borrowed (t_Map'0)) (key:t_K'0) (return' (ret:t_Option'1))= {[@expl:get_mut 'self' type invariant] [%#sred_black_tree12] inv'8 self} {[@expl:get_mut 'key' type invariant] [%#sred_black_tree13] inv'9 key} (! bb0 [ bb0 = s0 [ s0 = [ &_5 <- [%#sred_black_tree0] Snapshot.new () ] s1 | s1 = bb1 ] diff --git a/creusot/tests/should_succeed/replace.coma b/creusot/tests/should_succeed/replace.coma index f2b60a5e0..f6ca34147 100644 --- a/creusot/tests/should_succeed/replace.coma +++ b/creusot/tests/should_succeed/replace.coma @@ -11,7 +11,7 @@ module M_replace__test [#"replace.rs" 8 0 8 44] meta "compute_max_steps" 1000000 - let rec test'0 (_a:t_Something'0) (b:t_Something'0) (return' (ret:()))= (! bb0 + let rec test'0[#"replace.rs" 8 0 8 44] (_a:t_Something'0) (b:t_Something'0) (return' (ret:()))= (! bb0 [ bb0 = bb1 | bb1 = s0 [ s0 = [ &_a <- b ] s1 | s1 = bb3 ] | bb3 = bb4 | bb4 = bb5 | bb5 = return' {_0} ] ) [ & _0 : () = any_l () | & _a : t_Something'0 = _a | & b : t_Something'0 = b ] [ return' (result:())-> (! return' {result}) ] diff --git a/creusot/tests/should_succeed/resolve_drop.coma b/creusot/tests/should_succeed/resolve_drop.coma index d1076cc2d..6d3b959bd 100644 --- a/creusot/tests/should_succeed/resolve_drop.coma +++ b/creusot/tests/should_succeed/resolve_drop.coma @@ -20,7 +20,7 @@ module M_resolve_drop__f [#"resolve_drop.rs" 4 0 4 10] meta "compute_max_steps" 1000000 - let rec f'0 (_1:()) (return' (ret:()))= (! bb0 + let rec f'0[#"resolve_drop.rs" 4 0 4 10] (_1:()) (return' (ret:()))= (! bb0 [ bb0 = s0 [ s0 = [ &x <- [%#sresolve_drop0] (12 : int32) ] s1 | s1 = Borrow.borrow_mut {x} (fun (_ret':borrowed int32) -> [ &_3 <- _ret' ] [ &x <- _ret'.final ] s2) diff --git a/creusot/tests/should_succeed/resolve_uninit.coma b/creusot/tests/should_succeed/resolve_uninit.coma index 120dc0e03..c57dea8b4 100644 --- a/creusot/tests/should_succeed/resolve_uninit.coma +++ b/creusot/tests/should_succeed/resolve_uninit.coma @@ -22,7 +22,7 @@ module M_resolve_uninit__maybe_uninit [#"resolve_uninit.rs" 5 0 5 51] meta "compute_max_steps" 1000000 - let rec maybe_uninit'0 (b:bool) (y:t_T'0) (return' (ret:t_T'0))= {[@expl:maybe_uninit 'y' type invariant] [%#sresolve_uninit1] inv'0 y} + let rec maybe_uninit'0[#"resolve_uninit.rs" 5 0 5 51] (b:bool) (y:t_T'0) (return' (ret:t_T'0))= {[@expl:maybe_uninit 'y' type invariant] [%#sresolve_uninit1] inv'0 y} (! bb0 [ bb0 = any [ br0 -> {b = false} (! bb6) | br1 -> {b} (! bb1) ] | bb1 = s0 [ s0 = default'0 {[%#sresolve_uninit0] ()} (fun (_ret':t_T'0) -> [ &_6 <- _ret' ] s1) | s1 = bb2 ] @@ -62,7 +62,7 @@ module M_resolve_uninit__init_join [#"resolve_uninit.rs" 15 0 15 37] meta "compute_max_steps" 1000000 - let rec init_join'0 (b:bool) (x:int32) (return' (ret:()))= (! bb0 + let rec init_join'0[#"resolve_uninit.rs" 15 0 15 37] (b:bool) (x:int32) (return' (ret:()))= (! bb0 [ bb0 = any [ br0 -> {b = false} (! bb2) | br1 -> {b} (! bb1) ] | bb1 = s0 [ s0 = Borrow.borrow_mut {x} (fun (_ret':borrowed int32) -> [ &_8 <- _ret' ] [ &x <- _ret'.final ] s1) diff --git a/creusot/tests/should_succeed/result/own.coma b/creusot/tests/should_succeed/result/own.coma index d458caa7d..28a2cef30 100644 --- a/creusot/tests/should_succeed/result/own.coma +++ b/creusot/tests/should_succeed/result/own.coma @@ -74,7 +74,7 @@ module M_own__qyi6204940358182728290__is_ok [#"own.rs" 31 4 31 31] (* OwnResult< meta "compute_max_steps" 1000000 - let rec is_ok'0 (self:t_OwnResult'0) (return' (ret:bool))= {[@expl:is_ok 'self' type invariant] [%#sown0] inv'0 self} + let rec is_ok'0[#"own.rs" 31 4 31 31] (self:t_OwnResult'0) (return' (ret:bool))= {[@expl:is_ok 'self' type invariant] [%#sown0] inv'0 self} (! bb0 [ bb0 = any [ br0 (x0:t_T'0)-> {self = C_Ok'0 x0} (! bb2) | br1 (x0:t_E'0)-> {self = C_Err'0 x0} (! bb1) ] | bb1 = s0 [ s0 = [ &_0 <- false ] s1 | s1 = bb4 ] @@ -129,7 +129,7 @@ module M_own__qyi6204940358182728290__is_err [#"own.rs" 36 4 36 32] (* OwnResult meta "compute_max_steps" 1000000 - let rec is_err'0 (self:t_OwnResult'0) (return' (ret:bool))= {[@expl:is_err 'self' type invariant] [%#sown0] inv'0 self} + let rec is_err'0[#"own.rs" 36 4 36 32] (self:t_OwnResult'0) (return' (ret:bool))= {[@expl:is_err 'self' type invariant] [%#sown0] inv'0 self} (! bb0 [ bb0 = s0 [ s0 = is_ok'0 {self} (fun (_ret':bool) -> [ &_3 <- _ret' ] s1) | s1 = bb1 ] | bb1 = s0 [ s0 = [ &_0 <- not _3 ] s1 | s1 = return' {_0} ] ] @@ -194,7 +194,7 @@ module M_own__qyi6204940358182728290__ok [#"own.rs" 42 4 42 32] (* OwnResult {self = C_Ok'0 x0} (! bb2) | br1 (x0:t_E'0)-> {self = C_Err'0 x0} (! bb3) ] | bb3 = s0 @@ -503,7 +503,7 @@ module M_own__qyi6204940358182728290__as_mut [#"own.rs" 77 4 77 57] (* OwnResult meta "compute_max_steps" 1000000 - let rec as_mut'0 (self:borrowed (t_OwnResult'1)) (return' (ret:t_OwnResult'0))= {[@expl:as_mut 'self' type invariant] [%#sown0] inv'4 self} + let rec as_mut'0[#"own.rs" 77 4 77 57] (self:borrowed (t_OwnResult'1)) (return' (ret:t_OwnResult'0))= {[@expl:as_mut 'self' type invariant] [%#sown0] inv'4 self} (! bb0 [ bb0 = any [ br0 (x0:t_T'0)-> {self.current = C_Ok'0 x0} (! bb2) | br1 (x0:t_E'0)-> {self.current = C_Err'0 x0} (! bb3) ] @@ -614,7 +614,7 @@ module M_own__qyi6204940358182728290__unwrap [#"own.rs" 86 4 88 29] (* OwnResult meta "compute_max_steps" 1000000 - let rec unwrap'0 (self:t_OwnResult'0) (return' (ret:t_T'0))= {[@expl:unwrap 'self' type invariant] [%#sown0] inv'1 self} + let rec unwrap'0[#"own.rs" 86 4 88 29] (self:t_OwnResult'0) (return' (ret:t_T'0))= {[@expl:unwrap 'self' type invariant] [%#sown0] inv'1 self} {[@expl:unwrap requires] [%#sown1] exists t : t_T'0 . self = C_Ok'0 t} (! bb0 [ bb0 = bb1 @@ -680,7 +680,7 @@ module M_own__qyi6204940358182728290__expect [#"own.rs" 98 4 100 29] (* OwnResul meta "compute_max_steps" 1000000 - let rec expect'0 (self:t_OwnResult'0) (msg:string) (return' (ret:t_T'0))= {[@expl:expect 'self' type invariant] [%#sown0] inv'1 self} + let rec expect'0[#"own.rs" 98 4 100 29] (self:t_OwnResult'0) (msg:string) (return' (ret:t_T'0))= {[@expl:expect 'self' type invariant] [%#sown0] inv'1 self} {[@expl:expect requires] [%#sown1] exists t : t_T'0 . self = C_Ok'0 t} (! bb0 [ bb0 = bb1 @@ -746,7 +746,7 @@ module M_own__qyi6204940358182728290__unwrap_err [#"own.rs" 110 4 112 29] (* Own meta "compute_max_steps" 1000000 - let rec unwrap_err'0 (self:t_OwnResult'0) (return' (ret:t_E'0))= {[@expl:unwrap_err 'self' type invariant] [%#sown0] inv'1 self} + let rec unwrap_err'0[#"own.rs" 110 4 112 29] (self:t_OwnResult'0) (return' (ret:t_E'0))= {[@expl:unwrap_err 'self' type invariant] [%#sown0] inv'1 self} {[@expl:unwrap_err requires] [%#sown1] exists e : t_E'0 . self = C_Err'0 e} (! bb0 [ bb0 = bb1 @@ -815,7 +815,7 @@ module M_own__qyi6204940358182728290__unwrap_or [#"own.rs" 122 4 122 43] (* OwnR meta "compute_max_steps" 1000000 - let rec unwrap_or'0 (self:t_OwnResult'0) (default:t_T'0) (return' (ret:t_T'0))= {[@expl:unwrap_or 'self' type invariant] [%#sown0] inv'2 self} + let rec unwrap_or'0[#"own.rs" 122 4 122 43] (self:t_OwnResult'0) (default:t_T'0) (return' (ret:t_T'0))= {[@expl:unwrap_or 'self' type invariant] [%#sown0] inv'2 self} {[@expl:unwrap_or 'default' type invariant] [%#sown1] inv'1 default} (! bb0 [ bb0 = bb1 @@ -907,7 +907,7 @@ module M_own__qyi6204940358182728290__unwrap_or_default [#"own.rs" 132 4 134 19] meta "compute_max_steps" 1000000 - let rec unwrap_or_default'0 (self:t_OwnResult'0) (return' (ret:t_T'0))= {[@expl:unwrap_or_default 'self' type invariant] [%#sown1] inv'0 self} + let rec unwrap_or_default'0[#"own.rs" 132 4 134 19] (self:t_OwnResult'0) (return' (ret:t_T'0))= {[@expl:unwrap_or_default 'self' type invariant] [%#sown1] inv'0 self} (! bb0 [ bb0 = bb1 | bb1 = bb2 @@ -1005,7 +1005,7 @@ module M_own__qyi6204940358182728290__and [#"own.rs" 144 4 144 64] (* OwnResult< meta "compute_max_steps" 1000000 - let rec and'0 (self:t_OwnResult'1) (res:t_OwnResult'0) (return' (ret:t_OwnResult'0))= {[@expl:and 'self' type invariant] [%#sown0] inv'2 self} + let rec and'0[#"own.rs" 144 4 144 64] (self:t_OwnResult'1) (res:t_OwnResult'0) (return' (ret:t_OwnResult'0))= {[@expl:and 'self' type invariant] [%#sown0] inv'2 self} {[@expl:and 'res' type invariant] [%#sown1] inv'0 res} (! bb0 [ bb0 = bb1 @@ -1120,7 +1120,7 @@ module M_own__qyi6204940358182728290__or [#"own.rs" 154 4 154 63] (* OwnResult [ &_6 <- _ret' ] s1) | s1 = any [ br0 -> {_6 = false} (! bb2) | br1 -> {_6} (! bb1) ] ] @@ -98,7 +98,7 @@ module M_inc_max__inc_max [#"inc_max.rs" 15 0 15 38] meta "compute_max_steps" 1000000 - let rec inc_max'0 (a:uint32) (b:uint32) (return' (ret:()))= {[@expl:inc_max requires] [%#sinc_max2] a + let rec inc_max'0[#"inc_max.rs" 15 0 15 38] (a:uint32) (b:uint32) (return' (ret:()))= {[@expl:inc_max requires] [%#sinc_max2] a <= (1000000 : uint32) /\ b <= (1000000 : uint32)} (! bb0 diff --git a/creusot/tests/should_succeed/rusthorn/inc_max_3.coma b/creusot/tests/should_succeed/rusthorn/inc_max_3.coma index 5bfcb091b..b76bcc81d 100644 --- a/creusot/tests/should_succeed/rusthorn/inc_max_3.coma +++ b/creusot/tests/should_succeed/rusthorn/inc_max_3.coma @@ -32,7 +32,7 @@ module M_inc_max_3__inc_max_3 [#"inc_max_3.rs" 12 0 12 79] meta "compute_max_steps" 1000000 - let rec inc_max_3'0 (ma:borrowed uint32) (mb:borrowed uint32) (mc:borrowed uint32) (return' (ret:()))= {[@expl:inc_max_3 requires] [%#sinc_max_32] ma.current + let rec inc_max_3'0[#"inc_max_3.rs" 12 0 12 79] (ma:borrowed uint32) (mb:borrowed uint32) (mc:borrowed uint32) (return' (ret:()))= {[@expl:inc_max_3 requires] [%#sinc_max_32] ma.current <= (1000000 : uint32) /\ mb.current <= (1000000 : uint32) /\ mc.current <= (1000000 : uint32)} (! bb0 @@ -177,7 +177,7 @@ module M_inc_max_3__test_inc_max_3 [#"inc_max_3.rs" 27 0 27 57] meta "compute_max_steps" 1000000 - let rec test_inc_max_3'0 (a:uint32) (b:uint32) (c:uint32) (return' (ret:()))= {[@expl:test_inc_max_3 requires] [%#sinc_max_31] a + let rec test_inc_max_3'0[#"inc_max_3.rs" 27 0 27 57] (a:uint32) (b:uint32) (c:uint32) (return' (ret:()))= {[@expl:test_inc_max_3 requires] [%#sinc_max_31] a <= (1000000 : uint32) /\ b <= (1000000 : uint32) /\ c <= (1000000 : uint32)} (! bb0 diff --git a/creusot/tests/should_succeed/rusthorn/inc_max_many.coma b/creusot/tests/should_succeed/rusthorn/inc_max_many.coma index c742bf335..0a87adf57 100644 --- a/creusot/tests/should_succeed/rusthorn/inc_max_many.coma +++ b/creusot/tests/should_succeed/rusthorn/inc_max_many.coma @@ -18,7 +18,7 @@ module M_inc_max_many__take_max [#"inc_max_many.rs" 6 0 6 64] meta "compute_max_steps" 1000000 - let rec take_max'0 (ma:borrowed uint32) (mb:borrowed uint32) (return' (ret:borrowed uint32))= (! bb0 + let rec take_max'0[#"inc_max_many.rs" 6 0 6 64] (ma:borrowed uint32) (mb:borrowed uint32) (return' (ret:borrowed uint32))= (! bb0 [ bb0 = s0 [ s0 = UInt32.ge {ma.current} {mb.current} (fun (_ret':bool) -> [ &_6 <- _ret' ] s1) | s1 = any [ br0 -> {_6 = false} (! bb2) | br1 -> {_6} (! bb1) ] ] @@ -97,7 +97,7 @@ module M_inc_max_many__inc_max_many [#"inc_max_many.rs" 15 0 15 51] meta "compute_max_steps" 1000000 - let rec inc_max_many'0 (a:uint32) (b:uint32) (k:uint32) (return' (ret:()))= {[@expl:inc_max_many requires] [%#sinc_max_many1] a + let rec inc_max_many'0[#"inc_max_many.rs" 15 0 15 51] (a:uint32) (b:uint32) (k:uint32) (return' (ret:()))= {[@expl:inc_max_many requires] [%#sinc_max_many1] a <= (1000000 : uint32) /\ b <= (1000000 : uint32) /\ k <= (1000000 : uint32)} (! bb0 diff --git a/creusot/tests/should_succeed/rusthorn/inc_max_repeat.coma b/creusot/tests/should_succeed/rusthorn/inc_max_repeat.coma index c0b381989..25789539e 100644 --- a/creusot/tests/should_succeed/rusthorn/inc_max_repeat.coma +++ b/creusot/tests/should_succeed/rusthorn/inc_max_repeat.coma @@ -18,7 +18,7 @@ module M_inc_max_repeat__take_max [#"inc_max_repeat.rs" 6 0 6 64] meta "compute_max_steps" 1000000 - let rec take_max'0 (ma:borrowed uint32) (mb:borrowed uint32) (return' (ret:borrowed uint32))= (! bb0 + let rec take_max'0[#"inc_max_repeat.rs" 6 0 6 64] (ma:borrowed uint32) (mb:borrowed uint32) (return' (ret:borrowed uint32))= (! bb0 [ bb0 = s0 [ s0 = UInt32.ge {ma.current} {mb.current} (fun (_ret':bool) -> [ &_6 <- _ret' ] s1) | s1 = any [ br0 -> {_6 = false} (! bb2) | br1 -> {_6} (! bb1) ] ] @@ -223,7 +223,7 @@ module M_inc_max_repeat__inc_max_repeat [#"inc_max_repeat.rs" 15 0 15 53] meta "compute_max_steps" 1000000 - let rec inc_max_repeat'0 (a:uint32) (b:uint32) (n:uint32) (return' (ret:()))= {[@expl:inc_max_repeat requires] [%#sinc_max_repeat9] a + let rec inc_max_repeat'0[#"inc_max_repeat.rs" 15 0 15 53] (a:uint32) (b:uint32) (n:uint32) (return' (ret:()))= {[@expl:inc_max_repeat requires] [%#sinc_max_repeat9] a <= (1000000 : uint32) /\ b <= (1000000 : uint32) /\ n <= (1000000 : uint32)} (! bb0 diff --git a/creusot/tests/should_succeed/rusthorn/inc_some_2_list.coma b/creusot/tests/should_succeed/rusthorn/inc_some_2_list.coma index cb0a1ed14..254176002 100644 --- a/creusot/tests/should_succeed/rusthorn/inc_some_2_list.coma +++ b/creusot/tests/should_succeed/rusthorn/inc_some_2_list.coma @@ -67,7 +67,7 @@ module M_inc_some_2_list__qyi7504674480942992291__sum_x [#"inc_some_2_list.rs" 4 meta "compute_max_steps" 1000000 - let rec sum_x'0 (self:t_List'0) (return' (ret:uint32))= {[@expl:sum_x requires] [%#sinc_some_2_list1] sum'0 self + let rec sum_x'0[#"inc_some_2_list.rs" 43 4 43 26] (self:t_List'0) (return' (ret:uint32))= {[@expl:sum_x requires] [%#sinc_some_2_list1] sum'0 self <= 1000000} (! bb0 [ bb0 = any [ br0 (x0:uint32) (x1:t_List'0)-> {self = C_Cons'0 x0 x1} (! bb2) | br1 -> {self = C_Nil'0 } (! bb3) ] @@ -172,7 +172,7 @@ module M_inc_some_2_list__qyi7504674480942992291__take_some_rest [#"inc_some_2_l meta "compute_max_steps" 1000000 - let rec take_some_rest'0 (self:borrowed (t_List'0)) (return' (ret:(borrowed uint32, borrowed (t_List'0))))= (! bb0 + let rec take_some_rest'0[#"inc_some_2_list.rs" 54 4 54 57] (self:borrowed (t_List'0)) (return' (ret:(borrowed uint32, borrowed (t_List'0))))= (! bb0 [ bb0 = any [ br0 (x0:uint32) (x1:t_List'0)-> {self.current = C_Cons'0 x0 x1} (! bb2) | br1 -> {self.current = C_Nil'0 } (! bb3) ] @@ -305,7 +305,7 @@ module M_inc_some_2_list__inc_some_2_list [#"inc_some_2_list.rs" 70 0 70 51] meta "compute_max_steps" 1000000 - let rec inc_some_2_list'0 (l:t_List'0) (j:uint32) (k:uint32) (return' (ret:()))= {[@expl:inc_some_2_list requires] [%#sinc_some_2_list1] sum'0 l + let rec inc_some_2_list'0[#"inc_some_2_list.rs" 70 0 70 51] (l:t_List'0) (j:uint32) (k:uint32) (return' (ret:()))= {[@expl:inc_some_2_list requires] [%#sinc_some_2_list1] sum'0 l + UInt32.to_int j + UInt32.to_int k <= 1000000} diff --git a/creusot/tests/should_succeed/rusthorn/inc_some_2_tree.coma b/creusot/tests/should_succeed/rusthorn/inc_some_2_tree.coma index 0ea809eba..3ea0cf9cf 100644 --- a/creusot/tests/should_succeed/rusthorn/inc_some_2_tree.coma +++ b/creusot/tests/should_succeed/rusthorn/inc_some_2_tree.coma @@ -84,7 +84,7 @@ module M_inc_some_2_tree__qyi9454558703362393917__sum_x [#"inc_some_2_tree.rs" 4 meta "compute_max_steps" 1000000 - let rec sum_x'0 (self:t_Tree'0) (return' (ret:uint32))= {[@expl:sum_x requires] [%#sinc_some_2_tree2] sum'0 self + let rec sum_x'0[#"inc_some_2_tree.rs" 45 4 45 26] (self:t_Tree'0) (return' (ret:uint32))= {[@expl:sum_x requires] [%#sinc_some_2_tree2] sum'0 self <= 1000000} (! bb0 [ bb0 = any @@ -202,7 +202,7 @@ module M_inc_some_2_tree__qyi9454558703362393917__take_some_rest [#"inc_some_2_t meta "compute_max_steps" 1000000 - let rec take_some_rest'0 (self:borrowed (t_Tree'0)) (return' (ret:(borrowed uint32, borrowed (t_Tree'0))))= (! bb0 + let rec take_some_rest'0[#"inc_some_2_tree.rs" 63 4 63 57] (self:borrowed (t_Tree'0)) (return' (ret:(borrowed uint32, borrowed (t_Tree'0))))= (! bb0 [ bb0 = any [ br0 (x0:t_Tree'0) (x1:uint32) (x2:t_Tree'0)-> {self.current = C_Node'0 x0 x1 x2} (! bb2) | br1 -> {self.current = C_Leaf'0 } (! bb3) ] @@ -388,7 +388,7 @@ module M_inc_some_2_tree__inc_some_2_tree [#"inc_some_2_tree.rs" 85 0 85 51] meta "compute_max_steps" 1000000 - let rec inc_some_2_tree'0 (t:t_Tree'0) (j:uint32) (k:uint32) (return' (ret:()))= {[@expl:inc_some_2_tree requires] [%#sinc_some_2_tree1] sum'0 t + let rec inc_some_2_tree'0[#"inc_some_2_tree.rs" 85 0 85 51] (t:t_Tree'0) (j:uint32) (k:uint32) (return' (ret:()))= {[@expl:inc_some_2_tree requires] [%#sinc_some_2_tree1] sum'0 t + UInt32.to_int j + UInt32.to_int k <= 1000000} diff --git a/creusot/tests/should_succeed/rusthorn/inc_some_list.coma b/creusot/tests/should_succeed/rusthorn/inc_some_list.coma index fbf930189..e21d8c50c 100644 --- a/creusot/tests/should_succeed/rusthorn/inc_some_list.coma +++ b/creusot/tests/should_succeed/rusthorn/inc_some_list.coma @@ -67,7 +67,7 @@ module M_inc_some_list__qyi14489061725823948544__sum_x [#"inc_some_list.rs" 42 4 meta "compute_max_steps" 1000000 - let rec sum_x'0 (self:t_List'0) (return' (ret:uint32))= {[@expl:sum_x requires] [%#sinc_some_list1] sum'0 self + let rec sum_x'0[#"inc_some_list.rs" 42 4 42 26] (self:t_List'0) (return' (ret:uint32))= {[@expl:sum_x requires] [%#sinc_some_list1] sum'0 self <= 1000000} (! bb0 [ bb0 = any [ br0 (x0:uint32) (x1:t_List'0)-> {self = C_Cons'0 x0 x1} (! bb2) | br1 -> {self = C_Nil'0 } (! bb3) ] @@ -171,7 +171,7 @@ module M_inc_some_list__qyi14489061725823948544__take_some [#"inc_some_list.rs" meta "compute_max_steps" 1000000 - let rec take_some'0 (self:borrowed (t_List'0)) (return' (ret:borrowed uint32))= (! bb0 + let rec take_some'0[#"inc_some_list.rs" 51 4 51 39] (self:borrowed (t_List'0)) (return' (ret:borrowed uint32))= (! bb0 [ bb0 = any [ br0 (x0:uint32) (x1:t_List'0)-> {self.current = C_Cons'0 x0 x1} (! bb2) | br1 -> {self.current = C_Nil'0 } (! bb3) ] @@ -314,7 +314,7 @@ module M_inc_some_list__inc_some_list [#"inc_some_list.rs" 67 0 67 41] meta "compute_max_steps" 1000000 - let rec inc_some_list'0 (l:t_List'0) (k:uint32) (return' (ret:()))= {[@expl:inc_some_list requires] [%#sinc_some_list1] sum'0 l + let rec inc_some_list'0[#"inc_some_list.rs" 67 0 67 41] (l:t_List'0) (k:uint32) (return' (ret:()))= {[@expl:inc_some_list requires] [%#sinc_some_list1] sum'0 l + UInt32.to_int k <= 1000000} (! bb0 diff --git a/creusot/tests/should_succeed/rusthorn/inc_some_tree.coma b/creusot/tests/should_succeed/rusthorn/inc_some_tree.coma index ece78c965..14e844d37 100644 --- a/creusot/tests/should_succeed/rusthorn/inc_some_tree.coma +++ b/creusot/tests/should_succeed/rusthorn/inc_some_tree.coma @@ -84,7 +84,7 @@ module M_inc_some_tree__qyi12127997673864742005__sum_x [#"inc_some_tree.rs" 45 4 meta "compute_max_steps" 1000000 - let rec sum_x'0 (self:t_Tree'0) (return' (ret:uint32))= {[@expl:sum_x requires] [%#sinc_some_tree2] sum'0 self + let rec sum_x'0[#"inc_some_tree.rs" 45 4 45 26] (self:t_Tree'0) (return' (ret:uint32))= {[@expl:sum_x requires] [%#sinc_some_tree2] sum'0 self <= 1000000} (! bb0 [ bb0 = any @@ -200,7 +200,7 @@ module M_inc_some_tree__qyi12127997673864742005__take_some [#"inc_some_tree.rs" meta "compute_max_steps" 1000000 - let rec take_some'0 (self:borrowed (t_Tree'0)) (return' (ret:borrowed uint32))= (! bb0 + let rec take_some'0[#"inc_some_tree.rs" 61 4 61 39] (self:borrowed (t_Tree'0)) (return' (ret:borrowed uint32))= (! bb0 [ bb0 = any [ br0 (x0:t_Tree'0) (x1:uint32) (x2:t_Tree'0)-> {self.current = C_Node'0 x0 x1 x2} (! bb2) | br1 -> {self.current = C_Leaf'0 } (! bb3) ] @@ -380,7 +380,7 @@ module M_inc_some_tree__inc_some_tree [#"inc_some_tree.rs" 83 0 83 41] meta "compute_max_steps" 1000000 - let rec inc_some_tree'0 (t:t_Tree'0) (k:uint32) (return' (ret:()))= {[@expl:inc_some_tree requires] [%#sinc_some_tree1] sum'0 t + let rec inc_some_tree'0[#"inc_some_tree.rs" 83 0 83 41] (t:t_Tree'0) (k:uint32) (return' (ret:()))= {[@expl:inc_some_tree requires] [%#sinc_some_tree1] sum'0 t + UInt32.to_int k <= 1000000} (! bb0 diff --git a/creusot/tests/should_succeed/selection_sort_generic.coma b/creusot/tests/should_succeed/selection_sort_generic.coma index c56319652..66f6781fe 100644 --- a/creusot/tests/should_succeed/selection_sort_generic.coma +++ b/creusot/tests/should_succeed/selection_sort_generic.coma @@ -478,7 +478,7 @@ module M_selection_sort_generic__selection_sort [#"selection_sort_generic.rs" 30 meta "compute_max_steps" 1000000 - let rec selection_sort'0 (v:borrowed (t_Vec'0)) (return' (ret:()))= {[@expl:selection_sort 'v' type invariant] [%#sselection_sort_generic17] inv'5 v} + let rec selection_sort'0[#"selection_sort_generic.rs" 30 0 32 29] (v:borrowed (t_Vec'0)) (return' (ret:()))= {[@expl:selection_sort 'v' type invariant] [%#sselection_sort_generic17] inv'5 v} (! bb0 [ bb0 = s0 [ s0 = [ &old_v <- [%#sselection_sort_generic0] Snapshot.new v ] s1 | s1 = bb1 ] | bb1 = s0 [ s0 = len'0 {v.current} (fun (_ret':usize) -> [ &_8 <- _ret' ] s1) | s1 = bb2 ] diff --git a/creusot/tests/should_succeed/simple_trigger.coma b/creusot/tests/should_succeed/simple_trigger.coma index 7caa54348..41d0e2590 100644 --- a/creusot/tests/should_succeed/simple_trigger.coma +++ b/creusot/tests/should_succeed/simple_trigger.coma @@ -44,7 +44,7 @@ module M_simple_trigger__test [#"simple_trigger.rs" 19 0 19 13] meta "compute_max_steps" 1000000 - let rec test'0 (_1:()) (return' (ret:()))= (! bb0 [ bb0 = return' {_0} ] ) [ & _0 : () = any_l () ] - [ return' (result:())-> {[@expl:test ensures] [%#ssimple_trigger0] id'0 1 = 1} (! return' {result}) ] - + let rec test'0[#"simple_trigger.rs" 19 0 19 13] (_1:()) (return' (ret:()))= (! bb0 [ bb0 = return' {_0} ] ) + [ & _0 : () = any_l () ] + [ return' (result:())-> {[@expl:test ensures] [%#ssimple_trigger0] id'0 1 = 1} (! return' {result}) ] end diff --git a/creusot/tests/should_succeed/slices/01.coma b/creusot/tests/should_succeed/slices/01.coma index 783e2e70b..e191ce2c8 100644 --- a/creusot/tests/should_succeed/slices/01.coma +++ b/creusot/tests/should_succeed/slices/01.coma @@ -39,7 +39,7 @@ module M_01__index_slice [#"01.rs" 6 0 6 36] meta "compute_max_steps" 1000000 - let rec index_slice'0 (a:slice uint32) (return' (ret:uint32))= {[@expl:index_slice requires] [%#s012] 10 + let rec index_slice'0[#"01.rs" 6 0 6 36] (a:slice uint32) (return' (ret:uint32))= {[@expl:index_slice requires] [%#s012] 10 < Seq.length (view'0 a)} (! bb0 [ bb0 = s0 @@ -116,7 +116,7 @@ module M_01__index_mut_slice [#"01.rs" 12 0 12 37] meta "compute_max_steps" 1000000 - let rec index_mut_slice'0 (a:borrowed (slice uint32)) (return' (ret:()))= {[@expl:index_mut_slice requires] [%#s013] Seq.length (view'0 a) + let rec index_mut_slice'0[#"01.rs" 12 0 12 37] (a:borrowed (slice uint32)) (return' (ret:()))= {[@expl:index_mut_slice requires] [%#s013] Seq.length (view'0 a) = 5} (! bb0 [ bb0 = s0 @@ -254,7 +254,7 @@ module M_01__slice_first [#"01.rs" 20 0 20 44] meta "compute_max_steps" 1000000 - let rec slice_first'0 (a:slice t_T'0) (return' (ret:t_Option'0))= {[@expl:slice_first 'a' type invariant] [%#s013] inv'0 a} + let rec slice_first'0[#"01.rs" 20 0 20 44] (a:slice t_T'0) (return' (ret:t_Option'0))= {[@expl:slice_first 'a' type invariant] [%#s013] inv'0 a} (! bb0 [ bb0 = s0 [ s0 = len'0 {a} (fun (_ret':usize) -> [ &_4 <- _ret' ] s1) | s1 = bb1 ] | bb1 = s0 diff --git a/creusot/tests/should_succeed/slices/02_std.coma b/creusot/tests/should_succeed/slices/02_std.coma index 4a8aa29e9..70dc92e56 100644 --- a/creusot/tests/should_succeed/slices/02_std.coma +++ b/creusot/tests/should_succeed/slices/02_std.coma @@ -135,7 +135,7 @@ module M_02_std__binary_search [#"02_std.rs" 8 0 8 40] meta "compute_max_steps" 1000000 - let rec binary_search'0 (s:slice uint32) (return' (ret:usize))= {[@expl:binary_search requires #0] [%#s02_std1] forall i : int . 0 + let rec binary_search'0[#"02_std.rs" 8 0 8 40] (s:slice uint32) (return' (ret:usize))= {[@expl:binary_search requires #0] [%#s02_std1] forall i : int . 0 <= i /\ i < Seq.length (view'0 s) -> UInt32.to_int (index_logic'0 s i) = i} {[@expl:binary_search requires #1] [%#s02_std2] Seq.length (view'0 s) = 5} diff --git a/creusot/tests/should_succeed/sparse_array.coma b/creusot/tests/should_succeed/sparse_array.coma index 1f3157eeb..6aae69153 100644 --- a/creusot/tests/should_succeed/sparse_array.coma +++ b/creusot/tests/should_succeed/sparse_array.coma @@ -459,7 +459,7 @@ module M_sparse_array__qyi912363311032332466__get [#"sparse_array.rs" 105 4 105 meta "compute_max_steps" 1000000 - let rec get'0 (self:t_Sparse'0) (i:usize) (return' (ret:t_Option'0))= {[@expl:get 'self' type invariant] [%#ssparse_array0] inv'0 self} + let rec get'0[#"sparse_array.rs" 105 4 105 45] (self:t_Sparse'0) (i:usize) (return' (ret:t_Option'0))= {[@expl:get 'self' type invariant] [%#ssparse_array0] inv'0 self} {[@expl:get requires] [%#ssparse_array1] UIntSize.to_int i < Seq.length (view'0 self)} (! bb0 [ bb0 = s0 [ s0 = index'0 {self.t_Sparse__idx'0} {i} (fun (_ret':usize) -> [ &_7 <- _ret' ] s1) | s1 = bb1 ] @@ -969,7 +969,7 @@ module M_sparse_array__qyi912363311032332466__set [#"sparse_array.rs" 129 4 129 meta "compute_max_steps" 1000000 - let rec set'0 (self:borrowed (t_Sparse'0)) (i:usize) (v:t_T'0) (return' (ret:()))= {[@expl:set 'self' type invariant] [%#ssparse_array3] inv'3 self} + let rec set'0[#"sparse_array.rs" 129 4 129 41] (self:borrowed (t_Sparse'0)) (i:usize) (v:t_T'0) (return' (ret:()))= {[@expl:set 'self' type invariant] [%#ssparse_array3] inv'3 self} {[@expl:set 'v' type invariant] [%#ssparse_array4] inv'1 v} {[@expl:set requires] [%#ssparse_array5] UIntSize.to_int i < Seq.length (view'0 self)} (! bb0 @@ -1272,7 +1272,7 @@ module M_sparse_array__create [#"sparse_array.rs" 151 0 151 56] meta "compute_max_steps" 1000000 - let rec create'0 (sz:usize) (dummy:t_T'0) (return' (ret:t_Sparse'0))= {[@expl:create 'dummy' type invariant] [%#ssparse_array3] inv'0 dummy} + let rec create'0[#"sparse_array.rs" 151 0 151 56] (sz:usize) (dummy:t_T'0) (return' (ret:t_Sparse'0))= {[@expl:create 'dummy' type invariant] [%#ssparse_array3] inv'0 dummy} (! bb0 [ bb0 = s0 [ s0 = from_elem'0 {dummy} {sz} (fun (_ret':t_Vec'0) -> [ &_6 <- _ret' ] s1) | s1 = bb1 ] | bb1 = s0 @@ -1556,7 +1556,7 @@ module M_sparse_array__f [#"sparse_array.rs" 157 0 157 10] meta "compute_max_steps" 1000000 - let rec f'0 (_1:()) (return' (ret:()))= (! bb0 + let rec f'0[#"sparse_array.rs" 157 0 157 10] (_1:()) (return' (ret:()))= (! bb0 [ bb0 = s0 [ s0 = [ &default <- [%#ssparse_array0] (0 : int32) ] s1 | s1 = create'0 {[%#ssparse_array1] (10 : usize)} {default} (fun (_ret':t_Sparse'0) -> [ &a <- _ret' ] s2) diff --git a/creusot/tests/should_succeed/spec_tests.coma b/creusot/tests/should_succeed/spec_tests.coma index 42f2f8f7d..6339098a2 100644 --- a/creusot/tests/should_succeed/spec_tests.coma +++ b/creusot/tests/should_succeed/spec_tests.coma @@ -15,7 +15,9 @@ module M_spec_tests__test_specs [#"spec_tests.rs" 20 0 20 19] meta "compute_max_steps" 1000000 - let rec test_specs'0 (_1:()) (return' (ret:()))= (! bb0 [ bb0 = return' {_0} ] ) [ & _0 : () = any_l () ] + let rec test_specs'0[#"spec_tests.rs" 20 0 20 19] (_1:()) (return' (ret:()))= (! bb0 [ bb0 = return' {_0} ] ) + [ & _0 : () = any_l () ] + [ return' (result:())-> {[@expl:test_specs ensures #0] [%#sspec_tests0] C_A'0 = C_B'0} {[@expl:test_specs ensures #1] [%#sspec_tests1] { t_S__0'0 = (0 : uint32); t_S__1'0 = true } = { t_S__0'0 = (1 : uint32); t_S__1'0 = false }} diff --git a/creusot/tests/should_succeed/specification/division.coma b/creusot/tests/should_succeed/specification/division.coma index 3fc22fe11..157ddf62e 100644 --- a/creusot/tests/should_succeed/specification/division.coma +++ b/creusot/tests/should_succeed/specification/division.coma @@ -8,7 +8,7 @@ module M_division__divide [#"division.rs" 6 0 6 36] meta "compute_max_steps" 1000000 - let rec divide'0 (y:uint32) (x:uint32) (return' (ret:uint32))= {[@expl:divide requires] [%#sdivision1] x + let rec divide'0[#"division.rs" 6 0 6 36] (y:uint32) (x:uint32) (return' (ret:uint32))= {[@expl:divide requires] [%#sdivision1] x <> (0 : uint32)} (! bb0 [ bb0 = s0 diff --git a/creusot/tests/should_succeed/specification/forall.coma b/creusot/tests/should_succeed/specification/forall.coma index f6301f77a..9d97125d5 100644 --- a/creusot/tests/should_succeed/specification/forall.coma +++ b/creusot/tests/should_succeed/specification/forall.coma @@ -7,7 +7,9 @@ module M_forall__f [#"forall.rs" 6 0 6 10] meta "compute_max_steps" 1000000 - let rec f'0 (_1:()) (return' (ret:()))= (! bb0 [ bb0 = return' {_0} ] ) [ & _0 : () = any_l () ] + let rec f'0[#"forall.rs" 6 0 6 10] (_1:()) (return' (ret:()))= (! bb0 [ bb0 = return' {_0} ] ) + [ & _0 : () = any_l () ] + [ return' (result:())-> {[@expl:f ensures] [%#sforall0] forall _x : uint32 . true /\ true /\ true /\ true /\ true /\ true /\ true /\ true /\ true} (! return' {result}) ] diff --git a/creusot/tests/should_succeed/specification/logic_call.coma b/creusot/tests/should_succeed/specification/logic_call.coma index 58b0022ff..bd7823a11 100644 --- a/creusot/tests/should_succeed/specification/logic_call.coma +++ b/creusot/tests/should_succeed/specification/logic_call.coma @@ -12,7 +12,7 @@ module M_logic_call__dummy [#"logic_call.rs" 11 0 11 21] meta "compute_max_steps" 1000000 - let rec dummy'0 (_1:()) (return' (ret:uint32))= (! bb0 + let rec dummy'0[#"logic_call.rs" 11 0 11 21] (_1:()) (return' (ret:uint32))= (! bb0 [ bb0 = s0 [ s0 = [ &_0 <- [%#slogic_call0] (0 : uint32) ] s1 | s1 = return' {_0} ] ] ) [ & _0 : uint32 = any_l () ] [ return' (result:uint32)-> {[@expl:dummy ensures] [%#slogic_call1] reflexive'0 result} (! return' {result}) ] diff --git a/creusot/tests/should_succeed/specification/logic_functions.coma b/creusot/tests/should_succeed/specification/logic_functions.coma index d88f8cf09..35366b8ed 100644 --- a/creusot/tests/should_succeed/specification/logic_functions.coma +++ b/creusot/tests/should_succeed/specification/logic_functions.coma @@ -9,9 +9,9 @@ module M_logic_functions__use_logic [#"logic_functions.rs" 10 0 10 18] meta "compute_max_steps" 1000000 - let rec use_logic'0 (_1:()) (return' (ret:()))= (! bb0 [ bb0 = return' {_0} ] ) [ & _0 : () = any_l () ] - [ return' (result:())-> {[@expl:use_logic ensures] [%#slogic_functions0] logic'0 ()} (! return' {result}) ] - + let rec use_logic'0[#"logic_functions.rs" 10 0 10 18] (_1:()) (return' (ret:()))= (! bb0 [ bb0 = return' {_0} ] ) + [ & _0 : () = any_l () ] + [ return' (result:())-> {[@expl:use_logic ensures] [%#slogic_functions0] logic'0 ()} (! return' {result}) ] end module M_logic_functions__use_logic_pearlite [#"logic_functions.rs" 19 0 19 27] let%span slogic_functions0 = "logic_functions.rs" 18 10 18 26 @@ -24,7 +24,9 @@ module M_logic_functions__use_logic_pearlite [#"logic_functions.rs" 19 0 19 27] meta "compute_max_steps" 1000000 - let rec use_logic_pearlite'0 (_1:()) (return' (ret:()))= (! bb0 [ bb0 = return' {_0} ] ) [ & _0 : () = any_l () ] + let rec use_logic_pearlite'0[#"logic_functions.rs" 19 0 19 27] (_1:()) (return' (ret:()))= (! bb0 + [ bb0 = return' {_0} ] + ) [ & _0 : () = any_l () ] [ return' (result:())-> {[@expl:use_logic_pearlite ensures] [%#slogic_functions0] logic_pearlite'0 ()} (! return' {result}) ] diff --git a/creusot/tests/should_succeed/specification/loops.coma b/creusot/tests/should_succeed/specification/loops.coma index 6dd9b458b..4d720f35f 100644 --- a/creusot/tests/should_succeed/specification/loops.coma +++ b/creusot/tests/should_succeed/specification/loops.coma @@ -3,7 +3,7 @@ module M_loops__while_loop_variant [#"loops.rs" 4 0 4 34] meta "compute_max_steps" 1000000 - let rec while_loop_variant'0 (x:bool) (return' (ret:()))= (! bb0 + let rec while_loop_variant'0[#"loops.rs" 4 0 4 34] (x:bool) (return' (ret:()))= (! bb0 [ bb0 = bb1 | bb1 = bb1 [ bb1 = (! bb2) [ bb2 = any [ br0 -> {x = false} (! bb4) | br1 -> {x} (! bb3) ] | bb3 = bb1 ] ] | bb4 = return' {_0} ] diff --git a/creusot/tests/should_succeed/specification/model.coma b/creusot/tests/should_succeed/specification/model.coma index f1e352823..5806c0f35 100644 --- a/creusot/tests/should_succeed/specification/model.coma +++ b/creusot/tests/should_succeed/specification/model.coma @@ -19,7 +19,7 @@ module M_model__test_arc [#"model.rs" 41 0 41 41] meta "compute_max_steps" 1000000 - let rec test_arc'0 (a:t_Arc'0) (return' (ret:()))= {[@expl:test_arc requires] [%#smodel0] UIntSize.to_int (view'0 a) + let rec test_arc'0[#"model.rs" 41 0 41 41] (a:t_Arc'0) (return' (ret:()))= {[@expl:test_arc requires] [%#smodel0] UIntSize.to_int (view'0 a) = 0} (! bb0 [ bb0 = bb1 | bb1 = bb2 | bb2 = return' {_0} ] ) [ & _0 : () = any_l () ] [ return' (result:())-> (! return' {result}) ] @@ -46,7 +46,7 @@ module M_model__test_rc [#"model.rs" 44 0 44 37] meta "compute_max_steps" 1000000 - let rec test_rc'0 (v:t_Rc'0) (return' (ret:()))= {[@expl:test_rc requires] [%#smodel0] UIntSize.to_int (view'0 v) + let rec test_rc'0[#"model.rs" 44 0 44 37] (v:t_Rc'0) (return' (ret:()))= {[@expl:test_rc requires] [%#smodel0] UIntSize.to_int (view'0 v) = 0} (! bb0 [ bb0 = bb1 | bb1 = bb2 | bb2 = return' {_0} ] ) [ & _0 : () = any_l () ] [ return' (result:())-> (! return' {result}) ] diff --git a/creusot/tests/should_succeed/specification/opaque.coma b/creusot/tests/should_succeed/specification/opaque.coma index 9c379009c..2d71ed4ab 100644 --- a/creusot/tests/should_succeed/specification/opaque.coma +++ b/creusot/tests/should_succeed/specification/opaque.coma @@ -14,7 +14,7 @@ module M_opaque__test [#"opaque.rs" 20 0 20 13] meta "compute_max_steps" 1000000 - let rec test'0 (_1:()) (return' (ret:()))= (! bb0 + let rec test'0[#"opaque.rs" 20 0 20 13] (_1:()) (return' (ret:()))= (! bb0 [ bb0 = s0 [ s0 = {[@expl:assertion] [%#sopaque0] transparent'0 ()} s1 | s1 = {[@expl:assertion] [%#sopaque1] transparent_crate'0 ()} s2 diff --git a/creusot/tests/should_succeed/specification/trusted.coma b/creusot/tests/should_succeed/specification/trusted.coma index 9b2de5f33..1730d5a37 100644 --- a/creusot/tests/should_succeed/specification/trusted.coma +++ b/creusot/tests/should_succeed/specification/trusted.coma @@ -13,7 +13,7 @@ module M_trusted__victim_of_lie [#"trusted.rs" 18 0 18 29] meta "compute_max_steps" 1000000 - let rec victim_of_lie'0 (_1:()) (return' (ret:uint32))= (! bb0 + let rec victim_of_lie'0[#"trusted.rs" 18 0 18 29] (_1:()) (return' (ret:uint32))= (! bb0 [ bb0 = s0 [ s0 = lie'0 {[%#strusted0] ()} (fun (_ret':uint32) -> [ &_0 <- _ret' ] s1) | s1 = bb1 ] | bb1 = return' {_0} ] ) [ & _0 : uint32 = any_l () ] @@ -42,7 +42,7 @@ module M_trusted__innocent_victim [#"trusted.rs" 30 0 30 31] meta "compute_max_steps" 1000000 - let rec innocent_victim'0 (_1:()) (return' (ret:uint32))= (! bb0 + let rec innocent_victim'0[#"trusted.rs" 30 0 30 31] (_1:()) (return' (ret:uint32))= (! bb0 [ bb0 = s0 [ s0 = my_unverified_code'0 {[%#strusted0] ()} (fun (_ret':uint32) -> [ &_2 <- _ret' ] s1) | s1 = bb1 ] | bb1 = s0 [ s0 = im_out_of_control'0 {[%#strusted1] ()} (fun (_ret':uint32) -> [ &_0 <- _ret' ] s1) | s1 = bb2 ] | bb2 = return' {_0} ] diff --git a/creusot/tests/should_succeed/split_borrow.coma b/creusot/tests/should_succeed/split_borrow.coma index 5092217c6..cfe3b6bf1 100644 --- a/creusot/tests/should_succeed/split_borrow.coma +++ b/creusot/tests/should_succeed/split_borrow.coma @@ -5,7 +5,7 @@ module M_split_borrow__z [#"split_borrow.rs" 5 0 5 14] meta "compute_max_steps" 1000000 - let rec z'0 (_1:()) (return' (ret:bool))= (! bb0 + let rec z'0[#"split_borrow.rs" 5 0 5 14] (_1:()) (return' (ret:bool))= (! bb0 [ bb0 = s0 [ s0 = [ &_0 <- [%#ssplit_borrow0] true ] s1 | s1 = return' {_0} ] ] ) [ & _0 : bool = any_l () ] [ return' (result:bool)-> (! return' {result}) ] end @@ -36,7 +36,7 @@ module M_split_borrow__f [#"split_borrow.rs" 9 0 9 10] meta "compute_max_steps" 1000000 - let rec f'0 (_1:()) (return' (ret:()))= (! bb0 + let rec f'0[#"split_borrow.rs" 9 0 9 10] (_1:()) (return' (ret:()))= (! bb0 [ bb0 = s0 [ s0 = [ &_2 <- { t_MyInt__0'0 = ([%#ssplit_borrow0] (1 : usize)) } ] s1 | s1 = [ &_3 <- { t_MyInt__0'0 = ([%#ssplit_borrow1] (2 : usize)) } ] s2 @@ -98,7 +98,7 @@ module M_split_borrow__g [#"split_borrow.rs" 23 0 23 10] meta "compute_max_steps" 1000000 - let rec g'0 (_1:()) (return' (ret:()))= (! bb0 + let rec g'0[#"split_borrow.rs" 23 0 23 10] (_1:()) (return' (ret:()))= (! bb0 [ bb0 = s0 [ s0 = [ &_2 <- { t_MyInt__0'0 = ([%#ssplit_borrow0] (1 : usize)) } ] s1 | s1 = [ &_3 <- { t_MyInt__0'0 = ([%#ssplit_borrow1] (2 : usize)) } ] s2 diff --git a/creusot/tests/should_succeed/std_types.coma b/creusot/tests/should_succeed/std_types.coma index 1cb642b0a..8c38d9316 100644 --- a/creusot/tests/should_succeed/std_types.coma +++ b/creusot/tests/should_succeed/std_types.coma @@ -12,7 +12,7 @@ module M_std_types__x [#"std_types.rs" 5 0 5 20] meta "compute_max_steps" 1000000 - let rec x'0 (_x:t_MyType'0) (return' (ret:()))= (! bb0 [ bb0 = return' {_0} ] ) [ & _0 : () = any_l () ] - [ return' (result:())-> (! return' {result}) ] - + let rec x'0[#"std_types.rs" 5 0 5 20] (_x:t_MyType'0) (return' (ret:()))= (! bb0 [ bb0 = return' {_0} ] ) + [ & _0 : () = any_l () ] + [ return' (result:())-> (! return' {result}) ] end diff --git a/creusot/tests/should_succeed/such_that.coma b/creusot/tests/should_succeed/such_that.coma index bbc3e7587..ebf582b51 100644 --- a/creusot/tests/should_succeed/such_that.coma +++ b/creusot/tests/should_succeed/such_that.coma @@ -69,7 +69,7 @@ module M_such_that__foo [#"such_that.rs" 4 0 4 12] meta "compute_max_steps" 1000000 - let rec foo'0 (_1:()) (return' (ret:()))= (! bb0 + let rec foo'0[#"such_that.rs" 4 0 4 12] (_1:()) (return' (ret:()))= (! bb0 [ bb0 = s0 [ s0 = [ &x <- [%#ssuch_that0] Snapshot.new (such_that'0 (Mapping.from_fn (fun (x : int) -> x + 1 = 42))) ] s1 | s1 = bb1 ] @@ -123,7 +123,7 @@ module M_such_that__even [#"such_that.rs" 18 0 18 16] meta "compute_max_steps" 1000000 - let rec even'0 (_1:()) (return' (ret:int32))= (! bb0 + let rec even'0[#"such_that.rs" 18 0 18 16] (_1:()) (return' (ret:int32))= (! bb0 [ bb0 = s0 [ s0 = [ &_0 <- [%#ssuch_that0] (2 : int32) ] s1 | s1 = return' {_0} ] ] ) [ & _0 : int32 = any_l () ] [ return' (result:int32)-> {[@expl:even ensures] [%#ssuch_that1] mod (Int32.to_int result) 2 = 0} diff --git a/creusot/tests/should_succeed/sum.coma b/creusot/tests/should_succeed/sum.coma index 15558c7c8..ff49788ed 100644 --- a/creusot/tests/should_succeed/sum.coma +++ b/creusot/tests/should_succeed/sum.coma @@ -180,7 +180,7 @@ module M_sum__sum_first_n [#"sum.rs" 6 0 6 33] meta "compute_max_steps" 1000000 - let rec sum_first_n'0 (n:uint32) (return' (ret:uint32))= {[@expl:sum_first_n requires] [%#ssum7] UInt32.to_int n + let rec sum_first_n'0[#"sum.rs" 6 0 6 33] (n:uint32) (return' (ret:uint32))= {[@expl:sum_first_n requires] [%#ssum7] UInt32.to_int n < 1000} (! bb0 [ bb0 = s0 diff --git a/creusot/tests/should_succeed/sum_of_odds.coma b/creusot/tests/should_succeed/sum_of_odds.coma index 16c800ba5..f5c85fa2e 100644 --- a/creusot/tests/should_succeed/sum_of_odds.coma +++ b/creusot/tests/should_succeed/sum_of_odds.coma @@ -212,7 +212,7 @@ module M_sum_of_odds__compute_sum_of_odd [#"sum_of_odds.rs" 36 0 36 36] meta "compute_max_steps" 1000000 - let rec compute_sum_of_odd'0 (x:uint32) (return' (ret:uint32))= {[@expl:compute_sum_of_odd requires] [%#ssum_of_odds10] UInt32.to_int x + let rec compute_sum_of_odd'0[#"sum_of_odds.rs" 36 0 36 36] (x:uint32) (return' (ret:uint32))= {[@expl:compute_sum_of_odd requires] [%#ssum_of_odds10] UInt32.to_int x < 65536} (! bb0 [ bb0 = s0 @@ -338,7 +338,8 @@ module M_sum_of_odds__test [#"sum_of_odds.rs" 50 0 50 19] meta "compute_max_steps" 1000000 - let rec test'0 (x:uint32) (return' (ret:()))= {[@expl:test requires] [%#ssum_of_odds1] UInt32.to_int x < 65536} + let rec test'0[#"sum_of_odds.rs" 50 0 50 19] (x:uint32) (return' (ret:()))= {[@expl:test requires] [%#ssum_of_odds1] UInt32.to_int x + < 65536} (! bb0 [ bb0 = s0 [ s0 = compute_sum_of_odd'0 {x} (fun (_ret':uint32) -> [ &y <- _ret' ] s1) | s1 = bb1 ] | bb1 = s0 diff --git a/creusot/tests/should_succeed/swap_borrows.coma b/creusot/tests/should_succeed/swap_borrows.coma index abb209612..84558ef30 100644 --- a/creusot/tests/should_succeed/swap_borrows.coma +++ b/creusot/tests/should_succeed/swap_borrows.coma @@ -16,7 +16,7 @@ module M_swap_borrows__swap [#"swap_borrows.rs" 5 0 5 31] meta "compute_max_steps" 1000000 - let rec swap'0 (x:(t_T'0, t_T'0)) (return' (ret:(t_T'0, t_T'0)))= {[@expl:swap 'x' type invariant] [%#sswap_borrows0] inv'0 x} + let rec swap'0[#"swap_borrows.rs" 5 0 5 31] (x:(t_T'0, t_T'0)) (return' (ret:(t_T'0, t_T'0)))= {[@expl:swap 'x' type invariant] [%#sswap_borrows0] inv'0 x} (! bb0 [ bb0 = bb1 | bb1 = s0 [ s0 = [ &_0 <- ((let (_, r'0) = x in r'0), (let (r'1, _) = x in r'1)) ] s1 | s1 = bb2 ] @@ -65,7 +65,7 @@ module M_swap_borrows__f [#"swap_borrows.rs" 10 0 10 10] meta "compute_max_steps" 1000000 - let rec f'0 (_1:()) (return' (ret:()))= (! bb0 + let rec f'0[#"swap_borrows.rs" 10 0 10 10] (_1:()) (return' (ret:()))= (! bb0 [ bb0 = s0 [ s0 = [ &_3 <- (([%#sswap_borrows0] (0 : uint32)), ([%#sswap_borrows1] (0 : uint32))) ] s1 | s1 = [ &a <- let (r'0, _) = _3 in r'0 ] s2 diff --git a/creusot/tests/should_succeed/switch.coma b/creusot/tests/should_succeed/switch.coma index 7ed04a525..31856d7e9 100644 --- a/creusot/tests/should_succeed/switch.coma +++ b/creusot/tests/should_succeed/switch.coma @@ -17,7 +17,7 @@ module M_switch__test [#"switch.rs" 9 0 9 35] meta "compute_max_steps" 1000000 - let rec test'0 (o:t_Option'0) (return' (ret:bool))= (! bb0 + let rec test'0[#"switch.rs" 9 0 9 35] (o:t_Option'0) (return' (ret:bool))= (! bb0 [ bb0 = any [ br0 (x0:uint32)-> {o = C_Some'0 x0} (! bb2) | br1 -> {o = C_None'0 } (! bb3) ] | bb3 = s0 [ s0 = [ &_0 <- [%#sswitch0] false ] s1 | s1 = bb5 ] | bb2 = bb4 @@ -47,7 +47,7 @@ module M_switch__test2 [#"switch.rs" 16 0 16 42] meta "compute_max_steps" 1000000 - let rec test2'0 (o:(t_Option'0, uint32)) (return' (ret:uint32))= (! bb0 + let rec test2'0[#"switch.rs" 16 0 16 42] (o:(t_Option'0, uint32)) (return' (ret:uint32))= (! bb0 [ bb0 = any [ br0 (x0:uint32)-> {(let (r'0, _) = o in r'0) = C_Some'0 x0} (! bb2) | br1 -> {(let (r'0, _) = o in r'0) = C_None'0 } (! bb3) ] diff --git a/creusot/tests/should_succeed/switch_struct.coma b/creusot/tests/should_succeed/switch_struct.coma index 7ca539738..2e9336694 100644 --- a/creusot/tests/should_succeed/switch_struct.coma +++ b/creusot/tests/should_succeed/switch_struct.coma @@ -22,7 +22,7 @@ module M_switch_struct__test [#"switch_struct.rs" 8 0 8 30] meta "compute_max_steps" 1000000 - let rec test'0 (o:t_M'0) (return' (ret:bool))= (! bb0 + let rec test'0[#"switch_struct.rs" 8 0 8 30] (o:t_M'0) (return' (ret:bool))= (! bb0 [ bb0 = any [ br0 (x0:uint32)-> {o = C_F'0 x0} (! bb2) | br1 (x0:uint32)-> {o = C_G'0 x0} (! bb3) ] | bb3 = s0 [ s0 = v_G'0 {o} (fun (rfield2'0:uint32) -> [ &field2 <- rfield2'0 ] s1) diff --git a/creusot/tests/should_succeed/syntax/01_idents.coma b/creusot/tests/should_succeed/syntax/01_idents.coma index 8c99ccc11..086bced22 100644 --- a/creusot/tests/should_succeed/syntax/01_idents.coma +++ b/creusot/tests/should_succeed/syntax/01_idents.coma @@ -3,61 +3,61 @@ module M_01_idents__clone [#"01_idents.rs" 3 0 3 14] meta "compute_max_steps" 1000000 - let rec clone'0 (_1:()) (return' (ret:()))= (! bb0 [ bb0 = return' {_0} ] ) [ & _0 : () = any_l () ] - [ return' (result:())-> (! return' {result}) ] - + let rec clone'0[#"01_idents.rs" 3 0 3 14] (_1:()) (return' (ret:()))= (! bb0 [ bb0 = return' {_0} ] ) + [ & _0 : () = any_l () ] + [ return' (result:())-> (! return' {result}) ] end module M_01_idents__function [#"01_idents.rs" 5 0 5 17] use prelude.prelude.Intrinsic meta "compute_max_steps" 1000000 - let rec function'0 (_1:()) (return' (ret:()))= (! bb0 [ bb0 = return' {_0} ] ) [ & _0 : () = any_l () ] - [ return' (result:())-> (! return' {result}) ] - + let rec function'0[#"01_idents.rs" 5 0 5 17] (_1:()) (return' (ret:()))= (! bb0 [ bb0 = return' {_0} ] ) + [ & _0 : () = any_l () ] + [ return' (result:())-> (! return' {result}) ] end module M_01_idents__import [#"01_idents.rs" 7 0 7 15] use prelude.prelude.Intrinsic meta "compute_max_steps" 1000000 - let rec import'0 (_1:()) (return' (ret:()))= (! bb0 [ bb0 = return' {_0} ] ) [ & _0 : () = any_l () ] - [ return' (result:())-> (! return' {result}) ] - + let rec import'0[#"01_idents.rs" 7 0 7 15] (_1:()) (return' (ret:()))= (! bb0 [ bb0 = return' {_0} ] ) + [ & _0 : () = any_l () ] + [ return' (result:())-> (! return' {result}) ] end module M_01_idents__export [#"01_idents.rs" 9 0 9 15] use prelude.prelude.Intrinsic meta "compute_max_steps" 1000000 - let rec export'0 (_1:()) (return' (ret:()))= (! bb0 [ bb0 = return' {_0} ] ) [ & _0 : () = any_l () ] - [ return' (result:())-> (! return' {result}) ] - + let rec export'0[#"01_idents.rs" 9 0 9 15] (_1:()) (return' (ret:()))= (! bb0 [ bb0 = return' {_0} ] ) + [ & _0 : () = any_l () ] + [ return' (result:())-> (! return' {result}) ] end module M_01_idents__result [#"01_idents.rs" 11 0 11 15] use prelude.prelude.Intrinsic meta "compute_max_steps" 1000000 - let rec result'0 (_1:()) (return' (ret:()))= (! bb0 [ bb0 = return' {_0} ] ) [ & _0 : () = any_l () ] - [ return' (result:())-> (! return' {result}) ] - + let rec result'0[#"01_idents.rs" 11 0 11 15] (_1:()) (return' (ret:()))= (! bb0 [ bb0 = return' {_0} ] ) + [ & _0 : () = any_l () ] + [ return' (result:())-> (! return' {result}) ] end module M_01_idents__qy95zaqy95z [#"01_idents.rs" 13 0 13 12] use prelude.prelude.Intrinsic meta "compute_max_steps" 1000000 - let rec qy95zaqy95z'0 (_1:()) (return' (ret:()))= (! bb0 [ bb0 = return' {_0} ] ) [ & _0 : () = any_l () ] - [ return' (result:())-> (! return' {result}) ] - + let rec qy95zaqy95z'0[#"01_idents.rs" 13 0 13 12] (_1:()) (return' (ret:()))= (! bb0 [ bb0 = return' {_0} ] ) + [ & _0 : () = any_l () ] + [ return' (result:())-> (! return' {result}) ] end module M_01_idents__qy95z_a_qy113zyqy95z_bqy95zqy95zqy95z_cqy95zqy95z [#"01_idents.rs" 16 0 16 25] use prelude.prelude.Intrinsic meta "compute_max_steps" 1000000 - let rec qy95z_a_qy113zyqy95z_bqy95zqy95zqy95z_cqy95zqy95z'0 (_1:()) (return' (ret:()))= (! bb0 + let rec qy95z_a_qy113zyqy95z_bqy95zqy95zqy95z_cqy95zqy95z'0[#"01_idents.rs" 16 0 16 25] (_1:()) (return' (ret:()))= (! bb0 [ bb0 = return' {_0} ] ) [ & _0 : () = any_l () ] [ return' (result:())-> (! return' {result}) ] end @@ -66,16 +66,16 @@ module M_01_idents__F [#"01_idents.rs" 19 0 19 10] meta "compute_max_steps" 1000000 - let rec v_F'0 (_1:()) (return' (ret:()))= (! bb0 [ bb0 = return' {_0} ] ) [ & _0 : () = any_l () ] - [ return' (result:())-> (! return' {result}) ] - + let rec v_F'0[#"01_idents.rs" 19 0 19 10] (_1:()) (return' (ret:()))= (! bb0 [ bb0 = return' {_0} ] ) + [ & _0 : () = any_l () ] + [ return' (result:())-> (! return' {result}) ] end module M_01_idents__v_F [#"01_idents.rs" 22 0 22 12] use prelude.prelude.Intrinsic meta "compute_max_steps" 1000000 - let rec v_v_F'0 (_1:()) (return' (ret:()))= (! bb0 [ bb0 = return' {_0} ] ) [ & _0 : () = any_l () ] - [ return' (result:())-> (! return' {result}) ] - + let rec v_v_F'0[#"01_idents.rs" 22 0 22 12] (_1:()) (return' (ret:()))= (! bb0 [ bb0 = return' {_0} ] ) + [ & _0 : () = any_l () ] + [ return' (result:())-> (! return' {result}) ] end diff --git a/creusot/tests/should_succeed/syntax/02_operators.coma b/creusot/tests/should_succeed/syntax/02_operators.coma index 28ace86ae..7b3c705d8 100644 --- a/creusot/tests/should_succeed/syntax/02_operators.coma +++ b/creusot/tests/should_succeed/syntax/02_operators.coma @@ -12,7 +12,7 @@ module M_02_operators__division [#"02_operators.rs" 8 0 8 40] meta "compute_max_steps" 1000000 - let rec division'0 (x:usize) (y:usize) (return' (ret:usize))= {[@expl:division requires] [%#s02_operators1] UIntSize.to_int y + let rec division'0[#"02_operators.rs" 8 0 8 40] (x:usize) (y:usize) (return' (ret:usize))= {[@expl:division requires] [%#s02_operators1] UIntSize.to_int y > 0} (! bb0 [ bb0 = s0 @@ -40,7 +40,7 @@ module M_02_operators__modulus [#"02_operators.rs" 23 0 23 39] meta "compute_max_steps" 1000000 - let rec modulus'0 (x:usize) (y:usize) (return' (ret:usize))= {[@expl:modulus requires] [%#s02_operators1] UIntSize.to_int y + let rec modulus'0[#"02_operators.rs" 23 0 23 39] (x:usize) (y:usize) (return' (ret:usize))= {[@expl:modulus requires] [%#s02_operators1] UIntSize.to_int y > 0} (! bb0 [ bb0 = s0 @@ -69,7 +69,7 @@ module M_02_operators__multiply [#"02_operators.rs" 38 0 38 40] meta "compute_max_steps" 1000000 - let rec multiply'0 (x:usize) (y:usize) (return' (ret:usize))= {[@expl:multiply requires] [%#s02_operators0] UIntSize.to_int x + let rec multiply'0[#"02_operators.rs" 38 0 38 40] (x:usize) (y:usize) (return' (ret:usize))= {[@expl:multiply requires] [%#s02_operators0] UIntSize.to_int x * UIntSize.to_int y <= UIntSize.to_int (v_MAX'0 : usize)} (! bb0 [ bb0 = s0 [ s0 = UIntSize.mul {x} {y} (fun (_ret':usize) -> [ &_0 <- _ret' ] s1) | s1 = return' {_0} ] ] ) @@ -91,7 +91,7 @@ module M_02_operators__add [#"02_operators.rs" 48 0 48 35] meta "compute_max_steps" 1000000 - let rec add'0 (x:usize) (y:usize) (return' (ret:usize))= {[@expl:add requires] [%#s02_operators0] UIntSize.to_int x + let rec add'0[#"02_operators.rs" 48 0 48 35] (x:usize) (y:usize) (return' (ret:usize))= {[@expl:add requires] [%#s02_operators0] UIntSize.to_int x + UIntSize.to_int y <= UIntSize.to_int (v_MAX'0 : usize)} (! bb0 [ bb0 = s0 [ s0 = UIntSize.add {x} {y} (fun (_ret':usize) -> [ &_0 <- _ret' ] s1) | s1 = return' {_0} ] ] ) @@ -111,7 +111,7 @@ module M_02_operators__sub [#"02_operators.rs" 63 0 63 35] meta "compute_max_steps" 1000000 - let rec sub'0 (x:usize) (y:usize) (return' (ret:usize))= {[@expl:sub requires] [%#s02_operators0] UIntSize.to_int x + let rec sub'0[#"02_operators.rs" 63 0 63 35] (x:usize) (y:usize) (return' (ret:usize))= {[@expl:sub requires] [%#s02_operators0] UIntSize.to_int x - UIntSize.to_int y >= 0} (! bb0 [ bb0 = s0 [ s0 = UIntSize.sub {x} {y} (fun (_ret':usize) -> [ &_0 <- _ret' ] s1) | s1 = return' {_0} ] ] ) @@ -137,7 +137,7 @@ module M_02_operators__expression [#"02_operators.rs" 77 0 77 51] meta "compute_max_steps" 1000000 - let rec expression'0 (x:usize) (y:usize) (z:usize) (return' (ret:bool))= {[@expl:expression requires #0] [%#s02_operators2] UIntSize.to_int y + let rec expression'0[#"02_operators.rs" 77 0 77 51] (x:usize) (y:usize) (z:usize) (return' (ret:bool))= {[@expl:expression requires #0] [%#s02_operators2] UIntSize.to_int y > 0} {[@expl:expression requires #1] [%#s02_operators3] div (UIntSize.to_int x) (UIntSize.to_int y) * UIntSize.to_int z <= UIntSize.to_int (v_MAX'0 : usize)} @@ -191,9 +191,9 @@ module M_02_operators__primitive_comparison [#"02_operators.rs" 92 0 92 29] meta "compute_max_steps" 1000000 - let rec primitive_comparison'0 (x:t_X'0) (return' (ret:()))= (! bb0 [ bb0 = return' {_0} ] ) - [ & _0 : () = any_l () ] - + let rec primitive_comparison'0[#"02_operators.rs" 92 0 92 29] (x:t_X'0) (return' (ret:()))= (! bb0 + [ bb0 = return' {_0} ] + ) [ & _0 : () = any_l () ] [ return' (result:())-> {[@expl:primitive_comparison ensures] [%#s02_operators0] x.t_X__a'0 <= x.t_X__a'0} (! return' {result}) ] @@ -207,7 +207,7 @@ module M_02_operators__bool_eq [#"02_operators.rs" 95 0 95 36] meta "compute_max_steps" 1000000 - let rec bool_eq'0 (a:bool) (b:bool) (return' (ret:bool))= (! bb0 + let rec bool_eq'0[#"02_operators.rs" 95 0 95 36] (a:bool) (b:bool) (return' (ret:bool))= (! bb0 [ bb0 = s0 [ s0 = [ &_0 <- Bool.eq a b ] s1 | s1 = return' {_0} ] ] ) [ & _0 : bool = any_l () | & a : bool = a | & b : bool = b ] [ return' (result:bool)-> {[@expl:bool_eq ensures] [%#s02_operators0] result = (a = b)} (! return' {result}) ] diff --git a/creusot/tests/should_succeed/syntax/04_assoc_prec.coma b/creusot/tests/should_succeed/syntax/04_assoc_prec.coma index 8330d1fdf..fcf57e7c9 100644 --- a/creusot/tests/should_succeed/syntax/04_assoc_prec.coma +++ b/creusot/tests/should_succeed/syntax/04_assoc_prec.coma @@ -11,9 +11,9 @@ module M_04_assoc_prec__respect_prec [#"04_assoc_prec.rs" 12 0 12 34] meta "compute_max_steps" 1000000 - let rec respect_prec'0 (x:(uint32, uint32)) (return' (ret:()))= (! bb0 [ bb0 = return' {_0} ] ) - [ & _0 : () = any_l () ] - + let rec respect_prec'0[#"04_assoc_prec.rs" 12 0 12 34] (x:(uint32, uint32)) (return' (ret:()))= (! bb0 + [ bb0 = return' {_0} ] + ) [ & _0 : () = any_l () ] [ return' (result:())-> {[@expl:respect_prec ensures #0] [%#s04_assoc_prec0] 5 = 3 -> 2 + 1 = 3} {[@expl:respect_prec ensures #1] [%#s04_assoc_prec1] div (5 * 3) 2 <> 4 * (40 + 1)} {[@expl:respect_prec ensures #2] [%#s04_assoc_prec2] (let (a, _) = x in a) = (let (_, a) = x in a)} @@ -29,7 +29,7 @@ module M_04_assoc_prec__respect_assoc [#"04_assoc_prec.rs" 15 0 15 22] meta "compute_max_steps" 1000000 - let rec respect_assoc'0 (_1:()) (return' (ret:()))= (! bb0 [ bb0 = return' {_0} ] ) [ & _0 : () = any_l () ] - [ return' (result:())-> {[@expl:respect_assoc ensures] [%#s04_assoc_prec0] 0 + 1 = 0} (! return' {result}) ] - + let rec respect_assoc'0[#"04_assoc_prec.rs" 15 0 15 22] (_1:()) (return' (ret:()))= (! bb0 [ bb0 = return' {_0} ] ) + [ & _0 : () = any_l () ] + [ return' (result:())-> {[@expl:respect_assoc ensures] [%#s04_assoc_prec0] 0 + 1 = 0} (! return' {result}) ] end diff --git a/creusot/tests/should_succeed/syntax/05_annotations.coma b/creusot/tests/should_succeed/syntax/05_annotations.coma index ab6a0db83..b0477f43e 100644 --- a/creusot/tests/should_succeed/syntax/05_annotations.coma +++ b/creusot/tests/should_succeed/syntax/05_annotations.coma @@ -14,7 +14,7 @@ module M_05_annotations__assertion [#"05_annotations.rs" 5 0 5 25] meta "compute_max_steps" 1000000 - let rec assertion'0 (x:t_T'0) (return' (ret:()))= {[@expl:assertion 'x' type invariant] [%#s05_annotations1] inv'0 x} + let rec assertion'0[#"05_annotations.rs" 5 0 5 25] (x:t_T'0) (return' (ret:()))= {[@expl:assertion 'x' type invariant] [%#s05_annotations1] inv'0 x} (! bb0 [ bb0 = s0 [ s0 = {[@expl:type invariant] inv'0 x} s1 diff --git a/creusot/tests/should_succeed/syntax/05_pearlite.coma b/creusot/tests/should_succeed/syntax/05_pearlite.coma index eec1cbdbe..9f72572b9 100644 --- a/creusot/tests/should_succeed/syntax/05_pearlite.coma +++ b/creusot/tests/should_succeed/syntax/05_pearlite.coma @@ -50,7 +50,9 @@ module M_05_pearlite__struct_in_pearlite [#"05_pearlite.rs" 26 0 26 31] meta "compute_max_steps" 1000000 - let rec struct_in_pearlite'0 (x:t_A'0) (return' (ret:()))= (! bb0 [ bb0 = return' {_0} ] ) [ & _0 : () = any_l () ] + let rec struct_in_pearlite'0[#"05_pearlite.rs" 26 0 26 31] (x:t_A'0) (return' (ret:()))= (! bb0 + [ bb0 = return' {_0} ] + ) [ & _0 : () = any_l () ] [ return' (result:())-> {[@expl:struct_in_pearlite ensures] [%#s05_pearlite0] x = { t_A__a'0 = false }} (! return' {result}) ] @@ -67,7 +69,9 @@ module M_05_pearlite__struct_order [#"05_pearlite.rs" 34 0 34 25] meta "compute_max_steps" 1000000 - let rec struct_order'0 (x:t_B'0) (return' (ret:()))= (! bb0 [ bb0 = return' {_0} ] ) [ & _0 : () = any_l () ] + let rec struct_order'0[#"05_pearlite.rs" 34 0 34 25] (x:t_B'0) (return' (ret:()))= (! bb0 [ bb0 = return' {_0} ] ) + [ & _0 : () = any_l () ] + [ return' (result:())-> {[@expl:struct_order ensures] [%#s05_pearlite0] x = { t_B__field1'0 = false; t_B__field2'0 = (0 : uint32) }} (! return' {result}) ] @@ -90,7 +94,7 @@ module M_05_pearlite__ghost_closure [#"05_pearlite.rs" 50 0 50 22] meta "compute_max_steps" 1000000 - let rec ghost_closure'0 (_1:()) (return' (ret:()))= (! bb0 + let rec ghost_closure'0[#"05_pearlite.rs" 50 0 50 22] (_1:()) (return' (ret:()))= (! bb0 [ bb0 = s0 [ s0 = [ &_x <- [%#s05_pearlite0] Snapshot.new (Mapping.from_fn (fun (a : uint32) -> a)) ] s1 | s1 = bb1 ] @@ -110,7 +114,7 @@ module M_05_pearlite__pearlite_closure [#"05_pearlite.rs" 54 0 54 57] meta "compute_max_steps" 1000000 - let rec pearlite_closure'0 (_x:Snapshot.snap_ty (Map.map uint32 bool)) (return' (ret:()))= (! bb0 + let rec pearlite_closure'0[#"05_pearlite.rs" 54 0 54 57] (_x:Snapshot.snap_ty (Map.map uint32 bool)) (return' (ret:()))= (! bb0 [ bb0 = return' {_0} ] ) [ & _0 : () = any_l () ] [ return' (result:())-> (! return' {result}) ] end @@ -135,7 +139,7 @@ module M_05_pearlite__caller [#"05_pearlite.rs" 56 0 56 15] meta "compute_max_steps" 1000000 - let rec caller'0 (_1:()) (return' (ret:()))= (! bb0 + let rec caller'0[#"05_pearlite.rs" 56 0 56 15] (_1:()) (return' (ret:()))= (! bb0 [ bb0 = s0 [ s0 = [ &_2 <- [%#s05_pearlite0] Snapshot.new (Mapping.from_fn (fun (_a : uint32) -> true)) ] s1 | s1 = bb1 ] diff --git a/creusot/tests/should_succeed/syntax/07_extern_spec.coma b/creusot/tests/should_succeed/syntax/07_extern_spec.coma index 6c7cd2d3b..fa955bc87 100644 --- a/creusot/tests/should_succeed/syntax/07_extern_spec.coma +++ b/creusot/tests/should_succeed/syntax/07_extern_spec.coma @@ -7,7 +7,7 @@ module M_07_extern_spec__qyi8036055106851583299__func [#"07_extern_spec.rs" 11 4 meta "compute_max_steps" 1000000 - let rec func'0 (self:()) (_2:()) (return' (ret:bool))= (! bb0 + let rec func'0[#"07_extern_spec.rs" 11 4 11 34] (self:()) (_2:()) (return' (ret:bool))= (! bb0 [ bb0 = s0 [ s0 = [ &_0 <- [%#s07_extern_spec0] true ] s1 | s1 = return' {_0} ] ] ) [ & _0 : bool = any_l () ] [ return' (result:bool)-> (! return' {result}) ] end @@ -23,7 +23,7 @@ module M_07_extern_spec__extern_spec_UseSelf_i32_func_body [#"07_extern_spec.rs" meta "compute_max_steps" 1000000 - let rec extern_spec_UseSelf_i32_func_body'0 (self_:int32) (s:int32) (return' (ret:bool))= (! bb0 + let rec extern_spec_UseSelf_i32_func_body'0[#"07_extern_spec.rs" 30 8 30 40] (self_:int32) (s:int32) (return' (ret:bool))= (! bb0 [ bb0 = s0 [ s0 = Int32.eq {self_} {[%#s07_extern_spec0] (1 : int32)} (fun (_ret':bool) -> [ &_0 <- _ret' ] s1) | s1 = return' {_0} ] diff --git a/creusot/tests/should_succeed/syntax/09_maintains.coma b/creusot/tests/should_succeed/syntax/09_maintains.coma index b5fb5b56a..e4b69b02f 100644 --- a/creusot/tests/should_succeed/syntax/09_maintains.coma +++ b/creusot/tests/should_succeed/syntax/09_maintains.coma @@ -11,7 +11,7 @@ module M_09_maintains__test_1 [#"09_maintains.rs" 28 0 28 36] meta "compute_max_steps" 1000000 - let rec test_1'0 (a:()) (b:bool) (c:uint64) (return' (ret:()))= {[@expl:test_1 requires] [%#s09_maintains0] invariant'0 a b c} + let rec test_1'0[#"09_maintains.rs" 28 0 28 36] (a:()) (b:bool) (c:uint64) (return' (ret:()))= {[@expl:test_1 requires] [%#s09_maintains0] invariant'0 a b c} (! bb0 [ bb0 = return' {_0} ] ) [ & _0 : () = any_l () ] [ return' (result:())-> {[@expl:test_1 ensures] [%#s09_maintains0] invariant'0 a b c} (! return' {result}) ] @@ -38,7 +38,7 @@ module M_09_maintains__test_2 [#"09_maintains.rs" 31 0 31 41] meta "compute_max_steps" 1000000 - let rec test_2'0 (a:borrowed ()) (b:bool) (c:uint64) (return' (ret:()))= {[@expl:test_2 requires] [%#s09_maintains0] invariant'0 a.current b c} + let rec test_2'0[#"09_maintains.rs" 31 0 31 41] (a:borrowed ()) (b:bool) (c:uint64) (return' (ret:()))= {[@expl:test_2 requires] [%#s09_maintains0] invariant'0 a.current b c} (! bb0 [ bb0 = s0 [ s0 = -{resolve'0 a}- s1 | s1 = return' {_0} ] ] ) [ & _0 : () = any_l () | & a : borrowed () = a ] [ return' (result:())-> {[@expl:test_2 ensures] [%#s09_maintains0] invariant'0 a.final b c} (! return' {result}) ] @@ -71,7 +71,7 @@ module M_09_maintains__test_3 [#"09_maintains.rs" 34 0 34 46] meta "compute_max_steps" 1000000 - let rec test_3'0 (a:borrowed ()) (b:borrowed bool) (c:uint64) (return' (ret:()))= {[@expl:test_3 requires] [%#s09_maintains0] invariant'0 a.current b.current c} + let rec test_3'0[#"09_maintains.rs" 34 0 34 46] (a:borrowed ()) (b:borrowed bool) (c:uint64) (return' (ret:()))= {[@expl:test_3 requires] [%#s09_maintains0] invariant'0 a.current b.current c} (! bb0 [ bb0 = s0 [ s0 = -{resolve'0 b}- s1 | s1 = -{resolve'1 a}- s2 | s2 = return' {_0} ] ] ) [ & _0 : () = any_l () | & a : borrowed () = a | & b : borrowed bool = b ] @@ -96,7 +96,7 @@ module M_09_maintains__test_5 [#"09_maintains.rs" 37 0 37 29] meta "compute_max_steps" 1000000 - let rec test_5'0 (a:()) (b:usize) (return' (ret:()))= {[@expl:test_5 requires] [%#s09_maintains0] inv2'0 a (UIntSize.to_int b + let rec test_5'0[#"09_maintains.rs" 37 0 37 29] (a:()) (b:usize) (return' (ret:()))= {[@expl:test_5 requires] [%#s09_maintains0] inv2'0 a (UIntSize.to_int b + 0)} (! bb0 [ bb0 = return' {_0} ] ) [ & _0 : () = any_l () ] [ return' (result:())-> {[@expl:test_5 ensures] [%#s09_maintains0] inv2'0 a (UIntSize.to_int b + 0)} @@ -114,7 +114,7 @@ module M_09_maintains__test_6 [#"09_maintains.rs" 40 0 40 28] meta "compute_max_steps" 1000000 - let rec test_6'0 (a:()) (b:bool) (return' (ret:()))= {[@expl:test_6 requires] [%#s09_maintains0] other_inv'0 a b} + let rec test_6'0[#"09_maintains.rs" 40 0 40 28] (a:()) (b:bool) (return' (ret:()))= {[@expl:test_6 requires] [%#s09_maintains0] other_inv'0 a b} (! bb0 [ bb0 = return' {_0} ] ) [ & _0 : () = any_l () ] [ return' (result:())-> {[@expl:test_6 ensures] [%#s09_maintains0] other_inv'0 a b} (! return' {result}) ] diff --git a/creusot/tests/should_succeed/syntax/10_mutual_rec_types.coma b/creusot/tests/should_succeed/syntax/10_mutual_rec_types.coma index ef5f8e1c0..cde12726e 100644 --- a/creusot/tests/should_succeed/syntax/10_mutual_rec_types.coma +++ b/creusot/tests/should_succeed/syntax/10_mutual_rec_types.coma @@ -15,9 +15,9 @@ module M_10_mutual_rec_types__use_tree [#"10_mutual_rec_types.rs" 15 0 15 25] meta "compute_max_steps" 1000000 - let rec use_tree'0 (_1:t_Tree'0) (return' (ret:()))= (! bb0 [ bb0 = return' {_0} ] ) [ & _0 : () = any_l () ] - [ return' (result:())-> (! return' {result}) ] - + let rec use_tree'0[#"10_mutual_rec_types.rs" 15 0 15 25] (_1:t_Tree'0) (return' (ret:()))= (! bb0 + [ bb0 = return' {_0} ] + ) [ & _0 : () = any_l () ] [ return' (result:())-> (! return' {result}) ] end module M_10_mutual_rec_types__qyi18211245992252154719__height [#"10_mutual_rec_types.rs" 18 4 18 31] (* Tree *) let%span s10_mutual_rec_types0 = "10_mutual_rec_types.rs" 21 69 21 70 @@ -73,7 +73,7 @@ module M_10_mutual_rec_types__qyi18211245992252154719__height [#"10_mutual_rec_t meta "compute_max_steps" 1000000 - let rec height'0 (self:t_Tree'0) (return' (ret:uint64))= (! bb0 + let rec height'0[#"10_mutual_rec_types.rs" 18 4 18 31] (self:t_Tree'0) (return' (ret:uint64))= (! bb0 [ bb0 = any [ br0 -> {self.t_Tree__0'0 = C_None'0 } (! bb2) | br1 (x0:t_Node'0)-> {self.t_Tree__0'0 = C_Some'0 x0} (! bb3) ] diff --git a/creusot/tests/should_succeed/syntax/11_array_types.coma b/creusot/tests/should_succeed/syntax/11_array_types.coma index dca7f2e4d..0d50367e8 100644 --- a/creusot/tests/should_succeed/syntax/11_array_types.coma +++ b/creusot/tests/should_succeed/syntax/11_array_types.coma @@ -36,7 +36,7 @@ module M_11_array_types__omg [#"11_array_types.rs" 8 0 8 28] meta "compute_max_steps" 1000000 - let rec omg'0 (x:t_UsesArray'0) (return' (ret:()))= {[@expl:omg requires] [%#s11_array_types4] Seq.length (Slice.id x.t_UsesArray__0'0) + let rec omg'0[#"11_array_types.rs" 8 0 8 28] (x:t_UsesArray'0) (return' (ret:()))= {[@expl:omg requires] [%#s11_array_types4] Seq.length (Slice.id x.t_UsesArray__0'0) > 0 /\ Seq.length (Slice.id x.t_UsesArray__0'0) < UIntSize.to_int (v_MAX'0 : usize)} (! bb0 @@ -94,7 +94,7 @@ module M_11_array_types__call_omg [#"11_array_types.rs" 14 0 14 17] meta "compute_max_steps" 1000000 - let rec call_omg'0 (_1:()) (return' (ret:()))= (! bb0 + let rec call_omg'0[#"11_array_types.rs" 14 0 14 17] (_1:()) (return' (ret:()))= (! bb0 [ bb0 = s0 [ s0 = Slice.create {[%#s11_array_types0] (5 : usize)} {fun (_ : int) -> [%#s11_array_types1] (3 : int64)} (fun (_res:array int64) -> [ &arr <- _res ] s1) diff --git a/creusot/tests/should_succeed/syntax/12_ghost_code.coma b/creusot/tests/should_succeed/syntax/12_ghost_code.coma index 74dc30172..1b1ac3852 100644 --- a/creusot/tests/should_succeed/syntax/12_ghost_code.coma +++ b/creusot/tests/should_succeed/syntax/12_ghost_code.coma @@ -13,7 +13,7 @@ module M_12_ghost_code__ghost_arg [#"12_ghost_code.rs" 4 0 4 34] meta "compute_max_steps" 1000000 - let rec ghost_arg'0 (g:Snapshot.snap_ty uint32) (return' (ret:()))= (! bb0 + let rec ghost_arg'0[#"12_ghost_code.rs" 4 0 4 34] (g:Snapshot.snap_ty uint32) (return' (ret:()))= (! bb0 [ bb0 = s0 [ s0 = [ &_x <- [%#s12_ghost_code0] Snapshot.new (Snapshot.inner g) ] s1 | s1 = bb1 ] | bb1 = return' {_0} ] ) [ & _0 : () = any_l () | & g : Snapshot.snap_ty uint32 = g | & _x : Snapshot.snap_ty uint32 = any_l () ] @@ -77,7 +77,7 @@ module M_12_ghost_code__ghost_vec [#"12_ghost_code.rs" 8 0 8 18] meta "compute_max_steps" 1000000 - let rec ghost_vec'0 (_1:()) (return' (ret:()))= (! bb0 + let rec ghost_vec'0[#"12_ghost_code.rs" 8 0 8 18] (_1:()) (return' (ret:()))= (! bb0 [ bb0 = s0 [ s0 = new'0 {[%#s12_ghost_code0] ()} (fun (_ret':t_Vec'0) -> [ &x <- _ret' ] s1) | s1 = bb1 ] | bb1 = s0 [ s0 = [ &_s <- [%#s12_ghost_code1] Snapshot.new x ] s1 | s1 = bb2 ] | bb2 = bb3 @@ -109,7 +109,7 @@ module M_12_ghost_code__ghost_copy [#"12_ghost_code.rs" 17 0 17 19] meta "compute_max_steps" 1000000 - let rec ghost_copy'0 (_1:()) (return' (ret:()))= (! bb0 + let rec ghost_copy'0[#"12_ghost_code.rs" 17 0 17 19] (_1:()) (return' (ret:()))= (! bb0 [ bb0 = s0 [ s0 = [ &a <- [%#s12_ghost_code0] (0 : int32) ] s1 | s1 = [ &_s <- [%#s12_ghost_code1] Snapshot.new (Seq.snoc (Seq.empty : Seq.seq int32) (0 : int32)) ] s2 @@ -148,7 +148,7 @@ module M_12_ghost_code__ghost_is_copy [#"12_ghost_code.rs" 23 0 23 22] meta "compute_max_steps" 1000000 - let rec ghost_is_copy'0 (_1:()) (return' (ret:()))= (! bb0 + let rec ghost_is_copy'0[#"12_ghost_code.rs" 23 0 23 22] (_1:()) (return' (ret:()))= (! bb0 [ bb0 = s0 [ s0 = [ &x <- [%#s12_ghost_code0] (0 : int32) ] s1 | s1 = Borrow.borrow_mut {x} (fun (_ret':borrowed int32) -> [ &r <- _ret' ] [ &x <- _ret'.final ] s2) @@ -268,7 +268,7 @@ module M_12_ghost_code__ghost_check [#"12_ghost_code.rs" 35 0 35 20] meta "compute_max_steps" 1000000 - let rec ghost_check'0 (_1:()) (return' (ret:()))= (! bb0 + let rec ghost_check'0[#"12_ghost_code.rs" 35 0 35 20] (_1:()) (return' (ret:()))= (! bb0 [ bb0 = s0 [ s0 = new'0 {[%#s12_ghost_code0] ()} (fun (_ret':t_Vec'0) -> [ &x <- _ret' ] s1) | s1 = bb1 ] | bb1 = s0 [ s0 = [ &_2 <- [%#s12_ghost_code1] Snapshot.new (let _ = logi_drop'0 x in ()) ] s1 | s1 = bb2 ] | bb2 = s0 @@ -328,7 +328,7 @@ module M_12_ghost_code__takes_struct [#"12_ghost_code.rs" 52 0 52 36] meta "compute_max_steps" 1000000 - let rec takes_struct'0 (x:t_MyStruct'0) (return' (ret:()))= {[@expl:takes_struct requires] [%#s12_ghost_code1] view'0 x.t_MyStruct__g'0 + let rec takes_struct'0[#"12_ghost_code.rs" 52 0 52 36] (x:t_MyStruct'0) (return' (ret:()))= {[@expl:takes_struct requires] [%#s12_ghost_code1] view'0 x.t_MyStruct__g'0 = 0} (! bb0 [ bb0 = s0 [ s0 = [ &_3 <- [%#s12_ghost_code0] Snapshot.new x.t_MyStruct__f'0 ] s1 | s1 = bb1 ] diff --git a/creusot/tests/should_succeed/syntax/13_vec_macro.coma b/creusot/tests/should_succeed/syntax/13_vec_macro.coma index b497f1119..44b40c731 100644 --- a/creusot/tests/should_succeed/syntax/13_vec_macro.coma +++ b/creusot/tests/should_succeed/syntax/13_vec_macro.coma @@ -128,7 +128,7 @@ module M_13_vec_macro__x [#"13_vec_macro.rs" 5 0 5 10] meta "compute_max_steps" 1000000 - let rec x'0 (_1:()) (return' (ret:()))= (! bb0 + let rec x'0[#"13_vec_macro.rs" 5 0 5 10] (_1:()) (return' (ret:()))= (! bb0 [ bb0 = s0 [ s0 = new'0 {[%#slib0] ()} (fun (_ret':t_Vec'0) -> [ &v0 <- _ret' ] s1) | s1 = bb1 ] | bb1 = s0 [ s0 = {[@expl:assertion] [%#s13_vec_macro1] Seq.length (view'0 v0) = 0} s1 | s1 = bb2 ] | bb2 = s0 diff --git a/creusot/tests/should_succeed/syntax/14_const_fns.coma b/creusot/tests/should_succeed/syntax/14_const_fns.coma index e261b644b..c797fddfb 100644 --- a/creusot/tests/should_succeed/syntax/14_const_fns.coma +++ b/creusot/tests/should_succeed/syntax/14_const_fns.coma @@ -10,7 +10,8 @@ module M_14_const_fns__omg [#"14_const_fns.rs" 5 0 5 31] meta "compute_max_steps" 1000000 - let rec omg'0 (x:int32) (return' (ret:int32))= {[@expl:omg requires] [%#s14_const_fns1] Int32.to_int x = 3} + let rec omg'0[#"14_const_fns.rs" 5 0 5 31] (x:int32) (return' (ret:int32))= {[@expl:omg requires] [%#s14_const_fns1] Int32.to_int x + = 3} (! bb0 [ bb0 = s0 [ s0 = Int32.sub {x} {[%#s14_const_fns0] (1 : int32)} (fun (_ret':int32) -> [ &_0 <- _ret' ] s1) diff --git a/creusot/tests/should_succeed/syntax/derive_macros/mixed.coma b/creusot/tests/should_succeed/syntax/derive_macros/mixed.coma index 3e35b3659..a292e189a 100644 --- a/creusot/tests/should_succeed/syntax/derive_macros/mixed.coma +++ b/creusot/tests/should_succeed/syntax/derive_macros/mixed.coma @@ -54,7 +54,7 @@ module M_mixed__qyi9512435279263248376__clone [#"mixed.rs" 8 9 8 14] (* {self = C_A'0 x0} (! bb2) | br1 (x0:t_B'0)-> {self = C_B'0 x0} (! bb3) ] | bb3 = s0 @@ -398,7 +398,7 @@ module M_mixed__qyi1479716791028959114__eq [#"mixed.rs" 28 16 28 25] (* [ &_3 <- _ret' ] s1) | s1 = bb1 ] @@ -63,7 +63,7 @@ module M_int_suffix__foo [#"int_suffix.rs" 5 0 5 29] meta "compute_max_steps" 1000000 - let rec foo'0 (_1:()) (return' (ret:t_GhostBox'0))= (! bb0 + let rec foo'0[#"int_suffix.rs" 5 0 5 29] (_1:()) (return' (ret:t_GhostBox'0))= (! bb0 [ bb0 = s0 [ s0 = [ &_2 <- () ] s1 | s1 = closure1'0 {_2} (fun (_ret':t_GhostBox'0) -> [ &_0 <- _ret' ] s2) | s2 = bb1 ] diff --git a/creusot/tests/should_succeed/take_first_mut.coma b/creusot/tests/should_succeed/take_first_mut.coma index 2675be451..473e90ee9 100644 --- a/creusot/tests/should_succeed/take_first_mut.coma +++ b/creusot/tests/should_succeed/take_first_mut.coma @@ -189,7 +189,7 @@ module M_take_first_mut__take_first_mut [#"take_first_mut.rs" 14 0 14 74] meta "compute_max_steps" 1000000 - let rec take_first_mut'0 (self_:borrowed (borrowed (slice t_T'0))) (return' (ret:t_Option'1))= {[@expl:take_first_mut 'self_' type invariant] [%#stake_first_mut0] inv'2 self_} + let rec take_first_mut'0[#"take_first_mut.rs" 14 0 14 74] (self_:borrowed (borrowed (slice t_T'0))) (return' (ret:t_Option'1))= {[@expl:take_first_mut 'self_' type invariant] [%#stake_first_mut0] inv'2 self_} (! bb0 [ bb0 = s0 [ s0 = {inv'0 self_.current} diff --git a/creusot/tests/should_succeed/trait.coma b/creusot/tests/should_succeed/trait.coma index 4f35b36d3..143e87df8 100644 --- a/creusot/tests/should_succeed/trait.coma +++ b/creusot/tests/should_succeed/trait.coma @@ -13,7 +13,7 @@ module M_trait__uses_custom [#"trait.rs" 9 0 9 54] meta "compute_max_steps" 1000000 - let rec uses_custom'0 (_t:t_T'0) (return' (ret:()))= {[@expl:uses_custom '_t' type invariant] [%#strait0] inv'0 _t} + let rec uses_custom'0[#"trait.rs" 9 0 9 54] (_t:t_T'0) (return' (ret:()))= {[@expl:uses_custom '_t' type invariant] [%#strait0] inv'0 _t} (! bb0 [ bb0 = s0 [ s0 = {[@expl:type invariant] inv'0 _t} s1 | s1 = -{resolve'0 _t}- s2 | s2 = bb1 ] | bb1 = return' {_0} ] @@ -34,7 +34,7 @@ module M_trait__uses_custom2 [#"trait.rs" 13 0 13 61] meta "compute_max_steps" 1000000 - let rec uses_custom2'0 (_t:t_T'0) (return' (ret:()))= {[@expl:uses_custom2 '_t' type invariant] [%#strait0] inv'0 _t} + let rec uses_custom2'0[#"trait.rs" 13 0 13 61] (_t:t_T'0) (return' (ret:()))= {[@expl:uses_custom2 '_t' type invariant] [%#strait0] inv'0 _t} (! bb0 [ bb0 = s0 [ s0 = {[@expl:type invariant] inv'0 _t} s1 | s1 = -{resolve'0 _t}- s2 | s2 = bb1 ] | bb1 = return' {_0} ] diff --git a/creusot/tests/should_succeed/trait_impl.coma b/creusot/tests/should_succeed/trait_impl.coma index e9c799041..e4ec24c41 100644 --- a/creusot/tests/should_succeed/trait_impl.coma +++ b/creusot/tests/should_succeed/trait_impl.coma @@ -31,7 +31,7 @@ module M_trait_impl__qyi6389504558565875512__x [#"trait_impl.rs" 25 4 25 14] (* meta "compute_max_steps" 1000000 - let rec x'0 (self:(t_T1'0, t_T2'0)) (return' (ret:()))= {[@expl:x 'self' type invariant] [%#strait_impl0] inv'0 self} + let rec x'0[#"trait_impl.rs" 25 4 25 14] (self:(t_T1'0, t_T2'0)) (return' (ret:()))= {[@expl:x 'self' type invariant] [%#strait_impl0] inv'0 self} (! bb0 [ bb0 = s0 [ s0 = {[@expl:type invariant] inv'0 self} s1 | s1 = -{resolve'0 self}- s2 | s2 = bb1 ] | bb1 = return' {_0} ] @@ -44,9 +44,9 @@ module M_trait_impl__qyi5019122778080045761__x [#"trait_impl.rs" 29 4 29 14] (* meta "compute_max_steps" 1000000 - let rec x'0 (self:uint32) (return' (ret:()))= (! bb0 [ bb0 = return' {_0} ] ) [ & _0 : () = any_l () ] - [ return' (result:())-> (! return' {result}) ] - + let rec x'0[#"trait_impl.rs" 29 4 29 14] (self:uint32) (return' (ret:()))= (! bb0 [ bb0 = return' {_0} ] ) + [ & _0 : () = any_l () ] + [ return' (result:())-> (! return' {result}) ] end module M_trait_impl__qyi6389504558565875512__x__refines [#"trait_impl.rs" 25 4 25 14] (* <(T1, T2) as T> *) let%span strait_impl0 = "trait_impl.rs" 25 4 25 14 diff --git a/creusot/tests/should_succeed/traits/01.coma b/creusot/tests/should_succeed/traits/01.coma index 41104837a..970d5a214 100644 --- a/creusot/tests/should_succeed/traits/01.coma +++ b/creusot/tests/should_succeed/traits/01.coma @@ -20,7 +20,7 @@ module M_01__uses_generic [#"01.rs" 8 0 8 38] meta "compute_max_steps" 1000000 - let rec uses_generic'0 (b:t_T'0) (return' (ret:uint32))= {[@expl:uses_generic 'b' type invariant] [%#s010] inv'0 b} + let rec uses_generic'0[#"01.rs" 8 0 8 38] (b:t_T'0) (return' (ret:uint32))= {[@expl:uses_generic 'b' type invariant] [%#s010] inv'0 b} (! bb0 [ bb0 = s0 [ s0 = from_b'0 {b} (fun (_ret':uint32) -> [ &_0 <- _ret' ] s1) | s1 = bb1 ] | bb1 = bb2 diff --git a/creusot/tests/should_succeed/traits/02.coma b/creusot/tests/should_succeed/traits/02.coma index 7abbcadca..a8960a44f 100644 --- a/creusot/tests/should_succeed/traits/02.coma +++ b/creusot/tests/should_succeed/traits/02.coma @@ -27,7 +27,7 @@ module M_02__omg [#"02.rs" 11 0 11 30] meta "compute_max_steps" 1000000 - let rec omg'0 (a:t_T'0) (return' (ret:bool))= {[@expl:omg 'a' type invariant] [%#s020] inv'0 a} + let rec omg'0[#"02.rs" 11 0 11 30] (a:t_T'0) (return' (ret:bool))= {[@expl:omg 'a' type invariant] [%#s020] inv'0 a} (! bb0 [ bb0 = s0 [ s0 = is_true'0 {a} (fun (_ret':bool) -> [ &_0 <- _ret' ] s1) | s1 = bb1 ] | bb1 = s0 [ s0 = {[@expl:type invariant] inv'0 a} s1 | s1 = -{resolve'0 a}- s2 | s2 = bb2 ] diff --git a/creusot/tests/should_succeed/traits/03.coma b/creusot/tests/should_succeed/traits/03.coma index 8f2e58ebd..e5d5277a5 100644 --- a/creusot/tests/should_succeed/traits/03.coma +++ b/creusot/tests/should_succeed/traits/03.coma @@ -9,7 +9,7 @@ module M_03__qyi14704115191559214502__f [#"03.rs" 9 4 9 23] (* *) meta "compute_max_steps" 1000000 - let rec f'0 (self:int32) (return' (ret:int32))= (! bb0 + let rec f'0[#"03.rs" 9 4 9 23] (self:int32) (return' (ret:int32))= (! bb0 [ bb0 = s0 [ s0 = [ &_0 <- [%#s030] (0 : int32) ] s1 | s1 = return' {_0} ] ] ) [ & _0 : int32 = any_l () ] [ return' (result:int32)-> (! return' {result}) ] end @@ -24,7 +24,7 @@ module M_03__qyi2795904175370379619__g [#"03.rs" 20 4 20 23] (* *) meta "compute_max_steps" 1000000 - let rec g'0 (self:uint32) (return' (ret:uint32))= (! bb0 + let rec g'0[#"03.rs" 20 4 20 23] (self:uint32) (return' (ret:uint32))= (! bb0 [ bb0 = s0 [ s0 = [ &_0 <- [%#s030] (1 : uint32) ] s1 | s1 = return' {_0} ] ] ) [ & _0 : uint32 = any_l () ] [ return' (result:uint32)-> (! return' {result}) ] end @@ -50,7 +50,7 @@ module M_03__qyi4233438312138697795__h [#"03.rs" 30 4 30 24] (* *) meta "compute_max_steps" 1000000 - let rec h'0 (y:t_G'0) (return' (ret:t_G'0))= {[@expl:h 'y' type invariant] [%#s030] inv'0 y} + let rec h'0[#"03.rs" 30 4 30 24] (y:t_G'0) (return' (ret:t_G'0))= {[@expl:h 'y' type invariant] [%#s030] inv'0 y} (! bb0 [ bb0 = s0 [ s0 = [ &_0 <- y ] s1 | s1 = return' {_0} ] ] ) [ & _0 : t_G'0 = any_l () | & y : t_G'0 = y ] [ return' (result:t_G'0)-> {[@expl:h result type invariant] [%#s031] inv'0 result} (! return' {result}) ] diff --git a/creusot/tests/should_succeed/traits/04.coma b/creusot/tests/should_succeed/traits/04.coma index 11a89e1aa..af5652520 100644 --- a/creusot/tests/should_succeed/traits/04.coma +++ b/creusot/tests/should_succeed/traits/04.coma @@ -40,7 +40,7 @@ module M_04__user [#"04.rs" 14 0 14 39] meta "compute_max_steps" 1000000 - let rec user'0 (a:t_T'0) (b:t_T'0) (return' (ret:bool))= {[@expl:user 'a' type invariant] [%#s041] inv'0 a} + let rec user'0[#"04.rs" 14 0 14 39] (a:t_T'0) (b:t_T'0) (return' (ret:bool))= {[@expl:user 'a' type invariant] [%#s041] inv'0 a} {[@expl:user 'b' type invariant] [%#s042] inv'0 b} (! bb0 [ bb0 = s0 [ s0 = func1'0 {a} {b} (fun (_ret':bool) -> [ &_4 <- _ret' ] s1) | s1 = bb1 ] diff --git a/creusot/tests/should_succeed/traits/06.coma b/creusot/tests/should_succeed/traits/06.coma index c08beddc4..c4ce5505c 100644 --- a/creusot/tests/should_succeed/traits/06.coma +++ b/creusot/tests/should_succeed/traits/06.coma @@ -32,7 +32,7 @@ module M_06__test [#"06.rs" 9 0 11 15] meta "compute_max_steps" 1000000 - let rec test'0 (a:t_T'0) (return' (ret:t_Tgt'0))= {[@expl:test 'a' type invariant] [%#s061] inv'0 a} + let rec test'0[#"06.rs" 9 0 11 15] (a:t_T'0) (return' (ret:t_Tgt'0))= {[@expl:test 'a' type invariant] [%#s061] inv'0 a} (! bb0 [ bb0 = s0 [ s0 = ix'0 {a} {[%#s060] (0 : usize)} (fun (_ret':t_Tgt'0) -> [ &_0 <- _ret' ] s1) | s1 = bb1 ] | bb1 = return' {_0} ] diff --git a/creusot/tests/should_succeed/traits/07.coma b/creusot/tests/should_succeed/traits/07.coma index a9264a470..b8a6f0d44 100644 --- a/creusot/tests/should_succeed/traits/07.coma +++ b/creusot/tests/should_succeed/traits/07.coma @@ -7,9 +7,9 @@ module M_07__qyi5864428518595652275__ix [#"07.rs" 11 4 11 36] (* *) meta "compute_max_steps" 1000000 - let rec ix'0 (self:int32) (return' (ret:()))= (! bb0 [ bb0 = return' {_0} ] ) [ & _0 : () = any_l () ] - [ return' (result:())-> (! return' {result}) ] - + let rec ix'0[#"07.rs" 11 4 11 36] (self:int32) (return' (ret:()))= (! bb0 [ bb0 = return' {_0} ] ) + [ & _0 : () = any_l () ] + [ return' (result:())-> (! return' {result}) ] end module M_07__test [#"07.rs" 16 0 16 81] let%span s070 = "07.rs" 17 4 17 8 @@ -24,7 +24,7 @@ module M_07__test [#"07.rs" 16 0 16 81] meta "compute_max_steps" 1000000 - let rec test'0 (_a:uint32) (_b:uint64) (return' (ret:bool))= (! bb0 + let rec test'0[#"07.rs" 16 0 16 81] (_a:uint32) (_b:uint64) (return' (ret:bool))= (! bb0 [ bb0 = s0 [ s0 = [ &_0 <- [%#s070] true ] s1 | s1 = return' {_0} ] ] ) [ & _0 : bool = any_l () ] [ return' (result:bool)-> (! return' {result}) ] end @@ -39,7 +39,7 @@ module M_07__test2 [#"07.rs" 20 0 20 21] meta "compute_max_steps" 1000000 - let rec test2'0 (a:int32) (return' (ret:()))= (! bb0 + let rec test2'0[#"07.rs" 20 0 20 21] (a:int32) (return' (ret:()))= (! bb0 [ bb0 = s0 [ s0 = ix'0 {a} (fun (_ret':()) -> [ &_0 <- _ret' ] s1) | s1 = bb1 ] | bb1 = return' {_0} ] ) [ & _0 : () = any_l () | & a : int32 = a ] [ return' (result:())-> (! return' {result}) ] end diff --git a/creusot/tests/should_succeed/traits/08.coma b/creusot/tests/should_succeed/traits/08.coma index 810b77b14..52a977d1b 100644 --- a/creusot/tests/should_succeed/traits/08.coma +++ b/creusot/tests/should_succeed/traits/08.coma @@ -19,7 +19,7 @@ module M_08__Tr__program [#"08.rs" 12 4 12 21] meta "compute_max_steps" 1000000 - let rec program'0 (self:t_Self'0) (return' (ret:()))= {[@expl:program 'self' type invariant] [%#s080] inv'0 self} + let rec program'0[#"08.rs" 12 4 12 21] (self:t_Self'0) (return' (ret:()))= {[@expl:program 'self' type invariant] [%#s080] inv'0 self} (! bb0 [ bb0 = return' {_0} ] ) [ & _0 : () = any_l () ] [ return' (result:())-> (! return' {result}) ] end module M_08__test [#"08.rs" 15 0 15 24] @@ -35,7 +35,7 @@ module M_08__test [#"08.rs" 15 0 15 24] meta "compute_max_steps" 1000000 - let rec test'0 (_1:t_T'0) (return' (ret:()))= {[@expl:test '_1' type invariant] inv'0 _1} + let rec test'0[#"08.rs" 15 0 15 24] (_1:t_T'0) (return' (ret:()))= {[@expl:test '_1' type invariant] inv'0 _1} (! bb0 [ bb0 = s0 [ s0 = {[@expl:type invariant] inv'0 _1} s1 | s1 = -{resolve'0 _1}- s2 | s2 = bb1 ] | bb1 = return' {_0} ] diff --git a/creusot/tests/should_succeed/traits/09.coma b/creusot/tests/should_succeed/traits/09.coma index 8063dd1e5..061059346 100644 --- a/creusot/tests/should_succeed/traits/09.coma +++ b/creusot/tests/should_succeed/traits/09.coma @@ -7,7 +7,7 @@ module M_09__test [#"09.rs" 7 0 7 43] meta "compute_max_steps" 1000000 - let rec test'0 (t:uint32) (return' (ret:uint32))= (! bb0 + let rec test'0[#"09.rs" 7 0 7 43] (t:uint32) (return' (ret:uint32))= (! bb0 [ bb0 = s0 [ s0 = UInt32.add {t} {[%#s090] (0 : uint32)} (fun (_ret':uint32) -> [ &_0 <- _ret' ] s1) | s1 = return' {_0} ] ] @@ -25,7 +25,7 @@ module M_09__test2 [#"09.rs" 11 0 11 53] meta "compute_max_steps" 1000000 - let rec test2'0 (t:t_X'0) (return' (ret:t_X'0))= {[@expl:test2 't' type invariant] [%#s090] inv'0 t} + let rec test2'0[#"09.rs" 11 0 11 53] (t:t_X'0) (return' (ret:t_X'0))= {[@expl:test2 't' type invariant] [%#s090] inv'0 t} (! bb0 [ bb0 = s0 [ s0 = [ &_0 <- t ] s1 | s1 = bb1 ] | bb1 = return' {_0} ] ) [ & _0 : t_X'0 = any_l () | & t : t_X'0 = t ] [ return' (result:t_X'0)-> {[@expl:test2 result type invariant] [%#s091] inv'0 result} (! return' {result}) ] diff --git a/creusot/tests/should_succeed/traits/11.coma b/creusot/tests/should_succeed/traits/11.coma index 684ee08d0..cb5c21107 100644 --- a/creusot/tests/should_succeed/traits/11.coma +++ b/creusot/tests/should_succeed/traits/11.coma @@ -11,7 +11,7 @@ module M_11__test [#"11.rs" 18 0 18 23] meta "compute_max_steps" 1000000 - let rec test'0 (_1:t_T'0) (return' (ret:()))= {[@expl:test '_1' type invariant] inv'0 _1} + let rec test'0[#"11.rs" 18 0 18 23] (_1:t_T'0) (return' (ret:()))= {[@expl:test '_1' type invariant] inv'0 _1} (! bb0 [ bb0 = s0 [ s0 = {[@expl:type invariant] inv'0 _1} s1 | s1 = -{resolve'0 _1}- s2 | s2 = bb1 ] | bb1 = return' {_0} ] diff --git a/creusot/tests/should_succeed/traits/12_default_method.coma b/creusot/tests/should_succeed/traits/12_default_method.coma index 9098b2207..fbe9b36cd 100644 --- a/creusot/tests/should_succeed/traits/12_default_method.coma +++ b/creusot/tests/should_succeed/traits/12_default_method.coma @@ -22,7 +22,7 @@ module M_12_default_method__T__default [#"12_default_method.rs" 6 4 6 28] meta "compute_max_steps" 1000000 - let rec default'0 (self:t_Self'0) (return' (ret:uint32))= {[@expl:default 'self' type invariant] [%#s12_default_method1] inv'0 self} + let rec default'0[#"12_default_method.rs" 6 4 6 28] (self:t_Self'0) (return' (ret:uint32))= {[@expl:default 'self' type invariant] [%#s12_default_method1] inv'0 self} (! bb0 [ bb0 = s0 [ s0 = [ &_0 <- [%#s12_default_method0] (0 : uint32) ] s1 | s1 = return' {_0} ] ] ) [ & _0 : uint32 = any_l () ] [ return' (result:uint32)-> (! return' {result}) ] @@ -50,7 +50,7 @@ module M_12_default_method__should_use_impl [#"12_default_method.rs" 20 0 20 30] meta "compute_max_steps" 1000000 - let rec should_use_impl'0 (x:uint32) (return' (ret:()))= (! bb0 + let rec should_use_impl'0[#"12_default_method.rs" 20 0 20 30] (x:uint32) (return' (ret:()))= (! bb0 [ bb0 = s0 [ s0 = default'0 {x} (fun (_ret':uint32) -> [ &_3 <- _ret' ] s1) | s1 = bb1 ] | bb1 = return' {_0} ] ) [ & _0 : () = any_l () | & x : uint32 = x | & _3 : uint32 = any_l () ] [ return' (result:())-> {[@expl:should_use_impl ensures] [%#s12_default_method0] logic_default'0 x} diff --git a/creusot/tests/should_succeed/traits/13_assoc_types.coma b/creusot/tests/should_succeed/traits/13_assoc_types.coma index 115ab0687..3a33b17d3 100644 --- a/creusot/tests/should_succeed/traits/13_assoc_types.coma +++ b/creusot/tests/should_succeed/traits/13_assoc_types.coma @@ -24,7 +24,7 @@ module M_13_assoc_types__qyi11241673612681154680__model [#"13_assoc_types.rs" 13 meta "compute_max_steps" 1000000 - let rec model'0 (self:t_T'0) (return' (ret:t_ModelTy'0))= {[@expl:model 'self' type invariant] [%#s13_assoc_types0] inv'0 self} + let rec model'0[#"13_assoc_types.rs" 13 4 13 35] (self:t_T'0) (return' (ret:t_ModelTy'0))= {[@expl:model 'self' type invariant] [%#s13_assoc_types0] inv'0 self} (! bb0 [ bb0 = s0 [ s0 = model'0 {self} (fun (_ret':t_ModelTy'0) -> [ &_0 <- _ret' ] s1) | s1 = bb1 ] | bb1 = return' {_0} ] diff --git a/creusot/tests/should_succeed/traits/15_impl_interfaces.coma b/creusot/tests/should_succeed/traits/15_impl_interfaces.coma index 5798fc7a4..e338761bc 100644 --- a/creusot/tests/should_succeed/traits/15_impl_interfaces.coma +++ b/creusot/tests/should_succeed/traits/15_impl_interfaces.coma @@ -7,6 +7,7 @@ module M_15_impl_interfaces__calls [#"15_impl_interfaces.rs" 23 0 23 36] meta "compute_max_steps" 1000000 - let rec calls'0 (a:()) (return' (ret:()))= {[@expl:calls requires] [%#s15_impl_interfaces0] x'0 a = ()} + let rec calls'0[#"15_impl_interfaces.rs" 23 0 23 36] (a:()) (return' (ret:()))= {[@expl:calls requires] [%#s15_impl_interfaces0] x'0 a + = ()} (! bb0 [ bb0 = return' {_0} ] ) [ & _0 : () = any_l () ] [ return' (result:())-> (! return' {result}) ] end diff --git a/creusot/tests/should_succeed/traits/16_impl_cloning.coma b/creusot/tests/should_succeed/traits/16_impl_cloning.coma index 3a2eea5c9..67535cb87 100644 --- a/creusot/tests/should_succeed/traits/16_impl_cloning.coma +++ b/creusot/tests/should_succeed/traits/16_impl_cloning.coma @@ -103,7 +103,7 @@ module M_16_impl_cloning__test [#"16_impl_cloning.rs" 16 0 16 30] meta "compute_max_steps" 1000000 - let rec test'0 (x:borrowed (t_Vec'0)) (return' (ret:()))= {[@expl:test 'x' type invariant] [%#s16_impl_cloning0] inv'0 x} + let rec test'0[#"16_impl_cloning.rs" 16 0 16 30] (x:borrowed (t_Vec'0)) (return' (ret:()))= {[@expl:test 'x' type invariant] [%#s16_impl_cloning0] inv'0 x} (! bb0 [ bb0 = s0 [ s0 = {[@expl:type invariant] inv'0 x} s1 | s1 = -{resolve'0 x}- s2 | s2 = return' {_0} ] ] ) [ & _0 : () = any_l () | & x : borrowed (t_Vec'0) = x ] diff --git a/creusot/tests/should_succeed/trigger.coma b/creusot/tests/should_succeed/trigger.coma index 9f990223f..f8985d2e0 100644 --- a/creusot/tests/should_succeed/trigger.coma +++ b/creusot/tests/should_succeed/trigger.coma @@ -36,7 +36,7 @@ module M_trigger__test [#"trigger.rs" 22 0 22 13] meta "compute_max_steps" 1000000 - let rec test'0 (_1:()) (return' (ret:()))= (! bb0 + let rec test'0[#"trigger.rs" 22 0 22 13] (_1:()) (return' (ret:()))= (! bb0 [ bb0 = s0 [ s0 = [ &_2 <- [%#strigger0] Snapshot.new () ] s1 | s1 = bb1 ] | bb1 = return' {_0} ] ) [ & _0 : () = any_l () | & _2 : Snapshot.snap_ty () = any_l () ] [ return' (result:())-> {[@expl:test ensures] [%#strigger1] id'0 5 >= id'0 2} (! return' {result}) ] diff --git a/creusot/tests/should_succeed/two_modules.coma b/creusot/tests/should_succeed/two_modules.coma index e5dc17bcb..d67de7846 100644 --- a/creusot/tests/should_succeed/two_modules.coma +++ b/creusot/tests/should_succeed/two_modules.coma @@ -10,7 +10,7 @@ module M_two_modules__mod2__x [#"two_modules.rs" 15 4 15 33] meta "compute_max_steps" 1000000 - let rec x'0 (_t:t_T'0) (return' (ret:bool))= (! bb0 + let rec x'0[#"two_modules.rs" 15 4 15 33] (_t:t_T'0) (return' (ret:bool))= (! bb0 [ bb0 = s0 [ s0 = [ &_0 <- [%#stwo_modules0] true ] s1 | s1 = return' {_0} ] ] ) [ & _0 : bool = any_l () ] [ return' (result:bool)-> (! return' {result}) ] end @@ -26,7 +26,7 @@ module M_two_modules__f [#"two_modules.rs" 22 0 22 10] meta "compute_max_steps" 1000000 - let rec f'0 (_1:()) (return' (ret:()))= (! bb0 + let rec f'0[#"two_modules.rs" 22 0 22 10] (_1:()) (return' (ret:()))= (! bb0 [ bb0 = s0 [ s0 = [ &_2 <- C_B'0 ] s1 | s1 = x'0 {_2} (fun (_ret':bool) -> [ &_1 <- _ret' ] s2) | s2 = bb1 ] | bb1 = return' {_0} ] ) [ & _0 : () = any_l () | & _1 : bool = any_l () | & _2 : t_T'0 = any_l () ] diff --git a/creusot/tests/should_succeed/type_constructors.coma b/creusot/tests/should_succeed/type_constructors.coma index a2dc9bd91..44aeff012 100644 --- a/creusot/tests/should_succeed/type_constructors.coma +++ b/creusot/tests/should_succeed/type_constructors.coma @@ -8,7 +8,7 @@ module M_type_constructors__f [#"type_constructors.rs" 17 0 17 10] meta "compute_max_steps" 1000000 - let rec f'0 (_1:()) (return' (ret:()))= (! bb0 [ bb0 = s0 [ s0 = [ &_3 <- C_B'0 ] s1 | s1 = return' {_0} ] ] ) - [ & _0 : () = any_l () | & _3 : t_X'0 = any_l () ] - [ return' (result:())-> (! return' {result}) ] + let rec f'0[#"type_constructors.rs" 17 0 17 10] (_1:()) (return' (ret:()))= (! bb0 + [ bb0 = s0 [ s0 = [ &_3 <- C_B'0 ] s1 | s1 = return' {_0} ] ] + ) [ & _0 : () = any_l () | & _3 : t_X'0 = any_l () ] [ return' (result:())-> (! return' {result}) ] end diff --git a/creusot/tests/should_succeed/type_invariants/generated.coma b/creusot/tests/should_succeed/type_invariants/generated.coma index 94c74fc0f..478e35104 100644 --- a/creusot/tests/should_succeed/type_invariants/generated.coma +++ b/creusot/tests/should_succeed/type_invariants/generated.coma @@ -70,7 +70,7 @@ module M_generated__use_foo [#"generated.rs" 19 0 19 61] meta "compute_max_steps" 1000000 - let rec use_foo'0 (x:t_Foo'0) (return' (ret:()))= {[@expl:use_foo 'x' type invariant] [%#sgenerated1] inv'0 x} + let rec use_foo'0[#"generated.rs" 19 0 19 61] (x:t_Foo'0) (return' (ret:()))= {[@expl:use_foo 'x' type invariant] [%#sgenerated1] inv'0 x} (! bb0 [ bb0 = s0 [ s0 = {[@expl:type invariant] inv'0 x} s1 diff --git a/creusot/tests/should_succeed/type_invariants/non_zero.coma b/creusot/tests/should_succeed/type_invariants/non_zero.coma index 885ad7ff3..7638d16f2 100644 --- a/creusot/tests/should_succeed/type_invariants/non_zero.coma +++ b/creusot/tests/should_succeed/type_invariants/non_zero.coma @@ -27,7 +27,8 @@ module M_non_zero__qyi12916758414494363779__new [#"non_zero.rs" 16 4 16 30] (* N meta "compute_max_steps" 1000000 - let rec new'0 (n:uint32) (return' (ret:t_NonZeroU32'0))= {[@expl:new requires] [%#snon_zero0] UInt32.to_int n > 0} + let rec new'0[#"non_zero.rs" 16 4 16 30] (n:uint32) (return' (ret:t_NonZeroU32'0))= {[@expl:new requires] [%#snon_zero0] UInt32.to_int n + > 0} (! bb0 [ bb0 = s0 [ s0 = [ &_0 <- { t_NonZeroU32__0'0 = n } ] s1 | s1 = return' {_0} ] ] ) [ & _0 : t_NonZeroU32'0 = any_l () | & n : uint32 = n ] @@ -68,7 +69,7 @@ module M_non_zero__qyi12916758414494363779__add [#"non_zero.rs" 21 4 21 39] (* N meta "compute_max_steps" 1000000 - let rec add'0 (self:t_NonZeroU32'0) (rhs:t_NonZeroU32'0) (return' (ret:t_NonZeroU32'0))= {[@expl:add 'self' type invariant] [%#snon_zero0] inv'0 self} + let rec add'0[#"non_zero.rs" 21 4 21 39] (self:t_NonZeroU32'0) (rhs:t_NonZeroU32'0) (return' (ret:t_NonZeroU32'0))= {[@expl:add 'self' type invariant] [%#snon_zero0] inv'0 self} {[@expl:add 'rhs' type invariant] [%#snon_zero1] inv'0 rhs} {[@expl:add requires] [%#snon_zero2] UInt32.to_int self.t_NonZeroU32__0'0 + UInt32.to_int rhs.t_NonZeroU32__0'0 <= UInt32.to_int (v_MAX'0 : uint32)} @@ -154,7 +155,7 @@ module M_non_zero__qyi12916758414494363779__sub [#"non_zero.rs" 40 4 40 39] (* N meta "compute_max_steps" 1000000 - let rec sub'0 (self:t_NonZeroU32'0) (rhs:t_NonZeroU32'0) (return' (ret:t_NonZeroU32'0))= {[@expl:sub 'self' type invariant] [%#snon_zero0] inv'0 self} + let rec sub'0[#"non_zero.rs" 40 4 40 39] (self:t_NonZeroU32'0) (rhs:t_NonZeroU32'0) (return' (ret:t_NonZeroU32'0))= {[@expl:sub 'self' type invariant] [%#snon_zero0] inv'0 self} {[@expl:sub 'rhs' type invariant] [%#snon_zero1] inv'0 rhs} {[@expl:sub requires] [%#snon_zero2] sub_pre'0 self rhs} (! bb0 diff --git a/creusot/tests/should_succeed/type_invariants/type_invariants.coma b/creusot/tests/should_succeed/type_invariants/type_invariants.coma index 0bafdfaaf..259c885a2 100644 --- a/creusot/tests/should_succeed/type_invariants/type_invariants.coma +++ b/creusot/tests/should_succeed/type_invariants/type_invariants.coma @@ -18,7 +18,7 @@ module M_type_invariants__id [#"type_invariants.rs" 14 0 14 44] meta "compute_max_steps" 1000000 - let rec id'0 (x:()) (return' (ret:()))= {[@expl:id 'x' type invariant] [%#stype_invariants0] inv'0 x} + let rec id'0[#"type_invariants.rs" 14 0 14 44] (x:()) (return' (ret:()))= {[@expl:id 'x' type invariant] [%#stype_invariants0] inv'0 x} (! bb0 [ bb0 = s0 [ s0 = [ &_0 <- x ] s1 | s1 = return' {_0} ] ] ) [ & _0 : () = any_l () | & x : () = x ] [ return' (result:())-> {[@expl:id result type invariant] [%#stype_invariants1] inv'0 result} (! return' {result}) ] diff --git a/creusot/tests/should_succeed/type_invariants/vec_inv.coma b/creusot/tests/should_succeed/type_invariants/vec_inv.coma index f409ef5a3..1467b3da9 100644 --- a/creusot/tests/should_succeed/type_invariants/vec_inv.coma +++ b/creusot/tests/should_succeed/type_invariants/vec_inv.coma @@ -116,7 +116,7 @@ module M_vec_inv__vec [#"vec_inv.rs" 18 0 18 32] meta "compute_max_steps" 1000000 - let rec vec'0 (x:t_Vec'0) (return' (ret:()))= {[@expl:vec 'x' type invariant] [%#svec_inv1] inv'0 x} + let rec vec'0[#"vec_inv.rs" 18 0 18 32] (x:t_Vec'0) (return' (ret:()))= {[@expl:vec 'x' type invariant] [%#svec_inv1] inv'0 x} {[@expl:vec requires] [%#svec_inv2] Seq.length (view'0 x) > 0} (! bb0 [ bb0 = s0 [ s0 = {[@expl:type invariant] inv'0 x} s1 | s1 = -{resolve'0 x}- s2 | s2 = bb1 ] diff --git a/creusot/tests/should_succeed/unnest.coma b/creusot/tests/should_succeed/unnest.coma index 2342095c1..cb5593ac7 100644 --- a/creusot/tests/should_succeed/unnest.coma +++ b/creusot/tests/should_succeed/unnest.coma @@ -24,7 +24,7 @@ module M_unnest__unnest [#"unnest.rs" 8 0 8 64] meta "compute_max_steps" 1000000 - let rec unnest'0 (x:borrowed (borrowed uint32)) (return' (ret:borrowed uint32))= (! bb0 + let rec unnest'0[#"unnest.rs" 8 0 8 64] (x:borrowed (borrowed uint32)) (return' (ret:borrowed uint32))= (! bb0 [ bb0 = s0 [ s0 = Borrow.borrow_mut {(x.current).current} (fun (_ret':borrowed uint32) -> diff --git a/creusot/tests/should_succeed/unused_in_loop.coma b/creusot/tests/should_succeed/unused_in_loop.coma index aa076ada7..cdd0e234f 100644 --- a/creusot/tests/should_succeed/unused_in_loop.coma +++ b/creusot/tests/should_succeed/unused_in_loop.coma @@ -9,7 +9,7 @@ module M_unused_in_loop__unused_in_loop [#"unused_in_loop.rs" 5 0 5 37] meta "compute_max_steps" 1000000 - let rec unused_in_loop'0 (b:bool) (return' (ret:uint32))= (! bb0 + let rec unused_in_loop'0[#"unused_in_loop.rs" 5 0 5 37] (b:bool) (return' (ret:uint32))= (! bb0 [ bb0 = s0 [ s0 = [ &x <- [%#sunused_in_loop0] (10 : uint32) ] s1 | s1 = bb1 ] | bb1 = bb1 [ bb1 = {[@expl:loop invariant] [%#sunused_in_loop1] true} diff --git a/creusot/tests/should_succeed/vecdeque.coma b/creusot/tests/should_succeed/vecdeque.coma index 51af626ca..9ecb775e9 100644 --- a/creusot/tests/should_succeed/vecdeque.coma +++ b/creusot/tests/should_succeed/vecdeque.coma @@ -222,7 +222,7 @@ module M_vecdeque__test_deque [#"vecdeque.rs" 5 0 5 19] meta "compute_max_steps" 1000000 - let rec test_deque'0 (_1:()) (return' (ret:()))= (! bb0 + let rec test_deque'0[#"vecdeque.rs" 5 0 5 19] (_1:()) (return' (ret:()))= (! bb0 [ bb0 = s0 [ s0 = with_capacity'0 {[%#svecdeque0] (5 : usize)} (fun (_ret':t_VecDeque'0) -> [ &deque <- _ret' ] s1) | s1 = bb1 ] diff --git a/creusot/tests/should_succeed/vector/01.coma b/creusot/tests/should_succeed/vector/01.coma index 5086234a5..163aa333e 100644 --- a/creusot/tests/should_succeed/vector/01.coma +++ b/creusot/tests/should_succeed/vector/01.coma @@ -261,7 +261,7 @@ module M_01__all_zero [#"01.rs" 7 0 7 33] meta "compute_max_steps" 1000000 - let rec all_zero'0 (v:borrowed (t_Vec'0)) (return' (ret:()))= (! bb0 + let rec all_zero'0[#"01.rs" 7 0 7 33] (v:borrowed (t_Vec'0)) (return' (ret:()))= (! bb0 [ bb0 = s0 [ s0 = [ &old_v <- [%#s010] Snapshot.new v ] s1 | s1 = bb1 ] | bb1 = s0 [ s0 = len'0 {v.current} (fun (_ret':usize) -> [ &_8 <- _ret' ] s1) | s1 = bb2 ] | bb2 = s0 diff --git a/creusot/tests/should_succeed/vector/02_gnome.coma b/creusot/tests/should_succeed/vector/02_gnome.coma index d40bb2e87..c660fb5c4 100644 --- a/creusot/tests/should_succeed/vector/02_gnome.coma +++ b/creusot/tests/should_succeed/vector/02_gnome.coma @@ -346,7 +346,7 @@ module M_02_gnome__gnome_sort [#"02_gnome.rs" 22 0 24 29] meta "compute_max_steps" 1000000 - let rec gnome_sort'0 (v:borrowed (t_Vec'0)) (return' (ret:()))= {[@expl:gnome_sort 'v' type invariant] [%#s02_gnome9] inv'3 v} + let rec gnome_sort'0[#"02_gnome.rs" 22 0 24 29] (v:borrowed (t_Vec'0)) (return' (ret:()))= {[@expl:gnome_sort 'v' type invariant] [%#s02_gnome9] inv'3 v} (! bb0 [ bb0 = s0 [ s0 = [ &old_v <- [%#s02_gnome0] Snapshot.new v ] s1 | s1 = bb1 ] | bb1 = s0 [ s0 = [ &i <- [%#s02_gnome1] (0 : usize) ] s1 | s1 = [ &old_2_0 <- Snapshot.new v ] s2 | s2 = bb2 ] diff --git a/creusot/tests/should_succeed/vector/03_knuth_shuffle.coma b/creusot/tests/should_succeed/vector/03_knuth_shuffle.coma index 39fbc17b1..27f279da6 100644 --- a/creusot/tests/should_succeed/vector/03_knuth_shuffle.coma +++ b/creusot/tests/should_succeed/vector/03_knuth_shuffle.coma @@ -322,7 +322,7 @@ module M_03_knuth_shuffle__knuth_shuffle [#"03_knuth_shuffle.rs" 13 0 13 39] meta "compute_max_steps" 1000000 - let rec knuth_shuffle'0 (v:borrowed (t_Vec'0)) (return' (ret:()))= {[@expl:knuth_shuffle 'v' type invariant] [%#s03_knuth_shuffle9] inv'5 v} + let rec knuth_shuffle'0[#"03_knuth_shuffle.rs" 13 0 13 39] (v:borrowed (t_Vec'0)) (return' (ret:()))= {[@expl:knuth_shuffle 'v' type invariant] [%#s03_knuth_shuffle9] inv'5 v} (! bb0 [ bb0 = s0 [ s0 = [ &old_v <- [%#s03_knuth_shuffle0] Snapshot.new v ] s1 | s1 = bb1 ] | bb1 = s0 [ s0 = len'0 {v.current} (fun (_ret':usize) -> [ &_7 <- _ret' ] s1) | s1 = bb2 ] diff --git a/creusot/tests/should_succeed/vector/04_binary_search.coma b/creusot/tests/should_succeed/vector/04_binary_search.coma index b8b3fb858..7f6b718bc 100644 --- a/creusot/tests/should_succeed/vector/04_binary_search.coma +++ b/creusot/tests/should_succeed/vector/04_binary_search.coma @@ -116,7 +116,7 @@ module M_04_binary_search__binary_search [#"04_binary_search.rs" 26 0 26 71] meta "compute_max_steps" 1000000 - let rec binary_search'0 (arr:t_Vec'0) (elem:uint32) (return' (ret:t_Result'0))= {[@expl:binary_search requires #0] [%#s04_binary_search10] Seq.length (view'0 arr) + let rec binary_search'0[#"04_binary_search.rs" 26 0 26 71] (arr:t_Vec'0) (elem:uint32) (return' (ret:t_Result'0))= {[@expl:binary_search requires #0] [%#s04_binary_search10] Seq.length (view'0 arr) <= UIntSize.to_int (v_MAX'0 : usize)} {[@expl:binary_search requires #1] [%#s04_binary_search11] sorted'0 (view'0 arr)} (! bb0 diff --git a/creusot/tests/should_succeed/vector/05_binary_search_generic.coma b/creusot/tests/should_succeed/vector/05_binary_search_generic.coma index ba29fab68..5873de052 100644 --- a/creusot/tests/should_succeed/vector/05_binary_search_generic.coma +++ b/creusot/tests/should_succeed/vector/05_binary_search_generic.coma @@ -268,7 +268,7 @@ module M_05_binary_search_generic__binary_search [#"05_binary_search_generic.rs" meta "compute_max_steps" 1000000 - let rec binary_search'0 (arr:t_Vec'0) (elem:t_T'0) (return' (ret:t_Result'0))= {[@expl:binary_search 'arr' type invariant] [%#s05_binary_search_generic10] inv'1 arr} + let rec binary_search'0[#"05_binary_search_generic.rs" 27 0 29 29] (arr:t_Vec'0) (elem:t_T'0) (return' (ret:t_Result'0))= {[@expl:binary_search 'arr' type invariant] [%#s05_binary_search_generic10] inv'1 arr} {[@expl:binary_search 'elem' type invariant] [%#s05_binary_search_generic11] inv'0 elem} {[@expl:binary_search requires #0] [%#s05_binary_search_generic12] Seq.length (view'0 arr) <= UIntSize.to_int (v_MAX'0 : usize)} diff --git a/creusot/tests/should_succeed/vector/06_knights_tour.coma b/creusot/tests/should_succeed/vector/06_knights_tour.coma index 83756e7c9..c03231872 100644 --- a/creusot/tests/should_succeed/vector/06_knights_tour.coma +++ b/creusot/tests/should_succeed/vector/06_knights_tour.coma @@ -17,7 +17,7 @@ module M_06_knights_tour__qyi50474406909270761__clone [#"06_knights_tour.rs" 4 1 meta "compute_max_steps" 1000000 - let rec clone'0 (self:t_Point'0) (return' (ret:t_Point'0))= (! bb0 + let rec clone'0[#"06_knights_tour.rs" 4 15 4 20] (self:t_Point'0) (return' (ret:t_Point'0))= (! bb0 [ bb0 = s0 [ s0 = [ &_5 <- self.t_Point__x'0 ] s1 | s1 = clone'1 {_5} (fun (_ret':isize) -> [ &_3 <- _ret' ] s2) @@ -61,7 +61,7 @@ module M_06_knights_tour__qyi18370800917002056__mov [#"06_knights_tour.rs" 18 4 meta "compute_max_steps" 1000000 - let rec mov'0 (self:t_Point'0) (p:(isize, isize)) (return' (ret:t_Point'0))= {[@expl:mov requires #0] [%#s06_knights_tour0] - 10000 + let rec mov'0[#"06_knights_tour.rs" 18 4 18 45] (self:t_Point'0) (p:(isize, isize)) (return' (ret:t_Point'0))= {[@expl:mov requires #0] [%#s06_knights_tour0] - 10000 <= IntSize.to_int self.t_Point__x'0 /\ IntSize.to_int self.t_Point__x'0 <= 10000} {[@expl:mov requires #1] [%#s06_knights_tour1] - 10000 <= IntSize.to_int self.t_Point__y'0 @@ -247,7 +247,7 @@ module M_06_knights_tour__qyi4580598960913230815__new [#"06_knights_tour.rs" 40 axiom postcondition_mut_unnest'0_spec : forall self : closure3'1, args : (usize, Snapshot.snap_ty (Seq.seq usize)), res_state : closure3'1, res : t_Vec'1 . ([%#sops30] postcondition_mut'0 self args res_state res) -> ([%#sops31] unnest'0 self res_state) - let rec closure3'0 (_1:borrowed closure3'1) (_2:usize) (_3:Snapshot.snap_ty (Seq.seq usize)) (return' (ret:t_Vec'1))= (! bb0 + let rec closure3'0[#"06_knights_tour.rs" 43 16 43 50] (_1:borrowed closure3'1) (_2:usize) (_3:Snapshot.snap_ty (Seq.seq usize)) (return' (ret:t_Vec'1))= (! bb0 [ bb0 = s0 [ s0 = -{resolve'0 _1}- s1 | s1 = from_elem'0 {[%#s06_knights_tour4] (0 : usize)} {(_1.current).field_0'0} @@ -477,7 +477,7 @@ module M_06_knights_tour__qyi4580598960913230815__new [#"06_knights_tour.rs" 40 meta "compute_max_steps" 1000000 - let rec new'0 (size:usize) (return' (ret:t_Board'0))= {[@expl:new requires] [%#s06_knights_tour1] UIntSize.to_int size + let rec new'0[#"06_knights_tour.rs" 40 4 40 31] (size:usize) (return' (ret:t_Board'0))= {[@expl:new requires] [%#s06_knights_tour1] UIntSize.to_int size <= 1000} (! bb0 [ bb0 = s0 @@ -657,7 +657,7 @@ module M_06_knights_tour__qyi4580598960913230815__available [#"06_knights_tour.r meta "compute_max_steps" 1000000 - let rec available'0 (self:t_Board'0) (p:t_Point'0) (return' (ret:bool))= {[@expl:available requires] [%#s06_knights_tour4] wf'0 self} + let rec available'0[#"06_knights_tour.rs" 52 4 52 41] (self:t_Board'0) (p:t_Point'0) (return' (ret:bool))= {[@expl:available requires] [%#s06_knights_tour4] wf'0 self} (! bb0 [ bb0 = s0 [ s0 = IntSize.le {[%#s06_knights_tour0] (0 : isize)} {p.t_Point__x'0} (fun (_ret':bool) -> [ &_5 <- _ret' ] s1) @@ -1010,7 +1010,7 @@ module M_06_knights_tour__qyi4580598960913230815__count_degree [#"06_knights_tou meta "compute_max_steps" 1000000 - let rec count_degree'0 (self:t_Board'0) (p:t_Point'0) (return' (ret:usize))= {[@expl:count_degree requires #0] [%#s06_knights_tour8] wf'0 self} + let rec count_degree'0[#"06_knights_tour.rs" 70 4 70 45] (self:t_Board'0) (p:t_Point'0) (return' (ret:usize))= {[@expl:count_degree requires #0] [%#s06_knights_tour8] wf'0 self} {[@expl:count_degree requires #1] [%#s06_knights_tour9] in_bounds'0 self p} (! bb0 [ bb0 = s0 @@ -1286,7 +1286,7 @@ module M_06_knights_tour__qyi4580598960913230815__set [#"06_knights_tour.rs" 87 meta "compute_max_steps" 1000000 - let rec set'0 (self:borrowed (t_Board'0)) (p:t_Point'0) (v:usize) (return' (ret:()))= {[@expl:set requires #0] [%#s06_knights_tour0] wf'0 self.current} + let rec set'0[#"06_knights_tour.rs" 87 4 87 41] (self:borrowed (t_Board'0)) (p:t_Point'0) (v:usize) (return' (ret:()))= {[@expl:set requires #0] [%#s06_knights_tour0] wf'0 self.current} {[@expl:set requires #1] [%#s06_knights_tour1] in_bounds'0 self.current p} (! bb0 [ bb0 = s0 @@ -1542,7 +1542,7 @@ module M_06_knights_tour__min [#"06_knights_tour.rs" 110 0 110 58] meta "compute_max_steps" 1000000 - let rec min'0 (v:t_Vec'0) (return' (ret:t_Option'0))= (! bb0 + let rec min'0[#"06_knights_tour.rs" 110 0 110 58] (v:t_Vec'0) (return' (ret:t_Option'0))= (! bb0 [ bb0 = s0 [ s0 = [ &min <- C_None'0 ] s1 | s1 = into_iter'0 {v} (fun (_ret':t_Iter'0) -> [ &iter <- _ret' ] s2) @@ -2180,7 +2180,7 @@ module M_06_knights_tour__knights_tour [#"06_knights_tour.rs" 135 0 135 69] meta "compute_max_steps" 1000000 - let rec knights_tour'0 (size:usize) (x:usize) (y:usize) (return' (ret:t_Option'3))= {[@expl:knights_tour requires #0] [%#s06_knights_tour18] 0 + let rec knights_tour'0[#"06_knights_tour.rs" 135 0 135 69] (size:usize) (x:usize) (y:usize) (return' (ret:t_Option'3))= {[@expl:knights_tour requires #0] [%#s06_knights_tour18] 0 < UIntSize.to_int size /\ UIntSize.to_int size <= 1000} {[@expl:knights_tour requires #1] [%#s06_knights_tour19] x < size} diff --git a/creusot/tests/should_succeed/vector/07_read_write.coma b/creusot/tests/should_succeed/vector/07_read_write.coma index 44666face..2c8b83b67 100644 --- a/creusot/tests/should_succeed/vector/07_read_write.coma +++ b/creusot/tests/should_succeed/vector/07_read_write.coma @@ -183,7 +183,7 @@ module M_07_read_write__read_write [#"07_read_write.rs" 6 0 6 75] meta "compute_max_steps" 1000000 - let rec read_write'0 (a:borrowed (t_Vec'0)) (i:usize) (x:t_T'0) (return' (ret:()))= {[@expl:read_write 'a' type invariant] [%#s07_read_write1] inv'2 a} + let rec read_write'0[#"07_read_write.rs" 6 0 6 75] (a:borrowed (t_Vec'0)) (i:usize) (x:t_T'0) (return' (ret:()))= {[@expl:read_write 'a' type invariant] [%#s07_read_write1] inv'2 a} {[@expl:read_write 'x' type invariant] [%#s07_read_write2] inv'3 x} {[@expl:read_write requires] [%#s07_read_write3] UIntSize.to_int i < Seq.length (view'0 a)} (! bb0 diff --git a/creusot/tests/should_succeed/vector/08_haystack.coma b/creusot/tests/should_succeed/vector/08_haystack.coma index c7126fd7a..b85791308 100644 --- a/creusot/tests/should_succeed/vector/08_haystack.coma +++ b/creusot/tests/should_succeed/vector/08_haystack.coma @@ -335,7 +335,7 @@ module M_08_haystack__search [#"08_haystack.rs" 21 0 21 60] meta "compute_max_steps" 1000000 - let rec search'0 (needle:t_Vec'0) (haystack:t_Vec'0) (return' (ret:usize))= {[@expl:search requires] [%#s08_haystack12] Seq.length (view'0 needle) + let rec search'0[#"08_haystack.rs" 21 0 21 60] (needle:t_Vec'0) (haystack:t_Vec'0) (return' (ret:usize))= {[@expl:search requires] [%#s08_haystack12] Seq.length (view'0 needle) >= 1 /\ Seq.length (view'0 needle) <= Seq.length (view'0 haystack)} (! bb0 diff --git a/creusot/tests/should_succeed/vector/09_capacity.coma b/creusot/tests/should_succeed/vector/09_capacity.coma index 56392b3f0..bb991f810 100644 --- a/creusot/tests/should_succeed/vector/09_capacity.coma +++ b/creusot/tests/should_succeed/vector/09_capacity.coma @@ -117,7 +117,7 @@ module M_09_capacity__change_capacity [#"09_capacity.rs" 6 0 6 41] meta "compute_max_steps" 1000000 - let rec change_capacity'0 (v:borrowed (t_Vec'0)) (return' (ret:()))= {[@expl:change_capacity 'v' type invariant] [%#s09_capacity3] inv'1 v} + let rec change_capacity'0[#"09_capacity.rs" 6 0 6 41] (v:borrowed (t_Vec'0)) (return' (ret:()))= {[@expl:change_capacity 'v' type invariant] [%#s09_capacity3] inv'1 v} (! bb0 [ bb0 = s0 [ s0 = {inv'0 v.current} @@ -276,7 +276,7 @@ module M_09_capacity__clear_vec [#"09_capacity.rs" 14 0 14 35] meta "compute_max_steps" 1000000 - let rec clear_vec'0 (v:borrowed (t_Vec'0)) (return' (ret:()))= {[@expl:clear_vec 'v' type invariant] [%#s09_capacity0] inv'1 v} + let rec clear_vec'0[#"09_capacity.rs" 14 0 14 35] (v:borrowed (t_Vec'0)) (return' (ret:()))= {[@expl:clear_vec 'v' type invariant] [%#s09_capacity0] inv'1 v} (! bb0 [ bb0 = s0 [ s0 = {inv'0 v.current}