diff --git a/creusot-contracts/src/logic.rs b/creusot-contracts/src/logic.rs index f923da0be..7da466a3d 100644 --- a/creusot-contracts/src/logic.rs +++ b/creusot-contracts/src/logic.rs @@ -5,7 +5,7 @@ #![cfg_attr(not(creusot), allow(unused_imports))] mod fmap; -mod fset; +pub mod fset; mod int; mod mapping; pub mod ops; diff --git a/creusot-contracts/src/logic/fset.rs b/creusot-contracts/src/logic/fset.rs index 469bbb09c..296fa1fb4 100644 --- a/creusot-contracts/src/logic/fset.rs +++ b/creusot-contracts/src/logic/fset.rs @@ -1,4 +1,4 @@ -use crate::*; +use crate::{logic::Mapping, *}; /// A finite set type usable in pearlite and `ghost!` blocks. /// @@ -142,6 +142,15 @@ impl FSet { Self::is_subset(other, self) } + /// Returns `true` if `self` and `other` are disjoint. + #[trusted] + #[predicate] + #[creusot::builtins = "set.Fset.disjoint"] + pub fn disjoint(self, other: Self) -> bool { + let _ = other; + dead + } + /// Returns the number of elements in the set, also called its length. #[trusted] #[logic] @@ -171,8 +180,6 @@ impl FSet { /// Returns `true` if `self` and `other` contain exactly the same elements. /// /// This is in fact equivalent with normal equality. - // FIXME: remove `trusted` - #[trusted] #[open] #[predicate] #[ensures(result ==> self == other)] @@ -186,6 +193,119 @@ impl FSet { } } +impl FSet { + /// Returns the set containing only `x`. + #[logic] + #[open] + #[ensures(forall result.contains(y) == (x == y))] + pub fn singleton(x: T) -> Self { + FSet::EMPTY.insert(x) + } + + /// Returns the union of sets `f(t)` over all `t: T`. + #[logic] + #[open] + #[ensures(forall result.contains(y) == exists self.contains(x) && f.get(x).contains(y))] + #[variant(self.len())] + pub fn unions(self, f: Mapping>) -> FSet { + if self.len() == 0 { + FSet::EMPTY + } else { + let x = self.peek(); + f.get(x).union(self.remove(x).unions(f)) + } + } + + /// Flipped `map`. + #[logic] + #[trusted] + #[creusot::builtins = "set.Fset.map"] + pub fn fmap(_: Mapping, _: Self) -> FSet { + dead + } + + /// Returns the image of a set by a function. + #[logic] + #[open] + pub fn map(self, f: Mapping) -> FSet { + FSet::fmap(f, self) + } + + /// Returns the subset of elements of `self` which satisfy the predicate `f`. + #[logic] + #[trusted] + #[creusot::builtins = "set.Fset.filter"] + pub fn filter(self, f: Mapping) -> Self { + let _ = f; + dead + } + + /// Returns the set of sequences whose head is in `s` and whose tail is in `ss`. + #[logic] + #[trusted] // TODO: remove. Needs support for closures in logic functions with constraints + #[open] + #[ensures(forall> result.contains(xs) == (0 < xs.len() && s.contains(xs[0]) && ss.contains(xs.tail())))] + pub fn cons(s: FSet, ss: FSet>) -> FSet> { + s.unions(|x| ss.map(|xs: Seq<_>| xs.push_front(x))) + } + + /// Returns the set of concatenations of a sequence in `s` and a sequence in `t`. + #[logic] + #[trusted] // TODO: remove. Needs support for closures in logic functions with constraints + #[open] + #[ensures(forall> result.contains(xs) == (exists, zs: Seq> s.contains(ys) && t.contains(zs) && xs == ys.concat(zs)))] + pub fn concat(s: FSet>, t: FSet>) -> FSet> { + s.unions(|ys: Seq<_>| t.map(|zs| ys.concat(zs))) + } + + /// Returns the set of sequences of length `n` whose elements are in `self`. + #[open] + #[logic] + #[requires(n >= 0)] + #[ensures(forall> result.contains(xs) == (xs.len() == n && forall xs.contains(x) ==> self.contains(x)))] + #[variant(n)] + pub fn replicate(self, n: Int) -> FSet> { + pearlite! { + if n == 0 { + proof_assert! { forall> xs.len() == 0 ==> xs == Seq::EMPTY }; + FSet::singleton(Seq::EMPTY) + } else { + proof_assert! { forall, i: Int> 0 < i && i < xs.len() ==> xs[i] == xs.tail()[i-1] }; + FSet::cons(self, self.replicate(n - 1)) + } + } + } + + /// Returns the set of sequences of length at most `n` whose elements are in `self`. + #[open] + #[logic] + #[requires(n >= 0)] + #[ensures(forall> result.contains(xs) == (xs.len() <= n && forall xs.contains(x) ==> self.contains(x)))] + #[variant(n)] + pub fn replicate_up_to(self, n: Int) -> FSet> { + pearlite! { + if n == 0 { + proof_assert! { forall> xs.len() == 0 ==> xs == Seq::EMPTY }; + FSet::singleton(Seq::EMPTY) + } else { + self.replicate_up_to(n - 1).union(self.replicate(n)) + } + } + } +} + +impl FSet { + /// Return the interval of integers in `[i, j)`. + #[logic] + #[open] + #[trusted] + #[creusot::builtins = "set.FsetInt.interval"] + pub fn interval(i: Int, j: Int) -> FSet { + let _ = (i, j); + dead + } +} + /// Ghost definitions impl FSet { /// Create a new, empty set on the ghost heap. @@ -337,3 +457,84 @@ impl Invariant for FSet { pearlite! { forall self.contains(*x) ==> inv(*x) } } } + +// Properties + +/// Distributivity of `unions` over `union`. +#[logic] +#[open] +#[ensures(forall, s2: FSet, f: Mapping>> s1.union(s2).unions(f) == s1.unions(f).union(s2.unions(f)))] +#[ensures(forall, f: Mapping>, g: Mapping>> + s.unions(|x| f.get(x).union(g.get(x))) == s.unions(f).union(s.unions(g)))] +pub fn unions_union() {} + +/// Distributivity of `map` over `union`. +#[logic] +#[open] +#[ensures(forall, t: FSet, f: Mapping> s.union(t).map(f) == s.map(f).union(t.map(f)))] +pub fn map_union() {} + +/// Distributivity of `concat` over `union`. +#[logic] +#[open] +#[ensures(forall>, s2: FSet>, t: FSet>> + FSet::concat(s1.union(s2), t) == FSet::concat(s1, t).union(FSet::concat(s2, t)))] +#[ensures(forall>, t1: FSet>, t2: FSet>> + FSet::concat(s, t1.union(t2)) == FSet::concat(s, t1).union(FSet::concat(s, t2)))] +pub fn concat_union() {} + +/// Distributivity of `cons` over `union`. +#[logic] +#[open] +#[ensures(forall, t: FSet>, u: FSet>> FSet::concat(FSet::cons(s, t), u) == FSet::cons(s, FSet::concat(t, u)))] +pub fn cons_concat() { + proof_assert! { forall, ys: Seq> xs.push_front(x).concat(ys) == xs.concat(ys).push_front(x) }; + proof_assert! { forall> ys.push_front(x).tail() == ys }; + proof_assert! { forall> 0 < ys.len() ==> ys == ys.tail().push_front(ys[0]) }; +} + +/// Distributivity of `replicate` over `union`. +#[logic] +#[open] +#[requires(0 <= n && 0 <= m)] +#[ensures(s.replicate(n + m) == FSet::concat(s.replicate(n), s.replicate(m)))] +#[variant(n)] +pub fn concat_replicate(n: Int, m: Int, s: FSet) { + pearlite! { + if n == 0 { + concat_empty(s.replicate(m)); + } else { + cons_concat::(); + concat_replicate(n - 1, m, s); + } + } +} + +/// The neutral element of `FSet::concat` is `FSet::singleton(Seq::EMPTY)`. +#[logic] +#[open] +#[ensures(FSet::concat(FSet::singleton(Seq::EMPTY), s) == s)] +#[ensures(FSet::concat(s, FSet::singleton(Seq::EMPTY)) == s)] +pub fn concat_empty(s: FSet>) { + proof_assert! { forall> xs.concat(Seq::EMPTY) == xs }; + proof_assert! { forall> Seq::EMPTY.concat(xs) == xs }; +} + +/// An equation relating `s.replicate_up_to(m)` and `s.replicate_up_to(n)`. +#[logic] +#[open] +#[requires(0 <= n && n < m)] +#[ensures(s.replicate_up_to(m) == s.replicate_up_to(n).union( + FSet::concat(s.replicate(n + 1), s.replicate_up_to(m - n - 1))))] +#[variant(m)] +pub fn concat_replicate_up_to(n: Int, m: Int, s: FSet) { + pearlite! { + if n + 1 == m { + concat_empty(s.replicate(n + 1)); + } else { + concat_union::(); + concat_replicate(n, m - n - 1, s); + concat_replicate_up_to(n, m - 1, s); + } + } +} diff --git a/creusot-contracts/src/std.rs b/creusot-contracts/src/std.rs index 08c594887..ddfc347ff 100644 --- a/creusot-contracts/src/std.rs +++ b/creusot-contracts/src/std.rs @@ -1,6 +1,7 @@ pub use ::std::*; pub mod array; +pub mod borrow; pub mod boxed; pub mod clone; pub mod collections { diff --git a/creusot-contracts/src/std/borrow.rs b/creusot-contracts/src/std/borrow.rs new file mode 100644 index 000000000..d2fdd19f0 --- /dev/null +++ b/creusot-contracts/src/std/borrow.rs @@ -0,0 +1,18 @@ +use crate::*; +use ::std::borrow::Borrow; + +extern_spec! { + mod std { + mod borrow { + trait Borrow + where Borrowed: ?Sized + { + #[ensures(result.deep_model() == self.deep_model())] + fn borrow(&self) -> &Borrowed + where + Self: DeepModel, + Borrowed: DeepModel; + } + } + } +} diff --git a/creusot-contracts/src/std/collections/hash_set.rs b/creusot-contracts/src/std/collections/hash_set.rs index 41bd35d58..a5b16c7b0 100644 --- a/creusot-contracts/src/std/collections/hash_set.rs +++ b/creusot-contracts/src/std/collections/hash_set.rs @@ -3,7 +3,7 @@ use crate::{ std::iter::{FromIterator, IntoIterator, Iterator}, *, }; -use ::std::{collections::hash_set::*, hash::*}; +use ::std::{borrow::Borrow, collections::hash_set::*, hash::*}; impl View for HashSet { type ViewTy = FSet; @@ -31,6 +31,12 @@ extern_spec! { { #[ensures(result@ == self@.intersection(other@))] fn intersection<'a>(&'a self, other: &'a HashSet) -> Intersection<'a, T, S>; + + #[ensures(result == self@.contains(value.deep_model()))] + fn contains(&self, value: &Q) -> bool + where + T: Borrow, + Q: Eq + Hash + DeepModel; } } } diff --git a/creusot-contracts/src/std/iter.rs b/creusot-contracts/src/std/iter.rs index be4286824..83ffcfe39 100644 --- a/creusot-contracts/src/std/iter.rs +++ b/creusot-contracts/src/std/iter.rs @@ -6,12 +6,14 @@ mod copied; mod empty; mod enumerate; mod filter; +mod filter_map; mod fuse; mod map; mod map_inv; mod once; mod range; mod repeat; +mod rev; mod skip; mod take; mod zip; @@ -20,9 +22,11 @@ pub use cloned::ClonedExt; pub use copied::CopiedExt; pub use enumerate::EnumerateExt; pub use filter::FilterExt; +pub use filter_map::FilterMapExt; pub use fuse::FusedIterator; pub use map::MapExt; pub use map_inv::MapInv; +pub use rev::RevExt; pub use skip::SkipExt; pub use take::TakeExt; pub use zip::ZipExt; @@ -94,6 +98,37 @@ pub trait FromIterator: ::std::iter::FromIterator { fn from_iter_post(prod: Seq, res: Self) -> bool; } +pub trait DoubleEndedIterator: ::std::iter::DoubleEndedIterator + Iterator { + #[predicate(prophetic)] + fn produces_back(self, visited: Seq, o: Self) -> bool; + + #[law] + #[ensures(self.produces_back(Seq::EMPTY, self))] + fn produces_back_refl(self); + + #[law] + #[requires(a.produces_back(ab, b))] + #[requires(b.produces_back(bc, c))] + #[ensures(a.produces_back(ab.concat(bc), c))] + fn produces_back_trans(a: Self, ab: Seq, b: Self, bc: Seq, c: Self); + + // FIXME: remove `trusted` + #[trusted] + #[requires(forall + self.produces_back(Seq::singleton(e), i2) ==> + func.precondition((e, Snapshot::new(Seq::EMPTY))))] + #[requires(MapInv::::reinitialize())] + #[requires(MapInv::::preservation(self, func))] + #[ensures(result == MapInv { iter: self, func, produced: Snapshot::new(Seq::EMPTY) })] + fn map_inv_back(self, func: F) -> MapInv + where + Self: Sized, + F: FnMut(Self::Item, Snapshot>) -> B, + { + MapInv { iter: self, func, produced: snapshot! {Seq::EMPTY} } + } +} + extern_spec! { mod std { mod iter { @@ -144,6 +179,13 @@ extern_spec! { fn filter

(self, f: P) -> Filter where P : for<'a> FnMut(&Self_::Item) -> bool; + #[pure] + #[requires(filter_map::immutable(f))] + #[requires(filter_map::no_precondition(f))] + #[requires(filter_map::precise(f))] + #[ensures(result.iter() == self && result.func() == f)] + fn filter_map(self, f: F) -> FilterMap + where F : for<'a> FnMut(Self_::Item) -> Option; #[pure] // These two requirements are here only to prove the absence of overflows @@ -167,6 +209,11 @@ extern_spec! { resolve(&^done) && done.completed() && self.produces(prod, *done) && B::from_iter_post(prod, result))] fn collect(self) -> B where B: FromIterator; + + #[pure] + #[ensures(result.iter() == self)] + fn rev(self) -> Rev + where Self: Sized + DoubleEndedIterator; } trait IntoIterator @@ -200,6 +247,15 @@ extern_spec! { #[pure] #[ensures(result@ == elt)] fn repeat(elt: T) -> Repeat; + + trait DoubleEndedIterator + where Self: DoubleEndedIterator { + #[ensures(match result { + None => self.completed(), + Some(v) => (*self).produces_back(Seq::singleton(v), ^self) + })] + fn next_back(&mut self) -> Option; + } } } } diff --git a/creusot-contracts/src/std/iter/filter.rs b/creusot-contracts/src/std/iter/filter.rs index ebc8b229b..f4a560775 100644 --- a/creusot-contracts/src/std/iter/filter.rs +++ b/creusot-contracts/src/std/iter/filter.rs @@ -90,13 +90,12 @@ where // Interestingly, Z3 guesses `f` quite readily but gives up *totally* on `s`. However, the addition of the final assertions on the correctness of the values // blocks z3's guess for `f`. exists, f : Mapping> self.iter().produces(s, succ.iter()) && + (forall 0 <= i && i < visited.len() ==> 0 <= f.get(i) && f.get(i) < s.len()) && // `f` is a monotone mapping - (forall 0 <= i && i <= j && j < visited.len() ==> 0 <= f.get(i) && f.get(i) <= f.get(j) && f.get(j) < s.len()) && + (forall 0 <= i && i < j && j < visited.len() ==> f.get(i) < f.get(j)) && (forall 0 <= i && i < visited.len() ==> visited[i] == s[f.get(i)]) && - (forall 0 <= i && i < s.len() ==> - (exists 0 <= j && j < visited.len() && f.get(j) == i) == self.func().postcondition_mut((&s[i],), self.func(), true) - ) + (exists 0 <= j && j < visited.len() && f.get(j) == i) == self.func().postcondition_mut((&s[i],), self.func(), true)) } } diff --git a/creusot-contracts/src/std/iter/filter_map.rs b/creusot-contracts/src/std/iter/filter_map.rs new file mode 100644 index 000000000..06d533af4 --- /dev/null +++ b/creusot-contracts/src/std/iter/filter_map.rs @@ -0,0 +1,113 @@ +use crate::{logic::Mapping, std::ops::*, *}; +use ::std::iter::FilterMap; + +pub trait FilterMapExt { + #[logic] + fn iter(self) -> I; + + #[logic] + fn func(self) -> F; +} + +impl FilterMapExt for FilterMap { + #[trusted] + #[logic] + #[ensures(inv(self) ==> inv(result))] + fn iter(self) -> I { + dead + } + + #[trusted] + #[logic] + #[ensures(inv(self) ==> inv(result))] + fn func(self) -> F { + dead + } +} + +impl Option> Invariant for FilterMap { + #[predicate(prophetic)] + #[open(self)] + fn invariant(self) -> bool { + pearlite! { + // trivial precondition: simplification for sake of proof complexity + no_precondition(self.func()) && + // immutable state: simplification for sake of proof complexity + immutable(self.func()) && + // precision of postcondition + precise(self.func()) + } + } +} + +/// Asserts that `f` has no precondition: any closure state can be called with any input value +/// In a future release this restriction may be lifted or weakened +#[open] +#[predicate(prophetic)] +pub fn no_precondition Option>(f: F) -> bool { + pearlite! { forall f.precondition((i,)) } +} + +/// Asserts that the captures of `f` are used immutably +/// In a future release this restriction may be lifted or weakened +#[open] +#[predicate(prophetic)] +pub fn immutable Option>(f: F) -> bool { + pearlite! { forall f.unnest(g) ==> f == g } +} + +/// Asserts that the postcondition of `f` is *precise*: that there are never two possible values matching the postcondition +#[open] +#[predicate(prophetic)] +pub fn precise Option>(f1: F) -> bool { + pearlite! { forall !((exists f1.postcondition_mut((i,), f2, Some(b))) && f1.postcondition_mut((i,), f2, None)) } +} + +impl Iterator for FilterMap +where + I: Iterator, + F: FnMut(I::Item) -> Option, +{ + #[open] + #[predicate(prophetic)] + fn completed(&mut self) -> bool { + pearlite! { + (exists, e : &mut I > self.iter().produces(s, *e) && e.completed() && + forall 0 <= i && i < s.len() ==> (*self).func().postcondition_mut((s[i],), (^self).func(), None)) + && (*self).func() == (^self).func() + } + } + + #[open] + #[predicate(prophetic)] + fn produces(self, visited: Seq, succ: Self) -> bool { + pearlite! { + self.invariant() ==> + self.func().unnest(succ.func()) && + // f here is a mapping from indices of `visited` to those of `s`, where `s` is the whole sequence produced by the underlying iterator + // Interestingly, Z3 guesses `f` quite readily but gives up *totally* on `s`. However, the addition of the final assertions on the correctness of the values + // blocks z3's guess for `f`. + exists, f : Mapping> self.iter().produces(s, succ.iter()) && + (forall 0 <= i && i < visited.len() ==> 0 <= f.get(i) && f.get(i) < s.len()) && + // `f` is a monotone mapping + (forall 0 <= i && i < j && j < visited.len() ==> f.get(i) < f.get(j)) && + // `f` points to elements produced in `s` (by the underlying `iter`) for which the predicate `self.func()` returned `Some`. + (forall 0 <= i && i < visited.len() ==> self.func().postcondition_mut((s[f.get(i)],), self.func(), Some(visited[i]))) && + // For other elements not in the image of `f`, the predicate `self.func()` returned `None`. + (forall 0 <= j && j < s.len() + ==> (!exists 0 <= i && i < visited.len() && f.get(i) == j) == self.func().postcondition_mut((s[j],), self.func(), None)) + } + } + + #[law] + #[open(self)] + #[ensures(self.produces(Seq::EMPTY, self))] + fn produces_refl(self) {} + + #[law] + #[open(self)] + #[requires(a.produces(ab, b))] + #[requires(b.produces(bc, c))] + #[ensures(a.produces(ab.concat(bc), c))] + fn produces_trans(a: Self, ab: Seq, b: Self, bc: Seq, c: Self) {} +} diff --git a/creusot-contracts/src/std/iter/range.rs b/creusot-contracts/src/std/iter/range.rs index 2a21d42f9..2fa602912 100644 --- a/creusot-contracts/src/std/iter/range.rs +++ b/creusot-contracts/src/std/iter/range.rs @@ -1,6 +1,6 @@ use crate::{ std::{ - iter::Step, + iter::{DoubleEndedIterator, Step}, ops::{Range, RangeInclusive}, }, *, @@ -40,6 +40,32 @@ impl + Step> Iterator for Range { fn produces_trans(a: Self, ab: Seq, b: Self, bc: Seq, c: Self) {} } +impl + Step> DoubleEndedIterator for Range { + #[predicate] + #[open] + fn produces_back(self, visited: Seq, o: Self) -> bool { + pearlite! { + self.start == o.start && self.end.deep_model() >= o.end.deep_model() + && (visited.len() > 0 ==> o.end.deep_model() >= o.start.deep_model()) + && visited.len() == o.end.deep_model() - self.end.deep_model() + && forall 0 <= i && i < visited.len() ==> + visited[i].deep_model() == self.end.deep_model() - i + } + } + + #[law] + #[open(self)] + #[ensures(self.produces_back(Seq::EMPTY, self))] + fn produces_back_refl(self) {} + + #[law] + #[open(self)] + #[requires(a.produces_back(ab, b))] + #[requires(b.produces_back(bc, c))] + #[ensures(a.produces_back(ab.concat(bc), c))] + fn produces_back_trans(a: Self, ab: Seq, b: Self, bc: Seq, c: Self) {} +} + #[logic] #[open] #[ensures(r.is_empty_log() == (result == 0))] @@ -83,3 +109,29 @@ impl + Step> Iterator for RangeInclusive #[ensures(a.produces(ab.concat(bc), c))] fn produces_trans(a: Self, ab: Seq, b: Self, bc: Seq, c: Self) {} } + +impl + Step> DoubleEndedIterator for RangeInclusive { + #[predicate] + #[open] + fn produces_back(self, visited: Seq, o: Self) -> bool { + pearlite! { + visited.len() == range_inclusive_len(self) - range_inclusive_len(o) && + (self.is_empty_log() ==> o.is_empty_log()) && + (o.is_empty_log() || self.start_log() == o.start_log()) && + forall 0 <= i && i < visited.len() ==> + visited[i].deep_model() == self.end_log().deep_model() - i + } + } + + #[law] + #[open] + #[ensures(self.produces_back(Seq::EMPTY, self))] + fn produces_back_refl(self) {} + + #[law] + #[open] + #[requires(a.produces_back(ab, b))] + #[requires(b.produces_back(bc, c))] + #[ensures(a.produces_back(ab.concat(bc), c))] + fn produces_back_trans(a: Self, ab: Seq, b: Self, bc: Seq, c: Self) {} +} diff --git a/creusot-contracts/src/std/iter/rev.rs b/creusot-contracts/src/std/iter/rev.rs new file mode 100644 index 000000000..c771a4343 --- /dev/null +++ b/creusot-contracts/src/std/iter/rev.rs @@ -0,0 +1,56 @@ +use crate::{ + std::iter::{DoubleEndedIterator, Iterator, Rev}, + *, +}; + +pub trait RevExt { + #[logic] + fn iter(self) -> I; + + #[logic] + fn iter_mut(&mut self) -> &mut I; +} + +impl RevExt for Rev { + #[logic] + #[trusted] + #[ensures(inv(self) ==> inv(result))] + fn iter(self) -> I { + dead + } + + #[logic] + #[trusted] + #[ensures((*self).iter() == *result && (^self).iter() == ^result)] + fn iter_mut(&mut self) -> &mut I { + dead + } +} + +impl Iterator for Rev { + #[open] + #[predicate(prophetic)] + fn completed(&mut self) -> bool { + pearlite! { self.iter_mut().completed() } + } + + #[open] + #[predicate(prophetic)] + fn produces(self, visited: Seq, o: Self) -> bool { + pearlite! { + self.iter().produces_back(visited, o.iter()) + } + } + + #[law] + #[open(self)] + #[ensures(self.produces(Seq::EMPTY, self))] + fn produces_refl(self) {} + + #[law] + #[open(self)] + #[requires(a.produces(ab, b))] + #[requires(b.produces(bc, c))] + #[ensures(a.produces(ab.concat(bc), c))] + fn produces_trans(a: Self, ab: Seq, b: Self, bc: Seq, c: Self) {} +} diff --git a/creusot/tests/creusot-contracts/creusot-contracts.coma b/creusot/tests/creusot-contracts/creusot-contracts.coma index 7b8d0eaf4..3d03a6d53 100644 --- a/creusot/tests/creusot-contracts/creusot-contracts.coma +++ b/creusot/tests/creusot-contracts/creusot-contracts.coma @@ -1111,15 +1111,15 @@ module M_creusot_contracts__stdqy35z1__collections__hash_map__qyi160525698381677 -> Seq.get bc i = Seq.get (Seq.(++) ab bc) (Seq.length ab + i)) && (let _ = () in [%#shash_map2] produces'0 a (Seq.(++) ab bc) c) end -module M_creusot_contracts__stdqy35z1__collections__hash_set__set_produces_trans [#"../../../creusot-contracts/src/std/collections/hash_set.rs" 74 0 80 1] - let%span shash_set0 = "../../../creusot-contracts/src/std/collections/hash_set.rs" 71 11 71 33 - let%span shash_set1 = "../../../creusot-contracts/src/std/collections/hash_set.rs" 72 11 72 33 - let%span shash_set2 = "../../../creusot-contracts/src/std/collections/hash_set.rs" 73 10 73 43 +module M_creusot_contracts__stdqy35z1__collections__hash_set__set_produces_trans [#"../../../creusot-contracts/src/std/collections/hash_set.rs" 80 0 86 1] + let%span shash_set0 = "../../../creusot-contracts/src/std/collections/hash_set.rs" 77 11 77 33 + let%span shash_set1 = "../../../creusot-contracts/src/std/collections/hash_set.rs" 78 11 78 33 + let%span shash_set2 = "../../../creusot-contracts/src/std/collections/hash_set.rs" 79 10 79 43 let%span sseq3 = "../../../creusot-contracts/src/logic/seq.rs" 382 14 383 65 - let%span shash_set4 = "../../../creusot-contracts/src/std/collections/hash_set.rs" 82 20 82 108 - let%span shash_set5 = "../../../creusot-contracts/src/std/collections/hash_set.rs" 83 20 83 98 - let%span shash_set6 = "../../../creusot-contracts/src/std/collections/hash_set.rs" 81 4 81 31 - let%span shash_set7 = "../../../creusot-contracts/src/std/collections/hash_set.rs" 58 16 65 23 + let%span shash_set4 = "../../../creusot-contracts/src/std/collections/hash_set.rs" 88 20 88 108 + let%span shash_set5 = "../../../creusot-contracts/src/std/collections/hash_set.rs" 89 20 89 98 + let%span shash_set6 = "../../../creusot-contracts/src/std/collections/hash_set.rs" 87 4 87 31 + let%span shash_set7 = "../../../creusot-contracts/src/std/collections/hash_set.rs" 64 16 71 23 let%span sseq8 = "../../../creusot-contracts/src/logic/seq.rs" 381 4 381 12 let%span sseq9 = "../../../creusot-contracts/src/logic/seq.rs" 355 20 355 77 let%span sseq10 = "../../../creusot-contracts/src/logic/seq.rs" 80 4 80 12 @@ -1158,7 +1158,7 @@ module M_creusot_contracts__stdqy35z1__collections__hash_set__set_produces_trans = [%#sseq9] exists i : int . 0 <= i /\ i < Seq.length self /\ Seq.get self i = x - predicate set_produces'0 [#"../../../creusot-contracts/src/std/collections/hash_set.rs" 53 0 57 9] (start : t_I'0) (visited : Seq.seq t_T'0) (end' : t_I'0) + predicate set_produces'0 [#"../../../creusot-contracts/src/std/collections/hash_set.rs" 59 0 63 9] (start : t_I'0) (visited : Seq.seq t_T'0) (end' : t_I'0) = [%#shash_set7] Fset.cardinal (view'0 start) = Seq.length visited + Fset.cardinal (view'0 end') @@ -1201,7 +1201,7 @@ module M_creusot_contracts__stdqy35z1__collections__hash_set__set_produces_trans constant c : t_I'0 - function set_produces_trans'0 [#"../../../creusot-contracts/src/std/collections/hash_set.rs" 74 0 80 1] (a : t_I'0) (ab : Seq.seq t_T'0) (b : t_I'0) (bc : Seq.seq t_T'0) (c : t_I'0) : () + function set_produces_trans'0 [#"../../../creusot-contracts/src/std/collections/hash_set.rs" 80 0 86 1] (a : t_I'0) (ab : Seq.seq t_T'0) (b : t_I'0) (bc : Seq.seq t_T'0) (c : t_I'0) : () goal vc_set_produces_trans'0 : ([%#shash_set1] set_produces'0 b bc c) @@ -1214,11 +1214,11 @@ module M_creusot_contracts__stdqy35z1__collections__hash_set__set_produces_trans -> Seq.get bc i = Seq.get (Seq.(++) ab bc) (Seq.length ab + i)) && (let _ = () in let _ = () in [%#shash_set2] set_produces'0 a (Seq.(++) ab bc) c))) end -module M_creusot_contracts__stdqy35z1__collections__hash_set__qyi2602027177218488890__produces_refl [#"../../../creusot-contracts/src/std/collections/hash_set.rs" 102 4 102 26] (* as std::iter::Iterator> *) - let%span shash_set0 = "../../../creusot-contracts/src/std/collections/hash_set.rs" 101 14 101 45 - let%span shash_set1 = "../../../creusot-contracts/src/std/collections/hash_set.rs" 99 4 99 10 - let%span shash_set2 = "../../../creusot-contracts/src/std/collections/hash_set.rs" 90 8 90 38 - let%span shash_set3 = "../../../creusot-contracts/src/std/collections/hash_set.rs" 58 16 65 23 +module M_creusot_contracts__stdqy35z1__collections__hash_set__qyi2602027177218488890__produces_refl [#"../../../creusot-contracts/src/std/collections/hash_set.rs" 108 4 108 26] (* as std::iter::Iterator> *) + let%span shash_set0 = "../../../creusot-contracts/src/std/collections/hash_set.rs" 107 14 107 45 + let%span shash_set1 = "../../../creusot-contracts/src/std/collections/hash_set.rs" 105 4 105 10 + let%span shash_set2 = "../../../creusot-contracts/src/std/collections/hash_set.rs" 96 8 96 38 + let%span shash_set3 = "../../../creusot-contracts/src/std/collections/hash_set.rs" 64 16 71 23 let%span sfset4 = "../../../creusot-contracts/src/logic/fset.rs" 46 8 46 26 let%span sseq5 = "../../../creusot-contracts/src/logic/seq.rs" 355 20 355 77 @@ -1350,7 +1350,7 @@ module M_creusot_contracts__stdqy35z1__collections__hash_set__qyi260202717721848 use set.Fset - function view'0 [#"../../../creusot-contracts/src/std/collections/hash_set.rs" 46 4 46 33] (self : t_IntoIter'0) : Fset.fset t_DeepModelTy'0 + function view'0 [#"../../../creusot-contracts/src/std/collections/hash_set.rs" 52 4 52 33] (self : t_IntoIter'0) : Fset.fset t_DeepModelTy'0 use set.Fset @@ -1374,7 +1374,7 @@ module M_creusot_contracts__stdqy35z1__collections__hash_set__qyi260202717721848 = [%#sseq5] exists i : int . 0 <= i /\ i < Seq.length self /\ Seq.get self i = x - predicate set_produces'0 [#"../../../creusot-contracts/src/std/collections/hash_set.rs" 53 0 57 9] (start : t_IntoIter'0) (visited : Seq.seq t_T'0) (end' : t_IntoIter'0) + predicate set_produces'0 [#"../../../creusot-contracts/src/std/collections/hash_set.rs" 59 0 63 9] (start : t_IntoIter'0) (visited : Seq.seq t_T'0) (end' : t_IntoIter'0) = [%#shash_set3] Fset.cardinal (view'0 start) = Seq.length visited + Fset.cardinal (view'0 end') @@ -1389,29 +1389,29 @@ module M_creusot_contracts__stdqy35z1__collections__hash_set__qyi260202717721848 /\ 0 <= j /\ j < Seq.length visited /\ deep_model'0 (Seq.get visited i) = deep_model'0 (Seq.get visited j) -> i = j) - predicate produces'0 [#"../../../creusot-contracts/src/std/collections/hash_set.rs" 89 4 89 64] (self : t_IntoIter'0) (visited : Seq.seq t_T'0) (o : t_IntoIter'0) + predicate produces'0 [#"../../../creusot-contracts/src/std/collections/hash_set.rs" 95 4 95 64] (self : t_IntoIter'0) (visited : Seq.seq t_T'0) (o : t_IntoIter'0) = [%#shash_set2] set_produces'0 self visited o constant self : t_IntoIter'0 - function produces_refl'0 [#"../../../creusot-contracts/src/std/collections/hash_set.rs" 102 4 102 26] (self : t_IntoIter'0) : () + function produces_refl'0 [#"../../../creusot-contracts/src/std/collections/hash_set.rs" 108 4 108 26] (self : t_IntoIter'0) : () goal vc_produces_refl'0 : [%#shash_set0] produces'0 self (Seq.empty : Seq.seq t_T'0) self end -module M_creusot_contracts__stdqy35z1__collections__hash_set__qyi2602027177218488890__produces_trans [#"../../../creusot-contracts/src/std/collections/hash_set.rs" 109 4 109 90] (* as std::iter::Iterator> *) - let%span shash_set0 = "../../../creusot-contracts/src/std/collections/hash_set.rs" 106 15 106 32 - let%span shash_set1 = "../../../creusot-contracts/src/std/collections/hash_set.rs" 107 15 107 32 - let%span shash_set2 = "../../../creusot-contracts/src/std/collections/hash_set.rs" 108 14 108 42 - let%span shash_set3 = "../../../creusot-contracts/src/std/collections/hash_set.rs" 71 11 71 33 - let%span shash_set4 = "../../../creusot-contracts/src/std/collections/hash_set.rs" 72 11 72 33 - let%span shash_set5 = "../../../creusot-contracts/src/std/collections/hash_set.rs" 73 10 73 43 - let%span shash_set6 = "../../../creusot-contracts/src/std/collections/hash_set.rs" 110 8 110 43 - let%span shash_set7 = "../../../creusot-contracts/src/std/collections/hash_set.rs" 90 8 90 38 - let%span shash_set8 = "../../../creusot-contracts/src/std/collections/hash_set.rs" 81 4 81 31 - let%span shash_set9 = "../../../creusot-contracts/src/std/collections/hash_set.rs" 58 16 65 23 +module M_creusot_contracts__stdqy35z1__collections__hash_set__qyi2602027177218488890__produces_trans [#"../../../creusot-contracts/src/std/collections/hash_set.rs" 115 4 115 90] (* as std::iter::Iterator> *) + let%span shash_set0 = "../../../creusot-contracts/src/std/collections/hash_set.rs" 112 15 112 32 + let%span shash_set1 = "../../../creusot-contracts/src/std/collections/hash_set.rs" 113 15 113 32 + let%span shash_set2 = "../../../creusot-contracts/src/std/collections/hash_set.rs" 114 14 114 42 + let%span shash_set3 = "../../../creusot-contracts/src/std/collections/hash_set.rs" 77 11 77 33 + let%span shash_set4 = "../../../creusot-contracts/src/std/collections/hash_set.rs" 78 11 78 33 + let%span shash_set5 = "../../../creusot-contracts/src/std/collections/hash_set.rs" 79 10 79 43 + let%span shash_set6 = "../../../creusot-contracts/src/std/collections/hash_set.rs" 116 8 116 43 + let%span shash_set7 = "../../../creusot-contracts/src/std/collections/hash_set.rs" 96 8 96 38 + let%span shash_set8 = "../../../creusot-contracts/src/std/collections/hash_set.rs" 87 4 87 31 + let%span shash_set9 = "../../../creusot-contracts/src/std/collections/hash_set.rs" 64 16 71 23 let%span sseq10 = "../../../creusot-contracts/src/logic/seq.rs" 382 14 383 65 let%span sseq11 = "../../../creusot-contracts/src/logic/seq.rs" 381 4 381 12 let%span sfset12 = "../../../creusot-contracts/src/logic/fset.rs" 46 8 46 26 @@ -1543,7 +1543,7 @@ module M_creusot_contracts__stdqy35z1__collections__hash_set__qyi260202717721848 use set.Fset - function view'0 [#"../../../creusot-contracts/src/std/collections/hash_set.rs" 46 4 46 33] (self : t_IntoIter'0) : Fset.fset t_DeepModelTy'0 + function view'0 [#"../../../creusot-contracts/src/std/collections/hash_set.rs" 52 4 52 33] (self : t_IntoIter'0) : Fset.fset t_DeepModelTy'0 use set.Fset @@ -1567,7 +1567,7 @@ module M_creusot_contracts__stdqy35z1__collections__hash_set__qyi260202717721848 = [%#sseq13] exists i : int . 0 <= i /\ i < Seq.length self /\ Seq.get self i = x - predicate set_produces'0 [#"../../../creusot-contracts/src/std/collections/hash_set.rs" 53 0 57 9] (start : t_IntoIter'0) (visited : Seq.seq t_T'0) (end' : t_IntoIter'0) + predicate set_produces'0 [#"../../../creusot-contracts/src/std/collections/hash_set.rs" 59 0 63 9] (start : t_IntoIter'0) (visited : Seq.seq t_T'0) (end' : t_IntoIter'0) = [%#shash_set9] Fset.cardinal (view'0 start) = Seq.length visited + Fset.cardinal (view'0 end') @@ -1582,7 +1582,7 @@ module M_creusot_contracts__stdqy35z1__collections__hash_set__qyi260202717721848 /\ 0 <= j /\ j < Seq.length visited /\ deep_model'0 (Seq.get visited i) = deep_model'0 (Seq.get visited j) -> i = j) - predicate produces'0 [#"../../../creusot-contracts/src/std/collections/hash_set.rs" 89 4 89 64] (self : t_IntoIter'0) (visited : Seq.seq t_T'0) (o : t_IntoIter'0) + predicate produces'0 [#"../../../creusot-contracts/src/std/collections/hash_set.rs" 95 4 95 64] (self : t_IntoIter'0) (visited : Seq.seq t_T'0) (o : t_IntoIter'0) = [%#shash_set7] set_produces'0 self visited o @@ -1596,7 +1596,7 @@ module M_creusot_contracts__stdqy35z1__collections__hash_set__qyi260202717721848 = contains'1 a x \/ contains'1 b x - function set_produces_trans'0 [#"../../../creusot-contracts/src/std/collections/hash_set.rs" 74 0 80 1] (a : t_IntoIter'0) (ab : Seq.seq t_T'0) (b : t_IntoIter'0) (bc : Seq.seq t_T'0) (c : t_IntoIter'0) : () + function set_produces_trans'0 [#"../../../creusot-contracts/src/std/collections/hash_set.rs" 80 0 86 1] (a : t_IntoIter'0) (ab : Seq.seq t_T'0) (b : t_IntoIter'0) (bc : Seq.seq t_T'0) (c : t_IntoIter'0) : () = [%#shash_set8] let _ = concat_contains'0 () in let _ = let _ = () in () in let _ = let _ = () in () in () @@ -1614,7 +1614,7 @@ module M_creusot_contracts__stdqy35z1__collections__hash_set__qyi260202717721848 constant c : t_IntoIter'0 - function produces_trans'0 [#"../../../creusot-contracts/src/std/collections/hash_set.rs" 109 4 109 90] (a : t_IntoIter'0) (ab : Seq.seq t_T'0) (b : t_IntoIter'0) (bc : Seq.seq t_T'0) (c : t_IntoIter'0) : () + function produces_trans'0 [#"../../../creusot-contracts/src/std/collections/hash_set.rs" 115 4 115 90] (a : t_IntoIter'0) (ab : Seq.seq t_T'0) (b : t_IntoIter'0) (bc : Seq.seq t_T'0) (c : t_IntoIter'0) : () goal vc_produces_trans'0 : ([%#shash_set1] produces'0 b bc c) @@ -1624,11 +1624,11 @@ module M_creusot_contracts__stdqy35z1__collections__hash_set__qyi260202717721848 /\ (([%#shash_set5] set_produces'0 a (Seq.(++) ab bc) c) -> (let _ = set_produces_trans'0 a ab b bc c in [%#shash_set2] produces'0 a (Seq.(++) ab bc) c)) end -module M_creusot_contracts__stdqy35z1__collections__hash_set__qyi7331660899108484271__produces_refl [#"../../../creusot-contracts/src/std/collections/hash_set.rs" 141 4 141 26] (* as std::iter::Iterator> *) - let%span shash_set0 = "../../../creusot-contracts/src/std/collections/hash_set.rs" 140 14 140 45 - let%span shash_set1 = "../../../creusot-contracts/src/std/collections/hash_set.rs" 138 4 138 10 - let%span shash_set2 = "../../../creusot-contracts/src/std/collections/hash_set.rs" 129 8 129 38 - let%span shash_set3 = "../../../creusot-contracts/src/std/collections/hash_set.rs" 58 16 65 23 +module M_creusot_contracts__stdqy35z1__collections__hash_set__qyi7331660899108484271__produces_refl [#"../../../creusot-contracts/src/std/collections/hash_set.rs" 147 4 147 26] (* as std::iter::Iterator> *) + let%span shash_set0 = "../../../creusot-contracts/src/std/collections/hash_set.rs" 146 14 146 45 + let%span shash_set1 = "../../../creusot-contracts/src/std/collections/hash_set.rs" 144 4 144 10 + let%span shash_set2 = "../../../creusot-contracts/src/std/collections/hash_set.rs" 135 8 135 38 + let%span shash_set3 = "../../../creusot-contracts/src/std/collections/hash_set.rs" 64 16 71 23 let%span sfset4 = "../../../creusot-contracts/src/logic/fset.rs" 46 8 46 26 let%span smodel5 = "../../../creusot-contracts/src/model.rs" 83 8 83 28 let%span sseq6 = "../../../creusot-contracts/src/logic/seq.rs" 355 20 355 77 @@ -1684,7 +1684,7 @@ module M_creusot_contracts__stdqy35z1__collections__hash_set__qyi733166089910848 use set.Fset - function view'0 [#"../../../creusot-contracts/src/std/collections/hash_set.rs" 120 4 120 33] (self : t_Iter'0) : Fset.fset t_DeepModelTy'0 + function view'0 [#"../../../creusot-contracts/src/std/collections/hash_set.rs" 126 4 126 33] (self : t_Iter'0) : Fset.fset t_DeepModelTy'0 use set.Fset @@ -1711,7 +1711,7 @@ module M_creusot_contracts__stdqy35z1__collections__hash_set__qyi733166089910848 = [%#sseq6] exists i : int . 0 <= i /\ i < Seq.length self /\ Seq.get self i = x - predicate set_produces'0 [#"../../../creusot-contracts/src/std/collections/hash_set.rs" 53 0 57 9] (start : t_Iter'0) (visited : Seq.seq t_T'0) (end' : t_Iter'0) + predicate set_produces'0 [#"../../../creusot-contracts/src/std/collections/hash_set.rs" 59 0 63 9] (start : t_Iter'0) (visited : Seq.seq t_T'0) (end' : t_Iter'0) = [%#shash_set3] Fset.cardinal (view'0 start) = Seq.length visited + Fset.cardinal (view'0 end') @@ -1726,29 +1726,29 @@ module M_creusot_contracts__stdqy35z1__collections__hash_set__qyi733166089910848 /\ 0 <= j /\ j < Seq.length visited /\ deep_model'0 (Seq.get visited i) = deep_model'0 (Seq.get visited j) -> i = j) - predicate produces'0 [#"../../../creusot-contracts/src/std/collections/hash_set.rs" 128 4 128 64] (self : t_Iter'0) (visited : Seq.seq t_T'0) (o : t_Iter'0) + predicate produces'0 [#"../../../creusot-contracts/src/std/collections/hash_set.rs" 134 4 134 64] (self : t_Iter'0) (visited : Seq.seq t_T'0) (o : t_Iter'0) = [%#shash_set2] set_produces'0 self visited o constant self : t_Iter'0 - function produces_refl'0 [#"../../../creusot-contracts/src/std/collections/hash_set.rs" 141 4 141 26] (self : t_Iter'0) : () + function produces_refl'0 [#"../../../creusot-contracts/src/std/collections/hash_set.rs" 147 4 147 26] (self : t_Iter'0) : () goal vc_produces_refl'0 : [%#shash_set0] produces'0 self (Seq.empty : Seq.seq t_T'0) self end -module M_creusot_contracts__stdqy35z1__collections__hash_set__qyi7331660899108484271__produces_trans [#"../../../creusot-contracts/src/std/collections/hash_set.rs" 148 4 148 90] (* as std::iter::Iterator> *) - let%span shash_set0 = "../../../creusot-contracts/src/std/collections/hash_set.rs" 145 15 145 32 - let%span shash_set1 = "../../../creusot-contracts/src/std/collections/hash_set.rs" 146 15 146 32 - let%span shash_set2 = "../../../creusot-contracts/src/std/collections/hash_set.rs" 147 14 147 42 - let%span shash_set3 = "../../../creusot-contracts/src/std/collections/hash_set.rs" 71 11 71 33 - let%span shash_set4 = "../../../creusot-contracts/src/std/collections/hash_set.rs" 72 11 72 33 - let%span shash_set5 = "../../../creusot-contracts/src/std/collections/hash_set.rs" 73 10 73 43 - let%span shash_set6 = "../../../creusot-contracts/src/std/collections/hash_set.rs" 149 8 149 43 - let%span shash_set7 = "../../../creusot-contracts/src/std/collections/hash_set.rs" 129 8 129 38 - let%span shash_set8 = "../../../creusot-contracts/src/std/collections/hash_set.rs" 81 4 81 31 - let%span shash_set9 = "../../../creusot-contracts/src/std/collections/hash_set.rs" 58 16 65 23 +module M_creusot_contracts__stdqy35z1__collections__hash_set__qyi7331660899108484271__produces_trans [#"../../../creusot-contracts/src/std/collections/hash_set.rs" 154 4 154 90] (* as std::iter::Iterator> *) + let%span shash_set0 = "../../../creusot-contracts/src/std/collections/hash_set.rs" 151 15 151 32 + let%span shash_set1 = "../../../creusot-contracts/src/std/collections/hash_set.rs" 152 15 152 32 + let%span shash_set2 = "../../../creusot-contracts/src/std/collections/hash_set.rs" 153 14 153 42 + let%span shash_set3 = "../../../creusot-contracts/src/std/collections/hash_set.rs" 77 11 77 33 + let%span shash_set4 = "../../../creusot-contracts/src/std/collections/hash_set.rs" 78 11 78 33 + let%span shash_set5 = "../../../creusot-contracts/src/std/collections/hash_set.rs" 79 10 79 43 + let%span shash_set6 = "../../../creusot-contracts/src/std/collections/hash_set.rs" 155 8 155 43 + let%span shash_set7 = "../../../creusot-contracts/src/std/collections/hash_set.rs" 135 8 135 38 + let%span shash_set8 = "../../../creusot-contracts/src/std/collections/hash_set.rs" 87 4 87 31 + let%span shash_set9 = "../../../creusot-contracts/src/std/collections/hash_set.rs" 64 16 71 23 let%span sseq10 = "../../../creusot-contracts/src/logic/seq.rs" 382 14 383 65 let%span sseq11 = "../../../creusot-contracts/src/logic/seq.rs" 381 4 381 12 let%span sfset12 = "../../../creusot-contracts/src/logic/fset.rs" 46 8 46 26 @@ -1804,7 +1804,7 @@ module M_creusot_contracts__stdqy35z1__collections__hash_set__qyi733166089910848 use set.Fset - function view'0 [#"../../../creusot-contracts/src/std/collections/hash_set.rs" 120 4 120 33] (self : t_Iter'0) : Fset.fset t_DeepModelTy'0 + function view'0 [#"../../../creusot-contracts/src/std/collections/hash_set.rs" 126 4 126 33] (self : t_Iter'0) : Fset.fset t_DeepModelTy'0 use set.Fset @@ -1831,7 +1831,7 @@ module M_creusot_contracts__stdqy35z1__collections__hash_set__qyi733166089910848 = [%#sseq14] exists i : int . 0 <= i /\ i < Seq.length self /\ Seq.get self i = x - predicate set_produces'0 [#"../../../creusot-contracts/src/std/collections/hash_set.rs" 53 0 57 9] (start : t_Iter'0) (visited : Seq.seq t_T'0) (end' : t_Iter'0) + predicate set_produces'0 [#"../../../creusot-contracts/src/std/collections/hash_set.rs" 59 0 63 9] (start : t_Iter'0) (visited : Seq.seq t_T'0) (end' : t_Iter'0) = [%#shash_set9] Fset.cardinal (view'0 start) = Seq.length visited + Fset.cardinal (view'0 end') @@ -1846,7 +1846,7 @@ module M_creusot_contracts__stdqy35z1__collections__hash_set__qyi733166089910848 /\ 0 <= j /\ j < Seq.length visited /\ deep_model'0 (Seq.get visited i) = deep_model'0 (Seq.get visited j) -> i = j) - predicate produces'0 [#"../../../creusot-contracts/src/std/collections/hash_set.rs" 128 4 128 64] (self : t_Iter'0) (visited : Seq.seq t_T'0) (o : t_Iter'0) + predicate produces'0 [#"../../../creusot-contracts/src/std/collections/hash_set.rs" 134 4 134 64] (self : t_Iter'0) (visited : Seq.seq t_T'0) (o : t_Iter'0) = [%#shash_set7] set_produces'0 self visited o @@ -1860,7 +1860,7 @@ module M_creusot_contracts__stdqy35z1__collections__hash_set__qyi733166089910848 = contains'1 a x \/ contains'1 b x - function set_produces_trans'0 [#"../../../creusot-contracts/src/std/collections/hash_set.rs" 74 0 80 1] (a : t_Iter'0) (ab : Seq.seq t_T'0) (b : t_Iter'0) (bc : Seq.seq t_T'0) (c : t_Iter'0) : () + function set_produces_trans'0 [#"../../../creusot-contracts/src/std/collections/hash_set.rs" 80 0 86 1] (a : t_Iter'0) (ab : Seq.seq t_T'0) (b : t_Iter'0) (bc : Seq.seq t_T'0) (c : t_Iter'0) : () = [%#shash_set8] let _ = concat_contains'0 () in let _ = let _ = () in () in let _ = let _ = () in () in () @@ -1878,7 +1878,7 @@ module M_creusot_contracts__stdqy35z1__collections__hash_set__qyi733166089910848 constant c : t_Iter'0 - function produces_trans'0 [#"../../../creusot-contracts/src/std/collections/hash_set.rs" 148 4 148 90] (a : t_Iter'0) (ab : Seq.seq t_T'0) (b : t_Iter'0) (bc : Seq.seq t_T'0) (c : t_Iter'0) : () + function produces_trans'0 [#"../../../creusot-contracts/src/std/collections/hash_set.rs" 154 4 154 90] (a : t_Iter'0) (ab : Seq.seq t_T'0) (b : t_Iter'0) (bc : Seq.seq t_T'0) (c : t_Iter'0) : () goal vc_produces_trans'0 : ([%#shash_set1] produces'0 b bc c) @@ -1888,11 +1888,11 @@ module M_creusot_contracts__stdqy35z1__collections__hash_set__qyi733166089910848 /\ (([%#shash_set5] set_produces'0 a (Seq.(++) ab bc) c) -> (let _ = set_produces_trans'0 a ab b bc c in [%#shash_set2] produces'0 a (Seq.(++) ab bc) c)) end -module M_creusot_contracts__stdqy35z1__collections__hash_set__qyi3673804955138978513__produces_refl [#"../../../creusot-contracts/src/std/collections/hash_set.rs" 216 4 216 26] (* as std::iter::Iterator> *) - let%span shash_set0 = "../../../creusot-contracts/src/std/collections/hash_set.rs" 215 14 215 45 - let%span shash_set1 = "../../../creusot-contracts/src/std/collections/hash_set.rs" 213 4 213 10 - let%span shash_set2 = "../../../creusot-contracts/src/std/collections/hash_set.rs" 204 8 204 38 - let%span shash_set3 = "../../../creusot-contracts/src/std/collections/hash_set.rs" 58 16 65 23 +module M_creusot_contracts__stdqy35z1__collections__hash_set__qyi3673804955138978513__produces_refl [#"../../../creusot-contracts/src/std/collections/hash_set.rs" 222 4 222 26] (* as std::iter::Iterator> *) + let%span shash_set0 = "../../../creusot-contracts/src/std/collections/hash_set.rs" 221 14 221 45 + let%span shash_set1 = "../../../creusot-contracts/src/std/collections/hash_set.rs" 219 4 219 10 + let%span shash_set2 = "../../../creusot-contracts/src/std/collections/hash_set.rs" 210 8 210 38 + let%span shash_set3 = "../../../creusot-contracts/src/std/collections/hash_set.rs" 64 16 71 23 let%span sfset4 = "../../../creusot-contracts/src/logic/fset.rs" 46 8 46 26 let%span smodel5 = "../../../creusot-contracts/src/model.rs" 83 8 83 28 let%span sseq6 = "../../../creusot-contracts/src/logic/seq.rs" 355 20 355 77 @@ -1974,7 +1974,7 @@ module M_creusot_contracts__stdqy35z1__collections__hash_set__qyi367380495513897 use set.Fset - function view'0 [#"../../../creusot-contracts/src/std/collections/hash_set.rs" 195 4 195 33] (self : t_Intersection'0) : Fset.fset t_DeepModelTy'0 + function view'0 [#"../../../creusot-contracts/src/std/collections/hash_set.rs" 201 4 201 33] (self : t_Intersection'0) : Fset.fset t_DeepModelTy'0 use set.Fset @@ -2001,7 +2001,7 @@ module M_creusot_contracts__stdqy35z1__collections__hash_set__qyi367380495513897 = [%#sseq6] exists i : int . 0 <= i /\ i < Seq.length self /\ Seq.get self i = x - predicate set_produces'0 [#"../../../creusot-contracts/src/std/collections/hash_set.rs" 53 0 57 9] (start : t_Intersection'0) (visited : Seq.seq t_T'0) (end' : t_Intersection'0) + predicate set_produces'0 [#"../../../creusot-contracts/src/std/collections/hash_set.rs" 59 0 63 9] (start : t_Intersection'0) (visited : Seq.seq t_T'0) (end' : t_Intersection'0) = [%#shash_set3] Fset.cardinal (view'0 start) = Seq.length visited + Fset.cardinal (view'0 end') @@ -2016,29 +2016,29 @@ module M_creusot_contracts__stdqy35z1__collections__hash_set__qyi367380495513897 /\ 0 <= j /\ j < Seq.length visited /\ deep_model'0 (Seq.get visited i) = deep_model'0 (Seq.get visited j) -> i = j) - predicate produces'0 [#"../../../creusot-contracts/src/std/collections/hash_set.rs" 203 4 203 64] (self : t_Intersection'0) (visited : Seq.seq t_T'0) (o : t_Intersection'0) + predicate produces'0 [#"../../../creusot-contracts/src/std/collections/hash_set.rs" 209 4 209 64] (self : t_Intersection'0) (visited : Seq.seq t_T'0) (o : t_Intersection'0) = [%#shash_set2] set_produces'0 self visited o constant self : t_Intersection'0 - function produces_refl'0 [#"../../../creusot-contracts/src/std/collections/hash_set.rs" 216 4 216 26] (self : t_Intersection'0) : () + function produces_refl'0 [#"../../../creusot-contracts/src/std/collections/hash_set.rs" 222 4 222 26] (self : t_Intersection'0) : () goal vc_produces_refl'0 : [%#shash_set0] produces'0 self (Seq.empty : Seq.seq t_T'0) self end -module M_creusot_contracts__stdqy35z1__collections__hash_set__qyi3673804955138978513__produces_trans [#"../../../creusot-contracts/src/std/collections/hash_set.rs" 223 4 223 90] (* as std::iter::Iterator> *) - let%span shash_set0 = "../../../creusot-contracts/src/std/collections/hash_set.rs" 220 15 220 32 - let%span shash_set1 = "../../../creusot-contracts/src/std/collections/hash_set.rs" 221 15 221 32 - let%span shash_set2 = "../../../creusot-contracts/src/std/collections/hash_set.rs" 222 14 222 42 - let%span shash_set3 = "../../../creusot-contracts/src/std/collections/hash_set.rs" 71 11 71 33 - let%span shash_set4 = "../../../creusot-contracts/src/std/collections/hash_set.rs" 72 11 72 33 - let%span shash_set5 = "../../../creusot-contracts/src/std/collections/hash_set.rs" 73 10 73 43 - let%span shash_set6 = "../../../creusot-contracts/src/std/collections/hash_set.rs" 224 8 224 43 - let%span shash_set7 = "../../../creusot-contracts/src/std/collections/hash_set.rs" 204 8 204 38 - let%span shash_set8 = "../../../creusot-contracts/src/std/collections/hash_set.rs" 81 4 81 31 - let%span shash_set9 = "../../../creusot-contracts/src/std/collections/hash_set.rs" 58 16 65 23 +module M_creusot_contracts__stdqy35z1__collections__hash_set__qyi3673804955138978513__produces_trans [#"../../../creusot-contracts/src/std/collections/hash_set.rs" 229 4 229 90] (* as std::iter::Iterator> *) + let%span shash_set0 = "../../../creusot-contracts/src/std/collections/hash_set.rs" 226 15 226 32 + let%span shash_set1 = "../../../creusot-contracts/src/std/collections/hash_set.rs" 227 15 227 32 + let%span shash_set2 = "../../../creusot-contracts/src/std/collections/hash_set.rs" 228 14 228 42 + let%span shash_set3 = "../../../creusot-contracts/src/std/collections/hash_set.rs" 77 11 77 33 + let%span shash_set4 = "../../../creusot-contracts/src/std/collections/hash_set.rs" 78 11 78 33 + let%span shash_set5 = "../../../creusot-contracts/src/std/collections/hash_set.rs" 79 10 79 43 + let%span shash_set6 = "../../../creusot-contracts/src/std/collections/hash_set.rs" 230 8 230 43 + let%span shash_set7 = "../../../creusot-contracts/src/std/collections/hash_set.rs" 210 8 210 38 + let%span shash_set8 = "../../../creusot-contracts/src/std/collections/hash_set.rs" 87 4 87 31 + let%span shash_set9 = "../../../creusot-contracts/src/std/collections/hash_set.rs" 64 16 71 23 let%span sseq10 = "../../../creusot-contracts/src/logic/seq.rs" 382 14 383 65 let%span sseq11 = "../../../creusot-contracts/src/logic/seq.rs" 381 4 381 12 let%span sfset12 = "../../../creusot-contracts/src/logic/fset.rs" 46 8 46 26 @@ -2120,7 +2120,7 @@ module M_creusot_contracts__stdqy35z1__collections__hash_set__qyi367380495513897 use set.Fset - function view'0 [#"../../../creusot-contracts/src/std/collections/hash_set.rs" 195 4 195 33] (self : t_Intersection'0) : Fset.fset t_DeepModelTy'0 + function view'0 [#"../../../creusot-contracts/src/std/collections/hash_set.rs" 201 4 201 33] (self : t_Intersection'0) : Fset.fset t_DeepModelTy'0 use set.Fset @@ -2147,7 +2147,7 @@ module M_creusot_contracts__stdqy35z1__collections__hash_set__qyi367380495513897 = [%#sseq14] exists i : int . 0 <= i /\ i < Seq.length self /\ Seq.get self i = x - predicate set_produces'0 [#"../../../creusot-contracts/src/std/collections/hash_set.rs" 53 0 57 9] (start : t_Intersection'0) (visited : Seq.seq t_T'0) (end' : t_Intersection'0) + predicate set_produces'0 [#"../../../creusot-contracts/src/std/collections/hash_set.rs" 59 0 63 9] (start : t_Intersection'0) (visited : Seq.seq t_T'0) (end' : t_Intersection'0) = [%#shash_set9] Fset.cardinal (view'0 start) = Seq.length visited + Fset.cardinal (view'0 end') @@ -2162,7 +2162,7 @@ module M_creusot_contracts__stdqy35z1__collections__hash_set__qyi367380495513897 /\ 0 <= j /\ j < Seq.length visited /\ deep_model'0 (Seq.get visited i) = deep_model'0 (Seq.get visited j) -> i = j) - predicate produces'0 [#"../../../creusot-contracts/src/std/collections/hash_set.rs" 203 4 203 64] (self : t_Intersection'0) (visited : Seq.seq t_T'0) (o : t_Intersection'0) + predicate produces'0 [#"../../../creusot-contracts/src/std/collections/hash_set.rs" 209 4 209 64] (self : t_Intersection'0) (visited : Seq.seq t_T'0) (o : t_Intersection'0) = [%#shash_set7] set_produces'0 self visited o @@ -2176,7 +2176,7 @@ module M_creusot_contracts__stdqy35z1__collections__hash_set__qyi367380495513897 = contains'1 a x \/ contains'1 b x - function set_produces_trans'0 [#"../../../creusot-contracts/src/std/collections/hash_set.rs" 74 0 80 1] (a : t_Intersection'0) (ab : Seq.seq t_T'0) (b : t_Intersection'0) (bc : Seq.seq t_T'0) (c : t_Intersection'0) : () + function set_produces_trans'0 [#"../../../creusot-contracts/src/std/collections/hash_set.rs" 80 0 86 1] (a : t_Intersection'0) (ab : Seq.seq t_T'0) (b : t_Intersection'0) (bc : Seq.seq t_T'0) (c : t_Intersection'0) : () = [%#shash_set8] let _ = concat_contains'0 () in let _ = let _ = () in () in let _ = let _ = () in () in () @@ -2194,7 +2194,7 @@ module M_creusot_contracts__stdqy35z1__collections__hash_set__qyi367380495513897 constant c : t_Intersection'0 - function produces_trans'0 [#"../../../creusot-contracts/src/std/collections/hash_set.rs" 223 4 223 90] (a : t_Intersection'0) (ab : Seq.seq t_T'0) (b : t_Intersection'0) (bc : Seq.seq t_T'0) (c : t_Intersection'0) : () + function produces_trans'0 [#"../../../creusot-contracts/src/std/collections/hash_set.rs" 229 4 229 90] (a : t_Intersection'0) (ab : Seq.seq t_T'0) (b : t_Intersection'0) (bc : Seq.seq t_T'0) (c : t_Intersection'0) : () goal vc_produces_trans'0 : ([%#shash_set1] produces'0 b bc c) @@ -4903,10 +4903,10 @@ module M_creusot_contracts__stdqy35z1__iter__cloned__qyi10472681371035856984__pr let%span scloned1 = "../../../creusot-contracts/src/std/iter/cloned.rs" 55 4 55 10 let%span scloned2 = "../../../creusot-contracts/src/std/iter/cloned.rs" 48 12 51 79 let%span scloned3 = "../../../creusot-contracts/src/std/iter/cloned.rs" 11 14 11 39 - let%span siter4 = "../../../creusot-contracts/src/std/iter.rs" 38 14 38 45 - let%span siter5 = "../../../creusot-contracts/src/std/iter.rs" 42 15 42 32 - let%span siter6 = "../../../creusot-contracts/src/std/iter.rs" 43 15 43 32 - let%span siter7 = "../../../creusot-contracts/src/std/iter.rs" 44 14 44 42 + let%span siter4 = "../../../creusot-contracts/src/std/iter.rs" 42 14 42 45 + let%span siter5 = "../../../creusot-contracts/src/std/iter.rs" 46 15 46 32 + let%span siter6 = "../../../creusot-contracts/src/std/iter.rs" 47 15 47 32 + let%span siter7 = "../../../creusot-contracts/src/std/iter.rs" 48 14 48 42 use seq.Seq @@ -4940,16 +4940,16 @@ module M_creusot_contracts__stdqy35z1__iter__cloned__qyi10472681371035856984__pr use seq.Seq - predicate produces'1 [#"../../../creusot-contracts/src/std/iter.rs" 32 4 32 65] (self : t_I'0) (visited : Seq.seq t_T'0) (o : t_I'0) + predicate produces'1 [#"../../../creusot-contracts/src/std/iter.rs" 36 4 36 65] (self : t_I'0) (visited : Seq.seq t_T'0) (o : t_I'0) - function produces_trans'0 [#"../../../creusot-contracts/src/std/iter.rs" 45 4 45 91] (a : t_I'0) (ab : Seq.seq t_T'0) (b : t_I'0) (bc : Seq.seq t_T'0) (c : t_I'0) : () + function produces_trans'0 [#"../../../creusot-contracts/src/std/iter.rs" 49 4 49 91] (a : t_I'0) (ab : Seq.seq t_T'0) (b : t_I'0) (bc : Seq.seq t_T'0) (c : t_I'0) : () axiom produces_trans'0_spec : forall a : t_I'0, ab : Seq.seq t_T'0, b : t_I'0, bc : Seq.seq t_T'0, c : t_I'0 . ([%#siter5] produces'1 a ab b) -> ([%#siter6] produces'1 b bc c) -> ([%#siter7] produces'1 a (Seq.(++) ab bc) c) - function produces_refl'1 [#"../../../creusot-contracts/src/std/iter.rs" 39 4 39 27] (self : t_I'0) : () + function produces_refl'1 [#"../../../creusot-contracts/src/std/iter.rs" 43 4 43 27] (self : t_I'0) : () axiom produces_refl'1_spec : forall self : t_I'0 . [%#siter4] produces'1 self (Seq.empty : Seq.seq t_T'0) self @@ -4983,10 +4983,10 @@ module M_creusot_contracts__stdqy35z1__iter__cloned__qyi10472681371035856984__pr let%span scloned3 = "../../../creusot-contracts/src/std/iter/cloned.rs" 60 4 60 10 let%span scloned4 = "../../../creusot-contracts/src/std/iter/cloned.rs" 48 12 51 79 let%span scloned5 = "../../../creusot-contracts/src/std/iter/cloned.rs" 11 14 11 39 - let%span siter6 = "../../../creusot-contracts/src/std/iter.rs" 38 14 38 45 - let%span siter7 = "../../../creusot-contracts/src/std/iter.rs" 42 15 42 32 - let%span siter8 = "../../../creusot-contracts/src/std/iter.rs" 43 15 43 32 - let%span siter9 = "../../../creusot-contracts/src/std/iter.rs" 44 14 44 42 + let%span siter6 = "../../../creusot-contracts/src/std/iter.rs" 42 14 42 45 + let%span siter7 = "../../../creusot-contracts/src/std/iter.rs" 46 15 46 32 + let%span siter8 = "../../../creusot-contracts/src/std/iter.rs" 47 15 47 32 + let%span siter9 = "../../../creusot-contracts/src/std/iter.rs" 48 14 48 42 type t_I'0 @@ -5018,16 +5018,16 @@ module M_creusot_contracts__stdqy35z1__iter__cloned__qyi10472681371035856984__pr use seq.Seq - predicate produces'1 [#"../../../creusot-contracts/src/std/iter.rs" 32 4 32 65] (self : t_I'0) (visited : Seq.seq t_T'0) (o : t_I'0) + predicate produces'1 [#"../../../creusot-contracts/src/std/iter.rs" 36 4 36 65] (self : t_I'0) (visited : Seq.seq t_T'0) (o : t_I'0) - function produces_trans'1 [#"../../../creusot-contracts/src/std/iter.rs" 45 4 45 91] (a : t_I'0) (ab : Seq.seq t_T'0) (b : t_I'0) (bc : Seq.seq t_T'0) (c : t_I'0) : () + function produces_trans'1 [#"../../../creusot-contracts/src/std/iter.rs" 49 4 49 91] (a : t_I'0) (ab : Seq.seq t_T'0) (b : t_I'0) (bc : Seq.seq t_T'0) (c : t_I'0) : () axiom produces_trans'1_spec : forall a : t_I'0, ab : Seq.seq t_T'0, b : t_I'0, bc : Seq.seq t_T'0, c : t_I'0 . ([%#siter7] produces'1 a ab b) -> ([%#siter8] produces'1 b bc c) -> ([%#siter9] produces'1 a (Seq.(++) ab bc) c) - function produces_refl'0 [#"../../../creusot-contracts/src/std/iter.rs" 39 4 39 27] (self : t_I'0) : () + function produces_refl'0 [#"../../../creusot-contracts/src/std/iter.rs" 43 4 43 27] (self : t_I'0) : () axiom produces_refl'0_spec : forall self : t_I'0 . [%#siter6] produces'1 self (Seq.empty : Seq.seq t_T'0) self @@ -5071,10 +5071,10 @@ module M_creusot_contracts__stdqy35z1__iter__copied__qyi18224474876607687026__pr let%span scopied1 = "../../../creusot-contracts/src/std/iter/copied.rs" 55 4 55 10 let%span scopied2 = "../../../creusot-contracts/src/std/iter/copied.rs" 48 12 51 79 let%span scopied3 = "../../../creusot-contracts/src/std/iter/copied.rs" 11 14 11 39 - let%span siter4 = "../../../creusot-contracts/src/std/iter.rs" 38 14 38 45 - let%span siter5 = "../../../creusot-contracts/src/std/iter.rs" 42 15 42 32 - let%span siter6 = "../../../creusot-contracts/src/std/iter.rs" 43 15 43 32 - let%span siter7 = "../../../creusot-contracts/src/std/iter.rs" 44 14 44 42 + let%span siter4 = "../../../creusot-contracts/src/std/iter.rs" 42 14 42 45 + let%span siter5 = "../../../creusot-contracts/src/std/iter.rs" 46 15 46 32 + let%span siter6 = "../../../creusot-contracts/src/std/iter.rs" 47 15 47 32 + let%span siter7 = "../../../creusot-contracts/src/std/iter.rs" 48 14 48 42 use seq.Seq @@ -5108,16 +5108,16 @@ module M_creusot_contracts__stdqy35z1__iter__copied__qyi18224474876607687026__pr use seq.Seq - predicate produces'1 [#"../../../creusot-contracts/src/std/iter.rs" 32 4 32 65] (self : t_I'0) (visited : Seq.seq t_T'0) (o : t_I'0) + predicate produces'1 [#"../../../creusot-contracts/src/std/iter.rs" 36 4 36 65] (self : t_I'0) (visited : Seq.seq t_T'0) (o : t_I'0) - function produces_trans'0 [#"../../../creusot-contracts/src/std/iter.rs" 45 4 45 91] (a : t_I'0) (ab : Seq.seq t_T'0) (b : t_I'0) (bc : Seq.seq t_T'0) (c : t_I'0) : () + function produces_trans'0 [#"../../../creusot-contracts/src/std/iter.rs" 49 4 49 91] (a : t_I'0) (ab : Seq.seq t_T'0) (b : t_I'0) (bc : Seq.seq t_T'0) (c : t_I'0) : () axiom produces_trans'0_spec : forall a : t_I'0, ab : Seq.seq t_T'0, b : t_I'0, bc : Seq.seq t_T'0, c : t_I'0 . ([%#siter5] produces'1 a ab b) -> ([%#siter6] produces'1 b bc c) -> ([%#siter7] produces'1 a (Seq.(++) ab bc) c) - function produces_refl'1 [#"../../../creusot-contracts/src/std/iter.rs" 39 4 39 27] (self : t_I'0) : () + function produces_refl'1 [#"../../../creusot-contracts/src/std/iter.rs" 43 4 43 27] (self : t_I'0) : () axiom produces_refl'1_spec : forall self : t_I'0 . [%#siter4] produces'1 self (Seq.empty : Seq.seq t_T'0) self @@ -5151,10 +5151,10 @@ module M_creusot_contracts__stdqy35z1__iter__copied__qyi18224474876607687026__pr let%span scopied3 = "../../../creusot-contracts/src/std/iter/copied.rs" 60 4 60 10 let%span scopied4 = "../../../creusot-contracts/src/std/iter/copied.rs" 48 12 51 79 let%span scopied5 = "../../../creusot-contracts/src/std/iter/copied.rs" 11 14 11 39 - let%span siter6 = "../../../creusot-contracts/src/std/iter.rs" 38 14 38 45 - let%span siter7 = "../../../creusot-contracts/src/std/iter.rs" 42 15 42 32 - let%span siter8 = "../../../creusot-contracts/src/std/iter.rs" 43 15 43 32 - let%span siter9 = "../../../creusot-contracts/src/std/iter.rs" 44 14 44 42 + let%span siter6 = "../../../creusot-contracts/src/std/iter.rs" 42 14 42 45 + let%span siter7 = "../../../creusot-contracts/src/std/iter.rs" 46 15 46 32 + let%span siter8 = "../../../creusot-contracts/src/std/iter.rs" 47 15 47 32 + let%span siter9 = "../../../creusot-contracts/src/std/iter.rs" 48 14 48 42 type t_I'0 @@ -5186,16 +5186,16 @@ module M_creusot_contracts__stdqy35z1__iter__copied__qyi18224474876607687026__pr use seq.Seq - predicate produces'1 [#"../../../creusot-contracts/src/std/iter.rs" 32 4 32 65] (self : t_I'0) (visited : Seq.seq t_T'0) (o : t_I'0) + predicate produces'1 [#"../../../creusot-contracts/src/std/iter.rs" 36 4 36 65] (self : t_I'0) (visited : Seq.seq t_T'0) (o : t_I'0) - function produces_trans'1 [#"../../../creusot-contracts/src/std/iter.rs" 45 4 45 91] (a : t_I'0) (ab : Seq.seq t_T'0) (b : t_I'0) (bc : Seq.seq t_T'0) (c : t_I'0) : () + function produces_trans'1 [#"../../../creusot-contracts/src/std/iter.rs" 49 4 49 91] (a : t_I'0) (ab : Seq.seq t_T'0) (b : t_I'0) (bc : Seq.seq t_T'0) (c : t_I'0) : () axiom produces_trans'1_spec : forall a : t_I'0, ab : Seq.seq t_T'0, b : t_I'0, bc : Seq.seq t_T'0, c : t_I'0 . ([%#siter7] produces'1 a ab b) -> ([%#siter8] produces'1 b bc c) -> ([%#siter9] produces'1 a (Seq.(++) ab bc) c) - function produces_refl'0 [#"../../../creusot-contracts/src/std/iter.rs" 39 4 39 27] (self : t_I'0) : () + function produces_refl'0 [#"../../../creusot-contracts/src/std/iter.rs" 43 4 43 27] (self : t_I'0) : () axiom produces_refl'0_spec : forall self : t_I'0 . [%#siter6] produces'1 self (Seq.empty : Seq.seq t_T'0) self @@ -5303,10 +5303,10 @@ module M_creusot_contracts__stdqy35z1__iter__enumerate__qyi2718914205750388896__ let%span senumerate1 = "../../../creusot-contracts/src/std/iter/enumerate.rs" 80 4 80 10 let%span senumerate2 = "../../../creusot-contracts/src/std/iter/enumerate.rs" 72 12 76 113 let%span senumerate3 = "../../../creusot-contracts/src/std/iter/enumerate.rs" 14 14 14 39 - let%span siter4 = "../../../creusot-contracts/src/std/iter.rs" 38 14 38 45 - let%span siter5 = "../../../creusot-contracts/src/std/iter.rs" 42 15 42 32 - let%span siter6 = "../../../creusot-contracts/src/std/iter.rs" 43 15 43 32 - let%span siter7 = "../../../creusot-contracts/src/std/iter.rs" 44 14 44 42 + let%span siter4 = "../../../creusot-contracts/src/std/iter.rs" 42 14 42 45 + let%span siter5 = "../../../creusot-contracts/src/std/iter.rs" 46 15 46 32 + let%span siter6 = "../../../creusot-contracts/src/std/iter.rs" 47 15 47 32 + let%span siter7 = "../../../creusot-contracts/src/std/iter.rs" 48 14 48 42 let%span senumerate8 = "../../../creusot-contracts/src/std/iter/enumerate.rs" 45 12 49 85 use seq.Seq @@ -5334,16 +5334,16 @@ module M_creusot_contracts__stdqy35z1__iter__enumerate__qyi2718914205750388896__ use seq.Seq - predicate produces'1 [#"../../../creusot-contracts/src/std/iter.rs" 32 4 32 65] (self : t_I'0) (visited : Seq.seq t_Item'0) (o : t_I'0) + predicate produces'1 [#"../../../creusot-contracts/src/std/iter.rs" 36 4 36 65] (self : t_I'0) (visited : Seq.seq t_Item'0) (o : t_I'0) - function produces_trans'0 [#"../../../creusot-contracts/src/std/iter.rs" 45 4 45 91] (a : t_I'0) (ab : Seq.seq t_Item'0) (b : t_I'0) (bc : Seq.seq t_Item'0) (c : t_I'0) : () + function produces_trans'0 [#"../../../creusot-contracts/src/std/iter.rs" 49 4 49 91] (a : t_I'0) (ab : Seq.seq t_Item'0) (b : t_I'0) (bc : Seq.seq t_Item'0) (c : t_I'0) : () axiom produces_trans'0_spec : forall a : t_I'0, ab : Seq.seq t_Item'0, b : t_I'0, bc : Seq.seq t_Item'0, c : t_I'0 . ([%#siter5] produces'1 a ab b) -> ([%#siter6] produces'1 b bc c) -> ([%#siter7] produces'1 a (Seq.(++) ab bc) c) - function produces_refl'1 [#"../../../creusot-contracts/src/std/iter.rs" 39 4 39 27] (self : t_I'0) : () + function produces_refl'1 [#"../../../creusot-contracts/src/std/iter.rs" 43 4 43 27] (self : t_I'0) : () axiom produces_refl'1_spec : forall self : t_I'0 . [%#siter4] produces'1 self (Seq.empty : Seq.seq t_Item'0) self @@ -5355,7 +5355,7 @@ module M_creusot_contracts__stdqy35z1__iter__enumerate__qyi2718914205750388896__ use prelude.prelude.Borrow - predicate completed'0 [#"../../../creusot-contracts/src/std/iter.rs" 35 4 35 36] (self : borrowed t_I'0) + predicate completed'0 [#"../../../creusot-contracts/src/std/iter.rs" 39 4 39 36] (self : borrowed t_I'0) predicate inv'1 [#"../../../creusot-contracts/src/invariant.rs" 41 0 41 35] (_1 : t_I'0) @@ -5404,10 +5404,10 @@ module M_creusot_contracts__stdqy35z1__iter__enumerate__qyi2718914205750388896__ let%span senumerate3 = "../../../creusot-contracts/src/std/iter/enumerate.rs" 85 4 85 10 let%span senumerate4 = "../../../creusot-contracts/src/std/iter/enumerate.rs" 72 12 76 113 let%span senumerate5 = "../../../creusot-contracts/src/std/iter/enumerate.rs" 14 14 14 39 - let%span siter6 = "../../../creusot-contracts/src/std/iter.rs" 38 14 38 45 - let%span siter7 = "../../../creusot-contracts/src/std/iter.rs" 42 15 42 32 - let%span siter8 = "../../../creusot-contracts/src/std/iter.rs" 43 15 43 32 - let%span siter9 = "../../../creusot-contracts/src/std/iter.rs" 44 14 44 42 + let%span siter6 = "../../../creusot-contracts/src/std/iter.rs" 42 14 42 45 + let%span siter7 = "../../../creusot-contracts/src/std/iter.rs" 46 15 46 32 + let%span siter8 = "../../../creusot-contracts/src/std/iter.rs" 47 15 47 32 + let%span siter9 = "../../../creusot-contracts/src/std/iter.rs" 48 14 48 42 let%span senumerate10 = "../../../creusot-contracts/src/std/iter/enumerate.rs" 45 12 49 85 type t_I'0 @@ -5433,16 +5433,16 @@ module M_creusot_contracts__stdqy35z1__iter__enumerate__qyi2718914205750388896__ use seq.Seq - predicate produces'1 [#"../../../creusot-contracts/src/std/iter.rs" 32 4 32 65] (self : t_I'0) (visited : Seq.seq t_Item'0) (o : t_I'0) + predicate produces'1 [#"../../../creusot-contracts/src/std/iter.rs" 36 4 36 65] (self : t_I'0) (visited : Seq.seq t_Item'0) (o : t_I'0) - function produces_trans'1 [#"../../../creusot-contracts/src/std/iter.rs" 45 4 45 91] (a : t_I'0) (ab : Seq.seq t_Item'0) (b : t_I'0) (bc : Seq.seq t_Item'0) (c : t_I'0) : () + function produces_trans'1 [#"../../../creusot-contracts/src/std/iter.rs" 49 4 49 91] (a : t_I'0) (ab : Seq.seq t_Item'0) (b : t_I'0) (bc : Seq.seq t_Item'0) (c : t_I'0) : () axiom produces_trans'1_spec : forall a : t_I'0, ab : Seq.seq t_Item'0, b : t_I'0, bc : Seq.seq t_Item'0, c : t_I'0 . ([%#siter7] produces'1 a ab b) -> ([%#siter8] produces'1 b bc c) -> ([%#siter9] produces'1 a (Seq.(++) ab bc) c) - function produces_refl'0 [#"../../../creusot-contracts/src/std/iter.rs" 39 4 39 27] (self : t_I'0) : () + function produces_refl'0 [#"../../../creusot-contracts/src/std/iter.rs" 43 4 43 27] (self : t_I'0) : () axiom produces_refl'0_spec : forall self : t_I'0 . [%#siter6] produces'1 self (Seq.empty : Seq.seq t_Item'0) self @@ -5454,7 +5454,7 @@ module M_creusot_contracts__stdqy35z1__iter__enumerate__qyi2718914205750388896__ use prelude.prelude.Borrow - predicate completed'0 [#"../../../creusot-contracts/src/std/iter.rs" 35 4 35 36] (self : borrowed t_I'0) + predicate completed'0 [#"../../../creusot-contracts/src/std/iter.rs" 39 4 39 36] (self : borrowed t_I'0) predicate inv'1 [#"../../../creusot-contracts/src/invariant.rs" 41 0 41 35] (_1 : t_I'0) @@ -5507,10 +5507,10 @@ module M_creusot_contracts__stdqy35z1__iter__enumerate__qyi2718914205750388896__ goal vc_produces_trans'0 : ([%#senumerate1] produces'0 b bc c) -> ([%#senumerate0] produces'0 a ab b) -> ([%#senumerate2] produces'0 a (Seq.(++) ab bc) c) end -module M_creusot_contracts__stdqy35z1__iter__filter__qyi9573749579793237160__produces_refl [#"../../../creusot-contracts/src/std/iter/filter.rs" 106 4 106 26] (* as std::iter::Iterator> *) - let%span sfilter0 = "../../../creusot-contracts/src/std/iter/filter.rs" 105 14 105 45 - let%span sfilter1 = "../../../creusot-contracts/src/std/iter/filter.rs" 103 4 103 10 - let%span sfilter2 = "../../../creusot-contracts/src/std/iter/filter.rs" 87 12 99 17 +module M_creusot_contracts__stdqy35z1__iter__filter__qyi9573749579793237160__produces_refl [#"../../../creusot-contracts/src/std/iter/filter.rs" 105 4 105 26] (* as std::iter::Iterator> *) + let%span sfilter0 = "../../../creusot-contracts/src/std/iter/filter.rs" 104 14 104 45 + let%span sfilter1 = "../../../creusot-contracts/src/std/iter/filter.rs" 102 4 102 10 + let%span sfilter2 = "../../../creusot-contracts/src/std/iter/filter.rs" 87 12 98 143 let%span sfilter3 = "../../../creusot-contracts/src/std/iter/filter.rs" 34 12 40 124 let%span sfilter4 = "../../../creusot-contracts/src/std/iter/filter.rs" 22 14 22 39 let%span sfilter5 = "../../../creusot-contracts/src/std/iter/filter.rs" 15 14 15 39 @@ -5521,10 +5521,10 @@ module M_creusot_contracts__stdqy35z1__iter__filter__qyi9573749579793237160__pro let%span sops10 = "../../../creusot-contracts/src/std/ops.rs" 121 15 121 26 let%span sops11 = "../../../creusot-contracts/src/std/ops.rs" 122 14 122 28 let%span sops12 = "../../../creusot-contracts/src/std/ops.rs" 127 14 128 105 - let%span siter13 = "../../../creusot-contracts/src/std/iter.rs" 38 14 38 45 - let%span siter14 = "../../../creusot-contracts/src/std/iter.rs" 42 15 42 32 - let%span siter15 = "../../../creusot-contracts/src/std/iter.rs" 43 15 43 32 - let%span siter16 = "../../../creusot-contracts/src/std/iter.rs" 44 14 44 42 + let%span siter13 = "../../../creusot-contracts/src/std/iter.rs" 42 14 42 45 + let%span siter14 = "../../../creusot-contracts/src/std/iter.rs" 46 15 46 32 + let%span siter15 = "../../../creusot-contracts/src/std/iter.rs" 47 15 47 32 + let%span siter16 = "../../../creusot-contracts/src/std/iter.rs" 48 14 48 42 use seq.Seq @@ -5607,16 +5607,16 @@ module M_creusot_contracts__stdqy35z1__iter__filter__qyi9573749579793237160__pro use seq.Seq - predicate produces'1 [#"../../../creusot-contracts/src/std/iter.rs" 32 4 32 65] (self : t_I'0) (visited : Seq.seq t_Item'0) (o : t_I'0) + predicate produces'1 [#"../../../creusot-contracts/src/std/iter.rs" 36 4 36 65] (self : t_I'0) (visited : Seq.seq t_Item'0) (o : t_I'0) - function produces_trans'0 [#"../../../creusot-contracts/src/std/iter.rs" 45 4 45 91] (a : t_I'0) (ab : Seq.seq t_Item'0) (b : t_I'0) (bc : Seq.seq t_Item'0) (c : t_I'0) : () + function produces_trans'0 [#"../../../creusot-contracts/src/std/iter.rs" 49 4 49 91] (a : t_I'0) (ab : Seq.seq t_Item'0) (b : t_I'0) (bc : Seq.seq t_Item'0) (c : t_I'0) : () axiom produces_trans'0_spec : forall a : t_I'0, ab : Seq.seq t_Item'0, b : t_I'0, bc : Seq.seq t_Item'0, c : t_I'0 . ([%#siter14] produces'1 a ab b) -> ([%#siter15] produces'1 b bc c) -> ([%#siter16] produces'1 a (Seq.(++) ab bc) c) - function produces_refl'1 [#"../../../creusot-contracts/src/std/iter.rs" 39 4 39 27] (self : t_I'0) : () + function produces_refl'1 [#"../../../creusot-contracts/src/std/iter.rs" 43 4 43 27] (self : t_I'0) : () axiom produces_refl'1_spec : forall self : t_I'0 . [%#siter13] produces'1 self (Seq.empty : Seq.seq t_Item'0) self @@ -5632,8 +5632,8 @@ module M_creusot_contracts__stdqy35z1__iter__filter__qyi9573749579793237160__pro [%#sfilter2] invariant'0 self -> unnest'0 (func'0 self) (func'0 succ) /\ (exists s : Seq.seq t_Item'0, f : Map.map int int . produces'1 (iter'0 self) s (iter'0 succ) - /\ (forall i : int, j : int . 0 <= i /\ i <= j /\ j < Seq.length visited - -> 0 <= Map.get f i /\ Map.get f i <= Map.get f j /\ Map.get f j < Seq.length s) + /\ (forall i : int . 0 <= i /\ i < Seq.length visited -> 0 <= Map.get f i /\ Map.get f i < Seq.length s) + /\ (forall i : int, j : int . 0 <= i /\ i < j /\ j < Seq.length visited -> Map.get f i < Map.get f j) /\ (forall i : int . 0 <= i /\ i < Seq.length visited -> Seq.get visited i = Seq.get s (Map.get f i)) /\ (forall i : int . 0 <= i /\ i < Seq.length s -> (exists j : int . 0 <= j /\ j < Seq.length visited /\ Map.get f j = i) @@ -5641,16 +5641,16 @@ module M_creusot_contracts__stdqy35z1__iter__filter__qyi9573749579793237160__pro constant self : t_Filter'0 - function produces_refl'0 [#"../../../creusot-contracts/src/std/iter/filter.rs" 106 4 106 26] (self : t_Filter'0) : () + function produces_refl'0 [#"../../../creusot-contracts/src/std/iter/filter.rs" 105 4 105 26] (self : t_Filter'0) : () goal vc_produces_refl'0 : [%#sfilter0] produces'0 self (Seq.empty : Seq.seq t_Item'0) self end -module M_creusot_contracts__stdqy35z1__iter__filter__qyi9573749579793237160__produces_trans [#"../../../creusot-contracts/src/std/iter/filter.rs" 113 4 113 90] (* as std::iter::Iterator> *) - let%span sfilter0 = "../../../creusot-contracts/src/std/iter/filter.rs" 110 15 110 32 - let%span sfilter1 = "../../../creusot-contracts/src/std/iter/filter.rs" 111 15 111 32 - let%span sfilter2 = "../../../creusot-contracts/src/std/iter/filter.rs" 112 14 112 42 - let%span sfilter3 = "../../../creusot-contracts/src/std/iter/filter.rs" 108 4 108 10 - let%span sfilter4 = "../../../creusot-contracts/src/std/iter/filter.rs" 87 12 99 17 +module M_creusot_contracts__stdqy35z1__iter__filter__qyi9573749579793237160__produces_trans [#"../../../creusot-contracts/src/std/iter/filter.rs" 112 4 112 90] (* as std::iter::Iterator> *) + let%span sfilter0 = "../../../creusot-contracts/src/std/iter/filter.rs" 109 15 109 32 + let%span sfilter1 = "../../../creusot-contracts/src/std/iter/filter.rs" 110 15 110 32 + let%span sfilter2 = "../../../creusot-contracts/src/std/iter/filter.rs" 111 14 111 42 + let%span sfilter3 = "../../../creusot-contracts/src/std/iter/filter.rs" 107 4 107 10 + let%span sfilter4 = "../../../creusot-contracts/src/std/iter/filter.rs" 87 12 98 143 let%span sfilter5 = "../../../creusot-contracts/src/std/iter/filter.rs" 34 12 40 124 let%span sfilter6 = "../../../creusot-contracts/src/std/iter/filter.rs" 22 14 22 39 let%span sfilter7 = "../../../creusot-contracts/src/std/iter/filter.rs" 15 14 15 39 @@ -5661,10 +5661,10 @@ module M_creusot_contracts__stdqy35z1__iter__filter__qyi9573749579793237160__pro let%span sops12 = "../../../creusot-contracts/src/std/ops.rs" 121 15 121 26 let%span sops13 = "../../../creusot-contracts/src/std/ops.rs" 122 14 122 28 let%span sops14 = "../../../creusot-contracts/src/std/ops.rs" 127 14 128 105 - let%span siter15 = "../../../creusot-contracts/src/std/iter.rs" 38 14 38 45 - let%span siter16 = "../../../creusot-contracts/src/std/iter.rs" 42 15 42 32 - let%span siter17 = "../../../creusot-contracts/src/std/iter.rs" 43 15 43 32 - let%span siter18 = "../../../creusot-contracts/src/std/iter.rs" 44 14 44 42 + let%span siter15 = "../../../creusot-contracts/src/std/iter.rs" 42 14 42 45 + let%span siter16 = "../../../creusot-contracts/src/std/iter.rs" 46 15 46 32 + let%span siter17 = "../../../creusot-contracts/src/std/iter.rs" 47 15 47 32 + let%span siter18 = "../../../creusot-contracts/src/std/iter.rs" 48 14 48 42 type t_I'0 @@ -5747,16 +5747,16 @@ module M_creusot_contracts__stdqy35z1__iter__filter__qyi9573749579793237160__pro use seq.Seq - predicate produces'1 [#"../../../creusot-contracts/src/std/iter.rs" 32 4 32 65] (self : t_I'0) (visited : Seq.seq t_Item'0) (o : t_I'0) + predicate produces'1 [#"../../../creusot-contracts/src/std/iter.rs" 36 4 36 65] (self : t_I'0) (visited : Seq.seq t_Item'0) (o : t_I'0) - function produces_trans'1 [#"../../../creusot-contracts/src/std/iter.rs" 45 4 45 91] (a : t_I'0) (ab : Seq.seq t_Item'0) (b : t_I'0) (bc : Seq.seq t_Item'0) (c : t_I'0) : () + function produces_trans'1 [#"../../../creusot-contracts/src/std/iter.rs" 49 4 49 91] (a : t_I'0) (ab : Seq.seq t_Item'0) (b : t_I'0) (bc : Seq.seq t_Item'0) (c : t_I'0) : () axiom produces_trans'1_spec : forall a : t_I'0, ab : Seq.seq t_Item'0, b : t_I'0, bc : Seq.seq t_Item'0, c : t_I'0 . ([%#siter16] produces'1 a ab b) -> ([%#siter17] produces'1 b bc c) -> ([%#siter18] produces'1 a (Seq.(++) ab bc) c) - function produces_refl'0 [#"../../../creusot-contracts/src/std/iter.rs" 39 4 39 27] (self : t_I'0) : () + function produces_refl'0 [#"../../../creusot-contracts/src/std/iter.rs" 43 4 43 27] (self : t_I'0) : () axiom produces_refl'0_spec : forall self : t_I'0 . [%#siter15] produces'1 self (Seq.empty : Seq.seq t_Item'0) self @@ -5772,8 +5772,8 @@ module M_creusot_contracts__stdqy35z1__iter__filter__qyi9573749579793237160__pro [%#sfilter4] invariant'0 self -> unnest'0 (func'0 self) (func'0 succ) /\ (exists s : Seq.seq t_Item'0, f : Map.map int int . produces'1 (iter'0 self) s (iter'0 succ) - /\ (forall i : int, j : int . 0 <= i /\ i <= j /\ j < Seq.length visited - -> 0 <= Map.get f i /\ Map.get f i <= Map.get f j /\ Map.get f j < Seq.length s) + /\ (forall i : int . 0 <= i /\ i < Seq.length visited -> 0 <= Map.get f i /\ Map.get f i < Seq.length s) + /\ (forall i : int, j : int . 0 <= i /\ i < j /\ j < Seq.length visited -> Map.get f i < Map.get f j) /\ (forall i : int . 0 <= i /\ i < Seq.length visited -> Seq.get visited i = Seq.get s (Map.get f i)) /\ (forall i : int . 0 <= i /\ i < Seq.length s -> (exists j : int . 0 <= j /\ j < Seq.length visited /\ Map.get f j = i) @@ -5789,22 +5789,361 @@ module M_creusot_contracts__stdqy35z1__iter__filter__qyi9573749579793237160__pro constant c : t_Filter'0 - function produces_trans'0 [#"../../../creusot-contracts/src/std/iter/filter.rs" 113 4 113 90] (a : t_Filter'0) (ab : Seq.seq t_Item'0) (b : t_Filter'0) (bc : Seq.seq t_Item'0) (c : t_Filter'0) : () + function produces_trans'0 [#"../../../creusot-contracts/src/std/iter/filter.rs" 112 4 112 90] (a : t_Filter'0) (ab : Seq.seq t_Item'0) (b : t_Filter'0) (bc : Seq.seq t_Item'0) (c : t_Filter'0) : () goal vc_produces_trans'0 : ([%#sfilter1] produces'0 b bc c) -> ([%#sfilter0] produces'0 a ab b) -> ([%#sfilter2] produces'0 a (Seq.(++) ab bc) c) end +module M_creusot_contracts__stdqy35z1__iter__filter_map__qyi13601925333174091585__produces_refl [#"../../../creusot-contracts/src/std/iter/filter_map.rs" 105 4 105 26] (* as std::iter::Iterator> *) + let%span sfilter_map0 = "../../../creusot-contracts/src/std/iter/filter_map.rs" 104 14 104 45 + let%span sfilter_map1 = "../../../creusot-contracts/src/std/iter/filter_map.rs" 102 4 102 10 + let%span sfilter_map2 = "../../../creusot-contracts/src/std/iter/filter_map.rs" 85 12 98 148 + let%span sfilter_map3 = "../../../creusot-contracts/src/std/iter/filter_map.rs" 34 12 38 32 + let%span sfilter_map4 = "../../../creusot-contracts/src/std/iter/filter_map.rs" 22 14 22 39 + let%span sfilter_map5 = "../../../creusot-contracts/src/std/iter/filter_map.rs" 15 14 15 39 + let%span sfilter_map6 = "../../../creusot-contracts/src/std/iter/filter_map.rs" 48 16 48 50 + let%span sfilter_map7 = "../../../creusot-contracts/src/std/iter/filter_map.rs" 56 16 56 52 + let%span sfilter_map8 = "../../../creusot-contracts/src/std/iter/filter_map.rs" 63 16 63 135 + let%span sops9 = "../../../creusot-contracts/src/std/ops.rs" 109 15 109 59 + let%span sops10 = "../../../creusot-contracts/src/std/ops.rs" 110 14 110 36 + let%span sops11 = "../../../creusot-contracts/src/std/ops.rs" 115 14 115 31 + let%span sops12 = "../../../creusot-contracts/src/std/ops.rs" 120 15 120 29 + let%span sops13 = "../../../creusot-contracts/src/std/ops.rs" 121 15 121 26 + let%span sops14 = "../../../creusot-contracts/src/std/ops.rs" 122 14 122 28 + let%span sops15 = "../../../creusot-contracts/src/std/ops.rs" 127 14 128 105 + let%span siter16 = "../../../creusot-contracts/src/std/iter.rs" 42 14 42 45 + let%span siter17 = "../../../creusot-contracts/src/std/iter.rs" 46 15 46 32 + let%span siter18 = "../../../creusot-contracts/src/std/iter.rs" 47 15 47 32 + let%span siter19 = "../../../creusot-contracts/src/std/iter.rs" 48 14 48 42 + + use seq.Seq + + type t_B'0 + + use seq.Seq + + type t_I'0 + + type t_F'0 + + type t_FilterMap'0 = + { t_FilterMap__iter'0: t_I'0; t_FilterMap__f'0: t_F'0 } + + predicate inv'2 [#"../../../creusot-contracts/src/invariant.rs" 41 0 41 35] (_1 : t_I'0) + + predicate inv'1 [#"../../../creusot-contracts/src/invariant.rs" 41 0 41 35] (_1 : t_F'0) + + type t_Item'0 + + predicate precondition'0 [#"../../../creusot-contracts/src/std/ops.rs" 77 4 77 45] (self : t_F'0) (args : t_Item'0) + + predicate no_precondition'0 [#"../../../creusot-contracts/src/std/iter/filter_map.rs" 47 0 47 68] (f : t_F'0) = + [%#sfilter_map6] forall i : t_Item'0 . precondition'0 f (i) + + type t_Option'0 = + | C_None'0 + | C_Some'0 t_B'0 + + predicate postcondition_once'0 [#"../../../creusot-contracts/src/std/ops.rs" 85 4 85 73] (self : t_F'0) (args : t_Item'0) (result : t_Option'0) + + + use prelude.prelude.Borrow + + predicate resolve'0 [#"../../../creusot-contracts/src/resolve.rs" 19 0 19 40] (_1 : t_F'0) + + predicate postcondition_mut'0 [#"../../../creusot-contracts/src/std/ops.rs" 95 4 95 92] (self : t_F'0) (args : t_Item'0) (result_state : t_F'0) (result : t_Option'0) + + + function fn_mut_once'0 [#"../../../creusot-contracts/src/std/ops.rs" 129 4 129 55] (self : t_F'0) (args : t_Item'0) (res : t_Option'0) : () + + + axiom fn_mut_once'0_spec : forall self : t_F'0, args : t_Item'0, res : t_Option'0 . [%#sops15] postcondition_once'0 self args res + = (exists res_state : t_F'0 . postcondition_mut'0 self args res_state res /\ resolve'0 res_state) + + predicate unnest'0 [#"../../../creusot-contracts/src/std/ops.rs" 103 4 103 36] (self : t_F'0) (_2 : t_F'0) + + function unnest_trans'0 [#"../../../creusot-contracts/src/std/ops.rs" 123 4 123 43] (self : t_F'0) (b : t_F'0) (c : t_F'0) : () + + + axiom unnest_trans'0_spec : forall self : t_F'0, b : t_F'0, c : t_F'0 . ([%#sops12] unnest'0 self b) + -> ([%#sops13] unnest'0 b c) -> ([%#sops14] unnest'0 self c) + + function unnest_refl'0 [#"../../../creusot-contracts/src/std/ops.rs" 116 4 116 24] (self : t_F'0) : () + + axiom unnest_refl'0_spec : forall self : t_F'0 . [%#sops11] unnest'0 self self + + function postcondition_mut_unnest'0 [#"../../../creusot-contracts/src/std/ops.rs" 111 4 111 85] (self : t_F'0) (args : t_Item'0) (res_state : t_F'0) (res : t_Option'0) : () + + + axiom postcondition_mut_unnest'0_spec : forall self : t_F'0, args : t_Item'0, res_state : t_F'0, res : t_Option'0 . ([%#sops9] postcondition_mut'0 self args res_state res) + -> ([%#sops10] unnest'0 self res_state) + + predicate immutable'0 [#"../../../creusot-contracts/src/std/iter/filter_map.rs" 55 0 55 62] (f : t_F'0) = + [%#sfilter_map7] forall g : t_F'0 . unnest'0 f g -> f = g + + predicate precise'0 [#"../../../creusot-contracts/src/std/iter/filter_map.rs" 62 0 62 61] (f1 : t_F'0) = + [%#sfilter_map8] forall f2 : t_F'0, i : t_Item'0 . not ((exists b : t_B'0 . postcondition_mut'0 f1 (i) f2 (C_Some'0 b)) + /\ postcondition_mut'0 f1 (i) f2 (C_None'0)) + + predicate inv'0 [#"../../../creusot-contracts/src/invariant.rs" 41 0 41 35] (_1 : t_FilterMap'0) + + function func'0 [#"../../../creusot-contracts/src/std/iter/filter_map.rs" 23 4 23 22] (self : t_FilterMap'0) : t_F'0 + + axiom func'0_spec : forall self : t_FilterMap'0 . [%#sfilter_map4] inv'0 self -> inv'1 (func'0 self) + + predicate invariant'0 [#"../../../creusot-contracts/src/std/iter/filter_map.rs" 31 4 31 30] (self : t_FilterMap'0) = + [%#sfilter_map3] no_precondition'0 (func'0 self) /\ immutable'0 (func'0 self) /\ precise'0 (func'0 self) + + axiom inv_axiom'0 [@rewrite] : forall x : t_FilterMap'0 [inv'0 x] . inv'0 x + = (invariant'0 x + /\ match x with + | {t_FilterMap__iter'0 = iter ; t_FilterMap__f'0 = f} -> inv'2 iter /\ inv'1 f + end) + + use seq.Seq + + use prelude.prelude.Int + + use map.Map + + function iter'0 [#"../../../creusot-contracts/src/std/iter/filter_map.rs" 16 4 16 22] (self : t_FilterMap'0) : t_I'0 + + axiom iter'0_spec : forall self : t_FilterMap'0 . [%#sfilter_map5] inv'0 self -> inv'2 (iter'0 self) + + use seq.Seq + + use seq.Seq + + predicate produces'1 [#"../../../creusot-contracts/src/std/iter.rs" 36 4 36 65] (self : t_I'0) (visited : Seq.seq t_Item'0) (o : t_I'0) + + + function produces_trans'0 [#"../../../creusot-contracts/src/std/iter.rs" 49 4 49 91] (a : t_I'0) (ab : Seq.seq t_Item'0) (b : t_I'0) (bc : Seq.seq t_Item'0) (c : t_I'0) : () + + + axiom produces_trans'0_spec : forall a : t_I'0, ab : Seq.seq t_Item'0, b : t_I'0, bc : Seq.seq t_Item'0, c : t_I'0 . ([%#siter17] produces'1 a ab b) + -> ([%#siter18] produces'1 b bc c) -> ([%#siter19] produces'1 a (Seq.(++) ab bc) c) + + function produces_refl'1 [#"../../../creusot-contracts/src/std/iter.rs" 43 4 43 27] (self : t_I'0) : () + + axiom produces_refl'1_spec : forall self : t_I'0 . [%#siter16] produces'1 self (Seq.empty : Seq.seq t_Item'0) self + + use seq.Seq + + use map.Map + + use seq.Seq + + use seq.Seq + + use seq.Seq + + predicate produces'0 [#"../../../creusot-contracts/src/std/iter/filter_map.rs" 83 4 83 67] (self : t_FilterMap'0) (visited : Seq.seq t_B'0) (succ : t_FilterMap'0) + + = + [%#sfilter_map2] invariant'0 self + -> unnest'0 (func'0 self) (func'0 succ) + /\ (exists s : Seq.seq t_Item'0, f : Map.map int int . produces'1 (iter'0 self) s (iter'0 succ) + /\ (forall i : int . 0 <= i /\ i < Seq.length visited -> 0 <= Map.get f i /\ Map.get f i < Seq.length s) + /\ (forall i : int, j : int . 0 <= i /\ i < j /\ j < Seq.length visited -> Map.get f i < Map.get f j) + /\ (forall i : int . 0 <= i /\ i < Seq.length visited + -> postcondition_mut'0 (func'0 self) (Seq.get s (Map.get f i)) (func'0 self) (C_Some'0 (Seq.get visited i))) + /\ (forall j : int . 0 <= j /\ j < Seq.length s + -> (not (exists i : int . 0 <= i /\ i < Seq.length visited /\ Map.get f i = j)) + = postcondition_mut'0 (func'0 self) (Seq.get s j) (func'0 self) (C_None'0))) + + constant self : t_FilterMap'0 + + function produces_refl'0 [#"../../../creusot-contracts/src/std/iter/filter_map.rs" 105 4 105 26] (self : t_FilterMap'0) : () + + + goal vc_produces_refl'0 : [%#sfilter_map0] produces'0 self (Seq.empty : Seq.seq t_B'0) self +end +module M_creusot_contracts__stdqy35z1__iter__filter_map__qyi13601925333174091585__produces_trans [#"../../../creusot-contracts/src/std/iter/filter_map.rs" 112 4 112 90] (* as std::iter::Iterator> *) + let%span sfilter_map0 = "../../../creusot-contracts/src/std/iter/filter_map.rs" 109 15 109 32 + let%span sfilter_map1 = "../../../creusot-contracts/src/std/iter/filter_map.rs" 110 15 110 32 + let%span sfilter_map2 = "../../../creusot-contracts/src/std/iter/filter_map.rs" 111 14 111 42 + let%span sfilter_map3 = "../../../creusot-contracts/src/std/iter/filter_map.rs" 107 4 107 10 + let%span sfilter_map4 = "../../../creusot-contracts/src/std/iter/filter_map.rs" 85 12 98 148 + let%span sfilter_map5 = "../../../creusot-contracts/src/std/iter/filter_map.rs" 34 12 38 32 + let%span sfilter_map6 = "../../../creusot-contracts/src/std/iter/filter_map.rs" 22 14 22 39 + let%span sfilter_map7 = "../../../creusot-contracts/src/std/iter/filter_map.rs" 15 14 15 39 + let%span sfilter_map8 = "../../../creusot-contracts/src/std/iter/filter_map.rs" 48 16 48 50 + let%span sfilter_map9 = "../../../creusot-contracts/src/std/iter/filter_map.rs" 56 16 56 52 + let%span sfilter_map10 = "../../../creusot-contracts/src/std/iter/filter_map.rs" 63 16 63 135 + let%span sops11 = "../../../creusot-contracts/src/std/ops.rs" 109 15 109 59 + let%span sops12 = "../../../creusot-contracts/src/std/ops.rs" 110 14 110 36 + let%span sops13 = "../../../creusot-contracts/src/std/ops.rs" 115 14 115 31 + let%span sops14 = "../../../creusot-contracts/src/std/ops.rs" 120 15 120 29 + let%span sops15 = "../../../creusot-contracts/src/std/ops.rs" 121 15 121 26 + let%span sops16 = "../../../creusot-contracts/src/std/ops.rs" 122 14 122 28 + let%span sops17 = "../../../creusot-contracts/src/std/ops.rs" 127 14 128 105 + let%span siter18 = "../../../creusot-contracts/src/std/iter.rs" 42 14 42 45 + let%span siter19 = "../../../creusot-contracts/src/std/iter.rs" 46 15 46 32 + let%span siter20 = "../../../creusot-contracts/src/std/iter.rs" 47 15 47 32 + let%span siter21 = "../../../creusot-contracts/src/std/iter.rs" 48 14 48 42 + + type t_I'0 + + type t_F'0 + + type t_FilterMap'0 = + { t_FilterMap__iter'0: t_I'0; t_FilterMap__f'0: t_F'0 } + + type t_B'0 + + use seq.Seq + + predicate inv'2 [#"../../../creusot-contracts/src/invariant.rs" 41 0 41 35] (_1 : t_I'0) + + predicate inv'1 [#"../../../creusot-contracts/src/invariant.rs" 41 0 41 35] (_1 : t_F'0) + + type t_Item'0 + + predicate precondition'0 [#"../../../creusot-contracts/src/std/ops.rs" 77 4 77 45] (self : t_F'0) (args : t_Item'0) + + predicate no_precondition'0 [#"../../../creusot-contracts/src/std/iter/filter_map.rs" 47 0 47 68] (f : t_F'0) = + [%#sfilter_map8] forall i : t_Item'0 . precondition'0 f (i) + + type t_Option'0 = + | C_None'0 + | C_Some'0 t_B'0 + + predicate postcondition_once'0 [#"../../../creusot-contracts/src/std/ops.rs" 85 4 85 73] (self : t_F'0) (args : t_Item'0) (result : t_Option'0) + + + use prelude.prelude.Borrow + + predicate resolve'0 [#"../../../creusot-contracts/src/resolve.rs" 19 0 19 40] (_1 : t_F'0) + + predicate postcondition_mut'0 [#"../../../creusot-contracts/src/std/ops.rs" 95 4 95 92] (self : t_F'0) (args : t_Item'0) (result_state : t_F'0) (result : t_Option'0) + + + function fn_mut_once'0 [#"../../../creusot-contracts/src/std/ops.rs" 129 4 129 55] (self : t_F'0) (args : t_Item'0) (res : t_Option'0) : () + + + axiom fn_mut_once'0_spec : forall self : t_F'0, args : t_Item'0, res : t_Option'0 . [%#sops17] postcondition_once'0 self args res + = (exists res_state : t_F'0 . postcondition_mut'0 self args res_state res /\ resolve'0 res_state) + + predicate unnest'0 [#"../../../creusot-contracts/src/std/ops.rs" 103 4 103 36] (self : t_F'0) (_2 : t_F'0) + + function unnest_trans'0 [#"../../../creusot-contracts/src/std/ops.rs" 123 4 123 43] (self : t_F'0) (b : t_F'0) (c : t_F'0) : () + + + axiom unnest_trans'0_spec : forall self : t_F'0, b : t_F'0, c : t_F'0 . ([%#sops14] unnest'0 self b) + -> ([%#sops15] unnest'0 b c) -> ([%#sops16] unnest'0 self c) + + function unnest_refl'0 [#"../../../creusot-contracts/src/std/ops.rs" 116 4 116 24] (self : t_F'0) : () + + axiom unnest_refl'0_spec : forall self : t_F'0 . [%#sops13] unnest'0 self self + + function postcondition_mut_unnest'0 [#"../../../creusot-contracts/src/std/ops.rs" 111 4 111 85] (self : t_F'0) (args : t_Item'0) (res_state : t_F'0) (res : t_Option'0) : () + + + axiom postcondition_mut_unnest'0_spec : forall self : t_F'0, args : t_Item'0, res_state : t_F'0, res : t_Option'0 . ([%#sops11] postcondition_mut'0 self args res_state res) + -> ([%#sops12] unnest'0 self res_state) + + predicate immutable'0 [#"../../../creusot-contracts/src/std/iter/filter_map.rs" 55 0 55 62] (f : t_F'0) = + [%#sfilter_map9] forall g : t_F'0 . unnest'0 f g -> f = g + + predicate precise'0 [#"../../../creusot-contracts/src/std/iter/filter_map.rs" 62 0 62 61] (f1 : t_F'0) = + [%#sfilter_map10] forall f2 : t_F'0, i : t_Item'0 . not ((exists b : t_B'0 . postcondition_mut'0 f1 (i) f2 (C_Some'0 b)) + /\ postcondition_mut'0 f1 (i) f2 (C_None'0)) + + predicate inv'0 [#"../../../creusot-contracts/src/invariant.rs" 41 0 41 35] (_1 : t_FilterMap'0) + + function func'0 [#"../../../creusot-contracts/src/std/iter/filter_map.rs" 23 4 23 22] (self : t_FilterMap'0) : t_F'0 + + axiom func'0_spec : forall self : t_FilterMap'0 . [%#sfilter_map6] inv'0 self -> inv'1 (func'0 self) + + predicate invariant'0 [#"../../../creusot-contracts/src/std/iter/filter_map.rs" 31 4 31 30] (self : t_FilterMap'0) = + [%#sfilter_map5] no_precondition'0 (func'0 self) /\ immutable'0 (func'0 self) /\ precise'0 (func'0 self) + + axiom inv_axiom'0 [@rewrite] : forall x : t_FilterMap'0 [inv'0 x] . inv'0 x + = (invariant'0 x + /\ match x with + | {t_FilterMap__iter'0 = iter ; t_FilterMap__f'0 = f} -> inv'2 iter /\ inv'1 f + end) + + use seq.Seq + + use prelude.prelude.Int + + use map.Map + + function iter'0 [#"../../../creusot-contracts/src/std/iter/filter_map.rs" 16 4 16 22] (self : t_FilterMap'0) : t_I'0 + + axiom iter'0_spec : forall self : t_FilterMap'0 . [%#sfilter_map7] inv'0 self -> inv'2 (iter'0 self) + + use seq.Seq + + use seq.Seq + + predicate produces'1 [#"../../../creusot-contracts/src/std/iter.rs" 36 4 36 65] (self : t_I'0) (visited : Seq.seq t_Item'0) (o : t_I'0) + + + function produces_trans'1 [#"../../../creusot-contracts/src/std/iter.rs" 49 4 49 91] (a : t_I'0) (ab : Seq.seq t_Item'0) (b : t_I'0) (bc : Seq.seq t_Item'0) (c : t_I'0) : () + + + axiom produces_trans'1_spec : forall a : t_I'0, ab : Seq.seq t_Item'0, b : t_I'0, bc : Seq.seq t_Item'0, c : t_I'0 . ([%#siter19] produces'1 a ab b) + -> ([%#siter20] produces'1 b bc c) -> ([%#siter21] produces'1 a (Seq.(++) ab bc) c) + + function produces_refl'0 [#"../../../creusot-contracts/src/std/iter.rs" 43 4 43 27] (self : t_I'0) : () + + axiom produces_refl'0_spec : forall self : t_I'0 . [%#siter18] produces'1 self (Seq.empty : Seq.seq t_Item'0) self + + use seq.Seq + + use map.Map + + use seq.Seq + + use seq.Seq + + use seq.Seq + + predicate produces'0 [#"../../../creusot-contracts/src/std/iter/filter_map.rs" 83 4 83 67] (self : t_FilterMap'0) (visited : Seq.seq t_B'0) (succ : t_FilterMap'0) + + = + [%#sfilter_map4] invariant'0 self + -> unnest'0 (func'0 self) (func'0 succ) + /\ (exists s : Seq.seq t_Item'0, f : Map.map int int . produces'1 (iter'0 self) s (iter'0 succ) + /\ (forall i : int . 0 <= i /\ i < Seq.length visited -> 0 <= Map.get f i /\ Map.get f i < Seq.length s) + /\ (forall i : int, j : int . 0 <= i /\ i < j /\ j < Seq.length visited -> Map.get f i < Map.get f j) + /\ (forall i : int . 0 <= i /\ i < Seq.length visited + -> postcondition_mut'0 (func'0 self) (Seq.get s (Map.get f i)) (func'0 self) (C_Some'0 (Seq.get visited i))) + /\ (forall j : int . 0 <= j /\ j < Seq.length s + -> (not (exists i : int . 0 <= i /\ i < Seq.length visited /\ Map.get f i = j)) + = postcondition_mut'0 (func'0 self) (Seq.get s j) (func'0 self) (C_None'0))) + + use seq.Seq + + constant a : t_FilterMap'0 + + constant ab : Seq.seq t_B'0 + + constant b : t_FilterMap'0 + + constant bc : Seq.seq t_B'0 + + constant c : t_FilterMap'0 + + function produces_trans'0 [#"../../../creusot-contracts/src/std/iter/filter_map.rs" 112 4 112 90] (a : t_FilterMap'0) (ab : Seq.seq t_B'0) (b : t_FilterMap'0) (bc : Seq.seq t_B'0) (c : t_FilterMap'0) : () + + + goal vc_produces_trans'0 : ([%#sfilter_map1] produces'0 b bc c) + -> ([%#sfilter_map0] produces'0 a ab b) -> ([%#sfilter_map2] produces'0 a (Seq.(++) ab bc) c) +end module M_creusot_contracts__stdqy35z1__iter__fuse__qyi10730559947553418603__produces_refl [#"../../../creusot-contracts/src/std/iter/fuse.rs" 42 4 42 26] (* as std::iter::Iterator> *) let%span sfuse0 = "../../../creusot-contracts/src/std/iter/fuse.rs" 41 14 41 45 let%span sfuse1 = "../../../creusot-contracts/src/std/iter/fuse.rs" 39 4 39 10 let%span sfuse2 = "../../../creusot-contracts/src/std/iter/fuse.rs" 29 12 35 13 let%span sfuse3 = "../../../creusot-contracts/src/std/iter/fuse.rs" 8 14 8 39 let%span sfuse4 = "../../../creusot-contracts/src/std/iter/fuse.rs" 9 14 9 71 - let%span siter5 = "../../../creusot-contracts/src/std/iter.rs" 38 14 38 45 - let%span siter6 = "../../../creusot-contracts/src/std/iter.rs" 42 15 42 32 - let%span siter7 = "../../../creusot-contracts/src/std/iter.rs" 43 15 43 32 - let%span siter8 = "../../../creusot-contracts/src/std/iter.rs" 44 14 44 42 + let%span siter5 = "../../../creusot-contracts/src/std/iter.rs" 42 14 42 45 + let%span siter6 = "../../../creusot-contracts/src/std/iter.rs" 46 15 46 32 + let%span siter7 = "../../../creusot-contracts/src/std/iter.rs" 47 15 47 32 + let%span siter8 = "../../../creusot-contracts/src/std/iter.rs" 48 14 48 42 use seq.Seq @@ -5845,16 +6184,16 @@ module M_creusot_contracts__stdqy35z1__iter__fuse__qyi10730559947553418603__prod use seq.Seq - predicate produces'1 [#"../../../creusot-contracts/src/std/iter.rs" 32 4 32 65] (self : t_I'0) (visited : Seq.seq t_Item'0) (o : t_I'0) + predicate produces'1 [#"../../../creusot-contracts/src/std/iter.rs" 36 4 36 65] (self : t_I'0) (visited : Seq.seq t_Item'0) (o : t_I'0) - function produces_trans'0 [#"../../../creusot-contracts/src/std/iter.rs" 45 4 45 91] (a : t_I'0) (ab : Seq.seq t_Item'0) (b : t_I'0) (bc : Seq.seq t_Item'0) (c : t_I'0) : () + function produces_trans'0 [#"../../../creusot-contracts/src/std/iter.rs" 49 4 49 91] (a : t_I'0) (ab : Seq.seq t_Item'0) (b : t_I'0) (bc : Seq.seq t_Item'0) (c : t_I'0) : () axiom produces_trans'0_spec : forall a : t_I'0, ab : Seq.seq t_Item'0, b : t_I'0, bc : Seq.seq t_Item'0, c : t_I'0 . ([%#siter6] produces'1 a ab b) -> ([%#siter7] produces'1 b bc c) -> ([%#siter8] produces'1 a (Seq.(++) ab bc) c) - function produces_refl'1 [#"../../../creusot-contracts/src/std/iter.rs" 39 4 39 27] (self : t_I'0) : () + function produces_refl'1 [#"../../../creusot-contracts/src/std/iter.rs" 43 4 43 27] (self : t_I'0) : () axiom produces_refl'1_spec : forall self : t_I'0 . [%#siter5] produces'1 self (Seq.empty : Seq.seq t_Item'0) self @@ -5883,10 +6222,10 @@ module M_creusot_contracts__stdqy35z1__iter__fuse__qyi10730559947553418603__prod let%span sfuse4 = "../../../creusot-contracts/src/std/iter/fuse.rs" 29 12 35 13 let%span sfuse5 = "../../../creusot-contracts/src/std/iter/fuse.rs" 8 14 8 39 let%span sfuse6 = "../../../creusot-contracts/src/std/iter/fuse.rs" 9 14 9 71 - let%span siter7 = "../../../creusot-contracts/src/std/iter.rs" 38 14 38 45 - let%span siter8 = "../../../creusot-contracts/src/std/iter.rs" 42 15 42 32 - let%span siter9 = "../../../creusot-contracts/src/std/iter.rs" 43 15 43 32 - let%span siter10 = "../../../creusot-contracts/src/std/iter.rs" 44 14 44 42 + let%span siter7 = "../../../creusot-contracts/src/std/iter.rs" 42 14 42 45 + let%span siter8 = "../../../creusot-contracts/src/std/iter.rs" 46 15 46 32 + let%span siter9 = "../../../creusot-contracts/src/std/iter.rs" 47 15 47 32 + let%span siter10 = "../../../creusot-contracts/src/std/iter.rs" 48 14 48 42 type t_I'0 @@ -5927,16 +6266,16 @@ module M_creusot_contracts__stdqy35z1__iter__fuse__qyi10730559947553418603__prod use seq.Seq - predicate produces'1 [#"../../../creusot-contracts/src/std/iter.rs" 32 4 32 65] (self : t_I'0) (visited : Seq.seq t_Item'0) (o : t_I'0) + predicate produces'1 [#"../../../creusot-contracts/src/std/iter.rs" 36 4 36 65] (self : t_I'0) (visited : Seq.seq t_Item'0) (o : t_I'0) - function produces_trans'1 [#"../../../creusot-contracts/src/std/iter.rs" 45 4 45 91] (a : t_I'0) (ab : Seq.seq t_Item'0) (b : t_I'0) (bc : Seq.seq t_Item'0) (c : t_I'0) : () + function produces_trans'1 [#"../../../creusot-contracts/src/std/iter.rs" 49 4 49 91] (a : t_I'0) (ab : Seq.seq t_Item'0) (b : t_I'0) (bc : Seq.seq t_Item'0) (c : t_I'0) : () axiom produces_trans'1_spec : forall a : t_I'0, ab : Seq.seq t_Item'0, b : t_I'0, bc : Seq.seq t_Item'0, c : t_I'0 . ([%#siter8] produces'1 a ab b) -> ([%#siter9] produces'1 b bc c) -> ([%#siter10] produces'1 a (Seq.(++) ab bc) c) - function produces_refl'0 [#"../../../creusot-contracts/src/std/iter.rs" 39 4 39 27] (self : t_I'0) : () + function produces_refl'0 [#"../../../creusot-contracts/src/std/iter.rs" 43 4 43 27] (self : t_I'0) : () axiom produces_refl'0_spec : forall self : t_I'0 . [%#siter7] produces'1 self (Seq.empty : Seq.seq t_Item'0) self @@ -5983,10 +6322,10 @@ module M_creusot_contracts__stdqy35z1__iter__fuse__qyi7691061398646472980__is_fu let%span smodel12 = "../../../creusot-contracts/src/model.rs" 110 8 110 22 let%span sfuse13 = "../../../creusot-contracts/src/std/iter/fuse.rs" 8 14 8 39 let%span sfuse14 = "../../../creusot-contracts/src/std/iter/fuse.rs" 9 14 9 71 - let%span siter15 = "../../../creusot-contracts/src/std/iter.rs" 38 14 38 45 - let%span siter16 = "../../../creusot-contracts/src/std/iter.rs" 42 15 42 32 - let%span siter17 = "../../../creusot-contracts/src/std/iter.rs" 43 15 43 32 - let%span siter18 = "../../../creusot-contracts/src/std/iter.rs" 44 14 44 42 + let%span siter15 = "../../../creusot-contracts/src/std/iter.rs" 42 14 42 45 + let%span siter16 = "../../../creusot-contracts/src/std/iter.rs" 46 15 46 32 + let%span siter17 = "../../../creusot-contracts/src/std/iter.rs" 47 15 47 32 + let%span siter18 = "../../../creusot-contracts/src/std/iter.rs" 48 14 48 42 type t_I'0 @@ -6027,16 +6366,16 @@ module M_creusot_contracts__stdqy35z1__iter__fuse__qyi7691061398646472980__is_fu use seq.Seq - predicate produces'1 [#"../../../creusot-contracts/src/std/iter.rs" 32 4 32 65] (self : t_I'0) (visited : Seq.seq t_Item'0) (o : t_I'0) + predicate produces'1 [#"../../../creusot-contracts/src/std/iter.rs" 36 4 36 65] (self : t_I'0) (visited : Seq.seq t_Item'0) (o : t_I'0) - function produces_trans'1 [#"../../../creusot-contracts/src/std/iter.rs" 45 4 45 91] (a : t_I'0) (ab : Seq.seq t_Item'0) (b : t_I'0) (bc : Seq.seq t_Item'0) (c : t_I'0) : () + function produces_trans'1 [#"../../../creusot-contracts/src/std/iter.rs" 49 4 49 91] (a : t_I'0) (ab : Seq.seq t_Item'0) (b : t_I'0) (bc : Seq.seq t_Item'0) (c : t_I'0) : () axiom produces_trans'1_spec : forall a : t_I'0, ab : Seq.seq t_Item'0, b : t_I'0, bc : Seq.seq t_Item'0, c : t_I'0 . ([%#siter16] produces'1 a ab b) -> ([%#siter17] produces'1 b bc c) -> ([%#siter18] produces'1 a (Seq.(++) ab bc) c) - function produces_refl'1 [#"../../../creusot-contracts/src/std/iter.rs" 39 4 39 27] (self : t_I'0) : () + function produces_refl'1 [#"../../../creusot-contracts/src/std/iter.rs" 43 4 43 27] (self : t_I'0) : () axiom produces_refl'1_spec : forall self : t_I'0 . [%#siter15] produces'1 self (Seq.empty : Seq.seq t_Item'0) self @@ -6069,7 +6408,7 @@ module M_creusot_contracts__stdqy35z1__iter__fuse__qyi7691061398646472980__is_fu function view'0 [#"../../../creusot-contracts/src/model.rs" 109 4 109 33] (self : borrowed (t_Fuse'0)) : t_Option'0 = [%#smodel12] view'1 self.current - predicate completed'1 [#"../../../creusot-contracts/src/std/iter.rs" 35 4 35 36] (self : borrowed t_I'0) + predicate completed'1 [#"../../../creusot-contracts/src/std/iter.rs" 39 4 39 36] (self : borrowed t_I'0) predicate completed'0 [#"../../../creusot-contracts/src/std/iter/fuse.rs" 18 4 18 35] (self : borrowed (t_Fuse'0)) = [%#sfuse4] (view'0 self = C_None'0 @@ -6101,10 +6440,10 @@ module M_creusot_contracts__stdqy35z1__iter__map__qyi6597778842032428791__produc let%span sops9 = "../../../creusot-contracts/src/std/ops.rs" 121 15 121 26 let%span sops10 = "../../../creusot-contracts/src/std/ops.rs" 122 14 122 28 let%span sops11 = "../../../creusot-contracts/src/std/ops.rs" 127 14 128 105 - let%span siter12 = "../../../creusot-contracts/src/std/iter.rs" 38 14 38 45 - let%span siter13 = "../../../creusot-contracts/src/std/iter.rs" 42 15 42 32 - let%span siter14 = "../../../creusot-contracts/src/std/iter.rs" 43 15 43 32 - let%span siter15 = "../../../creusot-contracts/src/std/iter.rs" 44 14 44 42 + let%span siter12 = "../../../creusot-contracts/src/std/iter.rs" 42 14 42 45 + let%span siter13 = "../../../creusot-contracts/src/std/iter.rs" 46 15 46 32 + let%span siter14 = "../../../creusot-contracts/src/std/iter.rs" 47 15 47 32 + let%span siter15 = "../../../creusot-contracts/src/std/iter.rs" 48 14 48 42 use seq.Seq @@ -6188,16 +6527,16 @@ module M_creusot_contracts__stdqy35z1__iter__map__qyi6597778842032428791__produc use seq.Seq - predicate produces'1 [#"../../../creusot-contracts/src/std/iter.rs" 32 4 32 65] (self : t_I'0) (visited : Seq.seq t_Item'0) (o : t_I'0) + predicate produces'1 [#"../../../creusot-contracts/src/std/iter.rs" 36 4 36 65] (self : t_I'0) (visited : Seq.seq t_Item'0) (o : t_I'0) - function produces_trans'0 [#"../../../creusot-contracts/src/std/iter.rs" 45 4 45 91] (a : t_I'0) (ab : Seq.seq t_Item'0) (b : t_I'0) (bc : Seq.seq t_Item'0) (c : t_I'0) : () + function produces_trans'0 [#"../../../creusot-contracts/src/std/iter.rs" 49 4 49 91] (a : t_I'0) (ab : Seq.seq t_Item'0) (b : t_I'0) (bc : Seq.seq t_Item'0) (c : t_I'0) : () axiom produces_trans'0_spec : forall a : t_I'0, ab : Seq.seq t_Item'0, b : t_I'0, bc : Seq.seq t_Item'0, c : t_I'0 . ([%#siter13] produces'1 a ab b) -> ([%#siter14] produces'1 b bc c) -> ([%#siter15] produces'1 a (Seq.(++) ab bc) c) - function produces_refl'1 [#"../../../creusot-contracts/src/std/iter.rs" 39 4 39 27] (self : t_I'0) : () + function produces_refl'1 [#"../../../creusot-contracts/src/std/iter.rs" 43 4 43 27] (self : t_I'0) : () axiom produces_refl'1_spec : forall self : t_I'0 . [%#siter12] produces'1 self (Seq.empty : Seq.seq t_Item'0) self @@ -6250,10 +6589,10 @@ module M_creusot_contracts__stdqy35z1__iter__map__qyi6597778842032428791__produc let%span sops11 = "../../../creusot-contracts/src/std/ops.rs" 121 15 121 26 let%span sops12 = "../../../creusot-contracts/src/std/ops.rs" 122 14 122 28 let%span sops13 = "../../../creusot-contracts/src/std/ops.rs" 127 14 128 105 - let%span siter14 = "../../../creusot-contracts/src/std/iter.rs" 38 14 38 45 - let%span siter15 = "../../../creusot-contracts/src/std/iter.rs" 42 15 42 32 - let%span siter16 = "../../../creusot-contracts/src/std/iter.rs" 43 15 43 32 - let%span siter17 = "../../../creusot-contracts/src/std/iter.rs" 44 14 44 42 + let%span siter14 = "../../../creusot-contracts/src/std/iter.rs" 42 14 42 45 + let%span siter15 = "../../../creusot-contracts/src/std/iter.rs" 46 15 46 32 + let%span siter16 = "../../../creusot-contracts/src/std/iter.rs" 47 15 47 32 + let%span siter17 = "../../../creusot-contracts/src/std/iter.rs" 48 14 48 42 type t_I'0 @@ -6335,16 +6674,16 @@ module M_creusot_contracts__stdqy35z1__iter__map__qyi6597778842032428791__produc use seq.Seq - predicate produces'1 [#"../../../creusot-contracts/src/std/iter.rs" 32 4 32 65] (self : t_I'0) (visited : Seq.seq t_Item'0) (o : t_I'0) + predicate produces'1 [#"../../../creusot-contracts/src/std/iter.rs" 36 4 36 65] (self : t_I'0) (visited : Seq.seq t_Item'0) (o : t_I'0) - function produces_trans'1 [#"../../../creusot-contracts/src/std/iter.rs" 45 4 45 91] (a : t_I'0) (ab : Seq.seq t_Item'0) (b : t_I'0) (bc : Seq.seq t_Item'0) (c : t_I'0) : () + function produces_trans'1 [#"../../../creusot-contracts/src/std/iter.rs" 49 4 49 91] (a : t_I'0) (ab : Seq.seq t_Item'0) (b : t_I'0) (bc : Seq.seq t_Item'0) (c : t_I'0) : () axiom produces_trans'1_spec : forall a : t_I'0, ab : Seq.seq t_Item'0, b : t_I'0, bc : Seq.seq t_Item'0, c : t_I'0 . ([%#siter15] produces'1 a ab b) -> ([%#siter16] produces'1 b bc c) -> ([%#siter17] produces'1 a (Seq.(++) ab bc) c) - function produces_refl'0 [#"../../../creusot-contracts/src/std/iter.rs" 39 4 39 27] (self : t_I'0) : () + function produces_refl'0 [#"../../../creusot-contracts/src/std/iter.rs" 43 4 43 27] (self : t_I'0) : () axiom produces_refl'0_spec : forall self : t_I'0 . [%#siter14] produces'1 self (Seq.empty : Seq.seq t_Item'0) self @@ -6405,10 +6744,10 @@ module M_creusot_contracts__stdqy35z1__iter__map_inv__qyi9026772487048432788__pr let%span sops7 = "../../../creusot-contracts/src/std/ops.rs" 121 15 121 26 let%span sops8 = "../../../creusot-contracts/src/std/ops.rs" 122 14 122 28 let%span sops9 = "../../../creusot-contracts/src/std/ops.rs" 127 14 128 105 - let%span siter10 = "../../../creusot-contracts/src/std/iter.rs" 38 14 38 45 - let%span siter11 = "../../../creusot-contracts/src/std/iter.rs" 42 15 42 32 - let%span siter12 = "../../../creusot-contracts/src/std/iter.rs" 43 15 43 32 - let%span siter13 = "../../../creusot-contracts/src/std/iter.rs" 44 14 44 42 + let%span siter10 = "../../../creusot-contracts/src/std/iter.rs" 42 14 42 45 + let%span siter11 = "../../../creusot-contracts/src/std/iter.rs" 46 15 46 32 + let%span siter12 = "../../../creusot-contracts/src/std/iter.rs" 47 15 47 32 + let%span siter13 = "../../../creusot-contracts/src/std/iter.rs" 48 14 48 42 use seq.Seq @@ -6475,16 +6814,16 @@ module M_creusot_contracts__stdqy35z1__iter__map_inv__qyi9026772487048432788__pr use seq.Seq - predicate produces'1 [#"../../../creusot-contracts/src/std/iter.rs" 32 4 32 65] (self : t_I'0) (visited : Seq.seq t_Item'0) (o : t_I'0) + predicate produces'1 [#"../../../creusot-contracts/src/std/iter.rs" 36 4 36 65] (self : t_I'0) (visited : Seq.seq t_Item'0) (o : t_I'0) - function produces_trans'0 [#"../../../creusot-contracts/src/std/iter.rs" 45 4 45 91] (a : t_I'0) (ab : Seq.seq t_Item'0) (b : t_I'0) (bc : Seq.seq t_Item'0) (c : t_I'0) : () + function produces_trans'0 [#"../../../creusot-contracts/src/std/iter.rs" 49 4 49 91] (a : t_I'0) (ab : Seq.seq t_Item'0) (b : t_I'0) (bc : Seq.seq t_Item'0) (c : t_I'0) : () axiom produces_trans'0_spec : forall a : t_I'0, ab : Seq.seq t_Item'0, b : t_I'0, bc : Seq.seq t_Item'0, c : t_I'0 . ([%#siter11] produces'1 a ab b) -> ([%#siter12] produces'1 b bc c) -> ([%#siter13] produces'1 a (Seq.(++) ab bc) c) - function produces_refl'1 [#"../../../creusot-contracts/src/std/iter.rs" 39 4 39 27] (self : t_I'0) : () + function produces_refl'1 [#"../../../creusot-contracts/src/std/iter.rs" 43 4 43 27] (self : t_I'0) : () axiom produces_refl'1_spec : forall self : t_I'0 . [%#siter10] produces'1 self (Seq.empty : Seq.seq t_Item'0) self @@ -6546,10 +6885,10 @@ module M_creusot_contracts__stdqy35z1__iter__map_inv__qyi9026772487048432788__pr let%span sops9 = "../../../creusot-contracts/src/std/ops.rs" 121 15 121 26 let%span sops10 = "../../../creusot-contracts/src/std/ops.rs" 122 14 122 28 let%span sops11 = "../../../creusot-contracts/src/std/ops.rs" 127 14 128 105 - let%span siter12 = "../../../creusot-contracts/src/std/iter.rs" 38 14 38 45 - let%span siter13 = "../../../creusot-contracts/src/std/iter.rs" 42 15 42 32 - let%span siter14 = "../../../creusot-contracts/src/std/iter.rs" 43 15 43 32 - let%span siter15 = "../../../creusot-contracts/src/std/iter.rs" 44 14 44 42 + let%span siter12 = "../../../creusot-contracts/src/std/iter.rs" 42 14 42 45 + let%span siter13 = "../../../creusot-contracts/src/std/iter.rs" 46 15 46 32 + let%span siter14 = "../../../creusot-contracts/src/std/iter.rs" 47 15 47 32 + let%span siter15 = "../../../creusot-contracts/src/std/iter.rs" 48 14 48 42 type t_I'0 @@ -6614,16 +6953,16 @@ module M_creusot_contracts__stdqy35z1__iter__map_inv__qyi9026772487048432788__pr use seq.Seq - predicate produces'1 [#"../../../creusot-contracts/src/std/iter.rs" 32 4 32 65] (self : t_I'0) (visited : Seq.seq t_Item'0) (o : t_I'0) + predicate produces'1 [#"../../../creusot-contracts/src/std/iter.rs" 36 4 36 65] (self : t_I'0) (visited : Seq.seq t_Item'0) (o : t_I'0) - function produces_trans'1 [#"../../../creusot-contracts/src/std/iter.rs" 45 4 45 91] (a : t_I'0) (ab : Seq.seq t_Item'0) (b : t_I'0) (bc : Seq.seq t_Item'0) (c : t_I'0) : () + function produces_trans'1 [#"../../../creusot-contracts/src/std/iter.rs" 49 4 49 91] (a : t_I'0) (ab : Seq.seq t_Item'0) (b : t_I'0) (bc : Seq.seq t_Item'0) (c : t_I'0) : () axiom produces_trans'1_spec : forall a : t_I'0, ab : Seq.seq t_Item'0, b : t_I'0, bc : Seq.seq t_Item'0, c : t_I'0 . ([%#siter13] produces'1 a ab b) -> ([%#siter14] produces'1 b bc c) -> ([%#siter15] produces'1 a (Seq.(++) ab bc) c) - function produces_refl'0 [#"../../../creusot-contracts/src/std/iter.rs" 39 4 39 27] (self : t_I'0) : () + function produces_refl'0 [#"../../../creusot-contracts/src/std/iter.rs" 43 4 43 27] (self : t_I'0) : () axiom produces_refl'0_spec : forall self : t_I'0 . [%#siter12] produces'1 self (Seq.empty : Seq.seq t_Item'0) self @@ -6739,7 +7078,7 @@ module M_creusot_contracts__stdqy35z1__iter__map_inv__qyi4413682431414748756__ne let%span smap_inv6 = "../../../creusot-contracts/src/std/iter/map_inv.rs" 90 17 90 21 let%span smap_inv7 = "../../../creusot-contracts/src/std/iter/map_inv.rs" 90 26 90 44 let%span smap_inv8 = "../../../creusot-contracts/src/std/iter/map_inv.rs" 86 14 89 5 - let%span siter9 = "../../../creusot-contracts/src/std/iter.rs" 103 26 106 17 + let%span siter9 = "../../../creusot-contracts/src/std/iter.rs" 138 26 141 17 let%span sops10 = "../../../creusot-contracts/src/std/ops.rs" 162 27 162 52 let%span sops11 = "../../../creusot-contracts/src/std/ops.rs" 163 26 163 71 let%span smap_inv12 = "../../../creusot-contracts/src/std/iter/map_inv.rs" 163 15 163 31 @@ -6763,10 +7102,10 @@ module M_creusot_contracts__stdqy35z1__iter__map_inv__qyi4413682431414748756__ne let%span smap_inv30 = "../../../creusot-contracts/src/std/iter/map_inv.rs" 29 15 29 32 let%span smap_inv31 = "../../../creusot-contracts/src/std/iter/map_inv.rs" 30 14 30 42 let%span smap_inv32 = "../../../creusot-contracts/src/std/iter/map_inv.rs" 26 4 26 10 - let%span siter33 = "../../../creusot-contracts/src/std/iter.rs" 38 14 38 45 - let%span siter34 = "../../../creusot-contracts/src/std/iter.rs" 42 15 42 32 - let%span siter35 = "../../../creusot-contracts/src/std/iter.rs" 43 15 43 32 - let%span siter36 = "../../../creusot-contracts/src/std/iter.rs" 44 14 44 42 + let%span siter33 = "../../../creusot-contracts/src/std/iter.rs" 42 14 42 45 + let%span siter34 = "../../../creusot-contracts/src/std/iter.rs" 46 15 46 32 + let%span siter35 = "../../../creusot-contracts/src/std/iter.rs" 47 15 47 32 + let%span siter36 = "../../../creusot-contracts/src/std/iter.rs" 48 14 48 42 let%span sops37 = "../../../creusot-contracts/src/std/ops.rs" 109 15 109 59 let%span sops38 = "../../../creusot-contracts/src/std/ops.rs" 110 14 110 36 let%span sops39 = "../../../creusot-contracts/src/std/ops.rs" 115 14 115 31 @@ -6822,20 +7161,20 @@ module M_creusot_contracts__stdqy35z1__iter__map_inv__qyi4413682431414748756__ne use seq.Seq - predicate produces'0 [#"../../../creusot-contracts/src/std/iter.rs" 32 4 32 65] (self : t_I'0) (visited : Seq.seq t_Item'0) (o : t_I'0) + predicate produces'0 [#"../../../creusot-contracts/src/std/iter.rs" 36 4 36 65] (self : t_I'0) (visited : Seq.seq t_Item'0) (o : t_I'0) - function produces_trans'1 [#"../../../creusot-contracts/src/std/iter.rs" 45 4 45 91] (a : t_I'0) (ab : Seq.seq t_Item'0) (b : t_I'0) (bc : Seq.seq t_Item'0) (c : t_I'0) : () + function produces_trans'1 [#"../../../creusot-contracts/src/std/iter.rs" 49 4 49 91] (a : t_I'0) (ab : Seq.seq t_Item'0) (b : t_I'0) (bc : Seq.seq t_Item'0) (c : t_I'0) : () axiom produces_trans'1_spec : forall a : t_I'0, ab : Seq.seq t_Item'0, b : t_I'0, bc : Seq.seq t_Item'0, c : t_I'0 . ([%#siter34] produces'0 a ab b) -> ([%#siter35] produces'0 b bc c) -> ([%#siter36] produces'0 a (Seq.(++) ab bc) c) - function produces_refl'1 [#"../../../creusot-contracts/src/std/iter.rs" 39 4 39 27] (self : t_I'0) : () + function produces_refl'1 [#"../../../creusot-contracts/src/std/iter.rs" 43 4 43 27] (self : t_I'0) : () axiom produces_refl'1_spec : forall self : t_I'0 . [%#siter33] produces'0 self (Seq.empty : Seq.seq t_Item'0) self - predicate completed'1 [#"../../../creusot-contracts/src/std/iter.rs" 35 4 35 36] (self : borrowed t_I'0) + predicate completed'1 [#"../../../creusot-contracts/src/std/iter.rs" 39 4 39 36] (self : borrowed t_I'0) use seq.Seq @@ -7197,10 +7536,10 @@ module M_creusot_contracts__stdqy35z1__iter__map_inv__qyi4899712594723907874__pr let%span sops7 = "../../../creusot-contracts/src/std/ops.rs" 121 15 121 26 let%span sops8 = "../../../creusot-contracts/src/std/ops.rs" 122 14 122 28 let%span sops9 = "../../../creusot-contracts/src/std/ops.rs" 127 14 128 105 - let%span siter10 = "../../../creusot-contracts/src/std/iter.rs" 38 14 38 45 - let%span siter11 = "../../../creusot-contracts/src/std/iter.rs" 42 15 42 32 - let%span siter12 = "../../../creusot-contracts/src/std/iter.rs" 43 15 43 32 - let%span siter13 = "../../../creusot-contracts/src/std/iter.rs" 44 14 44 42 + let%span siter10 = "../../../creusot-contracts/src/std/iter.rs" 42 14 42 45 + let%span siter11 = "../../../creusot-contracts/src/std/iter.rs" 46 15 46 32 + let%span siter12 = "../../../creusot-contracts/src/std/iter.rs" 47 15 47 32 + let%span siter13 = "../../../creusot-contracts/src/std/iter.rs" 48 14 48 42 use seq.Seq @@ -7254,16 +7593,16 @@ module M_creusot_contracts__stdqy35z1__iter__map_inv__qyi4899712594723907874__pr use seq.Seq - predicate produces'0 [#"../../../creusot-contracts/src/std/iter.rs" 32 4 32 65] (self : t_I'0) (visited : Seq.seq t_Item'0) (o : t_I'0) + predicate produces'0 [#"../../../creusot-contracts/src/std/iter.rs" 36 4 36 65] (self : t_I'0) (visited : Seq.seq t_Item'0) (o : t_I'0) - function produces_trans'0 [#"../../../creusot-contracts/src/std/iter.rs" 45 4 45 91] (a : t_I'0) (ab : Seq.seq t_Item'0) (b : t_I'0) (bc : Seq.seq t_Item'0) (c : t_I'0) : () + function produces_trans'0 [#"../../../creusot-contracts/src/std/iter.rs" 49 4 49 91] (a : t_I'0) (ab : Seq.seq t_Item'0) (b : t_I'0) (bc : Seq.seq t_Item'0) (c : t_I'0) : () axiom produces_trans'0_spec : forall a : t_I'0, ab : Seq.seq t_Item'0, b : t_I'0, bc : Seq.seq t_Item'0, c : t_I'0 . ([%#siter11] produces'0 a ab b) -> ([%#siter12] produces'0 b bc c) -> ([%#siter13] produces'0 a (Seq.(++) ab bc) c) - function produces_refl'0 [#"../../../creusot-contracts/src/std/iter.rs" 39 4 39 27] (self : t_I'0) : () + function produces_refl'0 [#"../../../creusot-contracts/src/std/iter.rs" 43 4 43 27] (self : t_I'0) : () axiom produces_refl'0_spec : forall self : t_I'0 . [%#siter10] produces'0 self (Seq.empty : Seq.seq t_Item'0) self @@ -7308,10 +7647,10 @@ module M_creusot_contracts__stdqy35z1__iter__map_inv__qyi4899712594723907874__pr let%span smap_inv6 = "../../../creusot-contracts/src/std/iter/map_inv.rs" 29 15 29 32 let%span smap_inv7 = "../../../creusot-contracts/src/std/iter/map_inv.rs" 30 14 30 42 let%span smap_inv8 = "../../../creusot-contracts/src/std/iter/map_inv.rs" 26 4 26 10 - let%span siter9 = "../../../creusot-contracts/src/std/iter.rs" 38 14 38 45 - let%span siter10 = "../../../creusot-contracts/src/std/iter.rs" 42 15 42 32 - let%span siter11 = "../../../creusot-contracts/src/std/iter.rs" 43 15 43 32 - let%span siter12 = "../../../creusot-contracts/src/std/iter.rs" 44 14 44 42 + let%span siter9 = "../../../creusot-contracts/src/std/iter.rs" 42 14 42 45 + let%span siter10 = "../../../creusot-contracts/src/std/iter.rs" 46 15 46 32 + let%span siter11 = "../../../creusot-contracts/src/std/iter.rs" 47 15 47 32 + let%span siter12 = "../../../creusot-contracts/src/std/iter.rs" 48 14 48 42 let%span sops13 = "../../../creusot-contracts/src/std/ops.rs" 109 15 109 59 let%span sops14 = "../../../creusot-contracts/src/std/ops.rs" 110 14 110 36 let%span sops15 = "../../../creusot-contracts/src/std/ops.rs" 115 14 115 31 @@ -7389,16 +7728,16 @@ module M_creusot_contracts__stdqy35z1__iter__map_inv__qyi4899712594723907874__pr use seq.Seq - predicate produces'1 [#"../../../creusot-contracts/src/std/iter.rs" 32 4 32 65] (self : t_I'0) (visited : Seq.seq t_Item'0) (o : t_I'0) + predicate produces'1 [#"../../../creusot-contracts/src/std/iter.rs" 36 4 36 65] (self : t_I'0) (visited : Seq.seq t_Item'0) (o : t_I'0) - function produces_trans'1 [#"../../../creusot-contracts/src/std/iter.rs" 45 4 45 91] (a : t_I'0) (ab : Seq.seq t_Item'0) (b : t_I'0) (bc : Seq.seq t_Item'0) (c : t_I'0) : () + function produces_trans'1 [#"../../../creusot-contracts/src/std/iter.rs" 49 4 49 91] (a : t_I'0) (ab : Seq.seq t_Item'0) (b : t_I'0) (bc : Seq.seq t_Item'0) (c : t_I'0) : () axiom produces_trans'1_spec : forall a : t_I'0, ab : Seq.seq t_Item'0, b : t_I'0, bc : Seq.seq t_Item'0, c : t_I'0 . ([%#siter10] produces'1 a ab b) -> ([%#siter11] produces'1 b bc c) -> ([%#siter12] produces'1 a (Seq.(++) ab bc) c) - function produces_refl'1 [#"../../../creusot-contracts/src/std/iter.rs" 39 4 39 27] (self : t_I'0) : () + function produces_refl'1 [#"../../../creusot-contracts/src/std/iter.rs" 43 4 43 27] (self : t_I'0) : () axiom produces_refl'1_spec : forall self : t_I'0 . [%#siter9] produces'1 self (Seq.empty : Seq.seq t_Item'0) self @@ -7658,108 +7997,196 @@ module M_creusot_contracts__stdqy35z1__iter__range__qyi16860283617022118777__pro goal vc_produces_trans'0 : ([%#srange1] produces'0 b bc c) -> ([%#srange0] produces'0 a ab b) -> ([%#srange2] produces'0 a (Seq.(++) ab bc) c) end -module M_creusot_contracts__stdqy35z1__iter__range__range_inclusive_len [#"../../../creusot-contracts/src/std/iter/range.rs" 46 0 46 92] - let%span srange0 = "../../../creusot-contracts/src/std/iter/range.rs" 45 10 45 43 - let%span sops1 = "../../../creusot-contracts/src/std/ops.rs" 205 14 205 86 - let%span srange2 = "../../../creusot-contracts/src/std/iter/range.rs" 47 4 50 5 +module M_creusot_contracts__stdqy35z1__iter__range__qyi16137414346896623968__produces_back_refl [#"../../../creusot-contracts/src/std/iter/range.rs" 59 4 59 31] (* as std::iter::DoubleEndedIterator> *) + let%span srange0 = "../../../creusot-contracts/src/std/iter/range.rs" 58 14 58 50 + let%span srange1 = "../../../creusot-contracts/src/std/iter/range.rs" 56 4 56 10 + let%span srange2 = "../../../creusot-contracts/src/std/iter/range.rs" 48 12 52 68 + + use seq.Seq type t_Idx'0 - type t_RangeInclusive'0 = - { t_RangeInclusive__start'0: t_Idx'0; t_RangeInclusive__end'0: t_Idx'0; t_RangeInclusive__exhausted'0: bool } + use seq.Seq - function start_log'0 [#"../../../creusot-contracts/src/std/ops.rs" 193 4 193 29] (self : t_RangeInclusive'0) : t_Idx'0 + type t_Range'0 = + { t_Range__start'0: t_Idx'0; t_Range__end'0: t_Idx'0 } use prelude.prelude.Int function deep_model'0 [#"../../../creusot-contracts/src/model.rs" 29 4 29 45] (self : t_Idx'0) : int - function end_log'0 [#"../../../creusot-contracts/src/std/ops.rs" 199 4 199 27] (self : t_RangeInclusive'0) : t_Idx'0 + use seq.Seq - function is_empty_log'0 [#"../../../creusot-contracts/src/std/ops.rs" 206 4 209 35] (self : t_RangeInclusive'0) : bool + use seq.Seq - axiom is_empty_log'0_spec : forall self : t_RangeInclusive'0 . [%#sops1] not is_empty_log'0 self - -> deep_model'0 (start_log'0 self) <= deep_model'0 (end_log'0 self) + predicate produces_back'0 [#"../../../creusot-contracts/src/std/iter/range.rs" 46 4 46 69] (self : t_Range'0) (visited : Seq.seq t_Idx'0) (o : t_Range'0) + + = + [%#srange2] self.t_Range__start'0 = o.t_Range__start'0 + /\ deep_model'0 self.t_Range__end'0 >= deep_model'0 o.t_Range__end'0 + /\ (Seq.length visited > 0 -> deep_model'0 o.t_Range__end'0 >= deep_model'0 o.t_Range__start'0) + /\ Seq.length visited = deep_model'0 o.t_Range__end'0 - deep_model'0 self.t_Range__end'0 + /\ (forall i : int . 0 <= i /\ i < Seq.length visited + -> deep_model'0 (Seq.get visited i) = deep_model'0 self.t_Range__end'0 - i) - constant r : t_RangeInclusive'0 + constant self : t_Range'0 - function range_inclusive_len'0 [#"../../../creusot-contracts/src/std/iter/range.rs" 46 0 46 92] (r : t_RangeInclusive'0) : int - + function produces_back_refl'0 [#"../../../creusot-contracts/src/std/iter/range.rs" 59 4 59 31] (self : t_Range'0) : () - goal vc_range_inclusive_len'0 : ([%#sops1] not is_empty_log'0 r - -> deep_model'0 (start_log'0 r) <= deep_model'0 (end_log'0 r)) - -> (if is_empty_log'0 r then - [%#srange0] is_empty_log'0 r = (0 = 0) - else - [%#srange0] is_empty_log'0 r = (deep_model'0 (end_log'0 r) - deep_model'0 (start_log'0 r) + 1 = 0) - ) + goal vc_produces_back_refl'0 : [%#srange0] produces_back'0 self (Seq.empty : Seq.seq t_Idx'0) self end -module M_creusot_contracts__stdqy35z1__iter__range__qyi11108913944999844411__produces_refl [#"../../../creusot-contracts/src/std/iter/range.rs" 77 4 77 26] (* as std::iter::Iterator> *) - let%span srange0 = "../../../creusot-contracts/src/std/iter/range.rs" 76 14 76 45 - let%span srange1 = "../../../creusot-contracts/src/std/iter/range.rs" 74 4 74 10 - let%span srange2 = "../../../creusot-contracts/src/std/iter/range.rs" 66 12 70 76 - let%span srange3 = "../../../creusot-contracts/src/std/iter/range.rs" 45 10 45 43 - let%span srange4 = "../../../creusot-contracts/src/std/iter/range.rs" 47 4 50 5 - let%span sops5 = "../../../creusot-contracts/src/std/ops.rs" 205 14 205 86 - - use seq.Seq +module M_creusot_contracts__stdqy35z1__iter__range__qyi16137414346896623968__produces_back_trans [#"../../../creusot-contracts/src/std/iter/range.rs" 66 4 66 95] (* as std::iter::DoubleEndedIterator> *) + let%span srange0 = "../../../creusot-contracts/src/std/iter/range.rs" 63 15 63 37 + let%span srange1 = "../../../creusot-contracts/src/std/iter/range.rs" 64 15 64 37 + let%span srange2 = "../../../creusot-contracts/src/std/iter/range.rs" 65 14 65 47 + let%span srange3 = "../../../creusot-contracts/src/std/iter/range.rs" 61 4 61 10 + let%span srange4 = "../../../creusot-contracts/src/std/iter/range.rs" 48 12 52 68 type t_Idx'0 - use seq.Seq - - type t_RangeInclusive'0 = - { t_RangeInclusive__start'0: t_Idx'0; t_RangeInclusive__end'0: t_Idx'0; t_RangeInclusive__exhausted'0: bool } + type t_Range'0 = + { t_Range__start'0: t_Idx'0; t_Range__end'0: t_Idx'0 } use seq.Seq - function start_log'0 [#"../../../creusot-contracts/src/std/ops.rs" 193 4 193 29] (self : t_RangeInclusive'0) : t_Idx'0 - use prelude.prelude.Int function deep_model'0 [#"../../../creusot-contracts/src/model.rs" 29 4 29 45] (self : t_Idx'0) : int - function end_log'0 [#"../../../creusot-contracts/src/std/ops.rs" 199 4 199 27] (self : t_RangeInclusive'0) : t_Idx'0 - - function is_empty_log'0 [#"../../../creusot-contracts/src/std/ops.rs" 206 4 209 35] (self : t_RangeInclusive'0) : bool - - axiom is_empty_log'0_spec : forall self : t_RangeInclusive'0 . [%#sops5] not is_empty_log'0 self - -> deep_model'0 (start_log'0 self) <= deep_model'0 (end_log'0 self) - - function range_inclusive_len'0 [#"../../../creusot-contracts/src/std/iter/range.rs" 46 0 46 92] (r : t_RangeInclusive'0) : int - - = - [%#srange4] if is_empty_log'0 r then 0 else deep_model'0 (end_log'0 r) - deep_model'0 (start_log'0 r) + 1 - - axiom range_inclusive_len'0_spec : forall r : t_RangeInclusive'0 . [%#srange3] is_empty_log'0 r - = (range_inclusive_len'0 r = 0) + use seq.Seq use seq.Seq - predicate produces'0 [#"../../../creusot-contracts/src/std/iter/range.rs" 64 4 64 64] (self : t_RangeInclusive'0) (visited : Seq.seq t_Idx'0) (o : t_RangeInclusive'0) + predicate produces_back'0 [#"../../../creusot-contracts/src/std/iter/range.rs" 46 4 46 69] (self : t_Range'0) (visited : Seq.seq t_Idx'0) (o : t_Range'0) = - [%#srange2] Seq.length visited = range_inclusive_len'0 self - range_inclusive_len'0 o - /\ (is_empty_log'0 self -> is_empty_log'0 o) - /\ (is_empty_log'0 o \/ end_log'0 self = end_log'0 o) + [%#srange4] self.t_Range__start'0 = o.t_Range__start'0 + /\ deep_model'0 self.t_Range__end'0 >= deep_model'0 o.t_Range__end'0 + /\ (Seq.length visited > 0 -> deep_model'0 o.t_Range__end'0 >= deep_model'0 o.t_Range__start'0) + /\ Seq.length visited = deep_model'0 o.t_Range__end'0 - deep_model'0 self.t_Range__end'0 /\ (forall i : int . 0 <= i /\ i < Seq.length visited - -> deep_model'0 (Seq.get visited i) = deep_model'0 (start_log'0 self) + i) + -> deep_model'0 (Seq.get visited i) = deep_model'0 self.t_Range__end'0 - i) - constant self : t_RangeInclusive'0 + use seq.Seq - function produces_refl'0 [#"../../../creusot-contracts/src/std/iter/range.rs" 77 4 77 26] (self : t_RangeInclusive'0) : () + constant a : t_Range'0 + + constant ab : Seq.seq t_Idx'0 + + constant b : t_Range'0 + + constant bc : Seq.seq t_Idx'0 + + constant c : t_Range'0 + + function produces_back_trans'0 [#"../../../creusot-contracts/src/std/iter/range.rs" 66 4 66 95] (a : t_Range'0) (ab : Seq.seq t_Idx'0) (b : t_Range'0) (bc : Seq.seq t_Idx'0) (c : t_Range'0) : () + + + goal vc_produces_back_trans'0 : ([%#srange1] produces_back'0 b bc c) + -> ([%#srange0] produces_back'0 a ab b) -> ([%#srange2] produces_back'0 a (Seq.(++) ab bc) c) +end +module M_creusot_contracts__stdqy35z1__iter__range__range_inclusive_len [#"../../../creusot-contracts/src/std/iter/range.rs" 72 0 72 92] + let%span srange0 = "../../../creusot-contracts/src/std/iter/range.rs" 71 10 71 43 + let%span sops1 = "../../../creusot-contracts/src/std/ops.rs" 205 14 205 86 + let%span srange2 = "../../../creusot-contracts/src/std/iter/range.rs" 73 4 76 5 + + type t_Idx'0 + + type t_RangeInclusive'0 = + { t_RangeInclusive__start'0: t_Idx'0; t_RangeInclusive__end'0: t_Idx'0; t_RangeInclusive__exhausted'0: bool } + + function start_log'0 [#"../../../creusot-contracts/src/std/ops.rs" 193 4 193 29] (self : t_RangeInclusive'0) : t_Idx'0 + + use prelude.prelude.Int + + function deep_model'0 [#"../../../creusot-contracts/src/model.rs" 29 4 29 45] (self : t_Idx'0) : int + + function end_log'0 [#"../../../creusot-contracts/src/std/ops.rs" 199 4 199 27] (self : t_RangeInclusive'0) : t_Idx'0 + + function is_empty_log'0 [#"../../../creusot-contracts/src/std/ops.rs" 206 4 209 35] (self : t_RangeInclusive'0) : bool + + axiom is_empty_log'0_spec : forall self : t_RangeInclusive'0 . [%#sops1] not is_empty_log'0 self + -> deep_model'0 (start_log'0 self) <= deep_model'0 (end_log'0 self) + + constant r : t_RangeInclusive'0 + + function range_inclusive_len'0 [#"../../../creusot-contracts/src/std/iter/range.rs" 72 0 72 92] (r : t_RangeInclusive'0) : int + + + goal vc_range_inclusive_len'0 : ([%#sops1] not is_empty_log'0 r + -> deep_model'0 (start_log'0 r) <= deep_model'0 (end_log'0 r)) + -> (if is_empty_log'0 r then + [%#srange0] is_empty_log'0 r = (0 = 0) + else + [%#srange0] is_empty_log'0 r = (deep_model'0 (end_log'0 r) - deep_model'0 (start_log'0 r) + 1 = 0) + ) +end +module M_creusot_contracts__stdqy35z1__iter__range__qyi11108913944999844411__produces_refl [#"../../../creusot-contracts/src/std/iter/range.rs" 103 4 103 26] (* as std::iter::Iterator> *) + let%span srange0 = "../../../creusot-contracts/src/std/iter/range.rs" 102 14 102 45 + let%span srange1 = "../../../creusot-contracts/src/std/iter/range.rs" 100 4 100 10 + let%span srange2 = "../../../creusot-contracts/src/std/iter/range.rs" 92 12 96 76 + let%span srange3 = "../../../creusot-contracts/src/std/iter/range.rs" 71 10 71 43 + let%span srange4 = "../../../creusot-contracts/src/std/iter/range.rs" 73 4 76 5 + let%span sops5 = "../../../creusot-contracts/src/std/ops.rs" 205 14 205 86 + + use seq.Seq + + type t_Idx'0 + + use seq.Seq + + type t_RangeInclusive'0 = + { t_RangeInclusive__start'0: t_Idx'0; t_RangeInclusive__end'0: t_Idx'0; t_RangeInclusive__exhausted'0: bool } + + use seq.Seq + + function start_log'0 [#"../../../creusot-contracts/src/std/ops.rs" 193 4 193 29] (self : t_RangeInclusive'0) : t_Idx'0 + + use prelude.prelude.Int + + function deep_model'0 [#"../../../creusot-contracts/src/model.rs" 29 4 29 45] (self : t_Idx'0) : int + + function end_log'0 [#"../../../creusot-contracts/src/std/ops.rs" 199 4 199 27] (self : t_RangeInclusive'0) : t_Idx'0 + + function is_empty_log'0 [#"../../../creusot-contracts/src/std/ops.rs" 206 4 209 35] (self : t_RangeInclusive'0) : bool + + axiom is_empty_log'0_spec : forall self : t_RangeInclusive'0 . [%#sops5] not is_empty_log'0 self + -> deep_model'0 (start_log'0 self) <= deep_model'0 (end_log'0 self) + + function range_inclusive_len'0 [#"../../../creusot-contracts/src/std/iter/range.rs" 72 0 72 92] (r : t_RangeInclusive'0) : int + + = + [%#srange4] if is_empty_log'0 r then 0 else deep_model'0 (end_log'0 r) - deep_model'0 (start_log'0 r) + 1 + + axiom range_inclusive_len'0_spec : forall r : t_RangeInclusive'0 . [%#srange3] is_empty_log'0 r + = (range_inclusive_len'0 r = 0) + + use seq.Seq + + predicate produces'0 [#"../../../creusot-contracts/src/std/iter/range.rs" 90 4 90 64] (self : t_RangeInclusive'0) (visited : Seq.seq t_Idx'0) (o : t_RangeInclusive'0) + + = + [%#srange2] Seq.length visited = range_inclusive_len'0 self - range_inclusive_len'0 o + /\ (is_empty_log'0 self -> is_empty_log'0 o) + /\ (is_empty_log'0 o \/ end_log'0 self = end_log'0 o) + /\ (forall i : int . 0 <= i /\ i < Seq.length visited + -> deep_model'0 (Seq.get visited i) = deep_model'0 (start_log'0 self) + i) + + constant self : t_RangeInclusive'0 + + function produces_refl'0 [#"../../../creusot-contracts/src/std/iter/range.rs" 103 4 103 26] (self : t_RangeInclusive'0) : () goal vc_produces_refl'0 : [%#srange0] produces'0 self (Seq.empty : Seq.seq t_Idx'0) self end -module M_creusot_contracts__stdqy35z1__iter__range__qyi11108913944999844411__produces_trans [#"../../../creusot-contracts/src/std/iter/range.rs" 84 4 84 90] (* as std::iter::Iterator> *) - let%span srange0 = "../../../creusot-contracts/src/std/iter/range.rs" 81 15 81 32 - let%span srange1 = "../../../creusot-contracts/src/std/iter/range.rs" 82 15 82 32 - let%span srange2 = "../../../creusot-contracts/src/std/iter/range.rs" 83 14 83 42 - let%span srange3 = "../../../creusot-contracts/src/std/iter/range.rs" 79 4 79 10 - let%span srange4 = "../../../creusot-contracts/src/std/iter/range.rs" 66 12 70 76 - let%span srange5 = "../../../creusot-contracts/src/std/iter/range.rs" 45 10 45 43 - let%span srange6 = "../../../creusot-contracts/src/std/iter/range.rs" 47 4 50 5 +module M_creusot_contracts__stdqy35z1__iter__range__qyi11108913944999844411__produces_trans [#"../../../creusot-contracts/src/std/iter/range.rs" 110 4 110 90] (* as std::iter::Iterator> *) + let%span srange0 = "../../../creusot-contracts/src/std/iter/range.rs" 107 15 107 32 + let%span srange1 = "../../../creusot-contracts/src/std/iter/range.rs" 108 15 108 32 + let%span srange2 = "../../../creusot-contracts/src/std/iter/range.rs" 109 14 109 42 + let%span srange3 = "../../../creusot-contracts/src/std/iter/range.rs" 105 4 105 10 + let%span srange4 = "../../../creusot-contracts/src/std/iter/range.rs" 92 12 96 76 + let%span srange5 = "../../../creusot-contracts/src/std/iter/range.rs" 71 10 71 43 + let%span srange6 = "../../../creusot-contracts/src/std/iter/range.rs" 73 4 76 5 let%span sops7 = "../../../creusot-contracts/src/std/ops.rs" 205 14 205 86 type t_Idx'0 @@ -7784,7 +8211,7 @@ module M_creusot_contracts__stdqy35z1__iter__range__qyi11108913944999844411__pro axiom is_empty_log'0_spec : forall self : t_RangeInclusive'0 . [%#sops7] not is_empty_log'0 self -> deep_model'0 (start_log'0 self) <= deep_model'0 (end_log'0 self) - function range_inclusive_len'0 [#"../../../creusot-contracts/src/std/iter/range.rs" 46 0 46 92] (r : t_RangeInclusive'0) : int + function range_inclusive_len'0 [#"../../../creusot-contracts/src/std/iter/range.rs" 72 0 72 92] (r : t_RangeInclusive'0) : int = [%#srange6] if is_empty_log'0 r then 0 else deep_model'0 (end_log'0 r) - deep_model'0 (start_log'0 r) + 1 @@ -7794,7 +8221,7 @@ module M_creusot_contracts__stdqy35z1__iter__range__qyi11108913944999844411__pro use seq.Seq - predicate produces'0 [#"../../../creusot-contracts/src/std/iter/range.rs" 64 4 64 64] (self : t_RangeInclusive'0) (visited : Seq.seq t_Idx'0) (o : t_RangeInclusive'0) + predicate produces'0 [#"../../../creusot-contracts/src/std/iter/range.rs" 90 4 90 64] (self : t_RangeInclusive'0) (visited : Seq.seq t_Idx'0) (o : t_RangeInclusive'0) = [%#srange4] Seq.length visited = range_inclusive_len'0 self - range_inclusive_len'0 o @@ -7815,12 +8242,139 @@ module M_creusot_contracts__stdqy35z1__iter__range__qyi11108913944999844411__pro constant c : t_RangeInclusive'0 - function produces_trans'0 [#"../../../creusot-contracts/src/std/iter/range.rs" 84 4 84 90] (a : t_RangeInclusive'0) (ab : Seq.seq t_Idx'0) (b : t_RangeInclusive'0) (bc : Seq.seq t_Idx'0) (c : t_RangeInclusive'0) : () + function produces_trans'0 [#"../../../creusot-contracts/src/std/iter/range.rs" 110 4 110 90] (a : t_RangeInclusive'0) (ab : Seq.seq t_Idx'0) (b : t_RangeInclusive'0) (bc : Seq.seq t_Idx'0) (c : t_RangeInclusive'0) : () goal vc_produces_trans'0 : ([%#srange1] produces'0 b bc c) -> ([%#srange0] produces'0 a ab b) -> ([%#srange2] produces'0 a (Seq.(++) ab bc) c) end +module M_creusot_contracts__stdqy35z1__iter__range__qyi12106466433038921999__produces_back_refl [#"../../../creusot-contracts/src/std/iter/range.rs" 129 4 129 31] (* as std::iter::DoubleEndedIterator> *) + let%span srange0 = "../../../creusot-contracts/src/std/iter/range.rs" 128 14 128 50 + let%span srange1 = "../../../creusot-contracts/src/std/iter/range.rs" 126 4 126 10 + let%span srange2 = "../../../creusot-contracts/src/std/iter/range.rs" 118 12 122 74 + let%span srange3 = "../../../creusot-contracts/src/std/iter/range.rs" 71 10 71 43 + let%span srange4 = "../../../creusot-contracts/src/std/iter/range.rs" 73 4 76 5 + let%span sops5 = "../../../creusot-contracts/src/std/ops.rs" 205 14 205 86 + + use seq.Seq + + type t_Idx'0 + + use seq.Seq + + type t_RangeInclusive'0 = + { t_RangeInclusive__start'0: t_Idx'0; t_RangeInclusive__end'0: t_Idx'0; t_RangeInclusive__exhausted'0: bool } + + use seq.Seq + + function start_log'0 [#"../../../creusot-contracts/src/std/ops.rs" 193 4 193 29] (self : t_RangeInclusive'0) : t_Idx'0 + + use prelude.prelude.Int + + function deep_model'0 [#"../../../creusot-contracts/src/model.rs" 29 4 29 45] (self : t_Idx'0) : int + + function end_log'0 [#"../../../creusot-contracts/src/std/ops.rs" 199 4 199 27] (self : t_RangeInclusive'0) : t_Idx'0 + + function is_empty_log'0 [#"../../../creusot-contracts/src/std/ops.rs" 206 4 209 35] (self : t_RangeInclusive'0) : bool + + axiom is_empty_log'0_spec : forall self : t_RangeInclusive'0 . [%#sops5] not is_empty_log'0 self + -> deep_model'0 (start_log'0 self) <= deep_model'0 (end_log'0 self) + + function range_inclusive_len'0 [#"../../../creusot-contracts/src/std/iter/range.rs" 72 0 72 92] (r : t_RangeInclusive'0) : int + + = + [%#srange4] if is_empty_log'0 r then 0 else deep_model'0 (end_log'0 r) - deep_model'0 (start_log'0 r) + 1 + + axiom range_inclusive_len'0_spec : forall r : t_RangeInclusive'0 . [%#srange3] is_empty_log'0 r + = (range_inclusive_len'0 r = 0) + + use seq.Seq + + predicate produces_back'0 [#"../../../creusot-contracts/src/std/iter/range.rs" 116 4 116 69] (self : t_RangeInclusive'0) (visited : Seq.seq t_Idx'0) (o : t_RangeInclusive'0) + + = + [%#srange2] Seq.length visited = range_inclusive_len'0 self - range_inclusive_len'0 o + /\ (is_empty_log'0 self -> is_empty_log'0 o) + /\ (is_empty_log'0 o \/ start_log'0 self = start_log'0 o) + /\ (forall i : int . 0 <= i /\ i < Seq.length visited + -> deep_model'0 (Seq.get visited i) = deep_model'0 (end_log'0 self) - i) + + constant self : t_RangeInclusive'0 + + function produces_back_refl'0 [#"../../../creusot-contracts/src/std/iter/range.rs" 129 4 129 31] (self : t_RangeInclusive'0) : () + + + goal vc_produces_back_refl'0 : [%#srange0] produces_back'0 self (Seq.empty : Seq.seq t_Idx'0) self +end +module M_creusot_contracts__stdqy35z1__iter__range__qyi12106466433038921999__produces_back_trans [#"../../../creusot-contracts/src/std/iter/range.rs" 136 4 136 95] (* as std::iter::DoubleEndedIterator> *) + let%span srange0 = "../../../creusot-contracts/src/std/iter/range.rs" 133 15 133 37 + let%span srange1 = "../../../creusot-contracts/src/std/iter/range.rs" 134 15 134 37 + let%span srange2 = "../../../creusot-contracts/src/std/iter/range.rs" 135 14 135 47 + let%span srange3 = "../../../creusot-contracts/src/std/iter/range.rs" 131 4 131 10 + let%span srange4 = "../../../creusot-contracts/src/std/iter/range.rs" 118 12 122 74 + let%span srange5 = "../../../creusot-contracts/src/std/iter/range.rs" 71 10 71 43 + let%span srange6 = "../../../creusot-contracts/src/std/iter/range.rs" 73 4 76 5 + let%span sops7 = "../../../creusot-contracts/src/std/ops.rs" 205 14 205 86 + + type t_Idx'0 + + type t_RangeInclusive'0 = + { t_RangeInclusive__start'0: t_Idx'0; t_RangeInclusive__end'0: t_Idx'0; t_RangeInclusive__exhausted'0: bool } + + use seq.Seq + + use seq.Seq + + function start_log'0 [#"../../../creusot-contracts/src/std/ops.rs" 193 4 193 29] (self : t_RangeInclusive'0) : t_Idx'0 + + use prelude.prelude.Int + + function deep_model'0 [#"../../../creusot-contracts/src/model.rs" 29 4 29 45] (self : t_Idx'0) : int + + function end_log'0 [#"../../../creusot-contracts/src/std/ops.rs" 199 4 199 27] (self : t_RangeInclusive'0) : t_Idx'0 + + function is_empty_log'0 [#"../../../creusot-contracts/src/std/ops.rs" 206 4 209 35] (self : t_RangeInclusive'0) : bool + + axiom is_empty_log'0_spec : forall self : t_RangeInclusive'0 . [%#sops7] not is_empty_log'0 self + -> deep_model'0 (start_log'0 self) <= deep_model'0 (end_log'0 self) + + function range_inclusive_len'0 [#"../../../creusot-contracts/src/std/iter/range.rs" 72 0 72 92] (r : t_RangeInclusive'0) : int + + = + [%#srange6] if is_empty_log'0 r then 0 else deep_model'0 (end_log'0 r) - deep_model'0 (start_log'0 r) + 1 + + axiom range_inclusive_len'0_spec : forall r : t_RangeInclusive'0 . [%#srange5] is_empty_log'0 r + = (range_inclusive_len'0 r = 0) + + use seq.Seq + + predicate produces_back'0 [#"../../../creusot-contracts/src/std/iter/range.rs" 116 4 116 69] (self : t_RangeInclusive'0) (visited : Seq.seq t_Idx'0) (o : t_RangeInclusive'0) + + = + [%#srange4] Seq.length visited = range_inclusive_len'0 self - range_inclusive_len'0 o + /\ (is_empty_log'0 self -> is_empty_log'0 o) + /\ (is_empty_log'0 o \/ start_log'0 self = start_log'0 o) + /\ (forall i : int . 0 <= i /\ i < Seq.length visited + -> deep_model'0 (Seq.get visited i) = deep_model'0 (end_log'0 self) - i) + + use seq.Seq + + constant a : t_RangeInclusive'0 + + constant ab : Seq.seq t_Idx'0 + + constant b : t_RangeInclusive'0 + + constant bc : Seq.seq t_Idx'0 + + constant c : t_RangeInclusive'0 + + function produces_back_trans'0 [#"../../../creusot-contracts/src/std/iter/range.rs" 136 4 136 95] (a : t_RangeInclusive'0) (ab : Seq.seq t_Idx'0) (b : t_RangeInclusive'0) (bc : Seq.seq t_Idx'0) (c : t_RangeInclusive'0) : () + + + goal vc_produces_back_trans'0 : ([%#srange1] produces_back'0 b bc c) + -> ([%#srange0] produces_back'0 a ab b) -> ([%#srange2] produces_back'0 a (Seq.(++) ab bc) c) +end module M_creusot_contracts__stdqy35z1__iter__repeat__qyi8658929399712466629__produces_refl [#"../../../creusot-contracts/src/std/iter/repeat.rs" 32 4 32 26] (* as std::iter::Iterator> *) let%span srepeat0 = "../../../creusot-contracts/src/std/iter/repeat.rs" 31 14 31 45 let%span srepeat1 = "../../../creusot-contracts/src/std/iter/repeat.rs" 29 4 29 10 @@ -7899,16 +8453,15 @@ module M_creusot_contracts__stdqy35z1__iter__repeat__qyi8658929399712466629__pro goal vc_produces_trans'0 : ([%#srepeat1] produces'0 b bc c) -> ([%#srepeat0] produces'0 a ab b) -> ([%#srepeat2] produces'0 a (Seq.(++) ab bc) c) end -module M_creusot_contracts__stdqy35z1__iter__skip__qyi3195031491774060502__produces_refl [#"../../../creusot-contracts/src/std/iter/skip.rs" 74 4 74 26] (* as std::iter::Iterator> *) - let%span sskip0 = "../../../creusot-contracts/src/std/iter/skip.rs" 73 14 73 45 - let%span sskip1 = "../../../creusot-contracts/src/std/iter/skip.rs" 71 4 71 10 - let%span sskip2 = "../../../creusot-contracts/src/std/iter/skip.rs" 62 12 67 74 - let%span sskip3 = "../../../creusot-contracts/src/std/iter/skip.rs" 21 14 21 50 - let%span sskip4 = "../../../creusot-contracts/src/std/iter/skip.rs" 14 14 14 39 - let%span siter5 = "../../../creusot-contracts/src/std/iter.rs" 38 14 38 45 - let%span siter6 = "../../../creusot-contracts/src/std/iter.rs" 42 15 42 32 - let%span siter7 = "../../../creusot-contracts/src/std/iter.rs" 43 15 43 32 - let%span siter8 = "../../../creusot-contracts/src/std/iter.rs" 44 14 44 42 +module M_creusot_contracts__stdqy35z1__iter__rev__qyi4378764544541057436__produces_refl [#"../../../creusot-contracts/src/std/iter/rev.rs" 48 4 48 26] (* as std::iter::Iterator> *) + let%span srev0 = "../../../creusot-contracts/src/std/iter/rev.rs" 47 14 47 45 + let%span srev1 = "../../../creusot-contracts/src/std/iter/rev.rs" 45 4 45 10 + let%span srev2 = "../../../creusot-contracts/src/std/iter/rev.rs" 41 12 41 56 + let%span srev3 = "../../../creusot-contracts/src/std/iter/rev.rs" 17 14 17 39 + let%span siter4 = "../../../creusot-contracts/src/std/iter.rs" 106 14 106 50 + let%span siter5 = "../../../creusot-contracts/src/std/iter.rs" 110 15 110 37 + let%span siter6 = "../../../creusot-contracts/src/std/iter.rs" 111 15 111 37 + let%span siter7 = "../../../creusot-contracts/src/std/iter.rs" 112 14 112 47 use seq.Seq @@ -7918,106 +8471,239 @@ module M_creusot_contracts__stdqy35z1__iter__skip__qyi3195031491774060502__produ type t_I'0 - use prelude.prelude.UIntSize - - type t_Skip'0 = - { t_Skip__iter'0: t_I'0; t_Skip__n'0: usize } - - use prelude.prelude.Int - - constant v_MAX'0 : usize = (18446744073709551615 : usize) - - use prelude.prelude.UIntSize - - function n'0 [#"../../../creusot-contracts/src/std/iter/skip.rs" 22 4 22 21] (self : t_Skip'0) : int - - axiom n'0_spec : forall self : t_Skip'0 . [%#sskip3] n'0 self >= 0 /\ n'0 self <= UIntSize.to_int (v_MAX'0 : usize) - - use seq.Seq + type t_Rev'0 = + { t_Rev__iter'0: t_I'0 } predicate inv'1 [#"../../../creusot-contracts/src/invariant.rs" 41 0 41 35] (_1 : t_I'0) - predicate inv'0 [#"../../../creusot-contracts/src/invariant.rs" 41 0 41 35] (_1 : t_Skip'0) + predicate inv'0 [#"../../../creusot-contracts/src/invariant.rs" 41 0 41 35] (_1 : t_Rev'0) - axiom inv_axiom'0 [@rewrite] : forall x : t_Skip'0 [inv'0 x] . inv'0 x + axiom inv_axiom'0 [@rewrite] : forall x : t_Rev'0 [inv'0 x] . inv'0 x = match x with - | {t_Skip__iter'0 = iter ; t_Skip__n'0 = n} -> inv'1 iter + | {t_Rev__iter'0 = iter} -> inv'1 iter end - function iter'0 [#"../../../creusot-contracts/src/std/iter/skip.rs" 15 4 15 22] (self : t_Skip'0) : t_I'0 + function iter'0 [#"../../../creusot-contracts/src/std/iter/rev.rs" 18 4 18 22] (self : t_Rev'0) : t_I'0 - axiom iter'0_spec : forall self : t_Skip'0 . [%#sskip4] inv'0 self -> inv'1 (iter'0 self) + axiom iter'0_spec : forall self : t_Rev'0 . [%#srev3] inv'0 self -> inv'1 (iter'0 self) use seq.Seq - predicate produces'1 [#"../../../creusot-contracts/src/std/iter.rs" 32 4 32 65] (self : t_I'0) (visited : Seq.seq t_Item'0) (o : t_I'0) + predicate produces_back'0 [#"../../../creusot-contracts/src/std/iter.rs" 103 4 103 70] (self : t_I'0) (visited : Seq.seq t_Item'0) (o : t_I'0) - function produces_trans'0 [#"../../../creusot-contracts/src/std/iter.rs" 45 4 45 91] (a : t_I'0) (ab : Seq.seq t_Item'0) (b : t_I'0) (bc : Seq.seq t_Item'0) (c : t_I'0) : () + function produces_back_trans'0 [#"../../../creusot-contracts/src/std/iter.rs" 113 4 113 96] (a : t_I'0) (ab : Seq.seq t_Item'0) (b : t_I'0) (bc : Seq.seq t_Item'0) (c : t_I'0) : () - axiom produces_trans'0_spec : forall a : t_I'0, ab : Seq.seq t_Item'0, b : t_I'0, bc : Seq.seq t_Item'0, c : t_I'0 . ([%#siter6] produces'1 a ab b) - -> ([%#siter7] produces'1 b bc c) -> ([%#siter8] produces'1 a (Seq.(++) ab bc) c) - - function produces_refl'1 [#"../../../creusot-contracts/src/std/iter.rs" 39 4 39 27] (self : t_I'0) : () - - axiom produces_refl'1_spec : forall self : t_I'0 . [%#siter5] produces'1 self (Seq.empty : Seq.seq t_Item'0) self - - use seq.Seq + axiom produces_back_trans'0_spec : forall a : t_I'0, ab : Seq.seq t_Item'0, b : t_I'0, bc : Seq.seq t_Item'0, c : t_I'0 . ([%#siter5] produces_back'0 a ab b) + -> ([%#siter6] produces_back'0 b bc c) -> ([%#siter7] produces_back'0 a (Seq.(++) ab bc) c) - use prelude.prelude.Borrow + function produces_back_refl'0 [#"../../../creusot-contracts/src/std/iter.rs" 107 4 107 32] (self : t_I'0) : () - predicate resolve'0 [#"../../../creusot-contracts/src/resolve.rs" 19 0 19 40] (_1 : t_Item'0) + axiom produces_back_refl'0_spec : forall self : t_I'0 . [%#siter4] produces_back'0 self (Seq.empty : Seq.seq t_Item'0) self - predicate produces'0 [#"../../../creusot-contracts/src/std/iter/skip.rs" 60 4 60 64] (self : t_Skip'0) (visited : Seq.seq t_Item'0) (o : t_Skip'0) + predicate produces'0 [#"../../../creusot-contracts/src/std/iter/rev.rs" 39 4 39 64] (self : t_Rev'0) (visited : Seq.seq t_Item'0) (o : t_Rev'0) = - [%#sskip2] visited = (Seq.empty : Seq.seq t_Item'0) /\ self = o - \/ n'0 o = 0 - /\ Seq.length visited > 0 - /\ (exists s : Seq.seq t_Item'0 . Seq.length s = n'0 self - /\ produces'1 (iter'0 self) (Seq.(++) s visited) (iter'0 o) - /\ (forall i : int . 0 <= i /\ i < Seq.length s -> resolve'0 (Seq.get s i))) + [%#srev2] produces_back'0 (iter'0 self) visited (iter'0 o) - constant self : t_Skip'0 + constant self : t_Rev'0 - function produces_refl'0 [#"../../../creusot-contracts/src/std/iter/skip.rs" 74 4 74 26] (self : t_Skip'0) : () + function produces_refl'0 [#"../../../creusot-contracts/src/std/iter/rev.rs" 48 4 48 26] (self : t_Rev'0) : () - goal vc_produces_refl'0 : [%#sskip0] produces'0 self (Seq.empty : Seq.seq t_Item'0) self + goal vc_produces_refl'0 : [%#srev0] produces'0 self (Seq.empty : Seq.seq t_Item'0) self end -module M_creusot_contracts__stdqy35z1__iter__skip__qyi3195031491774060502__produces_trans [#"../../../creusot-contracts/src/std/iter/skip.rs" 81 4 81 90] (* as std::iter::Iterator> *) - let%span sskip0 = "../../../creusot-contracts/src/std/iter/skip.rs" 78 15 78 32 - let%span sskip1 = "../../../creusot-contracts/src/std/iter/skip.rs" 79 15 79 32 - let%span sskip2 = "../../../creusot-contracts/src/std/iter/skip.rs" 80 14 80 42 - let%span sskip3 = "../../../creusot-contracts/src/std/iter/skip.rs" 76 4 76 10 - let%span sskip4 = "../../../creusot-contracts/src/std/iter/skip.rs" 62 12 67 74 - let%span sskip5 = "../../../creusot-contracts/src/std/iter/skip.rs" 21 14 21 50 - let%span sskip6 = "../../../creusot-contracts/src/std/iter/skip.rs" 14 14 14 39 - let%span siter7 = "../../../creusot-contracts/src/std/iter.rs" 38 14 38 45 - let%span siter8 = "../../../creusot-contracts/src/std/iter.rs" 42 15 42 32 - let%span siter9 = "../../../creusot-contracts/src/std/iter.rs" 43 15 43 32 - let%span siter10 = "../../../creusot-contracts/src/std/iter.rs" 44 14 44 42 +module M_creusot_contracts__stdqy35z1__iter__rev__qyi4378764544541057436__produces_trans [#"../../../creusot-contracts/src/std/iter/rev.rs" 55 4 55 90] (* as std::iter::Iterator> *) + let%span srev0 = "../../../creusot-contracts/src/std/iter/rev.rs" 52 15 52 32 + let%span srev1 = "../../../creusot-contracts/src/std/iter/rev.rs" 53 15 53 32 + let%span srev2 = "../../../creusot-contracts/src/std/iter/rev.rs" 54 14 54 42 + let%span srev3 = "../../../creusot-contracts/src/std/iter/rev.rs" 50 4 50 10 + let%span srev4 = "../../../creusot-contracts/src/std/iter/rev.rs" 41 12 41 56 + let%span srev5 = "../../../creusot-contracts/src/std/iter/rev.rs" 17 14 17 39 + let%span siter6 = "../../../creusot-contracts/src/std/iter.rs" 106 14 106 50 + let%span siter7 = "../../../creusot-contracts/src/std/iter.rs" 110 15 110 37 + let%span siter8 = "../../../creusot-contracts/src/std/iter.rs" 111 15 111 37 + let%span siter9 = "../../../creusot-contracts/src/std/iter.rs" 112 14 112 47 type t_I'0 - use prelude.prelude.UIntSize - - type t_Skip'0 = - { t_Skip__iter'0: t_I'0; t_Skip__n'0: usize } + type t_Rev'0 = + { t_Rev__iter'0: t_I'0 } type t_Item'0 use seq.Seq - use seq.Seq + predicate inv'1 [#"../../../creusot-contracts/src/invariant.rs" 41 0 41 35] (_1 : t_I'0) - use prelude.prelude.Int + predicate inv'0 [#"../../../creusot-contracts/src/invariant.rs" 41 0 41 35] (_1 : t_Rev'0) - constant v_MAX'0 : usize = (18446744073709551615 : usize) + axiom inv_axiom'0 [@rewrite] : forall x : t_Rev'0 [inv'0 x] . inv'0 x + = match x with + | {t_Rev__iter'0 = iter} -> inv'1 iter + end - use prelude.prelude.UIntSize + function iter'0 [#"../../../creusot-contracts/src/std/iter/rev.rs" 18 4 18 22] (self : t_Rev'0) : t_I'0 - function n'0 [#"../../../creusot-contracts/src/std/iter/skip.rs" 22 4 22 21] (self : t_Skip'0) : int + axiom iter'0_spec : forall self : t_Rev'0 . [%#srev5] inv'0 self -> inv'1 (iter'0 self) + + use seq.Seq + + use seq.Seq + + predicate produces_back'0 [#"../../../creusot-contracts/src/std/iter.rs" 103 4 103 70] (self : t_I'0) (visited : Seq.seq t_Item'0) (o : t_I'0) + + + function produces_back_trans'0 [#"../../../creusot-contracts/src/std/iter.rs" 113 4 113 96] (a : t_I'0) (ab : Seq.seq t_Item'0) (b : t_I'0) (bc : Seq.seq t_Item'0) (c : t_I'0) : () + + + axiom produces_back_trans'0_spec : forall a : t_I'0, ab : Seq.seq t_Item'0, b : t_I'0, bc : Seq.seq t_Item'0, c : t_I'0 . ([%#siter7] produces_back'0 a ab b) + -> ([%#siter8] produces_back'0 b bc c) -> ([%#siter9] produces_back'0 a (Seq.(++) ab bc) c) + + function produces_back_refl'0 [#"../../../creusot-contracts/src/std/iter.rs" 107 4 107 32] (self : t_I'0) : () + + axiom produces_back_refl'0_spec : forall self : t_I'0 . [%#siter6] produces_back'0 self (Seq.empty : Seq.seq t_Item'0) self + + predicate produces'0 [#"../../../creusot-contracts/src/std/iter/rev.rs" 39 4 39 64] (self : t_Rev'0) (visited : Seq.seq t_Item'0) (o : t_Rev'0) + + = + [%#srev4] produces_back'0 (iter'0 self) visited (iter'0 o) + + constant a : t_Rev'0 + + constant ab : Seq.seq t_Item'0 + + constant b : t_Rev'0 + + constant bc : Seq.seq t_Item'0 + + constant c : t_Rev'0 + + function produces_trans'0 [#"../../../creusot-contracts/src/std/iter/rev.rs" 55 4 55 90] (a : t_Rev'0) (ab : Seq.seq t_Item'0) (b : t_Rev'0) (bc : Seq.seq t_Item'0) (c : t_Rev'0) : () + + + goal vc_produces_trans'0 : ([%#srev1] produces'0 b bc c) + -> ([%#srev0] produces'0 a ab b) -> ([%#srev2] produces'0 a (Seq.(++) ab bc) c) +end +module M_creusot_contracts__stdqy35z1__iter__skip__qyi3195031491774060502__produces_refl [#"../../../creusot-contracts/src/std/iter/skip.rs" 74 4 74 26] (* as std::iter::Iterator> *) + let%span sskip0 = "../../../creusot-contracts/src/std/iter/skip.rs" 73 14 73 45 + let%span sskip1 = "../../../creusot-contracts/src/std/iter/skip.rs" 71 4 71 10 + let%span sskip2 = "../../../creusot-contracts/src/std/iter/skip.rs" 62 12 67 74 + let%span sskip3 = "../../../creusot-contracts/src/std/iter/skip.rs" 21 14 21 50 + let%span sskip4 = "../../../creusot-contracts/src/std/iter/skip.rs" 14 14 14 39 + let%span siter5 = "../../../creusot-contracts/src/std/iter.rs" 42 14 42 45 + let%span siter6 = "../../../creusot-contracts/src/std/iter.rs" 46 15 46 32 + let%span siter7 = "../../../creusot-contracts/src/std/iter.rs" 47 15 47 32 + let%span siter8 = "../../../creusot-contracts/src/std/iter.rs" 48 14 48 42 + + use seq.Seq + + type t_Item'0 + + use seq.Seq + + type t_I'0 + + use prelude.prelude.UIntSize + + type t_Skip'0 = + { t_Skip__iter'0: t_I'0; t_Skip__n'0: usize } + + use prelude.prelude.Int + + constant v_MAX'0 : usize = (18446744073709551615 : usize) + + use prelude.prelude.UIntSize + + function n'0 [#"../../../creusot-contracts/src/std/iter/skip.rs" 22 4 22 21] (self : t_Skip'0) : int + + axiom n'0_spec : forall self : t_Skip'0 . [%#sskip3] n'0 self >= 0 /\ n'0 self <= UIntSize.to_int (v_MAX'0 : usize) + + use seq.Seq + + predicate inv'1 [#"../../../creusot-contracts/src/invariant.rs" 41 0 41 35] (_1 : t_I'0) + + predicate inv'0 [#"../../../creusot-contracts/src/invariant.rs" 41 0 41 35] (_1 : t_Skip'0) + + axiom inv_axiom'0 [@rewrite] : forall x : t_Skip'0 [inv'0 x] . inv'0 x + = match x with + | {t_Skip__iter'0 = iter ; t_Skip__n'0 = n} -> inv'1 iter + end + + function iter'0 [#"../../../creusot-contracts/src/std/iter/skip.rs" 15 4 15 22] (self : t_Skip'0) : t_I'0 + + axiom iter'0_spec : forall self : t_Skip'0 . [%#sskip4] inv'0 self -> inv'1 (iter'0 self) + + use seq.Seq + + predicate produces'1 [#"../../../creusot-contracts/src/std/iter.rs" 36 4 36 65] (self : t_I'0) (visited : Seq.seq t_Item'0) (o : t_I'0) + + + function produces_trans'0 [#"../../../creusot-contracts/src/std/iter.rs" 49 4 49 91] (a : t_I'0) (ab : Seq.seq t_Item'0) (b : t_I'0) (bc : Seq.seq t_Item'0) (c : t_I'0) : () + + + axiom produces_trans'0_spec : forall a : t_I'0, ab : Seq.seq t_Item'0, b : t_I'0, bc : Seq.seq t_Item'0, c : t_I'0 . ([%#siter6] produces'1 a ab b) + -> ([%#siter7] produces'1 b bc c) -> ([%#siter8] produces'1 a (Seq.(++) ab bc) c) + + function produces_refl'1 [#"../../../creusot-contracts/src/std/iter.rs" 43 4 43 27] (self : t_I'0) : () + + axiom produces_refl'1_spec : forall self : t_I'0 . [%#siter5] produces'1 self (Seq.empty : Seq.seq t_Item'0) self + + use seq.Seq + + use prelude.prelude.Borrow + + predicate resolve'0 [#"../../../creusot-contracts/src/resolve.rs" 19 0 19 40] (_1 : t_Item'0) + + predicate produces'0 [#"../../../creusot-contracts/src/std/iter/skip.rs" 60 4 60 64] (self : t_Skip'0) (visited : Seq.seq t_Item'0) (o : t_Skip'0) + + = + [%#sskip2] visited = (Seq.empty : Seq.seq t_Item'0) /\ self = o + \/ n'0 o = 0 + /\ Seq.length visited > 0 + /\ (exists s : Seq.seq t_Item'0 . Seq.length s = n'0 self + /\ produces'1 (iter'0 self) (Seq.(++) s visited) (iter'0 o) + /\ (forall i : int . 0 <= i /\ i < Seq.length s -> resolve'0 (Seq.get s i))) + + constant self : t_Skip'0 + + function produces_refl'0 [#"../../../creusot-contracts/src/std/iter/skip.rs" 74 4 74 26] (self : t_Skip'0) : () + + goal vc_produces_refl'0 : [%#sskip0] produces'0 self (Seq.empty : Seq.seq t_Item'0) self +end +module M_creusot_contracts__stdqy35z1__iter__skip__qyi3195031491774060502__produces_trans [#"../../../creusot-contracts/src/std/iter/skip.rs" 81 4 81 90] (* as std::iter::Iterator> *) + let%span sskip0 = "../../../creusot-contracts/src/std/iter/skip.rs" 78 15 78 32 + let%span sskip1 = "../../../creusot-contracts/src/std/iter/skip.rs" 79 15 79 32 + let%span sskip2 = "../../../creusot-contracts/src/std/iter/skip.rs" 80 14 80 42 + let%span sskip3 = "../../../creusot-contracts/src/std/iter/skip.rs" 76 4 76 10 + let%span sskip4 = "../../../creusot-contracts/src/std/iter/skip.rs" 62 12 67 74 + let%span sskip5 = "../../../creusot-contracts/src/std/iter/skip.rs" 21 14 21 50 + let%span sskip6 = "../../../creusot-contracts/src/std/iter/skip.rs" 14 14 14 39 + let%span siter7 = "../../../creusot-contracts/src/std/iter.rs" 42 14 42 45 + let%span siter8 = "../../../creusot-contracts/src/std/iter.rs" 46 15 46 32 + let%span siter9 = "../../../creusot-contracts/src/std/iter.rs" 47 15 47 32 + let%span siter10 = "../../../creusot-contracts/src/std/iter.rs" 48 14 48 42 + + type t_I'0 + + use prelude.prelude.UIntSize + + type t_Skip'0 = + { t_Skip__iter'0: t_I'0; t_Skip__n'0: usize } + + type t_Item'0 + + use seq.Seq + + use seq.Seq + + use prelude.prelude.Int + + constant v_MAX'0 : usize = (18446744073709551615 : usize) + + use prelude.prelude.UIntSize + + function n'0 [#"../../../creusot-contracts/src/std/iter/skip.rs" 22 4 22 21] (self : t_Skip'0) : int axiom n'0_spec : forall self : t_Skip'0 . [%#sskip5] n'0 self >= 0 /\ n'0 self <= UIntSize.to_int (v_MAX'0 : usize) @@ -8038,16 +8724,16 @@ module M_creusot_contracts__stdqy35z1__iter__skip__qyi3195031491774060502__produ use seq.Seq - predicate produces'1 [#"../../../creusot-contracts/src/std/iter.rs" 32 4 32 65] (self : t_I'0) (visited : Seq.seq t_Item'0) (o : t_I'0) + predicate produces'1 [#"../../../creusot-contracts/src/std/iter.rs" 36 4 36 65] (self : t_I'0) (visited : Seq.seq t_Item'0) (o : t_I'0) - function produces_trans'1 [#"../../../creusot-contracts/src/std/iter.rs" 45 4 45 91] (a : t_I'0) (ab : Seq.seq t_Item'0) (b : t_I'0) (bc : Seq.seq t_Item'0) (c : t_I'0) : () + function produces_trans'1 [#"../../../creusot-contracts/src/std/iter.rs" 49 4 49 91] (a : t_I'0) (ab : Seq.seq t_Item'0) (b : t_I'0) (bc : Seq.seq t_Item'0) (c : t_I'0) : () axiom produces_trans'1_spec : forall a : t_I'0, ab : Seq.seq t_Item'0, b : t_I'0, bc : Seq.seq t_Item'0, c : t_I'0 . ([%#siter8] produces'1 a ab b) -> ([%#siter9] produces'1 b bc c) -> ([%#siter10] produces'1 a (Seq.(++) ab bc) c) - function produces_refl'0 [#"../../../creusot-contracts/src/std/iter.rs" 39 4 39 27] (self : t_I'0) : () + function produces_refl'0 [#"../../../creusot-contracts/src/std/iter.rs" 43 4 43 27] (self : t_I'0) : () axiom produces_refl'0_spec : forall self : t_I'0 . [%#siter7] produces'1 self (Seq.empty : Seq.seq t_Item'0) self @@ -8089,10 +8775,10 @@ module M_creusot_contracts__stdqy35z1__iter__take__qyi12344256497067751022__prod let%span stake2 = "../../../creusot-contracts/src/std/iter/take.rs" 65 12 65 88 let%span stake3 = "../../../creusot-contracts/src/std/iter/take.rs" 31 14 31 50 let%span stake4 = "../../../creusot-contracts/src/std/iter/take.rs" 17 14 17 39 - let%span siter5 = "../../../creusot-contracts/src/std/iter.rs" 38 14 38 45 - let%span siter6 = "../../../creusot-contracts/src/std/iter.rs" 42 15 42 32 - let%span siter7 = "../../../creusot-contracts/src/std/iter.rs" 43 15 43 32 - let%span siter8 = "../../../creusot-contracts/src/std/iter.rs" 44 14 44 42 + let%span siter5 = "../../../creusot-contracts/src/std/iter.rs" 42 14 42 45 + let%span siter6 = "../../../creusot-contracts/src/std/iter.rs" 46 15 46 32 + let%span siter7 = "../../../creusot-contracts/src/std/iter.rs" 47 15 47 32 + let%span siter8 = "../../../creusot-contracts/src/std/iter.rs" 48 14 48 42 use seq.Seq @@ -8134,16 +8820,16 @@ module M_creusot_contracts__stdqy35z1__iter__take__qyi12344256497067751022__prod use seq.Seq - predicate produces'1 [#"../../../creusot-contracts/src/std/iter.rs" 32 4 32 65] (self : t_I'0) (visited : Seq.seq t_Item'0) (o : t_I'0) + predicate produces'1 [#"../../../creusot-contracts/src/std/iter.rs" 36 4 36 65] (self : t_I'0) (visited : Seq.seq t_Item'0) (o : t_I'0) - function produces_trans'0 [#"../../../creusot-contracts/src/std/iter.rs" 45 4 45 91] (a : t_I'0) (ab : Seq.seq t_Item'0) (b : t_I'0) (bc : Seq.seq t_Item'0) (c : t_I'0) : () + function produces_trans'0 [#"../../../creusot-contracts/src/std/iter.rs" 49 4 49 91] (a : t_I'0) (ab : Seq.seq t_Item'0) (b : t_I'0) (bc : Seq.seq t_Item'0) (c : t_I'0) : () axiom produces_trans'0_spec : forall a : t_I'0, ab : Seq.seq t_Item'0, b : t_I'0, bc : Seq.seq t_Item'0, c : t_I'0 . ([%#siter6] produces'1 a ab b) -> ([%#siter7] produces'1 b bc c) -> ([%#siter8] produces'1 a (Seq.(++) ab bc) c) - function produces_refl'1 [#"../../../creusot-contracts/src/std/iter.rs" 39 4 39 27] (self : t_I'0) : () + function produces_refl'1 [#"../../../creusot-contracts/src/std/iter.rs" 43 4 43 27] (self : t_I'0) : () axiom produces_refl'1_spec : forall self : t_I'0 . [%#siter5] produces'1 self (Seq.empty : Seq.seq t_Item'0) self @@ -8166,10 +8852,10 @@ module M_creusot_contracts__stdqy35z1__iter__take__qyi12344256497067751022__prod let%span stake4 = "../../../creusot-contracts/src/std/iter/take.rs" 65 12 65 88 let%span stake5 = "../../../creusot-contracts/src/std/iter/take.rs" 31 14 31 50 let%span stake6 = "../../../creusot-contracts/src/std/iter/take.rs" 17 14 17 39 - let%span siter7 = "../../../creusot-contracts/src/std/iter.rs" 38 14 38 45 - let%span siter8 = "../../../creusot-contracts/src/std/iter.rs" 42 15 42 32 - let%span siter9 = "../../../creusot-contracts/src/std/iter.rs" 43 15 43 32 - let%span siter10 = "../../../creusot-contracts/src/std/iter.rs" 44 14 44 42 + let%span siter7 = "../../../creusot-contracts/src/std/iter.rs" 42 14 42 45 + let%span siter8 = "../../../creusot-contracts/src/std/iter.rs" 46 15 46 32 + let%span siter9 = "../../../creusot-contracts/src/std/iter.rs" 47 15 47 32 + let%span siter10 = "../../../creusot-contracts/src/std/iter.rs" 48 14 48 42 type t_I'0 @@ -8211,16 +8897,16 @@ module M_creusot_contracts__stdqy35z1__iter__take__qyi12344256497067751022__prod use seq.Seq - predicate produces'1 [#"../../../creusot-contracts/src/std/iter.rs" 32 4 32 65] (self : t_I'0) (visited : Seq.seq t_Item'0) (o : t_I'0) + predicate produces'1 [#"../../../creusot-contracts/src/std/iter.rs" 36 4 36 65] (self : t_I'0) (visited : Seq.seq t_Item'0) (o : t_I'0) - function produces_trans'1 [#"../../../creusot-contracts/src/std/iter.rs" 45 4 45 91] (a : t_I'0) (ab : Seq.seq t_Item'0) (b : t_I'0) (bc : Seq.seq t_Item'0) (c : t_I'0) : () + function produces_trans'1 [#"../../../creusot-contracts/src/std/iter.rs" 49 4 49 91] (a : t_I'0) (ab : Seq.seq t_Item'0) (b : t_I'0) (bc : Seq.seq t_Item'0) (c : t_I'0) : () axiom produces_trans'1_spec : forall a : t_I'0, ab : Seq.seq t_Item'0, b : t_I'0, bc : Seq.seq t_Item'0, c : t_I'0 . ([%#siter8] produces'1 a ab b) -> ([%#siter9] produces'1 b bc c) -> ([%#siter10] produces'1 a (Seq.(++) ab bc) c) - function produces_refl'0 [#"../../../creusot-contracts/src/std/iter.rs" 39 4 39 27] (self : t_I'0) : () + function produces_refl'0 [#"../../../creusot-contracts/src/std/iter.rs" 43 4 43 27] (self : t_I'0) : () axiom produces_refl'0_spec : forall self : t_I'0 . [%#siter7] produces'1 self (Seq.empty : Seq.seq t_Item'0) self @@ -8251,10 +8937,10 @@ module M_creusot_contracts__stdqy35z1__iter__zip__qyi2281060687216883844__produc let%span szip2 = "../../../creusot-contracts/src/std/iter/zip.rs" 46 12 49 95 let%span szip3 = "../../../creusot-contracts/src/std/iter/zip.rs" 14 14 14 39 let%span szip4 = "../../../creusot-contracts/src/std/iter/zip.rs" 21 14 21 39 - let%span siter5 = "../../../creusot-contracts/src/std/iter.rs" 38 14 38 45 - let%span siter6 = "../../../creusot-contracts/src/std/iter.rs" 42 15 42 32 - let%span siter7 = "../../../creusot-contracts/src/std/iter.rs" 43 15 43 32 - let%span siter8 = "../../../creusot-contracts/src/std/iter.rs" 44 14 44 42 + let%span siter5 = "../../../creusot-contracts/src/std/iter.rs" 42 14 42 45 + let%span siter6 = "../../../creusot-contracts/src/std/iter.rs" 46 15 46 32 + let%span siter7 = "../../../creusot-contracts/src/std/iter.rs" 47 15 47 32 + let%span siter8 = "../../../creusot-contracts/src/std/iter.rs" 48 14 48 42 use seq.Seq @@ -8311,16 +8997,16 @@ module M_creusot_contracts__stdqy35z1__iter__zip__qyi2281060687216883844__produc use seq.Seq - predicate produces'1 [#"../../../creusot-contracts/src/std/iter.rs" 32 4 32 65] (self : t_A'0) (visited : Seq.seq t_Item'0) (o : t_A'0) + predicate produces'1 [#"../../../creusot-contracts/src/std/iter.rs" 36 4 36 65] (self : t_A'0) (visited : Seq.seq t_Item'0) (o : t_A'0) - function produces_trans'0 [#"../../../creusot-contracts/src/std/iter.rs" 45 4 45 91] (a : t_A'0) (ab : Seq.seq t_Item'0) (b : t_A'0) (bc : Seq.seq t_Item'0) (c : t_A'0) : () + function produces_trans'0 [#"../../../creusot-contracts/src/std/iter.rs" 49 4 49 91] (a : t_A'0) (ab : Seq.seq t_Item'0) (b : t_A'0) (bc : Seq.seq t_Item'0) (c : t_A'0) : () axiom produces_trans'0_spec : forall a : t_A'0, ab : Seq.seq t_Item'0, b : t_A'0, bc : Seq.seq t_Item'0, c : t_A'0 . ([%#siter6] produces'1 a ab b) -> ([%#siter7] produces'1 b bc c) -> ([%#siter8] produces'1 a (Seq.(++) ab bc) c) - function produces_refl'1 [#"../../../creusot-contracts/src/std/iter.rs" 39 4 39 27] (self : t_A'0) : () + function produces_refl'1 [#"../../../creusot-contracts/src/std/iter.rs" 43 4 43 27] (self : t_A'0) : () axiom produces_refl'1_spec : forall self : t_A'0 . [%#siter5] produces'1 self (Seq.empty : Seq.seq t_Item'0) self @@ -8332,16 +9018,16 @@ module M_creusot_contracts__stdqy35z1__iter__zip__qyi2281060687216883844__produc use seq.Seq - predicate produces'2 [#"../../../creusot-contracts/src/std/iter.rs" 32 4 32 65] (self : t_B'0) (visited : Seq.seq t_Item'1) (o : t_B'0) + predicate produces'2 [#"../../../creusot-contracts/src/std/iter.rs" 36 4 36 65] (self : t_B'0) (visited : Seq.seq t_Item'1) (o : t_B'0) - function produces_trans'1 [#"../../../creusot-contracts/src/std/iter.rs" 45 4 45 91] (a : t_B'0) (ab : Seq.seq t_Item'1) (b : t_B'0) (bc : Seq.seq t_Item'1) (c : t_B'0) : () + function produces_trans'1 [#"../../../creusot-contracts/src/std/iter.rs" 49 4 49 91] (a : t_B'0) (ab : Seq.seq t_Item'1) (b : t_B'0) (bc : Seq.seq t_Item'1) (c : t_B'0) : () axiom produces_trans'1_spec : forall a : t_B'0, ab : Seq.seq t_Item'1, b : t_B'0, bc : Seq.seq t_Item'1, c : t_B'0 . ([%#siter6] produces'2 a ab b) -> ([%#siter7] produces'2 b bc c) -> ([%#siter8] produces'2 a (Seq.(++) ab bc) c) - function produces_refl'2 [#"../../../creusot-contracts/src/std/iter.rs" 39 4 39 27] (self : t_B'0) : () + function produces_refl'2 [#"../../../creusot-contracts/src/std/iter.rs" 43 4 43 27] (self : t_B'0) : () axiom produces_refl'2_spec : forall self : t_B'0 . [%#siter5] produces'2 self (Seq.empty : Seq.seq t_Item'1) self @@ -8367,10 +9053,10 @@ module M_creusot_contracts__stdqy35z1__iter__zip__qyi2281060687216883844__produc let%span szip4 = "../../../creusot-contracts/src/std/iter/zip.rs" 46 12 49 95 let%span szip5 = "../../../creusot-contracts/src/std/iter/zip.rs" 14 14 14 39 let%span szip6 = "../../../creusot-contracts/src/std/iter/zip.rs" 21 14 21 39 - let%span siter7 = "../../../creusot-contracts/src/std/iter.rs" 38 14 38 45 - let%span siter8 = "../../../creusot-contracts/src/std/iter.rs" 42 15 42 32 - let%span siter9 = "../../../creusot-contracts/src/std/iter.rs" 43 15 43 32 - let%span siter10 = "../../../creusot-contracts/src/std/iter.rs" 44 14 44 42 + let%span siter7 = "../../../creusot-contracts/src/std/iter.rs" 42 14 42 45 + let%span siter8 = "../../../creusot-contracts/src/std/iter.rs" 46 15 46 32 + let%span siter9 = "../../../creusot-contracts/src/std/iter.rs" 47 15 47 32 + let%span siter10 = "../../../creusot-contracts/src/std/iter.rs" 48 14 48 42 type t_A'0 @@ -8425,16 +9111,16 @@ module M_creusot_contracts__stdqy35z1__iter__zip__qyi2281060687216883844__produc use seq.Seq - predicate produces'1 [#"../../../creusot-contracts/src/std/iter.rs" 32 4 32 65] (self : t_A'0) (visited : Seq.seq t_Item'0) (o : t_A'0) + predicate produces'1 [#"../../../creusot-contracts/src/std/iter.rs" 36 4 36 65] (self : t_A'0) (visited : Seq.seq t_Item'0) (o : t_A'0) - function produces_trans'1 [#"../../../creusot-contracts/src/std/iter.rs" 45 4 45 91] (a : t_A'0) (ab : Seq.seq t_Item'0) (b : t_A'0) (bc : Seq.seq t_Item'0) (c : t_A'0) : () + function produces_trans'1 [#"../../../creusot-contracts/src/std/iter.rs" 49 4 49 91] (a : t_A'0) (ab : Seq.seq t_Item'0) (b : t_A'0) (bc : Seq.seq t_Item'0) (c : t_A'0) : () axiom produces_trans'1_spec : forall a : t_A'0, ab : Seq.seq t_Item'0, b : t_A'0, bc : Seq.seq t_Item'0, c : t_A'0 . ([%#siter8] produces'1 a ab b) -> ([%#siter9] produces'1 b bc c) -> ([%#siter10] produces'1 a (Seq.(++) ab bc) c) - function produces_refl'0 [#"../../../creusot-contracts/src/std/iter.rs" 39 4 39 27] (self : t_A'0) : () + function produces_refl'0 [#"../../../creusot-contracts/src/std/iter.rs" 43 4 43 27] (self : t_A'0) : () axiom produces_refl'0_spec : forall self : t_A'0 . [%#siter7] produces'1 self (Seq.empty : Seq.seq t_Item'0) self @@ -8446,16 +9132,16 @@ module M_creusot_contracts__stdqy35z1__iter__zip__qyi2281060687216883844__produc use seq.Seq - predicate produces'2 [#"../../../creusot-contracts/src/std/iter.rs" 32 4 32 65] (self : t_B'0) (visited : Seq.seq t_Item'1) (o : t_B'0) + predicate produces'2 [#"../../../creusot-contracts/src/std/iter.rs" 36 4 36 65] (self : t_B'0) (visited : Seq.seq t_Item'1) (o : t_B'0) - function produces_trans'2 [#"../../../creusot-contracts/src/std/iter.rs" 45 4 45 91] (a : t_B'0) (ab : Seq.seq t_Item'1) (b : t_B'0) (bc : Seq.seq t_Item'1) (c : t_B'0) : () + function produces_trans'2 [#"../../../creusot-contracts/src/std/iter.rs" 49 4 49 91] (a : t_B'0) (ab : Seq.seq t_Item'1) (b : t_B'0) (bc : Seq.seq t_Item'1) (c : t_B'0) : () axiom produces_trans'2_spec : forall a : t_B'0, ab : Seq.seq t_Item'1, b : t_B'0, bc : Seq.seq t_Item'1, c : t_B'0 . ([%#siter8] produces'2 a ab b) -> ([%#siter9] produces'2 b bc c) -> ([%#siter10] produces'2 a (Seq.(++) ab bc) c) - function produces_refl'1 [#"../../../creusot-contracts/src/std/iter.rs" 39 4 39 27] (self : t_B'0) : () + function produces_refl'1 [#"../../../creusot-contracts/src/std/iter.rs" 43 4 43 27] (self : t_B'0) : () axiom produces_refl'1_spec : forall self : t_B'0 . [%#siter7] produces'2 self (Seq.empty : Seq.seq t_Item'1) self @@ -8485,14 +9171,14 @@ module M_creusot_contracts__stdqy35z1__iter__zip__qyi2281060687216883844__produc goal vc_produces_trans'0 : ([%#szip1] produces'0 b bc c) -> ([%#szip0] produces'0 a ab b) -> ([%#szip2] produces'0 a (Seq.(++) ab bc) c) end -module M_creusot_contracts__stdqy35z1__iter__qyi8355237225316942617__produces_refl [#"../../../creusot-contracts/src/std/iter.rs" 223 4 223 26] (* <&mut I as std::iter::Iterator> *) - let%span siter0 = "../../../creusot-contracts/src/std/iter.rs" 222 14 222 45 - let%span siter1 = "../../../creusot-contracts/src/std/iter.rs" 220 4 220 10 - let%span siter2 = "../../../creusot-contracts/src/std/iter.rs" 211 20 211 64 - let%span siter3 = "../../../creusot-contracts/src/std/iter.rs" 38 14 38 45 - let%span siter4 = "../../../creusot-contracts/src/std/iter.rs" 42 15 42 32 - let%span siter5 = "../../../creusot-contracts/src/std/iter.rs" 43 15 43 32 - let%span siter6 = "../../../creusot-contracts/src/std/iter.rs" 44 14 44 42 +module M_creusot_contracts__stdqy35z1__iter__qyi8355237225316942617__produces_refl [#"../../../creusot-contracts/src/std/iter.rs" 279 4 279 26] (* <&mut I as std::iter::Iterator> *) + let%span siter0 = "../../../creusot-contracts/src/std/iter.rs" 278 14 278 45 + let%span siter1 = "../../../creusot-contracts/src/std/iter.rs" 276 4 276 10 + let%span siter2 = "../../../creusot-contracts/src/std/iter.rs" 267 20 267 64 + let%span siter3 = "../../../creusot-contracts/src/std/iter.rs" 42 14 42 45 + let%span siter4 = "../../../creusot-contracts/src/std/iter.rs" 46 15 46 32 + let%span siter5 = "../../../creusot-contracts/src/std/iter.rs" 47 15 47 32 + let%span siter6 = "../../../creusot-contracts/src/std/iter.rs" 48 14 48 42 use seq.Seq @@ -8506,40 +9192,40 @@ module M_creusot_contracts__stdqy35z1__iter__qyi8355237225316942617__produces_re use seq.Seq - predicate produces'1 [#"../../../creusot-contracts/src/std/iter.rs" 32 4 32 65] (self : t_I'0) (visited : Seq.seq t_Item'0) (o : t_I'0) + predicate produces'1 [#"../../../creusot-contracts/src/std/iter.rs" 36 4 36 65] (self : t_I'0) (visited : Seq.seq t_Item'0) (o : t_I'0) - function produces_trans'0 [#"../../../creusot-contracts/src/std/iter.rs" 45 4 45 91] (a : t_I'0) (ab : Seq.seq t_Item'0) (b : t_I'0) (bc : Seq.seq t_Item'0) (c : t_I'0) : () + function produces_trans'0 [#"../../../creusot-contracts/src/std/iter.rs" 49 4 49 91] (a : t_I'0) (ab : Seq.seq t_Item'0) (b : t_I'0) (bc : Seq.seq t_Item'0) (c : t_I'0) : () axiom produces_trans'0_spec : forall a : t_I'0, ab : Seq.seq t_Item'0, b : t_I'0, bc : Seq.seq t_Item'0, c : t_I'0 . ([%#siter4] produces'1 a ab b) -> ([%#siter5] produces'1 b bc c) -> ([%#siter6] produces'1 a (Seq.(++) ab bc) c) - function produces_refl'1 [#"../../../creusot-contracts/src/std/iter.rs" 39 4 39 27] (self : t_I'0) : () + function produces_refl'1 [#"../../../creusot-contracts/src/std/iter.rs" 43 4 43 27] (self : t_I'0) : () axiom produces_refl'1_spec : forall self : t_I'0 . [%#siter3] produces'1 self (Seq.empty : Seq.seq t_Item'0) self - predicate produces'0 [#"../../../creusot-contracts/src/std/iter.rs" 210 4 210 64] (self : borrowed t_I'0) (visited : Seq.seq t_Item'0) (o : borrowed t_I'0) + predicate produces'0 [#"../../../creusot-contracts/src/std/iter.rs" 266 4 266 64] (self : borrowed t_I'0) (visited : Seq.seq t_Item'0) (o : borrowed t_I'0) = [%#siter2] produces'1 self.current visited o.current /\ self.final = o.final constant self : borrowed t_I'0 - function produces_refl'0 [#"../../../creusot-contracts/src/std/iter.rs" 223 4 223 26] (self : borrowed t_I'0) : () + function produces_refl'0 [#"../../../creusot-contracts/src/std/iter.rs" 279 4 279 26] (self : borrowed t_I'0) : () goal vc_produces_refl'0 : [%#siter0] produces'0 self (Seq.empty : Seq.seq t_Item'0) self end -module M_creusot_contracts__stdqy35z1__iter__qyi8355237225316942617__produces_trans [#"../../../creusot-contracts/src/std/iter.rs" 230 4 230 90] (* <&mut I as std::iter::Iterator> *) - let%span siter0 = "../../../creusot-contracts/src/std/iter.rs" 227 15 227 32 - let%span siter1 = "../../../creusot-contracts/src/std/iter.rs" 228 15 228 32 - let%span siter2 = "../../../creusot-contracts/src/std/iter.rs" 229 14 229 42 - let%span siter3 = "../../../creusot-contracts/src/std/iter.rs" 225 4 225 10 - let%span siter4 = "../../../creusot-contracts/src/std/iter.rs" 211 20 211 64 - let%span siter5 = "../../../creusot-contracts/src/std/iter.rs" 38 14 38 45 - let%span siter6 = "../../../creusot-contracts/src/std/iter.rs" 42 15 42 32 - let%span siter7 = "../../../creusot-contracts/src/std/iter.rs" 43 15 43 32 - let%span siter8 = "../../../creusot-contracts/src/std/iter.rs" 44 14 44 42 +module M_creusot_contracts__stdqy35z1__iter__qyi8355237225316942617__produces_trans [#"../../../creusot-contracts/src/std/iter.rs" 286 4 286 90] (* <&mut I as std::iter::Iterator> *) + let%span siter0 = "../../../creusot-contracts/src/std/iter.rs" 283 15 283 32 + let%span siter1 = "../../../creusot-contracts/src/std/iter.rs" 284 15 284 32 + let%span siter2 = "../../../creusot-contracts/src/std/iter.rs" 285 14 285 42 + let%span siter3 = "../../../creusot-contracts/src/std/iter.rs" 281 4 281 10 + let%span siter4 = "../../../creusot-contracts/src/std/iter.rs" 267 20 267 64 + let%span siter5 = "../../../creusot-contracts/src/std/iter.rs" 42 14 42 45 + let%span siter6 = "../../../creusot-contracts/src/std/iter.rs" 46 15 46 32 + let%span siter7 = "../../../creusot-contracts/src/std/iter.rs" 47 15 47 32 + let%span siter8 = "../../../creusot-contracts/src/std/iter.rs" 48 14 48 42 use prelude.prelude.Borrow @@ -8553,20 +9239,20 @@ module M_creusot_contracts__stdqy35z1__iter__qyi8355237225316942617__produces_tr use seq.Seq - predicate produces'1 [#"../../../creusot-contracts/src/std/iter.rs" 32 4 32 65] (self : t_I'0) (visited : Seq.seq t_Item'0) (o : t_I'0) + predicate produces'1 [#"../../../creusot-contracts/src/std/iter.rs" 36 4 36 65] (self : t_I'0) (visited : Seq.seq t_Item'0) (o : t_I'0) - function produces_trans'1 [#"../../../creusot-contracts/src/std/iter.rs" 45 4 45 91] (a : t_I'0) (ab : Seq.seq t_Item'0) (b : t_I'0) (bc : Seq.seq t_Item'0) (c : t_I'0) : () + function produces_trans'1 [#"../../../creusot-contracts/src/std/iter.rs" 49 4 49 91] (a : t_I'0) (ab : Seq.seq t_Item'0) (b : t_I'0) (bc : Seq.seq t_Item'0) (c : t_I'0) : () axiom produces_trans'1_spec : forall a : t_I'0, ab : Seq.seq t_Item'0, b : t_I'0, bc : Seq.seq t_Item'0, c : t_I'0 . ([%#siter6] produces'1 a ab b) -> ([%#siter7] produces'1 b bc c) -> ([%#siter8] produces'1 a (Seq.(++) ab bc) c) - function produces_refl'0 [#"../../../creusot-contracts/src/std/iter.rs" 39 4 39 27] (self : t_I'0) : () + function produces_refl'0 [#"../../../creusot-contracts/src/std/iter.rs" 43 4 43 27] (self : t_I'0) : () axiom produces_refl'0_spec : forall self : t_I'0 . [%#siter5] produces'1 self (Seq.empty : Seq.seq t_Item'0) self - predicate produces'0 [#"../../../creusot-contracts/src/std/iter.rs" 210 4 210 64] (self : borrowed t_I'0) (visited : Seq.seq t_Item'0) (o : borrowed t_I'0) + predicate produces'0 [#"../../../creusot-contracts/src/std/iter.rs" 266 4 266 64] (self : borrowed t_I'0) (visited : Seq.seq t_Item'0) (o : borrowed t_I'0) = [%#siter4] produces'1 self.current visited o.current /\ self.final = o.final @@ -8581,7 +9267,7 @@ module M_creusot_contracts__stdqy35z1__iter__qyi8355237225316942617__produces_tr constant c : borrowed t_I'0 - function produces_trans'0 [#"../../../creusot-contracts/src/std/iter.rs" 230 4 230 90] (a : borrowed t_I'0) (ab : Seq.seq t_Item'0) (b : borrowed t_I'0) (bc : Seq.seq t_Item'0) (c : borrowed t_I'0) : () + function produces_trans'0 [#"../../../creusot-contracts/src/std/iter.rs" 286 4 286 90] (a : borrowed t_I'0) (ab : Seq.seq t_Item'0) (b : borrowed t_I'0) (bc : Seq.seq t_Item'0) (c : borrowed t_I'0) : () goal vc_produces_trans'0 : ([%#siter1] produces'0 b bc c) @@ -12819,30 +13505,1031 @@ module M_creusot_contracts__logic__fmap__qyi9892930999379617882__contains_ghost (! return' {result}) ] - predicate invariant'2 [#"../../../creusot-contracts/src/invariant.rs" 23 4 23 30] (self : t_Option'0) = - [%#sinvariant13] inv'2 self + predicate invariant'2 [#"../../../creusot-contracts/src/invariant.rs" 23 4 23 30] (self : t_Option'0) = + [%#sinvariant13] inv'2 self + + predicate inv'3 [#"../../../creusot-contracts/src/invariant.rs" 41 0 41 35] (_1 : t_Option'0) + + axiom inv_axiom'3 [@rewrite] : forall x : t_Option'0 [inv'3 x] . inv'3 x = invariant'2 x + + let rec is_some'0 (self:t_Option'0) (return' (ret:bool))= {[@expl:is_some 'self' type invariant] inv'3 self} + any [ return' (result:bool)-> {[%#soption7] result = (self <> C_None'0)} (! return' {result}) ] + + use prelude.prelude.Intrinsic + + meta "compute_max_steps" 1000000 + + let rec contains_ghost'0 (self:t_FMap'0) (key:t_K'0) (return' (ret:bool))= {[@expl:contains_ghost 'self' type invariant] [%#sfmap0] inv'0 self} + {[@expl:contains_ghost 'key' type invariant] [%#sfmap1] inv'1 key} + (! bb0 + [ bb0 = s0 [ s0 = get_ghost'0 {self} {key} (fun (_ret':t_Option'0) -> [ &_5 <- _ret' ] s1) | s1 = bb1 ] + | bb1 = s0 [ s0 = is_some'0 {_5} (fun (_ret':bool) -> [ &_0 <- _ret' ] s1) | s1 = bb2 ] + | bb2 = return' {_0} ] + ) [ & _0 : bool = any_l () | & self : t_FMap'0 = self | & key : t_K'0 = key | & _5 : t_Option'0 = any_l () ] + [ return' (result:bool)-> {[@expl:contains_ghost ensures] [%#sfmap2] result = contains'0 self key} + (! return' {result}) ] + +end +module M_creusot_contracts__logic__fset__qyi12147533290214288165__ext_eq [#"../../../creusot-contracts/src/logic/fset.rs" 186 4 188 17] (* logic::fset::FSet *) + let%span sfset0 = "../../../creusot-contracts/src/logic/fset.rs" 185 14 185 38 + let%span sfset1 = "../../../creusot-contracts/src/logic/fset.rs" 191 12 191 63 + let%span sfset2 = "../../../creusot-contracts/src/logic/fset.rs" 46 8 46 26 + + type t_T'0 + + use set.Fset + + use set.Fset + + predicate contains'0 [@inline:trivial] [#"../../../creusot-contracts/src/logic/fset.rs" 45 4 45 39] (self : Fset.fset t_T'0) (e : t_T'0) + + = + [%#sfset2] Fset.mem e self + + constant self : Fset.fset t_T'0 + + constant other : Fset.fset t_T'0 + + predicate ext_eq'0 [#"../../../creusot-contracts/src/logic/fset.rs" 186 4 188 17] (self : Fset.fset t_T'0) (other : Fset.fset t_T'0) + + + goal vc_ext_eq'0 : [%#sfset0] ([%#sfset1] forall e : t_T'0 . contains'0 self e = contains'0 other e) -> self = other +end +module M_creusot_contracts__logic__fset__qyi12147533290214288165__singleton [#"../../../creusot-contracts/src/logic/fset.rs" 201 4 201 34] (* logic::fset::FSet *) + let%span sfset0 = "../../../creusot-contracts/src/logic/fset.rs" 200 14 200 57 + let%span sfset1 = "../../../creusot-contracts/src/logic/fset.rs" 202 8 202 29 + let%span sfset2 = "../../../creusot-contracts/src/logic/fset.rs" 46 8 46 26 + let%span sfset3 = "../../../creusot-contracts/src/logic/fset.rs" 65 8 65 26 + + type t_T'0 + + use set.Fset + + use set.Fset + + predicate contains'0 [@inline:trivial] [#"../../../creusot-contracts/src/logic/fset.rs" 45 4 45 39] (self : Fset.fset t_T'0) (e : t_T'0) + + = + [%#sfset2] Fset.mem e self + + use set.Fset + + use set.Fset + + function insert'0 [@inline:trivial] [#"../../../creusot-contracts/src/logic/fset.rs" 64 4 64 37] (self : Fset.fset t_T'0) (e : t_T'0) : Fset.fset t_T'0 + + = + [%#sfset3] Fset.add e self + + constant x : t_T'0 + + function singleton'0 [#"../../../creusot-contracts/src/logic/fset.rs" 201 4 201 34] (x : t_T'0) : Fset.fset t_T'0 + + goal vc_singleton'0 : [%#sfset0] forall y : t_T'0 . contains'0 (insert'0 (Fset.empty : Fset.fset t_T'0) x) y = (x = y) +end +module M_creusot_contracts__logic__fset__qyi12147533290214288165__unions [#"../../../creusot-contracts/src/logic/fset.rs" 210 4 210 61] (* logic::fset::FSet *) + let%span sfset0 = "../../../creusot-contracts/src/logic/fset.rs" 208 14 208 102 + let%span sfset1 = "../../../creusot-contracts/src/logic/fset.rs" 209 14 209 24 + let%span sfset2 = "../../../creusot-contracts/src/logic/fset.rs" 206 4 206 12 + let%span sfset3 = "../../../creusot-contracts/src/logic/fset.rs" 46 8 46 26 + let%span sfset4 = "../../../creusot-contracts/src/logic/fset.rs" 92 8 92 26 + + type t_U'0 + + use set.Fset + + use set.Fset + + predicate contains'0 [@inline:trivial] [#"../../../creusot-contracts/src/logic/fset.rs" 45 4 45 39] (self : Fset.fset t_U'0) (e : t_U'0) + + = + [%#sfset3] Fset.mem e self + + type t_T'0 + + use set.Fset + + use set.Fset + + predicate contains'1 [@inline:trivial] [#"../../../creusot-contracts/src/logic/fset.rs" 45 4 45 39] (self : Fset.fset t_T'0) (e : t_T'0) + + = + [%#sfset3] Fset.mem e self + + use map.Map + + use set.Fset + + use map.Map + + use prelude.prelude.Int + + use set.Fset + + use set.Fset + + use set.Fset + + function remove'0 [@inline:trivial] [#"../../../creusot-contracts/src/logic/fset.rs" 91 4 91 37] (self : Fset.fset t_T'0) (e : t_T'0) : Fset.fset t_T'0 + + = + [%#sfset4] Fset.remove e self + + use set.Fset + + constant self : Fset.fset t_T'0 + + constant f : Map.map t_T'0 (Fset.fset t_U'0) + + function unions'0 [#"../../../creusot-contracts/src/logic/fset.rs" 210 4 210 61] (self : Fset.fset t_T'0) (f : Map.map t_T'0 (Fset.fset t_U'0)) : Fset.fset t_U'0 + + + goal vc_unions'0 : if Fset.cardinal self = 0 then + [%#sfset0] forall y : t_U'0 . contains'0 (Fset.empty : Fset.fset t_U'0) y + = (exists x : t_T'0 . contains'1 self x /\ contains'0 (Map.get f x) y) + else + let x = Fset.pick self in (0 <= ([%#sfset1] Fset.cardinal self) + /\ ([%#sfset1] Fset.cardinal (remove'0 self x)) < ([%#sfset1] Fset.cardinal self)) + /\ (([%#sfset0] forall y : t_U'0 . contains'0 (unions'0 (remove'0 self x) f) y + = (exists x' : t_T'0 . contains'1 (remove'0 self x) x' /\ contains'0 (Map.get f x') y)) + -> ([%#sfset0] forall y : t_U'0 . contains'0 (Fset.union (Map.get f x) (unions'0 (remove'0 self x) f)) y + = (exists x : t_T'0 . contains'1 self x /\ contains'0 (Map.get f x) y))) + +end +module M_creusot_contracts__logic__fset__qyi12147533290214288165__replicate [#"../../../creusot-contracts/src/logic/fset.rs" 267 4 267 50] (* logic::fset::FSet *) + let%span sfset0 = "../../../creusot-contracts/src/logic/fset.rs" 264 15 264 21 + let%span sfset1 = "../../../creusot-contracts/src/logic/fset.rs" 265 14 265 123 + let%span sfset2 = "../../../creusot-contracts/src/logic/fset.rs" 266 14 266 15 + let%span sfset3 = "../../../creusot-contracts/src/logic/fset.rs" 270 32 270 85 + let%span sfset4 = "../../../creusot-contracts/src/logic/fset.rs" 200 14 200 57 + let%span sfset5 = "../../../creusot-contracts/src/logic/fset.rs" 273 32 273 108 + let%span sfset6 = "../../../creusot-contracts/src/logic/fset.rs" 247 14 247 117 + let%span sfset7 = "../../../creusot-contracts/src/logic/fset.rs" 268 8 276 9 + let%span sfset8 = "../../../creusot-contracts/src/logic/fset.rs" 46 8 46 26 + let%span sseq9 = "../../../creusot-contracts/src/logic/seq.rs" 355 20 355 77 + let%span sfset10 = "../../../creusot-contracts/src/logic/fset.rs" 202 8 202 29 + let%span sseq11 = "../../../creusot-contracts/src/logic/seq.rs" 173 8 173 39 + let%span sfset12 = "../../../creusot-contracts/src/logic/fset.rs" 65 8 65 26 + + use prelude.prelude.Int + + type t_T'0 + + use seq.Seq + + use set.Fset + + use set.Fset + + predicate contains'0 [@inline:trivial] [#"../../../creusot-contracts/src/logic/fset.rs" 45 4 45 39] (self : Fset.fset (Seq.seq t_T'0)) (e : Seq.seq t_T'0) + + = + [%#sfset8] Fset.mem e self + + use seq.Seq + + use seq.Seq + + predicate contains'1 [#"../../../creusot-contracts/src/logic/seq.rs" 351 4 353 17] (self : Seq.seq t_T'0) (x : t_T'0) + = + [%#sseq9] exists i : int . 0 <= i /\ i < Seq.length self /\ Seq.get self i = x + + use set.Fset + + use set.Fset + + predicate contains'2 [@inline:trivial] [#"../../../creusot-contracts/src/logic/fset.rs" 45 4 45 39] (self : Fset.fset t_T'0) (e : t_T'0) + + = + [%#sfset8] Fset.mem e self + + use seq.Seq + + use set.Fset + + use set.Fset + + function insert'0 [@inline:trivial] [#"../../../creusot-contracts/src/logic/fset.rs" 64 4 64 37] (self : Fset.fset (Seq.seq t_T'0)) (e : Seq.seq t_T'0) : Fset.fset (Seq.seq t_T'0) + + = + [%#sfset12] Fset.add e self + + function singleton'0 [#"../../../creusot-contracts/src/logic/fset.rs" 201 4 201 34] (x : Seq.seq t_T'0) : Fset.fset (Seq.seq t_T'0) + + = + [%#sfset10] insert'0 (Fset.empty : Fset.fset (Seq.seq t_T'0)) x + + axiom singleton'0_spec : forall x : Seq.seq t_T'0 . [%#sfset4] forall y : Seq.seq t_T'0 . contains'0 (singleton'0 x) y + = (x = y) + + use seq.Seq + + function tail'0 [#"../../../creusot-contracts/src/logic/seq.rs" 172 4 172 29] (self : Seq.seq t_T'0) : Seq.seq t_T'0 = + [%#sseq11] Seq.([..]) self 1 (Seq.length self) + + function cons'0 [#"../../../creusot-contracts/src/logic/fset.rs" 248 4 248 61] (s : Fset.fset t_T'0) (ss : Fset.fset (Seq.seq t_T'0)) : Fset.fset (Seq.seq t_T'0) + + + axiom cons'0_spec : forall s : Fset.fset t_T'0, ss : Fset.fset (Seq.seq t_T'0) . [%#sfset6] forall xs : Seq.seq t_T'0 . contains'0 (cons'0 s ss) xs + = (0 < Seq.length xs /\ contains'2 s (Seq.get xs 0) /\ contains'0 ss (tail'0 xs)) + + constant self : Fset.fset t_T'0 + + constant n : int + + function replicate'0 [#"../../../creusot-contracts/src/logic/fset.rs" 267 4 267 50] (self : Fset.fset t_T'0) (n : int) : Fset.fset (Seq.seq t_T'0) + + + goal vc_replicate'0 : ([%#sfset0] n >= 0) + -> (if n = 0 then + ([%#sfset3] forall xs : Seq.seq t_T'0 . Seq.length xs = 0 -> xs = (Seq.empty : Seq.seq t_T'0)) + && (let _ = () in let _ = () in ([%#sfset4] forall y : Seq.seq t_T'0 . contains'0 (singleton'0 (Seq.empty : Seq.seq t_T'0)) y + = ((Seq.empty : Seq.seq t_T'0) = y)) + -> ([%#sfset1] forall xs : Seq.seq t_T'0 . contains'0 (singleton'0 (Seq.empty : Seq.seq t_T'0)) xs + = (Seq.length xs = n /\ (forall x : t_T'0 . contains'1 xs x -> contains'2 self x)))) + else + ([%#sfset5] forall xs : Seq.seq t_T'0, i : int . 0 < i /\ i < Seq.length xs + -> Seq.get xs i = Seq.get (tail'0 xs) (i - 1)) + && (let _ = () in let _ = () in (([@expl:replicate requires] [%#sfset0] n - 1 >= 0) + /\ 0 <= ([%#sfset2] n) /\ ([%#sfset2] n - 1) < ([%#sfset2] n)) + /\ (([%#sfset1] forall xs : Seq.seq t_T'0 . contains'0 (replicate'0 self (n - 1)) xs + = (Seq.length xs = n - 1 /\ (forall x : t_T'0 . contains'1 xs x -> contains'2 self x))) + -> ([%#sfset6] forall xs : Seq.seq t_T'0 . contains'0 (cons'0 self (replicate'0 self (n - 1))) xs + = (0 < Seq.length xs /\ contains'2 self (Seq.get xs 0) /\ contains'0 (replicate'0 self (n - 1)) (tail'0 xs))) + -> ([%#sfset1] forall xs : Seq.seq t_T'0 . contains'0 (cons'0 self (replicate'0 self (n - 1))) xs + = (Seq.length xs = n /\ (forall x : t_T'0 . contains'1 xs x -> contains'2 self x))))) + ) +end +module M_creusot_contracts__logic__fset__qyi12147533290214288165__replicate_up_to [#"../../../creusot-contracts/src/logic/fset.rs" 285 4 285 56] (* logic::fset::FSet *) + let%span sfset0 = "../../../creusot-contracts/src/logic/fset.rs" 282 15 282 21 + let%span sfset1 = "../../../creusot-contracts/src/logic/fset.rs" 283 14 283 123 + let%span sfset2 = "../../../creusot-contracts/src/logic/fset.rs" 284 14 284 15 + let%span sfset3 = "../../../creusot-contracts/src/logic/fset.rs" 288 32 288 85 + let%span sfset4 = "../../../creusot-contracts/src/logic/fset.rs" 200 14 200 57 + let%span sfset5 = "../../../creusot-contracts/src/logic/fset.rs" 264 15 264 21 + let%span sfset6 = "../../../creusot-contracts/src/logic/fset.rs" 265 14 265 123 + let%span sfset7 = "../../../creusot-contracts/src/logic/fset.rs" 266 14 266 15 + let%span sfset8 = "../../../creusot-contracts/src/logic/fset.rs" 286 8 293 9 + let%span sfset9 = "../../../creusot-contracts/src/logic/fset.rs" 46 8 46 26 + let%span sseq10 = "../../../creusot-contracts/src/logic/seq.rs" 355 20 355 77 + let%span sfset11 = "../../../creusot-contracts/src/logic/fset.rs" 202 8 202 29 + let%span sfset12 = "../../../creusot-contracts/src/logic/fset.rs" 268 8 276 9 + let%span sfset13 = "../../../creusot-contracts/src/logic/fset.rs" 65 8 65 26 + let%span sfset14 = "../../../creusot-contracts/src/logic/fset.rs" 247 14 247 117 + let%span sseq15 = "../../../creusot-contracts/src/logic/seq.rs" 173 8 173 39 + + use prelude.prelude.Int + + type t_T'0 + + use seq.Seq + + use set.Fset + + use set.Fset + + predicate contains'0 [@inline:trivial] [#"../../../creusot-contracts/src/logic/fset.rs" 45 4 45 39] (self : Fset.fset (Seq.seq t_T'0)) (e : Seq.seq t_T'0) + + = + [%#sfset9] Fset.mem e self + + use seq.Seq + + use seq.Seq + + predicate contains'1 [#"../../../creusot-contracts/src/logic/seq.rs" 351 4 353 17] (self : Seq.seq t_T'0) (x : t_T'0) + = + [%#sseq10] exists i : int . 0 <= i /\ i < Seq.length self /\ Seq.get self i = x + + use set.Fset + + use set.Fset + + predicate contains'2 [@inline:trivial] [#"../../../creusot-contracts/src/logic/fset.rs" 45 4 45 39] (self : Fset.fset t_T'0) (e : t_T'0) + + = + [%#sfset9] Fset.mem e self + + use seq.Seq + + use set.Fset + + use set.Fset + + function insert'0 [@inline:trivial] [#"../../../creusot-contracts/src/logic/fset.rs" 64 4 64 37] (self : Fset.fset (Seq.seq t_T'0)) (e : Seq.seq t_T'0) : Fset.fset (Seq.seq t_T'0) + + = + [%#sfset13] Fset.add e self + + function singleton'0 [#"../../../creusot-contracts/src/logic/fset.rs" 201 4 201 34] (x : Seq.seq t_T'0) : Fset.fset (Seq.seq t_T'0) + + = + [%#sfset11] insert'0 (Fset.empty : Fset.fset (Seq.seq t_T'0)) x + + axiom singleton'0_spec : forall x : Seq.seq t_T'0 . [%#sfset4] forall y : Seq.seq t_T'0 . contains'0 (singleton'0 x) y + = (x = y) + + use seq.Seq + + function tail'0 [#"../../../creusot-contracts/src/logic/seq.rs" 172 4 172 29] (self : Seq.seq t_T'0) : Seq.seq t_T'0 = + [%#sseq15] Seq.([..]) self 1 (Seq.length self) + + function cons'0 [#"../../../creusot-contracts/src/logic/fset.rs" 248 4 248 61] (s : Fset.fset t_T'0) (ss : Fset.fset (Seq.seq t_T'0)) : Fset.fset (Seq.seq t_T'0) + + + axiom cons'0_spec : forall s : Fset.fset t_T'0, ss : Fset.fset (Seq.seq t_T'0) . [%#sfset14] forall xs : Seq.seq t_T'0 . contains'0 (cons'0 s ss) xs + = (0 < Seq.length xs /\ contains'2 s (Seq.get xs 0) /\ contains'0 ss (tail'0 xs)) + + function replicate'0 [#"../../../creusot-contracts/src/logic/fset.rs" 267 4 267 50] (self : Fset.fset t_T'0) (n : int) : Fset.fset (Seq.seq t_T'0) + + + axiom replicate'0_def : forall self : Fset.fset t_T'0, n : int . ([%#sfset5] n >= 0) + -> replicate'0 self n + = ([%#sfset12] if n = 0 then + let _ = let _ = () in () in singleton'0 (Seq.empty : Seq.seq t_T'0) + else + let _ = let _ = () in () in cons'0 self (replicate'0 self (n - 1)) + ) + + axiom replicate'0_spec : forall self : Fset.fset t_T'0, n : int . ([%#sfset5] n >= 0) + -> ([%#sfset6] forall xs : Seq.seq t_T'0 . contains'0 (replicate'0 self n) xs + = (Seq.length xs = n /\ (forall x : t_T'0 . contains'1 xs x -> contains'2 self x))) + + use set.Fset + + constant self : Fset.fset t_T'0 + + constant n : int + + function replicate_up_to'0 [#"../../../creusot-contracts/src/logic/fset.rs" 285 4 285 56] (self : Fset.fset t_T'0) (n : int) : Fset.fset (Seq.seq t_T'0) + + + goal vc_replicate_up_to'0 : ([%#sfset0] n >= 0) + -> (if n = 0 then + ([%#sfset3] forall xs : Seq.seq t_T'0 . Seq.length xs = 0 -> xs = (Seq.empty : Seq.seq t_T'0)) + && (let _ = () in let _ = () in ([%#sfset4] forall y : Seq.seq t_T'0 . contains'0 (singleton'0 (Seq.empty : Seq.seq t_T'0)) y + = ((Seq.empty : Seq.seq t_T'0) = y)) + -> ([%#sfset1] forall xs : Seq.seq t_T'0 . contains'0 (singleton'0 (Seq.empty : Seq.seq t_T'0)) xs + = (Seq.length xs <= n /\ (forall x : t_T'0 . contains'1 xs x -> contains'2 self x)))) + else + (([@expl:replicate_up_to requires] [%#sfset0] n - 1 >= 0) + /\ 0 <= ([%#sfset2] n) /\ ([%#sfset2] n - 1) < ([%#sfset2] n)) + /\ (([%#sfset1] forall xs : Seq.seq t_T'0 . contains'0 (replicate_up_to'0 self (n - 1)) xs + = (Seq.length xs <= n - 1 /\ (forall x : t_T'0 . contains'1 xs x -> contains'2 self x))) + -> ([@expl:replicate requires] [%#sfset5] n >= 0) + /\ (([%#sfset6] forall xs : Seq.seq t_T'0 . contains'0 (replicate'0 self n) xs + = (Seq.length xs = n /\ (forall x : t_T'0 . contains'1 xs x -> contains'2 self x))) + -> ([%#sfset1] forall xs : Seq.seq t_T'0 . contains'0 (Fset.union (replicate_up_to'0 self (n + - 1)) (replicate'0 self n)) xs + = (Seq.length xs <= n /\ (forall x : t_T'0 . contains'1 xs x -> contains'2 self x))))) + ) +end +module M_creusot_contracts__logic__fset__unions_union [#"../../../creusot-contracts/src/logic/fset.rs" 469 0 469 27] + let%span sfset0 = "../../../creusot-contracts/src/logic/fset.rs" 466 10 466 125 + let%span sfset1 = "../../../creusot-contracts/src/logic/fset.rs" 467 10 468 76 + let%span sfset2 = "../../../creusot-contracts/src/logic/fset.rs" 464 0 464 8 + let%span sfset3 = "../../../creusot-contracts/src/logic/fset.rs" 208 14 208 102 + let%span sfset4 = "../../../creusot-contracts/src/logic/fset.rs" 209 14 209 24 + let%span sfset5 = "../../../creusot-contracts/src/logic/fset.rs" 206 4 206 12 + let%span sfset6 = "../../../creusot-contracts/src/logic/fset.rs" 46 8 46 26 + let%span sfset7 = "../../../creusot-contracts/src/logic/fset.rs" 92 8 92 26 + + type t_T'0 + + use set.Fset + + type t_U'0 + + use set.Fset + + use map.Map + + use set.Fset + + use set.Fset + + predicate contains'0 [@inline:trivial] [#"../../../creusot-contracts/src/logic/fset.rs" 45 4 45 39] (self : Fset.fset t_U'0) (e : t_U'0) + + = + [%#sfset6] Fset.mem e self + + use set.Fset + + predicate contains'1 [@inline:trivial] [#"../../../creusot-contracts/src/logic/fset.rs" 45 4 45 39] (self : Fset.fset t_T'0) (e : t_T'0) + + = + [%#sfset6] Fset.mem e self + + use map.Map + + use set.Fset + + use set.Fset + + use set.Fset + + use set.Fset + + function remove'0 [@inline:trivial] [#"../../../creusot-contracts/src/logic/fset.rs" 91 4 91 37] (self : Fset.fset t_T'0) (e : t_T'0) : Fset.fset t_T'0 + + = + [%#sfset7] Fset.remove e self + + use set.Fset + + function unions'0 [#"../../../creusot-contracts/src/logic/fset.rs" 210 4 210 61] (self : Fset.fset t_T'0) (f : Map.map t_T'0 (Fset.fset t_U'0)) : Fset.fset t_U'0 + + + axiom unions'0_def : forall self : Fset.fset t_T'0, f : Map.map t_T'0 (Fset.fset t_U'0) . unions'0 self f + = ([%#sfset5] if Fset.cardinal self = 0 then + Fset.empty : Fset.fset t_U'0 + else + let x = Fset.pick self in Fset.union (Map.get f x) (unions'0 (remove'0 self x) f) + ) + + axiom unions'0_spec : forall self : Fset.fset t_T'0, f : Map.map t_T'0 (Fset.fset t_U'0) . [%#sfset3] forall y : t_U'0 . contains'0 (unions'0 self f) y + = (exists x : t_T'0 . contains'1 self x /\ contains'0 (Map.get f x) y) + + use prelude.prelude.Mapping + + constant _1 : () + + function unions_union'0 [#"../../../creusot-contracts/src/logic/fset.rs" 469 0 469 27] (_1 : ()) : () + + goal vc_unions_union'0 : ([%#sfset0] forall s1 : Fset.fset t_T'0, s2 : Fset.fset t_T'0, f : Map.map t_T'0 (Fset.fset t_U'0) . unions'0 (Fset.union s1 s2) f + = Fset.union (unions'0 s1 f) (unions'0 s2 f)) + && ([%#sfset1] forall s : Fset.fset t_T'0, f : Map.map t_T'0 (Fset.fset t_U'0), g : Map.map t_T'0 (Fset.fset t_U'0) . unions'0 s (Mapping.from_fn (fun (x : t_T'0) -> Fset.union (Map.get f x) (Map.get g x))) + = Fset.union (unions'0 s f) (unions'0 s g)) +end +module M_creusot_contracts__logic__fset__map_union [#"../../../creusot-contracts/src/logic/fset.rs" 475 0 475 24] + let%span sfset0 = "../../../creusot-contracts/src/logic/fset.rs" 474 10 474 104 + let%span sfset1 = "../../../creusot-contracts/src/logic/fset.rs" 472 0 472 8 + let%span sfset2 = "../../../creusot-contracts/src/logic/fset.rs" 231 8 231 27 + + type t_T'0 + + use set.Fset + + type t_U'0 + + use map.Map + + use set.Fset + + use set.Fset + + use set.Fset + + function map'0 [#"../../../creusot-contracts/src/logic/fset.rs" 230 4 230 52] (self : Fset.fset t_T'0) (f : Map.map t_T'0 t_U'0) : Fset.fset t_U'0 + + = + [%#sfset2] Fset.map f self + + use set.Fset + + constant _1 : () + + function map_union'0 [#"../../../creusot-contracts/src/logic/fset.rs" 475 0 475 24] (_1 : ()) : () + + goal vc_map_union'0 : [%#sfset0] forall s : Fset.fset t_T'0, t : Fset.fset t_T'0, f : Map.map t_T'0 t_U'0 . map'0 (Fset.union s t) f + = Fset.union (map'0 s f) (map'0 t f) +end +module M_creusot_contracts__logic__fset__concat_union [#"../../../creusot-contracts/src/logic/fset.rs" 484 0 484 24] + let%span sfset0 = "../../../creusot-contracts/src/logic/fset.rs" 480 10 481 83 + let%span sfset1 = "../../../creusot-contracts/src/logic/fset.rs" 482 10 483 83 + let%span sfset2 = "../../../creusot-contracts/src/logic/fset.rs" 478 0 478 8 + let%span sfset3 = "../../../creusot-contracts/src/logic/fset.rs" 256 14 256 144 + let%span sfset4 = "../../../creusot-contracts/src/logic/fset.rs" 46 8 46 26 + + type t_T'0 + + use seq.Seq + + use set.Fset + + use set.Fset + + use set.Fset + + predicate contains'0 [@inline:trivial] [#"../../../creusot-contracts/src/logic/fset.rs" 45 4 45 39] (self : Fset.fset (Seq.seq t_T'0)) (e : Seq.seq t_T'0) + + = + [%#sfset4] Fset.mem e self + + use seq.Seq + + function concat'0 [#"../../../creusot-contracts/src/logic/fset.rs" 257 4 257 67] (s : Fset.fset (Seq.seq t_T'0)) (t : Fset.fset (Seq.seq t_T'0)) : Fset.fset (Seq.seq t_T'0) + + + axiom concat'0_spec : forall s : Fset.fset (Seq.seq t_T'0), t : Fset.fset (Seq.seq t_T'0) . [%#sfset3] forall xs : Seq.seq t_T'0 . contains'0 (concat'0 s t) xs + = (exists ys : Seq.seq t_T'0, zs : Seq.seq t_T'0 . contains'0 s ys /\ contains'0 t zs /\ xs = Seq.(++) ys zs) + + constant _1 : () + + function concat_union'0 [#"../../../creusot-contracts/src/logic/fset.rs" 484 0 484 24] (_1 : ()) : () + + goal vc_concat_union'0 : ([%#sfset0] forall s1 : Fset.fset (Seq.seq t_T'0), s2 : Fset.fset (Seq.seq t_T'0), t : Fset.fset (Seq.seq t_T'0) . concat'0 (Fset.union s1 s2) t + = Fset.union (concat'0 s1 t) (concat'0 s2 t)) + && ([%#sfset1] forall s : Fset.fset (Seq.seq t_T'0), t1 : Fset.fset (Seq.seq t_T'0), t2 : Fset.fset (Seq.seq t_T'0) . concat'0 s (Fset.union t1 t2) + = Fset.union (concat'0 s t1) (concat'0 s t2)) +end +module M_creusot_contracts__logic__fset__cons_concat [#"../../../creusot-contracts/src/logic/fset.rs" 490 0 490 23] + let%span sfset0 = "../../../creusot-contracts/src/logic/fset.rs" 489 10 489 133 + let%span sfset1 = "../../../creusot-contracts/src/logic/fset.rs" 491 20 491 115 + let%span sfset2 = "../../../creusot-contracts/src/logic/fset.rs" 492 20 492 74 + let%span sfset3 = "../../../creusot-contracts/src/logic/fset.rs" 493 20 493 89 + let%span sfset4 = "../../../creusot-contracts/src/logic/fset.rs" 491 4 491 117 + let%span sfset5 = "../../../creusot-contracts/src/logic/fset.rs" 247 14 247 117 + let%span sfset6 = "../../../creusot-contracts/src/logic/fset.rs" 256 14 256 144 + let%span sseq7 = "../../../creusot-contracts/src/logic/seq.rs" 251 8 251 27 + let%span sseq8 = "../../../creusot-contracts/src/logic/seq.rs" 173 8 173 39 + let%span sfset9 = "../../../creusot-contracts/src/logic/fset.rs" 46 8 46 26 + + type t_T'0 + + use set.Fset + + use seq.Seq + + use set.Fset + + use set.Fset + + predicate contains'0 [@inline:trivial] [#"../../../creusot-contracts/src/logic/fset.rs" 45 4 45 39] (self : Fset.fset (Seq.seq t_T'0)) (e : Seq.seq t_T'0) + + = + [%#sfset9] Fset.mem e self + + use seq.Seq + + use prelude.prelude.Int + + use seq.Seq + + use set.Fset + + predicate contains'1 [@inline:trivial] [#"../../../creusot-contracts/src/logic/fset.rs" 45 4 45 39] (self : Fset.fset t_T'0) (e : t_T'0) + + = + [%#sfset9] Fset.mem e self + + use seq.Seq + + function tail'0 [#"../../../creusot-contracts/src/logic/seq.rs" 172 4 172 29] (self : Seq.seq t_T'0) : Seq.seq t_T'0 = + [%#sseq8] Seq.([..]) self 1 (Seq.length self) + + function cons'0 [#"../../../creusot-contracts/src/logic/fset.rs" 248 4 248 61] (s : Fset.fset t_T'0) (ss : Fset.fset (Seq.seq t_T'0)) : Fset.fset (Seq.seq t_T'0) + + + axiom cons'0_spec : forall s : Fset.fset t_T'0, ss : Fset.fset (Seq.seq t_T'0) . [%#sfset5] forall xs : Seq.seq t_T'0 . contains'0 (cons'0 s ss) xs + = (0 < Seq.length xs /\ contains'1 s (Seq.get xs 0) /\ contains'0 ss (tail'0 xs)) + + use seq.Seq + + function concat'0 [#"../../../creusot-contracts/src/logic/fset.rs" 257 4 257 67] (s : Fset.fset (Seq.seq t_T'0)) (t : Fset.fset (Seq.seq t_T'0)) : Fset.fset (Seq.seq t_T'0) + + + axiom concat'0_spec : forall s : Fset.fset (Seq.seq t_T'0), t : Fset.fset (Seq.seq t_T'0) . [%#sfset6] forall xs : Seq.seq t_T'0 . contains'0 (concat'0 s t) xs + = (exists ys : Seq.seq t_T'0, zs : Seq.seq t_T'0 . contains'0 s ys /\ contains'0 t zs /\ xs = Seq.(++) ys zs) + + use seq.Seq + + function push_front'0 [@inline:trivial] [#"../../../creusot-contracts/src/logic/seq.rs" 250 4 250 41] (self : Seq.seq t_T'0) (x : t_T'0) : Seq.seq t_T'0 + + = + [%#sseq7] Seq.cons x self + + constant _1 : () + + function cons_concat'0 [#"../../../creusot-contracts/src/logic/fset.rs" 490 0 490 23] (_1 : ()) : () + + goal vc_cons_concat'0 : ([%#sfset1] forall x : t_T'0, xs : Seq.seq t_T'0, ys : Seq.seq t_T'0 . Seq.(++) (push_front'0 xs x) ys + = push_front'0 (Seq.(++) xs ys) x) + && (let _ = () in let _ = () in ([%#sfset2] forall x : t_T'0, ys : Seq.seq t_T'0 . tail'0 (push_front'0 ys x) = ys) + && (let _ = () in let _ = () in ([%#sfset3] forall ys : Seq.seq t_T'0 . 0 < Seq.length ys + -> ys = push_front'0 (tail'0 ys) (Seq.get ys 0)) + && (let _ = () in let _ = () in [%#sfset0] forall s : Fset.fset t_T'0, t : Fset.fset (Seq.seq t_T'0), u : Fset.fset (Seq.seq t_T'0) . concat'0 (cons'0 s t) u + = cons'0 s (concat'0 t u)))) +end +module M_creusot_contracts__logic__fset__concat_replicate [#"../../../creusot-contracts/src/logic/fset.rs" 502 0 502 54] + let%span sfset0 = "../../../creusot-contracts/src/logic/fset.rs" 499 11 499 27 + let%span sfset1 = "../../../creusot-contracts/src/logic/fset.rs" 500 10 500 76 + let%span sfset2 = "../../../creusot-contracts/src/logic/fset.rs" 501 10 501 11 + let%span sfset3 = "../../../creusot-contracts/src/logic/fset.rs" 264 15 264 21 + let%span sfset4 = "../../../creusot-contracts/src/logic/fset.rs" 265 14 265 123 + let%span sfset5 = "../../../creusot-contracts/src/logic/fset.rs" 266 14 266 15 + let%span sfset6 = "../../../creusot-contracts/src/logic/fset.rs" 516 10 516 59 + let%span sfset7 = "../../../creusot-contracts/src/logic/fset.rs" 517 10 517 59 + let%span sfset8 = "../../../creusot-contracts/src/logic/fset.rs" 489 10 489 133 + let%span sfset9 = "../../../creusot-contracts/src/logic/fset.rs" 503 4 510 5 + let%span sfset10 = "../../../creusot-contracts/src/logic/fset.rs" 268 8 276 9 + let%span sfset11 = "../../../creusot-contracts/src/logic/fset.rs" 256 14 256 144 + let%span sfset12 = "../../../creusot-contracts/src/logic/fset.rs" 46 8 46 26 + let%span sseq13 = "../../../creusot-contracts/src/logic/seq.rs" 355 20 355 77 + let%span sfset14 = "../../../creusot-contracts/src/logic/fset.rs" 519 4 519 68 + let%span sfset15 = "../../../creusot-contracts/src/logic/fset.rs" 200 14 200 57 + let%span sfset16 = "../../../creusot-contracts/src/logic/fset.rs" 202 8 202 29 + let%span sfset17 = "../../../creusot-contracts/src/logic/fset.rs" 491 4 491 117 + let%span sfset18 = "../../../creusot-contracts/src/logic/fset.rs" 247 14 247 117 + let%span sfset19 = "../../../creusot-contracts/src/logic/fset.rs" 65 8 65 26 + let%span sseq20 = "../../../creusot-contracts/src/logic/seq.rs" 173 8 173 39 + + use prelude.prelude.Int + + type t_T'0 + + use seq.Seq + + use set.Fset + + use set.Fset + + predicate contains'0 [@inline:trivial] [#"../../../creusot-contracts/src/logic/fset.rs" 45 4 45 39] (self : Fset.fset (Seq.seq t_T'0)) (e : Seq.seq t_T'0) + + = + [%#sfset12] Fset.mem e self + + use seq.Seq + + use seq.Seq + + predicate contains'1 [#"../../../creusot-contracts/src/logic/seq.rs" 351 4 353 17] (self : Seq.seq t_T'0) (x : t_T'0) + = + [%#sseq13] exists i : int . 0 <= i /\ i < Seq.length self /\ Seq.get self i = x + + use set.Fset + + use set.Fset + + predicate contains'2 [@inline:trivial] [#"../../../creusot-contracts/src/logic/fset.rs" 45 4 45 39] (self : Fset.fset t_T'0) (e : t_T'0) + + = + [%#sfset12] Fset.mem e self + + use seq.Seq + + use set.Fset + + use set.Fset + + function insert'0 [@inline:trivial] [#"../../../creusot-contracts/src/logic/fset.rs" 64 4 64 37] (self : Fset.fset (Seq.seq t_T'0)) (e : Seq.seq t_T'0) : Fset.fset (Seq.seq t_T'0) + + = + [%#sfset19] Fset.add e self + + function singleton'0 [#"../../../creusot-contracts/src/logic/fset.rs" 201 4 201 34] (x : Seq.seq t_T'0) : Fset.fset (Seq.seq t_T'0) + + = + [%#sfset16] insert'0 (Fset.empty : Fset.fset (Seq.seq t_T'0)) x + + axiom singleton'0_spec : forall x : Seq.seq t_T'0 . [%#sfset15] forall y : Seq.seq t_T'0 . contains'0 (singleton'0 x) y + = (x = y) + + use seq.Seq + + function tail'0 [#"../../../creusot-contracts/src/logic/seq.rs" 172 4 172 29] (self : Seq.seq t_T'0) : Seq.seq t_T'0 = + [%#sseq20] Seq.([..]) self 1 (Seq.length self) + + function cons'0 [#"../../../creusot-contracts/src/logic/fset.rs" 248 4 248 61] (s : Fset.fset t_T'0) (ss : Fset.fset (Seq.seq t_T'0)) : Fset.fset (Seq.seq t_T'0) + + + axiom cons'0_spec : forall s : Fset.fset t_T'0, ss : Fset.fset (Seq.seq t_T'0) . [%#sfset18] forall xs : Seq.seq t_T'0 . contains'0 (cons'0 s ss) xs + = (0 < Seq.length xs /\ contains'2 s (Seq.get xs 0) /\ contains'0 ss (tail'0 xs)) + + function replicate'0 [#"../../../creusot-contracts/src/logic/fset.rs" 267 4 267 50] (self : Fset.fset t_T'0) (n : int) : Fset.fset (Seq.seq t_T'0) + + + axiom replicate'0_def : forall self : Fset.fset t_T'0, n : int . ([%#sfset3] n >= 0) + -> replicate'0 self n + = ([%#sfset10] if n = 0 then + let _ = let _ = () in () in singleton'0 (Seq.empty : Seq.seq t_T'0) + else + let _ = let _ = () in () in cons'0 self (replicate'0 self (n - 1)) + ) + + axiom replicate'0_spec : forall self : Fset.fset t_T'0, n : int . ([%#sfset3] n >= 0) + -> ([%#sfset4] forall xs : Seq.seq t_T'0 . contains'0 (replicate'0 self n) xs + = (Seq.length xs = n /\ (forall x : t_T'0 . contains'1 xs x -> contains'2 self x))) + + use seq.Seq + + function concat'0 [#"../../../creusot-contracts/src/logic/fset.rs" 257 4 257 67] (s : Fset.fset (Seq.seq t_T'0)) (t : Fset.fset (Seq.seq t_T'0)) : Fset.fset (Seq.seq t_T'0) + + + axiom concat'0_spec : forall s : Fset.fset (Seq.seq t_T'0), t : Fset.fset (Seq.seq t_T'0) . [%#sfset11] forall xs : Seq.seq t_T'0 . contains'0 (concat'0 s t) xs + = (exists ys : Seq.seq t_T'0, zs : Seq.seq t_T'0 . contains'0 s ys /\ contains'0 t zs /\ xs = Seq.(++) ys zs) + + function concat_empty'0 [#"../../../creusot-contracts/src/logic/fset.rs" 518 0 518 39] (s : Fset.fset (Seq.seq t_T'0)) : () + + = + [%#sfset14] let _ = let _ = () in () in let _ = let _ = () in () in () + + axiom concat_empty'0_spec : forall s : Fset.fset (Seq.seq t_T'0) . ([%#sfset6] concat'0 (singleton'0 (Seq.empty : Seq.seq t_T'0)) s + = s) + && ([%#sfset7] concat'0 s (singleton'0 (Seq.empty : Seq.seq t_T'0)) = s) + + function cons_concat'0 [#"../../../creusot-contracts/src/logic/fset.rs" 490 0 490 23] (_1 : ()) : () = + [%#sfset17] let _ = let _ = () in () in let _ = let _ = () in () in let _ = let _ = () in () in () + + axiom cons_concat'0_spec : forall _1 : () . [%#sfset8] forall s : Fset.fset t_T'0, t : Fset.fset (Seq.seq t_T'0), u : Fset.fset (Seq.seq t_T'0) . concat'0 (cons'0 s t) u + = cons'0 s (concat'0 t u) + + constant n : int + + constant m : int + + constant s : Fset.fset t_T'0 + + function concat_replicate'0 [#"../../../creusot-contracts/src/logic/fset.rs" 502 0 502 54] (n : int) (m : int) (s : Fset.fset t_T'0) : () + + + goal vc_concat_replicate'0 : ([%#sfset0] 0 <= n /\ 0 <= m) + -> (if n = 0 then + ([@expl:replicate requires] [%#sfset3] m >= 0) + /\ (([%#sfset4] forall xs : Seq.seq t_T'0 . contains'0 (replicate'0 s m) xs + = (Seq.length xs = m /\ (forall x : t_T'0 . contains'1 xs x -> contains'2 s x))) + -> ([%#sfset6] concat'0 (singleton'0 (Seq.empty : Seq.seq t_T'0)) (replicate'0 s m) = replicate'0 s m) + && ([%#sfset7] concat'0 (replicate'0 s m) (singleton'0 (Seq.empty : Seq.seq t_T'0)) = replicate'0 s m) + -> (let _ = concat_empty'0 (replicate'0 s m) in [%#sfset1] replicate'0 s (n + m) + = concat'0 (replicate'0 s n) (replicate'0 s m))) + else + ([%#sfset8] forall s : Fset.fset t_T'0, t : Fset.fset (Seq.seq t_T'0), u : Fset.fset (Seq.seq t_T'0) . concat'0 (cons'0 s t) u + = cons'0 s (concat'0 t u)) + -> (let _ = cons_concat'0 () in (([@expl:concat_replicate requires] [%#sfset0] 0 <= n - 1 /\ 0 <= m) + /\ 0 <= ([%#sfset2] n) /\ ([%#sfset2] n - 1) < ([%#sfset2] n)) + /\ (([%#sfset1] replicate'0 s (n - 1 + m) = concat'0 (replicate'0 s (n - 1)) (replicate'0 s m)) + -> (let _ = concat_replicate'0 (n - 1) m s in [%#sfset1] replicate'0 s (n + m) + = concat'0 (replicate'0 s n) (replicate'0 s m)))) + ) +end +module M_creusot_contracts__logic__fset__concat_empty [#"../../../creusot-contracts/src/logic/fset.rs" 518 0 518 39] + let%span sfset0 = "../../../creusot-contracts/src/logic/fset.rs" 516 10 516 59 + let%span sfset1 = "../../../creusot-contracts/src/logic/fset.rs" 517 10 517 59 + let%span sfset2 = "../../../creusot-contracts/src/logic/fset.rs" 519 20 519 66 + let%span sfset3 = "../../../creusot-contracts/src/logic/fset.rs" 520 20 520 66 + let%span sfset4 = "../../../creusot-contracts/src/logic/fset.rs" 519 4 519 68 + let%span sfset5 = "../../../creusot-contracts/src/logic/fset.rs" 200 14 200 57 + let%span sfset6 = "../../../creusot-contracts/src/logic/fset.rs" 202 8 202 29 + let%span sfset7 = "../../../creusot-contracts/src/logic/fset.rs" 256 14 256 144 + let%span sfset8 = "../../../creusot-contracts/src/logic/fset.rs" 46 8 46 26 + let%span sfset9 = "../../../creusot-contracts/src/logic/fset.rs" 65 8 65 26 + + use seq.Seq + + type t_T'0 + + use seq.Seq + + use set.Fset + + use set.Fset + + predicate contains'0 [@inline:trivial] [#"../../../creusot-contracts/src/logic/fset.rs" 45 4 45 39] (self : Fset.fset (Seq.seq t_T'0)) (e : Seq.seq t_T'0) + + = + [%#sfset8] Fset.mem e self + + use set.Fset + + use set.Fset + + function insert'0 [@inline:trivial] [#"../../../creusot-contracts/src/logic/fset.rs" 64 4 64 37] (self : Fset.fset (Seq.seq t_T'0)) (e : Seq.seq t_T'0) : Fset.fset (Seq.seq t_T'0) + + = + [%#sfset9] Fset.add e self + + function singleton'0 [#"../../../creusot-contracts/src/logic/fset.rs" 201 4 201 34] (x : Seq.seq t_T'0) : Fset.fset (Seq.seq t_T'0) + + = + [%#sfset6] insert'0 (Fset.empty : Fset.fset (Seq.seq t_T'0)) x + + axiom singleton'0_spec : forall x : Seq.seq t_T'0 . [%#sfset5] forall y : Seq.seq t_T'0 . contains'0 (singleton'0 x) y + = (x = y) + + use seq.Seq + + function concat'0 [#"../../../creusot-contracts/src/logic/fset.rs" 257 4 257 67] (s : Fset.fset (Seq.seq t_T'0)) (t : Fset.fset (Seq.seq t_T'0)) : Fset.fset (Seq.seq t_T'0) + + + axiom concat'0_spec : forall s : Fset.fset (Seq.seq t_T'0), t : Fset.fset (Seq.seq t_T'0) . [%#sfset7] forall xs : Seq.seq t_T'0 . contains'0 (concat'0 s t) xs + = (exists ys : Seq.seq t_T'0, zs : Seq.seq t_T'0 . contains'0 s ys /\ contains'0 t zs /\ xs = Seq.(++) ys zs) + + constant s : Fset.fset (Seq.seq t_T'0) + + function concat_empty'0 [#"../../../creusot-contracts/src/logic/fset.rs" 518 0 518 39] (s : Fset.fset (Seq.seq t_T'0)) : () + + + goal vc_concat_empty'0 : ([%#sfset2] forall xs : Seq.seq t_T'0 . Seq.(++) xs (Seq.empty : Seq.seq t_T'0) = xs) + && (let _ = () in let _ = () in ([%#sfset3] forall xs : Seq.seq t_T'0 . Seq.(++) (Seq.empty : Seq.seq t_T'0) xs = xs) + && (let _ = () in let _ = () in ([%#sfset0] concat'0 (singleton'0 (Seq.empty : Seq.seq t_T'0)) s = s) + && ([%#sfset1] concat'0 s (singleton'0 (Seq.empty : Seq.seq t_T'0)) = s))) +end +module M_creusot_contracts__logic__fset__concat_replicate_up_to [#"../../../creusot-contracts/src/logic/fset.rs" 530 0 530 60] + let%span sfset0 = "../../../creusot-contracts/src/logic/fset.rs" 526 11 526 26 + let%span sfset1 = "../../../creusot-contracts/src/logic/fset.rs" 527 10 528 67 + let%span sfset2 = "../../../creusot-contracts/src/logic/fset.rs" 529 10 529 11 + let%span sfset3 = "../../../creusot-contracts/src/logic/fset.rs" 264 15 264 21 + let%span sfset4 = "../../../creusot-contracts/src/logic/fset.rs" 265 14 265 123 + let%span sfset5 = "../../../creusot-contracts/src/logic/fset.rs" 266 14 266 15 + let%span sfset6 = "../../../creusot-contracts/src/logic/fset.rs" 516 10 516 59 + let%span sfset7 = "../../../creusot-contracts/src/logic/fset.rs" 517 10 517 59 + let%span sfset8 = "../../../creusot-contracts/src/logic/fset.rs" 480 10 481 83 + let%span sfset9 = "../../../creusot-contracts/src/logic/fset.rs" 482 10 483 83 + let%span sfset10 = "../../../creusot-contracts/src/logic/fset.rs" 499 11 499 27 + let%span sfset11 = "../../../creusot-contracts/src/logic/fset.rs" 500 10 500 76 + let%span sfset12 = "../../../creusot-contracts/src/logic/fset.rs" 501 10 501 11 + let%span sfset13 = "../../../creusot-contracts/src/logic/fset.rs" 531 4 539 5 + let%span sfset14 = "../../../creusot-contracts/src/logic/fset.rs" 282 15 282 21 + let%span sfset15 = "../../../creusot-contracts/src/logic/fset.rs" 283 14 283 123 + let%span sfset16 = "../../../creusot-contracts/src/logic/fset.rs" 284 14 284 15 + let%span sfset17 = "../../../creusot-contracts/src/logic/fset.rs" 286 8 293 9 + let%span sfset18 = "../../../creusot-contracts/src/logic/fset.rs" 268 8 276 9 + let%span sfset19 = "../../../creusot-contracts/src/logic/fset.rs" 256 14 256 144 + let%span sfset20 = "../../../creusot-contracts/src/logic/fset.rs" 46 8 46 26 + let%span sseq21 = "../../../creusot-contracts/src/logic/seq.rs" 355 20 355 77 + let%span sfset22 = "../../../creusot-contracts/src/logic/fset.rs" 519 4 519 68 + let%span sfset23 = "../../../creusot-contracts/src/logic/fset.rs" 200 14 200 57 + let%span sfset24 = "../../../creusot-contracts/src/logic/fset.rs" 202 8 202 29 + let%span sfset25 = "../../../creusot-contracts/src/logic/fset.rs" 478 0 478 8 + let%span sfset26 = "../../../creusot-contracts/src/logic/fset.rs" 503 4 510 5 + let%span sfset27 = "../../../creusot-contracts/src/logic/fset.rs" 247 14 247 117 + let%span sfset28 = "../../../creusot-contracts/src/logic/fset.rs" 65 8 65 26 + let%span sfset29 = "../../../creusot-contracts/src/logic/fset.rs" 489 10 489 133 + let%span sfset30 = "../../../creusot-contracts/src/logic/fset.rs" 491 4 491 117 + let%span sseq31 = "../../../creusot-contracts/src/logic/seq.rs" 173 8 173 39 + + use prelude.prelude.Int + + type t_T'0 + + use seq.Seq + + use set.Fset + + use set.Fset + + predicate contains'0 [@inline:trivial] [#"../../../creusot-contracts/src/logic/fset.rs" 45 4 45 39] (self : Fset.fset (Seq.seq t_T'0)) (e : Seq.seq t_T'0) + + = + [%#sfset20] Fset.mem e self + + use seq.Seq + + use seq.Seq + + predicate contains'1 [#"../../../creusot-contracts/src/logic/seq.rs" 351 4 353 17] (self : Seq.seq t_T'0) (x : t_T'0) + = + [%#sseq21] exists i : int . 0 <= i /\ i < Seq.length self /\ Seq.get self i = x + + use set.Fset + + use set.Fset + + predicate contains'2 [@inline:trivial] [#"../../../creusot-contracts/src/logic/fset.rs" 45 4 45 39] (self : Fset.fset t_T'0) (e : t_T'0) + + = + [%#sfset20] Fset.mem e self + + use seq.Seq + + use set.Fset + + use set.Fset + + function insert'0 [@inline:trivial] [#"../../../creusot-contracts/src/logic/fset.rs" 64 4 64 37] (self : Fset.fset (Seq.seq t_T'0)) (e : Seq.seq t_T'0) : Fset.fset (Seq.seq t_T'0) + + = + [%#sfset28] Fset.add e self + + function singleton'0 [#"../../../creusot-contracts/src/logic/fset.rs" 201 4 201 34] (x : Seq.seq t_T'0) : Fset.fset (Seq.seq t_T'0) + + = + [%#sfset24] insert'0 (Fset.empty : Fset.fset (Seq.seq t_T'0)) x + + axiom singleton'0_spec : forall x : Seq.seq t_T'0 . [%#sfset23] forall y : Seq.seq t_T'0 . contains'0 (singleton'0 x) y + = (x = y) + + use seq.Seq + + function tail'0 [#"../../../creusot-contracts/src/logic/seq.rs" 172 4 172 29] (self : Seq.seq t_T'0) : Seq.seq t_T'0 = + [%#sseq31] Seq.([..]) self 1 (Seq.length self) + + function cons'0 [#"../../../creusot-contracts/src/logic/fset.rs" 248 4 248 61] (s : Fset.fset t_T'0) (ss : Fset.fset (Seq.seq t_T'0)) : Fset.fset (Seq.seq t_T'0) + + + axiom cons'0_spec : forall s : Fset.fset t_T'0, ss : Fset.fset (Seq.seq t_T'0) . [%#sfset27] forall xs : Seq.seq t_T'0 . contains'0 (cons'0 s ss) xs + = (0 < Seq.length xs /\ contains'2 s (Seq.get xs 0) /\ contains'0 ss (tail'0 xs)) + + function replicate'0 [#"../../../creusot-contracts/src/logic/fset.rs" 267 4 267 50] (self : Fset.fset t_T'0) (n : int) : Fset.fset (Seq.seq t_T'0) + + + axiom replicate'0_def : forall self : Fset.fset t_T'0, n : int . ([%#sfset3] n >= 0) + -> replicate'0 self n + = ([%#sfset18] if n = 0 then + let _ = let _ = () in () in singleton'0 (Seq.empty : Seq.seq t_T'0) + else + let _ = let _ = () in () in cons'0 self (replicate'0 self (n - 1)) + ) + + axiom replicate'0_spec : forall self : Fset.fset t_T'0, n : int . ([%#sfset3] n >= 0) + -> ([%#sfset4] forall xs : Seq.seq t_T'0 . contains'0 (replicate'0 self n) xs + = (Seq.length xs = n /\ (forall x : t_T'0 . contains'1 xs x -> contains'2 self x))) + + use set.Fset + + function replicate_up_to'0 [#"../../../creusot-contracts/src/logic/fset.rs" 285 4 285 56] (self : Fset.fset t_T'0) (n : int) : Fset.fset (Seq.seq t_T'0) + + + axiom replicate_up_to'0_def : forall self : Fset.fset t_T'0, n : int . ([%#sfset14] n >= 0) + -> replicate_up_to'0 self n + = ([%#sfset17] if n = 0 then + let _ = let _ = () in () in singleton'0 (Seq.empty : Seq.seq t_T'0) + else + Fset.union (replicate_up_to'0 self (n - 1)) (replicate'0 self n) + ) + + axiom replicate_up_to'0_spec : forall self : Fset.fset t_T'0, n : int . ([%#sfset14] n >= 0) + -> ([%#sfset15] forall xs : Seq.seq t_T'0 . contains'0 (replicate_up_to'0 self n) xs + = (Seq.length xs <= n /\ (forall x : t_T'0 . contains'1 xs x -> contains'2 self x))) + + use seq.Seq + + function concat'0 [#"../../../creusot-contracts/src/logic/fset.rs" 257 4 257 67] (s : Fset.fset (Seq.seq t_T'0)) (t : Fset.fset (Seq.seq t_T'0)) : Fset.fset (Seq.seq t_T'0) + + + axiom concat'0_spec : forall s : Fset.fset (Seq.seq t_T'0), t : Fset.fset (Seq.seq t_T'0) . [%#sfset19] forall xs : Seq.seq t_T'0 . contains'0 (concat'0 s t) xs + = (exists ys : Seq.seq t_T'0, zs : Seq.seq t_T'0 . contains'0 s ys /\ contains'0 t zs /\ xs = Seq.(++) ys zs) + + function concat_empty'0 [#"../../../creusot-contracts/src/logic/fset.rs" 518 0 518 39] (s : Fset.fset (Seq.seq t_T'0)) : () + + = + [%#sfset22] let _ = let _ = () in () in let _ = let _ = () in () in () + + axiom concat_empty'0_spec : forall s : Fset.fset (Seq.seq t_T'0) . ([%#sfset6] concat'0 (singleton'0 (Seq.empty : Seq.seq t_T'0)) s + = s) + && ([%#sfset7] concat'0 s (singleton'0 (Seq.empty : Seq.seq t_T'0)) = s) + + function concat_union'0 [#"../../../creusot-contracts/src/logic/fset.rs" 484 0 484 24] (_1 : ()) : () = + [%#sfset25] () + + axiom concat_union'0_spec : forall _1 : () . ([%#sfset8] forall s1 : Fset.fset (Seq.seq t_T'0), s2 : Fset.fset (Seq.seq t_T'0), t : Fset.fset (Seq.seq t_T'0) . concat'0 (Fset.union s1 s2) t + = Fset.union (concat'0 s1 t) (concat'0 s2 t)) + && ([%#sfset9] forall s : Fset.fset (Seq.seq t_T'0), t1 : Fset.fset (Seq.seq t_T'0), t2 : Fset.fset (Seq.seq t_T'0) . concat'0 s (Fset.union t1 t2) + = Fset.union (concat'0 s t1) (concat'0 s t2)) + + function cons_concat'0 [#"../../../creusot-contracts/src/logic/fset.rs" 490 0 490 23] (_1 : ()) : () = + [%#sfset30] let _ = let _ = () in () in let _ = let _ = () in () in let _ = let _ = () in () in () - predicate inv'3 [#"../../../creusot-contracts/src/invariant.rs" 41 0 41 35] (_1 : t_Option'0) + axiom cons_concat'0_spec : forall _1 : () . [%#sfset29] forall s : Fset.fset t_T'0, t : Fset.fset (Seq.seq t_T'0), u : Fset.fset (Seq.seq t_T'0) . concat'0 (cons'0 s t) u + = cons'0 s (concat'0 t u) - axiom inv_axiom'3 [@rewrite] : forall x : t_Option'0 [inv'3 x] . inv'3 x = invariant'2 x + function concat_replicate'0 [#"../../../creusot-contracts/src/logic/fset.rs" 502 0 502 54] (n : int) (m : int) (s : Fset.fset t_T'0) : () + - let rec is_some'0 (self:t_Option'0) (return' (ret:bool))= {[@expl:is_some 'self' type invariant] inv'3 self} - any [ return' (result:bool)-> {[%#soption7] result = (self <> C_None'0)} (! return' {result}) ] + axiom concat_replicate'0_def : forall n : int, m : int, s : Fset.fset t_T'0 . ([%#sfset10] 0 <= n /\ 0 <= m) + -> concat_replicate'0 n m s + = ([%#sfset26] if n = 0 then + let _ = concat_empty'0 (replicate'0 s m) in () + else + let _ = cons_concat'0 () in let _ = concat_replicate'0 (n - 1) m s in () + ) - use prelude.prelude.Intrinsic + axiom concat_replicate'0_spec : forall n : int, m : int, s : Fset.fset t_T'0 . ([%#sfset10] 0 <= n /\ 0 <= m) + -> ([%#sfset11] replicate'0 s (n + m) = concat'0 (replicate'0 s n) (replicate'0 s m)) - meta "compute_max_steps" 1000000 + constant n : int - let rec contains_ghost'0 (self:t_FMap'0) (key:t_K'0) (return' (ret:bool))= {[@expl:contains_ghost 'self' type invariant] [%#sfmap0] inv'0 self} - {[@expl:contains_ghost 'key' type invariant] [%#sfmap1] inv'1 key} - (! bb0 - [ bb0 = s0 [ s0 = get_ghost'0 {self} {key} (fun (_ret':t_Option'0) -> [ &_5 <- _ret' ] s1) | s1 = bb1 ] - | bb1 = s0 [ s0 = is_some'0 {_5} (fun (_ret':bool) -> [ &_0 <- _ret' ] s1) | s1 = bb2 ] - | bb2 = return' {_0} ] - ) [ & _0 : bool = any_l () | & self : t_FMap'0 = self | & key : t_K'0 = key | & _5 : t_Option'0 = any_l () ] - [ return' (result:bool)-> {[@expl:contains_ghost ensures] [%#sfmap2] result = contains'0 self key} - (! return' {result}) ] + constant m : int + + constant s : Fset.fset t_T'0 + + function concat_replicate_up_to'0 [#"../../../creusot-contracts/src/logic/fset.rs" 530 0 530 60] (n : int) (m : int) (s : Fset.fset t_T'0) : () + + goal vc_concat_replicate_up_to'0 : ([%#sfset0] 0 <= n /\ n < m) + -> (if n + 1 = m then + ([@expl:replicate requires] [%#sfset3] n + 1 >= 0) + /\ (([%#sfset4] forall xs : Seq.seq t_T'0 . contains'0 (replicate'0 s (n + 1)) xs + = (Seq.length xs = n + 1 /\ (forall x : t_T'0 . contains'1 xs x -> contains'2 s x))) + -> ([%#sfset6] concat'0 (singleton'0 (Seq.empty : Seq.seq t_T'0)) (replicate'0 s (n + 1)) = replicate'0 s (n + 1)) + && ([%#sfset7] concat'0 (replicate'0 s (n + 1)) (singleton'0 (Seq.empty : Seq.seq t_T'0)) = replicate'0 s (n + 1)) + -> (let _ = concat_empty'0 (replicate'0 s (n + 1)) in [%#sfset1] replicate_up_to'0 s m + = Fset.union (replicate_up_to'0 s n) (concat'0 (replicate'0 s (n + 1)) (replicate_up_to'0 s (m - n - 1))))) + else + ([%#sfset8] forall s1 : Fset.fset (Seq.seq t_T'0), s2 : Fset.fset (Seq.seq t_T'0), t : Fset.fset (Seq.seq t_T'0) . concat'0 (Fset.union s1 s2) t + = Fset.union (concat'0 s1 t) (concat'0 s2 t)) + && ([%#sfset9] forall s : Fset.fset (Seq.seq t_T'0), t1 : Fset.fset (Seq.seq t_T'0), t2 : Fset.fset (Seq.seq t_T'0) . concat'0 s (Fset.union t1 t2) + = Fset.union (concat'0 s t1) (concat'0 s t2)) + -> (let _ = concat_union'0 () in ([@expl:concat_replicate requires] [%#sfset10] 0 <= n /\ 0 <= m - n - 1) + /\ (([%#sfset11] replicate'0 s (n + (m - n - 1)) = concat'0 (replicate'0 s n) (replicate'0 s (m - n - 1))) + -> (let _ = concat_replicate'0 n (m - n - 1) s in (([@expl:concat_replicate_up_to requires] [%#sfset0] 0 <= n + /\ n < m - 1) + /\ 0 <= ([%#sfset2] m) /\ ([%#sfset2] m - 1) < ([%#sfset2] m)) + /\ (([%#sfset1] replicate_up_to'0 s (m - 1) + = Fset.union (replicate_up_to'0 s n) (concat'0 (replicate'0 s (n + 1)) (replicate_up_to'0 s (m - 1 - n - 1)))) + -> (let _ = concat_replicate_up_to'0 n (m - 1) s in [%#sfset1] replicate_up_to'0 s m + = Fset.union (replicate_up_to'0 s n) (concat'0 (replicate'0 s (n + 1)) (replicate_up_to'0 s (m - n - 1)))))))) + ) end module M_creusot_contracts__logic__ord__qyi8355372356285216375__cmp_le_log [#"../../../creusot-contracts/src/logic/ord.rs" 130 8 130 39] (* *) let%span sord0 = "../../../creusot-contracts/src/logic/ord.rs" 129 39 129 89 @@ -19128,10 +20815,10 @@ module M_creusot_contracts__stdqy35z1__collections__hash_map__qyi160525698381677 goal refines : [%#shash_map0] forall self : t_IterMut'0 . forall result : () . produces'0 self (Seq.empty : Seq.seq (t_K'0, borrowed t_V'0)) self -> produces'0 self (Seq.empty : Seq.seq (t_K'0, borrowed t_V'0)) self end -module M_creusot_contracts__stdqy35z1__collections__hash_set__qyi2602027177218488890__produces_refl__refines [#"../../../creusot-contracts/src/std/collections/hash_set.rs" 102 4 102 26] (* as std::iter::Iterator> *) - let%span shash_set0 = "../../../creusot-contracts/src/std/collections/hash_set.rs" 102 4 102 26 - let%span shash_set1 = "../../../creusot-contracts/src/std/collections/hash_set.rs" 90 8 90 38 - let%span shash_set2 = "../../../creusot-contracts/src/std/collections/hash_set.rs" 58 16 65 23 +module M_creusot_contracts__stdqy35z1__collections__hash_set__qyi2602027177218488890__produces_refl__refines [#"../../../creusot-contracts/src/std/collections/hash_set.rs" 108 4 108 26] (* as std::iter::Iterator> *) + let%span shash_set0 = "../../../creusot-contracts/src/std/collections/hash_set.rs" 108 4 108 26 + let%span shash_set1 = "../../../creusot-contracts/src/std/collections/hash_set.rs" 96 8 96 38 + let%span shash_set2 = "../../../creusot-contracts/src/std/collections/hash_set.rs" 64 16 71 23 let%span sfset3 = "../../../creusot-contracts/src/logic/fset.rs" 46 8 46 26 let%span sseq4 = "../../../creusot-contracts/src/logic/seq.rs" 355 20 355 77 @@ -19263,7 +20950,7 @@ module M_creusot_contracts__stdqy35z1__collections__hash_set__qyi260202717721848 use set.Fset - function view'0 [#"../../../creusot-contracts/src/std/collections/hash_set.rs" 46 4 46 33] (self : t_IntoIter'0) : Fset.fset t_DeepModelTy'0 + function view'0 [#"../../../creusot-contracts/src/std/collections/hash_set.rs" 52 4 52 33] (self : t_IntoIter'0) : Fset.fset t_DeepModelTy'0 use set.Fset @@ -19287,7 +20974,7 @@ module M_creusot_contracts__stdqy35z1__collections__hash_set__qyi260202717721848 = [%#sseq4] exists i : int . 0 <= i /\ i < Seq.length self /\ Seq.get self i = x - predicate set_produces'0 [#"../../../creusot-contracts/src/std/collections/hash_set.rs" 53 0 57 9] (start : t_IntoIter'0) (visited : Seq.seq t_T'0) (end' : t_IntoIter'0) + predicate set_produces'0 [#"../../../creusot-contracts/src/std/collections/hash_set.rs" 59 0 63 9] (start : t_IntoIter'0) (visited : Seq.seq t_T'0) (end' : t_IntoIter'0) = [%#shash_set2] Fset.cardinal (view'0 start) = Seq.length visited + Fset.cardinal (view'0 end') @@ -19302,7 +20989,7 @@ module M_creusot_contracts__stdqy35z1__collections__hash_set__qyi260202717721848 /\ 0 <= j /\ j < Seq.length visited /\ deep_model'0 (Seq.get visited i) = deep_model'0 (Seq.get visited j) -> i = j) - predicate produces'0 [#"../../../creusot-contracts/src/std/collections/hash_set.rs" 89 4 89 64] (self : t_IntoIter'0) (visited : Seq.seq t_T'0) (o : t_IntoIter'0) + predicate produces'0 [#"../../../creusot-contracts/src/std/collections/hash_set.rs" 95 4 95 64] (self : t_IntoIter'0) (visited : Seq.seq t_T'0) (o : t_IntoIter'0) = [%#shash_set1] set_produces'0 self visited o @@ -19310,10 +20997,10 @@ module M_creusot_contracts__stdqy35z1__collections__hash_set__qyi260202717721848 goal refines : [%#shash_set0] forall self : t_IntoIter'0 . forall result : () . produces'0 self (Seq.empty : Seq.seq t_T'0) self -> produces'0 self (Seq.empty : Seq.seq t_T'0) self end -module M_creusot_contracts__stdqy35z1__collections__hash_set__qyi2602027177218488890__produces_trans__refines [#"../../../creusot-contracts/src/std/collections/hash_set.rs" 109 4 109 90] (* as std::iter::Iterator> *) - let%span shash_set0 = "../../../creusot-contracts/src/std/collections/hash_set.rs" 109 4 109 90 - let%span shash_set1 = "../../../creusot-contracts/src/std/collections/hash_set.rs" 90 8 90 38 - let%span shash_set2 = "../../../creusot-contracts/src/std/collections/hash_set.rs" 58 16 65 23 +module M_creusot_contracts__stdqy35z1__collections__hash_set__qyi2602027177218488890__produces_trans__refines [#"../../../creusot-contracts/src/std/collections/hash_set.rs" 115 4 115 90] (* as std::iter::Iterator> *) + let%span shash_set0 = "../../../creusot-contracts/src/std/collections/hash_set.rs" 115 4 115 90 + let%span shash_set1 = "../../../creusot-contracts/src/std/collections/hash_set.rs" 96 8 96 38 + let%span shash_set2 = "../../../creusot-contracts/src/std/collections/hash_set.rs" 64 16 71 23 let%span sfset3 = "../../../creusot-contracts/src/logic/fset.rs" 46 8 46 26 let%span sseq4 = "../../../creusot-contracts/src/logic/seq.rs" 355 20 355 77 @@ -19443,7 +21130,7 @@ module M_creusot_contracts__stdqy35z1__collections__hash_set__qyi260202717721848 use set.Fset - function view'0 [#"../../../creusot-contracts/src/std/collections/hash_set.rs" 46 4 46 33] (self : t_IntoIter'0) : Fset.fset t_DeepModelTy'0 + function view'0 [#"../../../creusot-contracts/src/std/collections/hash_set.rs" 52 4 52 33] (self : t_IntoIter'0) : Fset.fset t_DeepModelTy'0 use set.Fset @@ -19467,7 +21154,7 @@ module M_creusot_contracts__stdqy35z1__collections__hash_set__qyi260202717721848 = [%#sseq4] exists i : int . 0 <= i /\ i < Seq.length self /\ Seq.get self i = x - predicate set_produces'0 [#"../../../creusot-contracts/src/std/collections/hash_set.rs" 53 0 57 9] (start : t_IntoIter'0) (visited : Seq.seq t_T'0) (end' : t_IntoIter'0) + predicate set_produces'0 [#"../../../creusot-contracts/src/std/collections/hash_set.rs" 59 0 63 9] (start : t_IntoIter'0) (visited : Seq.seq t_T'0) (end' : t_IntoIter'0) = [%#shash_set2] Fset.cardinal (view'0 start) = Seq.length visited + Fset.cardinal (view'0 end') @@ -19482,7 +21169,7 @@ module M_creusot_contracts__stdqy35z1__collections__hash_set__qyi260202717721848 /\ 0 <= j /\ j < Seq.length visited /\ deep_model'0 (Seq.get visited i) = deep_model'0 (Seq.get visited j) -> i = j) - predicate produces'0 [#"../../../creusot-contracts/src/std/collections/hash_set.rs" 89 4 89 64] (self : t_IntoIter'0) (visited : Seq.seq t_T'0) (o : t_IntoIter'0) + predicate produces'0 [#"../../../creusot-contracts/src/std/collections/hash_set.rs" 95 4 95 64] (self : t_IntoIter'0) (visited : Seq.seq t_T'0) (o : t_IntoIter'0) = [%#shash_set1] set_produces'0 self visited o @@ -19494,10 +21181,10 @@ module M_creusot_contracts__stdqy35z1__collections__hash_set__qyi260202717721848 -> produces'0 b bc c /\ produces'0 a ab b /\ (forall result : () . produces'0 a (Seq.(++) ab bc) c -> produces'0 a (Seq.(++) ab bc) c) end -module M_creusot_contracts__stdqy35z1__collections__hash_set__qyi7331660899108484271__produces_trans__refines [#"../../../creusot-contracts/src/std/collections/hash_set.rs" 148 4 148 90] (* as std::iter::Iterator> *) - let%span shash_set0 = "../../../creusot-contracts/src/std/collections/hash_set.rs" 148 4 148 90 - let%span shash_set1 = "../../../creusot-contracts/src/std/collections/hash_set.rs" 129 8 129 38 - let%span shash_set2 = "../../../creusot-contracts/src/std/collections/hash_set.rs" 58 16 65 23 +module M_creusot_contracts__stdqy35z1__collections__hash_set__qyi7331660899108484271__produces_trans__refines [#"../../../creusot-contracts/src/std/collections/hash_set.rs" 154 4 154 90] (* as std::iter::Iterator> *) + let%span shash_set0 = "../../../creusot-contracts/src/std/collections/hash_set.rs" 154 4 154 90 + let%span shash_set1 = "../../../creusot-contracts/src/std/collections/hash_set.rs" 135 8 135 38 + let%span shash_set2 = "../../../creusot-contracts/src/std/collections/hash_set.rs" 64 16 71 23 let%span sfset3 = "../../../creusot-contracts/src/logic/fset.rs" 46 8 46 26 let%span smodel4 = "../../../creusot-contracts/src/model.rs" 83 8 83 28 let%span sseq5 = "../../../creusot-contracts/src/logic/seq.rs" 355 20 355 77 @@ -19551,7 +21238,7 @@ module M_creusot_contracts__stdqy35z1__collections__hash_set__qyi733166089910848 use set.Fset - function view'0 [#"../../../creusot-contracts/src/std/collections/hash_set.rs" 120 4 120 33] (self : t_Iter'0) : Fset.fset t_DeepModelTy'0 + function view'0 [#"../../../creusot-contracts/src/std/collections/hash_set.rs" 126 4 126 33] (self : t_Iter'0) : Fset.fset t_DeepModelTy'0 use set.Fset @@ -19578,7 +21265,7 @@ module M_creusot_contracts__stdqy35z1__collections__hash_set__qyi733166089910848 = [%#sseq5] exists i : int . 0 <= i /\ i < Seq.length self /\ Seq.get self i = x - predicate set_produces'0 [#"../../../creusot-contracts/src/std/collections/hash_set.rs" 53 0 57 9] (start : t_Iter'0) (visited : Seq.seq t_T'0) (end' : t_Iter'0) + predicate set_produces'0 [#"../../../creusot-contracts/src/std/collections/hash_set.rs" 59 0 63 9] (start : t_Iter'0) (visited : Seq.seq t_T'0) (end' : t_Iter'0) = [%#shash_set2] Fset.cardinal (view'0 start) = Seq.length visited + Fset.cardinal (view'0 end') @@ -19593,7 +21280,7 @@ module M_creusot_contracts__stdqy35z1__collections__hash_set__qyi733166089910848 /\ 0 <= j /\ j < Seq.length visited /\ deep_model'0 (Seq.get visited i) = deep_model'0 (Seq.get visited j) -> i = j) - predicate produces'0 [#"../../../creusot-contracts/src/std/collections/hash_set.rs" 128 4 128 64] (self : t_Iter'0) (visited : Seq.seq t_T'0) (o : t_Iter'0) + predicate produces'0 [#"../../../creusot-contracts/src/std/collections/hash_set.rs" 134 4 134 64] (self : t_Iter'0) (visited : Seq.seq t_T'0) (o : t_Iter'0) = [%#shash_set1] set_produces'0 self visited o @@ -19605,10 +21292,10 @@ module M_creusot_contracts__stdqy35z1__collections__hash_set__qyi733166089910848 -> produces'0 b bc c /\ produces'0 a ab b /\ (forall result : () . produces'0 a (Seq.(++) ab bc) c -> produces'0 a (Seq.(++) ab bc) c) end -module M_creusot_contracts__stdqy35z1__collections__hash_set__qyi7331660899108484271__produces_refl__refines [#"../../../creusot-contracts/src/std/collections/hash_set.rs" 141 4 141 26] (* as std::iter::Iterator> *) - let%span shash_set0 = "../../../creusot-contracts/src/std/collections/hash_set.rs" 141 4 141 26 - let%span shash_set1 = "../../../creusot-contracts/src/std/collections/hash_set.rs" 129 8 129 38 - let%span shash_set2 = "../../../creusot-contracts/src/std/collections/hash_set.rs" 58 16 65 23 +module M_creusot_contracts__stdqy35z1__collections__hash_set__qyi7331660899108484271__produces_refl__refines [#"../../../creusot-contracts/src/std/collections/hash_set.rs" 147 4 147 26] (* as std::iter::Iterator> *) + let%span shash_set0 = "../../../creusot-contracts/src/std/collections/hash_set.rs" 147 4 147 26 + let%span shash_set1 = "../../../creusot-contracts/src/std/collections/hash_set.rs" 135 8 135 38 + let%span shash_set2 = "../../../creusot-contracts/src/std/collections/hash_set.rs" 64 16 71 23 let%span sfset3 = "../../../creusot-contracts/src/logic/fset.rs" 46 8 46 26 let%span smodel4 = "../../../creusot-contracts/src/model.rs" 83 8 83 28 let%span sseq5 = "../../../creusot-contracts/src/logic/seq.rs" 355 20 355 77 @@ -19664,7 +21351,7 @@ module M_creusot_contracts__stdqy35z1__collections__hash_set__qyi733166089910848 use set.Fset - function view'0 [#"../../../creusot-contracts/src/std/collections/hash_set.rs" 120 4 120 33] (self : t_Iter'0) : Fset.fset t_DeepModelTy'0 + function view'0 [#"../../../creusot-contracts/src/std/collections/hash_set.rs" 126 4 126 33] (self : t_Iter'0) : Fset.fset t_DeepModelTy'0 use set.Fset @@ -19691,7 +21378,7 @@ module M_creusot_contracts__stdqy35z1__collections__hash_set__qyi733166089910848 = [%#sseq5] exists i : int . 0 <= i /\ i < Seq.length self /\ Seq.get self i = x - predicate set_produces'0 [#"../../../creusot-contracts/src/std/collections/hash_set.rs" 53 0 57 9] (start : t_Iter'0) (visited : Seq.seq t_T'0) (end' : t_Iter'0) + predicate set_produces'0 [#"../../../creusot-contracts/src/std/collections/hash_set.rs" 59 0 63 9] (start : t_Iter'0) (visited : Seq.seq t_T'0) (end' : t_Iter'0) = [%#shash_set2] Fset.cardinal (view'0 start) = Seq.length visited + Fset.cardinal (view'0 end') @@ -19706,7 +21393,7 @@ module M_creusot_contracts__stdqy35z1__collections__hash_set__qyi733166089910848 /\ 0 <= j /\ j < Seq.length visited /\ deep_model'0 (Seq.get visited i) = deep_model'0 (Seq.get visited j) -> i = j) - predicate produces'0 [#"../../../creusot-contracts/src/std/collections/hash_set.rs" 128 4 128 64] (self : t_Iter'0) (visited : Seq.seq t_T'0) (o : t_Iter'0) + predicate produces'0 [#"../../../creusot-contracts/src/std/collections/hash_set.rs" 134 4 134 64] (self : t_Iter'0) (visited : Seq.seq t_T'0) (o : t_Iter'0) = [%#shash_set1] set_produces'0 self visited o @@ -19714,10 +21401,10 @@ module M_creusot_contracts__stdqy35z1__collections__hash_set__qyi733166089910848 goal refines : [%#shash_set0] forall self : t_Iter'0 . forall result : () . produces'0 self (Seq.empty : Seq.seq t_T'0) self -> produces'0 self (Seq.empty : Seq.seq t_T'0) self end -module M_creusot_contracts__stdqy35z1__collections__hash_set__qyi3673804955138978513__produces_refl__refines [#"../../../creusot-contracts/src/std/collections/hash_set.rs" 216 4 216 26] (* as std::iter::Iterator> *) - let%span shash_set0 = "../../../creusot-contracts/src/std/collections/hash_set.rs" 216 4 216 26 - let%span shash_set1 = "../../../creusot-contracts/src/std/collections/hash_set.rs" 204 8 204 38 - let%span shash_set2 = "../../../creusot-contracts/src/std/collections/hash_set.rs" 58 16 65 23 +module M_creusot_contracts__stdqy35z1__collections__hash_set__qyi3673804955138978513__produces_refl__refines [#"../../../creusot-contracts/src/std/collections/hash_set.rs" 222 4 222 26] (* as std::iter::Iterator> *) + let%span shash_set0 = "../../../creusot-contracts/src/std/collections/hash_set.rs" 222 4 222 26 + let%span shash_set1 = "../../../creusot-contracts/src/std/collections/hash_set.rs" 210 8 210 38 + let%span shash_set2 = "../../../creusot-contracts/src/std/collections/hash_set.rs" 64 16 71 23 let%span sfset3 = "../../../creusot-contracts/src/logic/fset.rs" 46 8 46 26 let%span smodel4 = "../../../creusot-contracts/src/model.rs" 83 8 83 28 let%span sseq5 = "../../../creusot-contracts/src/logic/seq.rs" 355 20 355 77 @@ -19799,7 +21486,7 @@ module M_creusot_contracts__stdqy35z1__collections__hash_set__qyi367380495513897 use set.Fset - function view'0 [#"../../../creusot-contracts/src/std/collections/hash_set.rs" 195 4 195 33] (self : t_Intersection'0) : Fset.fset t_DeepModelTy'0 + function view'0 [#"../../../creusot-contracts/src/std/collections/hash_set.rs" 201 4 201 33] (self : t_Intersection'0) : Fset.fset t_DeepModelTy'0 use set.Fset @@ -19826,7 +21513,7 @@ module M_creusot_contracts__stdqy35z1__collections__hash_set__qyi367380495513897 = [%#sseq5] exists i : int . 0 <= i /\ i < Seq.length self /\ Seq.get self i = x - predicate set_produces'0 [#"../../../creusot-contracts/src/std/collections/hash_set.rs" 53 0 57 9] (start : t_Intersection'0) (visited : Seq.seq t_T'0) (end' : t_Intersection'0) + predicate set_produces'0 [#"../../../creusot-contracts/src/std/collections/hash_set.rs" 59 0 63 9] (start : t_Intersection'0) (visited : Seq.seq t_T'0) (end' : t_Intersection'0) = [%#shash_set2] Fset.cardinal (view'0 start) = Seq.length visited + Fset.cardinal (view'0 end') @@ -19841,7 +21528,7 @@ module M_creusot_contracts__stdqy35z1__collections__hash_set__qyi367380495513897 /\ 0 <= j /\ j < Seq.length visited /\ deep_model'0 (Seq.get visited i) = deep_model'0 (Seq.get visited j) -> i = j) - predicate produces'0 [#"../../../creusot-contracts/src/std/collections/hash_set.rs" 203 4 203 64] (self : t_Intersection'0) (visited : Seq.seq t_T'0) (o : t_Intersection'0) + predicate produces'0 [#"../../../creusot-contracts/src/std/collections/hash_set.rs" 209 4 209 64] (self : t_Intersection'0) (visited : Seq.seq t_T'0) (o : t_Intersection'0) = [%#shash_set1] set_produces'0 self visited o @@ -19849,10 +21536,10 @@ module M_creusot_contracts__stdqy35z1__collections__hash_set__qyi367380495513897 goal refines : [%#shash_set0] forall self : t_Intersection'0 . forall result : () . produces'0 self (Seq.empty : Seq.seq t_T'0) self -> produces'0 self (Seq.empty : Seq.seq t_T'0) self end -module M_creusot_contracts__stdqy35z1__collections__hash_set__qyi3673804955138978513__produces_trans__refines [#"../../../creusot-contracts/src/std/collections/hash_set.rs" 223 4 223 90] (* as std::iter::Iterator> *) - let%span shash_set0 = "../../../creusot-contracts/src/std/collections/hash_set.rs" 223 4 223 90 - let%span shash_set1 = "../../../creusot-contracts/src/std/collections/hash_set.rs" 204 8 204 38 - let%span shash_set2 = "../../../creusot-contracts/src/std/collections/hash_set.rs" 58 16 65 23 +module M_creusot_contracts__stdqy35z1__collections__hash_set__qyi3673804955138978513__produces_trans__refines [#"../../../creusot-contracts/src/std/collections/hash_set.rs" 229 4 229 90] (* as std::iter::Iterator> *) + let%span shash_set0 = "../../../creusot-contracts/src/std/collections/hash_set.rs" 229 4 229 90 + let%span shash_set1 = "../../../creusot-contracts/src/std/collections/hash_set.rs" 210 8 210 38 + let%span shash_set2 = "../../../creusot-contracts/src/std/collections/hash_set.rs" 64 16 71 23 let%span sfset3 = "../../../creusot-contracts/src/logic/fset.rs" 46 8 46 26 let%span smodel4 = "../../../creusot-contracts/src/model.rs" 83 8 83 28 let%span sseq5 = "../../../creusot-contracts/src/logic/seq.rs" 355 20 355 77 @@ -19932,7 +21619,7 @@ module M_creusot_contracts__stdqy35z1__collections__hash_set__qyi367380495513897 use set.Fset - function view'0 [#"../../../creusot-contracts/src/std/collections/hash_set.rs" 195 4 195 33] (self : t_Intersection'0) : Fset.fset t_DeepModelTy'0 + function view'0 [#"../../../creusot-contracts/src/std/collections/hash_set.rs" 201 4 201 33] (self : t_Intersection'0) : Fset.fset t_DeepModelTy'0 use set.Fset @@ -19959,7 +21646,7 @@ module M_creusot_contracts__stdqy35z1__collections__hash_set__qyi367380495513897 = [%#sseq5] exists i : int . 0 <= i /\ i < Seq.length self /\ Seq.get self i = x - predicate set_produces'0 [#"../../../creusot-contracts/src/std/collections/hash_set.rs" 53 0 57 9] (start : t_Intersection'0) (visited : Seq.seq t_T'0) (end' : t_Intersection'0) + predicate set_produces'0 [#"../../../creusot-contracts/src/std/collections/hash_set.rs" 59 0 63 9] (start : t_Intersection'0) (visited : Seq.seq t_T'0) (end' : t_Intersection'0) = [%#shash_set2] Fset.cardinal (view'0 start) = Seq.length visited + Fset.cardinal (view'0 end') @@ -19974,7 +21661,7 @@ module M_creusot_contracts__stdqy35z1__collections__hash_set__qyi367380495513897 /\ 0 <= j /\ j < Seq.length visited /\ deep_model'0 (Seq.get visited i) = deep_model'0 (Seq.get visited j) -> i = j) - predicate produces'0 [#"../../../creusot-contracts/src/std/collections/hash_set.rs" 203 4 203 64] (self : t_Intersection'0) (visited : Seq.seq t_T'0) (o : t_Intersection'0) + predicate produces'0 [#"../../../creusot-contracts/src/std/collections/hash_set.rs" 209 4 209 64] (self : t_Intersection'0) (visited : Seq.seq t_T'0) (o : t_Intersection'0) = [%#shash_set1] set_produces'0 self visited o @@ -20158,10 +21845,10 @@ module M_creusot_contracts__stdqy35z1__iter__cloned__qyi10472681371035856984__pr let%span scloned0 = "../../../creusot-contracts/src/std/iter/cloned.rs" 65 4 65 90 let%span scloned1 = "../../../creusot-contracts/src/std/iter/cloned.rs" 48 12 51 79 let%span scloned2 = "../../../creusot-contracts/src/std/iter/cloned.rs" 11 14 11 39 - let%span siter3 = "../../../creusot-contracts/src/std/iter.rs" 38 14 38 45 - let%span siter4 = "../../../creusot-contracts/src/std/iter.rs" 42 15 42 32 - let%span siter5 = "../../../creusot-contracts/src/std/iter.rs" 43 15 43 32 - let%span siter6 = "../../../creusot-contracts/src/std/iter.rs" 44 14 44 42 + let%span siter3 = "../../../creusot-contracts/src/std/iter.rs" 42 14 42 45 + let%span siter4 = "../../../creusot-contracts/src/std/iter.rs" 46 15 46 32 + let%span siter5 = "../../../creusot-contracts/src/std/iter.rs" 47 15 47 32 + let%span siter6 = "../../../creusot-contracts/src/std/iter.rs" 48 14 48 42 type t_I'0 @@ -20193,16 +21880,16 @@ module M_creusot_contracts__stdqy35z1__iter__cloned__qyi10472681371035856984__pr use seq.Seq - predicate produces'1 [#"../../../creusot-contracts/src/std/iter.rs" 32 4 32 65] (self : t_I'0) (visited : Seq.seq t_T'0) (o : t_I'0) + predicate produces'1 [#"../../../creusot-contracts/src/std/iter.rs" 36 4 36 65] (self : t_I'0) (visited : Seq.seq t_T'0) (o : t_I'0) - function produces_trans'1 [#"../../../creusot-contracts/src/std/iter.rs" 45 4 45 91] (a : t_I'0) (ab : Seq.seq t_T'0) (b : t_I'0) (bc : Seq.seq t_T'0) (c : t_I'0) : () + function produces_trans'1 [#"../../../creusot-contracts/src/std/iter.rs" 49 4 49 91] (a : t_I'0) (ab : Seq.seq t_T'0) (b : t_I'0) (bc : Seq.seq t_T'0) (c : t_I'0) : () axiom produces_trans'1_spec : forall a : t_I'0, ab : Seq.seq t_T'0, b : t_I'0, bc : Seq.seq t_T'0, c : t_I'0 . ([%#siter4] produces'1 a ab b) -> ([%#siter5] produces'1 b bc c) -> ([%#siter6] produces'1 a (Seq.(++) ab bc) c) - function produces_refl'0 [#"../../../creusot-contracts/src/std/iter.rs" 39 4 39 27] (self : t_I'0) : () + function produces_refl'0 [#"../../../creusot-contracts/src/std/iter.rs" 43 4 43 27] (self : t_I'0) : () axiom produces_refl'0_spec : forall self : t_I'0 . [%#siter3] produces'1 self (Seq.empty : Seq.seq t_T'0) self @@ -20234,10 +21921,10 @@ module M_creusot_contracts__stdqy35z1__iter__cloned__qyi10472681371035856984__pr let%span scloned0 = "../../../creusot-contracts/src/std/iter/cloned.rs" 58 4 58 26 let%span scloned1 = "../../../creusot-contracts/src/std/iter/cloned.rs" 48 12 51 79 let%span scloned2 = "../../../creusot-contracts/src/std/iter/cloned.rs" 11 14 11 39 - let%span siter3 = "../../../creusot-contracts/src/std/iter.rs" 38 14 38 45 - let%span siter4 = "../../../creusot-contracts/src/std/iter.rs" 42 15 42 32 - let%span siter5 = "../../../creusot-contracts/src/std/iter.rs" 43 15 43 32 - let%span siter6 = "../../../creusot-contracts/src/std/iter.rs" 44 14 44 42 + let%span siter3 = "../../../creusot-contracts/src/std/iter.rs" 42 14 42 45 + let%span siter4 = "../../../creusot-contracts/src/std/iter.rs" 46 15 46 32 + let%span siter5 = "../../../creusot-contracts/src/std/iter.rs" 47 15 47 32 + let%span siter6 = "../../../creusot-contracts/src/std/iter.rs" 48 14 48 42 type t_I'0 @@ -20271,16 +21958,16 @@ module M_creusot_contracts__stdqy35z1__iter__cloned__qyi10472681371035856984__pr use seq.Seq - predicate produces'1 [#"../../../creusot-contracts/src/std/iter.rs" 32 4 32 65] (self : t_I'0) (visited : Seq.seq t_T'0) (o : t_I'0) + predicate produces'1 [#"../../../creusot-contracts/src/std/iter.rs" 36 4 36 65] (self : t_I'0) (visited : Seq.seq t_T'0) (o : t_I'0) - function produces_trans'0 [#"../../../creusot-contracts/src/std/iter.rs" 45 4 45 91] (a : t_I'0) (ab : Seq.seq t_T'0) (b : t_I'0) (bc : Seq.seq t_T'0) (c : t_I'0) : () + function produces_trans'0 [#"../../../creusot-contracts/src/std/iter.rs" 49 4 49 91] (a : t_I'0) (ab : Seq.seq t_T'0) (b : t_I'0) (bc : Seq.seq t_T'0) (c : t_I'0) : () axiom produces_trans'0_spec : forall a : t_I'0, ab : Seq.seq t_T'0, b : t_I'0, bc : Seq.seq t_T'0, c : t_I'0 . ([%#siter4] produces'1 a ab b) -> ([%#siter5] produces'1 b bc c) -> ([%#siter6] produces'1 a (Seq.(++) ab bc) c) - function produces_refl'1 [#"../../../creusot-contracts/src/std/iter.rs" 39 4 39 27] (self : t_I'0) : () + function produces_refl'1 [#"../../../creusot-contracts/src/std/iter.rs" 43 4 43 27] (self : t_I'0) : () axiom produces_refl'1_spec : forall self : t_I'0 . [%#siter3] produces'1 self (Seq.empty : Seq.seq t_T'0) self @@ -20308,10 +21995,10 @@ module M_creusot_contracts__stdqy35z1__iter__copied__qyi18224474876607687026__pr let%span scopied0 = "../../../creusot-contracts/src/std/iter/copied.rs" 58 4 58 26 let%span scopied1 = "../../../creusot-contracts/src/std/iter/copied.rs" 48 12 51 79 let%span scopied2 = "../../../creusot-contracts/src/std/iter/copied.rs" 11 14 11 39 - let%span siter3 = "../../../creusot-contracts/src/std/iter.rs" 38 14 38 45 - let%span siter4 = "../../../creusot-contracts/src/std/iter.rs" 42 15 42 32 - let%span siter5 = "../../../creusot-contracts/src/std/iter.rs" 43 15 43 32 - let%span siter6 = "../../../creusot-contracts/src/std/iter.rs" 44 14 44 42 + let%span siter3 = "../../../creusot-contracts/src/std/iter.rs" 42 14 42 45 + let%span siter4 = "../../../creusot-contracts/src/std/iter.rs" 46 15 46 32 + let%span siter5 = "../../../creusot-contracts/src/std/iter.rs" 47 15 47 32 + let%span siter6 = "../../../creusot-contracts/src/std/iter.rs" 48 14 48 42 type t_I'0 @@ -20345,16 +22032,16 @@ module M_creusot_contracts__stdqy35z1__iter__copied__qyi18224474876607687026__pr use seq.Seq - predicate produces'1 [#"../../../creusot-contracts/src/std/iter.rs" 32 4 32 65] (self : t_I'0) (visited : Seq.seq t_T'0) (o : t_I'0) + predicate produces'1 [#"../../../creusot-contracts/src/std/iter.rs" 36 4 36 65] (self : t_I'0) (visited : Seq.seq t_T'0) (o : t_I'0) - function produces_trans'0 [#"../../../creusot-contracts/src/std/iter.rs" 45 4 45 91] (a : t_I'0) (ab : Seq.seq t_T'0) (b : t_I'0) (bc : Seq.seq t_T'0) (c : t_I'0) : () + function produces_trans'0 [#"../../../creusot-contracts/src/std/iter.rs" 49 4 49 91] (a : t_I'0) (ab : Seq.seq t_T'0) (b : t_I'0) (bc : Seq.seq t_T'0) (c : t_I'0) : () axiom produces_trans'0_spec : forall a : t_I'0, ab : Seq.seq t_T'0, b : t_I'0, bc : Seq.seq t_T'0, c : t_I'0 . ([%#siter4] produces'1 a ab b) -> ([%#siter5] produces'1 b bc c) -> ([%#siter6] produces'1 a (Seq.(++) ab bc) c) - function produces_refl'1 [#"../../../creusot-contracts/src/std/iter.rs" 39 4 39 27] (self : t_I'0) : () + function produces_refl'1 [#"../../../creusot-contracts/src/std/iter.rs" 43 4 43 27] (self : t_I'0) : () axiom produces_refl'1_spec : forall self : t_I'0 . [%#siter3] produces'1 self (Seq.empty : Seq.seq t_T'0) self @@ -20382,10 +22069,10 @@ module M_creusot_contracts__stdqy35z1__iter__copied__qyi18224474876607687026__pr let%span scopied0 = "../../../creusot-contracts/src/std/iter/copied.rs" 65 4 65 90 let%span scopied1 = "../../../creusot-contracts/src/std/iter/copied.rs" 48 12 51 79 let%span scopied2 = "../../../creusot-contracts/src/std/iter/copied.rs" 11 14 11 39 - let%span siter3 = "../../../creusot-contracts/src/std/iter.rs" 38 14 38 45 - let%span siter4 = "../../../creusot-contracts/src/std/iter.rs" 42 15 42 32 - let%span siter5 = "../../../creusot-contracts/src/std/iter.rs" 43 15 43 32 - let%span siter6 = "../../../creusot-contracts/src/std/iter.rs" 44 14 44 42 + let%span siter3 = "../../../creusot-contracts/src/std/iter.rs" 42 14 42 45 + let%span siter4 = "../../../creusot-contracts/src/std/iter.rs" 46 15 46 32 + let%span siter5 = "../../../creusot-contracts/src/std/iter.rs" 47 15 47 32 + let%span siter6 = "../../../creusot-contracts/src/std/iter.rs" 48 14 48 42 type t_I'0 @@ -20417,16 +22104,16 @@ module M_creusot_contracts__stdqy35z1__iter__copied__qyi18224474876607687026__pr use seq.Seq - predicate produces'1 [#"../../../creusot-contracts/src/std/iter.rs" 32 4 32 65] (self : t_I'0) (visited : Seq.seq t_T'0) (o : t_I'0) + predicate produces'1 [#"../../../creusot-contracts/src/std/iter.rs" 36 4 36 65] (self : t_I'0) (visited : Seq.seq t_T'0) (o : t_I'0) - function produces_trans'1 [#"../../../creusot-contracts/src/std/iter.rs" 45 4 45 91] (a : t_I'0) (ab : Seq.seq t_T'0) (b : t_I'0) (bc : Seq.seq t_T'0) (c : t_I'0) : () + function produces_trans'1 [#"../../../creusot-contracts/src/std/iter.rs" 49 4 49 91] (a : t_I'0) (ab : Seq.seq t_T'0) (b : t_I'0) (bc : Seq.seq t_T'0) (c : t_I'0) : () axiom produces_trans'1_spec : forall a : t_I'0, ab : Seq.seq t_T'0, b : t_I'0, bc : Seq.seq t_T'0, c : t_I'0 . ([%#siter4] produces'1 a ab b) -> ([%#siter5] produces'1 b bc c) -> ([%#siter6] produces'1 a (Seq.(++) ab bc) c) - function produces_refl'0 [#"../../../creusot-contracts/src/std/iter.rs" 39 4 39 27] (self : t_I'0) : () + function produces_refl'0 [#"../../../creusot-contracts/src/std/iter.rs" 43 4 43 27] (self : t_I'0) : () axiom produces_refl'0_spec : forall self : t_I'0 . [%#siter3] produces'1 self (Seq.empty : Seq.seq t_T'0) self @@ -20504,10 +22191,10 @@ module M_creusot_contracts__stdqy35z1__iter__enumerate__qyi2718914205750388896__ let%span senumerate0 = "../../../creusot-contracts/src/std/iter/enumerate.rs" 90 4 90 90 let%span senumerate1 = "../../../creusot-contracts/src/std/iter/enumerate.rs" 72 12 76 113 let%span senumerate2 = "../../../creusot-contracts/src/std/iter/enumerate.rs" 14 14 14 39 - let%span siter3 = "../../../creusot-contracts/src/std/iter.rs" 38 14 38 45 - let%span siter4 = "../../../creusot-contracts/src/std/iter.rs" 42 15 42 32 - let%span siter5 = "../../../creusot-contracts/src/std/iter.rs" 43 15 43 32 - let%span siter6 = "../../../creusot-contracts/src/std/iter.rs" 44 14 44 42 + let%span siter3 = "../../../creusot-contracts/src/std/iter.rs" 42 14 42 45 + let%span siter4 = "../../../creusot-contracts/src/std/iter.rs" 46 15 46 32 + let%span siter5 = "../../../creusot-contracts/src/std/iter.rs" 47 15 47 32 + let%span siter6 = "../../../creusot-contracts/src/std/iter.rs" 48 14 48 42 let%span senumerate7 = "../../../creusot-contracts/src/std/iter/enumerate.rs" 45 12 49 85 type t_I'0 @@ -20533,16 +22220,16 @@ module M_creusot_contracts__stdqy35z1__iter__enumerate__qyi2718914205750388896__ use seq.Seq - predicate produces'1 [#"../../../creusot-contracts/src/std/iter.rs" 32 4 32 65] (self : t_I'0) (visited : Seq.seq t_Item'0) (o : t_I'0) + predicate produces'1 [#"../../../creusot-contracts/src/std/iter.rs" 36 4 36 65] (self : t_I'0) (visited : Seq.seq t_Item'0) (o : t_I'0) - function produces_trans'1 [#"../../../creusot-contracts/src/std/iter.rs" 45 4 45 91] (a : t_I'0) (ab : Seq.seq t_Item'0) (b : t_I'0) (bc : Seq.seq t_Item'0) (c : t_I'0) : () + function produces_trans'1 [#"../../../creusot-contracts/src/std/iter.rs" 49 4 49 91] (a : t_I'0) (ab : Seq.seq t_Item'0) (b : t_I'0) (bc : Seq.seq t_Item'0) (c : t_I'0) : () axiom produces_trans'1_spec : forall a : t_I'0, ab : Seq.seq t_Item'0, b : t_I'0, bc : Seq.seq t_Item'0, c : t_I'0 . ([%#siter4] produces'1 a ab b) -> ([%#siter5] produces'1 b bc c) -> ([%#siter6] produces'1 a (Seq.(++) ab bc) c) - function produces_refl'0 [#"../../../creusot-contracts/src/std/iter.rs" 39 4 39 27] (self : t_I'0) : () + function produces_refl'0 [#"../../../creusot-contracts/src/std/iter.rs" 43 4 43 27] (self : t_I'0) : () axiom produces_refl'0_spec : forall self : t_I'0 . [%#siter3] produces'1 self (Seq.empty : Seq.seq t_Item'0) self @@ -20554,7 +22241,7 @@ module M_creusot_contracts__stdqy35z1__iter__enumerate__qyi2718914205750388896__ use prelude.prelude.Borrow - predicate completed'0 [#"../../../creusot-contracts/src/std/iter.rs" 35 4 35 36] (self : borrowed t_I'0) + predicate completed'0 [#"../../../creusot-contracts/src/std/iter.rs" 39 4 39 36] (self : borrowed t_I'0) predicate inv'1 [#"../../../creusot-contracts/src/invariant.rs" 41 0 41 35] (_1 : t_I'0) @@ -20600,10 +22287,10 @@ module M_creusot_contracts__stdqy35z1__iter__enumerate__qyi2718914205750388896__ let%span senumerate0 = "../../../creusot-contracts/src/std/iter/enumerate.rs" 83 4 83 26 let%span senumerate1 = "../../../creusot-contracts/src/std/iter/enumerate.rs" 72 12 76 113 let%span senumerate2 = "../../../creusot-contracts/src/std/iter/enumerate.rs" 14 14 14 39 - let%span siter3 = "../../../creusot-contracts/src/std/iter.rs" 38 14 38 45 - let%span siter4 = "../../../creusot-contracts/src/std/iter.rs" 42 15 42 32 - let%span siter5 = "../../../creusot-contracts/src/std/iter.rs" 43 15 43 32 - let%span siter6 = "../../../creusot-contracts/src/std/iter.rs" 44 14 44 42 + let%span siter3 = "../../../creusot-contracts/src/std/iter.rs" 42 14 42 45 + let%span siter4 = "../../../creusot-contracts/src/std/iter.rs" 46 15 46 32 + let%span siter5 = "../../../creusot-contracts/src/std/iter.rs" 47 15 47 32 + let%span siter6 = "../../../creusot-contracts/src/std/iter.rs" 48 14 48 42 let%span senumerate7 = "../../../creusot-contracts/src/std/iter/enumerate.rs" 45 12 49 85 type t_I'0 @@ -20631,16 +22318,16 @@ module M_creusot_contracts__stdqy35z1__iter__enumerate__qyi2718914205750388896__ use seq.Seq - predicate produces'1 [#"../../../creusot-contracts/src/std/iter.rs" 32 4 32 65] (self : t_I'0) (visited : Seq.seq t_Item'0) (o : t_I'0) + predicate produces'1 [#"../../../creusot-contracts/src/std/iter.rs" 36 4 36 65] (self : t_I'0) (visited : Seq.seq t_Item'0) (o : t_I'0) - function produces_trans'0 [#"../../../creusot-contracts/src/std/iter.rs" 45 4 45 91] (a : t_I'0) (ab : Seq.seq t_Item'0) (b : t_I'0) (bc : Seq.seq t_Item'0) (c : t_I'0) : () + function produces_trans'0 [#"../../../creusot-contracts/src/std/iter.rs" 49 4 49 91] (a : t_I'0) (ab : Seq.seq t_Item'0) (b : t_I'0) (bc : Seq.seq t_Item'0) (c : t_I'0) : () axiom produces_trans'0_spec : forall a : t_I'0, ab : Seq.seq t_Item'0, b : t_I'0, bc : Seq.seq t_Item'0, c : t_I'0 . ([%#siter4] produces'1 a ab b) -> ([%#siter5] produces'1 b bc c) -> ([%#siter6] produces'1 a (Seq.(++) ab bc) c) - function produces_refl'1 [#"../../../creusot-contracts/src/std/iter.rs" 39 4 39 27] (self : t_I'0) : () + function produces_refl'1 [#"../../../creusot-contracts/src/std/iter.rs" 43 4 43 27] (self : t_I'0) : () axiom produces_refl'1_spec : forall self : t_I'0 . [%#siter3] produces'1 self (Seq.empty : Seq.seq t_Item'0) self @@ -20652,7 +22339,7 @@ module M_creusot_contracts__stdqy35z1__iter__enumerate__qyi2718914205750388896__ use prelude.prelude.Borrow - predicate completed'0 [#"../../../creusot-contracts/src/std/iter.rs" 35 4 35 36] (self : borrowed t_I'0) + predicate completed'0 [#"../../../creusot-contracts/src/std/iter.rs" 39 4 39 36] (self : borrowed t_I'0) predicate inv'1 [#"../../../creusot-contracts/src/invariant.rs" 41 0 41 35] (_1 : t_I'0) @@ -20690,9 +22377,9 @@ module M_creusot_contracts__stdqy35z1__iter__enumerate__qyi2718914205750388896__ goal refines : [%#senumerate0] forall self : t_Enumerate'0 . forall result : () . produces'0 self (Seq.empty : Seq.seq (usize, t_Item'0)) self -> produces'0 self (Seq.empty : Seq.seq (usize, t_Item'0)) self end -module M_creusot_contracts__stdqy35z1__iter__filter__qyi9573749579793237160__produces_refl__refines [#"../../../creusot-contracts/src/std/iter/filter.rs" 106 4 106 26] (* as std::iter::Iterator> *) - let%span sfilter0 = "../../../creusot-contracts/src/std/iter/filter.rs" 106 4 106 26 - let%span sfilter1 = "../../../creusot-contracts/src/std/iter/filter.rs" 87 12 99 17 +module M_creusot_contracts__stdqy35z1__iter__filter__qyi9573749579793237160__produces_refl__refines [#"../../../creusot-contracts/src/std/iter/filter.rs" 105 4 105 26] (* as std::iter::Iterator> *) + let%span sfilter0 = "../../../creusot-contracts/src/std/iter/filter.rs" 105 4 105 26 + let%span sfilter1 = "../../../creusot-contracts/src/std/iter/filter.rs" 87 12 98 143 let%span sfilter2 = "../../../creusot-contracts/src/std/iter/filter.rs" 34 12 40 124 let%span sfilter3 = "../../../creusot-contracts/src/std/iter/filter.rs" 22 14 22 39 let%span sfilter4 = "../../../creusot-contracts/src/std/iter/filter.rs" 15 14 15 39 @@ -20703,10 +22390,10 @@ module M_creusot_contracts__stdqy35z1__iter__filter__qyi9573749579793237160__pro let%span sops9 = "../../../creusot-contracts/src/std/ops.rs" 121 15 121 26 let%span sops10 = "../../../creusot-contracts/src/std/ops.rs" 122 14 122 28 let%span sops11 = "../../../creusot-contracts/src/std/ops.rs" 127 14 128 105 - let%span siter12 = "../../../creusot-contracts/src/std/iter.rs" 38 14 38 45 - let%span siter13 = "../../../creusot-contracts/src/std/iter.rs" 42 15 42 32 - let%span siter14 = "../../../creusot-contracts/src/std/iter.rs" 43 15 43 32 - let%span siter15 = "../../../creusot-contracts/src/std/iter.rs" 44 14 44 42 + let%span siter12 = "../../../creusot-contracts/src/std/iter.rs" 42 14 42 45 + let%span siter13 = "../../../creusot-contracts/src/std/iter.rs" 46 15 46 32 + let%span siter14 = "../../../creusot-contracts/src/std/iter.rs" 47 15 47 32 + let%span siter15 = "../../../creusot-contracts/src/std/iter.rs" 48 14 48 42 type t_I'0 @@ -20789,16 +22476,16 @@ module M_creusot_contracts__stdqy35z1__iter__filter__qyi9573749579793237160__pro use seq.Seq - predicate produces'1 [#"../../../creusot-contracts/src/std/iter.rs" 32 4 32 65] (self : t_I'0) (visited : Seq.seq t_Item'0) (o : t_I'0) + predicate produces'1 [#"../../../creusot-contracts/src/std/iter.rs" 36 4 36 65] (self : t_I'0) (visited : Seq.seq t_Item'0) (o : t_I'0) - function produces_trans'0 [#"../../../creusot-contracts/src/std/iter.rs" 45 4 45 91] (a : t_I'0) (ab : Seq.seq t_Item'0) (b : t_I'0) (bc : Seq.seq t_Item'0) (c : t_I'0) : () + function produces_trans'0 [#"../../../creusot-contracts/src/std/iter.rs" 49 4 49 91] (a : t_I'0) (ab : Seq.seq t_Item'0) (b : t_I'0) (bc : Seq.seq t_Item'0) (c : t_I'0) : () axiom produces_trans'0_spec : forall a : t_I'0, ab : Seq.seq t_Item'0, b : t_I'0, bc : Seq.seq t_Item'0, c : t_I'0 . ([%#siter13] produces'1 a ab b) -> ([%#siter14] produces'1 b bc c) -> ([%#siter15] produces'1 a (Seq.(++) ab bc) c) - function produces_refl'1 [#"../../../creusot-contracts/src/std/iter.rs" 39 4 39 27] (self : t_I'0) : () + function produces_refl'1 [#"../../../creusot-contracts/src/std/iter.rs" 43 4 43 27] (self : t_I'0) : () axiom produces_refl'1_spec : forall self : t_I'0 . [%#siter12] produces'1 self (Seq.empty : Seq.seq t_Item'0) self @@ -20814,8 +22501,8 @@ module M_creusot_contracts__stdqy35z1__iter__filter__qyi9573749579793237160__pro [%#sfilter1] invariant'0 self -> unnest'0 (func'0 self) (func'0 succ) /\ (exists s : Seq.seq t_Item'0, f : Map.map int int . produces'1 (iter'0 self) s (iter'0 succ) - /\ (forall i : int, j : int . 0 <= i /\ i <= j /\ j < Seq.length visited - -> 0 <= Map.get f i /\ Map.get f i <= Map.get f j /\ Map.get f j < Seq.length s) + /\ (forall i : int . 0 <= i /\ i < Seq.length visited -> 0 <= Map.get f i /\ Map.get f i < Seq.length s) + /\ (forall i : int, j : int . 0 <= i /\ i < j /\ j < Seq.length visited -> Map.get f i < Map.get f j) /\ (forall i : int . 0 <= i /\ i < Seq.length visited -> Seq.get visited i = Seq.get s (Map.get f i)) /\ (forall i : int . 0 <= i /\ i < Seq.length s -> (exists j : int . 0 <= j /\ j < Seq.length visited /\ Map.get f j = i) @@ -20824,9 +22511,9 @@ module M_creusot_contracts__stdqy35z1__iter__filter__qyi9573749579793237160__pro goal refines : [%#sfilter0] forall self : t_Filter'0 . forall result : () . produces'0 self (Seq.empty : Seq.seq t_Item'0) self -> produces'0 self (Seq.empty : Seq.seq t_Item'0) self end -module M_creusot_contracts__stdqy35z1__iter__filter__qyi9573749579793237160__produces_trans__refines [#"../../../creusot-contracts/src/std/iter/filter.rs" 113 4 113 90] (* as std::iter::Iterator> *) - let%span sfilter0 = "../../../creusot-contracts/src/std/iter/filter.rs" 113 4 113 90 - let%span sfilter1 = "../../../creusot-contracts/src/std/iter/filter.rs" 87 12 99 17 +module M_creusot_contracts__stdqy35z1__iter__filter__qyi9573749579793237160__produces_trans__refines [#"../../../creusot-contracts/src/std/iter/filter.rs" 112 4 112 90] (* as std::iter::Iterator> *) + let%span sfilter0 = "../../../creusot-contracts/src/std/iter/filter.rs" 112 4 112 90 + let%span sfilter1 = "../../../creusot-contracts/src/std/iter/filter.rs" 87 12 98 143 let%span sfilter2 = "../../../creusot-contracts/src/std/iter/filter.rs" 34 12 40 124 let%span sfilter3 = "../../../creusot-contracts/src/std/iter/filter.rs" 22 14 22 39 let%span sfilter4 = "../../../creusot-contracts/src/std/iter/filter.rs" 15 14 15 39 @@ -20837,10 +22524,10 @@ module M_creusot_contracts__stdqy35z1__iter__filter__qyi9573749579793237160__pro let%span sops9 = "../../../creusot-contracts/src/std/ops.rs" 121 15 121 26 let%span sops10 = "../../../creusot-contracts/src/std/ops.rs" 122 14 122 28 let%span sops11 = "../../../creusot-contracts/src/std/ops.rs" 127 14 128 105 - let%span siter12 = "../../../creusot-contracts/src/std/iter.rs" 38 14 38 45 - let%span siter13 = "../../../creusot-contracts/src/std/iter.rs" 42 15 42 32 - let%span siter14 = "../../../creusot-contracts/src/std/iter.rs" 43 15 43 32 - let%span siter15 = "../../../creusot-contracts/src/std/iter.rs" 44 14 44 42 + let%span siter12 = "../../../creusot-contracts/src/std/iter.rs" 42 14 42 45 + let%span siter13 = "../../../creusot-contracts/src/std/iter.rs" 46 15 46 32 + let%span siter14 = "../../../creusot-contracts/src/std/iter.rs" 47 15 47 32 + let%span siter15 = "../../../creusot-contracts/src/std/iter.rs" 48 14 48 42 type t_I'0 @@ -20857,18 +22544,329 @@ module M_creusot_contracts__stdqy35z1__iter__filter__qyi9573749579793237160__pro predicate precondition'0 [#"../../../creusot-contracts/src/std/ops.rs" 77 4 77 45] (self : t_F'0) (args : t_Item'0) - predicate postcondition_once'0 [#"../../../creusot-contracts/src/std/ops.rs" 85 4 85 73] (self : t_F'0) (args : t_Item'0) (result : bool) + predicate postcondition_once'0 [#"../../../creusot-contracts/src/std/ops.rs" 85 4 85 73] (self : t_F'0) (args : t_Item'0) (result : bool) + + + predicate resolve'0 [#"../../../creusot-contracts/src/resolve.rs" 19 0 19 40] (_1 : t_F'0) + + predicate postcondition_mut'0 [#"../../../creusot-contracts/src/std/ops.rs" 95 4 95 92] (self : t_F'0) (args : t_Item'0) (result_state : t_F'0) (result : bool) + + + function fn_mut_once'0 [#"../../../creusot-contracts/src/std/ops.rs" 129 4 129 55] (self : t_F'0) (args : t_Item'0) (res : bool) : () + + + axiom fn_mut_once'0_spec : forall self : t_F'0, args : t_Item'0, res : bool . [%#sops11] postcondition_once'0 self args res + = (exists res_state : t_F'0 . postcondition_mut'0 self args res_state res /\ resolve'0 res_state) + + predicate unnest'0 [#"../../../creusot-contracts/src/std/ops.rs" 103 4 103 36] (self : t_F'0) (_2 : t_F'0) + + function unnest_trans'0 [#"../../../creusot-contracts/src/std/ops.rs" 123 4 123 43] (self : t_F'0) (b : t_F'0) (c : t_F'0) : () + + + axiom unnest_trans'0_spec : forall self : t_F'0, b : t_F'0, c : t_F'0 . ([%#sops8] unnest'0 self b) + -> ([%#sops9] unnest'0 b c) -> ([%#sops10] unnest'0 self c) + + function unnest_refl'0 [#"../../../creusot-contracts/src/std/ops.rs" 116 4 116 24] (self : t_F'0) : () + + axiom unnest_refl'0_spec : forall self : t_F'0 . [%#sops7] unnest'0 self self + + function postcondition_mut_unnest'0 [#"../../../creusot-contracts/src/std/ops.rs" 111 4 111 85] (self : t_F'0) (args : t_Item'0) (res_state : t_F'0) (res : bool) : () + + + axiom postcondition_mut_unnest'0_spec : forall self : t_F'0, args : t_Item'0, res_state : t_F'0, res : bool . ([%#sops5] postcondition_mut'0 self args res_state res) + -> ([%#sops6] unnest'0 self res_state) + + predicate invariant'0 [#"../../../creusot-contracts/src/std/iter/filter.rs" 31 4 31 30] (self : t_Filter'0) = + [%#sfilter2] forall f : t_F'0, i : t_Item'0 . precondition'0 f (i) + /\ (forall f : t_F'0, g : t_F'0 . unnest'0 f g -> f = g) + /\ (forall f1 : t_F'0, f2 : t_F'0, i : t_Item'0 . not (postcondition_mut'0 f1 (i) f2 true + /\ postcondition_mut'0 f1 (i) f2 false)) + + predicate inv'2 [#"../../../creusot-contracts/src/invariant.rs" 41 0 41 35] (_1 : t_I'0) + + predicate inv'1 [#"../../../creusot-contracts/src/invariant.rs" 41 0 41 35] (_1 : t_F'0) + + predicate inv'0 [#"../../../creusot-contracts/src/invariant.rs" 41 0 41 35] (_1 : t_Filter'0) + + axiom inv_axiom'0 [@rewrite] : forall x : t_Filter'0 [inv'0 x] . inv'0 x + = (invariant'0 x + /\ match x with + | {t_Filter__iter'0 = iter ; t_Filter__predicate'0 = predicate'} -> inv'2 iter /\ inv'1 predicate' + end) + + function func'0 [#"../../../creusot-contracts/src/std/iter/filter.rs" 23 4 23 22] (self : t_Filter'0) : t_F'0 + + axiom func'0_spec : forall self : t_Filter'0 . [%#sfilter3] inv'0 self -> inv'1 (func'0 self) + + use prelude.prelude.Int + + use map.Map + + function iter'0 [#"../../../creusot-contracts/src/std/iter/filter.rs" 16 4 16 22] (self : t_Filter'0) : t_I'0 + + axiom iter'0_spec : forall self : t_Filter'0 . [%#sfilter4] inv'0 self -> inv'2 (iter'0 self) + + use seq.Seq + + use seq.Seq + + predicate produces'1 [#"../../../creusot-contracts/src/std/iter.rs" 36 4 36 65] (self : t_I'0) (visited : Seq.seq t_Item'0) (o : t_I'0) + + + function produces_trans'1 [#"../../../creusot-contracts/src/std/iter.rs" 49 4 49 91] (a : t_I'0) (ab : Seq.seq t_Item'0) (b : t_I'0) (bc : Seq.seq t_Item'0) (c : t_I'0) : () + + + axiom produces_trans'1_spec : forall a : t_I'0, ab : Seq.seq t_Item'0, b : t_I'0, bc : Seq.seq t_Item'0, c : t_I'0 . ([%#siter13] produces'1 a ab b) + -> ([%#siter14] produces'1 b bc c) -> ([%#siter15] produces'1 a (Seq.(++) ab bc) c) + + function produces_refl'0 [#"../../../creusot-contracts/src/std/iter.rs" 43 4 43 27] (self : t_I'0) : () + + axiom produces_refl'0_spec : forall self : t_I'0 . [%#siter12] produces'1 self (Seq.empty : Seq.seq t_Item'0) self + + use seq.Seq + + use map.Map + + use seq.Seq + + predicate produces'0 [#"../../../creusot-contracts/src/std/iter/filter.rs" 85 4 85 67] (self : t_Filter'0) (visited : Seq.seq t_Item'0) (succ : t_Filter'0) + + = + [%#sfilter1] invariant'0 self + -> unnest'0 (func'0 self) (func'0 succ) + /\ (exists s : Seq.seq t_Item'0, f : Map.map int int . produces'1 (iter'0 self) s (iter'0 succ) + /\ (forall i : int . 0 <= i /\ i < Seq.length visited -> 0 <= Map.get f i /\ Map.get f i < Seq.length s) + /\ (forall i : int, j : int . 0 <= i /\ i < j /\ j < Seq.length visited -> Map.get f i < Map.get f j) + /\ (forall i : int . 0 <= i /\ i < Seq.length visited -> Seq.get visited i = Seq.get s (Map.get f i)) + /\ (forall i : int . 0 <= i /\ i < Seq.length s + -> (exists j : int . 0 <= j /\ j < Seq.length visited /\ Map.get f j = i) + = postcondition_mut'0 (func'0 self) (Seq.get s i) (func'0 self) true)) + + goal refines : [%#sfilter0] forall a : t_Filter'0 . forall ab : Seq.seq t_Item'0 . forall b : t_Filter'0 . forall bc : Seq.seq t_Item'0 . forall c : t_Filter'0 . produces'0 b bc c + /\ produces'0 a ab b + -> produces'0 b bc c + /\ produces'0 a ab b /\ (forall result : () . produces'0 a (Seq.(++) ab bc) c -> produces'0 a (Seq.(++) ab bc) c) +end +module M_creusot_contracts__stdqy35z1__iter__filter_map__qyi13601925333174091585__produces_refl__refines [#"../../../creusot-contracts/src/std/iter/filter_map.rs" 105 4 105 26] (* as std::iter::Iterator> *) + let%span sfilter_map0 = "../../../creusot-contracts/src/std/iter/filter_map.rs" 105 4 105 26 + let%span sfilter_map1 = "../../../creusot-contracts/src/std/iter/filter_map.rs" 85 12 98 148 + let%span sfilter_map2 = "../../../creusot-contracts/src/std/iter/filter_map.rs" 34 12 38 32 + let%span sfilter_map3 = "../../../creusot-contracts/src/std/iter/filter_map.rs" 22 14 22 39 + let%span sfilter_map4 = "../../../creusot-contracts/src/std/iter/filter_map.rs" 15 14 15 39 + let%span sfilter_map5 = "../../../creusot-contracts/src/std/iter/filter_map.rs" 48 16 48 50 + let%span sfilter_map6 = "../../../creusot-contracts/src/std/iter/filter_map.rs" 56 16 56 52 + let%span sfilter_map7 = "../../../creusot-contracts/src/std/iter/filter_map.rs" 63 16 63 135 + let%span sops8 = "../../../creusot-contracts/src/std/ops.rs" 109 15 109 59 + let%span sops9 = "../../../creusot-contracts/src/std/ops.rs" 110 14 110 36 + let%span sops10 = "../../../creusot-contracts/src/std/ops.rs" 115 14 115 31 + let%span sops11 = "../../../creusot-contracts/src/std/ops.rs" 120 15 120 29 + let%span sops12 = "../../../creusot-contracts/src/std/ops.rs" 121 15 121 26 + let%span sops13 = "../../../creusot-contracts/src/std/ops.rs" 122 14 122 28 + let%span sops14 = "../../../creusot-contracts/src/std/ops.rs" 127 14 128 105 + let%span siter15 = "../../../creusot-contracts/src/std/iter.rs" 42 14 42 45 + let%span siter16 = "../../../creusot-contracts/src/std/iter.rs" 46 15 46 32 + let%span siter17 = "../../../creusot-contracts/src/std/iter.rs" 47 15 47 32 + let%span siter18 = "../../../creusot-contracts/src/std/iter.rs" 48 14 48 42 + + type t_I'0 + + type t_F'0 + + type t_FilterMap'0 = + { t_FilterMap__iter'0: t_I'0; t_FilterMap__f'0: t_F'0 } + + use seq.Seq + + type t_B'0 + + use seq.Seq + + predicate inv'2 [#"../../../creusot-contracts/src/invariant.rs" 41 0 41 35] (_1 : t_I'0) + + predicate inv'1 [#"../../../creusot-contracts/src/invariant.rs" 41 0 41 35] (_1 : t_F'0) + + type t_Item'0 + + predicate precondition'0 [#"../../../creusot-contracts/src/std/ops.rs" 77 4 77 45] (self : t_F'0) (args : t_Item'0) + + predicate no_precondition'0 [#"../../../creusot-contracts/src/std/iter/filter_map.rs" 47 0 47 68] (f : t_F'0) = + [%#sfilter_map5] forall i : t_Item'0 . precondition'0 f (i) + + type t_Option'0 = + | C_None'0 + | C_Some'0 t_B'0 + + predicate postcondition_once'0 [#"../../../creusot-contracts/src/std/ops.rs" 85 4 85 73] (self : t_F'0) (args : t_Item'0) (result : t_Option'0) + + + use prelude.prelude.Borrow + + predicate resolve'0 [#"../../../creusot-contracts/src/resolve.rs" 19 0 19 40] (_1 : t_F'0) + + predicate postcondition_mut'0 [#"../../../creusot-contracts/src/std/ops.rs" 95 4 95 92] (self : t_F'0) (args : t_Item'0) (result_state : t_F'0) (result : t_Option'0) + + + function fn_mut_once'0 [#"../../../creusot-contracts/src/std/ops.rs" 129 4 129 55] (self : t_F'0) (args : t_Item'0) (res : t_Option'0) : () + + + axiom fn_mut_once'0_spec : forall self : t_F'0, args : t_Item'0, res : t_Option'0 . [%#sops14] postcondition_once'0 self args res + = (exists res_state : t_F'0 . postcondition_mut'0 self args res_state res /\ resolve'0 res_state) + + predicate unnest'0 [#"../../../creusot-contracts/src/std/ops.rs" 103 4 103 36] (self : t_F'0) (_2 : t_F'0) + + function unnest_trans'0 [#"../../../creusot-contracts/src/std/ops.rs" 123 4 123 43] (self : t_F'0) (b : t_F'0) (c : t_F'0) : () + + + axiom unnest_trans'0_spec : forall self : t_F'0, b : t_F'0, c : t_F'0 . ([%#sops11] unnest'0 self b) + -> ([%#sops12] unnest'0 b c) -> ([%#sops13] unnest'0 self c) + + function unnest_refl'0 [#"../../../creusot-contracts/src/std/ops.rs" 116 4 116 24] (self : t_F'0) : () + + axiom unnest_refl'0_spec : forall self : t_F'0 . [%#sops10] unnest'0 self self + + function postcondition_mut_unnest'0 [#"../../../creusot-contracts/src/std/ops.rs" 111 4 111 85] (self : t_F'0) (args : t_Item'0) (res_state : t_F'0) (res : t_Option'0) : () + + + axiom postcondition_mut_unnest'0_spec : forall self : t_F'0, args : t_Item'0, res_state : t_F'0, res : t_Option'0 . ([%#sops8] postcondition_mut'0 self args res_state res) + -> ([%#sops9] unnest'0 self res_state) + + predicate immutable'0 [#"../../../creusot-contracts/src/std/iter/filter_map.rs" 55 0 55 62] (f : t_F'0) = + [%#sfilter_map6] forall g : t_F'0 . unnest'0 f g -> f = g + + predicate precise'0 [#"../../../creusot-contracts/src/std/iter/filter_map.rs" 62 0 62 61] (f1 : t_F'0) = + [%#sfilter_map7] forall f2 : t_F'0, i : t_Item'0 . not ((exists b : t_B'0 . postcondition_mut'0 f1 (i) f2 (C_Some'0 b)) + /\ postcondition_mut'0 f1 (i) f2 (C_None'0)) + + predicate inv'0 [#"../../../creusot-contracts/src/invariant.rs" 41 0 41 35] (_1 : t_FilterMap'0) + + function func'0 [#"../../../creusot-contracts/src/std/iter/filter_map.rs" 23 4 23 22] (self : t_FilterMap'0) : t_F'0 + + axiom func'0_spec : forall self : t_FilterMap'0 . [%#sfilter_map3] inv'0 self -> inv'1 (func'0 self) + + predicate invariant'0 [#"../../../creusot-contracts/src/std/iter/filter_map.rs" 31 4 31 30] (self : t_FilterMap'0) = + [%#sfilter_map2] no_precondition'0 (func'0 self) /\ immutable'0 (func'0 self) /\ precise'0 (func'0 self) + + axiom inv_axiom'0 [@rewrite] : forall x : t_FilterMap'0 [inv'0 x] . inv'0 x + = (invariant'0 x + /\ match x with + | {t_FilterMap__iter'0 = iter ; t_FilterMap__f'0 = f} -> inv'2 iter /\ inv'1 f + end) + + use seq.Seq + + use prelude.prelude.Int + + use map.Map + + function iter'0 [#"../../../creusot-contracts/src/std/iter/filter_map.rs" 16 4 16 22] (self : t_FilterMap'0) : t_I'0 + + axiom iter'0_spec : forall self : t_FilterMap'0 . [%#sfilter_map4] inv'0 self -> inv'2 (iter'0 self) + + use seq.Seq + + use seq.Seq + + predicate produces'1 [#"../../../creusot-contracts/src/std/iter.rs" 36 4 36 65] (self : t_I'0) (visited : Seq.seq t_Item'0) (o : t_I'0) + + + function produces_trans'0 [#"../../../creusot-contracts/src/std/iter.rs" 49 4 49 91] (a : t_I'0) (ab : Seq.seq t_Item'0) (b : t_I'0) (bc : Seq.seq t_Item'0) (c : t_I'0) : () + + + axiom produces_trans'0_spec : forall a : t_I'0, ab : Seq.seq t_Item'0, b : t_I'0, bc : Seq.seq t_Item'0, c : t_I'0 . ([%#siter16] produces'1 a ab b) + -> ([%#siter17] produces'1 b bc c) -> ([%#siter18] produces'1 a (Seq.(++) ab bc) c) + + function produces_refl'1 [#"../../../creusot-contracts/src/std/iter.rs" 43 4 43 27] (self : t_I'0) : () + + axiom produces_refl'1_spec : forall self : t_I'0 . [%#siter15] produces'1 self (Seq.empty : Seq.seq t_Item'0) self + + use seq.Seq + + use map.Map + + use seq.Seq + + use seq.Seq + + use seq.Seq + + predicate produces'0 [#"../../../creusot-contracts/src/std/iter/filter_map.rs" 83 4 83 67] (self : t_FilterMap'0) (visited : Seq.seq t_B'0) (succ : t_FilterMap'0) + + = + [%#sfilter_map1] invariant'0 self + -> unnest'0 (func'0 self) (func'0 succ) + /\ (exists s : Seq.seq t_Item'0, f : Map.map int int . produces'1 (iter'0 self) s (iter'0 succ) + /\ (forall i : int . 0 <= i /\ i < Seq.length visited -> 0 <= Map.get f i /\ Map.get f i < Seq.length s) + /\ (forall i : int, j : int . 0 <= i /\ i < j /\ j < Seq.length visited -> Map.get f i < Map.get f j) + /\ (forall i : int . 0 <= i /\ i < Seq.length visited + -> postcondition_mut'0 (func'0 self) (Seq.get s (Map.get f i)) (func'0 self) (C_Some'0 (Seq.get visited i))) + /\ (forall j : int . 0 <= j /\ j < Seq.length s + -> (not (exists i : int . 0 <= i /\ i < Seq.length visited /\ Map.get f i = j)) + = postcondition_mut'0 (func'0 self) (Seq.get s j) (func'0 self) (C_None'0))) + + goal refines : [%#sfilter_map0] forall self : t_FilterMap'0 . forall result : () . produces'0 self (Seq.empty : Seq.seq t_B'0) self + -> produces'0 self (Seq.empty : Seq.seq t_B'0) self +end +module M_creusot_contracts__stdqy35z1__iter__filter_map__qyi13601925333174091585__produces_trans__refines [#"../../../creusot-contracts/src/std/iter/filter_map.rs" 112 4 112 90] (* as std::iter::Iterator> *) + let%span sfilter_map0 = "../../../creusot-contracts/src/std/iter/filter_map.rs" 112 4 112 90 + let%span sfilter_map1 = "../../../creusot-contracts/src/std/iter/filter_map.rs" 85 12 98 148 + let%span sfilter_map2 = "../../../creusot-contracts/src/std/iter/filter_map.rs" 34 12 38 32 + let%span sfilter_map3 = "../../../creusot-contracts/src/std/iter/filter_map.rs" 22 14 22 39 + let%span sfilter_map4 = "../../../creusot-contracts/src/std/iter/filter_map.rs" 15 14 15 39 + let%span sfilter_map5 = "../../../creusot-contracts/src/std/iter/filter_map.rs" 48 16 48 50 + let%span sfilter_map6 = "../../../creusot-contracts/src/std/iter/filter_map.rs" 56 16 56 52 + let%span sfilter_map7 = "../../../creusot-contracts/src/std/iter/filter_map.rs" 63 16 63 135 + let%span sops8 = "../../../creusot-contracts/src/std/ops.rs" 109 15 109 59 + let%span sops9 = "../../../creusot-contracts/src/std/ops.rs" 110 14 110 36 + let%span sops10 = "../../../creusot-contracts/src/std/ops.rs" 115 14 115 31 + let%span sops11 = "../../../creusot-contracts/src/std/ops.rs" 120 15 120 29 + let%span sops12 = "../../../creusot-contracts/src/std/ops.rs" 121 15 121 26 + let%span sops13 = "../../../creusot-contracts/src/std/ops.rs" 122 14 122 28 + let%span sops14 = "../../../creusot-contracts/src/std/ops.rs" 127 14 128 105 + let%span siter15 = "../../../creusot-contracts/src/std/iter.rs" 42 14 42 45 + let%span siter16 = "../../../creusot-contracts/src/std/iter.rs" 46 15 46 32 + let%span siter17 = "../../../creusot-contracts/src/std/iter.rs" 47 15 47 32 + let%span siter18 = "../../../creusot-contracts/src/std/iter.rs" 48 14 48 42 + + type t_I'0 + + type t_F'0 + + type t_FilterMap'0 = + { t_FilterMap__iter'0: t_I'0; t_FilterMap__f'0: t_F'0 } + + type t_B'0 + + use seq.Seq + + predicate inv'2 [#"../../../creusot-contracts/src/invariant.rs" 41 0 41 35] (_1 : t_I'0) + + predicate inv'1 [#"../../../creusot-contracts/src/invariant.rs" 41 0 41 35] (_1 : t_F'0) + + type t_Item'0 + + predicate precondition'0 [#"../../../creusot-contracts/src/std/ops.rs" 77 4 77 45] (self : t_F'0) (args : t_Item'0) + + predicate no_precondition'0 [#"../../../creusot-contracts/src/std/iter/filter_map.rs" 47 0 47 68] (f : t_F'0) = + [%#sfilter_map5] forall i : t_Item'0 . precondition'0 f (i) + + type t_Option'0 = + | C_None'0 + | C_Some'0 t_B'0 + + predicate postcondition_once'0 [#"../../../creusot-contracts/src/std/ops.rs" 85 4 85 73] (self : t_F'0) (args : t_Item'0) (result : t_Option'0) + use prelude.prelude.Borrow + predicate resolve'0 [#"../../../creusot-contracts/src/resolve.rs" 19 0 19 40] (_1 : t_F'0) - predicate postcondition_mut'0 [#"../../../creusot-contracts/src/std/ops.rs" 95 4 95 92] (self : t_F'0) (args : t_Item'0) (result_state : t_F'0) (result : bool) + predicate postcondition_mut'0 [#"../../../creusot-contracts/src/std/ops.rs" 95 4 95 92] (self : t_F'0) (args : t_Item'0) (result_state : t_F'0) (result : t_Option'0) - function fn_mut_once'0 [#"../../../creusot-contracts/src/std/ops.rs" 129 4 129 55] (self : t_F'0) (args : t_Item'0) (res : bool) : () + function fn_mut_once'0 [#"../../../creusot-contracts/src/std/ops.rs" 129 4 129 55] (self : t_F'0) (args : t_Item'0) (res : t_Option'0) : () - axiom fn_mut_once'0_spec : forall self : t_F'0, args : t_Item'0, res : bool . [%#sops11] postcondition_once'0 self args res + axiom fn_mut_once'0_spec : forall self : t_F'0, args : t_Item'0, res : t_Option'0 . [%#sops14] postcondition_once'0 self args res = (exists res_state : t_F'0 . postcondition_mut'0 self args res_state res /\ resolve'0 res_state) predicate unnest'0 [#"../../../creusot-contracts/src/std/ops.rs" 103 4 103 36] (self : t_F'0) (_2 : t_F'0) @@ -20876,65 +22874,67 @@ module M_creusot_contracts__stdqy35z1__iter__filter__qyi9573749579793237160__pro function unnest_trans'0 [#"../../../creusot-contracts/src/std/ops.rs" 123 4 123 43] (self : t_F'0) (b : t_F'0) (c : t_F'0) : () - axiom unnest_trans'0_spec : forall self : t_F'0, b : t_F'0, c : t_F'0 . ([%#sops8] unnest'0 self b) - -> ([%#sops9] unnest'0 b c) -> ([%#sops10] unnest'0 self c) + axiom unnest_trans'0_spec : forall self : t_F'0, b : t_F'0, c : t_F'0 . ([%#sops11] unnest'0 self b) + -> ([%#sops12] unnest'0 b c) -> ([%#sops13] unnest'0 self c) function unnest_refl'0 [#"../../../creusot-contracts/src/std/ops.rs" 116 4 116 24] (self : t_F'0) : () - axiom unnest_refl'0_spec : forall self : t_F'0 . [%#sops7] unnest'0 self self + axiom unnest_refl'0_spec : forall self : t_F'0 . [%#sops10] unnest'0 self self - function postcondition_mut_unnest'0 [#"../../../creusot-contracts/src/std/ops.rs" 111 4 111 85] (self : t_F'0) (args : t_Item'0) (res_state : t_F'0) (res : bool) : () + function postcondition_mut_unnest'0 [#"../../../creusot-contracts/src/std/ops.rs" 111 4 111 85] (self : t_F'0) (args : t_Item'0) (res_state : t_F'0) (res : t_Option'0) : () - axiom postcondition_mut_unnest'0_spec : forall self : t_F'0, args : t_Item'0, res_state : t_F'0, res : bool . ([%#sops5] postcondition_mut'0 self args res_state res) - -> ([%#sops6] unnest'0 self res_state) + axiom postcondition_mut_unnest'0_spec : forall self : t_F'0, args : t_Item'0, res_state : t_F'0, res : t_Option'0 . ([%#sops8] postcondition_mut'0 self args res_state res) + -> ([%#sops9] unnest'0 self res_state) - predicate invariant'0 [#"../../../creusot-contracts/src/std/iter/filter.rs" 31 4 31 30] (self : t_Filter'0) = - [%#sfilter2] forall f : t_F'0, i : t_Item'0 . precondition'0 f (i) - /\ (forall f : t_F'0, g : t_F'0 . unnest'0 f g -> f = g) - /\ (forall f1 : t_F'0, f2 : t_F'0, i : t_Item'0 . not (postcondition_mut'0 f1 (i) f2 true - /\ postcondition_mut'0 f1 (i) f2 false)) + predicate immutable'0 [#"../../../creusot-contracts/src/std/iter/filter_map.rs" 55 0 55 62] (f : t_F'0) = + [%#sfilter_map6] forall g : t_F'0 . unnest'0 f g -> f = g - predicate inv'2 [#"../../../creusot-contracts/src/invariant.rs" 41 0 41 35] (_1 : t_I'0) + predicate precise'0 [#"../../../creusot-contracts/src/std/iter/filter_map.rs" 62 0 62 61] (f1 : t_F'0) = + [%#sfilter_map7] forall f2 : t_F'0, i : t_Item'0 . not ((exists b : t_B'0 . postcondition_mut'0 f1 (i) f2 (C_Some'0 b)) + /\ postcondition_mut'0 f1 (i) f2 (C_None'0)) - predicate inv'1 [#"../../../creusot-contracts/src/invariant.rs" 41 0 41 35] (_1 : t_F'0) + predicate inv'0 [#"../../../creusot-contracts/src/invariant.rs" 41 0 41 35] (_1 : t_FilterMap'0) - predicate inv'0 [#"../../../creusot-contracts/src/invariant.rs" 41 0 41 35] (_1 : t_Filter'0) + function func'0 [#"../../../creusot-contracts/src/std/iter/filter_map.rs" 23 4 23 22] (self : t_FilterMap'0) : t_F'0 - axiom inv_axiom'0 [@rewrite] : forall x : t_Filter'0 [inv'0 x] . inv'0 x + axiom func'0_spec : forall self : t_FilterMap'0 . [%#sfilter_map3] inv'0 self -> inv'1 (func'0 self) + + predicate invariant'0 [#"../../../creusot-contracts/src/std/iter/filter_map.rs" 31 4 31 30] (self : t_FilterMap'0) = + [%#sfilter_map2] no_precondition'0 (func'0 self) /\ immutable'0 (func'0 self) /\ precise'0 (func'0 self) + + axiom inv_axiom'0 [@rewrite] : forall x : t_FilterMap'0 [inv'0 x] . inv'0 x = (invariant'0 x /\ match x with - | {t_Filter__iter'0 = iter ; t_Filter__predicate'0 = predicate'} -> inv'2 iter /\ inv'1 predicate' + | {t_FilterMap__iter'0 = iter ; t_FilterMap__f'0 = f} -> inv'2 iter /\ inv'1 f end) - function func'0 [#"../../../creusot-contracts/src/std/iter/filter.rs" 23 4 23 22] (self : t_Filter'0) : t_F'0 - - axiom func'0_spec : forall self : t_Filter'0 . [%#sfilter3] inv'0 self -> inv'1 (func'0 self) + use seq.Seq use prelude.prelude.Int use map.Map - function iter'0 [#"../../../creusot-contracts/src/std/iter/filter.rs" 16 4 16 22] (self : t_Filter'0) : t_I'0 + function iter'0 [#"../../../creusot-contracts/src/std/iter/filter_map.rs" 16 4 16 22] (self : t_FilterMap'0) : t_I'0 - axiom iter'0_spec : forall self : t_Filter'0 . [%#sfilter4] inv'0 self -> inv'2 (iter'0 self) + axiom iter'0_spec : forall self : t_FilterMap'0 . [%#sfilter_map4] inv'0 self -> inv'2 (iter'0 self) use seq.Seq use seq.Seq - predicate produces'1 [#"../../../creusot-contracts/src/std/iter.rs" 32 4 32 65] (self : t_I'0) (visited : Seq.seq t_Item'0) (o : t_I'0) + predicate produces'1 [#"../../../creusot-contracts/src/std/iter.rs" 36 4 36 65] (self : t_I'0) (visited : Seq.seq t_Item'0) (o : t_I'0) - function produces_trans'1 [#"../../../creusot-contracts/src/std/iter.rs" 45 4 45 91] (a : t_I'0) (ab : Seq.seq t_Item'0) (b : t_I'0) (bc : Seq.seq t_Item'0) (c : t_I'0) : () + function produces_trans'1 [#"../../../creusot-contracts/src/std/iter.rs" 49 4 49 91] (a : t_I'0) (ab : Seq.seq t_Item'0) (b : t_I'0) (bc : Seq.seq t_Item'0) (c : t_I'0) : () - axiom produces_trans'1_spec : forall a : t_I'0, ab : Seq.seq t_Item'0, b : t_I'0, bc : Seq.seq t_Item'0, c : t_I'0 . ([%#siter13] produces'1 a ab b) - -> ([%#siter14] produces'1 b bc c) -> ([%#siter15] produces'1 a (Seq.(++) ab bc) c) + axiom produces_trans'1_spec : forall a : t_I'0, ab : Seq.seq t_Item'0, b : t_I'0, bc : Seq.seq t_Item'0, c : t_I'0 . ([%#siter16] produces'1 a ab b) + -> ([%#siter17] produces'1 b bc c) -> ([%#siter18] produces'1 a (Seq.(++) ab bc) c) - function produces_refl'0 [#"../../../creusot-contracts/src/std/iter.rs" 39 4 39 27] (self : t_I'0) : () + function produces_refl'0 [#"../../../creusot-contracts/src/std/iter.rs" 43 4 43 27] (self : t_I'0) : () - axiom produces_refl'0_spec : forall self : t_I'0 . [%#siter12] produces'1 self (Seq.empty : Seq.seq t_Item'0) self + axiom produces_refl'0_spec : forall self : t_I'0 . [%#siter15] produces'1 self (Seq.empty : Seq.seq t_Item'0) self use seq.Seq @@ -20942,20 +22942,27 @@ module M_creusot_contracts__stdqy35z1__iter__filter__qyi9573749579793237160__pro use seq.Seq - predicate produces'0 [#"../../../creusot-contracts/src/std/iter/filter.rs" 85 4 85 67] (self : t_Filter'0) (visited : Seq.seq t_Item'0) (succ : t_Filter'0) + use seq.Seq + + use seq.Seq + + predicate produces'0 [#"../../../creusot-contracts/src/std/iter/filter_map.rs" 83 4 83 67] (self : t_FilterMap'0) (visited : Seq.seq t_B'0) (succ : t_FilterMap'0) = - [%#sfilter1] invariant'0 self + [%#sfilter_map1] invariant'0 self -> unnest'0 (func'0 self) (func'0 succ) /\ (exists s : Seq.seq t_Item'0, f : Map.map int int . produces'1 (iter'0 self) s (iter'0 succ) - /\ (forall i : int, j : int . 0 <= i /\ i <= j /\ j < Seq.length visited - -> 0 <= Map.get f i /\ Map.get f i <= Map.get f j /\ Map.get f j < Seq.length s) - /\ (forall i : int . 0 <= i /\ i < Seq.length visited -> Seq.get visited i = Seq.get s (Map.get f i)) - /\ (forall i : int . 0 <= i /\ i < Seq.length s - -> (exists j : int . 0 <= j /\ j < Seq.length visited /\ Map.get f j = i) - = postcondition_mut'0 (func'0 self) (Seq.get s i) (func'0 self) true)) + /\ (forall i : int . 0 <= i /\ i < Seq.length visited -> 0 <= Map.get f i /\ Map.get f i < Seq.length s) + /\ (forall i : int, j : int . 0 <= i /\ i < j /\ j < Seq.length visited -> Map.get f i < Map.get f j) + /\ (forall i : int . 0 <= i /\ i < Seq.length visited + -> postcondition_mut'0 (func'0 self) (Seq.get s (Map.get f i)) (func'0 self) (C_Some'0 (Seq.get visited i))) + /\ (forall j : int . 0 <= j /\ j < Seq.length s + -> (not (exists i : int . 0 <= i /\ i < Seq.length visited /\ Map.get f i = j)) + = postcondition_mut'0 (func'0 self) (Seq.get s j) (func'0 self) (C_None'0))) - goal refines : [%#sfilter0] forall a : t_Filter'0 . forall ab : Seq.seq t_Item'0 . forall b : t_Filter'0 . forall bc : Seq.seq t_Item'0 . forall c : t_Filter'0 . produces'0 b bc c + use seq.Seq + + goal refines : [%#sfilter_map0] forall a : t_FilterMap'0 . forall ab : Seq.seq t_B'0 . forall b : t_FilterMap'0 . forall bc : Seq.seq t_B'0 . forall c : t_FilterMap'0 . produces'0 b bc c /\ produces'0 a ab b -> produces'0 b bc c /\ produces'0 a ab b /\ (forall result : () . produces'0 a (Seq.(++) ab bc) c -> produces'0 a (Seq.(++) ab bc) c) @@ -20965,10 +22972,10 @@ module M_creusot_contracts__stdqy35z1__iter__fuse__qyi10730559947553418603__prod let%span sfuse1 = "../../../creusot-contracts/src/std/iter/fuse.rs" 29 12 35 13 let%span sfuse2 = "../../../creusot-contracts/src/std/iter/fuse.rs" 8 14 8 39 let%span sfuse3 = "../../../creusot-contracts/src/std/iter/fuse.rs" 9 14 9 71 - let%span siter4 = "../../../creusot-contracts/src/std/iter.rs" 38 14 38 45 - let%span siter5 = "../../../creusot-contracts/src/std/iter.rs" 42 15 42 32 - let%span siter6 = "../../../creusot-contracts/src/std/iter.rs" 43 15 43 32 - let%span siter7 = "../../../creusot-contracts/src/std/iter.rs" 44 14 44 42 + let%span siter4 = "../../../creusot-contracts/src/std/iter.rs" 42 14 42 45 + let%span siter5 = "../../../creusot-contracts/src/std/iter.rs" 46 15 46 32 + let%span siter6 = "../../../creusot-contracts/src/std/iter.rs" 47 15 47 32 + let%span siter7 = "../../../creusot-contracts/src/std/iter.rs" 48 14 48 42 type t_I'0 @@ -21009,16 +23016,16 @@ module M_creusot_contracts__stdqy35z1__iter__fuse__qyi10730559947553418603__prod use seq.Seq - predicate produces'1 [#"../../../creusot-contracts/src/std/iter.rs" 32 4 32 65] (self : t_I'0) (visited : Seq.seq t_Item'0) (o : t_I'0) + predicate produces'1 [#"../../../creusot-contracts/src/std/iter.rs" 36 4 36 65] (self : t_I'0) (visited : Seq.seq t_Item'0) (o : t_I'0) - function produces_trans'1 [#"../../../creusot-contracts/src/std/iter.rs" 45 4 45 91] (a : t_I'0) (ab : Seq.seq t_Item'0) (b : t_I'0) (bc : Seq.seq t_Item'0) (c : t_I'0) : () + function produces_trans'1 [#"../../../creusot-contracts/src/std/iter.rs" 49 4 49 91] (a : t_I'0) (ab : Seq.seq t_Item'0) (b : t_I'0) (bc : Seq.seq t_Item'0) (c : t_I'0) : () axiom produces_trans'1_spec : forall a : t_I'0, ab : Seq.seq t_Item'0, b : t_I'0, bc : Seq.seq t_Item'0, c : t_I'0 . ([%#siter5] produces'1 a ab b) -> ([%#siter6] produces'1 b bc c) -> ([%#siter7] produces'1 a (Seq.(++) ab bc) c) - function produces_refl'0 [#"../../../creusot-contracts/src/std/iter.rs" 39 4 39 27] (self : t_I'0) : () + function produces_refl'0 [#"../../../creusot-contracts/src/std/iter.rs" 43 4 43 27] (self : t_I'0) : () axiom produces_refl'0_spec : forall self : t_I'0 . [%#siter4] produces'1 self (Seq.empty : Seq.seq t_Item'0) self @@ -21043,10 +23050,10 @@ module M_creusot_contracts__stdqy35z1__iter__fuse__qyi10730559947553418603__prod let%span sfuse1 = "../../../creusot-contracts/src/std/iter/fuse.rs" 29 12 35 13 let%span sfuse2 = "../../../creusot-contracts/src/std/iter/fuse.rs" 8 14 8 39 let%span sfuse3 = "../../../creusot-contracts/src/std/iter/fuse.rs" 9 14 9 71 - let%span siter4 = "../../../creusot-contracts/src/std/iter.rs" 38 14 38 45 - let%span siter5 = "../../../creusot-contracts/src/std/iter.rs" 42 15 42 32 - let%span siter6 = "../../../creusot-contracts/src/std/iter.rs" 43 15 43 32 - let%span siter7 = "../../../creusot-contracts/src/std/iter.rs" 44 14 44 42 + let%span siter4 = "../../../creusot-contracts/src/std/iter.rs" 42 14 42 45 + let%span siter5 = "../../../creusot-contracts/src/std/iter.rs" 46 15 46 32 + let%span siter6 = "../../../creusot-contracts/src/std/iter.rs" 47 15 47 32 + let%span siter7 = "../../../creusot-contracts/src/std/iter.rs" 48 14 48 42 type t_I'0 @@ -21087,16 +23094,16 @@ module M_creusot_contracts__stdqy35z1__iter__fuse__qyi10730559947553418603__prod use seq.Seq - predicate produces'1 [#"../../../creusot-contracts/src/std/iter.rs" 32 4 32 65] (self : t_I'0) (visited : Seq.seq t_Item'0) (o : t_I'0) + predicate produces'1 [#"../../../creusot-contracts/src/std/iter.rs" 36 4 36 65] (self : t_I'0) (visited : Seq.seq t_Item'0) (o : t_I'0) - function produces_trans'0 [#"../../../creusot-contracts/src/std/iter.rs" 45 4 45 91] (a : t_I'0) (ab : Seq.seq t_Item'0) (b : t_I'0) (bc : Seq.seq t_Item'0) (c : t_I'0) : () + function produces_trans'0 [#"../../../creusot-contracts/src/std/iter.rs" 49 4 49 91] (a : t_I'0) (ab : Seq.seq t_Item'0) (b : t_I'0) (bc : Seq.seq t_Item'0) (c : t_I'0) : () axiom produces_trans'0_spec : forall a : t_I'0, ab : Seq.seq t_Item'0, b : t_I'0, bc : Seq.seq t_Item'0, c : t_I'0 . ([%#siter5] produces'1 a ab b) -> ([%#siter6] produces'1 b bc c) -> ([%#siter7] produces'1 a (Seq.(++) ab bc) c) - function produces_refl'1 [#"../../../creusot-contracts/src/std/iter.rs" 39 4 39 27] (self : t_I'0) : () + function produces_refl'1 [#"../../../creusot-contracts/src/std/iter.rs" 43 4 43 27] (self : t_I'0) : () axiom produces_refl'1_spec : forall self : t_I'0 . [%#siter4] produces'1 self (Seq.empty : Seq.seq t_Item'0) self @@ -21126,10 +23133,10 @@ module M_creusot_contracts__stdqy35z1__iter__map__qyi6597778842032428791__produc let%span sops8 = "../../../creusot-contracts/src/std/ops.rs" 121 15 121 26 let%span sops9 = "../../../creusot-contracts/src/std/ops.rs" 122 14 122 28 let%span sops10 = "../../../creusot-contracts/src/std/ops.rs" 127 14 128 105 - let%span siter11 = "../../../creusot-contracts/src/std/iter.rs" 38 14 38 45 - let%span siter12 = "../../../creusot-contracts/src/std/iter.rs" 42 15 42 32 - let%span siter13 = "../../../creusot-contracts/src/std/iter.rs" 43 15 43 32 - let%span siter14 = "../../../creusot-contracts/src/std/iter.rs" 44 14 44 42 + let%span siter11 = "../../../creusot-contracts/src/std/iter.rs" 42 14 42 45 + let%span siter12 = "../../../creusot-contracts/src/std/iter.rs" 46 15 46 32 + let%span siter13 = "../../../creusot-contracts/src/std/iter.rs" 47 15 47 32 + let%span siter14 = "../../../creusot-contracts/src/std/iter.rs" 48 14 48 42 type t_I'0 @@ -21213,16 +23220,16 @@ module M_creusot_contracts__stdqy35z1__iter__map__qyi6597778842032428791__produc use seq.Seq - predicate produces'1 [#"../../../creusot-contracts/src/std/iter.rs" 32 4 32 65] (self : t_I'0) (visited : Seq.seq t_Item'0) (o : t_I'0) + predicate produces'1 [#"../../../creusot-contracts/src/std/iter.rs" 36 4 36 65] (self : t_I'0) (visited : Seq.seq t_Item'0) (o : t_I'0) - function produces_trans'0 [#"../../../creusot-contracts/src/std/iter.rs" 45 4 45 91] (a : t_I'0) (ab : Seq.seq t_Item'0) (b : t_I'0) (bc : Seq.seq t_Item'0) (c : t_I'0) : () + function produces_trans'0 [#"../../../creusot-contracts/src/std/iter.rs" 49 4 49 91] (a : t_I'0) (ab : Seq.seq t_Item'0) (b : t_I'0) (bc : Seq.seq t_Item'0) (c : t_I'0) : () axiom produces_trans'0_spec : forall a : t_I'0, ab : Seq.seq t_Item'0, b : t_I'0, bc : Seq.seq t_Item'0, c : t_I'0 . ([%#siter12] produces'1 a ab b) -> ([%#siter13] produces'1 b bc c) -> ([%#siter14] produces'1 a (Seq.(++) ab bc) c) - function produces_refl'1 [#"../../../creusot-contracts/src/std/iter.rs" 39 4 39 27] (self : t_I'0) : () + function produces_refl'1 [#"../../../creusot-contracts/src/std/iter.rs" 43 4 43 27] (self : t_I'0) : () axiom produces_refl'1_spec : forall self : t_I'0 . [%#siter11] produces'1 self (Seq.empty : Seq.seq t_Item'0) self @@ -21269,10 +23276,10 @@ module M_creusot_contracts__stdqy35z1__iter__map__qyi6597778842032428791__produc let%span sops8 = "../../../creusot-contracts/src/std/ops.rs" 121 15 121 26 let%span sops9 = "../../../creusot-contracts/src/std/ops.rs" 122 14 122 28 let%span sops10 = "../../../creusot-contracts/src/std/ops.rs" 127 14 128 105 - let%span siter11 = "../../../creusot-contracts/src/std/iter.rs" 38 14 38 45 - let%span siter12 = "../../../creusot-contracts/src/std/iter.rs" 42 15 42 32 - let%span siter13 = "../../../creusot-contracts/src/std/iter.rs" 43 15 43 32 - let%span siter14 = "../../../creusot-contracts/src/std/iter.rs" 44 14 44 42 + let%span siter11 = "../../../creusot-contracts/src/std/iter.rs" 42 14 42 45 + let%span siter12 = "../../../creusot-contracts/src/std/iter.rs" 46 15 46 32 + let%span siter13 = "../../../creusot-contracts/src/std/iter.rs" 47 15 47 32 + let%span siter14 = "../../../creusot-contracts/src/std/iter.rs" 48 14 48 42 type t_I'0 @@ -21354,16 +23361,16 @@ module M_creusot_contracts__stdqy35z1__iter__map__qyi6597778842032428791__produc use seq.Seq - predicate produces'1 [#"../../../creusot-contracts/src/std/iter.rs" 32 4 32 65] (self : t_I'0) (visited : Seq.seq t_Item'0) (o : t_I'0) + predicate produces'1 [#"../../../creusot-contracts/src/std/iter.rs" 36 4 36 65] (self : t_I'0) (visited : Seq.seq t_Item'0) (o : t_I'0) - function produces_trans'1 [#"../../../creusot-contracts/src/std/iter.rs" 45 4 45 91] (a : t_I'0) (ab : Seq.seq t_Item'0) (b : t_I'0) (bc : Seq.seq t_Item'0) (c : t_I'0) : () + function produces_trans'1 [#"../../../creusot-contracts/src/std/iter.rs" 49 4 49 91] (a : t_I'0) (ab : Seq.seq t_Item'0) (b : t_I'0) (bc : Seq.seq t_Item'0) (c : t_I'0) : () axiom produces_trans'1_spec : forall a : t_I'0, ab : Seq.seq t_Item'0, b : t_I'0, bc : Seq.seq t_Item'0, c : t_I'0 . ([%#siter12] produces'1 a ab b) -> ([%#siter13] produces'1 b bc c) -> ([%#siter14] produces'1 a (Seq.(++) ab bc) c) - function produces_refl'0 [#"../../../creusot-contracts/src/std/iter.rs" 39 4 39 27] (self : t_I'0) : () + function produces_refl'0 [#"../../../creusot-contracts/src/std/iter.rs" 43 4 43 27] (self : t_I'0) : () axiom produces_refl'0_spec : forall self : t_I'0 . [%#siter11] produces'1 self (Seq.empty : Seq.seq t_Item'0) self @@ -21412,10 +23419,10 @@ module M_creusot_contracts__stdqy35z1__iter__map_inv__qyi9026772487048432788__pr let%span sops6 = "../../../creusot-contracts/src/std/ops.rs" 121 15 121 26 let%span sops7 = "../../../creusot-contracts/src/std/ops.rs" 122 14 122 28 let%span sops8 = "../../../creusot-contracts/src/std/ops.rs" 127 14 128 105 - let%span siter9 = "../../../creusot-contracts/src/std/iter.rs" 38 14 38 45 - let%span siter10 = "../../../creusot-contracts/src/std/iter.rs" 42 15 42 32 - let%span siter11 = "../../../creusot-contracts/src/std/iter.rs" 43 15 43 32 - let%span siter12 = "../../../creusot-contracts/src/std/iter.rs" 44 14 44 42 + let%span siter9 = "../../../creusot-contracts/src/std/iter.rs" 42 14 42 45 + let%span siter10 = "../../../creusot-contracts/src/std/iter.rs" 46 15 46 32 + let%span siter11 = "../../../creusot-contracts/src/std/iter.rs" 47 15 47 32 + let%span siter12 = "../../../creusot-contracts/src/std/iter.rs" 48 14 48 42 type t_I'0 @@ -21482,16 +23489,16 @@ module M_creusot_contracts__stdqy35z1__iter__map_inv__qyi9026772487048432788__pr use seq.Seq - predicate produces'1 [#"../../../creusot-contracts/src/std/iter.rs" 32 4 32 65] (self : t_I'0) (visited : Seq.seq t_Item'0) (o : t_I'0) + predicate produces'1 [#"../../../creusot-contracts/src/std/iter.rs" 36 4 36 65] (self : t_I'0) (visited : Seq.seq t_Item'0) (o : t_I'0) - function produces_trans'0 [#"../../../creusot-contracts/src/std/iter.rs" 45 4 45 91] (a : t_I'0) (ab : Seq.seq t_Item'0) (b : t_I'0) (bc : Seq.seq t_Item'0) (c : t_I'0) : () + function produces_trans'0 [#"../../../creusot-contracts/src/std/iter.rs" 49 4 49 91] (a : t_I'0) (ab : Seq.seq t_Item'0) (b : t_I'0) (bc : Seq.seq t_Item'0) (c : t_I'0) : () axiom produces_trans'0_spec : forall a : t_I'0, ab : Seq.seq t_Item'0, b : t_I'0, bc : Seq.seq t_Item'0, c : t_I'0 . ([%#siter10] produces'1 a ab b) -> ([%#siter11] produces'1 b bc c) -> ([%#siter12] produces'1 a (Seq.(++) ab bc) c) - function produces_refl'1 [#"../../../creusot-contracts/src/std/iter.rs" 39 4 39 27] (self : t_I'0) : () + function produces_refl'1 [#"../../../creusot-contracts/src/std/iter.rs" 43 4 43 27] (self : t_I'0) : () axiom produces_refl'1_spec : forall self : t_I'0 . [%#siter9] produces'1 self (Seq.empty : Seq.seq t_Item'0) self @@ -21547,10 +23554,10 @@ module M_creusot_contracts__stdqy35z1__iter__map_inv__qyi9026772487048432788__pr let%span sops6 = "../../../creusot-contracts/src/std/ops.rs" 121 15 121 26 let%span sops7 = "../../../creusot-contracts/src/std/ops.rs" 122 14 122 28 let%span sops8 = "../../../creusot-contracts/src/std/ops.rs" 127 14 128 105 - let%span siter9 = "../../../creusot-contracts/src/std/iter.rs" 38 14 38 45 - let%span siter10 = "../../../creusot-contracts/src/std/iter.rs" 42 15 42 32 - let%span siter11 = "../../../creusot-contracts/src/std/iter.rs" 43 15 43 32 - let%span siter12 = "../../../creusot-contracts/src/std/iter.rs" 44 14 44 42 + let%span siter9 = "../../../creusot-contracts/src/std/iter.rs" 42 14 42 45 + let%span siter10 = "../../../creusot-contracts/src/std/iter.rs" 46 15 46 32 + let%span siter11 = "../../../creusot-contracts/src/std/iter.rs" 47 15 47 32 + let%span siter12 = "../../../creusot-contracts/src/std/iter.rs" 48 14 48 42 type t_I'0 @@ -21615,16 +23622,16 @@ module M_creusot_contracts__stdqy35z1__iter__map_inv__qyi9026772487048432788__pr use seq.Seq - predicate produces'1 [#"../../../creusot-contracts/src/std/iter.rs" 32 4 32 65] (self : t_I'0) (visited : Seq.seq t_Item'0) (o : t_I'0) + predicate produces'1 [#"../../../creusot-contracts/src/std/iter.rs" 36 4 36 65] (self : t_I'0) (visited : Seq.seq t_Item'0) (o : t_I'0) - function produces_trans'1 [#"../../../creusot-contracts/src/std/iter.rs" 45 4 45 91] (a : t_I'0) (ab : Seq.seq t_Item'0) (b : t_I'0) (bc : Seq.seq t_Item'0) (c : t_I'0) : () + function produces_trans'1 [#"../../../creusot-contracts/src/std/iter.rs" 49 4 49 91] (a : t_I'0) (ab : Seq.seq t_Item'0) (b : t_I'0) (bc : Seq.seq t_Item'0) (c : t_I'0) : () axiom produces_trans'1_spec : forall a : t_I'0, ab : Seq.seq t_Item'0, b : t_I'0, bc : Seq.seq t_Item'0, c : t_I'0 . ([%#siter10] produces'1 a ab b) -> ([%#siter11] produces'1 b bc c) -> ([%#siter12] produces'1 a (Seq.(++) ab bc) c) - function produces_refl'0 [#"../../../creusot-contracts/src/std/iter.rs" 39 4 39 27] (self : t_I'0) : () + function produces_refl'0 [#"../../../creusot-contracts/src/std/iter.rs" 43 4 43 27] (self : t_I'0) : () axiom produces_refl'0_spec : forall self : t_I'0 . [%#siter9] produces'1 self (Seq.empty : Seq.seq t_Item'0) self @@ -21820,11 +23827,11 @@ module M_creusot_contracts__stdqy35z1__iter__range__qyi16860283617022118777__pro -> produces'0 b bc c /\ produces'0 a ab b /\ (forall result : () . produces'0 a (Seq.(++) ab bc) c -> produces'0 a (Seq.(++) ab bc) c) end -module M_creusot_contracts__stdqy35z1__iter__range__qyi11108913944999844411__produces_trans__refines [#"../../../creusot-contracts/src/std/iter/range.rs" 84 4 84 90] (* as std::iter::Iterator> *) - let%span srange0 = "../../../creusot-contracts/src/std/iter/range.rs" 84 4 84 90 - let%span srange1 = "../../../creusot-contracts/src/std/iter/range.rs" 66 12 70 76 - let%span srange2 = "../../../creusot-contracts/src/std/iter/range.rs" 45 10 45 43 - let%span srange3 = "../../../creusot-contracts/src/std/iter/range.rs" 47 4 50 5 +module M_creusot_contracts__stdqy35z1__iter__range__qyi11108913944999844411__produces_trans__refines [#"../../../creusot-contracts/src/std/iter/range.rs" 110 4 110 90] (* as std::iter::Iterator> *) + let%span srange0 = "../../../creusot-contracts/src/std/iter/range.rs" 110 4 110 90 + let%span srange1 = "../../../creusot-contracts/src/std/iter/range.rs" 92 12 96 76 + let%span srange2 = "../../../creusot-contracts/src/std/iter/range.rs" 71 10 71 43 + let%span srange3 = "../../../creusot-contracts/src/std/iter/range.rs" 73 4 76 5 let%span sops4 = "../../../creusot-contracts/src/std/ops.rs" 205 14 205 86 type t_Idx'0 @@ -21849,7 +23856,7 @@ module M_creusot_contracts__stdqy35z1__iter__range__qyi11108913944999844411__pro axiom is_empty_log'0_spec : forall self : t_RangeInclusive'0 . [%#sops4] not is_empty_log'0 self -> deep_model'0 (start_log'0 self) <= deep_model'0 (end_log'0 self) - function range_inclusive_len'0 [#"../../../creusot-contracts/src/std/iter/range.rs" 46 0 46 92] (r : t_RangeInclusive'0) : int + function range_inclusive_len'0 [#"../../../creusot-contracts/src/std/iter/range.rs" 72 0 72 92] (r : t_RangeInclusive'0) : int = [%#srange3] if is_empty_log'0 r then 0 else deep_model'0 (end_log'0 r) - deep_model'0 (start_log'0 r) + 1 @@ -21859,7 +23866,7 @@ module M_creusot_contracts__stdqy35z1__iter__range__qyi11108913944999844411__pro use seq.Seq - predicate produces'0 [#"../../../creusot-contracts/src/std/iter/range.rs" 64 4 64 64] (self : t_RangeInclusive'0) (visited : Seq.seq t_Idx'0) (o : t_RangeInclusive'0) + predicate produces'0 [#"../../../creusot-contracts/src/std/iter/range.rs" 90 4 90 64] (self : t_RangeInclusive'0) (visited : Seq.seq t_Idx'0) (o : t_RangeInclusive'0) = [%#srange1] Seq.length visited = range_inclusive_len'0 self - range_inclusive_len'0 o @@ -21875,11 +23882,11 @@ module M_creusot_contracts__stdqy35z1__iter__range__qyi11108913944999844411__pro -> produces'0 b bc c /\ produces'0 a ab b /\ (forall result : () . produces'0 a (Seq.(++) ab bc) c -> produces'0 a (Seq.(++) ab bc) c) end -module M_creusot_contracts__stdqy35z1__iter__range__qyi11108913944999844411__produces_refl__refines [#"../../../creusot-contracts/src/std/iter/range.rs" 77 4 77 26] (* as std::iter::Iterator> *) - let%span srange0 = "../../../creusot-contracts/src/std/iter/range.rs" 77 4 77 26 - let%span srange1 = "../../../creusot-contracts/src/std/iter/range.rs" 66 12 70 76 - let%span srange2 = "../../../creusot-contracts/src/std/iter/range.rs" 45 10 45 43 - let%span srange3 = "../../../creusot-contracts/src/std/iter/range.rs" 47 4 50 5 +module M_creusot_contracts__stdqy35z1__iter__range__qyi11108913944999844411__produces_refl__refines [#"../../../creusot-contracts/src/std/iter/range.rs" 103 4 103 26] (* as std::iter::Iterator> *) + let%span srange0 = "../../../creusot-contracts/src/std/iter/range.rs" 103 4 103 26 + let%span srange1 = "../../../creusot-contracts/src/std/iter/range.rs" 92 12 96 76 + let%span srange2 = "../../../creusot-contracts/src/std/iter/range.rs" 71 10 71 43 + let%span srange3 = "../../../creusot-contracts/src/std/iter/range.rs" 73 4 76 5 let%span sops4 = "../../../creusot-contracts/src/std/ops.rs" 205 14 205 86 type t_Idx'0 @@ -21906,7 +23913,7 @@ module M_creusot_contracts__stdqy35z1__iter__range__qyi11108913944999844411__pro axiom is_empty_log'0_spec : forall self : t_RangeInclusive'0 . [%#sops4] not is_empty_log'0 self -> deep_model'0 (start_log'0 self) <= deep_model'0 (end_log'0 self) - function range_inclusive_len'0 [#"../../../creusot-contracts/src/std/iter/range.rs" 46 0 46 92] (r : t_RangeInclusive'0) : int + function range_inclusive_len'0 [#"../../../creusot-contracts/src/std/iter/range.rs" 72 0 72 92] (r : t_RangeInclusive'0) : int = [%#srange3] if is_empty_log'0 r then 0 else deep_model'0 (end_log'0 r) - deep_model'0 (start_log'0 r) + 1 @@ -21916,7 +23923,7 @@ module M_creusot_contracts__stdqy35z1__iter__range__qyi11108913944999844411__pro use seq.Seq - predicate produces'0 [#"../../../creusot-contracts/src/std/iter/range.rs" 64 4 64 64] (self : t_RangeInclusive'0) (visited : Seq.seq t_Idx'0) (o : t_RangeInclusive'0) + predicate produces'0 [#"../../../creusot-contracts/src/std/iter/range.rs" 90 4 90 64] (self : t_RangeInclusive'0) (visited : Seq.seq t_Idx'0) (o : t_RangeInclusive'0) = [%#srange1] Seq.length visited = range_inclusive_len'0 self - range_inclusive_len'0 o @@ -21988,15 +23995,129 @@ module M_creusot_contracts__stdqy35z1__iter__repeat__qyi8658929399712466629__pro -> produces'0 b bc c /\ produces'0 a ab b /\ (forall result : () . produces'0 a (Seq.(++) ab bc) c -> produces'0 a (Seq.(++) ab bc) c) end +module M_creusot_contracts__stdqy35z1__iter__rev__qyi4378764544541057436__produces_refl__refines [#"../../../creusot-contracts/src/std/iter/rev.rs" 48 4 48 26] (* as std::iter::Iterator> *) + let%span srev0 = "../../../creusot-contracts/src/std/iter/rev.rs" 48 4 48 26 + let%span srev1 = "../../../creusot-contracts/src/std/iter/rev.rs" 41 12 41 56 + let%span srev2 = "../../../creusot-contracts/src/std/iter/rev.rs" 17 14 17 39 + let%span siter3 = "../../../creusot-contracts/src/std/iter.rs" 106 14 106 50 + let%span siter4 = "../../../creusot-contracts/src/std/iter.rs" 110 15 110 37 + let%span siter5 = "../../../creusot-contracts/src/std/iter.rs" 111 15 111 37 + let%span siter6 = "../../../creusot-contracts/src/std/iter.rs" 112 14 112 47 + + type t_I'0 + + type t_Rev'0 = + { t_Rev__iter'0: t_I'0 } + + use seq.Seq + + type t_Item'0 + + use seq.Seq + + predicate inv'1 [#"../../../creusot-contracts/src/invariant.rs" 41 0 41 35] (_1 : t_I'0) + + predicate inv'0 [#"../../../creusot-contracts/src/invariant.rs" 41 0 41 35] (_1 : t_Rev'0) + + axiom inv_axiom'0 [@rewrite] : forall x : t_Rev'0 [inv'0 x] . inv'0 x + = match x with + | {t_Rev__iter'0 = iter} -> inv'1 iter + end + + function iter'0 [#"../../../creusot-contracts/src/std/iter/rev.rs" 18 4 18 22] (self : t_Rev'0) : t_I'0 + + axiom iter'0_spec : forall self : t_Rev'0 . [%#srev2] inv'0 self -> inv'1 (iter'0 self) + + use seq.Seq + + predicate produces_back'0 [#"../../../creusot-contracts/src/std/iter.rs" 103 4 103 70] (self : t_I'0) (visited : Seq.seq t_Item'0) (o : t_I'0) + + + function produces_back_trans'0 [#"../../../creusot-contracts/src/std/iter.rs" 113 4 113 96] (a : t_I'0) (ab : Seq.seq t_Item'0) (b : t_I'0) (bc : Seq.seq t_Item'0) (c : t_I'0) : () + + + axiom produces_back_trans'0_spec : forall a : t_I'0, ab : Seq.seq t_Item'0, b : t_I'0, bc : Seq.seq t_Item'0, c : t_I'0 . ([%#siter4] produces_back'0 a ab b) + -> ([%#siter5] produces_back'0 b bc c) -> ([%#siter6] produces_back'0 a (Seq.(++) ab bc) c) + + function produces_back_refl'0 [#"../../../creusot-contracts/src/std/iter.rs" 107 4 107 32] (self : t_I'0) : () + + axiom produces_back_refl'0_spec : forall self : t_I'0 . [%#siter3] produces_back'0 self (Seq.empty : Seq.seq t_Item'0) self + + predicate produces'0 [#"../../../creusot-contracts/src/std/iter/rev.rs" 39 4 39 64] (self : t_Rev'0) (visited : Seq.seq t_Item'0) (o : t_Rev'0) + + = + [%#srev1] produces_back'0 (iter'0 self) visited (iter'0 o) + + goal refines : [%#srev0] forall self : t_Rev'0 . forall result : () . produces'0 self (Seq.empty : Seq.seq t_Item'0) self + -> produces'0 self (Seq.empty : Seq.seq t_Item'0) self +end +module M_creusot_contracts__stdqy35z1__iter__rev__qyi4378764544541057436__produces_trans__refines [#"../../../creusot-contracts/src/std/iter/rev.rs" 55 4 55 90] (* as std::iter::Iterator> *) + let%span srev0 = "../../../creusot-contracts/src/std/iter/rev.rs" 55 4 55 90 + let%span srev1 = "../../../creusot-contracts/src/std/iter/rev.rs" 41 12 41 56 + let%span srev2 = "../../../creusot-contracts/src/std/iter/rev.rs" 17 14 17 39 + let%span siter3 = "../../../creusot-contracts/src/std/iter.rs" 106 14 106 50 + let%span siter4 = "../../../creusot-contracts/src/std/iter.rs" 110 15 110 37 + let%span siter5 = "../../../creusot-contracts/src/std/iter.rs" 111 15 111 37 + let%span siter6 = "../../../creusot-contracts/src/std/iter.rs" 112 14 112 47 + + type t_I'0 + + type t_Rev'0 = + { t_Rev__iter'0: t_I'0 } + + type t_Item'0 + + use seq.Seq + + predicate inv'1 [#"../../../creusot-contracts/src/invariant.rs" 41 0 41 35] (_1 : t_I'0) + + predicate inv'0 [#"../../../creusot-contracts/src/invariant.rs" 41 0 41 35] (_1 : t_Rev'0) + + axiom inv_axiom'0 [@rewrite] : forall x : t_Rev'0 [inv'0 x] . inv'0 x + = match x with + | {t_Rev__iter'0 = iter} -> inv'1 iter + end + + function iter'0 [#"../../../creusot-contracts/src/std/iter/rev.rs" 18 4 18 22] (self : t_Rev'0) : t_I'0 + + axiom iter'0_spec : forall self : t_Rev'0 . [%#srev2] inv'0 self -> inv'1 (iter'0 self) + + use seq.Seq + + use seq.Seq + + predicate produces_back'0 [#"../../../creusot-contracts/src/std/iter.rs" 103 4 103 70] (self : t_I'0) (visited : Seq.seq t_Item'0) (o : t_I'0) + + + function produces_back_trans'0 [#"../../../creusot-contracts/src/std/iter.rs" 113 4 113 96] (a : t_I'0) (ab : Seq.seq t_Item'0) (b : t_I'0) (bc : Seq.seq t_Item'0) (c : t_I'0) : () + + + axiom produces_back_trans'0_spec : forall a : t_I'0, ab : Seq.seq t_Item'0, b : t_I'0, bc : Seq.seq t_Item'0, c : t_I'0 . ([%#siter4] produces_back'0 a ab b) + -> ([%#siter5] produces_back'0 b bc c) -> ([%#siter6] produces_back'0 a (Seq.(++) ab bc) c) + + function produces_back_refl'0 [#"../../../creusot-contracts/src/std/iter.rs" 107 4 107 32] (self : t_I'0) : () + + axiom produces_back_refl'0_spec : forall self : t_I'0 . [%#siter3] produces_back'0 self (Seq.empty : Seq.seq t_Item'0) self + + predicate produces'0 [#"../../../creusot-contracts/src/std/iter/rev.rs" 39 4 39 64] (self : t_Rev'0) (visited : Seq.seq t_Item'0) (o : t_Rev'0) + + = + [%#srev1] produces_back'0 (iter'0 self) visited (iter'0 o) + + goal refines : [%#srev0] forall a : t_Rev'0 . forall ab : Seq.seq t_Item'0 . forall b : t_Rev'0 . forall bc : Seq.seq t_Item'0 . forall c : t_Rev'0 . produces'0 b bc c + /\ produces'0 a ab b + -> produces'0 b bc c + /\ produces'0 a ab b /\ (forall result : () . produces'0 a (Seq.(++) ab bc) c -> produces'0 a (Seq.(++) ab bc) c) +end module M_creusot_contracts__stdqy35z1__iter__skip__qyi3195031491774060502__produces_trans__refines [#"../../../creusot-contracts/src/std/iter/skip.rs" 81 4 81 90] (* as std::iter::Iterator> *) let%span sskip0 = "../../../creusot-contracts/src/std/iter/skip.rs" 81 4 81 90 let%span sskip1 = "../../../creusot-contracts/src/std/iter/skip.rs" 62 12 67 74 let%span sskip2 = "../../../creusot-contracts/src/std/iter/skip.rs" 21 14 21 50 let%span sskip3 = "../../../creusot-contracts/src/std/iter/skip.rs" 14 14 14 39 - let%span siter4 = "../../../creusot-contracts/src/std/iter.rs" 38 14 38 45 - let%span siter5 = "../../../creusot-contracts/src/std/iter.rs" 42 15 42 32 - let%span siter6 = "../../../creusot-contracts/src/std/iter.rs" 43 15 43 32 - let%span siter7 = "../../../creusot-contracts/src/std/iter.rs" 44 14 44 42 + let%span siter4 = "../../../creusot-contracts/src/std/iter.rs" 42 14 42 45 + let%span siter5 = "../../../creusot-contracts/src/std/iter.rs" 46 15 46 32 + let%span siter6 = "../../../creusot-contracts/src/std/iter.rs" 47 15 47 32 + let%span siter7 = "../../../creusot-contracts/src/std/iter.rs" 48 14 48 42 type t_I'0 @@ -22038,16 +24159,16 @@ module M_creusot_contracts__stdqy35z1__iter__skip__qyi3195031491774060502__produ use seq.Seq - predicate produces'1 [#"../../../creusot-contracts/src/std/iter.rs" 32 4 32 65] (self : t_I'0) (visited : Seq.seq t_Item'0) (o : t_I'0) + predicate produces'1 [#"../../../creusot-contracts/src/std/iter.rs" 36 4 36 65] (self : t_I'0) (visited : Seq.seq t_Item'0) (o : t_I'0) - function produces_trans'1 [#"../../../creusot-contracts/src/std/iter.rs" 45 4 45 91] (a : t_I'0) (ab : Seq.seq t_Item'0) (b : t_I'0) (bc : Seq.seq t_Item'0) (c : t_I'0) : () + function produces_trans'1 [#"../../../creusot-contracts/src/std/iter.rs" 49 4 49 91] (a : t_I'0) (ab : Seq.seq t_Item'0) (b : t_I'0) (bc : Seq.seq t_Item'0) (c : t_I'0) : () axiom produces_trans'1_spec : forall a : t_I'0, ab : Seq.seq t_Item'0, b : t_I'0, bc : Seq.seq t_Item'0, c : t_I'0 . ([%#siter5] produces'1 a ab b) -> ([%#siter6] produces'1 b bc c) -> ([%#siter7] produces'1 a (Seq.(++) ab bc) c) - function produces_refl'0 [#"../../../creusot-contracts/src/std/iter.rs" 39 4 39 27] (self : t_I'0) : () + function produces_refl'0 [#"../../../creusot-contracts/src/std/iter.rs" 43 4 43 27] (self : t_I'0) : () axiom produces_refl'0_spec : forall self : t_I'0 . [%#siter4] produces'1 self (Seq.empty : Seq.seq t_Item'0) self @@ -22077,10 +24198,10 @@ module M_creusot_contracts__stdqy35z1__iter__skip__qyi3195031491774060502__produ let%span sskip1 = "../../../creusot-contracts/src/std/iter/skip.rs" 62 12 67 74 let%span sskip2 = "../../../creusot-contracts/src/std/iter/skip.rs" 21 14 21 50 let%span sskip3 = "../../../creusot-contracts/src/std/iter/skip.rs" 14 14 14 39 - let%span siter4 = "../../../creusot-contracts/src/std/iter.rs" 38 14 38 45 - let%span siter5 = "../../../creusot-contracts/src/std/iter.rs" 42 15 42 32 - let%span siter6 = "../../../creusot-contracts/src/std/iter.rs" 43 15 43 32 - let%span siter7 = "../../../creusot-contracts/src/std/iter.rs" 44 14 44 42 + let%span siter4 = "../../../creusot-contracts/src/std/iter.rs" 42 14 42 45 + let%span siter5 = "../../../creusot-contracts/src/std/iter.rs" 46 15 46 32 + let%span siter6 = "../../../creusot-contracts/src/std/iter.rs" 47 15 47 32 + let%span siter7 = "../../../creusot-contracts/src/std/iter.rs" 48 14 48 42 type t_I'0 @@ -22122,16 +24243,16 @@ module M_creusot_contracts__stdqy35z1__iter__skip__qyi3195031491774060502__produ use seq.Seq - predicate produces'1 [#"../../../creusot-contracts/src/std/iter.rs" 32 4 32 65] (self : t_I'0) (visited : Seq.seq t_Item'0) (o : t_I'0) + predicate produces'1 [#"../../../creusot-contracts/src/std/iter.rs" 36 4 36 65] (self : t_I'0) (visited : Seq.seq t_Item'0) (o : t_I'0) - function produces_trans'0 [#"../../../creusot-contracts/src/std/iter.rs" 45 4 45 91] (a : t_I'0) (ab : Seq.seq t_Item'0) (b : t_I'0) (bc : Seq.seq t_Item'0) (c : t_I'0) : () + function produces_trans'0 [#"../../../creusot-contracts/src/std/iter.rs" 49 4 49 91] (a : t_I'0) (ab : Seq.seq t_Item'0) (b : t_I'0) (bc : Seq.seq t_Item'0) (c : t_I'0) : () axiom produces_trans'0_spec : forall a : t_I'0, ab : Seq.seq t_Item'0, b : t_I'0, bc : Seq.seq t_Item'0, c : t_I'0 . ([%#siter5] produces'1 a ab b) -> ([%#siter6] produces'1 b bc c) -> ([%#siter7] produces'1 a (Seq.(++) ab bc) c) - function produces_refl'1 [#"../../../creusot-contracts/src/std/iter.rs" 39 4 39 27] (self : t_I'0) : () + function produces_refl'1 [#"../../../creusot-contracts/src/std/iter.rs" 43 4 43 27] (self : t_I'0) : () axiom produces_refl'1_spec : forall self : t_I'0 . [%#siter4] produces'1 self (Seq.empty : Seq.seq t_Item'0) self @@ -22159,10 +24280,10 @@ module M_creusot_contracts__stdqy35z1__iter__take__qyi12344256497067751022__prod let%span stake1 = "../../../creusot-contracts/src/std/iter/take.rs" 65 12 65 88 let%span stake2 = "../../../creusot-contracts/src/std/iter/take.rs" 31 14 31 50 let%span stake3 = "../../../creusot-contracts/src/std/iter/take.rs" 17 14 17 39 - let%span siter4 = "../../../creusot-contracts/src/std/iter.rs" 38 14 38 45 - let%span siter5 = "../../../creusot-contracts/src/std/iter.rs" 42 15 42 32 - let%span siter6 = "../../../creusot-contracts/src/std/iter.rs" 43 15 43 32 - let%span siter7 = "../../../creusot-contracts/src/std/iter.rs" 44 14 44 42 + let%span siter4 = "../../../creusot-contracts/src/std/iter.rs" 42 14 42 45 + let%span siter5 = "../../../creusot-contracts/src/std/iter.rs" 46 15 46 32 + let%span siter6 = "../../../creusot-contracts/src/std/iter.rs" 47 15 47 32 + let%span siter7 = "../../../creusot-contracts/src/std/iter.rs" 48 14 48 42 type t_I'0 @@ -22204,16 +24325,16 @@ module M_creusot_contracts__stdqy35z1__iter__take__qyi12344256497067751022__prod use seq.Seq - predicate produces'1 [#"../../../creusot-contracts/src/std/iter.rs" 32 4 32 65] (self : t_I'0) (visited : Seq.seq t_Item'0) (o : t_I'0) + predicate produces'1 [#"../../../creusot-contracts/src/std/iter.rs" 36 4 36 65] (self : t_I'0) (visited : Seq.seq t_Item'0) (o : t_I'0) - function produces_trans'0 [#"../../../creusot-contracts/src/std/iter.rs" 45 4 45 91] (a : t_I'0) (ab : Seq.seq t_Item'0) (b : t_I'0) (bc : Seq.seq t_Item'0) (c : t_I'0) : () + function produces_trans'0 [#"../../../creusot-contracts/src/std/iter.rs" 49 4 49 91] (a : t_I'0) (ab : Seq.seq t_Item'0) (b : t_I'0) (bc : Seq.seq t_Item'0) (c : t_I'0) : () axiom produces_trans'0_spec : forall a : t_I'0, ab : Seq.seq t_Item'0, b : t_I'0, bc : Seq.seq t_Item'0, c : t_I'0 . ([%#siter5] produces'1 a ab b) -> ([%#siter6] produces'1 b bc c) -> ([%#siter7] produces'1 a (Seq.(++) ab bc) c) - function produces_refl'1 [#"../../../creusot-contracts/src/std/iter.rs" 39 4 39 27] (self : t_I'0) : () + function produces_refl'1 [#"../../../creusot-contracts/src/std/iter.rs" 43 4 43 27] (self : t_I'0) : () axiom produces_refl'1_spec : forall self : t_I'0 . [%#siter4] produces'1 self (Seq.empty : Seq.seq t_Item'0) self @@ -22230,10 +24351,10 @@ module M_creusot_contracts__stdqy35z1__iter__take__qyi12344256497067751022__prod let%span stake1 = "../../../creusot-contracts/src/std/iter/take.rs" 65 12 65 88 let%span stake2 = "../../../creusot-contracts/src/std/iter/take.rs" 31 14 31 50 let%span stake3 = "../../../creusot-contracts/src/std/iter/take.rs" 17 14 17 39 - let%span siter4 = "../../../creusot-contracts/src/std/iter.rs" 38 14 38 45 - let%span siter5 = "../../../creusot-contracts/src/std/iter.rs" 42 15 42 32 - let%span siter6 = "../../../creusot-contracts/src/std/iter.rs" 43 15 43 32 - let%span siter7 = "../../../creusot-contracts/src/std/iter.rs" 44 14 44 42 + let%span siter4 = "../../../creusot-contracts/src/std/iter.rs" 42 14 42 45 + let%span siter5 = "../../../creusot-contracts/src/std/iter.rs" 46 15 46 32 + let%span siter6 = "../../../creusot-contracts/src/std/iter.rs" 47 15 47 32 + let%span siter7 = "../../../creusot-contracts/src/std/iter.rs" 48 14 48 42 type t_I'0 @@ -22275,16 +24396,16 @@ module M_creusot_contracts__stdqy35z1__iter__take__qyi12344256497067751022__prod use seq.Seq - predicate produces'1 [#"../../../creusot-contracts/src/std/iter.rs" 32 4 32 65] (self : t_I'0) (visited : Seq.seq t_Item'0) (o : t_I'0) + predicate produces'1 [#"../../../creusot-contracts/src/std/iter.rs" 36 4 36 65] (self : t_I'0) (visited : Seq.seq t_Item'0) (o : t_I'0) - function produces_trans'1 [#"../../../creusot-contracts/src/std/iter.rs" 45 4 45 91] (a : t_I'0) (ab : Seq.seq t_Item'0) (b : t_I'0) (bc : Seq.seq t_Item'0) (c : t_I'0) : () + function produces_trans'1 [#"../../../creusot-contracts/src/std/iter.rs" 49 4 49 91] (a : t_I'0) (ab : Seq.seq t_Item'0) (b : t_I'0) (bc : Seq.seq t_Item'0) (c : t_I'0) : () axiom produces_trans'1_spec : forall a : t_I'0, ab : Seq.seq t_Item'0, b : t_I'0, bc : Seq.seq t_Item'0, c : t_I'0 . ([%#siter5] produces'1 a ab b) -> ([%#siter6] produces'1 b bc c) -> ([%#siter7] produces'1 a (Seq.(++) ab bc) c) - function produces_refl'0 [#"../../../creusot-contracts/src/std/iter.rs" 39 4 39 27] (self : t_I'0) : () + function produces_refl'0 [#"../../../creusot-contracts/src/std/iter.rs" 43 4 43 27] (self : t_I'0) : () axiom produces_refl'0_spec : forall self : t_I'0 . [%#siter4] produces'1 self (Seq.empty : Seq.seq t_Item'0) self @@ -22303,10 +24424,10 @@ module M_creusot_contracts__stdqy35z1__iter__zip__qyi2281060687216883844__produc let%span szip1 = "../../../creusot-contracts/src/std/iter/zip.rs" 46 12 49 95 let%span szip2 = "../../../creusot-contracts/src/std/iter/zip.rs" 14 14 14 39 let%span szip3 = "../../../creusot-contracts/src/std/iter/zip.rs" 21 14 21 39 - let%span siter4 = "../../../creusot-contracts/src/std/iter.rs" 38 14 38 45 - let%span siter5 = "../../../creusot-contracts/src/std/iter.rs" 42 15 42 32 - let%span siter6 = "../../../creusot-contracts/src/std/iter.rs" 43 15 43 32 - let%span siter7 = "../../../creusot-contracts/src/std/iter.rs" 44 14 44 42 + let%span siter4 = "../../../creusot-contracts/src/std/iter.rs" 42 14 42 45 + let%span siter5 = "../../../creusot-contracts/src/std/iter.rs" 46 15 46 32 + let%span siter6 = "../../../creusot-contracts/src/std/iter.rs" 47 15 47 32 + let%span siter7 = "../../../creusot-contracts/src/std/iter.rs" 48 14 48 42 type t_A'0 @@ -22361,16 +24482,16 @@ module M_creusot_contracts__stdqy35z1__iter__zip__qyi2281060687216883844__produc use seq.Seq - predicate produces'1 [#"../../../creusot-contracts/src/std/iter.rs" 32 4 32 65] (self : t_A'0) (visited : Seq.seq t_Item'0) (o : t_A'0) + predicate produces'1 [#"../../../creusot-contracts/src/std/iter.rs" 36 4 36 65] (self : t_A'0) (visited : Seq.seq t_Item'0) (o : t_A'0) - function produces_trans'1 [#"../../../creusot-contracts/src/std/iter.rs" 45 4 45 91] (a : t_A'0) (ab : Seq.seq t_Item'0) (b : t_A'0) (bc : Seq.seq t_Item'0) (c : t_A'0) : () + function produces_trans'1 [#"../../../creusot-contracts/src/std/iter.rs" 49 4 49 91] (a : t_A'0) (ab : Seq.seq t_Item'0) (b : t_A'0) (bc : Seq.seq t_Item'0) (c : t_A'0) : () axiom produces_trans'1_spec : forall a : t_A'0, ab : Seq.seq t_Item'0, b : t_A'0, bc : Seq.seq t_Item'0, c : t_A'0 . ([%#siter5] produces'1 a ab b) -> ([%#siter6] produces'1 b bc c) -> ([%#siter7] produces'1 a (Seq.(++) ab bc) c) - function produces_refl'0 [#"../../../creusot-contracts/src/std/iter.rs" 39 4 39 27] (self : t_A'0) : () + function produces_refl'0 [#"../../../creusot-contracts/src/std/iter.rs" 43 4 43 27] (self : t_A'0) : () axiom produces_refl'0_spec : forall self : t_A'0 . [%#siter4] produces'1 self (Seq.empty : Seq.seq t_Item'0) self @@ -22382,16 +24503,16 @@ module M_creusot_contracts__stdqy35z1__iter__zip__qyi2281060687216883844__produc use seq.Seq - predicate produces'2 [#"../../../creusot-contracts/src/std/iter.rs" 32 4 32 65] (self : t_B'0) (visited : Seq.seq t_Item'1) (o : t_B'0) + predicate produces'2 [#"../../../creusot-contracts/src/std/iter.rs" 36 4 36 65] (self : t_B'0) (visited : Seq.seq t_Item'1) (o : t_B'0) - function produces_trans'2 [#"../../../creusot-contracts/src/std/iter.rs" 45 4 45 91] (a : t_B'0) (ab : Seq.seq t_Item'1) (b : t_B'0) (bc : Seq.seq t_Item'1) (c : t_B'0) : () + function produces_trans'2 [#"../../../creusot-contracts/src/std/iter.rs" 49 4 49 91] (a : t_B'0) (ab : Seq.seq t_Item'1) (b : t_B'0) (bc : Seq.seq t_Item'1) (c : t_B'0) : () axiom produces_trans'2_spec : forall a : t_B'0, ab : Seq.seq t_Item'1, b : t_B'0, bc : Seq.seq t_Item'1, c : t_B'0 . ([%#siter5] produces'2 a ab b) -> ([%#siter6] produces'2 b bc c) -> ([%#siter7] produces'2 a (Seq.(++) ab bc) c) - function produces_refl'1 [#"../../../creusot-contracts/src/std/iter.rs" 39 4 39 27] (self : t_B'0) : () + function produces_refl'1 [#"../../../creusot-contracts/src/std/iter.rs" 43 4 43 27] (self : t_B'0) : () axiom produces_refl'1_spec : forall self : t_B'0 . [%#siter4] produces'2 self (Seq.empty : Seq.seq t_Item'1) self @@ -22415,10 +24536,10 @@ module M_creusot_contracts__stdqy35z1__iter__zip__qyi2281060687216883844__produc let%span szip1 = "../../../creusot-contracts/src/std/iter/zip.rs" 46 12 49 95 let%span szip2 = "../../../creusot-contracts/src/std/iter/zip.rs" 14 14 14 39 let%span szip3 = "../../../creusot-contracts/src/std/iter/zip.rs" 21 14 21 39 - let%span siter4 = "../../../creusot-contracts/src/std/iter.rs" 38 14 38 45 - let%span siter5 = "../../../creusot-contracts/src/std/iter.rs" 42 15 42 32 - let%span siter6 = "../../../creusot-contracts/src/std/iter.rs" 43 15 43 32 - let%span siter7 = "../../../creusot-contracts/src/std/iter.rs" 44 14 44 42 + let%span siter4 = "../../../creusot-contracts/src/std/iter.rs" 42 14 42 45 + let%span siter5 = "../../../creusot-contracts/src/std/iter.rs" 46 15 46 32 + let%span siter6 = "../../../creusot-contracts/src/std/iter.rs" 47 15 47 32 + let%span siter7 = "../../../creusot-contracts/src/std/iter.rs" 48 14 48 42 type t_A'0 @@ -22475,16 +24596,16 @@ module M_creusot_contracts__stdqy35z1__iter__zip__qyi2281060687216883844__produc use seq.Seq - predicate produces'1 [#"../../../creusot-contracts/src/std/iter.rs" 32 4 32 65] (self : t_A'0) (visited : Seq.seq t_Item'0) (o : t_A'0) + predicate produces'1 [#"../../../creusot-contracts/src/std/iter.rs" 36 4 36 65] (self : t_A'0) (visited : Seq.seq t_Item'0) (o : t_A'0) - function produces_trans'0 [#"../../../creusot-contracts/src/std/iter.rs" 45 4 45 91] (a : t_A'0) (ab : Seq.seq t_Item'0) (b : t_A'0) (bc : Seq.seq t_Item'0) (c : t_A'0) : () + function produces_trans'0 [#"../../../creusot-contracts/src/std/iter.rs" 49 4 49 91] (a : t_A'0) (ab : Seq.seq t_Item'0) (b : t_A'0) (bc : Seq.seq t_Item'0) (c : t_A'0) : () axiom produces_trans'0_spec : forall a : t_A'0, ab : Seq.seq t_Item'0, b : t_A'0, bc : Seq.seq t_Item'0, c : t_A'0 . ([%#siter5] produces'1 a ab b) -> ([%#siter6] produces'1 b bc c) -> ([%#siter7] produces'1 a (Seq.(++) ab bc) c) - function produces_refl'1 [#"../../../creusot-contracts/src/std/iter.rs" 39 4 39 27] (self : t_A'0) : () + function produces_refl'1 [#"../../../creusot-contracts/src/std/iter.rs" 43 4 43 27] (self : t_A'0) : () axiom produces_refl'1_spec : forall self : t_A'0 . [%#siter4] produces'1 self (Seq.empty : Seq.seq t_Item'0) self @@ -22496,16 +24617,16 @@ module M_creusot_contracts__stdqy35z1__iter__zip__qyi2281060687216883844__produc use seq.Seq - predicate produces'2 [#"../../../creusot-contracts/src/std/iter.rs" 32 4 32 65] (self : t_B'0) (visited : Seq.seq t_Item'1) (o : t_B'0) + predicate produces'2 [#"../../../creusot-contracts/src/std/iter.rs" 36 4 36 65] (self : t_B'0) (visited : Seq.seq t_Item'1) (o : t_B'0) - function produces_trans'1 [#"../../../creusot-contracts/src/std/iter.rs" 45 4 45 91] (a : t_B'0) (ab : Seq.seq t_Item'1) (b : t_B'0) (bc : Seq.seq t_Item'1) (c : t_B'0) : () + function produces_trans'1 [#"../../../creusot-contracts/src/std/iter.rs" 49 4 49 91] (a : t_B'0) (ab : Seq.seq t_Item'1) (b : t_B'0) (bc : Seq.seq t_Item'1) (c : t_B'0) : () axiom produces_trans'1_spec : forall a : t_B'0, ab : Seq.seq t_Item'1, b : t_B'0, bc : Seq.seq t_Item'1, c : t_B'0 . ([%#siter5] produces'2 a ab b) -> ([%#siter6] produces'2 b bc c) -> ([%#siter7] produces'2 a (Seq.(++) ab bc) c) - function produces_refl'2 [#"../../../creusot-contracts/src/std/iter.rs" 39 4 39 27] (self : t_B'0) : () + function produces_refl'2 [#"../../../creusot-contracts/src/std/iter.rs" 43 4 43 27] (self : t_B'0) : () axiom produces_refl'2_spec : forall self : t_B'0 . [%#siter4] produces'2 self (Seq.empty : Seq.seq t_Item'1) self @@ -22520,13 +24641,13 @@ module M_creusot_contracts__stdqy35z1__iter__zip__qyi2281060687216883844__produc goal refines : [%#szip0] forall self : t_Zip'0 . forall result : () . produces'0 self (Seq.empty : Seq.seq (t_Item'0, t_Item'1)) self -> produces'0 self (Seq.empty : Seq.seq (t_Item'0, t_Item'1)) self end -module M_creusot_contracts__stdqy35z1__iter__qyi8355237225316942617__produces_refl__refines [#"../../../creusot-contracts/src/std/iter.rs" 223 4 223 26] (* <&mut I as std::iter::Iterator> *) - let%span siter0 = "../../../creusot-contracts/src/std/iter.rs" 223 4 223 26 - let%span siter1 = "../../../creusot-contracts/src/std/iter.rs" 211 20 211 64 - let%span siter2 = "../../../creusot-contracts/src/std/iter.rs" 38 14 38 45 - let%span siter3 = "../../../creusot-contracts/src/std/iter.rs" 42 15 42 32 - let%span siter4 = "../../../creusot-contracts/src/std/iter.rs" 43 15 43 32 - let%span siter5 = "../../../creusot-contracts/src/std/iter.rs" 44 14 44 42 +module M_creusot_contracts__stdqy35z1__iter__qyi8355237225316942617__produces_refl__refines [#"../../../creusot-contracts/src/std/iter.rs" 279 4 279 26] (* <&mut I as std::iter::Iterator> *) + let%span siter0 = "../../../creusot-contracts/src/std/iter.rs" 279 4 279 26 + let%span siter1 = "../../../creusot-contracts/src/std/iter.rs" 267 20 267 64 + let%span siter2 = "../../../creusot-contracts/src/std/iter.rs" 42 14 42 45 + let%span siter3 = "../../../creusot-contracts/src/std/iter.rs" 46 15 46 32 + let%span siter4 = "../../../creusot-contracts/src/std/iter.rs" 47 15 47 32 + let%span siter5 = "../../../creusot-contracts/src/std/iter.rs" 48 14 48 42 use prelude.prelude.Borrow @@ -22540,20 +24661,20 @@ module M_creusot_contracts__stdqy35z1__iter__qyi8355237225316942617__produces_re use seq.Seq - predicate produces'1 [#"../../../creusot-contracts/src/std/iter.rs" 32 4 32 65] (self : t_I'0) (visited : Seq.seq t_Item'0) (o : t_I'0) + predicate produces'1 [#"../../../creusot-contracts/src/std/iter.rs" 36 4 36 65] (self : t_I'0) (visited : Seq.seq t_Item'0) (o : t_I'0) - function produces_trans'0 [#"../../../creusot-contracts/src/std/iter.rs" 45 4 45 91] (a : t_I'0) (ab : Seq.seq t_Item'0) (b : t_I'0) (bc : Seq.seq t_Item'0) (c : t_I'0) : () + function produces_trans'0 [#"../../../creusot-contracts/src/std/iter.rs" 49 4 49 91] (a : t_I'0) (ab : Seq.seq t_Item'0) (b : t_I'0) (bc : Seq.seq t_Item'0) (c : t_I'0) : () axiom produces_trans'0_spec : forall a : t_I'0, ab : Seq.seq t_Item'0, b : t_I'0, bc : Seq.seq t_Item'0, c : t_I'0 . ([%#siter3] produces'1 a ab b) -> ([%#siter4] produces'1 b bc c) -> ([%#siter5] produces'1 a (Seq.(++) ab bc) c) - function produces_refl'1 [#"../../../creusot-contracts/src/std/iter.rs" 39 4 39 27] (self : t_I'0) : () + function produces_refl'1 [#"../../../creusot-contracts/src/std/iter.rs" 43 4 43 27] (self : t_I'0) : () axiom produces_refl'1_spec : forall self : t_I'0 . [%#siter2] produces'1 self (Seq.empty : Seq.seq t_Item'0) self - predicate produces'0 [#"../../../creusot-contracts/src/std/iter.rs" 210 4 210 64] (self : borrowed t_I'0) (visited : Seq.seq t_Item'0) (o : borrowed t_I'0) + predicate produces'0 [#"../../../creusot-contracts/src/std/iter.rs" 266 4 266 64] (self : borrowed t_I'0) (visited : Seq.seq t_Item'0) (o : borrowed t_I'0) = [%#siter1] produces'1 self.current visited o.current /\ self.final = o.final @@ -22561,13 +24682,13 @@ module M_creusot_contracts__stdqy35z1__iter__qyi8355237225316942617__produces_re goal refines : [%#siter0] forall self : borrowed t_I'0 . forall result : () . produces'0 self (Seq.empty : Seq.seq t_Item'0) self -> produces'0 self (Seq.empty : Seq.seq t_Item'0) self end -module M_creusot_contracts__stdqy35z1__iter__qyi8355237225316942617__produces_trans__refines [#"../../../creusot-contracts/src/std/iter.rs" 230 4 230 90] (* <&mut I as std::iter::Iterator> *) - let%span siter0 = "../../../creusot-contracts/src/std/iter.rs" 230 4 230 90 - let%span siter1 = "../../../creusot-contracts/src/std/iter.rs" 211 20 211 64 - let%span siter2 = "../../../creusot-contracts/src/std/iter.rs" 38 14 38 45 - let%span siter3 = "../../../creusot-contracts/src/std/iter.rs" 42 15 42 32 - let%span siter4 = "../../../creusot-contracts/src/std/iter.rs" 43 15 43 32 - let%span siter5 = "../../../creusot-contracts/src/std/iter.rs" 44 14 44 42 +module M_creusot_contracts__stdqy35z1__iter__qyi8355237225316942617__produces_trans__refines [#"../../../creusot-contracts/src/std/iter.rs" 286 4 286 90] (* <&mut I as std::iter::Iterator> *) + let%span siter0 = "../../../creusot-contracts/src/std/iter.rs" 286 4 286 90 + let%span siter1 = "../../../creusot-contracts/src/std/iter.rs" 267 20 267 64 + let%span siter2 = "../../../creusot-contracts/src/std/iter.rs" 42 14 42 45 + let%span siter3 = "../../../creusot-contracts/src/std/iter.rs" 46 15 46 32 + let%span siter4 = "../../../creusot-contracts/src/std/iter.rs" 47 15 47 32 + let%span siter5 = "../../../creusot-contracts/src/std/iter.rs" 48 14 48 42 use prelude.prelude.Borrow @@ -22581,20 +24702,20 @@ module M_creusot_contracts__stdqy35z1__iter__qyi8355237225316942617__produces_tr use seq.Seq - predicate produces'1 [#"../../../creusot-contracts/src/std/iter.rs" 32 4 32 65] (self : t_I'0) (visited : Seq.seq t_Item'0) (o : t_I'0) + predicate produces'1 [#"../../../creusot-contracts/src/std/iter.rs" 36 4 36 65] (self : t_I'0) (visited : Seq.seq t_Item'0) (o : t_I'0) - function produces_trans'1 [#"../../../creusot-contracts/src/std/iter.rs" 45 4 45 91] (a : t_I'0) (ab : Seq.seq t_Item'0) (b : t_I'0) (bc : Seq.seq t_Item'0) (c : t_I'0) : () + function produces_trans'1 [#"../../../creusot-contracts/src/std/iter.rs" 49 4 49 91] (a : t_I'0) (ab : Seq.seq t_Item'0) (b : t_I'0) (bc : Seq.seq t_Item'0) (c : t_I'0) : () axiom produces_trans'1_spec : forall a : t_I'0, ab : Seq.seq t_Item'0, b : t_I'0, bc : Seq.seq t_Item'0, c : t_I'0 . ([%#siter3] produces'1 a ab b) -> ([%#siter4] produces'1 b bc c) -> ([%#siter5] produces'1 a (Seq.(++) ab bc) c) - function produces_refl'0 [#"../../../creusot-contracts/src/std/iter.rs" 39 4 39 27] (self : t_I'0) : () + function produces_refl'0 [#"../../../creusot-contracts/src/std/iter.rs" 43 4 43 27] (self : t_I'0) : () axiom produces_refl'0_spec : forall self : t_I'0 . [%#siter2] produces'1 self (Seq.empty : Seq.seq t_Item'0) self - predicate produces'0 [#"../../../creusot-contracts/src/std/iter.rs" 210 4 210 64] (self : borrowed t_I'0) (visited : Seq.seq t_Item'0) (o : borrowed t_I'0) + predicate produces'0 [#"../../../creusot-contracts/src/std/iter.rs" 266 4 266 64] (self : borrowed t_I'0) (visited : Seq.seq t_Item'0) (o : borrowed t_I'0) = [%#siter1] produces'1 self.current visited o.current /\ self.final = o.final @@ -30047,10 +32168,10 @@ module M_creusot_contracts__stdqy35z1__iter__fuse__qyi7691061398646472980__is_fu let%span sfuse9 = "../../../creusot-contracts/src/std/iter/fuse.rs" 8 14 8 39 let%span sfuse10 = "../../../creusot-contracts/src/std/iter/fuse.rs" 9 14 9 71 let%span smodel11 = "../../../creusot-contracts/src/model.rs" 110 8 110 22 - let%span siter12 = "../../../creusot-contracts/src/std/iter.rs" 38 14 38 45 - let%span siter13 = "../../../creusot-contracts/src/std/iter.rs" 42 15 42 32 - let%span siter14 = "../../../creusot-contracts/src/std/iter.rs" 43 15 43 32 - let%span siter15 = "../../../creusot-contracts/src/std/iter.rs" 44 14 44 42 + let%span siter12 = "../../../creusot-contracts/src/std/iter.rs" 42 14 42 45 + let%span siter13 = "../../../creusot-contracts/src/std/iter.rs" 46 15 46 32 + let%span siter14 = "../../../creusot-contracts/src/std/iter.rs" 47 15 47 32 + let%span siter15 = "../../../creusot-contracts/src/std/iter.rs" 48 14 48 42 use prelude.prelude.Borrow @@ -30093,16 +32214,16 @@ module M_creusot_contracts__stdqy35z1__iter__fuse__qyi7691061398646472980__is_fu axiom view'0_spec : forall self : t_Fuse'0 . ([%#sfuse9] inv'0 self -> inv'1 (view'0 self)) && ([%#sfuse10] forall other : t_Fuse'0 . view'0 self = view'0 other -> self = other) - predicate produces'1 [#"../../../creusot-contracts/src/std/iter.rs" 32 4 32 65] (self : t_I'0) (visited : Seq.seq t_Item'0) (o : t_I'0) + predicate produces'1 [#"../../../creusot-contracts/src/std/iter.rs" 36 4 36 65] (self : t_I'0) (visited : Seq.seq t_Item'0) (o : t_I'0) - function produces_trans'1 [#"../../../creusot-contracts/src/std/iter.rs" 45 4 45 91] (a : t_I'0) (ab : Seq.seq t_Item'0) (b : t_I'0) (bc : Seq.seq t_Item'0) (c : t_I'0) : () + function produces_trans'1 [#"../../../creusot-contracts/src/std/iter.rs" 49 4 49 91] (a : t_I'0) (ab : Seq.seq t_Item'0) (b : t_I'0) (bc : Seq.seq t_Item'0) (c : t_I'0) : () axiom produces_trans'1_spec : forall a : t_I'0, ab : Seq.seq t_Item'0, b : t_I'0, bc : Seq.seq t_Item'0, c : t_I'0 . ([%#siter13] produces'1 a ab b) -> ([%#siter14] produces'1 b bc c) -> ([%#siter15] produces'1 a (Seq.(++) ab bc) c) - function produces_refl'1 [#"../../../creusot-contracts/src/std/iter.rs" 39 4 39 27] (self : t_I'0) : () + function produces_refl'1 [#"../../../creusot-contracts/src/std/iter.rs" 43 4 43 27] (self : t_I'0) : () axiom produces_refl'1_spec : forall self : t_I'0 . [%#siter12] produces'1 self (Seq.empty : Seq.seq t_Item'0) self @@ -30133,7 +32254,7 @@ module M_creusot_contracts__stdqy35z1__iter__fuse__qyi7691061398646472980__is_fu function view'1 [#"../../../creusot-contracts/src/model.rs" 109 4 109 33] (self : borrowed (t_Fuse'0)) : t_Option'0 = [%#smodel11] view'0 self.current - predicate completed'1 [#"../../../creusot-contracts/src/std/iter.rs" 35 4 35 36] (self : borrowed t_I'0) + predicate completed'1 [#"../../../creusot-contracts/src/std/iter.rs" 39 4 39 36] (self : borrowed t_I'0) predicate completed'0 [#"../../../creusot-contracts/src/std/iter/fuse.rs" 18 4 18 35] (self : borrowed (t_Fuse'0)) = [%#sfuse2] (view'1 self = C_None'0 @@ -30160,10 +32281,10 @@ module M_creusot_contracts__stdqy35z1__iter__map_inv__qyi4413682431414748756__ne let%span smap_inv9 = "../../../creusot-contracts/src/std/iter/map_inv.rs" 30 14 30 42 let%span smap_inv10 = "../../../creusot-contracts/src/std/iter/map_inv.rs" 26 4 26 10 let%span sinvariant11 = "../../../creusot-contracts/src/invariant.rs" 34 20 34 44 - let%span siter12 = "../../../creusot-contracts/src/std/iter.rs" 38 14 38 45 - let%span siter13 = "../../../creusot-contracts/src/std/iter.rs" 42 15 42 32 - let%span siter14 = "../../../creusot-contracts/src/std/iter.rs" 43 15 43 32 - let%span siter15 = "../../../creusot-contracts/src/std/iter.rs" 44 14 44 42 + let%span siter12 = "../../../creusot-contracts/src/std/iter.rs" 42 14 42 45 + let%span siter13 = "../../../creusot-contracts/src/std/iter.rs" 46 15 46 32 + let%span siter14 = "../../../creusot-contracts/src/std/iter.rs" 47 15 47 32 + let%span siter15 = "../../../creusot-contracts/src/std/iter.rs" 48 14 48 42 let%span sops16 = "../../../creusot-contracts/src/std/ops.rs" 109 15 109 59 let%span sops17 = "../../../creusot-contracts/src/std/ops.rs" 110 14 110 36 let%span sops18 = "../../../creusot-contracts/src/std/ops.rs" 115 14 115 31 @@ -30197,20 +32318,20 @@ module M_creusot_contracts__stdqy35z1__iter__map_inv__qyi4413682431414748756__ne use seq.Seq - predicate produces'1 [#"../../../creusot-contracts/src/std/iter.rs" 32 4 32 65] (self : t_I'0) (visited : Seq.seq t_Item'0) (o : t_I'0) + predicate produces'1 [#"../../../creusot-contracts/src/std/iter.rs" 36 4 36 65] (self : t_I'0) (visited : Seq.seq t_Item'0) (o : t_I'0) - function produces_trans'1 [#"../../../creusot-contracts/src/std/iter.rs" 45 4 45 91] (a : t_I'0) (ab : Seq.seq t_Item'0) (b : t_I'0) (bc : Seq.seq t_Item'0) (c : t_I'0) : () + function produces_trans'1 [#"../../../creusot-contracts/src/std/iter.rs" 49 4 49 91] (a : t_I'0) (ab : Seq.seq t_Item'0) (b : t_I'0) (bc : Seq.seq t_Item'0) (c : t_I'0) : () axiom produces_trans'1_spec : forall a : t_I'0, ab : Seq.seq t_Item'0, b : t_I'0, bc : Seq.seq t_Item'0, c : t_I'0 . ([%#siter13] produces'1 a ab b) -> ([%#siter14] produces'1 b bc c) -> ([%#siter15] produces'1 a (Seq.(++) ab bc) c) - function produces_refl'1 [#"../../../creusot-contracts/src/std/iter.rs" 39 4 39 27] (self : t_I'0) : () + function produces_refl'1 [#"../../../creusot-contracts/src/std/iter.rs" 43 4 43 27] (self : t_I'0) : () axiom produces_refl'1_spec : forall self : t_I'0 . [%#siter12] produces'1 self (Seq.empty : Seq.seq t_Item'0) self - predicate completed'1 [#"../../../creusot-contracts/src/std/iter.rs" 35 4 35 36] (self : borrowed t_I'0) + predicate completed'1 [#"../../../creusot-contracts/src/std/iter.rs" 39 4 39 36] (self : borrowed t_I'0) use seq.Seq @@ -30420,6 +32541,186 @@ module M_creusot_contracts__stdqy35z1__iter__map_inv__qyi4413682431414748756__ne end /\ inv'1 result) end +module M_creusot_contracts__stdqy35z1__iter__range__qyi16137414346896623968__produces_back_refl__refines [#"../../../creusot-contracts/src/std/iter/range.rs" 59 4 59 31] (* as std::iter::DoubleEndedIterator> *) + let%span srange0 = "../../../creusot-contracts/src/std/iter/range.rs" 59 4 59 31 + let%span srange1 = "../../../creusot-contracts/src/std/iter/range.rs" 48 12 52 68 + + type t_Idx'0 + + type t_Range'0 = + { t_Range__start'0: t_Idx'0; t_Range__end'0: t_Idx'0 } + + use seq.Seq + + use seq.Seq + + use prelude.prelude.Int + + function deep_model'0 [#"../../../creusot-contracts/src/model.rs" 29 4 29 45] (self : t_Idx'0) : int + + use seq.Seq + + use seq.Seq + + predicate produces_back'0 [#"../../../creusot-contracts/src/std/iter/range.rs" 46 4 46 69] (self : t_Range'0) (visited : Seq.seq t_Idx'0) (o : t_Range'0) + + = + [%#srange1] self.t_Range__start'0 = o.t_Range__start'0 + /\ deep_model'0 self.t_Range__end'0 >= deep_model'0 o.t_Range__end'0 + /\ (Seq.length visited > 0 -> deep_model'0 o.t_Range__end'0 >= deep_model'0 o.t_Range__start'0) + /\ Seq.length visited = deep_model'0 o.t_Range__end'0 - deep_model'0 self.t_Range__end'0 + /\ (forall i : int . 0 <= i /\ i < Seq.length visited + -> deep_model'0 (Seq.get visited i) = deep_model'0 self.t_Range__end'0 - i) + + goal refines : [%#srange0] forall self : t_Range'0 . forall result : () . produces_back'0 self (Seq.empty : Seq.seq t_Idx'0) self + -> produces_back'0 self (Seq.empty : Seq.seq t_Idx'0) self +end +module M_creusot_contracts__stdqy35z1__iter__range__qyi16137414346896623968__produces_back_trans__refines [#"../../../creusot-contracts/src/std/iter/range.rs" 66 4 66 95] (* as std::iter::DoubleEndedIterator> *) + let%span srange0 = "../../../creusot-contracts/src/std/iter/range.rs" 66 4 66 95 + let%span srange1 = "../../../creusot-contracts/src/std/iter/range.rs" 48 12 52 68 + + type t_Idx'0 + + type t_Range'0 = + { t_Range__start'0: t_Idx'0; t_Range__end'0: t_Idx'0 } + + use seq.Seq + + use prelude.prelude.Int + + function deep_model'0 [#"../../../creusot-contracts/src/model.rs" 29 4 29 45] (self : t_Idx'0) : int + + use seq.Seq + + use seq.Seq + + predicate produces_back'0 [#"../../../creusot-contracts/src/std/iter/range.rs" 46 4 46 69] (self : t_Range'0) (visited : Seq.seq t_Idx'0) (o : t_Range'0) + + = + [%#srange1] self.t_Range__start'0 = o.t_Range__start'0 + /\ deep_model'0 self.t_Range__end'0 >= deep_model'0 o.t_Range__end'0 + /\ (Seq.length visited > 0 -> deep_model'0 o.t_Range__end'0 >= deep_model'0 o.t_Range__start'0) + /\ Seq.length visited = deep_model'0 o.t_Range__end'0 - deep_model'0 self.t_Range__end'0 + /\ (forall i : int . 0 <= i /\ i < Seq.length visited + -> deep_model'0 (Seq.get visited i) = deep_model'0 self.t_Range__end'0 - i) + + use seq.Seq + + goal refines : [%#srange0] forall a : t_Range'0 . forall ab : Seq.seq t_Idx'0 . forall b : t_Range'0 . forall bc : Seq.seq t_Idx'0 . forall c : t_Range'0 . produces_back'0 b bc c + /\ produces_back'0 a ab b + -> produces_back'0 b bc c + /\ produces_back'0 a ab b + /\ (forall result : () . produces_back'0 a (Seq.(++) ab bc) c -> produces_back'0 a (Seq.(++) ab bc) c) +end +module M_creusot_contracts__stdqy35z1__iter__range__qyi12106466433038921999__produces_back_refl__refines [#"../../../creusot-contracts/src/std/iter/range.rs" 129 4 129 31] (* as std::iter::DoubleEndedIterator> *) + let%span srange0 = "../../../creusot-contracts/src/std/iter/range.rs" 129 4 129 31 + let%span srange1 = "../../../creusot-contracts/src/std/iter/range.rs" 118 12 122 74 + let%span srange2 = "../../../creusot-contracts/src/std/iter/range.rs" 71 10 71 43 + let%span srange3 = "../../../creusot-contracts/src/std/iter/range.rs" 73 4 76 5 + let%span sops4 = "../../../creusot-contracts/src/std/ops.rs" 205 14 205 86 + + type t_Idx'0 + + type t_RangeInclusive'0 = + { t_RangeInclusive__start'0: t_Idx'0; t_RangeInclusive__end'0: t_Idx'0; t_RangeInclusive__exhausted'0: bool } + + use seq.Seq + + use seq.Seq + + use seq.Seq + + function start_log'0 [#"../../../creusot-contracts/src/std/ops.rs" 193 4 193 29] (self : t_RangeInclusive'0) : t_Idx'0 + + use prelude.prelude.Int + + function deep_model'0 [#"../../../creusot-contracts/src/model.rs" 29 4 29 45] (self : t_Idx'0) : int + + function end_log'0 [#"../../../creusot-contracts/src/std/ops.rs" 199 4 199 27] (self : t_RangeInclusive'0) : t_Idx'0 + + function is_empty_log'0 [#"../../../creusot-contracts/src/std/ops.rs" 206 4 209 35] (self : t_RangeInclusive'0) : bool + + axiom is_empty_log'0_spec : forall self : t_RangeInclusive'0 . [%#sops4] not is_empty_log'0 self + -> deep_model'0 (start_log'0 self) <= deep_model'0 (end_log'0 self) + + function range_inclusive_len'0 [#"../../../creusot-contracts/src/std/iter/range.rs" 72 0 72 92] (r : t_RangeInclusive'0) : int + + = + [%#srange3] if is_empty_log'0 r then 0 else deep_model'0 (end_log'0 r) - deep_model'0 (start_log'0 r) + 1 + + axiom range_inclusive_len'0_spec : forall r : t_RangeInclusive'0 . [%#srange2] is_empty_log'0 r + = (range_inclusive_len'0 r = 0) + + use seq.Seq + + predicate produces_back'0 [#"../../../creusot-contracts/src/std/iter/range.rs" 116 4 116 69] (self : t_RangeInclusive'0) (visited : Seq.seq t_Idx'0) (o : t_RangeInclusive'0) + + = + [%#srange1] Seq.length visited = range_inclusive_len'0 self - range_inclusive_len'0 o + /\ (is_empty_log'0 self -> is_empty_log'0 o) + /\ (is_empty_log'0 o \/ start_log'0 self = start_log'0 o) + /\ (forall i : int . 0 <= i /\ i < Seq.length visited + -> deep_model'0 (Seq.get visited i) = deep_model'0 (end_log'0 self) - i) + + goal refines : [%#srange0] forall self : t_RangeInclusive'0 . forall result : () . produces_back'0 self (Seq.empty : Seq.seq t_Idx'0) self + -> produces_back'0 self (Seq.empty : Seq.seq t_Idx'0) self +end +module M_creusot_contracts__stdqy35z1__iter__range__qyi12106466433038921999__produces_back_trans__refines [#"../../../creusot-contracts/src/std/iter/range.rs" 136 4 136 95] (* as std::iter::DoubleEndedIterator> *) + let%span srange0 = "../../../creusot-contracts/src/std/iter/range.rs" 136 4 136 95 + let%span srange1 = "../../../creusot-contracts/src/std/iter/range.rs" 118 12 122 74 + let%span srange2 = "../../../creusot-contracts/src/std/iter/range.rs" 71 10 71 43 + let%span srange3 = "../../../creusot-contracts/src/std/iter/range.rs" 73 4 76 5 + let%span sops4 = "../../../creusot-contracts/src/std/ops.rs" 205 14 205 86 + + type t_Idx'0 + + type t_RangeInclusive'0 = + { t_RangeInclusive__start'0: t_Idx'0; t_RangeInclusive__end'0: t_Idx'0; t_RangeInclusive__exhausted'0: bool } + + use seq.Seq + + use seq.Seq + + function start_log'0 [#"../../../creusot-contracts/src/std/ops.rs" 193 4 193 29] (self : t_RangeInclusive'0) : t_Idx'0 + + use prelude.prelude.Int + + function deep_model'0 [#"../../../creusot-contracts/src/model.rs" 29 4 29 45] (self : t_Idx'0) : int + + function end_log'0 [#"../../../creusot-contracts/src/std/ops.rs" 199 4 199 27] (self : t_RangeInclusive'0) : t_Idx'0 + + function is_empty_log'0 [#"../../../creusot-contracts/src/std/ops.rs" 206 4 209 35] (self : t_RangeInclusive'0) : bool + + axiom is_empty_log'0_spec : forall self : t_RangeInclusive'0 . [%#sops4] not is_empty_log'0 self + -> deep_model'0 (start_log'0 self) <= deep_model'0 (end_log'0 self) + + function range_inclusive_len'0 [#"../../../creusot-contracts/src/std/iter/range.rs" 72 0 72 92] (r : t_RangeInclusive'0) : int + + = + [%#srange3] if is_empty_log'0 r then 0 else deep_model'0 (end_log'0 r) - deep_model'0 (start_log'0 r) + 1 + + axiom range_inclusive_len'0_spec : forall r : t_RangeInclusive'0 . [%#srange2] is_empty_log'0 r + = (range_inclusive_len'0 r = 0) + + use seq.Seq + + predicate produces_back'0 [#"../../../creusot-contracts/src/std/iter/range.rs" 116 4 116 69] (self : t_RangeInclusive'0) (visited : Seq.seq t_Idx'0) (o : t_RangeInclusive'0) + + = + [%#srange1] Seq.length visited = range_inclusive_len'0 self - range_inclusive_len'0 o + /\ (is_empty_log'0 self -> is_empty_log'0 o) + /\ (is_empty_log'0 o \/ start_log'0 self = start_log'0 o) + /\ (forall i : int . 0 <= i /\ i < Seq.length visited + -> deep_model'0 (Seq.get visited i) = deep_model'0 (end_log'0 self) - i) + + use seq.Seq + + goal refines : [%#srange0] forall a : t_RangeInclusive'0 . forall ab : Seq.seq t_Idx'0 . forall b : t_RangeInclusive'0 . forall bc : Seq.seq t_Idx'0 . forall c : t_RangeInclusive'0 . produces_back'0 b bc c + /\ produces_back'0 a ab b + -> produces_back'0 b bc c + /\ produces_back'0 a ab b + /\ (forall result : () . produces_back'0 a (Seq.(++) ab bc) c -> produces_back'0 a (Seq.(++) ab bc) c) +end module M_creusot_contracts__stdqy35z1__ops__qyi14194840286170235833__unnest_trans__refines [#"../../../creusot-contracts/src/std/ops.rs" 123 4 123 43] (* > *) let%span sops0 = "../../../creusot-contracts/src/std/ops.rs" 123 4 123 43 @@ -30667,10 +32968,10 @@ module M_creusot_contracts__logic__fmap__qyi4648834920430559677__clone__refines goal refines : [%#sfmap0] forall self : t_FMap'0 . inv'0 self -> inv'0 self /\ (forall result : t_FMap'0 . result = self /\ inv'1 result -> result = self /\ inv'1 result) end -module M_creusot_contracts__logic__fset__qyi11096226875104347554__clone__refines [#"../../../creusot-contracts/src/logic/fset.rs" 323 4 323 27] (* as std::clone::Clone> *) - let%span sfset0 = "../../../creusot-contracts/src/logic/fset.rs" 323 4 323 27 +module M_creusot_contracts__logic__fset__qyi11096226875104347554__clone__refines [#"../../../creusot-contracts/src/logic/fset.rs" 443 4 443 27] (* as std::clone::Clone> *) + let%span sfset0 = "../../../creusot-contracts/src/logic/fset.rs" 443 4 443 27 let%span sinvariant1 = "../../../creusot-contracts/src/invariant.rs" 24 8 24 18 - let%span sfset2 = "../../../creusot-contracts/src/logic/fset.rs" 337 20 337 63 + let%span sfset2 = "../../../creusot-contracts/src/logic/fset.rs" 457 20 457 63 let%span sfset3 = "../../../creusot-contracts/src/logic/fset.rs" 46 8 46 26 use prelude.prelude.Borrow @@ -30688,7 +32989,7 @@ module M_creusot_contracts__logic__fset__qyi11096226875104347554__clone__refines predicate inv'2 [#"../../../creusot-contracts/src/invariant.rs" 41 0 41 35] (_1 : t_T'0) - predicate invariant'1 [#"../../../creusot-contracts/src/logic/fset.rs" 336 4 336 30] (self : Fset.fset t_T'0) = + predicate invariant'1 [#"../../../creusot-contracts/src/logic/fset.rs" 456 4 456 30] (self : Fset.fset t_T'0) = [%#sfset2] forall x : t_T'0 . contains'0 self x -> inv'2 x predicate inv'1 [#"../../../creusot-contracts/src/invariant.rs" 41 0 41 35] (_1 : Fset.fset t_T'0) diff --git a/creusot/tests/creusot-contracts/creusot-contracts/why3session.xml b/creusot/tests/creusot-contracts/creusot-contracts/why3session.xml index 7303c86f6..342324306 100644 --- a/creusot/tests/creusot-contracts/creusot-contracts/why3session.xml +++ b/creusot/tests/creusot-contracts/creusot-contracts/why3session.xml @@ -72,13 +72,13 @@ - + - + - + @@ -124,7 +124,7 @@ - + @@ -173,7 +173,7 @@ - + @@ -243,7 +243,7 @@ - + @@ -310,11 +310,131 @@ + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + @@ -2266,7 +2386,7 @@ - + @@ -2286,7 +2406,7 @@ - + @@ -2308,34 +2428,34 @@ - + - + - + - + - + - + - + - + - + @@ -2388,6 +2508,124 @@ + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + @@ -2477,7 +2715,7 @@ - + @@ -2552,7 +2790,7 @@ - + @@ -2570,7 +2808,7 @@ - + @@ -2760,6 +2998,26 @@ + + + + + + + + + + + + + + + + + + + + @@ -2785,6 +3043,26 @@ + + + + + + + + + + + + + + + + + + + + @@ -2805,6 +3083,26 @@ + + + + + + + + + + + + + + + + + + + + diff --git a/creusot/tests/creusot-contracts/creusot-contracts/why3shapes.gz b/creusot/tests/creusot-contracts/creusot-contracts/why3shapes.gz index 928b3d061..b93bff03d 100644 Binary files a/creusot/tests/creusot-contracts/creusot-contracts/why3shapes.gz and b/creusot/tests/creusot-contracts/creusot-contracts/why3shapes.gz differ diff --git a/creusot/tests/should_succeed/100doors.coma b/creusot/tests/should_succeed/100doors.coma index ef30ab805..89811ac50 100644 --- a/creusot/tests/should_succeed/100doors.coma +++ b/creusot/tests/should_succeed/100doors.coma @@ -15,10 +15,10 @@ module M_100doors__f [#"100doors.rs" 18 0 18 10] let%span s100doors13 = "100doors.rs" 26 29 26 30 let%span svec14 = "../../../creusot-contracts/src/std/vec.rs" 180 22 180 41 let%span svec15 = "../../../creusot-contracts/src/std/vec.rs" 181 22 181 76 - let%span siter16 = "../../../creusot-contracts/src/std/iter.rs" 97 0 205 1 + let%span siter16 = "../../../creusot-contracts/src/std/iter.rs" 132 0 261 1 let%span svec17 = "../../../creusot-contracts/src/std/vec.rs" 18 14 18 41 let%span srange18 = "../../../creusot-contracts/src/std/iter/range.rs" 22 12 26 70 - let%span siter19 = "../../../creusot-contracts/src/std/iter.rs" 103 26 106 17 + let%span siter19 = "../../../creusot-contracts/src/std/iter.rs" 138 26 141 17 let%span svec20 = "../../../creusot-contracts/src/std/vec.rs" 162 27 162 46 let%span svec21 = "../../../creusot-contracts/src/std/vec.rs" 163 26 163 54 let%span svec22 = "../../../creusot-contracts/src/std/vec.rs" 152 27 152 46 @@ -27,8 +27,8 @@ module M_100doors__f [#"100doors.rs" 18 0 18 10] let%span svec25 = "../../../creusot-contracts/src/std/vec.rs" 155 26 155 62 let%span svec26 = "../../../creusot-contracts/src/std/vec.rs" 156 26 156 55 let%span sindex27 = "../../../creusot-contracts/src/logic/ops/index.rs" 27 8 27 31 - let%span siter28 = "../../../creusot-contracts/src/std/iter.rs" 82 20 82 24 - let%span siter29 = "../../../creusot-contracts/src/std/iter.rs" 88 8 88 19 + let%span siter28 = "../../../creusot-contracts/src/std/iter.rs" 86 20 86 24 + let%span siter29 = "../../../creusot-contracts/src/std/iter.rs" 92 8 92 19 let%span srange30 = "../../../creusot-contracts/src/std/iter/range.rs" 32 14 32 45 let%span srange31 = "../../../creusot-contracts/src/std/iter/range.rs" 37 15 37 32 let%span srange32 = "../../../creusot-contracts/src/std/iter/range.rs" 38 15 38 32 diff --git a/creusot/tests/should_succeed/bug/164.coma b/creusot/tests/should_succeed/bug/164.coma index 2780aeba4..b76abe139 100644 --- a/creusot/tests/should_succeed/bug/164.coma +++ b/creusot/tests/should_succeed/bug/164.coma @@ -27,11 +27,11 @@ module M_164__main [#"164.rs" 5 0 5 13] let%span s16425 = "164.rs" 61 4 61 7 let%span s16426 = "164.rs" 60 16 60 27 let%span s16427 = "164.rs" 61 4 61 7 - let%span siter28 = "../../../../creusot-contracts/src/std/iter.rs" 97 0 205 1 + let%span siter28 = "../../../../creusot-contracts/src/std/iter.rs" 132 0 261 1 let%span srange29 = "../../../../creusot-contracts/src/std/iter/range.rs" 22 12 26 70 - let%span siter30 = "../../../../creusot-contracts/src/std/iter.rs" 103 26 106 17 - let%span siter31 = "../../../../creusot-contracts/src/std/iter.rs" 82 20 82 24 - let%span siter32 = "../../../../creusot-contracts/src/std/iter.rs" 88 8 88 19 + let%span siter30 = "../../../../creusot-contracts/src/std/iter.rs" 138 26 141 17 + let%span siter31 = "../../../../creusot-contracts/src/std/iter.rs" 86 20 86 24 + let%span siter32 = "../../../../creusot-contracts/src/std/iter.rs" 92 8 92 19 let%span srange33 = "../../../../creusot-contracts/src/std/iter/range.rs" 32 14 32 45 let%span srange34 = "../../../../creusot-contracts/src/std/iter/range.rs" 37 15 37 32 let%span srange35 = "../../../../creusot-contracts/src/std/iter/range.rs" 38 15 38 32 diff --git a/creusot/tests/should_succeed/cc/array.coma b/creusot/tests/should_succeed/cc/array.coma index 75f935b70..3199e1060 100644 --- a/creusot/tests/should_succeed/cc/array.coma +++ b/creusot/tests/should_succeed/cc/array.coma @@ -3,11 +3,11 @@ module M_array__test_array [#"array.rs" 3 0 3 19] let%span sarray1 = "array.rs" 4 17 4 18 let%span sarray2 = "array.rs" 4 20 4 21 let%span sslice3 = "../../../../creusot-contracts/src/std/slice.rs" 245 0 354 1 - let%span siter4 = "../../../../creusot-contracts/src/std/iter.rs" 103 26 106 17 + let%span siter4 = "../../../../creusot-contracts/src/std/iter.rs" 138 26 141 17 let%span sarray5 = "array.rs" 5 31 5 32 let%span soption6 = "../../../../creusot-contracts/src/std/option.rs" 23 26 23 75 let%span sarray7 = "array.rs" 6 31 6 32 - let%span siter8 = "../../../../creusot-contracts/src/std/iter.rs" 97 0 205 1 + let%span siter8 = "../../../../creusot-contracts/src/std/iter.rs" 132 0 261 1 let%span sarray9 = "array.rs" 10 30 10 31 let%span sslice10 = "../../../../creusot-contracts/src/std/slice.rs" 398 20 398 61 let%span sslice11 = "../../../../creusot-contracts/src/std/slice.rs" 405 12 405 66 diff --git a/creusot/tests/should_succeed/cc/collections.coma b/creusot/tests/should_succeed/cc/collections.coma index f8345c7cc..420651540 100644 --- a/creusot/tests/should_succeed/cc/collections.coma +++ b/creusot/tests/should_succeed/cc/collections.coma @@ -3,8 +3,8 @@ module M_collections__roundtrip_hashmap_into_iter [#"collections.rs" 15 0 17 18] let%span scollections1 = "collections.rs" 22 8 25 80 let%span scollections2 = "collections.rs" 27 20 27 79 let%span scollections3 = "collections.rs" 14 10 14 24 - let%span siter4 = "../../../../creusot-contracts/src/std/iter.rs" 97 0 205 1 - let%span siter5 = "../../../../creusot-contracts/src/std/iter.rs" 166 26 167 120 + let%span siter4 = "../../../../creusot-contracts/src/std/iter.rs" 132 0 261 1 + let%span siter5 = "../../../../creusot-contracts/src/std/iter.rs" 208 26 209 120 let%span shash_map6 = "../../../../creusot-contracts/src/std/collections/hash_map.rs" 73 20 73 54 let%span shash_map7 = "../../../../creusot-contracts/src/std/collections/hash_map.rs" 56 12 66 29 let%span sfmap8 = "../../../../creusot-contracts/src/logic/fmap.rs" 92 8 95 9 @@ -371,7 +371,7 @@ module M_collections__roundtrip_hashmap_iter [#"collections.rs" 32 0 32 97] let%span scollections1 = "collections.rs" 38 4 41 77 let%span scollections2 = "collections.rs" 31 10 31 98 let%span shash_map3 = "../../../../creusot-contracts/src/std/collections/hash_map.rs" 23 0 37 1 - let%span siter4 = "../../../../creusot-contracts/src/std/iter.rs" 166 26 167 120 + let%span siter4 = "../../../../creusot-contracts/src/std/iter.rs" 208 26 209 120 let%span shash_map5 = "../../../../creusot-contracts/src/std/collections/hash_map.rs" 125 20 125 54 let%span shash_map6 = "../../../../creusot-contracts/src/std/collections/hash_map.rs" 108 12 118 29 let%span sfmap7 = "../../../../creusot-contracts/src/logic/fmap.rs" 92 8 95 9 @@ -691,7 +691,7 @@ module M_collections__roundtrip_hashmap_iter_mut [#"collections.rs" 48 0 50 24] let%span scollections3 = "collections.rs" 46 10 46 107 let%span scollections4 = "collections.rs" 47 10 47 110 let%span shash_map5 = "../../../../creusot-contracts/src/std/collections/hash_map.rs" 23 0 37 1 - let%span siter6 = "../../../../creusot-contracts/src/std/iter.rs" 166 26 167 120 + let%span siter6 = "../../../../creusot-contracts/src/std/iter.rs" 208 26 209 120 let%span shash_map7 = "../../../../creusot-contracts/src/std/collections/hash_map.rs" 177 20 177 54 let%span shash_map8 = "../../../../creusot-contracts/src/std/collections/hash_map.rs" 160 12 170 29 let%span sfmap9 = "../../../../creusot-contracts/src/logic/fmap.rs" 92 8 95 9 @@ -1068,27 +1068,27 @@ module M_collections__roundtrip_hashmap_iter_mut [#"collections.rs" 48 0 50 24] end module M_collections__roundtrip_hashset_into_iter [#"collections.rs" 64 0 64 90] let%span scollections0 = "collections.rs" 63 10 63 24 - let%span siter1 = "../../../../creusot-contracts/src/std/iter.rs" 97 0 205 1 - let%span siter2 = "../../../../creusot-contracts/src/std/iter.rs" 166 26 167 120 - let%span shash_set3 = "../../../../creusot-contracts/src/std/collections/hash_set.rs" 157 20 157 24 - let%span shash_set4 = "../../../../creusot-contracts/src/std/collections/hash_set.rs" 163 20 163 33 - let%span shash_set5 = "../../../../creusot-contracts/src/std/collections/hash_set.rs" 96 20 96 38 - let%span shash_set6 = "../../../../creusot-contracts/src/std/collections/hash_set.rs" 90 8 90 38 - let%span shash_set7 = "../../../../creusot-contracts/src/std/collections/hash_set.rs" 185 20 185 121 - let%span shash_set8 = "../../../../creusot-contracts/src/std/collections/hash_set.rs" 101 14 101 45 - let%span shash_set9 = "../../../../creusot-contracts/src/std/collections/hash_set.rs" 99 4 99 10 - let%span shash_set10 = "../../../../creusot-contracts/src/std/collections/hash_set.rs" 106 15 106 32 - let%span shash_set11 = "../../../../creusot-contracts/src/std/collections/hash_set.rs" 107 15 107 32 - let%span shash_set12 = "../../../../creusot-contracts/src/std/collections/hash_set.rs" 108 14 108 42 - let%span shash_set13 = "../../../../creusot-contracts/src/std/collections/hash_set.rs" 110 8 110 43 + let%span siter1 = "../../../../creusot-contracts/src/std/iter.rs" 132 0 261 1 + let%span siter2 = "../../../../creusot-contracts/src/std/iter.rs" 208 26 209 120 + let%span shash_set3 = "../../../../creusot-contracts/src/std/collections/hash_set.rs" 163 20 163 24 + let%span shash_set4 = "../../../../creusot-contracts/src/std/collections/hash_set.rs" 169 20 169 33 + let%span shash_set5 = "../../../../creusot-contracts/src/std/collections/hash_set.rs" 102 20 102 38 + let%span shash_set6 = "../../../../creusot-contracts/src/std/collections/hash_set.rs" 96 8 96 38 + let%span shash_set7 = "../../../../creusot-contracts/src/std/collections/hash_set.rs" 191 20 191 121 + let%span shash_set8 = "../../../../creusot-contracts/src/std/collections/hash_set.rs" 107 14 107 45 + let%span shash_set9 = "../../../../creusot-contracts/src/std/collections/hash_set.rs" 105 4 105 10 + let%span shash_set10 = "../../../../creusot-contracts/src/std/collections/hash_set.rs" 112 15 112 32 + let%span shash_set11 = "../../../../creusot-contracts/src/std/collections/hash_set.rs" 113 15 113 32 + let%span shash_set12 = "../../../../creusot-contracts/src/std/collections/hash_set.rs" 114 14 114 42 + let%span shash_set13 = "../../../../creusot-contracts/src/std/collections/hash_set.rs" 116 8 116 43 let%span smodel14 = "../../../../creusot-contracts/src/model.rs" 110 8 110 22 - let%span shash_set15 = "../../../../creusot-contracts/src/std/collections/hash_set.rs" 58 16 65 23 + let%span shash_set15 = "../../../../creusot-contracts/src/std/collections/hash_set.rs" 64 16 71 23 let%span sfset16 = "../../../../creusot-contracts/src/logic/fset.rs" 46 8 46 26 let%span sseq17 = "../../../../creusot-contracts/src/logic/seq.rs" 355 20 355 77 - let%span shash_set18 = "../../../../creusot-contracts/src/std/collections/hash_set.rs" 71 11 71 33 - let%span shash_set19 = "../../../../creusot-contracts/src/std/collections/hash_set.rs" 72 11 72 33 - let%span shash_set20 = "../../../../creusot-contracts/src/std/collections/hash_set.rs" 73 10 73 43 - let%span shash_set21 = "../../../../creusot-contracts/src/std/collections/hash_set.rs" 81 4 81 31 + let%span shash_set18 = "../../../../creusot-contracts/src/std/collections/hash_set.rs" 77 11 77 33 + let%span shash_set19 = "../../../../creusot-contracts/src/std/collections/hash_set.rs" 78 11 78 33 + let%span shash_set20 = "../../../../creusot-contracts/src/std/collections/hash_set.rs" 79 10 79 43 + let%span shash_set21 = "../../../../creusot-contracts/src/std/collections/hash_set.rs" 87 4 87 31 let%span sseq22 = "../../../../creusot-contracts/src/logic/seq.rs" 382 14 383 65 let%span sseq23 = "../../../../creusot-contracts/src/logic/seq.rs" 381 4 381 12 @@ -1372,27 +1372,27 @@ module M_collections__roundtrip_hashset_into_iter [#"collections.rs" 64 0 64 90] end module M_collections__roundtrip_hashset_iter [#"collections.rs" 69 0 69 87] let%span scollections0 = "collections.rs" 68 10 68 24 - let%span shash_set1 = "../../../../creusot-contracts/src/std/collections/hash_set.rs" 19 0 38 1 - let%span siter2 = "../../../../creusot-contracts/src/std/iter.rs" 166 26 167 120 + let%span shash_set1 = "../../../../creusot-contracts/src/std/collections/hash_set.rs" 19 0 44 1 + let%span siter2 = "../../../../creusot-contracts/src/std/iter.rs" 208 26 209 120 let%span smodel3 = "../../../../creusot-contracts/src/model.rs" 92 8 92 22 - let%span shash_set4 = "../../../../creusot-contracts/src/std/collections/hash_set.rs" 135 20 135 38 - let%span shash_set5 = "../../../../creusot-contracts/src/std/collections/hash_set.rs" 129 8 129 38 - let%span shash_set6 = "../../../../creusot-contracts/src/std/collections/hash_set.rs" 185 20 185 121 - let%span shash_set7 = "../../../../creusot-contracts/src/std/collections/hash_set.rs" 140 14 140 45 - let%span shash_set8 = "../../../../creusot-contracts/src/std/collections/hash_set.rs" 138 4 138 10 - let%span shash_set9 = "../../../../creusot-contracts/src/std/collections/hash_set.rs" 145 15 145 32 - let%span shash_set10 = "../../../../creusot-contracts/src/std/collections/hash_set.rs" 146 15 146 32 - let%span shash_set11 = "../../../../creusot-contracts/src/std/collections/hash_set.rs" 147 14 147 42 - let%span shash_set12 = "../../../../creusot-contracts/src/std/collections/hash_set.rs" 149 8 149 43 + let%span shash_set4 = "../../../../creusot-contracts/src/std/collections/hash_set.rs" 141 20 141 38 + let%span shash_set5 = "../../../../creusot-contracts/src/std/collections/hash_set.rs" 135 8 135 38 + let%span shash_set6 = "../../../../creusot-contracts/src/std/collections/hash_set.rs" 191 20 191 121 + let%span shash_set7 = "../../../../creusot-contracts/src/std/collections/hash_set.rs" 146 14 146 45 + let%span shash_set8 = "../../../../creusot-contracts/src/std/collections/hash_set.rs" 144 4 144 10 + let%span shash_set9 = "../../../../creusot-contracts/src/std/collections/hash_set.rs" 151 15 151 32 + let%span shash_set10 = "../../../../creusot-contracts/src/std/collections/hash_set.rs" 152 15 152 32 + let%span shash_set11 = "../../../../creusot-contracts/src/std/collections/hash_set.rs" 153 14 153 42 + let%span shash_set12 = "../../../../creusot-contracts/src/std/collections/hash_set.rs" 155 8 155 43 let%span smodel13 = "../../../../creusot-contracts/src/model.rs" 110 8 110 22 - let%span shash_set14 = "../../../../creusot-contracts/src/std/collections/hash_set.rs" 58 16 65 23 + let%span shash_set14 = "../../../../creusot-contracts/src/std/collections/hash_set.rs" 64 16 71 23 let%span sfset15 = "../../../../creusot-contracts/src/logic/fset.rs" 46 8 46 26 let%span smodel16 = "../../../../creusot-contracts/src/model.rs" 83 8 83 28 let%span sseq17 = "../../../../creusot-contracts/src/logic/seq.rs" 355 20 355 77 - let%span shash_set18 = "../../../../creusot-contracts/src/std/collections/hash_set.rs" 71 11 71 33 - let%span shash_set19 = "../../../../creusot-contracts/src/std/collections/hash_set.rs" 72 11 72 33 - let%span shash_set20 = "../../../../creusot-contracts/src/std/collections/hash_set.rs" 73 10 73 43 - let%span shash_set21 = "../../../../creusot-contracts/src/std/collections/hash_set.rs" 81 4 81 31 + let%span shash_set18 = "../../../../creusot-contracts/src/std/collections/hash_set.rs" 77 11 77 33 + let%span shash_set19 = "../../../../creusot-contracts/src/std/collections/hash_set.rs" 78 11 78 33 + let%span shash_set20 = "../../../../creusot-contracts/src/std/collections/hash_set.rs" 79 10 79 43 + let%span shash_set21 = "../../../../creusot-contracts/src/std/collections/hash_set.rs" 87 4 87 31 let%span sseq22 = "../../../../creusot-contracts/src/logic/seq.rs" 382 14 383 65 let%span sseq23 = "../../../../creusot-contracts/src/logic/seq.rs" 381 4 381 12 @@ -1615,35 +1615,35 @@ end module M_collections__hashset_intersection [#"collections.rs" 74 0 77 15] let%span scollections0 = "collections.rs" 73 10 73 42 let%span shash_set1 = "../../../../creusot-contracts/src/std/collections/hash_set.rs" 32 30 32 67 - let%span siter2 = "../../../../creusot-contracts/src/std/iter.rs" 97 0 205 1 - let%span siter3 = "../../../../creusot-contracts/src/std/iter.rs" 166 26 167 120 + let%span siter2 = "../../../../creusot-contracts/src/std/iter.rs" 132 0 261 1 + let%span siter3 = "../../../../creusot-contracts/src/std/iter.rs" 208 26 209 120 let%span smodel4 = "../../../../creusot-contracts/src/model.rs" 92 8 92 22 let%span scopied5 = "../../../../creusot-contracts/src/std/iter/copied.rs" 11 14 11 39 let%span scopied6 = "../../../../creusot-contracts/src/std/iter/copied.rs" 40 12 40 105 let%span scopied7 = "../../../../creusot-contracts/src/std/iter/copied.rs" 48 12 51 79 - let%span shash_set8 = "../../../../creusot-contracts/src/std/collections/hash_set.rs" 185 20 185 121 + let%span shash_set8 = "../../../../creusot-contracts/src/std/collections/hash_set.rs" 191 20 191 121 let%span scopied9 = "../../../../creusot-contracts/src/std/iter/copied.rs" 21 8 21 29 let%span scopied10 = "../../../../creusot-contracts/src/std/iter/copied.rs" 57 14 57 45 let%span scopied11 = "../../../../creusot-contracts/src/std/iter/copied.rs" 62 15 62 32 let%span scopied12 = "../../../../creusot-contracts/src/std/iter/copied.rs" 63 15 63 32 let%span scopied13 = "../../../../creusot-contracts/src/std/iter/copied.rs" 64 14 64 42 - let%span shash_set14 = "../../../../creusot-contracts/src/std/collections/hash_set.rs" 210 20 210 56 - let%span shash_set15 = "../../../../creusot-contracts/src/std/collections/hash_set.rs" 204 8 204 38 + let%span shash_set14 = "../../../../creusot-contracts/src/std/collections/hash_set.rs" 216 20 216 56 + let%span shash_set15 = "../../../../creusot-contracts/src/std/collections/hash_set.rs" 210 8 210 38 let%span sfset16 = "../../../../creusot-contracts/src/logic/fset.rs" 46 8 46 26 let%span sseq17 = "../../../../creusot-contracts/src/logic/seq.rs" 355 20 355 77 - let%span shash_set18 = "../../../../creusot-contracts/src/std/collections/hash_set.rs" 215 14 215 45 - let%span shash_set19 = "../../../../creusot-contracts/src/std/collections/hash_set.rs" 213 4 213 10 - let%span shash_set20 = "../../../../creusot-contracts/src/std/collections/hash_set.rs" 220 15 220 32 - let%span shash_set21 = "../../../../creusot-contracts/src/std/collections/hash_set.rs" 221 15 221 32 - let%span shash_set22 = "../../../../creusot-contracts/src/std/collections/hash_set.rs" 222 14 222 42 - let%span shash_set23 = "../../../../creusot-contracts/src/std/collections/hash_set.rs" 224 8 224 43 + let%span shash_set18 = "../../../../creusot-contracts/src/std/collections/hash_set.rs" 221 14 221 45 + let%span shash_set19 = "../../../../creusot-contracts/src/std/collections/hash_set.rs" 219 4 219 10 + let%span shash_set20 = "../../../../creusot-contracts/src/std/collections/hash_set.rs" 226 15 226 32 + let%span shash_set21 = "../../../../creusot-contracts/src/std/collections/hash_set.rs" 227 15 227 32 + let%span shash_set22 = "../../../../creusot-contracts/src/std/collections/hash_set.rs" 228 14 228 42 + let%span shash_set23 = "../../../../creusot-contracts/src/std/collections/hash_set.rs" 230 8 230 43 let%span sresolve24 = "../../../../creusot-contracts/src/resolve.rs" 54 20 54 34 let%span smodel25 = "../../../../creusot-contracts/src/model.rs" 110 8 110 22 - let%span shash_set26 = "../../../../creusot-contracts/src/std/collections/hash_set.rs" 58 16 65 23 - let%span shash_set27 = "../../../../creusot-contracts/src/std/collections/hash_set.rs" 71 11 71 33 - let%span shash_set28 = "../../../../creusot-contracts/src/std/collections/hash_set.rs" 72 11 72 33 - let%span shash_set29 = "../../../../creusot-contracts/src/std/collections/hash_set.rs" 73 10 73 43 - let%span shash_set30 = "../../../../creusot-contracts/src/std/collections/hash_set.rs" 81 4 81 31 + let%span shash_set26 = "../../../../creusot-contracts/src/std/collections/hash_set.rs" 64 16 71 23 + let%span shash_set27 = "../../../../creusot-contracts/src/std/collections/hash_set.rs" 77 11 77 33 + let%span shash_set28 = "../../../../creusot-contracts/src/std/collections/hash_set.rs" 78 11 78 33 + let%span shash_set29 = "../../../../creusot-contracts/src/std/collections/hash_set.rs" 79 10 79 43 + let%span shash_set30 = "../../../../creusot-contracts/src/std/collections/hash_set.rs" 87 4 87 31 let%span smodel31 = "../../../../creusot-contracts/src/model.rs" 83 8 83 28 let%span sseq32 = "../../../../creusot-contracts/src/logic/seq.rs" 382 14 383 65 let%span sseq33 = "../../../../creusot-contracts/src/logic/seq.rs" 381 4 381 12 diff --git a/creusot/tests/should_succeed/cc/fset.coma b/creusot/tests/should_succeed/cc/fset.coma new file mode 100644 index 000000000..3f37cef7b --- /dev/null +++ b/creusot/tests/should_succeed/cc/fset.coma @@ -0,0 +1,96 @@ +module M_fset__map_spec [#"fset.rs" 8 0 8 23] + let%span sfset0 = "fset.rs" 7 10 7 123 + let%span sfset1 = "../../../../creusot-contracts/src/logic/fset.rs" 231 8 231 27 + let%span sfset2 = "../../../../creusot-contracts/src/logic/fset.rs" 46 8 46 26 + + use prelude.prelude.Intrinsic + + type t_T'0 + + use set.Fset + + type t_U'0 + + use map.Map + + use set.Fset + + use set.Fset + + function map'0 (self : Fset.fset t_T'0) (f : Map.map t_T'0 t_U'0) : Fset.fset t_U'0 = + [%#sfset1] Fset.map f self + + use set.Fset + + predicate contains'0 [@inline:trivial] (self : Fset.fset t_U'0) (e : t_U'0) = + [%#sfset2] Fset.mem e self + + use set.Fset + + predicate contains'1 [@inline:trivial] (self : Fset.fset t_T'0) (e : t_T'0) = + [%#sfset2] Fset.mem e self + + use map.Map + + meta "compute_max_steps" 1000000 + + let rec map_spec'0 (_1:()) (return' (ret:()))= (! bb0 [ bb0 = return' {_0} ] ) [ & _0 : () = any_l () ] + [ return' (result:())-> {[@expl:map_spec ensures] [%#sfset0] forall xs : Fset.fset t_T'0, f : Map.map t_T'0 t_U'0, y : t_U'0 . contains'0 (map'0 xs f) y + = (exists x : t_T'0 . contains'1 xs x /\ Map.get f x = y)} + (! return' {result}) ] + +end +module M_fset__filter_spec [#"fset.rs" 11 0 11 23] + let%span sfset0 = "fset.rs" 10 10 10 113 + let%span sfset1 = "../../../../creusot-contracts/src/logic/fset.rs" 46 8 46 26 + + use prelude.prelude.Intrinsic + + type t_T'0 + + use set.Fset + + use map.Map + + use set.Fset + + use set.Fset + + predicate contains'0 [@inline:trivial] (self : Fset.fset t_T'0) (e : t_T'0) = + [%#sfset1] Fset.mem e self + + use map.Map + + meta "compute_max_steps" 1000000 + + let rec filter_spec'0 (_1:()) (return' (ret:()))= (! bb0 [ bb0 = return' {_0} ] ) [ & _0 : () = any_l () ] + [ return' (result:())-> {[@expl:filter_spec ensures] [%#sfset0] forall xs : Fset.fset t_T'0, f : Map.map t_T'0 bool, x : t_T'0 . contains'0 (Fset.filter xs f) x + = (contains'0 xs x /\ Map.get f x)} + (! return' {result}) ] + +end +module M_fset__interval_spec [#"fset.rs" 14 0 14 22] + let%span sfset0 = "fset.rs" 13 10 13 94 + let%span sfset1 = "../../../../creusot-contracts/src/logic/fset.rs" 46 8 46 26 + + use prelude.prelude.Intrinsic + + use prelude.prelude.Int + + use set.FsetInt + + use set.Fset + + use set.Fset + + predicate contains'0 [@inline:trivial] (self : Fset.fset int) (e : int) = + [%#sfset1] Fset.mem e self + + meta "compute_max_steps" 1000000 + + let rec interval_spec'0 (_1:()) (return' (ret:()))= (! bb0 [ bb0 = return' {_0} ] ) [ & _0 : () = any_l () ] + [ return' (result:())-> {[@expl:interval_spec ensures] [%#sfset0] forall i : int, j : int, k : int . contains'0 (FsetInt.interval i j) k + = (i <= k /\ k < j)} + (! return' {result}) ] + +end diff --git a/creusot/tests/should_succeed/cc/fset.rs b/creusot/tests/should_succeed/cc/fset.rs new file mode 100644 index 000000000..1c2bbab18 --- /dev/null +++ b/creusot/tests/should_succeed/cc/fset.rs @@ -0,0 +1,14 @@ +extern crate creusot_contracts; +use creusot_contracts::{ + logic::{FSet, Mapping}, + *, +}; + +#[ensures(forall, f: Mapping, y: U> xs.map(f).contains(y) == exists xs.contains(x) && f.get(x) == y)] +pub fn map_spec() {} + +#[ensures(forall, f: Mapping, x: T> xs.filter(f).contains(x) == (xs.contains(x) && f.get(x)))] +pub fn filter_spec() {} + +#[ensures(forall FSet::interval(i, j).contains(k) == (i <= k && k < j))] +pub fn interval_spec() {} diff --git a/creusot/tests/should_succeed/cc/fset/why3session.xml b/creusot/tests/should_succeed/cc/fset/why3session.xml new file mode 100644 index 000000000..26600bd03 --- /dev/null +++ b/creusot/tests/should_succeed/cc/fset/why3session.xml @@ -0,0 +1,24 @@ + + + + + + + + + + + + + + + + + + + + + + + diff --git a/creusot/tests/should_succeed/cc/fset/why3shapes.gz b/creusot/tests/should_succeed/cc/fset/why3shapes.gz new file mode 100644 index 000000000..bf1e1f1e0 Binary files /dev/null and b/creusot/tests/should_succeed/cc/fset/why3shapes.gz differ diff --git a/creusot/tests/should_succeed/cc/iter.coma b/creusot/tests/should_succeed/cc/iter.coma index ddb4b17c1..ba4fc7129 100644 --- a/creusot/tests/should_succeed/cc/iter.coma +++ b/creusot/tests/should_succeed/cc/iter.coma @@ -1,11 +1,11 @@ -module M_iter__test_mut_ref [#"iter.rs" 3 0 3 21] - let%span siter0 = "iter.rs" 4 17 4 18 - let%span siter1 = "iter.rs" 4 20 4 21 +module M_iter__test_mut_ref [#"iter.rs" 4 0 4 21] + let%span siter0 = "iter.rs" 5 17 5 18 + let%span siter1 = "iter.rs" 5 20 5 21 let%span sslice2 = "../../../../creusot-contracts/src/std/slice.rs" 245 0 354 1 - let%span siter3 = "../../../../creusot-contracts/src/std/iter.rs" 103 26 106 17 - let%span siter4 = "iter.rs" 5 38 5 39 + let%span siter3 = "../../../../creusot-contracts/src/std/iter.rs" 138 26 141 17 + let%span siter4 = "iter.rs" 6 38 6 39 let%span soption5 = "../../../../creusot-contracts/src/std/option.rs" 23 26 23 75 - let%span siter6 = "iter.rs" 6 38 6 39 + let%span siter6 = "iter.rs" 7 38 7 39 let%span sslice7 = "../../../../creusot-contracts/src/std/slice.rs" 398 20 398 61 let%span sslice8 = "../../../../creusot-contracts/src/std/slice.rs" 405 12 405 66 let%span sresolve9 = "../../../../creusot-contracts/src/resolve.rs" 54 20 54 34 @@ -333,3 +333,1086 @@ module M_iter__test_mut_ref [#"iter.rs" 3 0 3 21] | & _78 : array int32 = any_l () ] [ return' (result:())-> (! return' {result}) ] end +module M_iter__test_filter [#"iter.rs" 11 0 11 20] + let%span siter0 = "iter.rs" 12 17 12 21 + let%span siter1 = "iter.rs" 12 23 12 28 + let%span siter2 = "iter.rs" 12 30 12 34 + let%span sslice3 = "../../../../creusot-contracts/src/std/slice.rs" 245 0 354 1 + let%span siter4 = "iter.rs" 13 18 13 31 + let%span siter5 = "../../../../creusot-contracts/src/std/iter.rs" 175 27 175 47 + let%span siter6 = "../../../../creusot-contracts/src/std/iter.rs" 176 27 176 53 + let%span siter7 = "../../../../creusot-contracts/src/std/iter.rs" 177 27 177 45 + let%span siter8 = "../../../../creusot-contracts/src/std/iter.rs" 132 0 261 1 + let%span siter9 = "../../../../creusot-contracts/src/std/iter.rs" 138 26 141 17 + let%span siter10 = "iter.rs" 16 38 16 42 + let%span soption11 = "../../../../creusot-contracts/src/std/option.rs" 23 26 23 75 + let%span siter12 = "iter.rs" 17 38 17 42 + let%span sfilter13 = "../../../../creusot-contracts/src/std/iter/filter.rs" 58 16 58 59 + let%span sfilter14 = "../../../../creusot-contracts/src/std/iter/filter.rs" 50 16 50 57 + let%span sfilter15 = "../../../../creusot-contracts/src/std/iter/filter.rs" 65 16 65 126 + let%span sfilter16 = "../../../../creusot-contracts/src/std/iter/filter.rs" 15 14 15 39 + let%span sfilter17 = "../../../../creusot-contracts/src/std/iter/filter.rs" 22 14 22 39 + let%span sfilter18 = "../../../../creusot-contracts/src/std/iter/filter.rs" 77 12 79 47 + let%span sfilter19 = "../../../../creusot-contracts/src/std/iter/filter.rs" 87 12 98 143 + let%span sresolve20 = "../../../../creusot-contracts/src/resolve.rs" 54 20 54 34 + let%span smodel21 = "../../../../creusot-contracts/src/model.rs" 83 8 83 28 + let%span sops22 = "../../../../creusot-contracts/src/std/ops.rs" 109 15 109 59 + let%span sops23 = "../../../../creusot-contracts/src/std/ops.rs" 110 14 110 36 + let%span sops24 = "../../../../creusot-contracts/src/std/ops.rs" 115 14 115 31 + let%span sops25 = "../../../../creusot-contracts/src/std/ops.rs" 120 15 120 29 + let%span sops26 = "../../../../creusot-contracts/src/std/ops.rs" 121 15 121 26 + let%span sops27 = "../../../../creusot-contracts/src/std/ops.rs" 122 14 122 28 + let%span sops28 = "../../../../creusot-contracts/src/std/ops.rs" 127 14 128 105 + let%span sfilter29 = "../../../../creusot-contracts/src/std/iter/filter.rs" 104 14 104 45 + let%span sfilter30 = "../../../../creusot-contracts/src/std/iter/filter.rs" 109 15 109 32 + let%span sfilter31 = "../../../../creusot-contracts/src/std/iter/filter.rs" 110 15 110 32 + let%span sfilter32 = "../../../../creusot-contracts/src/std/iter/filter.rs" 111 14 111 42 + let%span sslice33 = "../../../../creusot-contracts/src/std/slice.rs" 405 12 405 66 + let%span sslice34 = "../../../../creusot-contracts/src/std/slice.rs" 398 20 398 61 + let%span sinvariant35 = "../../../../creusot-contracts/src/invariant.rs" 34 20 34 44 + let%span soption36 = "../../../../creusot-contracts/src/std/option.rs" 11 8 14 9 + let%span sslice37 = "../../../../creusot-contracts/src/std/slice.rs" 411 14 411 45 + let%span sslice38 = "../../../../creusot-contracts/src/std/slice.rs" 409 4 409 10 + let%span sslice39 = "../../../../creusot-contracts/src/std/slice.rs" 416 15 416 32 + let%span sslice40 = "../../../../creusot-contracts/src/std/slice.rs" 417 15 417 32 + let%span sslice41 = "../../../../creusot-contracts/src/std/slice.rs" 418 14 418 42 + let%span sslice42 = "../../../../creusot-contracts/src/std/slice.rs" 414 4 414 10 + let%span sslice43 = "../../../../creusot-contracts/src/std/slice.rs" 96 14 96 41 + let%span sslice44 = "../../../../creusot-contracts/src/std/slice.rs" 97 14 97 80 + let%span smodel45 = "../../../../creusot-contracts/src/model.rs" 110 8 110 22 + let%span sslice46 = "../../../../creusot-contracts/src/std/slice.rs" 28 14 28 41 + let%span sslice47 = "../../../../creusot-contracts/src/std/slice.rs" 29 14 29 42 + let%span smodel48 = "../../../../creusot-contracts/src/model.rs" 92 8 92 22 + let%span sindex49 = "../../../../creusot-contracts/src/logic/ops/index.rs" 49 8 49 31 + let%span smodel50 = "../../../../creusot-contracts/src/model.rs" 120 8 120 12 + + use prelude.prelude.Slice + + use prelude.prelude.Borrow + + use prelude.prelude.Intrinsic + + let rec promoted3__test_filter'0 (return' (ret:array bool))= bb0 + [ bb0 = s0 + [ s0 = any + [ any_ (__arr_temp:array bool)-> (! -{Seq.get __arr_temp.elts 0 + /\ Seq.get __arr_temp.elts 1 = ([%#siter1] false) + /\ Seq.get __arr_temp.elts 2 /\ Seq.length __arr_temp.elts = 3}- + [ &_1 <- __arr_temp ] + s1) ] + + | s1 = [ &_0 <- _1 ] s2 + | s2 = return' {_0} ] + ] + [ & _0 : array bool = any_l () | & _1 : array bool = any_l () ] + [ return' (result:array bool)-> return' {result} ] + + + predicate inv'2 (_1 : slice bool) + + axiom inv_axiom'2 [@rewrite] : forall x : slice bool [inv'2 x] . inv'2 x = true + + use prelude.prelude.Opaque + + type t_NonNull'0 = + { t_NonNull__pointer'0: opaque_ptr } + + type t_Iter'0 = + { t_Iter__ptr'0: t_NonNull'0; t_Iter__end_or_len'0: opaque_ptr; t_Iter__qy95zmarker'0: () } + + function view'0 (self : t_Iter'0) : slice bool + + let rec iter'0 (self:slice bool) (return' (ret:t_Iter'0))= {[@expl:iter 'self' type invariant] inv'2 self} + any [ return' (result:t_Iter'0)-> {[%#sslice3] view'0 result = self} (! return' {result}) ] + + predicate resolve'3 (self : borrowed ()) = + [%#sresolve20] self.final = self.current + + predicate resolve'1 (_1 : borrowed ()) = + resolve'3 _1 + + predicate postcondition_once'0 (self : ()) (args : bool) (result : bool) = + [%#siter4] let (b) = args in result = b + + predicate resolve'4 (_1 : ()) = + true + + predicate unnest'0 (self : ()) (_2 : ()) = + true + + predicate postcondition_mut'1 (self : ()) (args : bool) (result_state : ()) (result : bool) = + (let (b) = args in result = b) /\ unnest'0 self result_state + + function fn_mut_once'0 (self : ()) (args : bool) (res : bool) : () + + axiom fn_mut_once'0_spec : forall self : (), args : bool, res : bool . [%#sops28] postcondition_once'0 self args res + = (exists res_state : () . postcondition_mut'1 self args res_state res /\ resolve'4 res_state) + + function unnest_trans'0 (self : ()) (b : ()) (c : ()) : () + + axiom unnest_trans'0_spec : forall self : (), b : (), c : () . ([%#sops25] unnest'0 self b) + -> ([%#sops26] unnest'0 b c) -> ([%#sops27] unnest'0 self c) + + function unnest_refl'0 (self : ()) : () + + axiom unnest_refl'0_spec : forall self : () . [%#sops24] unnest'0 self self + + function postcondition_mut_unnest'0 (self : ()) (args : bool) (res_state : ()) (res : bool) : () + + axiom postcondition_mut_unnest'0_spec : forall self : (), args : bool, res_state : (), res : bool . ([%#sops22] postcondition_mut'1 self args res_state res) + -> ([%#sops23] unnest'0 self res_state) + + let rec closure0'0 (_1:borrowed ()) (b:bool) (return' (ret:bool))= (! bb0 + [ bb0 = s0 [ s0 = -{resolve'1 _1}- s1 | s1 = [ &res <- b ] s2 | s2 = [ &_0 <- res ] s3 | s3 = return' {_0} ] ] + ) [ & _0 : bool = any_l () | & _1 : borrowed () = _1 | & b : bool = b | & res : bool = any_l () ] + [ return' (result:bool)-> {[@expl:closure ensures] [%#siter4] result = b} + {[@expl:closure unnest] unnest'0 _1.current _1.final} + (! return' {result}) ] + + + predicate inv'3 (_1 : t_Iter'0) + + axiom inv_axiom'3 [@rewrite] : forall x : t_Iter'0 [inv'3 x] . inv'3 x = true + + predicate inv'4 (_1 : ()) + + axiom inv_axiom'4 [@rewrite] : forall x : () [inv'4 x] . inv'4 x = true + + predicate postcondition_once'1 (self : ()) (args : bool) (result : bool) = + [%#siter4] let (b) = args in result = b + + predicate postcondition_mut'0 (self : ()) (args : bool) (result_state : ()) (result : bool) = + (let (b) = args in result = b) /\ unnest'0 self result_state + + function fn_mut_once'1 (self : ()) (args : bool) (res : bool) : () + + axiom fn_mut_once'1_spec : forall self : (), args : bool, res : bool . [%#sops28] postcondition_once'1 self args res + = (exists res_state : () . postcondition_mut'0 self args res_state res /\ resolve'4 res_state) + + predicate unnest'1 (self : ()) (_2 : ()) = + true + + function unnest_trans'1 (self : ()) (b : ()) (c : ()) : () + + axiom unnest_trans'1_spec : forall self : (), b : (), c : () . ([%#sops25] unnest'1 self b) + -> ([%#sops26] unnest'1 b c) -> ([%#sops27] unnest'1 self c) + + function unnest_refl'1 (self : ()) : () + + axiom unnest_refl'1_spec : forall self : () . [%#sops24] unnest'1 self self + + function postcondition_mut_unnest'1 (self : ()) (args : bool) (res_state : ()) (res : bool) : () + + axiom postcondition_mut_unnest'1_spec : forall self : (), args : bool, res_state : (), res : bool . ([%#sops22] postcondition_mut'0 self args res_state res) + -> ([%#sops23] unnest'1 self res_state) + + predicate immutable'0 (_1 : ()) = + [%#sfilter13] forall f : (), g : () . unnest'1 f g -> f = g + + predicate precondition'0 (self : ()) (args : bool) = + let (b) = args in true + + predicate no_precondition'0 (_1 : ()) = + [%#sfilter14] forall f : (), i : bool . precondition'0 f (i) + + predicate precise'0 (_1 : ()) = + [%#sfilter15] forall f1 : (), f2 : (), i : bool . not (postcondition_mut'0 f1 (i) f2 true + /\ postcondition_mut'0 f1 (i) f2 false) + + type t_Filter'0 = + { t_Filter__iter'0: t_Iter'0; t_Filter__predicate'0: () } + + predicate invariant'0 (self : t_Filter'0) + + predicate inv'0 (_1 : t_Filter'0) + + axiom inv_axiom'0 [@rewrite] : forall x : t_Filter'0 [inv'0 x] . inv'0 x + = (invariant'0 x + /\ match x with + | {t_Filter__iter'0 = iter ; t_Filter__predicate'0 = predicate'} -> true + end) + + function iter'1 (self : t_Filter'0) : t_Iter'0 + + axiom iter'1_spec : forall self : t_Filter'0 . [%#sfilter16] inv'0 self -> inv'3 (iter'1 self) + + function func'0 (self : t_Filter'0) : () + + axiom func'0_spec : forall self : t_Filter'0 . [%#sfilter17] inv'0 self -> inv'4 (func'0 self) + + let rec filter'0 (self:t_Iter'0) (predicate':()) (return' (ret:t_Filter'0))= {[@expl:filter 'self' type invariant] inv'3 self} + {[@expl:filter 'predicate' type invariant] inv'4 predicate'} + {[@expl:filter requires #0] [%#siter5] immutable'0 predicate'} + {[@expl:filter requires #1] [%#siter6] no_precondition'0 predicate'} + {[@expl:filter requires #2] [%#siter7] precise'0 predicate'} + any + [ return' (result:t_Filter'0)-> {inv'0 result} + {[%#siter8] iter'1 result = self /\ func'0 result = predicate'} + (! return' {result}) ] + + + predicate invariant'1 (self : borrowed (t_Filter'0)) = + [%#sinvariant35] inv'0 self.current /\ inv'0 self.final + + predicate inv'1 (_1 : borrowed (t_Filter'0)) + + axiom inv_axiom'1 [@rewrite] : forall x : borrowed (t_Filter'0) [inv'1 x] . inv'1 x = invariant'1 x + + type t_Option'0 = + | C_None'0 + | C_Some'0 bool + + predicate inv'5 (_1 : t_Option'0) + + axiom inv_axiom'5 [@rewrite] : forall x : t_Option'0 [inv'5 x] . inv'5 x = true + + use seq.Seq + + use prelude.prelude.Int + + use map.Map + + use seq.Seq + + use seq.Seq + + use seq.Seq + + use seq.Seq + + use seq.Seq + + use prelude.prelude.UIntSize + + constant v_MAX'0 : usize = (18446744073709551615 : usize) + + use prelude.prelude.UIntSize + + use prelude.prelude.Slice + + function view'2 (self : slice bool) : Seq.seq bool + + axiom view'2_spec : forall self : slice bool . ([%#sslice46] Seq.length (view'2 self) + <= UIntSize.to_int (v_MAX'0 : usize)) + && ([%#sslice47] view'2 self = Slice.id self) + + function view'3 (self : slice bool) : Seq.seq bool = + [%#smodel48] view'2 self + + use seq.Seq + + use seq.Seq + + function index_logic'0 [@inline:trivial] (self : slice bool) (ix : int) : bool = + [%#sindex49] Seq.get (view'2 self) ix + + function to_ref_seq'0 (self : slice bool) : Seq.seq bool + + axiom to_ref_seq'0_spec : forall self : slice bool . ([%#sslice43] Seq.length (to_ref_seq'0 self) + = Seq.length (view'3 self)) + && ([%#sslice44] forall i : int . 0 <= i /\ i < Seq.length (to_ref_seq'0 self) + -> Seq.get (to_ref_seq'0 self) i = index_logic'0 self i) + + predicate produces'1 (self : t_Iter'0) (visited : Seq.seq bool) (tl : t_Iter'0) = + [%#sslice33] to_ref_seq'0 (view'0 self) = Seq.(++) visited (to_ref_seq'0 (view'0 tl)) + + function produces_trans'1 (a : t_Iter'0) (ab : Seq.seq bool) (b : t_Iter'0) (bc : Seq.seq bool) (c : t_Iter'0) : () = + [%#sslice42] () + + axiom produces_trans'1_spec : forall a : t_Iter'0, ab : Seq.seq bool, b : t_Iter'0, bc : Seq.seq bool, c : t_Iter'0 . ([%#sslice39] produces'1 a ab b) + -> ([%#sslice40] produces'1 b bc c) -> ([%#sslice41] produces'1 a (Seq.(++) ab bc) c) + + function produces_refl'1 (self : t_Iter'0) : () = + [%#sslice38] () + + axiom produces_refl'1_spec : forall self : t_Iter'0 . [%#sslice37] produces'1 self (Seq.empty : Seq.seq bool) self + + use map.Map + + predicate produces'0 (self : t_Filter'0) (visited : Seq.seq bool) (succ : t_Filter'0) = + [%#sfilter19] invariant'0 self + -> unnest'1 (func'0 self) (func'0 succ) + /\ (exists s : Seq.seq bool, f : Map.map int int . produces'1 (iter'1 self) s (iter'1 succ) + /\ (forall i : int . 0 <= i /\ i < Seq.length visited -> 0 <= Map.get f i /\ Map.get f i < Seq.length s) + /\ (forall i : int, j : int . 0 <= i /\ i < j /\ j < Seq.length visited -> Map.get f i < Map.get f j) + /\ (forall i : int . 0 <= i /\ i < Seq.length visited -> Seq.get visited i = Seq.get s (Map.get f i)) + /\ (forall i : int . 0 <= i /\ i < Seq.length s + -> (exists j : int . 0 <= j /\ j < Seq.length visited /\ Map.get f j = i) + = postcondition_mut'0 (func'0 self) (Seq.get s i) (func'0 self) true)) + + function produces_trans'0 (a : t_Filter'0) (ab : Seq.seq bool) (b : t_Filter'0) (bc : Seq.seq bool) (c : t_Filter'0) : () + + + axiom produces_trans'0_spec : forall a : t_Filter'0, ab : Seq.seq bool, b : t_Filter'0, bc : Seq.seq bool, c : t_Filter'0 . ([%#sfilter30] produces'0 a ab b) + -> ([%#sfilter31] produces'0 b bc c) -> ([%#sfilter32] produces'0 a (Seq.(++) ab bc) c) + + function produces_refl'0 (self : t_Filter'0) : () + + axiom produces_refl'0_spec : forall self : t_Filter'0 . [%#sfilter29] produces'0 self (Seq.empty : Seq.seq bool) self + + predicate resolve'5 (self : borrowed (t_Iter'0)) = + [%#sresolve20] self.final = self.current + + function view'1 (self : borrowed (t_Iter'0)) : slice bool = + [%#smodel45] view'0 self.current + + use seq.Seq + + predicate completed'1 (self : borrowed (t_Iter'0)) = + [%#sslice34] resolve'5 self /\ view'2 (view'1 self) = (Seq.empty : Seq.seq bool) + + predicate completed'0 (self : borrowed (t_Filter'0)) = + [%#sfilter18] (exists s : Seq.seq bool, e : borrowed (t_Iter'0) . produces'1 (iter'1 self.current) s e.current + /\ completed'1 e + /\ (forall i : int . 0 <= i /\ i < Seq.length s + -> postcondition_mut'0 (func'0 self.current) (Seq.get s i) (func'0 self.final) false)) + /\ func'0 self.current = func'0 self.final + + use seq.Seq + + let rec next'0 (self:borrowed (t_Filter'0)) (return' (ret:t_Option'0))= {[@expl:next 'self' type invariant] inv'1 self} + any + [ return' (result:t_Option'0)-> {inv'5 result} + {[%#siter9] match result with + | C_None'0 -> completed'0 self + | C_Some'0 v -> produces'0 self.current (Seq.singleton v) self.final + end} + (! return' {result}) ] + + + predicate resolve'2 (self : borrowed (t_Filter'0)) = + [%#sresolve20] self.final = self.current + + predicate resolve'0 (_1 : borrowed (t_Filter'0)) = + resolve'2 _1 + + let rec promoted2__test_filter'0 (return' (ret:t_Option'0))= bb0 + [ bb0 = s0 [ s0 = [ &_1 <- C_Some'0 ([%#siter10] true) ] s1 | s1 = [ &_0 <- _1 ] s2 | s2 = return' {_0} ] ] + [ & _0 : t_Option'0 = any_l () | & _1 : t_Option'0 = any_l () ] + [ return' (result:t_Option'0)-> return' {result} ] + + + predicate inv'6 (_1 : t_Option'0) + + axiom inv_axiom'6 [@rewrite] : forall x : t_Option'0 [inv'6 x] . inv'6 x = true + + type t_Option'1 = + | C_None'1 + | C_Some'1 bool + + function deep_model'3 (self : bool) : bool = + [%#smodel50] self + + function deep_model'2 (self : bool) : bool = + [%#smodel21] deep_model'3 self + + function deep_model'1 (self : t_Option'0) : t_Option'1 = + [%#soption36] match self with + | C_Some'0 t -> C_Some'1 (deep_model'2 t) + | C_None'0 -> C_None'1 + end + + function deep_model'0 (self : t_Option'0) : t_Option'1 = + [%#smodel21] deep_model'1 self + + let rec eq'0 (self:t_Option'0) (other:t_Option'0) (return' (ret:bool))= {[@expl:eq 'self' type invariant] inv'6 self} + {[@expl:eq 'other' type invariant] inv'6 other} + any + [ return' (result:bool)-> {[%#soption11] result = (deep_model'0 self = deep_model'0 other)} (! return' {result}) ] + + + let rec promoted1__test_filter'0 (return' (ret:t_Option'0))= bb0 + [ bb0 = s0 [ s0 = [ &_1 <- C_Some'0 ([%#siter12] true) ] s1 | s1 = [ &_0 <- _1 ] s2 | s2 = return' {_0} ] ] + [ & _0 : t_Option'0 = any_l () | & _1 : t_Option'0 = any_l () ] + [ return' (result:t_Option'0)-> return' {result} ] + + + let rec promoted0__test_filter'0 (return' (ret:t_Option'0))= bb0 + [ bb0 = s0 [ s0 = [ &_1 <- C_None'0 ] s1 | s1 = [ &_0 <- _1 ] s2 | s2 = return' {_0} ] ] + [ & _0 : t_Option'0 = any_l () | & _1 : t_Option'0 = any_l () ] + [ return' (result:t_Option'0)-> return' {result} ] + + + type t_AssertKind'0 = + | C_Eq'0 + | C_Ne'0 + | C_Match'0 + + meta "compute_max_steps" 1000000 + + let rec test_filter'0 (_1:()) (return' (ret:()))= (! bb0 + [ bb0 = s0 + [ s0 = promoted3__test_filter'0 (fun (pr3:array bool) -> [ &_80 <- pr3 ] s1) + | s1 = iter'0 {_80} (fun (_ret':t_Iter'0) -> [ &_2 <- _ret' ] s2) + | s2 = bb1 ] + + | bb1 = s0 + [ s0 = [ &_6 <- () ] s1 | s1 = filter'0 {_2} {_6} (fun (_ret':t_Filter'0) -> [ &a <- _ret' ] s2) | s2 = bb2 ] + + | bb2 = s0 + [ s0 = {inv'0 a} + Borrow.borrow_mut {a} + (fun (_ret':borrowed (t_Filter'0)) -> [ &_12 <- _ret' ] -{inv'0 _ret'.final}- [ &a <- _ret'.final ] s1) + | s1 = {inv'0 _12.current} + Borrow.borrow_final {_12.current} {Borrow.get_id _12} + (fun (_ret':borrowed (t_Filter'0)) -> + [ &_11 <- _ret' ] + -{inv'0 _ret'.final}- + [ &_12 <- { _12 with current = _ret'.final } ] + s2) + | s2 = next'0 {_11} (fun (_ret':t_Option'0) -> [ &_10 <- _ret' ] s3) + | s3 = bb3 ] + + | bb3 = s0 + [ s0 = {[@expl:type invariant] inv'1 _12} s1 + | s1 = -{resolve'0 _12}- s2 + | s2 = promoted2__test_filter'0 (fun (pr2:t_Option'0) -> [ &_79 <- pr2 ] s3) + | s3 = [ &_8 <- (_10, _79) ] s4 + | s4 = [ &left_val <- let (r'0, _) = _8 in r'0 ] s5 + | s5 = [ &right_val <- let (_, r'1) = _8 in r'1 ] s6 + | s6 = eq'0 {left_val} {right_val} (fun (_ret':bool) -> [ &_19 <- _ret' ] s7) + | s7 = bb4 ] + + | bb4 = any [ br0 -> {_19 = false} (! bb6) | br1 -> {_19} (! bb5) ] + | bb5 = s0 + [ s0 = {inv'0 a} + Borrow.borrow_mut {a} + (fun (_ret':borrowed (t_Filter'0)) -> [ &_36 <- _ret' ] -{inv'0 _ret'.final}- [ &a <- _ret'.final ] s1) + | s1 = {inv'0 _36.current} + Borrow.borrow_final {_36.current} {Borrow.get_id _36} + (fun (_ret':borrowed (t_Filter'0)) -> + [ &_35 <- _ret' ] + -{inv'0 _ret'.final}- + [ &_36 <- { _36 with current = _ret'.final } ] + s2) + | s2 = next'0 {_35} (fun (_ret':t_Option'0) -> [ &_34 <- _ret' ] s3) + | s3 = bb7 ] + + | bb7 = s0 + [ s0 = {[@expl:type invariant] inv'1 _36} s1 + | s1 = -{resolve'0 _36}- s2 + | s2 = promoted1__test_filter'0 (fun (pr1:t_Option'0) -> [ &_78 <- pr1 ] s3) + | s3 = [ &_32 <- (_34, _78) ] s4 + | s4 = [ &left_val1 <- let (r'0, _) = _32 in r'0 ] s5 + | s5 = [ &right_val1 <- let (_, r'1) = _32 in r'1 ] s6 + | s6 = eq'0 {left_val1} {right_val1} (fun (_ret':bool) -> [ &_43 <- _ret' ] s7) + | s7 = bb8 ] + + | bb8 = any [ br0 -> {_43 = false} (! bb10) | br1 -> {_43} (! bb9) ] + | bb9 = s0 + [ s0 = {inv'0 a} + Borrow.borrow_mut {a} + (fun (_ret':borrowed (t_Filter'0)) -> [ &_60 <- _ret' ] -{inv'0 _ret'.final}- [ &a <- _ret'.final ] s1) + | s1 = {inv'0 _60.current} + Borrow.borrow_final {_60.current} {Borrow.get_id _60} + (fun (_ret':borrowed (t_Filter'0)) -> + [ &_59 <- _ret' ] + -{inv'0 _ret'.final}- + [ &_60 <- { _60 with current = _ret'.final } ] + s2) + | s2 = next'0 {_59} (fun (_ret':t_Option'0) -> [ &_58 <- _ret' ] s3) + | s3 = bb11 ] + + | bb11 = s0 + [ s0 = {[@expl:type invariant] inv'1 _60} s1 + | s1 = -{resolve'0 _60}- s2 + | s2 = {[@expl:type invariant] inv'0 a} s3 + | s3 = promoted0__test_filter'0 (fun (pr0:t_Option'0) -> [ &_77 <- pr0 ] s4) + | s4 = [ &_56 <- (_58, _77) ] s5 + | s5 = [ &left_val2 <- let (r'0, _) = _56 in r'0 ] s6 + | s6 = [ &right_val2 <- let (_, r'1) = _56 in r'1 ] s7 + | s7 = eq'0 {left_val2} {right_val2} (fun (_ret':bool) -> [ &_65 <- _ret' ] s8) + | s8 = bb12 ] + + | bb12 = any [ br0 -> {_65 = false} (! bb14) | br1 -> {_65} (! bb13) ] + | bb13 = return' {_0} + | bb14 = s0 + [ s0 = [ &kind2 <- C_Eq'0 ] s1 + | s1 = [ &_73 <- left_val2 ] s2 + | s2 = [ &_75 <- right_val2 ] s3 + | s3 = {false} any ] + + | bb10 = s0 + [ s0 = {[@expl:type invariant] inv'0 a} s1 + | s1 = [ &kind1 <- C_Eq'0 ] s2 + | s2 = [ &_51 <- left_val1 ] s3 + | s3 = [ &_53 <- right_val1 ] s4 + | s4 = {false} any ] + + | bb6 = s0 + [ s0 = {[@expl:type invariant] inv'0 a} s1 + | s1 = [ &kind <- C_Eq'0 ] s2 + | s2 = [ &_27 <- left_val ] s3 + | s3 = [ &_29 <- right_val ] s4 + | s4 = {false} any ] + ] + ) + [ & _0 : () = any_l () + | & a : t_Filter'0 = any_l () + | & _2 : t_Iter'0 = any_l () + | & _6 : () = any_l () + | & _8 : (t_Option'0, t_Option'0) = any_l () + | & _10 : t_Option'0 = any_l () + | & _11 : borrowed (t_Filter'0) = any_l () + | & _12 : borrowed (t_Filter'0) = any_l () + | & left_val : t_Option'0 = any_l () + | & right_val : t_Option'0 = any_l () + | & _19 : bool = any_l () + | & kind : t_AssertKind'0 = any_l () + | & _27 : t_Option'0 = any_l () + | & _29 : t_Option'0 = any_l () + | & _32 : (t_Option'0, t_Option'0) = any_l () + | & _34 : t_Option'0 = any_l () + | & _35 : borrowed (t_Filter'0) = any_l () + | & _36 : borrowed (t_Filter'0) = any_l () + | & left_val1 : t_Option'0 = any_l () + | & right_val1 : t_Option'0 = any_l () + | & _43 : bool = any_l () + | & kind1 : t_AssertKind'0 = any_l () + | & _51 : t_Option'0 = any_l () + | & _53 : t_Option'0 = any_l () + | & _56 : (t_Option'0, t_Option'0) = any_l () + | & _58 : t_Option'0 = any_l () + | & _59 : borrowed (t_Filter'0) = any_l () + | & _60 : borrowed (t_Filter'0) = any_l () + | & left_val2 : t_Option'0 = any_l () + | & right_val2 : t_Option'0 = any_l () + | & _65 : bool = any_l () + | & kind2 : t_AssertKind'0 = any_l () + | & _73 : t_Option'0 = any_l () + | & _75 : t_Option'0 = any_l () + | & _77 : t_Option'0 = any_l () + | & _78 : t_Option'0 = any_l () + | & _79 : t_Option'0 = any_l () + | & _80 : array bool = any_l () ] + [ return' (result:())-> (! return' {result}) ] +end +module M_iter__test_filter_map [#"iter.rs" 21 0 21 24] + let%span siter0 = "iter.rs" 22 17 22 21 + let%span siter1 = "iter.rs" 22 23 22 28 + let%span siter2 = "iter.rs" 22 30 22 34 + let%span sslice3 = "../../../../creusot-contracts/src/std/slice.rs" 245 0 354 1 + let%span siter4 = "iter.rs" 24 32 24 37 + let%span siter5 = "iter.rs" 23 18 23 63 + let%span siter6 = "../../../../creusot-contracts/src/std/iter.rs" 183 27 183 51 + let%span siter7 = "../../../../creusot-contracts/src/std/iter.rs" 184 27 184 57 + let%span siter8 = "../../../../creusot-contracts/src/std/iter.rs" 185 27 185 49 + let%span siter9 = "../../../../creusot-contracts/src/std/iter.rs" 132 0 261 1 + let%span siter10 = "../../../../creusot-contracts/src/std/iter.rs" 138 26 141 17 + let%span siter11 = "iter.rs" 26 37 26 42 + let%span soption12 = "../../../../creusot-contracts/src/std/option.rs" 23 26 23 75 + let%span siter13 = "iter.rs" 27 37 27 42 + let%span sfilter_map14 = "../../../../creusot-contracts/src/std/iter/filter_map.rs" 56 16 56 52 + let%span sfilter_map15 = "../../../../creusot-contracts/src/std/iter/filter_map.rs" 48 16 48 50 + let%span sfilter_map16 = "../../../../creusot-contracts/src/std/iter/filter_map.rs" 63 16 63 135 + let%span sfilter_map17 = "../../../../creusot-contracts/src/std/iter/filter_map.rs" 15 14 15 39 + let%span sfilter_map18 = "../../../../creusot-contracts/src/std/iter/filter_map.rs" 22 14 22 39 + let%span sfilter_map19 = "../../../../creusot-contracts/src/std/iter/filter_map.rs" 75 12 77 47 + let%span sfilter_map20 = "../../../../creusot-contracts/src/std/iter/filter_map.rs" 85 12 98 148 + let%span sresolve21 = "../../../../creusot-contracts/src/resolve.rs" 54 20 54 34 + let%span smodel22 = "../../../../creusot-contracts/src/model.rs" 83 8 83 28 + let%span sops23 = "../../../../creusot-contracts/src/std/ops.rs" 109 15 109 59 + let%span sops24 = "../../../../creusot-contracts/src/std/ops.rs" 110 14 110 36 + let%span sops25 = "../../../../creusot-contracts/src/std/ops.rs" 115 14 115 31 + let%span sops26 = "../../../../creusot-contracts/src/std/ops.rs" 120 15 120 29 + let%span sops27 = "../../../../creusot-contracts/src/std/ops.rs" 121 15 121 26 + let%span sops28 = "../../../../creusot-contracts/src/std/ops.rs" 122 14 122 28 + let%span sops29 = "../../../../creusot-contracts/src/std/ops.rs" 127 14 128 105 + let%span sfilter_map30 = "../../../../creusot-contracts/src/std/iter/filter_map.rs" 104 14 104 45 + let%span sfilter_map31 = "../../../../creusot-contracts/src/std/iter/filter_map.rs" 109 15 109 32 + let%span sfilter_map32 = "../../../../creusot-contracts/src/std/iter/filter_map.rs" 110 15 110 32 + let%span sfilter_map33 = "../../../../creusot-contracts/src/std/iter/filter_map.rs" 111 14 111 42 + let%span sslice34 = "../../../../creusot-contracts/src/std/slice.rs" 405 12 405 66 + let%span sslice35 = "../../../../creusot-contracts/src/std/slice.rs" 398 20 398 61 + let%span sinvariant36 = "../../../../creusot-contracts/src/invariant.rs" 34 20 34 44 + let%span soption37 = "../../../../creusot-contracts/src/std/option.rs" 11 8 14 9 + let%span sslice38 = "../../../../creusot-contracts/src/std/slice.rs" 411 14 411 45 + let%span sslice39 = "../../../../creusot-contracts/src/std/slice.rs" 409 4 409 10 + let%span sslice40 = "../../../../creusot-contracts/src/std/slice.rs" 416 15 416 32 + let%span sslice41 = "../../../../creusot-contracts/src/std/slice.rs" 417 15 417 32 + let%span sslice42 = "../../../../creusot-contracts/src/std/slice.rs" 418 14 418 42 + let%span sslice43 = "../../../../creusot-contracts/src/std/slice.rs" 414 4 414 10 + let%span sslice44 = "../../../../creusot-contracts/src/std/slice.rs" 96 14 96 41 + let%span sslice45 = "../../../../creusot-contracts/src/std/slice.rs" 97 14 97 80 + let%span smodel46 = "../../../../creusot-contracts/src/model.rs" 110 8 110 22 + let%span sslice47 = "../../../../creusot-contracts/src/std/slice.rs" 28 14 28 41 + let%span sslice48 = "../../../../creusot-contracts/src/std/slice.rs" 29 14 29 42 + let%span smodel49 = "../../../../creusot-contracts/src/model.rs" 120 8 120 12 + let%span smodel50 = "../../../../creusot-contracts/src/model.rs" 92 8 92 22 + let%span sindex51 = "../../../../creusot-contracts/src/logic/ops/index.rs" 49 8 49 31 + + use prelude.prelude.Slice + + use prelude.prelude.Borrow + + use prelude.prelude.Intrinsic + + let rec promoted3__test_filter_map'0 (return' (ret:array bool))= bb0 + [ bb0 = s0 + [ s0 = any + [ any_ (__arr_temp:array bool)-> (! -{Seq.get __arr_temp.elts 0 + /\ Seq.get __arr_temp.elts 1 = ([%#siter1] false) + /\ Seq.get __arr_temp.elts 2 /\ Seq.length __arr_temp.elts = 3}- + [ &_1 <- __arr_temp ] + s1) ] + + | s1 = [ &_0 <- _1 ] s2 + | s2 = return' {_0} ] + ] + [ & _0 : array bool = any_l () | & _1 : array bool = any_l () ] + [ return' (result:array bool)-> return' {result} ] + + + predicate inv'2 (_1 : slice bool) + + axiom inv_axiom'2 [@rewrite] : forall x : slice bool [inv'2 x] . inv'2 x = true + + use prelude.prelude.Opaque + + type t_NonNull'0 = + { t_NonNull__pointer'0: opaque_ptr } + + type t_Iter'0 = + { t_Iter__ptr'0: t_NonNull'0; t_Iter__end_or_len'0: opaque_ptr; t_Iter__qy95zmarker'0: () } + + function view'0 (self : t_Iter'0) : slice bool + + let rec iter'0 (self:slice bool) (return' (ret:t_Iter'0))= {[@expl:iter 'self' type invariant] inv'2 self} + any [ return' (result:t_Iter'0)-> {[%#sslice3] view'0 result = self} (! return' {result}) ] + + predicate resolve'3 (self : borrowed ()) = + [%#sresolve21] self.final = self.current + + predicate resolve'1 (_1 : borrowed ()) = + resolve'3 _1 + + type t_Option'0 = + | C_None'0 + | C_Some'0 bool + + predicate postcondition_once'0 (self : ()) (args : bool) (result : t_Option'0) = + [%#siter5] let (b) = args in result = (if b then C_Some'0 false else C_None'0) + + predicate resolve'4 (_1 : ()) = + true + + predicate unnest'0 (self : ()) (_2 : ()) = + true + + predicate postcondition_mut'0 (self : ()) (args : bool) (result_state : ()) (result : t_Option'0) = + (let (b) = args in result = (if b then C_Some'0 false else C_None'0)) /\ unnest'0 self result_state + + function fn_mut_once'0 (self : ()) (args : bool) (res : t_Option'0) : () + + axiom fn_mut_once'0_spec : forall self : (), args : bool, res : t_Option'0 . [%#sops29] postcondition_once'0 self args res + = (exists res_state : () . postcondition_mut'0 self args res_state res /\ resolve'4 res_state) + + function unnest_trans'0 (self : ()) (b : ()) (c : ()) : () + + axiom unnest_trans'0_spec : forall self : (), b : (), c : () . ([%#sops26] unnest'0 self b) + -> ([%#sops27] unnest'0 b c) -> ([%#sops28] unnest'0 self c) + + function unnest_refl'0 (self : ()) : () + + axiom unnest_refl'0_spec : forall self : () . [%#sops25] unnest'0 self self + + function postcondition_mut_unnest'0 (self : ()) (args : bool) (res_state : ()) (res : t_Option'0) : () + + axiom postcondition_mut_unnest'0_spec : forall self : (), args : bool, res_state : (), res : t_Option'0 . ([%#sops23] postcondition_mut'0 self args res_state res) + -> ([%#sops24] unnest'0 self res_state) + + let rec closure0'0 (_1:borrowed ()) (b:bool) (return' (ret:t_Option'0))= (! bb0 + [ bb0 = s0 [ s0 = -{resolve'1 _1}- s1 | s1 = any [ br0 -> {b = false} (! bb2) | br1 -> {b} (! bb1) ] ] + | bb1 = s0 [ s0 = [ &res <- C_Some'0 ([%#siter4] false) ] s1 | s1 = bb3 ] + | bb2 = s0 [ s0 = [ &res <- C_None'0 ] s1 | s1 = bb3 ] + | bb3 = s0 [ s0 = [ &_0 <- res ] s1 | s1 = return' {_0} ] ] + ) [ & _0 : t_Option'0 = any_l () | & _1 : borrowed () = _1 | & b : bool = b | & res : t_Option'0 = any_l () ] + [ return' (result:t_Option'0)-> {[@expl:closure ensures] [%#siter5] result + = (if b then C_Some'0 false else C_None'0)} + {[@expl:closure unnest] unnest'0 _1.current _1.final} + (! return' {result}) ] + + + predicate inv'3 (_1 : t_Iter'0) + + axiom inv_axiom'3 [@rewrite] : forall x : t_Iter'0 [inv'3 x] . inv'3 x = true + + predicate inv'4 (_1 : ()) + + axiom inv_axiom'4 [@rewrite] : forall x : () [inv'4 x] . inv'4 x = true + + predicate immutable'0 (f : ()) = + [%#sfilter_map14] forall g : () . unnest'0 f g -> f = g + + predicate precondition'0 (self : ()) (args : bool) = + let (b) = args in true + + predicate no_precondition'0 (f : ()) = + [%#sfilter_map15] forall i : bool . precondition'0 f (i) + + predicate precise'0 (f1 : ()) = + [%#sfilter_map16] forall f2 : (), i : bool . not ((exists b : bool . postcondition_mut'0 f1 (i) f2 (C_Some'0 b)) + /\ postcondition_mut'0 f1 (i) f2 (C_None'0)) + + type t_FilterMap'0 = + { t_FilterMap__iter'0: t_Iter'0; t_FilterMap__f'0: () } + + predicate invariant'0 (self : t_FilterMap'0) + + predicate inv'0 (_1 : t_FilterMap'0) + + axiom inv_axiom'0 [@rewrite] : forall x : t_FilterMap'0 [inv'0 x] . inv'0 x + = (invariant'0 x + /\ match x with + | {t_FilterMap__iter'0 = iter ; t_FilterMap__f'0 = f} -> true + end) + + function iter'1 (self : t_FilterMap'0) : t_Iter'0 + + axiom iter'1_spec : forall self : t_FilterMap'0 . [%#sfilter_map17] inv'0 self -> inv'3 (iter'1 self) + + function func'0 (self : t_FilterMap'0) : () + + axiom func'0_spec : forall self : t_FilterMap'0 . [%#sfilter_map18] inv'0 self -> inv'4 (func'0 self) + + let rec filter_map'0 (self:t_Iter'0) (f:()) (return' (ret:t_FilterMap'0))= {[@expl:filter_map 'self' type invariant] inv'3 self} + {[@expl:filter_map 'f' type invariant] inv'4 f} + {[@expl:filter_map requires #0] [%#siter6] immutable'0 f} + {[@expl:filter_map requires #1] [%#siter7] no_precondition'0 f} + {[@expl:filter_map requires #2] [%#siter8] precise'0 f} + any + [ return' (result:t_FilterMap'0)-> {inv'0 result} + {[%#siter9] iter'1 result = self /\ func'0 result = f} + (! return' {result}) ] + + + predicate invariant'1 (self : borrowed (t_FilterMap'0)) = + [%#sinvariant36] inv'0 self.current /\ inv'0 self.final + + predicate inv'1 (_1 : borrowed (t_FilterMap'0)) + + axiom inv_axiom'1 [@rewrite] : forall x : borrowed (t_FilterMap'0) [inv'1 x] . inv'1 x = invariant'1 x + + predicate inv'5 (_1 : t_Option'0) + + axiom inv_axiom'5 [@rewrite] : forall x : t_Option'0 [inv'5 x] . inv'5 x = true + + use seq.Seq + + use seq.Seq + + use prelude.prelude.Int + + use map.Map + + use seq.Seq + + use seq.Seq + + use seq.Seq + + use seq.Seq + + use prelude.prelude.UIntSize + + constant v_MAX'0 : usize = (18446744073709551615 : usize) + + use prelude.prelude.UIntSize + + use prelude.prelude.Slice + + function view'2 (self : slice bool) : Seq.seq bool + + axiom view'2_spec : forall self : slice bool . ([%#sslice47] Seq.length (view'2 self) + <= UIntSize.to_int (v_MAX'0 : usize)) + && ([%#sslice48] view'2 self = Slice.id self) + + function view'3 (self : slice bool) : Seq.seq bool = + [%#smodel50] view'2 self + + use seq.Seq + + use seq.Seq + + function index_logic'0 [@inline:trivial] (self : slice bool) (ix : int) : bool = + [%#sindex51] Seq.get (view'2 self) ix + + function to_ref_seq'0 (self : slice bool) : Seq.seq bool + + axiom to_ref_seq'0_spec : forall self : slice bool . ([%#sslice44] Seq.length (to_ref_seq'0 self) + = Seq.length (view'3 self)) + && ([%#sslice45] forall i : int . 0 <= i /\ i < Seq.length (to_ref_seq'0 self) + -> Seq.get (to_ref_seq'0 self) i = index_logic'0 self i) + + predicate produces'1 (self : t_Iter'0) (visited : Seq.seq bool) (tl : t_Iter'0) = + [%#sslice34] to_ref_seq'0 (view'0 self) = Seq.(++) visited (to_ref_seq'0 (view'0 tl)) + + function produces_trans'1 (a : t_Iter'0) (ab : Seq.seq bool) (b : t_Iter'0) (bc : Seq.seq bool) (c : t_Iter'0) : () = + [%#sslice43] () + + axiom produces_trans'1_spec : forall a : t_Iter'0, ab : Seq.seq bool, b : t_Iter'0, bc : Seq.seq bool, c : t_Iter'0 . ([%#sslice40] produces'1 a ab b) + -> ([%#sslice41] produces'1 b bc c) -> ([%#sslice42] produces'1 a (Seq.(++) ab bc) c) + + function produces_refl'1 (self : t_Iter'0) : () = + [%#sslice39] () + + axiom produces_refl'1_spec : forall self : t_Iter'0 . [%#sslice38] produces'1 self (Seq.empty : Seq.seq bool) self + + use map.Map + + use seq.Seq + + use seq.Seq + + predicate produces'0 (self : t_FilterMap'0) (visited : Seq.seq bool) (succ : t_FilterMap'0) = + [%#sfilter_map20] invariant'0 self + -> unnest'0 (func'0 self) (func'0 succ) + /\ (exists s : Seq.seq bool, f : Map.map int int . produces'1 (iter'1 self) s (iter'1 succ) + /\ (forall i : int . 0 <= i /\ i < Seq.length visited -> 0 <= Map.get f i /\ Map.get f i < Seq.length s) + /\ (forall i : int, j : int . 0 <= i /\ i < j /\ j < Seq.length visited -> Map.get f i < Map.get f j) + /\ (forall i : int . 0 <= i /\ i < Seq.length visited + -> postcondition_mut'0 (func'0 self) (Seq.get s (Map.get f i)) (func'0 self) (C_Some'0 (Seq.get visited i))) + /\ (forall j : int . 0 <= j /\ j < Seq.length s + -> (not (exists i : int . 0 <= i /\ i < Seq.length visited /\ Map.get f i = j)) + = postcondition_mut'0 (func'0 self) (Seq.get s j) (func'0 self) (C_None'0))) + + function produces_trans'0 (a : t_FilterMap'0) (ab : Seq.seq bool) (b : t_FilterMap'0) (bc : Seq.seq bool) (c : t_FilterMap'0) : () + + + axiom produces_trans'0_spec : forall a : t_FilterMap'0, ab : Seq.seq bool, b : t_FilterMap'0, bc : Seq.seq bool, c : t_FilterMap'0 . ([%#sfilter_map31] produces'0 a ab b) + -> ([%#sfilter_map32] produces'0 b bc c) -> ([%#sfilter_map33] produces'0 a (Seq.(++) ab bc) c) + + function produces_refl'0 (self : t_FilterMap'0) : () + + axiom produces_refl'0_spec : forall self : t_FilterMap'0 . [%#sfilter_map30] produces'0 self (Seq.empty : Seq.seq bool) self + + predicate resolve'5 (self : borrowed (t_Iter'0)) = + [%#sresolve21] self.final = self.current + + function view'1 (self : borrowed (t_Iter'0)) : slice bool = + [%#smodel46] view'0 self.current + + predicate completed'1 (self : borrowed (t_Iter'0)) = + [%#sslice35] resolve'5 self /\ view'2 (view'1 self) = (Seq.empty : Seq.seq bool) + + predicate completed'0 (self : borrowed (t_FilterMap'0)) = + [%#sfilter_map19] (exists s : Seq.seq bool, e : borrowed (t_Iter'0) . produces'1 (iter'1 self.current) s e.current + /\ completed'1 e + /\ (forall i : int . 0 <= i /\ i < Seq.length s + -> postcondition_mut'0 (func'0 self.current) (Seq.get s i) (func'0 self.final) (C_None'0))) + /\ func'0 self.current = func'0 self.final + + use seq.Seq + + let rec next'0 (self:borrowed (t_FilterMap'0)) (return' (ret:t_Option'0))= {[@expl:next 'self' type invariant] inv'1 self} + any + [ return' (result:t_Option'0)-> {inv'5 result} + {[%#siter10] match result with + | C_None'0 -> completed'0 self + | C_Some'0 v -> produces'0 self.current (Seq.singleton v) self.final + end} + (! return' {result}) ] + + + predicate resolve'2 (self : borrowed (t_FilterMap'0)) = + [%#sresolve21] self.final = self.current + + predicate resolve'0 (_1 : borrowed (t_FilterMap'0)) = + resolve'2 _1 + + let rec promoted2__test_filter_map'0 (return' (ret:t_Option'0))= bb0 + [ bb0 = s0 [ s0 = [ &_1 <- C_Some'0 ([%#siter11] false) ] s1 | s1 = [ &_0 <- _1 ] s2 | s2 = return' {_0} ] ] + [ & _0 : t_Option'0 = any_l () | & _1 : t_Option'0 = any_l () ] + [ return' (result:t_Option'0)-> return' {result} ] + + + predicate inv'6 (_1 : t_Option'0) + + axiom inv_axiom'6 [@rewrite] : forall x : t_Option'0 [inv'6 x] . inv'6 x = true + + function deep_model'2 (self : bool) : bool = + [%#smodel49] self + + function deep_model'1 (self : t_Option'0) : t_Option'0 = + [%#soption37] match self with + | C_Some'0 t -> C_Some'0 (deep_model'2 t) + | C_None'0 -> C_None'0 + end + + function deep_model'0 (self : t_Option'0) : t_Option'0 = + [%#smodel22] deep_model'1 self + + let rec eq'0 (self:t_Option'0) (other:t_Option'0) (return' (ret:bool))= {[@expl:eq 'self' type invariant] inv'6 self} + {[@expl:eq 'other' type invariant] inv'6 other} + any + [ return' (result:bool)-> {[%#soption12] result = (deep_model'0 self = deep_model'0 other)} (! return' {result}) ] + + + let rec promoted1__test_filter_map'0 (return' (ret:t_Option'0))= bb0 + [ bb0 = s0 [ s0 = [ &_1 <- C_Some'0 ([%#siter13] false) ] s1 | s1 = [ &_0 <- _1 ] s2 | s2 = return' {_0} ] ] + [ & _0 : t_Option'0 = any_l () | & _1 : t_Option'0 = any_l () ] + [ return' (result:t_Option'0)-> return' {result} ] + + + let rec promoted0__test_filter_map'0 (return' (ret:t_Option'0))= bb0 + [ bb0 = s0 [ s0 = [ &_1 <- C_None'0 ] s1 | s1 = [ &_0 <- _1 ] s2 | s2 = return' {_0} ] ] + [ & _0 : t_Option'0 = any_l () | & _1 : t_Option'0 = any_l () ] + [ return' (result:t_Option'0)-> return' {result} ] + + + type t_AssertKind'0 = + | C_Eq'0 + | C_Ne'0 + | C_Match'0 + + meta "compute_max_steps" 1000000 + + let rec test_filter_map'0 (_1:()) (return' (ret:()))= (! bb0 + [ bb0 = s0 + [ s0 = promoted3__test_filter_map'0 (fun (pr3:array bool) -> [ &_76 <- pr3 ] s1) + | s1 = iter'0 {_76} (fun (_ret':t_Iter'0) -> [ &_2 <- _ret' ] s2) + | s2 = bb1 ] + + | bb1 = s0 + [ s0 = [ &_6 <- () ] s1 + | s1 = filter_map'0 {_2} {_6} (fun (_ret':t_FilterMap'0) -> [ &a <- _ret' ] s2) + | s2 = bb2 ] + + | bb2 = s0 + [ s0 = {inv'0 a} + Borrow.borrow_mut {a} + (fun (_ret':borrowed (t_FilterMap'0)) -> [ &_12 <- _ret' ] -{inv'0 _ret'.final}- [ &a <- _ret'.final ] s1) + | s1 = {inv'0 _12.current} + Borrow.borrow_final {_12.current} {Borrow.get_id _12} + (fun (_ret':borrowed (t_FilterMap'0)) -> + [ &_11 <- _ret' ] + -{inv'0 _ret'.final}- + [ &_12 <- { _12 with current = _ret'.final } ] + s2) + | s2 = next'0 {_11} (fun (_ret':t_Option'0) -> [ &_10 <- _ret' ] s3) + | s3 = bb3 ] + + | bb3 = s0 + [ s0 = {[@expl:type invariant] inv'1 _12} s1 + | s1 = -{resolve'0 _12}- s2 + | s2 = promoted2__test_filter_map'0 (fun (pr2:t_Option'0) -> [ &_75 <- pr2 ] s3) + | s3 = [ &_8 <- (_10, _75) ] s4 + | s4 = [ &left_val <- let (r'0, _) = _8 in r'0 ] s5 + | s5 = [ &right_val <- let (_, r'1) = _8 in r'1 ] s6 + | s6 = eq'0 {left_val} {right_val} (fun (_ret':bool) -> [ &_17 <- _ret' ] s7) + | s7 = bb4 ] + + | bb4 = any [ br0 -> {_17 = false} (! bb6) | br1 -> {_17} (! bb5) ] + | bb5 = s0 + [ s0 = {inv'0 a} + Borrow.borrow_mut {a} + (fun (_ret':borrowed (t_FilterMap'0)) -> [ &_34 <- _ret' ] -{inv'0 _ret'.final}- [ &a <- _ret'.final ] s1) + | s1 = {inv'0 _34.current} + Borrow.borrow_final {_34.current} {Borrow.get_id _34} + (fun (_ret':borrowed (t_FilterMap'0)) -> + [ &_33 <- _ret' ] + -{inv'0 _ret'.final}- + [ &_34 <- { _34 with current = _ret'.final } ] + s2) + | s2 = next'0 {_33} (fun (_ret':t_Option'0) -> [ &_32 <- _ret' ] s3) + | s3 = bb7 ] + + | bb7 = s0 + [ s0 = {[@expl:type invariant] inv'1 _34} s1 + | s1 = -{resolve'0 _34}- s2 + | s2 = promoted1__test_filter_map'0 (fun (pr1:t_Option'0) -> [ &_74 <- pr1 ] s3) + | s3 = [ &_30 <- (_32, _74) ] s4 + | s4 = [ &left_val1 <- let (r'0, _) = _30 in r'0 ] s5 + | s5 = [ &right_val1 <- let (_, r'1) = _30 in r'1 ] s6 + | s6 = eq'0 {left_val1} {right_val1} (fun (_ret':bool) -> [ &_39 <- _ret' ] s7) + | s7 = bb8 ] + + | bb8 = any [ br0 -> {_39 = false} (! bb10) | br1 -> {_39} (! bb9) ] + | bb9 = s0 + [ s0 = {inv'0 a} + Borrow.borrow_mut {a} + (fun (_ret':borrowed (t_FilterMap'0)) -> [ &_56 <- _ret' ] -{inv'0 _ret'.final}- [ &a <- _ret'.final ] s1) + | s1 = {inv'0 _56.current} + Borrow.borrow_final {_56.current} {Borrow.get_id _56} + (fun (_ret':borrowed (t_FilterMap'0)) -> + [ &_55 <- _ret' ] + -{inv'0 _ret'.final}- + [ &_56 <- { _56 with current = _ret'.final } ] + s2) + | s2 = next'0 {_55} (fun (_ret':t_Option'0) -> [ &_54 <- _ret' ] s3) + | s3 = bb11 ] + + | bb11 = s0 + [ s0 = {[@expl:type invariant] inv'1 _56} s1 + | s1 = -{resolve'0 _56}- s2 + | s2 = {[@expl:type invariant] inv'0 a} s3 + | s3 = promoted0__test_filter_map'0 (fun (pr0:t_Option'0) -> [ &_73 <- pr0 ] s4) + | s4 = [ &_52 <- (_54, _73) ] s5 + | s5 = [ &left_val2 <- let (r'0, _) = _52 in r'0 ] s6 + | s6 = [ &right_val2 <- let (_, r'1) = _52 in r'1 ] s7 + | s7 = eq'0 {left_val2} {right_val2} (fun (_ret':bool) -> [ &_61 <- _ret' ] s8) + | s8 = bb12 ] + + | bb12 = any [ br0 -> {_61 = false} (! bb14) | br1 -> {_61} (! bb13) ] + | bb13 = return' {_0} + | bb14 = s0 + [ s0 = [ &kind2 <- C_Eq'0 ] s1 + | s1 = [ &_69 <- left_val2 ] s2 + | s2 = [ &_71 <- right_val2 ] s3 + | s3 = {false} any ] + + | bb10 = s0 + [ s0 = {[@expl:type invariant] inv'0 a} s1 + | s1 = [ &kind1 <- C_Eq'0 ] s2 + | s2 = [ &_47 <- left_val1 ] s3 + | s3 = [ &_49 <- right_val1 ] s4 + | s4 = {false} any ] + + | bb6 = s0 + [ s0 = {[@expl:type invariant] inv'0 a} s1 + | s1 = [ &kind <- C_Eq'0 ] s2 + | s2 = [ &_25 <- left_val ] s3 + | s3 = [ &_27 <- right_val ] s4 + | s4 = {false} any ] + ] + ) + [ & _0 : () = any_l () + | & a : t_FilterMap'0 = any_l () + | & _2 : t_Iter'0 = any_l () + | & _6 : () = any_l () + | & _8 : (t_Option'0, t_Option'0) = any_l () + | & _10 : t_Option'0 = any_l () + | & _11 : borrowed (t_FilterMap'0) = any_l () + | & _12 : borrowed (t_FilterMap'0) = any_l () + | & left_val : t_Option'0 = any_l () + | & right_val : t_Option'0 = any_l () + | & _17 : bool = any_l () + | & kind : t_AssertKind'0 = any_l () + | & _25 : t_Option'0 = any_l () + | & _27 : t_Option'0 = any_l () + | & _30 : (t_Option'0, t_Option'0) = any_l () + | & _32 : t_Option'0 = any_l () + | & _33 : borrowed (t_FilterMap'0) = any_l () + | & _34 : borrowed (t_FilterMap'0) = any_l () + | & left_val1 : t_Option'0 = any_l () + | & right_val1 : t_Option'0 = any_l () + | & _39 : bool = any_l () + | & kind1 : t_AssertKind'0 = any_l () + | & _47 : t_Option'0 = any_l () + | & _49 : t_Option'0 = any_l () + | & _52 : (t_Option'0, t_Option'0) = any_l () + | & _54 : t_Option'0 = any_l () + | & _55 : borrowed (t_FilterMap'0) = any_l () + | & _56 : borrowed (t_FilterMap'0) = any_l () + | & left_val2 : t_Option'0 = any_l () + | & right_val2 : t_Option'0 = any_l () + | & _61 : bool = any_l () + | & kind2 : t_AssertKind'0 = any_l () + | & _69 : t_Option'0 = any_l () + | & _71 : t_Option'0 = any_l () + | & _73 : t_Option'0 = any_l () + | & _74 : t_Option'0 = any_l () + | & _75 : t_Option'0 = any_l () + | & _76 : array bool = any_l () ] + [ return' (result:())-> (! return' {result}) ] +end diff --git a/creusot/tests/should_succeed/cc/iter.rs b/creusot/tests/should_succeed/cc/iter.rs index a74861d6f..c1c521874 100644 --- a/creusot/tests/should_succeed/cc/iter.rs +++ b/creusot/tests/should_succeed/cc/iter.rs @@ -1,4 +1,5 @@ extern crate creusot_contracts; +use creusot_contracts::*; pub fn test_mut_ref() { let mut a = [1, 2].iter(); @@ -6,3 +7,23 @@ pub fn test_mut_ref() { assert_eq!((&mut a).next(), Some(&2)); assert_eq!((&mut a).next(), None); } + +pub fn test_filter() { + let mut a = [true, false, true].iter().filter( + #[ensures(result == **b)] + |b: &&bool| **b, + ); + assert_eq!((&mut a).next(), Some(&true)); + assert_eq!((&mut a).next(), Some(&true)); + assert_eq!((&mut a).next(), None); +} + +pub fn test_filter_map() { + let mut a = [true, false, true].iter().filter_map( + #[ensures(result == if *b { Some(false) } else { None })] + |b: &bool| if *b { Some(false) } else { None }, + ); + assert_eq!((&mut a).next(), Some(false)); + assert_eq!((&mut a).next(), Some(false)); + assert_eq!((&mut a).next(), None); +} diff --git a/creusot/tests/should_succeed/cc/iter/why3session.xml b/creusot/tests/should_succeed/cc/iter/why3session.xml index 64f15028f..8cf5e5320 100644 --- a/creusot/tests/should_succeed/cc/iter/why3session.xml +++ b/creusot/tests/should_succeed/cc/iter/why3session.xml @@ -3,6 +3,9 @@ "https://www.why3.org/why3session.dtd"> + + + @@ -10,5 +13,219 @@ + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + diff --git a/creusot/tests/should_succeed/cc/iter/why3shapes.gz b/creusot/tests/should_succeed/cc/iter/why3shapes.gz index 4834e6dca..3ad65f939 100644 Binary files a/creusot/tests/should_succeed/cc/iter/why3shapes.gz and b/creusot/tests/should_succeed/cc/iter/why3shapes.gz differ diff --git a/creusot/tests/should_succeed/ghost/ghost_set.coma b/creusot/tests/should_succeed/ghost/ghost_set.coma index 715ebc53b..cc7b9fca1 100644 --- a/creusot/tests/should_succeed/ghost/ghost_set.coma +++ b/creusot/tests/should_succeed/ghost/ghost_set.coma @@ -1,7 +1,7 @@ module M_ghost_set__ghost_map [#"ghost_set.rs" 4 0 4 18] let%span sghost_set0 = "ghost_set.rs" 5 18 5 36 - let%span sfset1 = "../../../../creusot-contracts/src/logic/fset.rs" 196 4 196 34 - let%span sfset2 = "../../../../creusot-contracts/src/logic/fset.rs" 194 14 194 31 + let%span sfset1 = "../../../../creusot-contracts/src/logic/fset.rs" 316 4 316 34 + let%span sfset2 = "../../../../creusot-contracts/src/logic/fset.rs" 314 14 314 31 let%span sghost_set3 = "ghost_set.rs" 7 22 7 53 let%span sghost_set4 = "ghost_set.rs" 8 25 8 26 let%span sghost_set5 = "ghost_set.rs" 10 22 10 63 @@ -25,22 +25,22 @@ module M_ghost_set__ghost_map [#"ghost_set.rs" 4 0 4 18] let%span sghost23 = "../../../../creusot-contracts/src/ghost.rs" 85 22 85 26 let%span sghost24 = "../../../../creusot-contracts/src/ghost.rs" 85 4 85 48 let%span sghost25 = "../../../../creusot-contracts/src/ghost.rs" 84 14 84 36 - let%span sfset26 = "../../../../creusot-contracts/src/logic/fset.rs" 277 29 277 33 - let%span sfset27 = "../../../../creusot-contracts/src/logic/fset.rs" 277 35 277 40 - let%span sfset28 = "../../../../creusot-contracts/src/logic/fset.rs" 275 14 275 44 - let%span sfset29 = "../../../../creusot-contracts/src/logic/fset.rs" 276 14 276 48 + let%span sfset26 = "../../../../creusot-contracts/src/logic/fset.rs" 397 29 397 33 + let%span sfset27 = "../../../../creusot-contracts/src/logic/fset.rs" 397 35 397 40 + let%span sfset28 = "../../../../creusot-contracts/src/logic/fset.rs" 395 14 395 44 + let%span sfset29 = "../../../../creusot-contracts/src/logic/fset.rs" 396 14 396 48 let%span sghost30 = "../../../../creusot-contracts/src/ghost.rs" 69 14 69 18 let%span sghost31 = "../../../../creusot-contracts/src/ghost.rs" 69 4 69 36 let%span sghost32 = "../../../../creusot-contracts/src/ghost.rs" 68 14 68 35 - let%span sfset33 = "../../../../creusot-contracts/src/logic/fset.rs" 222 22 222 26 - let%span sfset34 = "../../../../creusot-contracts/src/logic/fset.rs" 221 14 221 34 - let%span sfset35 = "../../../../creusot-contracts/src/logic/fset.rs" 313 29 313 33 - let%span sfset36 = "../../../../creusot-contracts/src/logic/fset.rs" 313 35 313 40 - let%span sfset37 = "../../../../creusot-contracts/src/logic/fset.rs" 311 14 311 45 - let%span sfset38 = "../../../../creusot-contracts/src/logic/fset.rs" 312 14 312 48 - let%span sfset39 = "../../../../creusot-contracts/src/logic/fset.rs" 243 27 243 31 - let%span sfset40 = "../../../../creusot-contracts/src/logic/fset.rs" 243 33 243 38 - let%span sfset41 = "../../../../creusot-contracts/src/logic/fset.rs" 242 14 242 45 + let%span sfset33 = "../../../../creusot-contracts/src/logic/fset.rs" 342 22 342 26 + let%span sfset34 = "../../../../creusot-contracts/src/logic/fset.rs" 341 14 341 34 + let%span sfset35 = "../../../../creusot-contracts/src/logic/fset.rs" 433 29 433 33 + let%span sfset36 = "../../../../creusot-contracts/src/logic/fset.rs" 433 35 433 40 + let%span sfset37 = "../../../../creusot-contracts/src/logic/fset.rs" 431 14 431 45 + let%span sfset38 = "../../../../creusot-contracts/src/logic/fset.rs" 432 14 432 48 + let%span sfset39 = "../../../../creusot-contracts/src/logic/fset.rs" 363 27 363 31 + let%span sfset40 = "../../../../creusot-contracts/src/logic/fset.rs" 363 33 363 38 + let%span sfset41 = "../../../../creusot-contracts/src/logic/fset.rs" 362 14 362 45 let%span sghost42 = "../../../../creusot-contracts/src/ghost.rs" 181 15 181 16 let%span sghost43 = "../../../../creusot-contracts/src/ghost.rs" 181 4 181 28 let%span sghost44 = "../../../../creusot-contracts/src/ghost.rs" 179 14 179 28 diff --git a/creusot/tests/should_succeed/hillel.coma b/creusot/tests/should_succeed/hillel.coma index 92d67b95c..8504d79b4 100644 --- a/creusot/tests/should_succeed/hillel.coma +++ b/creusot/tests/should_succeed/hillel.coma @@ -504,11 +504,11 @@ module M_hillel__insert_unique [#"hillel.rs" 80 0 80 62] let%span shillel22 = "hillel.rs" 67 8 67 72 let%span svec23 = "../../../creusot-contracts/src/std/vec.rs" 169 26 169 42 let%span sslice24 = "../../../creusot-contracts/src/std/slice.rs" 245 0 354 1 - let%span siter25 = "../../../creusot-contracts/src/std/iter.rs" 97 0 205 1 + let%span siter25 = "../../../creusot-contracts/src/std/iter.rs" 132 0 261 1 let%span sindex26 = "../../../creusot-contracts/src/logic/ops/index.rs" 93 8 93 33 let%span smodel27 = "../../../creusot-contracts/src/model.rs" 83 8 83 28 let%span sslice28 = "../../../creusot-contracts/src/std/slice.rs" 405 12 405 66 - let%span siter29 = "../../../creusot-contracts/src/std/iter.rs" 103 26 106 17 + let%span siter29 = "../../../creusot-contracts/src/std/iter.rs" 138 26 141 17 let%span sindex30 = "../../../creusot-contracts/src/logic/ops/index.rs" 27 8 27 31 let%span scmp31 = "../../../creusot-contracts/src/std/cmp.rs" 11 26 11 75 let%span shillel32 = "hillel.rs" 60 8 60 64 @@ -517,8 +517,8 @@ module M_hillel__insert_unique [#"hillel.rs" 80 0 80 62] let%span svec35 = "../../../creusot-contracts/src/std/vec.rs" 29 14 29 47 let%span svec36 = "../../../creusot-contracts/src/std/vec.rs" 30 14 31 51 let%span smodel37 = "../../../creusot-contracts/src/model.rs" 92 8 92 22 - let%span siter38 = "../../../creusot-contracts/src/std/iter.rs" 82 20 82 24 - let%span siter39 = "../../../creusot-contracts/src/std/iter.rs" 88 8 88 19 + let%span siter38 = "../../../creusot-contracts/src/std/iter.rs" 86 20 86 24 + let%span siter39 = "../../../creusot-contracts/src/std/iter.rs" 92 8 92 19 let%span sslice40 = "../../../creusot-contracts/src/std/slice.rs" 411 14 411 45 let%span sslice41 = "../../../creusot-contracts/src/std/slice.rs" 409 4 409 10 let%span sslice42 = "../../../creusot-contracts/src/std/slice.rs" 416 15 416 32 @@ -1018,14 +1018,14 @@ module M_hillel__unique [#"hillel.rs" 102 0 102 56] let%span shillel19 = "hillel.rs" 101 10 101 58 let%span svec20 = "../../../creusot-contracts/src/std/vec.rs" 74 26 74 44 let%span sslice21 = "../../../creusot-contracts/src/std/slice.rs" 245 0 354 1 - let%span siter22 = "../../../creusot-contracts/src/std/iter.rs" 97 0 205 1 + let%span siter22 = "../../../creusot-contracts/src/std/iter.rs" 132 0 261 1 let%span smodel23 = "../../../creusot-contracts/src/model.rs" 83 8 83 28 let%span svec24 = "../../../creusot-contracts/src/std/vec.rs" 29 14 29 47 let%span svec25 = "../../../creusot-contracts/src/std/vec.rs" 30 14 31 51 let%span shillel26 = "hillel.rs" 67 8 67 72 let%span shillel27 = "hillel.rs" 53 8 53 105 let%span srange28 = "../../../creusot-contracts/src/std/iter/range.rs" 22 12 26 70 - let%span siter29 = "../../../creusot-contracts/src/std/iter.rs" 103 26 106 17 + let%span siter29 = "../../../creusot-contracts/src/std/iter.rs" 138 26 141 17 let%span shillel30 = "hillel.rs" 80 36 80 39 let%span shillel31 = "hillel.rs" 80 54 80 58 let%span shillel32 = "hillel.rs" 75 11 75 38 @@ -1035,8 +1035,8 @@ module M_hillel__unique [#"hillel.rs" 102 0 102 56] let%span shillel36 = "hillel.rs" 79 10 79 58 let%span smodel37 = "../../../creusot-contracts/src/model.rs" 92 8 92 22 let%span svec38 = "../../../creusot-contracts/src/std/vec.rs" 18 14 18 41 - let%span siter39 = "../../../creusot-contracts/src/std/iter.rs" 82 20 82 24 - let%span siter40 = "../../../creusot-contracts/src/std/iter.rs" 88 8 88 19 + let%span siter39 = "../../../creusot-contracts/src/std/iter.rs" 86 20 86 24 + let%span siter40 = "../../../creusot-contracts/src/std/iter.rs" 92 8 92 19 let%span sslice41 = "../../../creusot-contracts/src/std/slice.rs" 40 14 40 44 let%span sslice42 = "../../../creusot-contracts/src/std/slice.rs" 41 14 41 96 let%span sindex43 = "../../../creusot-contracts/src/logic/ops/index.rs" 27 8 27 31 @@ -1670,14 +1670,14 @@ module M_hillel__fulcrum [#"hillel.rs" 159 0 159 30] let%span shillel22 = "hillel.rs" 156 11 156 23 let%span shillel23 = "hillel.rs" 157 10 157 44 let%span shillel24 = "hillel.rs" 158 10 158 86 - let%span siter25 = "../../../creusot-contracts/src/std/iter.rs" 97 0 205 1 + let%span siter25 = "../../../creusot-contracts/src/std/iter.rs" 132 0 261 1 let%span smodel26 = "../../../creusot-contracts/src/model.rs" 92 8 92 22 let%span shillel27 = "hillel.rs" 123 11 123 53 let%span shillel28 = "hillel.rs" 124 10 124 21 let%span shillel29 = "hillel.rs" 122 10 122 19 let%span shillel30 = "hillel.rs" 121 0 121 8 let%span sslice31 = "../../../creusot-contracts/src/std/slice.rs" 405 12 405 66 - let%span siter32 = "../../../creusot-contracts/src/std/iter.rs" 103 26 106 17 + let%span siter32 = "../../../creusot-contracts/src/std/iter.rs" 138 26 141 17 let%span sslice33 = "../../../creusot-contracts/src/std/slice.rs" 245 0 354 1 let%span shillel34 = "hillel.rs" 144 11 144 35 let%span shillel35 = "hillel.rs" 145 10 145 64 @@ -1699,8 +1699,8 @@ module M_hillel__fulcrum [#"hillel.rs" 159 0 159 30] let%span sslice51 = "../../../creusot-contracts/src/std/slice.rs" 97 14 97 80 let%span sslice52 = "../../../creusot-contracts/src/std/slice.rs" 398 20 398 61 let%span sresolve53 = "../../../creusot-contracts/src/resolve.rs" 54 20 54 34 - let%span siter54 = "../../../creusot-contracts/src/std/iter.rs" 82 20 82 24 - let%span siter55 = "../../../creusot-contracts/src/std/iter.rs" 88 8 88 19 + let%span siter54 = "../../../creusot-contracts/src/std/iter.rs" 86 20 86 24 + let%span siter55 = "../../../creusot-contracts/src/std/iter.rs" 92 8 92 19 let%span shillel56 = "hillel.rs" 135 11 135 63 let%span shillel57 = "hillel.rs" 136 10 136 85 let%span shillel58 = "hillel.rs" 134 10 134 18 diff --git a/creusot/tests/should_succeed/insertion_sort.coma b/creusot/tests/should_succeed/insertion_sort.coma index 76c9889d8..26e29f517 100644 --- a/creusot/tests/should_succeed/insertion_sort.coma +++ b/creusot/tests/should_succeed/insertion_sort.coma @@ -23,13 +23,13 @@ module M_insertion_sort__insertion_sort [#"insertion_sort.rs" 21 0 21 40] let%span sinsertion_sort21 = "insertion_sort.rs" 19 10 19 42 let%span sinsertion_sort22 = "insertion_sort.rs" 20 10 20 27 let%span sslice23 = "../../../creusot-contracts/src/std/slice.rs" 245 0 354 1 - let%span siter24 = "../../../creusot-contracts/src/std/iter.rs" 97 0 205 1 + let%span siter24 = "../../../creusot-contracts/src/std/iter.rs" 132 0 261 1 let%span ssnapshot25 = "../../../creusot-contracts/src/snapshot.rs" 52 20 52 39 let%span smodel26 = "../../../creusot-contracts/src/model.rs" 110 8 110 22 let%span sseq27 = "../../../creusot-contracts/src/logic/seq.rs" 316 8 316 41 let%span sinsertion_sort28 = "insertion_sort.rs" 8 8 8 72 let%span srange29 = "../../../creusot-contracts/src/std/iter/range.rs" 22 12 26 70 - let%span siter30 = "../../../creusot-contracts/src/std/iter.rs" 103 26 106 17 + let%span siter30 = "../../../creusot-contracts/src/std/iter.rs" 138 26 141 17 let%span sindex31 = "../../../creusot-contracts/src/logic/ops/index.rs" 60 8 60 32 let%span sindex32 = "../../../creusot-contracts/src/logic/ops/index.rs" 49 8 49 31 let%span sslice33 = "../../../creusot-contracts/src/std/slice.rs" 257 19 257 35 @@ -39,8 +39,8 @@ module M_insertion_sort__insertion_sort [#"insertion_sort.rs" 21 0 21 40] let%span sslice37 = "../../../creusot-contracts/src/std/slice.rs" 29 14 29 42 let%span sinsertion_sort38 = "insertion_sort.rs" 15 8 15 35 let%span smodel39 = "../../../creusot-contracts/src/model.rs" 92 8 92 22 - let%span siter40 = "../../../creusot-contracts/src/std/iter.rs" 82 20 82 24 - let%span siter41 = "../../../creusot-contracts/src/std/iter.rs" 88 8 88 19 + let%span siter40 = "../../../creusot-contracts/src/std/iter.rs" 86 20 86 24 + let%span siter41 = "../../../creusot-contracts/src/std/iter.rs" 92 8 92 19 let%span srange42 = "../../../creusot-contracts/src/std/iter/range.rs" 32 14 32 45 let%span srange43 = "../../../creusot-contracts/src/std/iter/range.rs" 37 15 37 32 let%span srange44 = "../../../creusot-contracts/src/std/iter/range.rs" 38 15 38 32 diff --git a/creusot/tests/should_succeed/iterators/03_std_iterators.coma b/creusot/tests/should_succeed/iterators/03_std_iterators.coma index 1f3a9b3f1..6e1fc8be1 100644 --- a/creusot/tests/should_succeed/iterators/03_std_iterators.coma +++ b/creusot/tests/should_succeed/iterators/03_std_iterators.coma @@ -10,12 +10,12 @@ module M_03_std_iterators__slice_iter [#"03_std_iterators.rs" 6 0 6 42] let%span s03_std_iterators8 = "03_std_iterators.rs" 4 11 4 30 let%span s03_std_iterators9 = "03_std_iterators.rs" 5 10 5 33 let%span sslice10 = "../../../../creusot-contracts/src/std/slice.rs" 245 0 354 1 - let%span siter11 = "../../../../creusot-contracts/src/std/iter.rs" 97 0 205 1 + let%span siter11 = "../../../../creusot-contracts/src/std/iter.rs" 132 0 261 1 let%span sslice12 = "../../../../creusot-contracts/src/std/slice.rs" 405 12 405 66 - let%span siter13 = "../../../../creusot-contracts/src/std/iter.rs" 103 26 106 17 + let%span siter13 = "../../../../creusot-contracts/src/std/iter.rs" 138 26 141 17 let%span smodel14 = "../../../../creusot-contracts/src/model.rs" 92 8 92 22 - let%span siter15 = "../../../../creusot-contracts/src/std/iter.rs" 82 20 82 24 - let%span siter16 = "../../../../creusot-contracts/src/std/iter.rs" 88 8 88 19 + let%span siter15 = "../../../../creusot-contracts/src/std/iter.rs" 86 20 86 24 + let%span siter16 = "../../../../creusot-contracts/src/std/iter.rs" 92 8 92 19 let%span sslice17 = "../../../../creusot-contracts/src/std/slice.rs" 411 14 411 45 let%span sslice18 = "../../../../creusot-contracts/src/std/slice.rs" 409 4 409 10 let%span sslice19 = "../../../../creusot-contracts/src/std/slice.rs" 416 15 416 32 @@ -322,9 +322,9 @@ module M_03_std_iterators__vec_iter [#"03_std_iterators.rs" 17 0 17 41] let%span s03_std_iterators7 = "03_std_iterators.rs" 17 19 17 22 let%span s03_std_iterators8 = "03_std_iterators.rs" 15 11 15 28 let%span s03_std_iterators9 = "03_std_iterators.rs" 16 10 16 31 - let%span siter10 = "../../../../creusot-contracts/src/std/iter.rs" 97 0 205 1 + let%span siter10 = "../../../../creusot-contracts/src/std/iter.rs" 132 0 261 1 let%span sslice11 = "../../../../creusot-contracts/src/std/slice.rs" 405 12 405 66 - let%span siter12 = "../../../../creusot-contracts/src/std/iter.rs" 103 26 106 17 + let%span siter12 = "../../../../creusot-contracts/src/std/iter.rs" 138 26 141 17 let%span smodel13 = "../../../../creusot-contracts/src/model.rs" 92 8 92 22 let%span svec14 = "../../../../creusot-contracts/src/std/vec.rs" 205 20 205 24 let%span svec15 = "../../../../creusot-contracts/src/std/vec.rs" 211 20 211 34 @@ -650,18 +650,18 @@ module M_03_std_iterators__all_zero [#"03_std_iterators.rs" 28 0 28 35] let%span svec8 = "../../../../creusot-contracts/src/std/vec.rs" 175 26 175 42 let%span svec9 = "../../../../creusot-contracts/src/std/vec.rs" 176 26 176 48 let%span sslice10 = "../../../../creusot-contracts/src/std/slice.rs" 245 0 354 1 - let%span siter11 = "../../../../creusot-contracts/src/std/iter.rs" 97 0 205 1 + let%span siter11 = "../../../../creusot-contracts/src/std/iter.rs" 132 0 261 1 let%span sindex12 = "../../../../creusot-contracts/src/logic/ops/index.rs" 93 8 93 33 let%span sslice13 = "../../../../creusot-contracts/src/std/slice.rs" 459 12 459 66 - let%span siter14 = "../../../../creusot-contracts/src/std/iter.rs" 103 26 106 17 + let%span siter14 = "../../../../creusot-contracts/src/std/iter.rs" 138 26 141 17 let%span svec15 = "../../../../creusot-contracts/src/std/vec.rs" 18 14 18 41 let%span smodel16 = "../../../../creusot-contracts/src/model.rs" 110 8 110 22 let%span sindex17 = "../../../../creusot-contracts/src/logic/ops/index.rs" 27 8 27 31 let%span sslice18 = "../../../../creusot-contracts/src/std/slice.rs" 28 14 28 41 let%span sslice19 = "../../../../creusot-contracts/src/std/slice.rs" 29 14 29 42 let%span sslice20 = "../../../../creusot-contracts/src/std/slice.rs" 427 14 427 50 - let%span siter21 = "../../../../creusot-contracts/src/std/iter.rs" 82 20 82 24 - let%span siter22 = "../../../../creusot-contracts/src/std/iter.rs" 88 8 88 19 + let%span siter21 = "../../../../creusot-contracts/src/std/iter.rs" 86 20 86 24 + let%span siter22 = "../../../../creusot-contracts/src/std/iter.rs" 92 8 92 19 let%span sresolve23 = "../../../../creusot-contracts/src/resolve.rs" 54 20 54 34 let%span sslice24 = "../../../../creusot-contracts/src/std/slice.rs" 465 14 465 45 let%span sslice25 = "../../../../creusot-contracts/src/std/slice.rs" 463 4 463 10 @@ -992,8 +992,8 @@ end module M_03_std_iterators__skip_take [#"03_std_iterators.rs" 35 0 35 48] let%span s03_std_iterators0 = "03_std_iterators.rs" 38 20 38 31 let%span s03_std_iterators1 = "03_std_iterators.rs" 35 30 35 34 - let%span siter2 = "../../../../creusot-contracts/src/std/iter.rs" 97 0 205 1 - let%span siter3 = "../../../../creusot-contracts/src/std/iter.rs" 103 26 106 17 + let%span siter2 = "../../../../creusot-contracts/src/std/iter.rs" 132 0 261 1 + let%span siter3 = "../../../../creusot-contracts/src/std/iter.rs" 138 26 141 17 let%span stake4 = "../../../../creusot-contracts/src/std/iter/take.rs" 17 14 17 39 let%span stake5 = "../../../../creusot-contracts/src/std/iter/take.rs" 31 14 31 50 let%span sskip6 = "../../../../creusot-contracts/src/std/iter/skip.rs" 14 14 14 39 @@ -1015,10 +1015,10 @@ module M_03_std_iterators__skip_take [#"03_std_iterators.rs" 35 0 35 48] let%span stake22 = "../../../../creusot-contracts/src/std/iter/take.rs" 78 14 78 42 let%span stake23 = "../../../../creusot-contracts/src/std/iter/take.rs" 24 14 24 68 let%span stake24 = "../../../../creusot-contracts/src/std/iter/take.rs" 41 8 41 29 - let%span siter25 = "../../../../creusot-contracts/src/std/iter.rs" 38 14 38 45 - let%span siter26 = "../../../../creusot-contracts/src/std/iter.rs" 42 15 42 32 - let%span siter27 = "../../../../creusot-contracts/src/std/iter.rs" 43 15 43 32 - let%span siter28 = "../../../../creusot-contracts/src/std/iter.rs" 44 14 44 42 + let%span siter25 = "../../../../creusot-contracts/src/std/iter.rs" 42 14 42 45 + let%span siter26 = "../../../../creusot-contracts/src/std/iter.rs" 46 15 46 32 + let%span siter27 = "../../../../creusot-contracts/src/std/iter.rs" 47 15 47 32 + let%span siter28 = "../../../../creusot-contracts/src/std/iter.rs" 48 14 48 42 let%span sresolve29 = "../../../../creusot-contracts/src/resolve.rs" 54 20 54 34 type t_I'0 @@ -1268,14 +1268,14 @@ module M_03_std_iterators__counter [#"03_std_iterators.rs" 41 0 41 27] let%span s03_std_iterators6 = "03_std_iterators.rs" 50 23 50 24 let%span s03_std_iterators7 = "03_std_iterators.rs" 47 23 47 65 let%span s03_std_iterators8 = "03_std_iterators.rs" 48 22 48 89 - let%span siter9 = "../../../../creusot-contracts/src/std/iter.rs" 55 21 55 25 - let%span siter10 = "../../../../creusot-contracts/src/std/iter.rs" 55 27 55 31 - let%span siter11 = "../../../../creusot-contracts/src/std/iter.rs" 49 15 51 69 - let%span siter12 = "../../../../creusot-contracts/src/std/iter.rs" 52 15 52 51 - let%span siter13 = "../../../../creusot-contracts/src/std/iter.rs" 53 15 53 70 - let%span siter14 = "../../../../creusot-contracts/src/std/iter.rs" 55 4 58 61 - let%span siter15 = "../../../../creusot-contracts/src/std/iter.rs" 54 14 54 88 - let%span siter16 = "../../../../creusot-contracts/src/std/iter.rs" 166 26 167 120 + let%span siter9 = "../../../../creusot-contracts/src/std/iter.rs" 59 21 59 25 + let%span siter10 = "../../../../creusot-contracts/src/std/iter.rs" 59 27 59 31 + let%span siter11 = "../../../../creusot-contracts/src/std/iter.rs" 53 15 55 69 + let%span siter12 = "../../../../creusot-contracts/src/std/iter.rs" 56 15 56 51 + let%span siter13 = "../../../../creusot-contracts/src/std/iter.rs" 57 15 57 70 + let%span siter14 = "../../../../creusot-contracts/src/std/iter.rs" 59 4 62 61 + let%span siter15 = "../../../../creusot-contracts/src/std/iter.rs" 58 14 58 88 + let%span siter16 = "../../../../creusot-contracts/src/std/iter.rs" 208 26 209 120 let%span svec17 = "../../../../creusot-contracts/src/std/vec.rs" 18 14 18 41 let%span smodel18 = "../../../../creusot-contracts/src/model.rs" 92 8 92 22 let%span sslice19 = "../../../../creusot-contracts/src/std/slice.rs" 411 14 411 45 @@ -1722,11 +1722,11 @@ module M_03_std_iterators__sum_range [#"03_std_iterators.rs" 63 0 63 35] let%span s03_std_iterators7 = "03_std_iterators.rs" 67 13 67 14 let%span s03_std_iterators8 = "03_std_iterators.rs" 61 11 61 18 let%span s03_std_iterators9 = "03_std_iterators.rs" 62 10 62 21 - let%span siter10 = "../../../../creusot-contracts/src/std/iter.rs" 97 0 205 1 + let%span siter10 = "../../../../creusot-contracts/src/std/iter.rs" 132 0 261 1 let%span srange11 = "../../../../creusot-contracts/src/std/iter/range.rs" 22 12 26 70 - let%span siter12 = "../../../../creusot-contracts/src/std/iter.rs" 103 26 106 17 - let%span siter13 = "../../../../creusot-contracts/src/std/iter.rs" 82 20 82 24 - let%span siter14 = "../../../../creusot-contracts/src/std/iter.rs" 88 8 88 19 + let%span siter12 = "../../../../creusot-contracts/src/std/iter.rs" 138 26 141 17 + let%span siter13 = "../../../../creusot-contracts/src/std/iter.rs" 86 20 86 24 + let%span siter14 = "../../../../creusot-contracts/src/std/iter.rs" 92 8 92 19 let%span srange15 = "../../../../creusot-contracts/src/std/iter/range.rs" 32 14 32 45 let%span srange16 = "../../../../creusot-contracts/src/std/iter/range.rs" 37 15 37 32 let%span srange17 = "../../../../creusot-contracts/src/std/iter/range.rs" 38 15 38 32 @@ -1928,17 +1928,17 @@ module M_03_std_iterators__enumerate_range [#"03_std_iterators.rs" 72 0 72 24] let%span s03_std_iterators4 = "03_std_iterators.rs" 73 16 73 93 let%span s03_std_iterators5 = "03_std_iterators.rs" 74 4 74 7 let%span s03_std_iterators6 = "03_std_iterators.rs" 74 4 74 7 - let%span siter7 = "../../../../creusot-contracts/src/std/iter.rs" 150 27 150 99 - let%span siter8 = "../../../../creusot-contracts/src/std/iter.rs" 151 27 151 115 - let%span siter9 = "../../../../creusot-contracts/src/std/iter.rs" 97 0 205 1 + let%span siter7 = "../../../../creusot-contracts/src/std/iter.rs" 192 27 192 99 + let%span siter8 = "../../../../creusot-contracts/src/std/iter.rs" 193 27 193 115 + let%span siter9 = "../../../../creusot-contracts/src/std/iter.rs" 132 0 261 1 let%span sindex10 = "../../../../creusot-contracts/src/logic/ops/index.rs" 93 8 93 33 let%span senumerate11 = "../../../../creusot-contracts/src/std/iter/enumerate.rs" 72 12 76 113 - let%span siter12 = "../../../../creusot-contracts/src/std/iter.rs" 103 26 106 17 + let%span siter12 = "../../../../creusot-contracts/src/std/iter.rs" 138 26 141 17 let%span srange13 = "../../../../creusot-contracts/src/std/iter/range.rs" 14 12 14 78 let%span srange14 = "../../../../creusot-contracts/src/std/iter/range.rs" 22 12 26 70 let%span senumerate15 = "../../../../creusot-contracts/src/std/iter/enumerate.rs" 14 14 14 39 - let%span siter16 = "../../../../creusot-contracts/src/std/iter.rs" 82 20 82 24 - let%span siter17 = "../../../../creusot-contracts/src/std/iter.rs" 88 8 88 19 + let%span siter16 = "../../../../creusot-contracts/src/std/iter.rs" 86 20 86 24 + let%span siter17 = "../../../../creusot-contracts/src/std/iter.rs" 92 8 92 19 let%span senumerate18 = "../../../../creusot-contracts/src/std/iter/enumerate.rs" 82 14 82 45 let%span senumerate19 = "../../../../creusot-contracts/src/std/iter/enumerate.rs" 87 15 87 32 let%span senumerate20 = "../../../../creusot-contracts/src/std/iter/enumerate.rs" 88 15 88 32 @@ -2253,13 +2253,13 @@ module M_03_std_iterators__my_reverse [#"03_std_iterators.rs" 94 0 94 37] let%span s03_std_iterators20 = "03_std_iterators.rs" 93 10 93 44 let%span sslice21 = "../../../../creusot-contracts/src/std/slice.rs" 245 0 354 1 let%span smodel22 = "../../../../creusot-contracts/src/model.rs" 110 8 110 22 - let%span siter23 = "../../../../creusot-contracts/src/std/iter.rs" 159 27 159 48 - let%span siter24 = "../../../../creusot-contracts/src/std/iter.rs" 97 0 205 1 - let%span siter25 = "../../../../creusot-contracts/src/std/iter.rs" 161 26 161 62 + let%span siter23 = "../../../../creusot-contracts/src/std/iter.rs" 201 27 201 48 + let%span siter24 = "../../../../creusot-contracts/src/std/iter.rs" 132 0 261 1 + let%span siter25 = "../../../../creusot-contracts/src/std/iter.rs" 203 26 203 62 let%span s03_std_iterators26 = "03_std_iterators.rs" 89 8 89 60 let%span s03_std_iterators27 = "03_std_iterators.rs" 82 8 82 58 let%span szip28 = "../../../../creusot-contracts/src/std/iter/zip.rs" 46 12 49 95 - let%span siter29 = "../../../../creusot-contracts/src/std/iter.rs" 103 26 106 17 + let%span siter29 = "../../../../creusot-contracts/src/std/iter.rs" 138 26 141 17 let%span sslice30 = "../../../../creusot-contracts/src/std/slice.rs" 257 19 257 35 let%span sslice31 = "../../../../creusot-contracts/src/std/slice.rs" 258 19 258 35 let%span sslice32 = "../../../../creusot-contracts/src/std/slice.rs" 259 18 259 50 @@ -2267,10 +2267,10 @@ module M_03_std_iterators__my_reverse [#"03_std_iterators.rs" 94 0 94 37] let%span sslice34 = "../../../../creusot-contracts/src/std/slice.rs" 28 14 28 41 let%span sslice35 = "../../../../creusot-contracts/src/std/slice.rs" 29 14 29 42 let%span smodel36 = "../../../../creusot-contracts/src/model.rs" 92 8 92 22 - let%span siter37 = "../../../../creusot-contracts/src/std/iter.rs" 82 20 82 24 + let%span siter37 = "../../../../creusot-contracts/src/std/iter.rs" 86 20 86 24 let%span szip38 = "../../../../creusot-contracts/src/std/iter/zip.rs" 14 14 14 39 let%span szip39 = "../../../../creusot-contracts/src/std/iter/zip.rs" 21 14 21 39 - let%span siter40 = "../../../../creusot-contracts/src/std/iter.rs" 88 8 88 19 + let%span siter40 = "../../../../creusot-contracts/src/std/iter.rs" 92 8 92 19 let%span szip41 = "../../../../creusot-contracts/src/std/iter/zip.rs" 55 14 55 45 let%span szip42 = "../../../../creusot-contracts/src/std/iter/zip.rs" 60 15 60 32 let%span szip43 = "../../../../creusot-contracts/src/std/iter/zip.rs" 61 15 61 32 diff --git a/creusot/tests/should_succeed/iterators/08_collect_extend.coma b/creusot/tests/should_succeed/iterators/08_collect_extend.coma index 50f3f4a7e..b4c00914e 100644 --- a/creusot/tests/should_succeed/iterators/08_collect_extend.coma +++ b/creusot/tests/should_succeed/iterators/08_collect_extend.coma @@ -9,19 +9,19 @@ module M_08_collect_extend__extend [#"08_collect_extend.rs" 26 0 26 66] let%span s08_collect_extend7 = "08_collect_extend.rs" 26 40 26 43 let%span s08_collect_extend8 = "08_collect_extend.rs" 26 58 26 62 let%span s08_collect_extend9 = "08_collect_extend.rs" 23 2 24 82 - let%span siter10 = "../../../../creusot-contracts/src/std/iter.rs" 97 0 205 1 + let%span siter10 = "../../../../creusot-contracts/src/std/iter.rs" 132 0 261 1 let%span smodel11 = "../../../../creusot-contracts/src/model.rs" 110 8 110 22 let%span ssnapshot12 = "../../../../creusot-contracts/src/snapshot.rs" 52 20 52 39 - let%span siter13 = "../../../../creusot-contracts/src/std/iter.rs" 103 26 106 17 + let%span siter13 = "../../../../creusot-contracts/src/std/iter.rs" 138 26 141 17 let%span svec14 = "../../../../creusot-contracts/src/std/vec.rs" 87 26 87 56 let%span svec15 = "../../../../creusot-contracts/src/std/vec.rs" 18 14 18 41 - let%span siter16 = "../../../../creusot-contracts/src/std/iter.rs" 82 20 82 24 - let%span siter17 = "../../../../creusot-contracts/src/std/iter.rs" 88 8 88 19 + let%span siter16 = "../../../../creusot-contracts/src/std/iter.rs" 86 20 86 24 + let%span siter17 = "../../../../creusot-contracts/src/std/iter.rs" 92 8 92 19 let%span smodel18 = "../../../../creusot-contracts/src/model.rs" 92 8 92 22 - let%span siter19 = "../../../../creusot-contracts/src/std/iter.rs" 38 14 38 45 - let%span siter20 = "../../../../creusot-contracts/src/std/iter.rs" 42 15 42 32 - let%span siter21 = "../../../../creusot-contracts/src/std/iter.rs" 43 15 43 32 - let%span siter22 = "../../../../creusot-contracts/src/std/iter.rs" 44 14 44 42 + let%span siter19 = "../../../../creusot-contracts/src/std/iter.rs" 42 14 42 45 + let%span siter20 = "../../../../creusot-contracts/src/std/iter.rs" 46 15 46 32 + let%span siter21 = "../../../../creusot-contracts/src/std/iter.rs" 47 15 47 32 + let%span siter22 = "../../../../creusot-contracts/src/std/iter.rs" 48 14 48 42 let%span sresolve23 = "../../../../creusot-contracts/src/resolve.rs" 54 20 54 34 let%span sinvariant24 = "../../../../creusot-contracts/src/invariant.rs" 34 20 34 44 let%span sseq25 = "../../../../creusot-contracts/src/logic/seq.rs" 633 20 633 95 @@ -332,16 +332,16 @@ module M_08_collect_extend__collect [#"08_collect_extend.rs" 44 0 44 52] let%span s08_collect_extend8 = "08_collect_extend.rs" 44 40 44 52 let%span s08_collect_extend9 = "08_collect_extend.rs" 41 2 42 88 let%span svec10 = "../../../../creusot-contracts/src/std/vec.rs" 74 26 74 44 - let%span siter11 = "../../../../creusot-contracts/src/std/iter.rs" 97 0 205 1 + let%span siter11 = "../../../../creusot-contracts/src/std/iter.rs" 132 0 261 1 let%span svec12 = "../../../../creusot-contracts/src/std/vec.rs" 18 14 18 41 - let%span siter13 = "../../../../creusot-contracts/src/std/iter.rs" 103 26 106 17 + let%span siter13 = "../../../../creusot-contracts/src/std/iter.rs" 138 26 141 17 let%span svec14 = "../../../../creusot-contracts/src/std/vec.rs" 87 26 87 56 - let%span siter15 = "../../../../creusot-contracts/src/std/iter.rs" 82 20 82 24 - let%span siter16 = "../../../../creusot-contracts/src/std/iter.rs" 88 8 88 19 - let%span siter17 = "../../../../creusot-contracts/src/std/iter.rs" 38 14 38 45 - let%span siter18 = "../../../../creusot-contracts/src/std/iter.rs" 42 15 42 32 - let%span siter19 = "../../../../creusot-contracts/src/std/iter.rs" 43 15 43 32 - let%span siter20 = "../../../../creusot-contracts/src/std/iter.rs" 44 14 44 42 + let%span siter15 = "../../../../creusot-contracts/src/std/iter.rs" 86 20 86 24 + let%span siter16 = "../../../../creusot-contracts/src/std/iter.rs" 92 8 92 19 + let%span siter17 = "../../../../creusot-contracts/src/std/iter.rs" 42 14 42 45 + let%span siter18 = "../../../../creusot-contracts/src/std/iter.rs" 46 15 46 32 + let%span siter19 = "../../../../creusot-contracts/src/std/iter.rs" 47 15 47 32 + let%span siter20 = "../../../../creusot-contracts/src/std/iter.rs" 48 14 48 42 let%span sresolve21 = "../../../../creusot-contracts/src/resolve.rs" 54 20 54 34 let%span smodel22 = "../../../../creusot-contracts/src/model.rs" 110 8 110 22 let%span svec23 = "../../../../creusot-contracts/src/std/vec.rs" 65 20 65 41 @@ -621,7 +621,7 @@ module M_08_collect_extend__extend_index [#"08_collect_extend.rs" 55 0 55 51] let%span s08_collect_extend0 = "08_collect_extend.rs" 56 16 56 32 let%span s08_collect_extend1 = "08_collect_extend.rs" 57 16 57 32 let%span s08_collect_extend2 = "08_collect_extend.rs" 60 20 60 53 - let%span siter3 = "../../../../creusot-contracts/src/std/iter.rs" 97 0 205 1 + let%span siter3 = "../../../../creusot-contracts/src/std/iter.rs" 132 0 261 1 let%span s08_collect_extend4 = "08_collect_extend.rs" 26 40 26 43 let%span s08_collect_extend5 = "08_collect_extend.rs" 26 58 26 62 let%span s08_collect_extend6 = "08_collect_extend.rs" 23 2 24 82 @@ -821,10 +821,10 @@ module M_08_collect_extend__collect_example [#"08_collect_extend.rs" 65 0 65 56] let%span s08_collect_extend5 = "08_collect_extend.rs" 41 2 42 88 let%span svec6 = "../../../../creusot-contracts/src/std/vec.rs" 18 14 18 41 let%span sindex7 = "../../../../creusot-contracts/src/logic/ops/index.rs" 27 8 27 31 - let%span siter8 = "../../../../creusot-contracts/src/std/iter.rs" 38 14 38 45 - let%span siter9 = "../../../../creusot-contracts/src/std/iter.rs" 42 15 42 32 - let%span siter10 = "../../../../creusot-contracts/src/std/iter.rs" 43 15 43 32 - let%span siter11 = "../../../../creusot-contracts/src/std/iter.rs" 44 14 44 42 + let%span siter8 = "../../../../creusot-contracts/src/std/iter.rs" 42 14 42 45 + let%span siter9 = "../../../../creusot-contracts/src/std/iter.rs" 46 15 46 32 + let%span siter10 = "../../../../creusot-contracts/src/std/iter.rs" 47 15 47 32 + let%span siter11 = "../../../../creusot-contracts/src/std/iter.rs" 48 14 48 42 type t_I'0 diff --git a/creusot/tests/should_succeed/iterators/17_filter.coma b/creusot/tests/should_succeed/iterators/17_filter.coma index 17b7e10dc..a8a91b04c 100644 --- a/creusot/tests/should_succeed/iterators/17_filter.coma +++ b/creusot/tests/should_succeed/iterators/17_filter.coma @@ -750,12 +750,12 @@ end module M_17_filter__less_than [#"17_filter.rs" 120 0 120 49] let%span s17_filter0 = "17_filter.rs" 118 10 118 70 let%span s17_filter1 = "17_filter.rs" 119 10 119 79 - let%span siter2 = "../../../../creusot-contracts/src/std/iter.rs" 97 0 205 1 + let%span siter2 = "../../../../creusot-contracts/src/std/iter.rs" 132 0 261 1 let%span s17_filter3 = "17_filter.rs" 123 22 123 40 - let%span siter4 = "../../../../creusot-contracts/src/std/iter.rs" 140 27 140 47 - let%span siter5 = "../../../../creusot-contracts/src/std/iter.rs" 141 27 141 53 - let%span siter6 = "../../../../creusot-contracts/src/std/iter.rs" 142 27 142 45 - let%span siter7 = "../../../../creusot-contracts/src/std/iter.rs" 166 26 167 120 + let%span siter4 = "../../../../creusot-contracts/src/std/iter.rs" 175 27 175 47 + let%span siter5 = "../../../../creusot-contracts/src/std/iter.rs" 176 27 176 53 + let%span siter6 = "../../../../creusot-contracts/src/std/iter.rs" 177 27 177 45 + let%span siter7 = "../../../../creusot-contracts/src/std/iter.rs" 208 26 209 120 let%span svec8 = "../../../../creusot-contracts/src/std/vec.rs" 18 14 18 41 let%span sindex9 = "../../../../creusot-contracts/src/logic/ops/index.rs" 27 8 27 31 let%span sseq10 = "../../../../creusot-contracts/src/logic/seq.rs" 355 20 355 77 @@ -767,7 +767,7 @@ module M_17_filter__less_than [#"17_filter.rs" 120 0 120 49] let%span sfilter16 = "../../../../creusot-contracts/src/std/iter/filter.rs" 15 14 15 39 let%span sfilter17 = "../../../../creusot-contracts/src/std/iter/filter.rs" 22 14 22 39 let%span sfilter18 = "../../../../creusot-contracts/src/std/iter/filter.rs" 77 12 79 47 - let%span sfilter19 = "../../../../creusot-contracts/src/std/iter/filter.rs" 87 12 99 17 + let%span sfilter19 = "../../../../creusot-contracts/src/std/iter/filter.rs" 87 12 98 143 let%span svec20 = "../../../../creusot-contracts/src/std/vec.rs" 285 20 285 32 let%span sresolve21 = "../../../../creusot-contracts/src/resolve.rs" 54 20 54 34 let%span sops22 = "../../../../creusot-contracts/src/std/ops.rs" 109 15 109 59 @@ -777,10 +777,10 @@ module M_17_filter__less_than [#"17_filter.rs" 120 0 120 49] let%span sops26 = "../../../../creusot-contracts/src/std/ops.rs" 121 15 121 26 let%span sops27 = "../../../../creusot-contracts/src/std/ops.rs" 122 14 122 28 let%span sops28 = "../../../../creusot-contracts/src/std/ops.rs" 127 14 128 105 - let%span sfilter29 = "../../../../creusot-contracts/src/std/iter/filter.rs" 105 14 105 45 - let%span sfilter30 = "../../../../creusot-contracts/src/std/iter/filter.rs" 110 15 110 32 - let%span sfilter31 = "../../../../creusot-contracts/src/std/iter/filter.rs" 111 15 111 32 - let%span sfilter32 = "../../../../creusot-contracts/src/std/iter/filter.rs" 112 14 112 42 + let%span sfilter29 = "../../../../creusot-contracts/src/std/iter/filter.rs" 104 14 104 45 + let%span sfilter30 = "../../../../creusot-contracts/src/std/iter/filter.rs" 109 15 109 32 + let%span sfilter31 = "../../../../creusot-contracts/src/std/iter/filter.rs" 110 15 110 32 + let%span sfilter32 = "../../../../creusot-contracts/src/std/iter/filter.rs" 111 14 111 42 let%span svec33 = "../../../../creusot-contracts/src/std/vec.rs" 264 12 264 41 let%span svec34 = "../../../../creusot-contracts/src/std/vec.rs" 257 20 257 57 let%span svec35 = "../../../../creusot-contracts/src/std/vec.rs" 270 14 270 45 @@ -1026,8 +1026,8 @@ module M_17_filter__less_than [#"17_filter.rs" 120 0 120 49] [%#sfilter19] invariant'0 self -> unnest'1 (func'0 self) (func'0 succ) /\ (exists s : Seq.seq uint32, f : Map.map int int . produces'1 (iter'0 self) s (iter'0 succ) - /\ (forall i : int, j : int . 0 <= i /\ i <= j /\ j < Seq.length visited - -> 0 <= Map.get f i /\ Map.get f i <= Map.get f j /\ Map.get f j < Seq.length s) + /\ (forall i : int . 0 <= i /\ i < Seq.length visited -> 0 <= Map.get f i /\ Map.get f i < Seq.length s) + /\ (forall i : int, j : int . 0 <= i /\ i < j /\ j < Seq.length visited -> Map.get f i < Map.get f j) /\ (forall i : int . 0 <= i /\ i < Seq.length visited -> Seq.get visited i = Seq.get s (Map.get f i)) /\ (forall i : int . 0 <= i /\ i < Seq.length s -> (exists j : int . 0 <= j /\ j < Seq.length visited /\ Map.get f j = i) diff --git a/creusot/tests/should_succeed/iterators/17_filter/why3session.xml b/creusot/tests/should_succeed/iterators/17_filter/why3session.xml index 884ef860b..95aec3083 100644 --- a/creusot/tests/should_succeed/iterators/17_filter/why3session.xml +++ b/creusot/tests/should_succeed/iterators/17_filter/why3session.xml @@ -184,7 +184,7 @@ - + @@ -227,7 +227,7 @@ - + @@ -267,36 +267,36 @@ - + - + - + - + - + - + - + - + - + - + diff --git a/creusot/tests/should_succeed/iterators/17_filter/why3shapes.gz b/creusot/tests/should_succeed/iterators/17_filter/why3shapes.gz index 33e837990..918b37f6d 100644 Binary files a/creusot/tests/should_succeed/iterators/17_filter/why3shapes.gz and b/creusot/tests/should_succeed/iterators/17_filter/why3shapes.gz differ diff --git a/creusot/tests/should_succeed/knapsack_full.coma b/creusot/tests/should_succeed/knapsack_full.coma index 88a92da69..50f4b8706 100644 --- a/creusot/tests/should_succeed/knapsack_full.coma +++ b/creusot/tests/should_succeed/knapsack_full.coma @@ -345,7 +345,7 @@ module M_knapsack_full__knapsack01_dyn [#"knapsack_full.rs" 86 0 86 91] let%span svec40 = "../../../creusot-contracts/src/std/vec.rs" 180 22 180 41 let%span svec41 = "../../../creusot-contracts/src/std/vec.rs" 181 22 181 76 let%span svec42 = "../../../creusot-contracts/src/std/vec.rs" 83 26 83 48 - let%span siter43 = "../../../creusot-contracts/src/std/iter.rs" 97 0 205 1 + let%span siter43 = "../../../creusot-contracts/src/std/iter.rs" 132 0 261 1 let%span smodel44 = "../../../creusot-contracts/src/model.rs" 92 8 92 22 let%span sindex45 = "../../../creusot-contracts/src/logic/ops/index.rs" 27 8 27 31 let%span svec46 = "../../../creusot-contracts/src/std/vec.rs" 18 14 18 41 @@ -356,13 +356,13 @@ module M_knapsack_full__knapsack01_dyn [#"knapsack_full.rs" 86 0 86 91] let%span sknapsack_full51 = "knapsack_full.rs" 60 10 60 11 let%span sknapsack_full52 = "knapsack_full.rs" 68 4 75 5 let%span srange53 = "../../../creusot-contracts/src/std/iter/range.rs" 22 12 26 70 - let%span siter54 = "../../../creusot-contracts/src/std/iter.rs" 103 26 106 17 + let%span siter54 = "../../../creusot-contracts/src/std/iter.rs" 138 26 141 17 let%span svec55 = "../../../creusot-contracts/src/std/vec.rs" 162 27 162 46 let%span svec56 = "../../../creusot-contracts/src/std/vec.rs" 163 26 163 54 let%span sops57 = "../../../creusot-contracts/src/std/ops.rs" 219 26 219 53 let%span sops58 = "../../../creusot-contracts/src/std/ops.rs" 220 26 220 49 let%span sops59 = "../../../creusot-contracts/src/std/ops.rs" 221 26 221 91 - let%span srange60 = "../../../creusot-contracts/src/std/iter/range.rs" 66 12 70 76 + let%span srange60 = "../../../creusot-contracts/src/std/iter/range.rs" 92 12 96 76 let%span sknapsack_full61 = "knapsack_full.rs" 15 10 15 31 let%span svec62 = "../../../creusot-contracts/src/std/vec.rs" 152 27 152 46 let%span svec63 = "../../../creusot-contracts/src/std/vec.rs" 153 26 153 54 @@ -382,8 +382,8 @@ module M_knapsack_full__knapsack01_dyn [#"knapsack_full.rs" 86 0 86 91] let%span sknapsack_full77 = "knapsack_full.rs" 36 10 36 19 let%span sknapsack_full78 = "knapsack_full.rs" 39 4 42 5 let%span svec79 = "../../../creusot-contracts/src/std/vec.rs" 87 26 87 56 - let%span siter80 = "../../../creusot-contracts/src/std/iter.rs" 82 20 82 24 - let%span siter81 = "../../../creusot-contracts/src/std/iter.rs" 88 8 88 19 + let%span siter80 = "../../../creusot-contracts/src/std/iter.rs" 86 20 86 24 + let%span siter81 = "../../../creusot-contracts/src/std/iter.rs" 92 8 92 19 let%span srange82 = "../../../creusot-contracts/src/std/iter/range.rs" 32 14 32 45 let%span srange83 = "../../../creusot-contracts/src/std/iter/range.rs" 37 15 37 32 let%span srange84 = "../../../creusot-contracts/src/std/iter/range.rs" 38 15 38 32 @@ -394,15 +394,15 @@ module M_knapsack_full__knapsack01_dyn [#"knapsack_full.rs" 86 0 86 91] let%span sslice89 = "../../../creusot-contracts/src/std/slice.rs" 122 20 122 37 let%span sslice90 = "../../../creusot-contracts/src/std/slice.rs" 129 20 129 37 let%span sops91 = "../../../creusot-contracts/src/std/ops.rs" 205 14 205 86 - let%span srange92 = "../../../creusot-contracts/src/std/iter/range.rs" 76 14 76 45 - let%span srange93 = "../../../creusot-contracts/src/std/iter/range.rs" 74 4 74 10 - let%span srange94 = "../../../creusot-contracts/src/std/iter/range.rs" 81 15 81 32 - let%span srange95 = "../../../creusot-contracts/src/std/iter/range.rs" 82 15 82 32 - let%span srange96 = "../../../creusot-contracts/src/std/iter/range.rs" 83 14 83 42 - let%span srange97 = "../../../creusot-contracts/src/std/iter/range.rs" 79 4 79 10 - let%span srange98 = "../../../creusot-contracts/src/std/iter/range.rs" 45 10 45 43 - let%span srange99 = "../../../creusot-contracts/src/std/iter/range.rs" 47 4 50 5 - let%span srange100 = "../../../creusot-contracts/src/std/iter/range.rs" 58 12 58 57 + let%span srange92 = "../../../creusot-contracts/src/std/iter/range.rs" 102 14 102 45 + let%span srange93 = "../../../creusot-contracts/src/std/iter/range.rs" 100 4 100 10 + let%span srange94 = "../../../creusot-contracts/src/std/iter/range.rs" 107 15 107 32 + let%span srange95 = "../../../creusot-contracts/src/std/iter/range.rs" 108 15 108 32 + let%span srange96 = "../../../creusot-contracts/src/std/iter/range.rs" 109 14 109 42 + let%span srange97 = "../../../creusot-contracts/src/std/iter/range.rs" 105 4 105 10 + let%span srange98 = "../../../creusot-contracts/src/std/iter/range.rs" 71 10 71 43 + let%span srange99 = "../../../creusot-contracts/src/std/iter/range.rs" 73 4 76 5 + let%span srange100 = "../../../creusot-contracts/src/std/iter/range.rs" 84 12 84 57 let%span smodel101 = "../../../creusot-contracts/src/model.rs" 110 8 110 22 let%span sslice102 = "../../../creusot-contracts/src/std/slice.rs" 136 20 136 94 let%span svec103 = "../../../creusot-contracts/src/std/vec.rs" 65 20 65 41 diff --git a/creusot/tests/should_succeed/rusthorn/inc_max_repeat.coma b/creusot/tests/should_succeed/rusthorn/inc_max_repeat.coma index c0b381989..ce2a57936 100644 --- a/creusot/tests/should_succeed/rusthorn/inc_max_repeat.coma +++ b/creusot/tests/should_succeed/rusthorn/inc_max_repeat.coma @@ -77,12 +77,12 @@ module M_inc_max_repeat__inc_max_repeat [#"inc_max_repeat.rs" 15 0 15 53] let%span sinc_max_repeat7 = "inc_max_repeat.rs" 20 15 20 16 let%span sinc_max_repeat8 = "inc_max_repeat.rs" 22 4 22 37 let%span sinc_max_repeat9 = "inc_max_repeat.rs" 14 11 14 70 - let%span siter10 = "../../../../creusot-contracts/src/std/iter.rs" 97 0 205 1 + let%span siter10 = "../../../../creusot-contracts/src/std/iter.rs" 132 0 261 1 let%span srange11 = "../../../../creusot-contracts/src/std/iter/range.rs" 22 12 26 70 - let%span siter12 = "../../../../creusot-contracts/src/std/iter.rs" 103 26 106 17 + let%span siter12 = "../../../../creusot-contracts/src/std/iter.rs" 138 26 141 17 let%span sinc_max_repeat13 = "inc_max_repeat.rs" 4 0 5 56 - let%span siter14 = "../../../../creusot-contracts/src/std/iter.rs" 82 20 82 24 - let%span siter15 = "../../../../creusot-contracts/src/std/iter.rs" 88 8 88 19 + let%span siter14 = "../../../../creusot-contracts/src/std/iter.rs" 86 20 86 24 + let%span siter15 = "../../../../creusot-contracts/src/std/iter.rs" 92 8 92 19 let%span srange16 = "../../../../creusot-contracts/src/std/iter/range.rs" 32 14 32 45 let%span srange17 = "../../../../creusot-contracts/src/std/iter/range.rs" 37 15 37 32 let%span srange18 = "../../../../creusot-contracts/src/std/iter/range.rs" 38 15 38 32 diff --git a/creusot/tests/should_succeed/selection_sort_generic.coma b/creusot/tests/should_succeed/selection_sort_generic.coma index 3a397dfc7..fa51b6439 100644 --- a/creusot/tests/should_succeed/selection_sort_generic.coma +++ b/creusot/tests/should_succeed/selection_sort_generic.coma @@ -20,7 +20,7 @@ module M_selection_sort_generic__selection_sort [#"selection_sort_generic.rs" 30 let%span sselection_sort_generic18 = "selection_sort_generic.rs" 28 10 28 35 let%span sselection_sort_generic19 = "selection_sort_generic.rs" 29 10 29 34 let%span svec20 = "../../../creusot-contracts/src/std/vec.rs" 83 26 83 48 - let%span siter21 = "../../../creusot-contracts/src/std/iter.rs" 97 0 205 1 + let%span siter21 = "../../../creusot-contracts/src/std/iter.rs" 132 0 261 1 let%span smodel22 = "../../../creusot-contracts/src/model.rs" 101 8 101 28 let%span sselection_sort_generic23 = "selection_sort_generic.rs" 25 16 25 105 let%span sselection_sort_generic24 = "selection_sort_generic.rs" 12 8 12 72 @@ -28,7 +28,7 @@ module M_selection_sort_generic__selection_sort [#"selection_sort_generic.rs" 30 let%span ssnapshot26 = "../../../creusot-contracts/src/snapshot.rs" 52 20 52 39 let%span sseq27 = "../../../creusot-contracts/src/logic/seq.rs" 316 8 316 41 let%span srange28 = "../../../creusot-contracts/src/std/iter/range.rs" 22 12 26 70 - let%span siter29 = "../../../creusot-contracts/src/std/iter.rs" 103 26 106 17 + let%span siter29 = "../../../creusot-contracts/src/std/iter.rs" 138 26 141 17 let%span svec30 = "../../../creusot-contracts/src/std/vec.rs" 162 27 162 46 let%span svec31 = "../../../creusot-contracts/src/std/vec.rs" 163 26 163 54 let%span scmp32 = "../../../creusot-contracts/src/std/cmp.rs" 35 26 35 76 @@ -42,8 +42,8 @@ module M_selection_sort_generic__selection_sort [#"selection_sort_generic.rs" 30 let%span sselection_sort_generic40 = "selection_sort_generic.rs" 19 8 19 35 let%span svec41 = "../../../creusot-contracts/src/std/vec.rs" 18 14 18 41 let%span smodel42 = "../../../creusot-contracts/src/model.rs" 92 8 92 22 - let%span siter43 = "../../../creusot-contracts/src/std/iter.rs" 82 20 82 24 - let%span siter44 = "../../../creusot-contracts/src/std/iter.rs" 88 8 88 19 + let%span siter43 = "../../../creusot-contracts/src/std/iter.rs" 86 20 86 24 + let%span siter44 = "../../../creusot-contracts/src/std/iter.rs" 92 8 92 19 let%span srange45 = "../../../creusot-contracts/src/std/iter/range.rs" 32 14 32 45 let%span srange46 = "../../../creusot-contracts/src/std/iter/range.rs" 37 15 37 32 let%span srange47 = "../../../creusot-contracts/src/std/iter/range.rs" 38 15 38 32 diff --git a/creusot/tests/should_succeed/sum.coma b/creusot/tests/should_succeed/sum.coma index 15558c7c8..68832fb4f 100644 --- a/creusot/tests/should_succeed/sum.coma +++ b/creusot/tests/should_succeed/sum.coma @@ -11,22 +11,22 @@ module M_sum__sum_first_n [#"sum.rs" 6 0 6 33] let%span sops9 = "../../../creusot-contracts/src/std/ops.rs" 219 26 219 53 let%span sops10 = "../../../creusot-contracts/src/std/ops.rs" 220 26 220 49 let%span sops11 = "../../../creusot-contracts/src/std/ops.rs" 221 26 221 91 - let%span siter12 = "../../../creusot-contracts/src/std/iter.rs" 97 0 205 1 - let%span srange13 = "../../../creusot-contracts/src/std/iter/range.rs" 66 12 70 76 - let%span siter14 = "../../../creusot-contracts/src/std/iter.rs" 103 26 106 17 + let%span siter12 = "../../../creusot-contracts/src/std/iter.rs" 132 0 261 1 + let%span srange13 = "../../../creusot-contracts/src/std/iter/range.rs" 92 12 96 76 + let%span siter14 = "../../../creusot-contracts/src/std/iter.rs" 138 26 141 17 let%span snum15 = "../../../creusot-contracts/src/std/num.rs" 21 28 21 33 let%span sops16 = "../../../creusot-contracts/src/std/ops.rs" 205 14 205 86 - let%span siter17 = "../../../creusot-contracts/src/std/iter.rs" 82 20 82 24 - let%span siter18 = "../../../creusot-contracts/src/std/iter.rs" 88 8 88 19 - let%span srange19 = "../../../creusot-contracts/src/std/iter/range.rs" 76 14 76 45 - let%span srange20 = "../../../creusot-contracts/src/std/iter/range.rs" 74 4 74 10 - let%span srange21 = "../../../creusot-contracts/src/std/iter/range.rs" 81 15 81 32 - let%span srange22 = "../../../creusot-contracts/src/std/iter/range.rs" 82 15 82 32 - let%span srange23 = "../../../creusot-contracts/src/std/iter/range.rs" 83 14 83 42 - let%span srange24 = "../../../creusot-contracts/src/std/iter/range.rs" 79 4 79 10 - let%span srange25 = "../../../creusot-contracts/src/std/iter/range.rs" 45 10 45 43 - let%span srange26 = "../../../creusot-contracts/src/std/iter/range.rs" 47 4 50 5 - let%span srange27 = "../../../creusot-contracts/src/std/iter/range.rs" 58 12 58 57 + let%span siter17 = "../../../creusot-contracts/src/std/iter.rs" 86 20 86 24 + let%span siter18 = "../../../creusot-contracts/src/std/iter.rs" 92 8 92 19 + let%span srange19 = "../../../creusot-contracts/src/std/iter/range.rs" 102 14 102 45 + let%span srange20 = "../../../creusot-contracts/src/std/iter/range.rs" 100 4 100 10 + let%span srange21 = "../../../creusot-contracts/src/std/iter/range.rs" 107 15 107 32 + let%span srange22 = "../../../creusot-contracts/src/std/iter/range.rs" 108 15 108 32 + let%span srange23 = "../../../creusot-contracts/src/std/iter/range.rs" 109 14 109 42 + let%span srange24 = "../../../creusot-contracts/src/std/iter/range.rs" 105 4 105 10 + let%span srange25 = "../../../creusot-contracts/src/std/iter/range.rs" 71 10 71 43 + let%span srange26 = "../../../creusot-contracts/src/std/iter/range.rs" 73 4 76 5 + let%span srange27 = "../../../creusot-contracts/src/std/iter/range.rs" 84 12 84 57 let%span sresolve28 = "../../../creusot-contracts/src/resolve.rs" 54 20 54 34 use prelude.prelude.UInt32 diff --git a/creusot/tests/should_succeed/sum_of_odds.coma b/creusot/tests/should_succeed/sum_of_odds.coma index 16c800ba5..2dfa52b16 100644 --- a/creusot/tests/should_succeed/sum_of_odds.coma +++ b/creusot/tests/should_succeed/sum_of_odds.coma @@ -59,17 +59,17 @@ module M_sum_of_odds__compute_sum_of_odd [#"sum_of_odds.rs" 36 0 36 36] let%span ssum_of_odds9 = "sum_of_odds.rs" 44 21 44 22 let%span ssum_of_odds10 = "sum_of_odds.rs" 34 11 34 23 let%span ssum_of_odds11 = "sum_of_odds.rs" 35 10 35 35 - let%span siter12 = "../../../creusot-contracts/src/std/iter.rs" 97 0 205 1 + let%span siter12 = "../../../creusot-contracts/src/std/iter.rs" 132 0 261 1 let%span ssum_of_odds13 = "sum_of_odds.rs" 17 10 17 11 let%span ssum_of_odds14 = "sum_of_odds.rs" 16 0 16 8 let%span srange15 = "../../../creusot-contracts/src/std/iter/range.rs" 22 12 26 70 - let%span siter16 = "../../../creusot-contracts/src/std/iter.rs" 103 26 106 17 + let%span siter16 = "../../../creusot-contracts/src/std/iter.rs" 138 26 141 17 let%span ssum_of_odds17 = "sum_of_odds.rs" 27 11 27 17 let%span ssum_of_odds18 = "sum_of_odds.rs" 28 10 28 33 let%span ssum_of_odds19 = "sum_of_odds.rs" 29 10 29 11 let%span ssum_of_odds20 = "sum_of_odds.rs" 31 4 31 65 - let%span siter21 = "../../../creusot-contracts/src/std/iter.rs" 82 20 82 24 - let%span siter22 = "../../../creusot-contracts/src/std/iter.rs" 88 8 88 19 + let%span siter21 = "../../../creusot-contracts/src/std/iter.rs" 86 20 86 24 + let%span siter22 = "../../../creusot-contracts/src/std/iter.rs" 92 8 92 19 let%span srange23 = "../../../creusot-contracts/src/std/iter/range.rs" 32 14 32 45 let%span srange24 = "../../../creusot-contracts/src/std/iter/range.rs" 37 15 37 32 let%span srange25 = "../../../creusot-contracts/src/std/iter/range.rs" 38 15 38 32 diff --git a/creusot/tests/should_succeed/vector/01.coma b/creusot/tests/should_succeed/vector/01.coma index 5086234a5..0bf98dd0e 100644 --- a/creusot/tests/should_succeed/vector/01.coma +++ b/creusot/tests/should_succeed/vector/01.coma @@ -11,12 +11,12 @@ module M_01__all_zero [#"01.rs" 7 0 7 33] let%span s019 = "01.rs" 5 10 5 71 let%span s0110 = "01.rs" 6 10 6 33 let%span svec11 = "../../../../creusot-contracts/src/std/vec.rs" 83 26 83 48 - let%span siter12 = "../../../../creusot-contracts/src/std/iter.rs" 97 0 205 1 + let%span siter12 = "../../../../creusot-contracts/src/std/iter.rs" 132 0 261 1 let%span sindex13 = "../../../../creusot-contracts/src/logic/ops/index.rs" 27 8 27 31 let%span smodel14 = "../../../../creusot-contracts/src/model.rs" 110 8 110 22 let%span ssnapshot15 = "../../../../creusot-contracts/src/snapshot.rs" 52 20 52 39 let%span srange16 = "../../../../creusot-contracts/src/std/iter/range.rs" 22 12 26 70 - let%span siter17 = "../../../../creusot-contracts/src/std/iter.rs" 103 26 106 17 + let%span siter17 = "../../../../creusot-contracts/src/std/iter.rs" 138 26 141 17 let%span svec18 = "../../../../creusot-contracts/src/std/vec.rs" 152 27 152 46 let%span svec19 = "../../../../creusot-contracts/src/std/vec.rs" 153 26 153 54 let%span svec20 = "../../../../creusot-contracts/src/std/vec.rs" 154 26 154 57 @@ -24,8 +24,8 @@ module M_01__all_zero [#"01.rs" 7 0 7 33] let%span svec22 = "../../../../creusot-contracts/src/std/vec.rs" 156 26 156 55 let%span svec23 = "../../../../creusot-contracts/src/std/vec.rs" 18 14 18 41 let%span smodel24 = "../../../../creusot-contracts/src/model.rs" 92 8 92 22 - let%span siter25 = "../../../../creusot-contracts/src/std/iter.rs" 82 20 82 24 - let%span siter26 = "../../../../creusot-contracts/src/std/iter.rs" 88 8 88 19 + let%span siter25 = "../../../../creusot-contracts/src/std/iter.rs" 86 20 86 24 + let%span siter26 = "../../../../creusot-contracts/src/std/iter.rs" 92 8 92 19 let%span srange27 = "../../../../creusot-contracts/src/std/iter/range.rs" 32 14 32 45 let%span srange28 = "../../../../creusot-contracts/src/std/iter/range.rs" 37 15 37 32 let%span srange29 = "../../../../creusot-contracts/src/std/iter/range.rs" 38 15 38 32 diff --git a/creusot/tests/should_succeed/vector/03_knuth_shuffle.coma b/creusot/tests/should_succeed/vector/03_knuth_shuffle.coma index 3017bc95e..e02a7f83d 100644 --- a/creusot/tests/should_succeed/vector/03_knuth_shuffle.coma +++ b/creusot/tests/should_succeed/vector/03_knuth_shuffle.coma @@ -11,12 +11,12 @@ module M_03_knuth_shuffle__knuth_shuffle [#"03_knuth_shuffle.rs" 13 0 13 39] let%span s03_knuth_shuffle9 = "03_knuth_shuffle.rs" 13 24 13 25 let%span s03_knuth_shuffle10 = "03_knuth_shuffle.rs" 12 10 12 34 let%span svec11 = "../../../../creusot-contracts/src/std/vec.rs" 83 26 83 48 - let%span siter12 = "../../../../creusot-contracts/src/std/iter.rs" 97 0 205 1 + let%span siter12 = "../../../../creusot-contracts/src/std/iter.rs" 132 0 261 1 let%span smodel13 = "../../../../creusot-contracts/src/model.rs" 110 8 110 22 let%span ssnapshot14 = "../../../../creusot-contracts/src/snapshot.rs" 52 20 52 39 let%span sseq15 = "../../../../creusot-contracts/src/logic/seq.rs" 316 8 316 41 let%span srange16 = "../../../../creusot-contracts/src/std/iter/range.rs" 22 12 26 70 - let%span siter17 = "../../../../creusot-contracts/src/std/iter.rs" 103 26 106 17 + let%span siter17 = "../../../../creusot-contracts/src/std/iter.rs" 138 26 141 17 let%span s03_knuth_shuffle18 = "03_knuth_shuffle.rs" 6 11 6 19 let%span s03_knuth_shuffle19 = "03_knuth_shuffle.rs" 7 10 7 40 let%span svec20 = "../../../../creusot-contracts/src/std/vec.rs" 175 26 175 42 @@ -26,8 +26,8 @@ module M_03_knuth_shuffle__knuth_shuffle [#"03_knuth_shuffle.rs" 13 0 13 39] let%span sslice24 = "../../../../creusot-contracts/src/std/slice.rs" 259 18 259 50 let%span svec25 = "../../../../creusot-contracts/src/std/vec.rs" 18 14 18 41 let%span smodel26 = "../../../../creusot-contracts/src/model.rs" 92 8 92 22 - let%span siter27 = "../../../../creusot-contracts/src/std/iter.rs" 82 20 82 24 - let%span siter28 = "../../../../creusot-contracts/src/std/iter.rs" 88 8 88 19 + let%span siter27 = "../../../../creusot-contracts/src/std/iter.rs" 86 20 86 24 + let%span siter28 = "../../../../creusot-contracts/src/std/iter.rs" 92 8 92 19 let%span srange29 = "../../../../creusot-contracts/src/std/iter/range.rs" 32 14 32 45 let%span srange30 = "../../../../creusot-contracts/src/std/iter/range.rs" 37 15 37 32 let%span srange31 = "../../../../creusot-contracts/src/std/iter/range.rs" 38 15 38 32 diff --git a/creusot/tests/should_succeed/vector/06_knights_tour.coma b/creusot/tests/should_succeed/vector/06_knights_tour.coma index 83756e7c9..b2fd5bf00 100644 --- a/creusot/tests/should_succeed/vector/06_knights_tour.coma +++ b/creusot/tests/should_succeed/vector/06_knights_tour.coma @@ -98,14 +98,14 @@ module M_06_knights_tour__qyi4580598960913230815__new [#"06_knights_tour.rs" 40 let%span s06_knights_tour3 = "06_knights_tour.rs" 39 14 39 25 let%span s06_knights_tour4 = "06_knights_tour.rs" 44 28 44 29 let%span s06_knights_tour5 = "06_knights_tour.rs" 43 26 43 48 - let%span siter6 = "../../../../creusot-contracts/src/std/iter.rs" 55 21 55 25 - let%span siter7 = "../../../../creusot-contracts/src/std/iter.rs" 55 27 55 31 - let%span siter8 = "../../../../creusot-contracts/src/std/iter.rs" 49 15 51 69 - let%span siter9 = "../../../../creusot-contracts/src/std/iter.rs" 52 15 52 51 - let%span siter10 = "../../../../creusot-contracts/src/std/iter.rs" 53 15 53 70 - let%span siter11 = "../../../../creusot-contracts/src/std/iter.rs" 55 4 58 61 - let%span siter12 = "../../../../creusot-contracts/src/std/iter.rs" 54 14 54 88 - let%span siter13 = "../../../../creusot-contracts/src/std/iter.rs" 166 26 167 120 + let%span siter6 = "../../../../creusot-contracts/src/std/iter.rs" 59 21 59 25 + let%span siter7 = "../../../../creusot-contracts/src/std/iter.rs" 59 27 59 31 + let%span siter8 = "../../../../creusot-contracts/src/std/iter.rs" 53 15 55 69 + let%span siter9 = "../../../../creusot-contracts/src/std/iter.rs" 56 15 56 51 + let%span siter10 = "../../../../creusot-contracts/src/std/iter.rs" 57 15 57 70 + let%span siter11 = "../../../../creusot-contracts/src/std/iter.rs" 59 4 62 61 + let%span siter12 = "../../../../creusot-contracts/src/std/iter.rs" 58 14 58 88 + let%span siter13 = "../../../../creusot-contracts/src/std/iter.rs" 208 26 209 120 let%span s06_knights_tour14 = "06_knights_tour.rs" 32 12 34 93 let%span svec15 = "../../../../creusot-contracts/src/std/vec.rs" 180 22 180 41 let%span svec16 = "../../../../creusot-contracts/src/std/vec.rs" 181 22 181 76 @@ -729,9 +729,9 @@ module M_06_knights_tour__qyi4580598960913230815__count_degree [#"06_knights_tou let%span s06_knights_tour9 = "06_knights_tour.rs" 69 15 69 32 let%span s06_knights_tour10 = "06_knights_tour.rs" 93 10 93 28 let%span s06_knights_tour11 = "06_knights_tour.rs" 94 10 94 128 - let%span siter12 = "../../../../creusot-contracts/src/std/iter.rs" 97 0 205 1 + let%span siter12 = "../../../../creusot-contracts/src/std/iter.rs" 132 0 261 1 let%span svec13 = "../../../../creusot-contracts/src/std/vec.rs" 264 12 264 41 - let%span siter14 = "../../../../creusot-contracts/src/std/iter.rs" 103 26 106 17 + let%span siter14 = "../../../../creusot-contracts/src/std/iter.rs" 138 26 141 17 let%span s06_knights_tour15 = "06_knights_tour.rs" 12 15 12 52 let%span s06_knights_tour16 = "06_knights_tour.rs" 13 15 13 52 let%span s06_knights_tour17 = "06_knights_tour.rs" 14 15 14 46 @@ -1337,11 +1337,11 @@ module M_06_knights_tour__min [#"06_knights_tour.rs" 110 0 110 58] let%span s06_knights_tour3 = "06_knights_tour.rs" 114 4 114 7 let%span s06_knights_tour4 = "06_knights_tour.rs" 114 4 114 7 let%span s06_knights_tour5 = "06_knights_tour.rs" 108 10 109 60 - let%span siter6 = "../../../../creusot-contracts/src/std/iter.rs" 97 0 205 1 + let%span siter6 = "../../../../creusot-contracts/src/std/iter.rs" 132 0 261 1 let%span smodel7 = "../../../../creusot-contracts/src/model.rs" 92 8 92 22 let%span sindex8 = "../../../../creusot-contracts/src/logic/ops/index.rs" 27 8 27 31 let%span sslice9 = "../../../../creusot-contracts/src/std/slice.rs" 405 12 405 66 - let%span siter10 = "../../../../creusot-contracts/src/std/iter.rs" 103 26 106 17 + let%span siter10 = "../../../../creusot-contracts/src/std/iter.rs" 138 26 141 17 let%span svec11 = "../../../../creusot-contracts/src/std/vec.rs" 205 20 205 24 let%span svec12 = "../../../../creusot-contracts/src/std/vec.rs" 211 20 211 34 let%span svec13 = "../../../../creusot-contracts/src/std/vec.rs" 18 14 18 41 @@ -1677,11 +1677,11 @@ module M_06_knights_tour__knights_tour [#"06_knights_tour.rs" 135 0 135 69] let%span s06_knights_tour28 = "06_knights_tour.rs" 128 11 128 22 let%span s06_knights_tour29 = "06_knights_tour.rs" 129 10 129 30 let%span s06_knights_tour30 = "06_knights_tour.rs" 127 0 127 8 - let%span siter31 = "../../../../creusot-contracts/src/std/iter.rs" 97 0 205 1 + let%span siter31 = "../../../../creusot-contracts/src/std/iter.rs" 132 0 261 1 let%span s06_knights_tour32 = "06_knights_tour.rs" 63 12 63 75 let%span s06_knights_tour33 = "06_knights_tour.rs" 32 12 34 93 let%span srange34 = "../../../../creusot-contracts/src/std/iter/range.rs" 22 12 26 70 - let%span siter35 = "../../../../creusot-contracts/src/std/iter.rs" 103 26 106 17 + let%span siter35 = "../../../../creusot-contracts/src/std/iter.rs" 138 26 141 17 let%span svec36 = "../../../../creusot-contracts/src/std/vec.rs" 74 26 74 44 let%span s06_knights_tour37 = "06_knights_tour.rs" 93 10 93 28 let%span s06_knights_tour38 = "06_knights_tour.rs" 94 10 94 128 @@ -1700,8 +1700,8 @@ module M_06_knights_tour__knights_tour [#"06_knights_tour.rs" 135 0 135 69] let%span s06_knights_tour51 = "06_knights_tour.rs" 69 15 69 32 let%span svec52 = "../../../../creusot-contracts/src/std/vec.rs" 87 26 87 56 let%span s06_knights_tour53 = "06_knights_tour.rs" 108 10 109 60 - let%span siter54 = "../../../../creusot-contracts/src/std/iter.rs" 82 20 82 24 - let%span siter55 = "../../../../creusot-contracts/src/std/iter.rs" 88 8 88 19 + let%span siter54 = "../../../../creusot-contracts/src/std/iter.rs" 86 20 86 24 + let%span siter55 = "../../../../creusot-contracts/src/std/iter.rs" 92 8 92 19 let%span srange56 = "../../../../creusot-contracts/src/std/iter/range.rs" 32 14 32 45 let%span srange57 = "../../../../creusot-contracts/src/std/iter/range.rs" 37 15 37 32 let%span srange58 = "../../../../creusot-contracts/src/std/iter/range.rs" 38 15 38 32 diff --git a/creusot/tests/should_succeed/vector/08_haystack.coma b/creusot/tests/should_succeed/vector/08_haystack.coma index c7126fd7a..954193c03 100644 --- a/creusot/tests/should_succeed/vector/08_haystack.coma +++ b/creusot/tests/should_succeed/vector/08_haystack.coma @@ -19,29 +19,29 @@ module M_08_haystack__search [#"08_haystack.rs" 21 0 21 60] let%span sops17 = "../../../../creusot-contracts/src/std/ops.rs" 219 26 219 53 let%span sops18 = "../../../../creusot-contracts/src/std/ops.rs" 220 26 220 49 let%span sops19 = "../../../../creusot-contracts/src/std/ops.rs" 221 26 221 91 - let%span siter20 = "../../../../creusot-contracts/src/std/iter.rs" 97 0 205 1 + let%span siter20 = "../../../../creusot-contracts/src/std/iter.rs" 132 0 261 1 let%span smodel21 = "../../../../creusot-contracts/src/model.rs" 92 8 92 22 let%span s08_haystack22 = "08_haystack.rs" 8 16 11 62 - let%span srange23 = "../../../../creusot-contracts/src/std/iter/range.rs" 66 12 70 76 - let%span siter24 = "../../../../creusot-contracts/src/std/iter.rs" 103 26 106 17 + let%span srange23 = "../../../../creusot-contracts/src/std/iter/range.rs" 92 12 96 76 + let%span siter24 = "../../../../creusot-contracts/src/std/iter.rs" 138 26 141 17 let%span srange25 = "../../../../creusot-contracts/src/std/iter/range.rs" 22 12 26 70 let%span svec26 = "../../../../creusot-contracts/src/std/vec.rs" 162 27 162 46 let%span svec27 = "../../../../creusot-contracts/src/std/vec.rs" 163 26 163 54 let%span snum28 = "../../../../creusot-contracts/src/std/num.rs" 21 28 21 33 let%span sops29 = "../../../../creusot-contracts/src/std/ops.rs" 205 14 205 86 - let%span siter30 = "../../../../creusot-contracts/src/std/iter.rs" 82 20 82 24 - let%span siter31 = "../../../../creusot-contracts/src/std/iter.rs" 88 8 88 19 + let%span siter30 = "../../../../creusot-contracts/src/std/iter.rs" 86 20 86 24 + let%span siter31 = "../../../../creusot-contracts/src/std/iter.rs" 92 8 92 19 let%span svec32 = "../../../../creusot-contracts/src/std/vec.rs" 18 14 18 41 let%span sindex33 = "../../../../creusot-contracts/src/logic/ops/index.rs" 27 8 27 31 - let%span srange34 = "../../../../creusot-contracts/src/std/iter/range.rs" 76 14 76 45 - let%span srange35 = "../../../../creusot-contracts/src/std/iter/range.rs" 74 4 74 10 - let%span srange36 = "../../../../creusot-contracts/src/std/iter/range.rs" 81 15 81 32 - let%span srange37 = "../../../../creusot-contracts/src/std/iter/range.rs" 82 15 82 32 - let%span srange38 = "../../../../creusot-contracts/src/std/iter/range.rs" 83 14 83 42 - let%span srange39 = "../../../../creusot-contracts/src/std/iter/range.rs" 79 4 79 10 - let%span srange40 = "../../../../creusot-contracts/src/std/iter/range.rs" 45 10 45 43 - let%span srange41 = "../../../../creusot-contracts/src/std/iter/range.rs" 47 4 50 5 - let%span srange42 = "../../../../creusot-contracts/src/std/iter/range.rs" 58 12 58 57 + let%span srange34 = "../../../../creusot-contracts/src/std/iter/range.rs" 102 14 102 45 + let%span srange35 = "../../../../creusot-contracts/src/std/iter/range.rs" 100 4 100 10 + let%span srange36 = "../../../../creusot-contracts/src/std/iter/range.rs" 107 15 107 32 + let%span srange37 = "../../../../creusot-contracts/src/std/iter/range.rs" 108 15 108 32 + let%span srange38 = "../../../../creusot-contracts/src/std/iter/range.rs" 109 14 109 42 + let%span srange39 = "../../../../creusot-contracts/src/std/iter/range.rs" 105 4 105 10 + let%span srange40 = "../../../../creusot-contracts/src/std/iter/range.rs" 71 10 71 43 + let%span srange41 = "../../../../creusot-contracts/src/std/iter/range.rs" 73 4 76 5 + let%span srange42 = "../../../../creusot-contracts/src/std/iter/range.rs" 84 12 84 57 let%span sresolve43 = "../../../../creusot-contracts/src/resolve.rs" 54 20 54 34 let%span srange44 = "../../../../creusot-contracts/src/std/iter/range.rs" 32 14 32 45 let%span srange45 = "../../../../creusot-contracts/src/std/iter/range.rs" 37 15 37 32